Skip site navigation (1)Skip section navigation (2)
Date:      Mon, 26 Sep 2011 06:11:54 -0500
From:      "Michael D. Norwick" <mnorwick@centurytel.net>
To:        freebsd-questions@freebsd.org
Subject:   Re: Trying to build Nessus 4 from ports
Message-ID:  <4E805DFA.2020501@centurytel.net>
In-Reply-To: <alpine.BSF.2.00.1109251704390.6659@mail.fig.ol.no>
References:  <4E7BEA42.4020004@a1poweruser.com> <4E7CFA99.9000801@centurytel.net> <4E7E4A9D.70901@gmail.com> <alpine.BSF.2.00.1109251704390.6659@mail.fig.ol.no>

next in thread | previous in thread | raw e-mail | index | archive | help
On 09/25/11 10:08, Trond Endrestøl wrote:
> On Sat, 24 Sep 2011 23:24+0200, Andrei Brezan wrote:
>
>> On 23/09/2011 23:31, Michael D. Norwick wrote:
>>> Good Day
>>>
>>> Trying to build /usr/ports/security/nessus on FreeBSD 9-beta2 with ports
>>> updated via - portsnap fetch update - completed 09/22/2011.  The result from
>>> #>make;
>>>
>>> ===>   Applying FreeBSD patches for nessus-libraries-2.2.9_1
>>> ===>    nessus-libraries-2.2.9_1 depends on executable: bison - found
>>> ===>    nessus-libraries-2.2.9_1 depends on package: libtool>=2.4 - found
>>> ===>   Configuring for nessus-libraries-2.2.9_1
>>> ********************************************************
>>> *                   W a r n i n g                      *
>>> *                                                      *
>>> * Nessus needs Berkeley Packet Filter (bpf).           *
>>> * To use nessus, your kernel must be rebuilt with bpf, *
>>> * and make bpf devices on /dev directory.              *
>>> *                                                      *
>>> * Be sure to build as many bpf devices as you need.    *
>>> * For more info on this read files/README.BPF          *
>>> ********************************************************
>>> *** Error code 1
>>>
>>> Stop in /usr/ports/security/nessus-libraries.
>>> *** Error code 1
>>>
>>> Stop in /usr/ports/security/nessus-libnasl.
>>> *** Error code 1
>>>
>>> Stop in /usr/ports/security/nessus.
>>>
>>>  From an earlier post on freebsd-questions I added;
>>>
>>> # Historically X depended on this, but version 4.3.0 doesn't seem to anymore
>>> #link    ttyv0    vga
>>>
>>> # Commonly used by many ports
>>> #link    acd0    cdrom
>>>
>>> # Allow a user in the wheel group to query the smb0 device
>>> #perm    smb0    0660
>>>
>>> # Allow members of group operator to cat things to the speaker
>>> #own    speaker    root:operator
>>> #perm    speaker    0660
>>>
>>> own     bpf0    root:bpf
>>> perm    bpf0    0640
> Sorry for leaping in, but I think you should change bpf0 to bpf only.
> See below.
>
>>> own     bpf1    root:bpf
>>> perm    bpf1    0640
>>> own     bpf2    root:bpf
>>> perm    bpf2    0640
>>> own    bpf3    root:bpf
>>> perm    bpf3    0640
>>> own    bpf4    root:bpf
>>> perm    bpf4    0640
>>>
>>> to /etc/devfs.conf.  But I still get;
>>>
>>> crw-r-----  1 root  bpf         0,  11 Sep 22 21:14 bpf
>>> lrwxr-xr-x  1 root  wheel            3 Sep 22 21:14 bpf0 ->  bpf
>>> crw-rw-rw-  1 root  wheel       0,  49 Sep 22 21:14 bpsm0
> Looking at this listing, bpf0 is a symlink to bpf, thus
> /etc/devfs.conf should manage /dev/bpf and not /dev/bpf0.
>
>>> in /dev after rebooting.  Do I require a statement in rc.conf or loader.conf
>>> to activate more bpf devices?  Am I editing the right file the wrong way?
>>> The proper handbook chapter escapes me right now.
>>>
>>> Previous to trying to build nessus from ports I built a new kernel with -
>>> device      bpf     enabled.
>>>
>>> Thank You,
>>> Michael
>> I would suggest to get the package from tenable.com and install it via
>> pkg_add. That's how it worked for me but on FreeBSD 8.2-stable. Might worth a
>> shot.
>>
>> Regards,
>
> Trond.
>
Good Day;

Still no joy trying to build from source via ports or installing the 
binary from tenable.com on FreeBSD 9.  nessusd is installed but errors 
out with 'libz.so.5 not found.  I have;

$ ls -l /lib/libz.*
-r--r--r--  1 root  wheel  90328 Sep 26 05:46 /lib/libz.so.6

and

$ ls -l /usr/lib32/libz.*
-r--r--r--  1 root  wheel  90828 Sep 26 05:48 /usr/lib32/libz.a
lrwxr-xr-x  1 root  wheel      9 Sep 26 05:48 /usr/lib32/libz.so -> 
libz.so.6
-r--r--r--  1 root  wheel  76808 Sep 26 05:48 /usr/lib32/libz.so.6

and

$ ls -l /usr/lib/libz.*
-r--r--r--  1 root  wheel  126192 Sep 26 05:46 /usr/lib/libz.a
lrwxr-xr-x  1 root  wheel      14 Sep 26 05:46 /usr/lib/libz.so -> 
/lib/libz.so.6

on new world built last night.

 From /usr/ports/security/nessus-libraries/files/README.bpf

"Nessus uses the pcap library, which uses the berkeley packet filter (bpf)
to do its job.

Since Nessus used multiple processes, several pcap-aware plugins will
need to access the the bpf at the same time.

This means that you need to recompile your kernel with the following option:

pseudo-device   bpf

If for instance you want to have 10 nessusd running at the same time,
each running 5 plugins in parallel, you should create 50 (10 * 5) bpfs
(as nessusd is extremely lightweight, you can expect to have this amount
  of processes running at the same time)

If you plan to scan a whole network, we recommand you create at least
100 of them.

Once your kernel has been rebuilt, get root, cd to /dev
and do:

       ./MAKEDEV bpf+100

For FreeBSD 5.x this is not needed since the devfs creates devices when 
needed.

If you can not recompile your kernel, you can try to run the configure
script with the option --enable-bpf-sharing. In this case, nessusd will
try to share one /dev/bpf among multiple processes and do the filtering
in userland. NOTE THAT THIS OPTION IS HIGHLY EXPERIMENTAL AND WE DO
NOT RECOMMAND ENABLING IT."

Is this referring to an 8.2 system?
psuedo-device does not work on 9.0 kernel source.

Have not tried the MAKEDEV command yet because I do not know if I need 
to continue since I cannot get the daemon to start.

Thank You,

Michael




Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?4E805DFA.2020501>