Hello folks, after installing 2.0.10 and running nessusd -D I've received these two errors. Any idea?
[24509](/home/burghi/programfiles/lib/nessus/plugins/bagle_remover.nasl) Argument error in function script_category() [24509](/home/burghi/programfiles/lib/nessus/plugins/bagle_remover.nasl) Function usage is : script_category(<category>) Plus the layout of preferences tab is shifted (terribly) :-( thanks -- kamil -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Renaud Deraison Sent: Thursday, January 22, 2004 1:36 AM To: [EMAIL PROTECTED] Subject: Nessus 2.0.10 released [I'm trying to stick to the "newsletter" format for the new releases, that should be more friendly than a changelog :] 1. Nessus 2.0.10 is available ----------------------------- Nessus 2.0.10 should be the last 2.0.x version of Nessus, as all the effort will now be focused on the 2.1.x branch. Here is what is new in 2.0.10. Note that if you run nessus-update-plugins regularly (as you should), then you are probably already using these enhancements. o Service version fingerprinting Perhaps the biggest new feature in Nessus 2.0.10 is the extensive use which is made of the fingerprinting plugins - plugins which can recognize the name and version of the remote service, even if its banner has been changed. While fingerprinting is hardly new, we now use it extensively (especially for web servers), by avoiding to make "useless" checks - for instance, Nessus won't look for buggy php scripts on a web server which is known to not support PHP at all. This results in faster checks and less false positives. I would like to thank everyone who submitted services signatures - please keep them coming ! o Distros doing "backports" of their patches A real nuisance for Nessus users out there are distros which "backport" security fixes (ie: a flaw is discovered in OpenSSH 3.6, and instead of updating their version of OpenSSH to 3.7, the distro maintainers commit the fixes in their 3.6 tree, which makes Nessus think that the server has not been patched). Laurent FACQ came up with a very elegant solution for this, which relies on the fact that every vendor puts some kind of tag next to the version of the service. Nessus should not false positive any more against AltLinux, Apple's MacOSX, Debian, FreeBSD and IBM's Apache. I'm in discussion with other distros to make them include some tag which would help Nessus determine if a service has been patched at all, hopefully they will accept and appear on this list. Here is the full 2.0.10 changelog : . changes by Michel Arboi ([EMAIL PROTECTED]) - WWW fingerprinting - Partially fixed hydra.nes . changes by ([EMAIL PROTECTED]) - IP addresses are now sorted in EVERY reports . changes by Laurent FACQ ([EMAIL PROTECTED]) - Automagically rewrite banners to handle distributions which do backporting of security fixes (ie: Debian) . changes by Renaud Deraison ([EMAIL PROTECTED]) - Fixed MacOS X portability issues - Non-intrusive OS-fingerprinting (based on xprobe's techniques) - DNS fingerprinting - killall -1 nessusd does not restart the bpf server on BSD systems - longer connect() timeout for TCP sockets - Fixed hydra.nes Download Nessus 2.0.10 now at <http://www.nessus.org/download.html> 2. Nessus nominated "best open source product of 2003" by PC Magazine ---------------------------------------------------------------------- PC Magazine nominated Nessus as being one of the three "best open source product" of 2003 : <http://www.pcmag.com/article2/0,4149,1420870,00.asp> This allowed me to discover that PCMag actually did a review of Nessus against other scanners, and Nessus was pinned down for not having good reporting features (which is a little expected - Nessus is a *SCANNER*. It produces data, not beautify it). According to the review, they were impressed by Nessus's ease of installation. That's the advantage of limiting dependencies to third parties libraries - you don't force the user to go "library fishing" for a whole day before they can install it. 3. Nessus 2.2 GUI ----------------- For Nessus 2.2, I have decided to re-write the current GTK client from scratch, so I am running a quick poll. Do you prefer a GUI in : [ ] GTK 2.0 [ ] Qt I'd rather warn you that I am very down on GTK at this time - these guys keep breaking their own API between major versions, which makes my life very difficult to keep everyone happy. Another issue is that if you want to install GTK 2.0, you now have to install a boatload of annex libraries, like pango and other stuff which is updated every day or so. Qt on the other hand as a very stable and clean API, however it requires C++ (which tends to be present where gcc is, but I know of some systems which are still C-only). So I'd like to have the input of as many of you as possible to determine where the GUI thing is going. 4. Nessus.org RSS feeds ----------------------- If you are an RSS addict, then you should know that all the newest Nessus plugins are now available as an RSS feed : <http://www.nessus.org/rss.php> If you don't know what RSS is, read : <http://www.webreference.com/authoring/languages/xml/rss/intro/> That's all for today - take care ! -- Renaud _______________________________________________ Nessus mailing list [EMAIL PROTECTED] http://mail.nessus.org/mailman/listinfo/nessus _______________________________________________ Nessus mailing list [EMAIL PROTECTED] http://mail.nessus.org/mailman/listinfo/nessus
