-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
> On Tue, Dec 16, 2003 at 02:46:07PM +0000, Mark Watts wrote:
> > Any chance you can give me a hint as to what answers to give when using
> > nessus-mkcert-client ? The first question is asking for a 'nessus server
> > "private" directory' - is this /etc/nessus ?
>
> The fact that it's asking you this question means something's not quite
> right.
>
> nessus-mkcert-client needs to access the CA's private key (cakey.pem).
> This should already have been created by nessus-mkcert and should be
> found in the same directory as the server's private key, which was given
> by key_file when you ran "nessusd -s". On my system, that's
> /usr/local/var/nessus/CA, but Mandrake / you may have used a different
> prefix.
>
> Are you running nessus-mkcert-client as root on the same host as the
> nessus daemon? If so, can you find cakey.pem? Where? And if you can,
> does the directory defined by $localstatedir in the script exist on this
> host?
>
>
> George
Currently both the client and the server are running on the same box, and I'm
doing everything from the same root shell I installed nessus with.
It's probably easier if I paste stuff verbatim:
# nessusd -s
plugins_folder = /usr/lib/nessus/plugins
email = [EMAIL PROTECTED]
max_threads = 10
logfile = /var/log/nessus/nessusd.messages
log_whole_attack = yes
dumpfile = /var/log/nessus/nessusd.dmp
rules = /etc/nessus/nessusd.rules
users = /etc/nessus/nessusd.users
test_file = /etc/passwd
cgi_path = /cgi-bin
ping_hosts = yes
reverse_lookup = no
host_expansion = ip
port_range = 1-15000
max_hosts = 1
optimize_test = yes
language = english
negot_timeout = 600
peks_username = nessusd
peks_keylen = 1024
peks_keyfile = /etc/nessus/nessusd.private-keys
peks_usrkeys = /etc/nessus/nessusd.user-keys
peks_pwdfail = 5
track_iothreads = yes
cookie_logpipe = /etc/nessus/nessusd.logpipe
cookie_logpipe_suptmo = 2
checks_read_timeout = 15
delay_between_tests = 1
cert_file = /etc/nessus/CA/servercert.pem
key_file = /etc/nessus/CA/serverkey.pem
ca_file = /etc/nessus/CA/cacert.pem
force_pubkey_auth = yes
config_file = /etc//nessus/nessusd.conf
# grep localstatedir /usr/bin/nessus-mkcert-client
localstatedir=/var/lib
NESSUSPRIV="$localstatedir/nessus/CA"
USERSDIR=$localstatedir/nessus/users
# ls -l /etc/nessus/CA/
total 20
- -rw-r--r-- 1 root root 1578 Dec 15 15:08 cacert.pem
- -rw------- 1 root root 891 Dec 15 15:08 cakey.pem
- -rw-r--r-- 1 root root 4474 Dec 15 15:09 servercert.pem
- -rw------- 1 root root 887 Dec 15 15:09 serverkey.pem
When you install the Mandrake nessus packages, a message goes by saying its
creating a server certificate (which seems to be backed up by the contents of
/etc/nessus/CA
Running nessus-mkcert after the event ultimately generates this:
Congratulations. Your server certificate was properly created.
/etc/nessus/nessusd.conf updated
The following files were created :
. Certification authority :
Certificate = /etc/nessus/CA/cacert.pem
Private key = /etc/nessus/CA/cakey.pem
. Nessus Server :
Certificate = /etc/nessus/CA/servercert.pem
Private key = /etc/nessus/CA/serverkey.pem
Press [ENTER] to exit
# nessus-mkcert-client
Nessus server 'private' directory:
So its still getting confused somehow...
Cheers,
Mark.
- --
Mark Watts
Senior Systems Engineer
QinetiQ TIM
St Andrews Road, Malvern
GPG Public Key ID: 455420ED
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.3 (GNU/Linux)
iD8DBQE/3yZcBn4EFUVUIO0RAtiBAJ4ugXtgmeuEt8qEHasNzSgBZv592QCg9OOt
fgHEZoO2rUcwkZHp2UyfvYI=
=iF+K
-----END PGP SIGNATURE-----
_______________________________________________
Nessus mailing list
[EMAIL PROTECTED]
http://mail.nessus.org/mailman/listinfo/nessus
