Thanks for the pointer on strace...
I have a failover system, which I brought on-line (identical scripted Nessus build) and launched the same scan with the same scripts and host file. The scan ran successfully. I copied the .rc configuration file back over to the problem system and it still does not initiate scanning. Thereby, I think, ruling out the possibility of a config file error. As an FYI, cmdline scans are launched as : nessus -c ./$config1 -T nbe -xq 127.0.0.1 1241 USER PASS ./$hostfile ./$outfile
There are no entries stating that a scan is launched or a session is restored.
There are no entries saying that the client disconnected.
Command line client receives message (shown from strace):
ioctl(3, FIONREAD, [0]) = 0
write(2, "Communication closed by server\n", 31) = 31
write(2, "nessus: nessusd abruptly shut the communication down - the test may be incomplete\n", 82) = 82
---- nessusd.messages entries ---
[Wed Sep 21 10:27:19 2005][9304] nessusd 2.2.5. started
[Wed Sep 21 11:29:37 2005][9304] connection from 127.0.0.1
[Wed Sep 21 11:29:37 2005][9891] Client requested protocol version 12.
[Wed Sep 21 11:29:37 2005][9891] successful login of USERNAME from 127.0.0.1
[Wed Sep 21 11:30:29 2005][9891] user USERNAME : session will be saved as /usr/local/var/nessus/users/USERNAME/sessions/20050921-113029-index
[Wed Sep 21 11:31:35 2005][9304] connection from 127.0.0.1
[Wed Sep 21 11:32:39 2005][9304] connection from 127.0.0.1
[Wed Sep 21 11:32:39 2005][9924] Client requested protocol version 12.
[Wed Sep 21 11:32:39 2005][9924] successful login of USERNAME from 127.0.0.1
[Wed Sep 21 11:33:34 2005][9924] user USERNAME : session will be saved as /usr/local/var/nessus/users/USERNAME/sessions/20050921-113334-index
---END OF nessusd.messages---
I've run strace both with and without the SSL (Thanks for the reminder to disable SSL, it made the output much easier to read :)
I'm not seeing anything that I can attribute to the problem.
I suspect I may just have to reload Nessus on that system, but I'd like to know what caused the problem to avoid the situation in the future.
| "George A. Theall"
<[EMAIL PROTECTED]>
Sent by: [EMAIL PROTECTED] 09/20/2005 02:19 PM |
|
On Tue, Sep 20, 2005 at 01:53:46PM -0400, [EMAIL PROTECTED] wrote:
> Daily command line scans stopped working yesterday and I can find no
> entries that reference any problems. This is a scripted process and the
> only change (that I can think of or find) would be the plugins.
...
> I suspect I've apparently screwed something up, but I cannot figure out
> what it is. Any suggestions on what else I can look for?
Try following the nessusd and its child processes with strace while
launching a scan.
Alternatively, it might be useful to reconfigure nessusd to not use SSL
for communications (ie, set "ssl_version = NONE" in the client and
server configs, restart server) and trace the NTP messages sent to the
client.
> nessusd.messages
> ====================
...
> /usr/local/var/nessus/users/USERNAME/sessions/20050920-124431-index
> ........ repeated for each attempt (command line or gui with gui showing
> the actual IP address) ......
Do you see anything like:
user USERNAME starts a new scan...
user USERNAME restores a session...
George
--
[EMAIL PROTECTED]
_______________________________________________
Nessus mailing list
[email protected]
http://mail.nessus.org/mailman/listinfo/nessus
_______________________________________________ Nessus mailing list [email protected] http://mail.nessus.org/mailman/listinfo/nessus
