Please see my answers below. Thank you.
_____
From: George A. Theall [mailto:[EMAIL PROTECTED]
To: [email protected]
Sent: Tue, 16 Jan 2007 17:38:58 -0700
Subject: Re: Scanning Win2k with Nessus
On Tue, Jan 16, 2007 at 03:53:23PM -0700, Beau Nuanes wrote:
> 1) Installed NessusClient and Nessus on a Fedora Core 6 machine.
Which versions specifically?I am running 3.0.4 for Nessusd and 1.0.2 for
NessusClient
> 2) Disabled "Safe Checks" and "Optimize the test" in NessusClient.
Disabling safe checks might lead to crashes -- I'd leave it on unless
you're operating in a lab or until you become more familiar with Nessus.At
this point I am running in a test environment. When I move to production, and
after I have become more familiar with Nessus, I will definitely heed your
advice and enable safe checks.
Are you enabling plugin dependencies when you run the scan?Yes, dependencies
at runtime are enabled. Silent dependencies are not.
> 4) Created a Nessus user on the win2k machines and gave him/her
> administrative privledges (I'll change this by editing the winreg key
> once I have this working)
Read Tenable's white paper on configuring Nessus for checks with
credentials:
http://www.nessus.org/documentation/nessus_credential_checks.pdf
and pay particular attention to the section on configuring a local
account and inheriting guest privileges.This setting is not available on my
targets, win2k machines. The user I created is in the Administrators group
though, which I thought would be sufficient. Is there an equivalent Security
option to the one referred to in nessus_credential_checks.pdf for win2k?
> My problem is that it appears that I am not attempting to authenticate
> at all. The Event viewer on the Win2k machines do not even show an
> attempted login. The "Local Checks Failed" plugin is active but does
> not give me anything in the report.
Since you mention "Local Checks Failed" plugin, I assume you have a
registered or direct plugin feed, right?Yes, a registered feed.
What lines associated with that plugin (hostlevel_check_failed.nasl) do
you see in nessusd.messages? What port range are you using for your scans?The
only lines that I see in nessusd.messages associated with that plugin are:
Loading hostlevel_check_failed.nasl
Should I see more information in nessusd.messages? The port range that I am
scanning is the default range. I have not edited nessus-services at all so
it's the default range "out of the box".
George
--
[EMAIL PROTECTED]
_______________________________________________
Nessus mailing list
[email protected]
http://mail.nessus.org/mailman/listinfo/nessus
_______________________________________________
Nessus mailing list
[email protected]
http://mail.nessus.org/mailman/listinfo/nessus
