Hi I have Nessus 1.2.3 running on RH7.2 and I have disabled all the ping options, but still Nessus tries to runf ping_host.nasl and fails. Below is .nessusrc file, can somebody please send me in the right direction.
Thanks Siegfried # This file was automagically created by nessus trusted_ca = /opt/nessus/com/nessus/CA/cacert.pem nessusd_host = ***.***.***.*** nessusd_user = ********* begin(SCANNER_SET) 10180 = yes 10277 = no 10278 = no 10331 = no 10335 = no 10841 = no 10336 = yes 10796 = yes end(SCANNER_SET) begin(SERVER_PREFS) max_hosts = 30 max_checks = 10 log_whole_attack = yes report_killed_plugins = yes cgi_path = /cgi-bin:/scripts port_range = 1-15000 optimize_test = yes language = english per_user_base = /opt/nessus/var/nessus/users checks_read_timeout = 15 delay_between_tests = 1 non_simult_ports = 139 plugins_timeout = 320 safe_checks = yes auto_enable_dependencies = no use_mac_addr = no save_knowledge_base = yes kb_restore = no only_test_hosts_whose_kb_we_dont_have = no only_test_hosts_whose_kb_we_have = no kb_dont_replay_scanners = no kb_dont_replay_info_gathering = no kb_dont_replay_attacks = no kb_dont_replay_denials = no kb_max_age = 864000 plugin_upload = no plugin_upload_suffixes = .nasl end(SERVER_PREFS) begin(PLUGINS_PREFS) BlackIce DoS (ping flood)[entry]:Flood length : = 600 BlackIce DoS (ping flood)[entry]:Data length : = 10000 BlackIce DoS (ping flood)[entry]:MTU : = 576 HTTP NIDS evasion[checkbox]:Use HTTP HEAD instead of GET = no HTTP NIDS evasion[radio]:URL encoding = none HTTP NIDS evasion[radio]:Absolute URI type = none HTTP NIDS evasion[radio]:Absolute URI host = none HTTP NIDS evasion[checkbox]:Double slashes = no HTTP NIDS evasion[radio]:Reverse traversal = none HTTP NIDS evasion[checkbox]:Self-reference directories = no HTTP NIDS evasion[checkbox]:Premature request ending = no HTTP NIDS evasion[checkbox]:CGI.pm semicolon separator = no HTTP NIDS evasion[checkbox]:Parameter hiding = no HTTP NIDS evasion[checkbox]:Dos/Windows syntax = no HTTP NIDS evasion[checkbox]:Null method = no HTTP NIDS evasion[checkbox]:TAB separator = no HTTP NIDS evasion[checkbox]:HTTP/0.9 requests = no Test HTTP dangerous methods[checkbox]:Integrist test = no NIDS evasion[radio]:TCP evasion technique = none NIDS evasion[checkbox]:Send fake RST when establishing a TCP connection = no Login configurations[entry]:FTP account : = anonymous Login configurations[password]:FTP password (sent in clear) : = [EMAIL PROTECTED] Login configurations[entry]:FTP writeable directory : = /incoming Ping the remote host[entry]:TCP ping destination port(s) : = 22 Ping the remote host[checkbox]:Do a TCP ping = no Ping the remote host[checkbox]:Do an ICMP ping = no Ping the remote host[entry]:Number of retries (ICMP) : = 10 Ping the remote host[checkbox]:Make the dead hosts appear in the report = no SMB Scope[checkbox]:Request information about the domain = yes SMB use host SID to enumerate local users[entry]:Start UID : = 1000 SMB use host SID to enumerate local users[entry]:End UID : = 1200 SMB use domain SID to enumerate users[entry]:Start UID : = 1000 SMB use domain SID to enumerate users[entry]:End UID : = 1200 Third party domain[entry]:Third party domain : = nessus.org Web mirroring[entry]:Number of pages to mirror : = 10 Web mirroring[entry]:Start page : = / Default accounts[entry]:Simultaneous connections : = 10 Services[entry]:Network connection timeout : = 5 Services[entry]:Network read/write timeout : = 5 Services[checkbox]:Quick SOCKS proxy checking = yes FTP bounce scan[entry]:FTP server to use : = localhost ftp writeable directories[radio]:How to check if directories are writeable : = Trust the permissions (drwxrwx---) Brute force login (Hydra)[entry]:Number of simultaneous connections : = 4 Brute force login (Hydra)[checkbox]:Brute force telnet = no Brute force login (Hydra)[checkbox]:Brute force FTP = no Brute force login (Hydra)[checkbox]:Brute force POP3 = no Brute force login (Hydra)[checkbox]:Brute force IMAP = no Brute force login (Hydra)[checkbox]:Brute force cisco = no Brute force login (Hydra)[checkbox]:Brute force VNC = no Brute force login (Hydra)[checkbox]:Brute force SOCKS 5 = no Brute force login (Hydra)[checkbox]:Brute force rexec = no Brute force login (Hydra)[checkbox]:Brute force NNTP = no Brute force login (Hydra)[checkbox]:Brute force HTTP = no Brute force login (Hydra)[checkbox]:Brute force ICQ = no Brute force login (Hydra)[checkbox]:Brute force PCNFS = no Brute force login (Hydra)[checkbox]:Brute force SMB = no Nmap[radio]:TCP scanning technique : = connect() Nmap[checkbox]:UDP port scan = no Nmap[checkbox]:RPC port scan = no Nmap[checkbox]:Ping the remote host = no Nmap[checkbox]:Identify the remote OS = yes Nmap[checkbox]:Use hidden option to identify the remote OS = no Nmap[checkbox]:Fragment IP packets (bypasses firewalls) = no Nmap[checkbox]:Get Identd info = no Nmap[radio]:Port range = User specified range Nmap[checkbox]:Do not randomize the order in which ports are scanned = yes Nmap[entry]:Source port : = any Nmap[radio]:Timing policy : = Normal Misc information on News server[entry]:From address : = Nessus <[EMAIL PROTECTED]> Misc information on News server[entry]:Test group name regex : = f[a-z]\.tests? Misc information on News server[entry]:Max crosspost : = 7 Misc information on News server[checkbox]:Local distribution = yes Misc information on News server[checkbox]:No archive = no p-smash DoS (ICMP #9 flood)[entry]:Flood length : = 5000 p-smash DoS (ICMP #9 flood)[entry]:Data length : = 500 RedHat 6.2 inetd[radio]:Testing method = quick and dirty SMTP settings[entry]:Third party domain : = nessus.org SMTP settings[entry]:From address : = [EMAIL PROTECTED] SMTP settings[entry]:To address : = postmaster@[AUTO_REPLACED_IP] HTTP NIDS evasion[entry]:Force protocol string : = Login configurations[entry]:HTTP account : = Login configurations[password]:HTTP password (sent in clear) : = Login configurations[entry]:NNTP account : = Login configurations[password]:NNTP password (sent in clear) : = Login configurations[entry]:POP2 account : = Login configurations[password]:POP2 password (sent in clear) : = Login configurations[entry]:POP3 account : = Login configurations[password]:POP3 password (sent in clear) : = Login configurations[entry]:IMAP account : = Login configurations[password]:IMAP password (sent in clear) : = Login configurations[entry]:SMB account : = Login configurations[password]:SMB password (sent in clear) : = Login configurations[entry]:SMB domain (optional) : = Login configurations[entry]:SNMP community (sent in clear) : = Brute force login (Hydra)[file]:Logins file : = Brute force login (Hydra)[file]:Passwords file : = Brute force login (Hydra)[entry]:Web page to brute force : = Nmap[entry]:Host Timeout (ms) : = Nmap[entry]:Min RTT Timeout (ms) : = Nmap[entry]:Max RTT Timeout (ms) : = Nmap[entry]:Initial RTT timeout (ms) = Nmap[entry]:Ports scanned in parallel = Nmap[entry]:Minimum wait between probes (ms) = Nmap[file]:File containing nmap's results : = end(PLUGINS_PREFS) begin(SERVER_INFO) server_info_nessusd_version = 1.2.1 server_info_libnasl_version = 1.2.1 server_info_libnessus_version = 1.2.1 server_info_thread_manager = fork server_info_os = Linux server_info_os_version = 2.4.9-34 end(SERVER_INFO) begin(RULES) end(RULES)
The information in this e-mail including any attachments is confidential and may be legally privileged. It is intended solely for the attention and use of the named addressee(s) and cannot be used or shared with any third party without iSecure's written permission. Access to this e-mail by anyone else is unauthorised. If you are not the intended recipient, any disclosure, copying, distribution or any action taken or omitted to be taken in reliance on it, is prohibited and may be unlawful. When addressed to iSecure customers, any opinion or advice contained in this e-mail is subject to iSecure's General Terms and Conditions of Business (available on request) or subject to the terms and conditions as agreed upon with the customer.
