> On Wed, Nov 10, 2004 at 02:54:17PM -0600, Sawall, Christopher L wrote:
> > > Looks like the nessusd process is crashing. Can you run
> > > strace on it after you start another scan? That might suggest
> > > the cause of the problem.
> >
> > I did this, but data is flying past at an unbelievable
> rate. Here is
> > a small sample:
>
> The last 20 or so lines should have the interesting bits.
I think I have what you want now. If you want the whole strace, let me
know.
It started up, and a bunch of data went by. Eventually, it got to this
point and hung for about 40 - 50 minutes.
write(3, "\27\3\1\0 \210\354\1_0\270\261>\7,\303-\372e/\247\205\265"...,
37) = 37
rt_sigaction(SIGPIPE, {SIG_IGN}, {0x8053800, [PIPE],
SA_RESTORER|SA_RESTART, 0x2f2f38}, 8) = 0
write(3, "\27\3\1\0 \300I=\1{\275\274\325J\202\365N\205\27\36\204"...,
37) = 37
munmap(0xf6d9f000, 278528) = 0
gettimeofday({1100181913, 305348}, NULL) = 0
open("/tmp/nessus-7yE4sH", O_RDWR|O_CREAT|O_EXCL, 0600) = 5
fchmod(5, 0600) = 0
rt_sigaction(SIGTERM, {0x8053ca0, [TERM], SA_RESTORER|SA_RESTART,
0x2f2f38}, {0x8053878, [TERM], SA_RESTORER|SA_RESTART, 0x2f2f38}, 8) = 0
select(4, [3], [3], NULL, {1, 0}) = 1 (out [3], left {1, 0})
read(3, "\27\3\1\0`", 5) = 5
read(3, "\234\235\33\270\276\5b35M\212e\205Pl\360\251\244\345\6"..., 96)
= 96
lseek(5, 0, SEEK_END) = 0
write(5, "timestamps||", 12) = 12
write(5, "", 0) = 0
write(5, "|", 1) = 1
write(5, "scan_start", 10) = 10
write(5, "|", 1) = 1
write(5, "Thu Nov 11 08:05:13 2004", 24) = 24
write(5, "|", 1) = 1
write(5, "\n", 1) = 1
select(4, [3], [3], NULL, {1, 0}) = 1 (out [3], left {1, 0})
read(3,
After that time, it eventually finished up. Here are the last set of
lines (with some lines duplicated from above.
open("/tmp/nessus-7yE4sH", O_RDWR|O_CREAT|O_EXCL, 0600) = 5
fchmod(5, 0600) = 0
rt_sigaction(SIGTERM, {0x8053ca0, [TERM], SA_RESTORER|SA_RESTART,
0x2f2f38}, {0x8053878, [TERM], SA_RESTORER|SA_RESTART, 0x2f2f38}, 8) = 0
select(4, [3], [3], NULL, {1, 0}) = 1 (out [3], left {1, 0})
read(3, "\27\3\1\0`", 5) = 5
read(3, "\234\235\33\270\276\5b35M\212e\205Pl\360\251\244\345\6"..., 96)
= 96
lseek(5, 0, SEEK_END) = 0
write(5, "timestamps||", 12) = 12
write(5, "", 0) = 0
write(5, "|", 1) = 1
write(5, "scan_start", 10) = 10
write(5, "|", 1) = 1
write(5, "Thu Nov 11 08:05:13 2004", 24) = 24
write(5, "|", 1) = 1
write(5, "\n", 1) = 1
select(4, [3], [3], NULL, {1, 0}) = 1 (out [3], left {1, 0})
read(3, "", 5) = 0
select(4, [3], NULL, NULL, {2, 0}) = 1 (in [3], left {2, 0})
ioctl(3, FIONREAD, [0]) = 0
write(2, "Communication closed by server\n", 31Communication closed by
server
) = 31
write(2, "nessus: nessusd abruptly shut th"..., 82nessus: nessusd
abruptly shut the communication down - the test may be incomplete
) = 82
open("test03.nbe", O_RDWR|O_CREAT|O_TRUNC, 0600) = 6
lseek(5, 0, SEEK_SET) = 0
fstat64(5, {st_mode=S_IFREG|0600, st_size=50, ...}) = 0
read(5, "timestamps|||scan_start|Thu Nov "..., 4096) = 50
write(6, "timestamps|||scan_start|Thu Nov "..., 50) = 50
close(6) = 0
close(5) = 0
unlink("/tmp/nessus-7yE4sH") = 0
exit_group(0) = ?
Just to see what was running, I did the following:
ps -ef |grep ness
root 4739 1 0 08:00 ? 00:00:00 nessusd: waiting for
incoming connections
root 5231 2036 0 09:04 pts/1 00:00:00 grep ness
Prior to the scan finishing, this was the output:
root 4739 1 0 08:00 ? 00:00:00 nessusd: waiting for
incoming connections
root 4835 4795 51 08:04 pts/4 00:00:10 strace nessus -c
/root/.nessusrc -T nbe -V localhost 1241 amerenscan PWD testhost
root 4836 4835 47 08:04 pts/4 00:00:09 nessus -c
/root/.nessusrc -T nbe -V localhost 1241 testhosts
test0
root 4837 4739 40 08:04 ? 00:00:08 nessusd: serving
127.0.0.1
root 4839 2036 0 08:04 pts/1 00:00:00 ps -ef
Let me know if you need anything else.
Thanks,
Chris
*******************************
The information contained in this message may be privileged and/or confidential
and
protected from disclosure. If the reader of this message is not the intended
recipient,
or an employee or agent responsible for delivering this message to the intended
recipient,
you are hereby notified that any dissemination, distribution or copying of this
communication is strictly prohibited. Note that any views or opinions presented
in this
message are solely those of the author and do not necessarily represent those
of Ameren.
All emails are subject to monitoring and archival. Finally, the recipient
should check
this message and any attachments for the presence of viruses. Ameren accepts no
liability
for any damage caused by any virus transmitted by this email. If you have
received this in
error, please notify the sender immediately by replying to the message and
deleting the
material from any computer. Ameren Corporation
*******************************
_______________________________________________
Nessus mailing list
[EMAIL PROTECTED]
http://mail.nessus.org/mailman/listinfo/nessus
