MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Content-Type: text/plain; charset="ISO-8859-1" From: Harald Thingelstad <[EMAIL PROTECTED]> To: Debian Bug Tracking System <[EMAIL PROTECTED]> Subject: nessusd: Bug reproduced - and invalid by license. X-Mailer: reportbug 3.8 Date: Wed, 31 Aug 2005 19:30:56 +0200
Package: nessusd Version: 2.2.3-3 Followup-For: Bug #310740 -- System Information: Debian Release: 3.1 Architecture: i386 (i686) Kernel: Linux 2.6.8-2-686 Locale: LANG=no_NO, LC_CTYPE=no_NO (charmap=ISO-8859-1) Versions of packages nessusd depends on: ii libc6 2.3.2.ds1-22 GNU C Library: Shared libraries an ii libnasl2 2.2.3-1 Nessus Attack Scripting Language, ii libnessus2 2.2.3-1 Nessus shared libraries ii libssl0.9.7 0.9.7e-3 SSL shared libraries ii libwrap0 7.6.dbs-8 Wietse Venema's TCP wrappers libra ii nessus-plugins 2.2.3-1 Nessus plugins ii openssl 0.9.7e-3 Secure Socket Layer (SSL) binary a -- no debconf information On a sarge installation behind NAT firewall, from a clean slate: (please excuse the language) ============================snippety================================== [EMAIL PROTECTED]:~$ sudo aptitude install nessusd Password: E: /skole/tjener/home0/harald/.aptitude/config - Klarer ikke å åpne %s for å skrive til den (13 Ikke tilgang) Leser pakkelister ... Ferdig Skaper oversikt over avhengighetsforhold Les utvidet tilstandsinformasjon Oppdater pakkenes status ... Ferdig Leser oppgavebeskrivelser ... Ferdig Disse NYE pakkene vil bli installert automatisk: libnasl2 libsnmp-base libsnmp5 nessus-plugins snmp Disse pakkene blir holdt tilbake: libfaac0 Disse NYE pakkene vil bli installert: libnasl2 libsnmp-base libsnmp5 nessus-plugins nessusd snmp 0 pakker oppgradert, 6 nylig installert, 0 skal fjernes og 1 skal ikke oppgraderes. Trenger å hente 5070kB i installasjonspakker. Etter utpakking vil 18,3MB bli brukt. Vil du fortsette? [J/n/?] Skriv utvidet tilstandsinformasjon ... Ferdig Hent:1 http://ftp.skolelinux.no sarge/main libnasl2 2.2.3-1 [96,9kB] Hent:2 http://ftp.skolelinux.no sarge/main libsnmp-base 5.1.2-6.1 [1009kB] Hent:3 http://ftp.skolelinux.no sarge/main libsnmp5 5.1.2-6.1 [1532kB] Hent:4 http://ftp.skolelinux.no sarge/main nessus-plugins 2.2.3-1 [1416kB] Hent:5 http://ftp.skolelinux.no sarge/main nessusd 2.2.3-3 [205kB] Hent:6 http://ftp.skolelinux.no sarge/main snmp 5.1.2-6.1 [811kB] Henta 5070kB på 16s (316kB/s) Førehandsoppset pakkar ... Velger den tidligere fravalgte pakken libnasl2. (Leser database ... 145973 filer og kataloger er installerte.) Pakker ut libnasl2 (fra .../libnasl2_2.2.3-1_i386.deb) ... Velger den tidligere fravalgte pakken libsnmp-base. Pakker ut libsnmp-base (fra .../libsnmp-base_5.1.2-6.1_all.deb) ... Velger den tidligere fravalgte pakken libsnmp5. Pakker ut libsnmp5 (fra .../libsnmp5_5.1.2-6.1_i386.deb) ... Velger den tidligere fravalgte pakken nessus-plugins. Pakker ut nessus-plugins (fra .../nessus-plugins_2.2.3-1_i386.deb) ... Velger den tidligere fravalgte pakken nessusd. Pakker ut nessusd (fra .../nessusd_2.2.3-3_i386.deb) ... Velger den tidligere fravalgte pakken snmp. Pakker ut snmp (fra .../snmp_5.1.2-6.1_i386.deb) ... Setter opp libnasl2 (2.2.3-1) ... Setter opp libsnmp-base (5.1.2-6.1) ... Setter opp libsnmp5 (5.1.2-6.1) ... Setter opp nessus-plugins (2.2.3-1) ... Setter opp nessusd (2.2.3-3) ... /var/lib/nessus/private/CA created /var/lib/nessus/CA created ------------------------------------------------------------------------------- Creation of the Nessus SSL Certificate ------------------------------------------------------------------------------- This script will now ask you the relevant information to create the SSL certificate of Nessus. Note that this information will *NOT* be sent to anybody (everything stays local), but anyone with the ability to connect to your Nessus daemon will be able to retrieve this information. CA certificate life time in days [1460]: Server certificate life time in days[365]: Your country (two letter code) [NO]: Your state or province name [none]: Your location (e.g. town) [Paris]: Oslo Your organization [Nessus Users United]:FAIR ------------------------------------------------------------------------------- Creation of the Nessus SSL Certificate ------------------------------------------------------------------------------- Congratulations. Your server certificate was properly created. /etc/nessus/nessusd.conf updated The following files were created : . Certification authority : Certificate = /var/lib/nessus/CA/cacert.pem Private key = /var/lib/nessus/private/CA/cakey.pem . Nessus Server : Certificate = /var/lib/nessus/CA/servercert.pem Private key = /var/lib/nessus/private/CA/serverkey.pem Press [ENTER] to exit Setter opp snmp (5.1.2-6.1) ... Leser pakkelister ... Ferdig Skaper oversikt over avhengighetsforhold Les utvidet tilstandsinformasjon Oppdater pakkenes status ... Ferdig Leser oppgavebeskrivelser ... Ferdig [EMAIL PROTECTED]:~$ su - Password: static02:~# nessusd Loading the plugins... 1479 (out of 2063) --------------------------------------------------------------------------- You are running a version of Nessus which is not configured to receive a full plugin feed. As a result, your security audits might produce incomplete results. To obtain a full plugin feed, you need to register your Nessus scanner at the following URL : http://www.nessus.org/register/ -------------------------------------------------------------------------- All plugins loaded Killed static02:~# nessus-fetch --register XXXX-XXXX-XXXX-XXXX-XXXX Unknown error while decoding HTTP response (http error code = 1073949445) static02:~# ===========================snip================================ The XXXX-XXXX-XXXX-XXXX-XXXX is a fresh and valid serial number of course. The same problem does not come up when installing nessusd from sid, however. Setup this time is: -- System Information: Debian Release: 3.1 APT prefers unstable APT policy: (500, 'unstable') Architecture: i386 (i686) Kernel: Linux 2.4.27-2-686 Locale: LANG=nb_NO, LC_CTYPE=nb_NO (charmap=ISO-8859-1) Versions of packages nessusd depends on: ii libc6 2.3.5-6 GNU C Library: Shared libraries an ii libnasl2 2.2.5-2 Nessus Attack Scripting Language, ii libnessus2 2.2.5-1 Nessus shared libraries ii libssl0.9.7 0.9.7e-3 SSL shared libraries ii libwrap0 7.6.dbs-8 Wietse Venema's TCP wrappers libra ii nessus-plugins 2.2.5-2 Nessus plugins ii openssl 0.9.7e-3 Secure Socket Layer (SSL) binary a No problems here. But, as stated in the license for the 'registered plugin feed', which is being used here: "You agree to use the Plugins only in conjunction with Nessus or NeWT vulnerability scanner programs obtained directly from www.nessus.org or www.tenablesecurity.com and registered with Tenable ('Registered Scanners')." Debian packages are not allowed to be used with the registered download. This bug only applies to practices not allowed by license. As the nessus daemon and the first plugins are supposed to be downloaded in short order, the problem might simply be that the registered plugins aren't very backwards-compatible. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]