Re: Trying to build Nessus 4 from ports

[Michael D. Norwick]

On 09/25/11 10:08, Trond Endrestøl wrote:
On Sat, 24 Sep 2011 23:24+0200, Andrei Brezan wrote:
On 23/09/2011 23:31, Michael D. Norwick wrote:
Good Day

Trying to build /usr/ports/security/nessus on FreeBSD 9-beta2 with ports
updated via - portsnap fetch update - completed 09/22/2011.  The result from
#>make;

===>   Applying FreeBSD patches for nessus-libraries-2.2.9_1
===>    nessus-libraries-2.2.9_1 depends on executable: bison - found
===>    nessus-libraries-2.2.9_1 depends on package: libtool>=2.4 - found
===>   Configuring for nessus-libraries-2.2.9_1
********************************************************
*                   W a r n i n g                      *
*                                                      *
* Nessus needs Berkeley Packet Filter (bpf).           *
* To use nessus, your kernel must be rebuilt with bpf, *
* and make bpf devices on /dev directory.              *
*                                                      *
* Be sure to build as many bpf devices as you need.    *
* For more info on this read files/README.BPF          *
********************************************************
*** Error code 1

Stop in /usr/ports/security/nessus-libraries.
*** Error code 1

Stop in /usr/ports/security/nessus-libnasl.
*** Error code 1

Stop in /usr/ports/security/nessus.

 From an earlier post on freebsd-questions I added;

# Historically X depended on this, but version 4.3.0 doesn't seem to anymore
#link    ttyv0    vga

# Commonly used by many ports
#link    acd0    cdrom

# Allow a user in the wheel group to query the smb0 device
#perm    smb0    0660

# Allow members of group operator to cat things to the speaker
#own    speaker    root:operator
#perm    speaker    0660

own     bpf0    root:bpf
perm    bpf0    0640
Sorry for leaping in, but I think you should change bpf0 to bpf only.
See below.

own     bpf1    root:bpf
perm    bpf1    0640
own     bpf2    root:bpf
perm    bpf2    0640
own    bpf3    root:bpf
perm    bpf3    0640
own    bpf4    root:bpf
perm    bpf4    0640

to /etc/devfs.conf.  But I still get;

crw-r-----  1 root  bpf         0,  11 Sep 22 21:14 bpf
lrwxr-xr-x  1 root  wheel            3 Sep 22 21:14 bpf0 ->  bpf
crw-rw-rw-  1 root  wheel       0,  49 Sep 22 21:14 bpsm0
Looking at this listing, bpf0 is a symlink to bpf, thus
/etc/devfs.conf should manage /dev/bpf and not /dev/bpf0.

in /dev after rebooting.  Do I require a statement in rc.conf or loader.conf
to activate more bpf devices?  Am I editing the right file the wrong way?
The proper handbook chapter escapes me right now.

Previous to trying to build nessus from ports I built a new kernel with -
device      bpf     enabled.

Thank You,
Michael
I would suggest to get the package from tenable.com and install it via
pkg_add. That's how it worked for me but on FreeBSD 8.2-stable. Might worth a
shot.

Regards,

Trond.

Good Day;

Still no joy trying to build from source via ports or installing the 
binary from tenable.com on FreeBSD 9.  nessusd is installed but errors 
out with 'libz.so.5 not found.  I have;

$ ls -l /lib/libz.*
-r--r--r--  1 root  wheel  90328 Sep 26 05:46 /lib/libz.so.6

and

$ ls -l /usr/lib32/libz.*
-r--r--r--  1 root  wheel  90828 Sep 26 05:48 /usr/lib32/libz.a
lrwxr-xr-x  1 root  wheel      9 Sep 26 05:48 /usr/lib32/libz.so -> 
libz.so.6
-r--r--r--  1 root  wheel  76808 Sep 26 05:48 /usr/lib32/libz.so.6

and

$ ls -l /usr/lib/libz.*
-r--r--r--  1 root  wheel  126192 Sep 26 05:46 /usr/lib/libz.a
lrwxr-xr-x  1 root  wheel      14 Sep 26 05:46 /usr/lib/libz.so -> 
/lib/libz.so.6

on new world built last night.

From /usr/ports/security/nessus-libraries/files/README.bpf

"Nessus uses the pcap library, which uses the berkeley packet filter (bpf)
to do its job.

Since Nessus used multiple processes, several pcap-aware plugins will
need to access the the bpf at the same time.

This means that you need to recompile your kernel with the following option:

pseudo-device   bpf

If for instance you want to have 10 nessusd running at the same time,
each running 5 plugins in parallel, you should create 50 (10 * 5) bpfs
(as nessusd is extremely lightweight, you can expect to have this amount
 of processes running at the same time)

If you plan to scan a whole network, we recommand you create at least
100 of them.

Once your kernel has been rebuilt, get root, cd to /dev
and do:

      ./MAKEDEV bpf+100

For FreeBSD 5.x this is not needed since the devfs creates devices when 
needed.

If you can not recompile your kernel, you can try to run the configure
script with the option --enable-bpf-sharing. In this case, nessusd will
try to share one /dev/bpf among multiple processes and do the filtering
in userland. NOTE THAT THIS OPTION IS HIGHLY EXPERIMENTAL AND WE DO
NOT RECOMMAND ENABLING IT."

Is this referring to an 8.2 system?
psuedo-device does not work on 9.0 kernel source.

Have not tried the MAKEDEV command yet because I do not know if I need 
to continue since I cannot get the daemon to start.

Thank You,

Michael

_______________________________________________
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"