Hi, Looking at [..path]/nessus/logs/nessusd.messages is sometimes better than verbose option.
Warm Regards Nitin Shingari [EMAIL PROTECTED] -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of [EMAIL PROTECTED] Sent: Monday, November 20, 2006 10:30 PM To: [email protected] Subject: Nessus Digest, Vol 37, Issue 18 Send Nessus mailing list submissions to [email protected] To subscribe or unsubscribe via the World Wide Web, visit http://mail.nessus.org/mailman/listinfo/nessus or, via email, send a message with subject or body 'help' to [EMAIL PROTECTED] You can reach the person managing the list at [EMAIL PROTECTED] When replying, please edit your Subject line so it is more specific than "Re: Contents of Nessus digest..." Today's Topics: 1. Re: Nessus plugins update failure (Ferdy Riphagen) 2. Nessus Scans host without any plugins and port scanners selected. (tech tech) 3. Application Fingerprinting & Reporting (Asthana, Vishal) 4. Re: Relating CVE IDs in Nessus Plugins (Shingari, Nitin V.) 5. Re: Need assistance in testing Nessus (George A. Theall) 6. Plugin ID : 10930 Question ([EMAIL PROTECTED]) 7. Re: Export/Import Policies with Nessus Windows (George A. Theall) 8. Re: losing configuration (listening interface) when updating Nessus3 (Renaud Deraison) 9. Re: Nessusd 3.0.3 not updating every 24 hours (George A. Theall) 10. Re: Application Fingerprinting & Reporting (Doug Nordwall) 11. Re: Nessus plugins update failure (George A. Theall) ---------------------------------------------------------------------- Message: 1 Date: Sun, 19 Nov 2006 18:51:11 +0100 From: Ferdy Riphagen <[EMAIL PROTECTED]> Subject: Re: Nessus plugins update failure To: [email protected] Message-ID: <[EMAIL PROTECTED]> Content-Type: text/plain; charset=ISO-8859-1; format=flowed try running it as ./nessus-update-plugins -vv (or sh -x nessus-update-plugins) too see more info on possible errors. --Ferdy-- BCC wrote: > Currently running Nessus 2.2.8 > > Whenever I try updating the plugins by running > sh nessus-update-plugins > > I get the error error > Something went wrong when installing the plugins - uncompressing the > plugins archive failed. > > Is there a solution to this problem which seems to prevalent with > users other than those who have the 3.0 subscription version of nessus? > > _______________________________________________ > Nessus mailing list > [email protected] > http://mail.nessus.org/mailman/listinfo/nessus > > > ------------------------------ Message: 2 Date: Mon, 20 Nov 2006 04:48:09 +0000 (GMT) From: tech tech <[EMAIL PROTECTED]> Subject: Nessus Scans host without any plugins and port scanners selected. To: [email protected] Message-ID: <[EMAIL PROTECTED]> Content-Type: text/plain; charset=iso-8859-1 hi.. Nessus: Version 3.0.3 OS: linux Nessus Client: NessusWX 1.4.5 The problem is that nessus scans host even if any of the plugins.. port scanners are not selected.. i disabled all the options, disabled all port scanners as well as pluging. even then scan gets complete and showing all the vulnerabilities. What could be the problem.. Thanks Send instant messages to your online friends http://uk.messenger.yahoo.com ------------------------------ Message: 3 Date: Mon, 20 Nov 2006 11:51:54 +0530 From: "Asthana, Vishal" <[EMAIL PROTECTED]> Subject: Application Fingerprinting & Reporting To: <[email protected]> Message-ID: <[EMAIL PROTECTED]> Content-Type: text/plain; charset="us-ascii" Hi, Is there any Nessus plugin that helps report Application names and versions e.g. Internet Explorer, Yahoo, Firefox etc? There are Application DETECTION plugins for the same but the post-scan operation does not report the specific Application installed. It only reports FTP Server, Web Server, Oracle Listener etc. I have already referred to the following old threads and ensured that find_service.nes was part of the scan. http://mail.nessus.org/mailman/htdig/nessus/2004-February/msg00302.html http://mail.nessus.org/mailman/htdig/nessus/2004-February/msg00218.html I have also tried using Nmap scanner instead of the Nessus TCP scanner with the same results. http://www.nessus.org/documentation/index.php?doc=nmap-usage Any pointers would be helpful. Thanks Vishal -------------- next part -------------- An HTML attachment was scrubbed... URL: http://mail.nessus.org/pipermail/nessus/attachments/20061120/f2fae9cd/attachment.html ------------------------------ Message: 4 Date: Mon, 20 Nov 2006 16:53:31 +0530 From: "Shingari, Nitin V." <[EMAIL PROTECTED]> Subject: Re: Relating CVE IDs in Nessus Plugins To: <[email protected]> Message-ID: <[EMAIL PROTECTED]> Content-Type: text/plain; charset=US-ASCII Hi George, Coincidently there is only One such plug-in. Namely: smb_nt_ms04-011.nasl Warm Regards Nitin Shingari [EMAIL PROTECTED] -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of [EMAIL PROTECTED] Sent: Tuesday, November 14, 2006 10:30 PM To: [email protected] Subject: Nessus Digest, Vol 37, Issue 12 Send Nessus mailing list submissions to [email protected] To subscribe or unsubscribe via the World Wide Web, visit http://mail.nessus.org/mailman/listinfo/nessus or, via email, send a message with subject or body 'help' to [EMAIL PROTECTED] You can reach the person managing the list at [EMAIL PROTECTED] When replying, please edit your Subject line so it is more specific than "Re: Contents of Nessus digest..." Today's Topics: 1. Nessus 3 logging.. (Paul Hanson) 2. any news on profilesRe: Plugin 16192 (Darko Gavrilovic) 3. flash install left part of old version behind (Bob Babcock) 4. Re: flash install left part of old version behind (George A. Theall) 5. ms msde sql database server version detected incorrectly (Ward Taylor) 6. False negatives? (felix lin) 7. Relating CVE IDs in Nessus Plugins (Shingari, Nitin V.) 8. Re: False negatives? (George A. Theall) 9. Re: Nessus 3 logging.. (George A. Theall) 10. Re: Information about this scan (George A. Theall) 11. Re: Relating CVE IDs in Nessus Plugins (George A. Theall) 12. Inconsistent results for VNC (Bob Babcock) 13. Re: Inconsistent results for VNC (Michel Arboi) 14. Re: Inconsistent results for VNC (Michel Arboi) ---------------------------------------------------------------------- Message: 1 Date: Mon, 13 Nov 2006 10:40:16 -0600 From: "Paul Hanson" <[EMAIL PROTECTED]> Subject: Nessus 3 logging.. To: <[email protected]> Message-ID: <[EMAIL PROTECTED]> Content-Type: text/plain; charset="us-ascii" Does nessus 3.0 allow for logging of results directly into a MySql database? I now various clients support this, but does the server or nesssusd support this? It would definitely be nice to fire off cron jobs for scheduled tests and then mine a mysql database for reports. Thanks, Paul -------------- next part -------------- An HTML attachment was scrubbed... URL: http://mail.nessus.org/pipermail/nessus/attachments/20061113/8cd6cbd2/at tachment.html ------------------------------ Message: 2 Date: Mon, 13 Nov 2006 14:13:09 -0500 From: Darko Gavrilovic <[EMAIL PROTECTED]> Subject: any news on profilesRe: Plugin 16192 Cc: [email protected] Message-ID: <[EMAIL PROTECTED]> Content-Type: text/plain; charset=ISO-8859-1 Hi, I snooped through the list archives and web site. Can't seem to see an update on the pofiles quesitons? Are profiles implemented? Will they be? What I would like to do is save plugin combinations with which to scan hosts. The goal of this is to reduce the length of the reports and make it a little more presentable to non-techs. cheers, dg ------------------------------ Message: 3 Date: Mon, 13 Nov 2006 15:24:58 -0500 (EST) From: Bob Babcock <[EMAIL PROTECTED]> Subject: flash install left part of old version behind To: [email protected] Message-ID: <[EMAIL PROTECTED]> Scanning a win/xp machine with Windows Nessus, plugin 11952 says the flash version is older than 7.0.19.0, but Shavlik says the version is 7.0.68.0. Looking closer, I find flash7a.ocx 7.0.68.0 flash.ocx 6.0.79.0 in \windows\system32\macromed\flash. Looks like the install of version 7 didn't remove all of version 6 and the plugin is seeing the old version. (I modified the plugin to display the version number and got 6.0.79.0.) The registry entry at HKEY_LOCAL_MACHINE\SOFTWARE\Macromedia\FlashPlayer\CurrentVersion says 7,0,68,0. Unless there's some way the old, vulnerable flash can be triggered, I think the plugin should ignore the old file. ------------------------------ Message: 4 Date: Mon, 13 Nov 2006 17:17:07 -0500 From: "George A. Theall" <[EMAIL PROTECTED]> Subject: Re: flash install left part of old version behind To: [email protected] Message-ID: <[EMAIL PROTECTED]> Content-Type: text/plain; charset=ISO-8859-1; format=flowed On Mon, Nov 13, 2006 at 03:24:58PM -0500, Bob Babcock wrote: > Scanning a win/xp machine with Windows Nessus, plugin 11952 says the flash > version is older than 7.0.19.0, but Shavlik says the version is 7.0.68.0. > Looking closer, I find > flash7a.ocx 7.0.68.0 > flash.ocx 6.0.79.0 > in \windows\system32\macromed\flash. Thanks, I modified plugin #11952, which handles detection, to check for flash7a.ocx before flash.ocx; that should correct this issue. The change should be available via nessus-update-plugins later tonight. George -- [EMAIL PROTECTED] ------------------------------ Message: 5 Date: Mon, 13 Nov 2006 16:58:57 -0600 From: Ward Taylor <[EMAIL PROTECTED]> Subject: ms msde sql database server version detected incorrectly To: [email protected] Message-ID: <[EMAIL PROTECTED]> Content-Type: text/plain; charset=ISO-8859-1 Hi I find that plugin 11217 incorrectly identifies our msde databases as being version 8.00.2039 when a "select @@version" on the server returns 8.00.2187. 2187 is the version that it should be with sp4 and hotfix KB916287 applied. This is on a box with windows xp sp2, and also one with windows 2000 server, same patches, same report from nessus. Thanks a lot ------------------------------ Message: 6 Date: Mon, 13 Nov 2006 11:35:02 -0600 From: "felix lin" <[EMAIL PROTECTED]> Subject: False negatives? To: <[email protected]> Message-ID: <[EMAIL PROTECTED]> Content-Type: text/plain; charset="us-ascii" Running Nessus 3.0.0 on Fedora Core 4. It was working fine, but recently started giving false negatives. Specifically, it will only report vulnerabilities for 11890 (Messenger Service). Using NessusWX client, which is telling me that it is scanning more than that port on each host. Anybody else seen this before? felix lin -------------- next part -------------- An HTML attachment was scrubbed... URL: http://mail.nessus.org/pipermail/nessus/attachments/20061113/9e8c05f6/at tachment.htm ------------------------------ Message: 7 Date: Tue, 14 Nov 2006 11:11:18 +0530 From: "Shingari, Nitin V." <[EMAIL PROTECTED]> Subject: Relating CVE IDs in Nessus Plugins To: <[email protected]> Cc: "Shingari, Nitin V." <[EMAIL PROTECTED]> Message-ID: <[EMAIL PROTECTED] com> Content-Type: text/plain; charset="us-ascii" Hi, In Nessus plug-ins CVE IDs are written in script_cve_id (...). In some plug-ins few CVE IDs are mentioned with IF conditions like: if(defined_func("script_xref"))script_xref(name:"CVE", value:"CVE-2003-0533"); if(defined_func("script_xref"))script_xref(name:"CVE", value:"CVE-2003-0663"); Can we relate CVE ID with the plug-in if it's mentioned in IF condition but not in script_cve_id tag? To make my question clearer, below is the small section of a plug-in: ------------------------------------------------------------------------ ----------------------------------------------------- # # (C) Tenable Network Security # if(description) { script_id(12205); script_bugtraq_id(10111, 10113, 10117, 10119, 10122, 10124, 10125); script_cve_id( "CVE-2003-0907", "CVE-2003-0908", "CVE-2003-0909", "CVE-2003-0910", "CVE-2004-0117", "CVE-2004-0118", "CVE-2004-0119", "CVE-2004-0121"); if(defined_func("script_xref"))script_xref(name:"CVE", value:"CVE-2003-0533"); if(defined_func("script_xref"))script_xref(name:"CVE", value:"CVE-2003-0663"); if(defined_func("script_xref"))script_xref(name:"CVE", value:"CVE-2003-0719"); if(defined_func("script_xref"))script_xref(name:"CVE", value:"CVE-2003-0806"); if(defined_func("script_xref"))script_xref(name:"CVE", value:"CVE-2003-0906"); if(defined_func("script_xref"))script_xref(name:"IAVA", value:"2004-A-0006"); script_version("$Revision: 1.17 $"); ------------------------------------------------------------------------ ----------------------------------------------------- In the above script "CVE-2003-0533", "CVE-2003-0663"... are not mentioned in script_cve_id(...) so can we relate these CVE IDs with the plug-in? Warm Regards Nitin Shingari -------------- next part -------------- An HTML attachment was scrubbed... URL: http://mail.nessus.org/pipermail/nessus/attachments/20061114/bc8dbca0/at tachment.htm ------------------------------ Message: 8 Date: Tue, 14 Nov 2006 08:44:30 -0500 From: "George A. Theall" <[EMAIL PROTECTED]> Subject: Re: False negatives? To: [email protected] Message-ID: <[EMAIL PROTECTED]> Content-Type: text/plain; charset=ISO-8859-1; format=flowed On Mon, Nov 13, 2006 at 11:35:02AM -0600, felix lin wrote: > Running Nessus 3.0.0 on Fedora Core 4. It was working fine, but > recently started giving false negatives. Do you know when the change occurred? What if anything changed in the Nessus environment (eg, plugin updates, scan configs)? Have you looked at Nessus' logs and/or KBs for the affected hosts to see if they contain any clues? > Specifically, it will only > report vulnerabilities for 11890 (Messenger Service). Using NessusWX > client, which is telling me that it is scanning more than that port on > each host. Have you verified that the remote hosts are still running additional services that Nessus should pick up? Is the scanned running afoul of any sort of IPS? Have you done a packet capture while running a scan to see what traffic is being exchanged? George -- [EMAIL PROTECTED] ------------------------------ Message: 9 Date: Tue, 14 Nov 2006 09:29:14 -0500 From: "George A. Theall" <[EMAIL PROTECTED]> Subject: Re: Nessus 3 logging.. To: [email protected] Message-ID: <[EMAIL PROTECTED]> Content-Type: text/plain; charset=ISO-8859-1; format=flowed On Mon, Nov 13, 2006 at 10:40:16AM -0600, Paul Hanson wrote: > Does nessus 3.0 allow for logging of results directly into a MySql > database? No. > I now various clients support this, but does the server or nesssusd > support this? It would definitely be nice to fire off cron jobs for > scheduled tests and then mine a mysql database for reports. NessusWX can output results to a MySQL database, but that runs on Windows and its support of commandline usage is lacking. The Unix clients can generate SQL statements for the list of plugins on a server as well as preferences but not results to a database. You could look into saving results from the Unix commandline client as, say, NBE, and then using that to populate your database. Inprotect, http://www.inprotect.com/, is an open-source solution that reportedly uses this approach. Or you could go with Security Center, http://www.tenablesecurity.com/products/sc.shtml, a commercial product from Tenable. George -- [EMAIL PROTECTED] ------------------------------ Message: 10 Date: Tue, 14 Nov 2006 10:00:49 -0500 From: "George A. Theall" <[EMAIL PROTECTED]> Subject: Re: Information about this scan To: [email protected] Message-ID: <[EMAIL PROTECTED]> Content-Type: text/plain; charset=ISO-8859-15; format=flowed On Sat, Nov 11, 2006 at 05:41:20PM +0100, p.0155 wrote: > Hello everyone, I'm using the latest version of Nessus on Linux (Fedora > 5) and WindowsXP. "Latest version" is confusing... there are currently two branches of Nessus, 2.2.x and 3.x, and I woudln't be surprised if the latest packaged version of Nessus for FC5 is not necessarily that same as what we make available. > Sometimes my reports displays "Information about this scan" and > sometimes this information is missing, even if I use the same > configuration, the same target, the same Nessus server and the same > Nessus client. > Can anybody tell me why? Do you have KB saving enabled? If so, you may want to look at the various associated settings. George -- [EMAIL PROTECTED] ------------------------------ Message: 11 Date: Tue, 14 Nov 2006 10:29:02 -0500 From: "George A. Theall" <[EMAIL PROTECTED]> Subject: Re: Relating CVE IDs in Nessus Plugins To: [email protected] Message-ID: <[EMAIL PROTECTED]> Content-Type: text/plain; charset=windows-1252; format=flowed On Tue, Nov 14, 2006 at 11:11:18AM +0530, Shingari, Nitin V. wrote: > In Nessus plug-ins CVE IDs are written in script_cve_id (...). > > In some plug-ins few CVE IDs are mentioned with IF conditions like: > *if(defined_func("script_xref"))script_xref(name:"CVE", > value:"CVE-2003-0533");* > > *if(defined_func("script_xref"))script_xref(name:"CVE", > value:"CVE-2003-0663");* > > Can we relate *CVE ID *with the plug-in if it's mentioned in IF > condition but not in *script_cve_id* tag? Yes. Older versions of Nessus (pre 2.2.x, I believe) had issues if there were more than 8 ids in a call to script_cve_id(). So if a plugin corresponded to more than that, additional ones would be added using script_xref(). The report should still lists all [unless you're running with a version of Nessus that didn't support script_xref(), which is the reason for the 'if(defined_func("script_xref"))']. I'll adjust this particular plugin shortly to collect all the CVE ids together since no one should be using Nessus 2.0 any longer. If you're aware of any similar plugins, let me know please. George -- [EMAIL PROTECTED] ------------------------------ Message: 12 Date: Tue, 14 Nov 2006 11:14:00 -0500 (EST) From: Bob Babcock <[EMAIL PROTECTED]> Subject: Inconsistent results for VNC To: [email protected] Message-ID: <[EMAIL PROTECTED]> I'm getting inconsistent results scanning with plugin 19288 (VNC security types). Scanning the same machines, I sometimes get: The remote VNC server chose security type #0 (Invalid) Any user can connect to it without authentication, and thus take control of this machine. and other times get: The remote VNC server chose security type #2 (VNC authentication) I'm scanning with Windows Nessus 3.0.4 build W306. Target machines are Win/2K or Win/XP with RealVNC 3.3.7. I can make VNC connections to the target machines using a password, and if I try to clear the password with this version of VNC, it says it won't accept connections with no password. I think I always get security type #0 for localhost. ------------------------------ Message: 13 Date: Tue, 14 Nov 2006 17:46:14 +0100 From: Michel Arboi <[EMAIL PROTECTED]> Subject: Re: Inconsistent results for VNC To: [EMAIL PROTECTED] Cc: [email protected] Message-ID: <[EMAIL PROTECTED]> Content-Type: text/plain; charset="us-ascii" On Tue Nov 14 2006 at 17:14, Bob Babcock wrote: > The remote VNC server chose security type #0 (Invalid) > Any user can connect to it without authentication, and thus take > control of this machine. > and other times get: [snip] Try applying this patch (or wait for a while and run nessus-update-plugins). The script should be more robust. -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: text/x-patch Size: 527 bytes Desc: not available Url : http://mail.nessus.org/pipermail/nessus/attachments/20061114/550bca9f/at tachment.bin ------------------------------ Message: 14 Date: Tue, 14 Nov 2006 17:58:59 +0100 From: Michel Arboi <[EMAIL PROTECTED]> Subject: Re: Inconsistent results for VNC To: [EMAIL PROTECTED] Cc: [email protected] Message-ID: <[EMAIL PROTECTED]> Content-Type: text/plain; charset=us-ascii On Tue Nov 14 2006 at 17:46, Michel Arboi wrote: > Try applying this patch Oops. Forget it, I read the code too quickly. No, the script was fine. Security type 0 does not exist and should not be returned by a VNC server. This is odd. If possible, sniff the trafic... ------------------------------ _______________________________________________ Nessus mailing list [email protected] http://mail.nessus.org/mailman/listinfo/nessus End of Nessus Digest, Vol 37, Issue 12 ************************************** ------------------------------ Message: 5 Date: Mon, 20 Nov 2006 09:03:47 -0500 From: "George A. Theall" <[EMAIL PROTECTED]> Subject: Re: Need assistance in testing Nessus To: [email protected] Message-ID: <[EMAIL PROTECTED]> Content-Type: text/plain; charset=ISO-8859-1; format=flowed On Fri, Nov 17, 2006 at 02:29:03PM -0800, Christina Davis wrote: > We have downloaded and installed the free version of Nessus 3 for Windows > to test in our environment. It looks like it would be a useful tool for > audit purposes. We are able to run port scans, but not retrieve windows > user information using the Windows: user management plug in family. We were > wondering if this is only available with the subscription, or are we > missing something here.. Nessus 3 for Windows is distributed with checks in the "Windows : User management" family. Even if you don't have a registered / direct feed, you can still use them. As Tim Doty already mentioned, make sure you provide credentials to log on to Windows machines remotely. With the Windows server, you do this by first adding a new policy and then editing the settings for credentials as discussed in our white paper here: http://www.nessus.org/documentation/nessus_credential_checks.pdf Btw, note that while you can technically continue to use the download, you will not get any updates / new plugins that we write unless you register or purchase a direct feed. And our compliance checks are only available to direct feed customers. George -- [EMAIL PROTECTED] ------------------------------ Message: 6 Date: Mon, 20 Nov 2006 14:55:09 +0000 From: [EMAIL PROTECTED] Subject: Plugin ID : 10930 Question To: [email protected] (Nessus) Message-ID: <[EMAIL PROTECTED]> Hello everyone I have some concerns with a scan of a Windows 2003 SP1 Server running McAfee ePolicy Orchestrtor client 3.5.5.438 the version of Nessus used is 3.0.3 Build W334 with plug ins update today (Nov 20). I recieve the following hole reported in both an administrative and a non administrative scan (8081/tcp) It was possible to freeze or reboot Windows by reading a MS/DOS device through HTTP, using a file name like CON\CON, AUX.htm or AUX. A cracker may use this flaw to make your system crash continuously, preventing you from working properly. Solution: upgrade your system or use a HTTP server that filters those names out. Risk Factor : High CVE : CVE-2001-0386, CVE-2001-0493, CVE-2001-0391, CVE-2001-0558, CVE-2002-0200, CVE-2000-0168, CVE-2003-0016, CVE-2001-0602 BID : 1043, 2575, 2608, 2622, 2649, 2704, 3929, 6659, 6662 Plugin ID : 10930 It looks like plug in 10930 tries to enumerate a Apache < 2.0.44 CVE-2003-0016 - Apache before 2.0.44, when running on unpatched Windows 9x and Me operating systems Can anyone show/point me to a way that I can verify this manually? I believe this is a false postive, but I believe ePolicy Orchestrtor using some version of Apache I would like to find out. The server doesn't crash continuously Telnet shows HTTP/1.0 Server: Agent-ListenServer-HttpSvr/1.0 Date: Mon, 20 Nov 2006 12:54:16 GMT Thanks in advance --John ------------------------------ Message: 7 Date: Mon, 20 Nov 2006 10:29:38 -0500 From: "George A. Theall" <[EMAIL PROTECTED]> Subject: Re: Export/Import Policies with Nessus Windows To: [email protected] Message-ID: <[EMAIL PROTECTED]> Content-Type: text/plain; charset=ISO-8859-1; format=flowed On Wed, Nov 15, 2006 at 04:39:04PM -0500, [EMAIL PROTECTED] wrote: > I am running Nessus Windows 3.0.4 Build W306 installed on a Windows XP > workstation. I am planning to install Nessus Windows on a Windows 2003 > Server and would like to export/import the policies I've created. Is > there a way to do that? Policies that you've created are stored in 'C:\Documents and Settings\Administrator\Tenable\Nessus\config', with file type '.conf'. You can copy them from one Windows server to another without any issues. George -- [EMAIL PROTECTED] ------------------------------ Message: 8 Date: Mon, 20 Nov 2006 16:32:02 +0100 From: Renaud Deraison <[EMAIL PROTECTED]> Subject: Re: losing configuration (listening interface) when updating Nessus3 To: Nessus List <[email protected]> Message-ID: <[EMAIL PROTECTED]> Content-Type: text/plain; charset=UTF-8; format=flowed Hi Martin, On Nov 12, 2006, at 9:28 PM, Martin MaÄok wrote: > I need to configure Nessus to listen only on loopback interface and > the only way (afaik) to do it is editing nessusd startup script. Last > time I upgraded from Nessus-3.0.2 to Nessus-3.0.4 I overlooked that > the script was replaced and my Nessus server went accessible from the > outside. > > I would like to be able to set listening interface and be sure that > when Nessus is upgraded it keeps this configuration. Would it be > possible to do at least one of the following? > [...] > 3) adding nessusd.conf option that sets interface nessusd will listen > on We'll add this one in Nessus 3.0.5. Thanks, -- Renaud ------------------------------ Message: 9 Date: Mon, 20 Nov 2006 11:32:46 -0500 From: "George A. Theall" <[EMAIL PROTECTED]> Subject: Re: Nessusd 3.0.3 not updating every 24 hours To: [email protected] Message-ID: <[EMAIL PROTECTED]> Content-Type: text/plain; charset=ISO-8859-1; format=flowed On Fri, Nov 17, 2006 at 09:21:54AM -0500, Kelly, Jim wrote: > Nessusd 3.0.3 > It is configured to update plugins every 24 hours, but as you can see > from November's logs it isn't: > [Wed Nov 1 08:46:53 2006][10796] nessusd-update: started. Will update > plugins every 24 hours > [Sun Nov 5 04:37:32 2006][12934] nessusd-update: started. Will update > plugins every 24 hours ... > Now I'm not sure what, if anything, I should be looking for in > nessusd.dump. Can anyone tell me what could be causing this? Was nessusd running during this time? [For example, what do you see if you grep nessusd.messages for "started"?] Do you see "nessusd-update" in the list of running processes while nessusd itself is running? George -- [EMAIL PROTECTED] ------------------------------ Message: 10 Date: Mon, 20 Nov 2006 08:44:31 -0800 From: "Doug Nordwall" <[EMAIL PROTECTED]> Subject: Re: Application Fingerprinting & Reporting To: "Asthana, Vishal" <[EMAIL PROTECTED]> Cc: [email protected] Message-ID: <[EMAIL PROTECTED]> Content-Type: text/plain; charset="iso-8859-1" Try using a credentialed check. Those will find local applications and tell you versions. A non-credentialled check normally just hits the ports and can often only tell version from the banners of externally listening applications On 11/19/06, Asthana, Vishal <[EMAIL PROTECTED]> wrote: > > Hi, > > > > Is there any Nessus plugin that helps report *Application names and > versions* e.g. Internet Explorer, Yahoo, Firefox etc? There are > Application *DETECTION* plugins for the same but the post-scan operation > does not report the *specific Application installed*. It only reports FTP > Server, Web Server, Oracle Listener etc. > > > > I have already referred to the following old threads and ensured that * > find_service.nes* was part of the scan. > > > > http://mail.nessus.org/mailman/htdig/nessus/2004-February/msg00302.html > > http://mail.nessus.org/mailman/htdig/nessus/2004-February/msg00218.html > > > > I have also tried using *Nmap scanner* instead of the Nessus TCP scanner > with the same results. > > http://www.nessus.org/documentation/index.php?doc=nmap-usage > > > > Any pointers would be helpful. > > > > Thanks > > Vishal > > > > _______________________________________________ > Nessus mailing list > [email protected] > http://mail.nessus.org/mailman/listinfo/nessus > > -- Doug Nordwall Unix, Network, and Security Administrator Noise proves nothing. Often a hen who has merely laid an egg cackles as if she laid an asteroid. -- Mark Twain -------------- next part -------------- An HTML attachment was scrubbed... URL: http://mail.nessus.org/pipermail/nessus/attachments/20061120/ca44fb8e/attachment.htm ------------------------------ Message: 11 Date: Mon, 20 Nov 2006 11:45:33 -0500 From: "George A. Theall" <[EMAIL PROTECTED]> Subject: Re: Nessus plugins update failure To: [email protected] Message-ID: <[EMAIL PROTECTED]> Content-Type: text/plain; charset=ISO-8859-1; format=flowed On Sun, Nov 19, 2006 at 11:18:15AM -0500, BCC wrote: > Currently running Nessus 2.2.8 > > Whenever I try updating the plugins by running > sh nessus-update-plugins > > I get the error error > Something went wrong when installing the plugins - uncompressing the > plugins archive failed. That error message suggests you have a version of Nessus older than 2.2.1 installed as well. Remove that or make sure you're calling the nessus-update-plugins script from 2.2.8. George -- [EMAIL PROTECTED] ------------------------------ _______________________________________________ Nessus mailing list [email protected] http://mail.nessus.org/mailman/listinfo/nessus End of Nessus Digest, Vol 37, Issue 18 ************************************** _______________________________________________ Nessus mailing list [email protected] http://mail.nessus.org/mailman/listinfo/nessus
