Hi all,
>I'm the author of update-nessusrc.
Very intersting, thkz for your help. :)
>Which version of Nessus are you using?
# nessus --help
nessus, version 1.2.7
> Judging by the message above, it
>appears update-nessusrc isn't really updating your >configuration file.
>Is it?
Yes, it put in my .nessusrc:
nessusd_host = 192.168.0.1
nessusd_user = wendel
paranoia_level = 5
....
...
>If not, did you edit update-nessusrc so it uses port 3001 >rather than
>1241 when communicating with your server?
No, i didn't edit. May i do it ??
>Does running update-nessusrc
>with the '-d' option offer any clues about why it fails?
# This file was automagically created by nessus
trusted_ca = /usr/local/com/nessus/CA/cacert.pem
nessusd_host = 192.168.0.1
nessusd_user = wendel
paranoia_level = 5
begin(SCANNER_SET)
end(SCANNER_SET)
begin(SERVER_PREFS)
max_hosts = 30
max_checks = 10
log_whole_attack = yes
report_killed_plugins = yes
cgi_path = /cgi-bin:/scripts
port_range = 1-15000
optimize_test = yes
language = english
per_user_base = /usr/local/var/nessus/users
checks_read_timeout = 5
delay_between_tests = 1
non_simult_ports = 139, 445
plugins_timeout = 320
safe_checks = no
auto_enable_dependencies = yes
use_mac_addr = no
save_knowledge_base = yes
kb_restore = no
only_test_hosts_whose_kb_we_dont_have = no
only_test_hosts_whose_kb_we_have = no
kb_dont_replay_scanners = no
kb_dont_replay_info_gathering = no
kb_dont_replay_attacks = no
kb_dont_replay_denials = no
kb_max_age = 864000
plugin_upload = no
plugin_upload_suffixes = .nasl
admin_user = root
end(SERVER_PREFS)
begin(PLUGINS_PREFS)
HTTP NIDS evasion[checkbox]:Use HTTP HEAD instead of GET = no
HTTP NIDS evasion[radio]:URL encoding = none
HTTP NIDS evasion[radio]:Absolute URI type = none
HTTP NIDS evasion[radio]:Absolute URI host = none
HTTP NIDS evasion[checkbox]:Double slashes = no
HTTP NIDS evasion[radio]:Reverse traversal = none
HTTP NIDS evasion[checkbox]:Self-reference directories = no
HTTP NIDS evasion[checkbox]:Premature request ending = no
HTTP NIDS evasion[checkbox]:CGI.pm semicolon separator = no
HTTP NIDS evasion[checkbox]:Parameter hiding = no
HTTP NIDS evasion[checkbox]:Dos/Windows syntax = no
HTTP NIDS evasion[checkbox]:Null method = no
HTTP NIDS evasion[checkbox]:TAB separator = no
HTTP NIDS evasion[checkbox]:HTTP/0.9 requests = no
Test HTTP dangerous methods[checkbox]:Integrist test = no
NIDS evasion[radio]:TCP evasion technique = none
NIDS evasion[checkbox]:Send fake RST when establishing a TCP connection =
no
Libwhisker options[radio]:IDS evasion technique: = X (none)
Login configurations[entry]:FTP account : = anonymous
Login configurations[password]:FTP password (sent in clear) : =
[EMAIL PROTECTED]
rg
Login configurations[entry]:FTP writeable directory : = /incoming
Misc information on News server[entry]:From address : = Nessus
<[EMAIL PROTECTED]
sbl.org>
Misc information on News server[entry]:Test group name regex : =
f[a-z]\.tests?
Misc information on News server[entry]:Max crosspost : = 7
Misc information on News server[checkbox]:Local distribution = yes
Misc information on News server[checkbox]:No archive = no
Ping the remote host[entry]:TCP ping destination port(s) : = 22
Ping the remote host[checkbox]:Do an ICMP ping = no
Ping the remote host[entry]:Number of retries (ICMP) : = 10
Ping the remote host[checkbox]:Make the dead hosts appear in the report =
no
RedHat 6.2 inetd[radio]:Testing method = quick and dirty
SMB Scope[checkbox]:Request information about the domain = yes
SMB use host SID to enumerate local users[entry]:Start UID : = 1000
SMB use host SID to enumerate local users[entry]:End UID : = 1020
SMB use domain SID to enumerate users[entry]:Start UID : = 1000
SMB use domain SID to enumerate users[entry]:End UID : = 1020
SMTP settings[entry]:Third party domain : = nessus.org
SMTP settings[entry]:From address : = [EMAIL PROTECTED]
SMTP settings[entry]:To address : = postmaster@[AUTO_REPLACED_IP]
Web mirroring[entry]:Number of pages to mirror : = 25
Web mirroring[entry]:Start page : = /
Default accounts[entry]:Simultaneous connections : = 10
Services[entry]:Network connection timeout : = 5
Services[entry]:Network read/write timeout : = 5
Services[entry]:Wrapped service read timeout : = 2
Services[radio]:Test SSL based services = All
Services[checkbox]:Quick SOCKS proxy checking = yes
FTP bounce scan[entry]:FTP server to use : = localhost
ftp writeable directories[radio]:How to check if directories are writeable
: =
Trust the permissions (drwxrwx---)
Brute force login (Hydra)[entry]:Number of simultaneous connections : = 4
Brute force login (Hydra)[checkbox]:Brute force telnet = no
Brute force login (Hydra)[checkbox]:Brute force FTP = no
Brute force login (Hydra)[checkbox]:Brute force POP3 = no
Brute force login (Hydra)[checkbox]:Brute force IMAP = no
Brute force login (Hydra)[checkbox]:Brute force cisco = no
Brute force login (Hydra)[checkbox]:Brute force VNC = no
Brute force login (Hydra)[checkbox]:Brute force SOCKS 5 = no
Brute force login (Hydra)[checkbox]:Brute force rexec = no
Brute force login (Hydra)[checkbox]:Brute force NNTP = no
Brute force login (Hydra)[checkbox]:Brute force HTTP = no
Brute force login (Hydra)[checkbox]:Brute force ICQ = no
Brute force login (Hydra)[checkbox]:Brute force PCNFS = no
Brute force login (Hydra)[checkbox]:Brute force SMB = no
Nmap[radio]:TCP scanning technique : = connect()
Nmap[checkbox]:UDP port scan = no
Nmap[checkbox]:RPC port scan = no
Nmap[checkbox]:Ping the remote host = no
Nmap[checkbox]:Identify the remote OS = yes
Nmap[checkbox]:Use hidden option to identify the remote OS = no
Nmap[checkbox]:Fragment IP packets (bypasses firewalls) = no
Nmap[checkbox]:Get Identd info = no
Nmap[radio]:Port range = User specified range
Nmap[checkbox]:Do not randomize the order in which ports are scanned =
yes
Nmap[entry]:Source port : = any
Nmap[radio]:Timing policy : = Normal
Whisker[radio]:Method: = 1 HEAD method (default)
Whisker[radio]:Alternate database format: = X standard
Whisker[checkbox]:Brute force usernames via directories = no
HTTP NIDS evasion[entry]:Force protocol string : =
Login configurations[entry]:HTTP account : =
Login configurations[password]:HTTP password (sent in clear) : =
Login configurations[entry]:NNTP account : =
Login configurations[password]:NNTP password (sent in clear) : =
Login configurations[entry]:POP2 account : =
Login configurations[password]:POP2 password (sent in clear) : =
Login configurations[entry]:POP3 account : =
Login configurations[password]:POP3 password (sent in clear) : =
Login configurations[entry]:IMAP account : =
Login configurations[password]:IMAP password (sent in clear) : =
Login configurations[entry]:SMB account : =
Login configurations[password]:SMB password (sent in clear) : =
Login configurations[entry]:SMB domain (optional) : =
Login configurations[entry]:SNMP community (sent in clear) : =
Services[file]:SSL certificate : =
Services[file]:SSL private key : =
Services[password]:PEM password : =
Services[file]:CA file : =
Brute force login (Hydra)[file]:Logins file : =
Brute force login (Hydra)[file]:Passwords file : =
Brute force login (Hydra)[entry]:Web page to brute force : =
Nmap[entry]:Data length : =
Nmap[entry]:Ports scanned in parallel =
Nmap[entry]:Host Timeout (ms) : =
Nmap[entry]:Min RTT Timeout (ms) : =
Nmap[entry]:Max RTT Timeout (ms) : =
Nmap[entry]:Initial RTT timeout (ms) =
Nmap[entry]:Minimum wait between probes (ms) =
Nmap[file]:File containing nmap's results : =
Whisker[file]:script database: =
Whisker[file]:Password file: =
end(PLUGINS_PREFS)
begin(SERVER_INFO)
server_info_nessusd_version = 1.2.7
server_info_libnasl_version = 1.2.7
server_info_libnessus_version = 1.2.7
server_info_thread_manager = fork
server_info_os = Linux
server_info_os_version = 2.4.18-k6
end(SERVER_INFO)
begin(RULES)
end(RULES)
> Which versions
>of perl and update-nessusrc do you have?
I have the last version of your update-nessusrc and
perl -v
This is perl, v5.6.1 built for i386-linux
>If yes, what does 'egrep "[0-9]{5} = >no" /root/.nessusrc' produce?
Debian:/usr/sbin# egrep "[0-9]{5} = no" /root/.nessusrc
Debian:/usr/sbin#
>Given
>that you left out "settings", I'd expect to see:
11122 = no
10917 = no
11038 = no
10889 = no
10870 = no
10890 = no
No. didn't have it in my .nessusrc generated by update-nessusrc. :/
Thkz a lot.
Best Regards.
[ ]'s
