On 10/6/05, Josh Zlatin-Amishav <[EMAIL PROTECTED]> wrote: > On Thu, 6 Oct 2005, PlanAlpha wrote: > > > I've used nessus in the past on Gentoo and never had any issues, but I > > recently loaded Ubuntu on a new system and apt-get'd nessus 2.2.4. > > I've regestered and updated my plugins and scanned a couple class c's > > as I always do, but now it takes about a day where it used to only > > take about an hour, and the reports only show ports that were scanned. > > No vulnerabilites or notes or anything, just ports. I'm pretty sure > > it's all setup the same way as my last system, but I have no idea why > > I'm not getting more in my reports. Any ideas? > > Can you show us the log (nessusd.messages) and your rc config file that > you used for this scan? > > -- > - Josh >
Josh- Here you go: .nessusrc # This file was automagically created by nessus trusted_ca = /var/lib/nessus/CA/cacert.pem nessusd_host = localhost nessusd_user = plan paranoia_level = 1 begin(SCANNER_SET) 10180 = no 10278 = yes 10331 = no 10335 = yes 10841 = no 10336 = no 10796 = no 11219 = no 14259 = yes 14272 = yes 14274 = yes 14663 = no 11840 = yes end(SCANNER_SET) begin(SERVER_PREFS) max_hosts = 20 max_checks = 4 email = root log_whole_attack = yes per_user_base = /var/lib/nessus/users cgi_path = /cgi-bin optimize_test = yes checks_read_timeout = 15 delay_between_tests = 1 test_file = /etc/passwd port_range = default ping_hosts = yes reverse_lookup = yes host_expansion = dns;ip subnet_class = C scan_level = normal outside_firewall = no plugin_upload = no language = english track_iothreads = yes cookie_logpipe_suptmo = 2 auto_enable_dependencies = no silent_dependencies = no save_session = yes save_empty_sessions = no safe_checks = yes use_mac_addr = no unscanned_closed = no save_knowledge_base = yes only_test_hosts_whose_kb_we_dont_have = no only_test_hosts_whose_kb_we_have = no kb_restore = no kb_dont_replay_scanners = no kb_dont_replay_info_gathering = no kb_dont_replay_attacks = no kb_dont_replay_denials = no kb_max_age = 864000 end(SERVER_PREFS) begin(SERVER_INFO) server_info_nessusd_version = 2.2.4 server_info_libnasl_version = 2.2.4 server_info_libnessus_version = 2.2.4 server_info_thread_manager = fork server_info_os = Linux server_info_os_version = 2.6.10 end(SERVER_INFO) begin(RULES) end(RULES) begin(PLUGIN_SET) [...snip. All set to yes...] end(PLUGIN_SET) begin(PLUGINS_PREFS) HTTP NIDS evasion[entry]:HTTP User-Agent = HTTP NIDS evasion[checkbox]:Use HTTP HEAD instead of GET = no HTTP NIDS evasion[radio]:URL encoding = none HTTP NIDS evasion[radio]:Absolute URI type = none HTTP NIDS evasion[radio]:Absolute URI host = none HTTP NIDS evasion[checkbox]:Double slashes = no HTTP NIDS evasion[radio]:Reverse traversal = none HTTP NIDS evasion[checkbox]:Self-reference directories = no HTTP NIDS evasion[checkbox]:Premature request ending = no HTTP NIDS evasion[checkbox]:CGI.pm semicolon separator = no HTTP NIDS evasion[checkbox]:Parameter hiding = no HTTP NIDS evasion[checkbox]:Dos/Windows syntax = no HTTP NIDS evasion[checkbox]:Null method = no HTTP NIDS evasion[checkbox]:TAB separator = no HTTP NIDS evasion[checkbox]:HTTP/0.9 requests = no HTTP NIDS evasion[entry]:Force protocol string : = HTTP NIDS evasion[checkbox]:Random case sensitivity (Nikto only) = no Unknown CGIs arguments torture[checkbox]:Send POST requests = no Services[entry]:Number of connections done in parallel : = 5 Services[entry]:Network connection timeout : = 5 Services[entry]:Network read/write timeout : = 5 Services[entry]:Wrapped service read timeout : = 2 Services[file]:SSL certificate : = Services[file]:SSL private key : = Services[password]:PEM password : = Services[file]:CA file : = Services[radio]:Test SSL based services = All SMB use host SID to enumerate local users[entry]:Start UID : = 1000 SMB use host SID to enumerate local users[entry]:End UID : = 1200 HTTP login page[entry]:Login page : = / HTTP login page[entry]:Login form : = HTTP login page[entry]:Login form fields : = user=%USER%&pass=%PASS% Misc information on News server[entry]:From address : = Nessus <[EMAIL PROTECTED]> Misc information on News server[entry]:Test group name regex : = f[a-z]\.tests? Misc information on News server[entry]:Max crosspost : = 7 Misc information on News server[checkbox]:Local distribution = yes Misc information on News server[checkbox]:No archive = no Login configurations[entry]:HTTP account : = Login configurations[password]:HTTP password (sent in clear) : = Login configurations[entry]:NNTP account : = Login configurations[password]:NNTP password (sent in clear) : = Login configurations[entry]:FTP account : = anonymous Login configurations[password]:FTP password (sent in clear) : = [EMAIL PROTECTED] Login configurations[entry]:FTP writeable directory : = /incoming Login configurations[entry]:POP2 account : = Login configurations[password]:POP2 password (sent in clear) : = Login configurations[entry]:POP3 account : = Login configurations[password]:POP3 password (sent in clear) : = Login configurations[entry]:IMAP account : = Login configurations[password]:IMAP password (sent in clear) : = Login configurations[entry]:SMB account : = Login configurations[password]:SMB password : = Login configurations[entry]:SMB domain (optional) : = Login configurations[checkbox]:Never send SMB credentials in clear text = yes Login configurations[checkbox]:Only use NTLMv2 = no SSH settings[entry]:SSH user name : = root SSH settings[password]:SSH password (unsafe!) : = SSH settings[file]:SSH public key to use : = SSH settings[file]:SSH private key to use : = SSH settings[password]:Passphrase for SSH key : = Kerberos configuration[entry]:Kerberos Key Distribution Center (KDC) : = Kerberos configuration[entry]:Kerberos KDC Port : = 88 Kerberos configuration[radio]:Kerberos KDC Transport : = udp Kerberos configuration[entry]:Kerberos Realm (SSH only) : = SMTP settings[entry]:Third party domain : = example.com SMTP settings[entry]:From address : = [EMAIL PROTECTED] SMTP settings[entry]:To address : = [EMAIL PROTECTED] SNMP settings[entry]:Community name : = public SNMP settings[entry]:UDP port : = 161 Web mirroring[entry]:Number of pages to mirror : = 200 Web mirroring[entry]:Start page : = / Global variable settings[radio]:Network type = Mixed (use RFC 1918) Global variable settings[checkbox]:Enable experimental scripts = no Global variable settings[checkbox]:Thorough tests (slow) = no Global variable settings[radio]:Report verbosity = Verbose Global variable settings[radio]:Report paranoia = Normal Global variable settings[radio]:Log verbosity = Normal Global variable settings[entry]:Debug level = 0 NIDS evasion[radio]:TCP evasion technique = none NIDS evasion[checkbox]:Send fake RST when establishing a TCP connection = no SMB Scope[checkbox]:Request information about the domain = yes ftp writeable directories[radio]:How to check if directories are writeable : = Trust the permissions (drwxrwx---) SMB use domain SID to enumerate users[entry]:Start UID : = 1000 SMB use domain SID to enumerate users[entry]:End UID : = 1200 Nmap (NASL wrapper)[radio]:TCP scanning technique : = connect() Nmap (NASL wrapper)[checkbox]:UDP port scan = yes Nmap (NASL wrapper)[checkbox]:Service scan = yes Nmap (NASL wrapper)[checkbox]:RPC port scan = yes Nmap (NASL wrapper)[checkbox]:Identify the remote OS = yes Nmap (NASL wrapper)[checkbox]:Use hidden option to identify the remote OS = yes Nmap (NASL wrapper)[checkbox]:Fragment IP packets (bypasses firewalls) = yes Nmap (NASL wrapper)[checkbox]:Get Identd info = yes Nmap (NASL wrapper)[checkbox]:Do not randomize the order in which ports are scanned = no Nmap (NASL wrapper)[entry]:Source port : = 53 Nmap (NASL wrapper)[radio]:Timing policy : = Auto (nessus specific!) Nmap (NASL wrapper)[entry]:Host Timeout (ms) : = Nmap (NASL wrapper)[entry]:Min RTT Timeout (ms) : = Nmap (NASL wrapper)[entry]:Max RTT Timeout (ms) : = Nmap (NASL wrapper)[entry]:Initial RTT timeout (ms) : = Nmap (NASL wrapper)[entry]:Ports scanned in parallel (max) = Nmap (NASL wrapper)[entry]:Ports scanned in parallel (min) = Nmap (NASL wrapper)[entry]:Minimum wait between probes (ms) = Nmap (NASL wrapper)[file]:File containing grepable results : = Nmap (NASL wrapper)[checkbox]:Do not scan targets not in the file = no Nmap (NASL wrapper)[entry]:Data length : = Nmap (NASL wrapper)[checkbox]:Run dangerous port scans even if safe checks are set = no Ping the remote host[entry]:TCP ping destination port(s) : = built-in Ping the remote host[checkbox]:Do a TCP ping = yes Ping the remote host[checkbox]:Do an ICMP ping = no Ping the remote host[entry]:Number of retries (ICMP) : = 6 Ping the remote host[checkbox]:Do an applicative UDP ping (DNS,RPC...) = yes Ping the remote host[checkbox]:Make the dead hosts appear in the report = no Ping the remote host[checkbox]:Log live hosts in the report = no end(PLUGINS_PREFS) and as far as nessus.messages, it's too long to post here. I do show many "not errors" though: [Thu Oct 6 12:06:24 2005][20046] user plan : Not launching smb_kb896423.nasl against localhost.localdomain none of the required tcp ports are open (this is not an error) [Thu Oct 6 12:06:24 2005][20046] user tobias : Not launching debian_DSA-401.nasl against localhost.localdomain because the key Host/Debian/dpkg-l is missing (this is not an error) If you'd like more just ask. Thanks again _______________________________________________ Nessus mailing list [email protected] http://mail.nessus.org/mailman/listinfo/nessus
