> I've just run Nessus against one of our fully patched Raq 4's and I'm seeing a lot of Security Hole listings. > There are 5 Security Holes reported for http alone. Now there is a disclaimer in the Nessus report that this may be a false positive for each reported hole. > My question is has any one else run Nessus against their patched Raq4 and if so how many of these reported holes are legit?
These listings are to be expected... The problem is that some of the tests are for the current version of running software... in this case apache and php are both popping up as old versions that might have holes... Sun Cobalt makes the updates in hopes of closing the security holes found by patching the current builds (rpms) with code that hopefully will close the holes and the versions stay the same... > I'm new to Nessus as well. So there might be a better selection of options to use in my scan. > Those of you that are using Nessus, what are you doing? > Thanks. it's a personal choice about shutting off things like version checking... You just need to be aware of what the report is and be able to determine if it's valid or not. Zeffie... "Get your Z's with Zeffie" 734-454-9117 Cobalt RaQ Repairs, Development, and Maintenance. Cobalt Spam Filter, Security, Firewall, Anti Virus Products Authorized Wordassassin Dealer "Now with vertical penis protection" http://www.zeffie.com/ Home of the Worlds Largest Collection of RaQ rpms _______________________________________________ cobalt-security mailing list [EMAIL PROTECTED] http://list.cobalt.com/mailman/listinfo/cobalt-security
