On Wed, Mar 05, 2003 at 09:26:35AM +0100, Javier Fernandez-Sanguino wrote:
> Ok. No you have two scenarios:
>
> a) RedHat: no Nessus at all
So at least you're not dictated to use an old version
> b) any other distribution (Debian, Mandrake, SuSE): old versions of Nessus
Very old in the case of Debian.
> c) FreeBSD, OpenBSD: ports system
Yup.
> Now, how does it differ to
> a) install from scratch, take care of having development libraries installed
> b) upgrade to a new release
> c) compile for your system (not much difference with a) if the product
> is done properly)
This difference is in point (b). If I install FreeBSD and go to
/usr/port/security/nessus/ I'll find a reasonable recent (1.2.7) version
of Nessus, in the stock install. If you feel a little adventurous, I can
even try /usr/port/security/nessus-devel/ and try 1.3.4. All on the
default system. Nothing to change. If I want to do that on Debian, then
I have to "upgrade", which implies I'm familiar enough to do it.
> >This mostly is why I do not recommand using Debian - people who want to
> >have fun with their OS might like it, people who simply want to put
> >their OS to work will run Nessus 1.0.x because of their poor (not to say
> >stupid) policy of reasoning in terms of distribution and not of packages.
> >(and this is why I like FreeBSD)
> >
>
> I would expect that somebody that wants to use Nessus will take more
> time to configure/tune his OS.
The fact is, a growing number of persons are Windows admins who want a
security scanner for free. They install Linux on vmware only because
there's no Win32 version of nessusd, and as soon as they can, they
switch to NessusWX and only use that. Go explain to them that they have
to switch to unstable (which by the way, does not mean buggy, even if
the name implies that), upgrade their system, and install nessus from
there.
[...]
> In any case, the policy you call poor and/or stupid is the same for
> Debian, Mandrake or SuSE. Debian has slower release cycles, that's
> all.
In a world where Joe Random has a T1-like internet access at his home
for $40 bucks per month, I really fail to understand the point of
"distributions" vs. "base system with ports".
> It's also a volunteer-based distribution.
> I would also like to see the kind of support a guy running Nessus
> from the ports system in FreeBSD or installing it on RedHat would get from
> either one (I suspect close to 0, i.e. you're on your own).
There are FreeBSD and RedHat user communities. RedHat has a larger
install base than Debian, and if you want support for Nessus, you should
ask it to [EMAIL PROTECTED]
Anyway, we're talking about religious issues, so I suggest we close the
thread (I'll even let you conclude it if you want)
-- Renaud
