Hi all,
I'm trying to do a differential scan on two hosts
on a closed network.
nessusd -d returns the following:
This is Nessus 2.0.8 for Linux 2.4.20-6
compiled with gcc version 3.2.2 20030222 (Red Hat Linux 3.2.2-5)
Current setup :
Experimental session-saving : enabled
Experimental KB saving : enabled
Thread manager : fork
nasl : 2.0.8
libnessus : 2.0.8
SSL support : enabled
SSL is used for client / server communication
Running as euid : 0
I execute nessus (as root) with the following command:
nessus --output-type=xml --batch-mode 192.168.101.81 1241 nessus ****
<targets-file> <results-file>
the .nessusrc file looks like:
# This file was automagically created by nessus
trusted_ca = /usr/local/com/nessus/CA/cacert.pem
nessusd_host = 192.168.101.81
nessusd_user = nessus
paranoia_level = 1
begin(SCANNER_SET)
10180 = yes
10277 = no
10278 = no
10331 = no
10335 = yes
10841 = no
10336 = no
10796 = no
11219 = no
11840 = yes
end(SCANNER_SET)
begin(SERVER_PREFS)
max_hosts = 30
max_checks = 10
log_whole_attack = yes
cgi_path = /cgi-bin:/scripts
port_range = default
optimize_test = yes
language = english
checks_read_timeout = 5
non_simult_ports = 139, 445
plugins_timeout = 320
safe_checks = yes
auto_enable_dependencies = no
use_mac_addr = no
save_knowledge_base = yes
kb_restore = no
only_test_hosts_whose_kb_we_dont_have = no
only_test_hosts_whose_kb_we_have = no
kb_dont_replay_scanners = no
kb_dont_replay_info_gathering = no
kb_dont_replay_attacks = no
kb_dont_replay_denials = no
kb_max_age = 864000
plugin_upload = no
plugin_upload_suffixes = .nasl, .inc
slice_network_addresses = no
save_session = yes
save_empty_sessions = no
host_expansion = ip
ping_hosts = no
reverse_lookup = no
detached_scan = no
continuous_scan = no
unscanned_closed = no
diff_scan = yes
end(SERVER_PREFS)
begin(SERVER_INFO)
server_info_nessusd_version = 2.0.8
server_info_libnasl_version = 2.0.8
server_info_libnessus_version = 2.0.8
server_info_thread_manager = fork
server_info_os = Linux
server_info_os_version = 2.4.20-6
end(SERVER_INFO)
begin(RULES)
end(RULES)
<remainder of file not shown, for brevity>
The diff_scan = yes line was manually edited from
"no" to "yes", before making the runs.
I get the same results on successive runs, but I would
expect the runs subsequent to the first to show little
or no difference, but I am getting 156 ports shown
in the results XML file.
What am I doing wrong, or what is wrong with my
expectations?
Thanks, in advance, for any light you can shed on this.
David Hoos
_______________________________________________
Nessus mailing list
[EMAIL PROTECTED]
http://mail.nessus.org/mailman/listinfo/nessus
