lo all, i've installed the nessus-1.2.7 port on an openbsd 3.4 stable box and successfully added a user with rules "default accept", but once i log in with a client (nessuswx 1.4.4 from a winxp box on my network) on this user account, i get a server error message about my not being allowed to scan the hosts i listed.
here are the outputs i get when i try to scan the desired hosts (all on my local net; 10.0.0.0/16): from nessuswx 1.4.4: Connecting to server 10.0.1.1 (port 1241) using TLSv1 encrypted connection... SSL connection using DES-CBC3-SHA Using < NTP/1.2 > Connection with the server [10.0.1.1] established. 1148 plugins loaded 142 preferences received 0 rules received Scan started 17-Nov-2004 09:10:59 [SERVER ERROR] These hosts could not be tested because you are not allowed to do so :;10.0.1.5;10.0.1.2;10.0.2.2; Scan finished 00-<-0000 00:00:00 from /var/nessus/logs/nessusd.messages: [Wed Nov 17 09:15:05 2004][1328] Redirecting debugging output to /var/nessus/logs/nessusd.dump [Wed Nov 17 09:15:13 2004][1328] user dick : session will be saved as /var/nessus/users/dick/sessions/20041117-091513-index [Wed Nov 17 09:15:13 2004][1328] user dick starts a new attack. Target(s) : 10.0.1.5,10.0.1.2,10.0.2.2, with max_hosts = 10 [Wed Nov 17 09:15:13 2004][1328] user dick : rejected attempt to scan 10.0.1.5 [Wed Nov 17 09:15:13 2004][1328] user dick : rejected attempt to scan 10.0.1.2 [Wed Nov 17 09:15:13 2004][1328] user dick : rejected attempt to scan 10.0.2.2 [Wed Nov 17 09:15:13 2004][1328] user dick : test complete (there's nothing output to the dump file, contrary to the log) just to be sure, i checked the rules for the user dick and here are the relevant file contents: $ sudo cat /var/nessus/users/dick/auth/rules default accept $ sudo cat /etc/nessus/nessusd.rules # # Nessus rules # # Syntax : accept|reject address/netmask # Accept to test anything : default accept i've searched for others with similar problems and haven't found any fruitful links. all suggestions are welcome. thx for reading, jake y-p _______________________________________________ Nessus mailing list [EMAIL PROTECTED] http://mail.nessus.org/mailman/listinfo/nessus
