Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Nessus-Users
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: Nessus 2.1.3 released

from [Davide Messana] Network Security [Permanent Link]
Subject: Re: Nessus 2.1.3 released
Date: Mon, 20 Sep 2004 16:43:17 +0200 
Hallo everybody!

I played a little with Nessus 2.1.3 since I am very interested in the local security checks feature.
I installed Nessus on a Linux Mandrake 10.0 machine, and used it to scan another Mandrake 10.0 system.

After a few tests, I noticed that the ssh_get_info.nasl plugin wouldn't work when netstat scanner was enabled. I investigated the matter a bit, and I found that the problem seems to lie with the shared socket secret/ssh/socket, which is not released by the netstat scanner plugin. If I disable netstat scanner, ssh_get_info.nasl is able to acquire the shared socket (but it too seems to forget to release it!).

Here's the relevant info taken from nessusd.messages:

with netstat scanner enabled:
...
[Mon Sep 20 15:40:32 2004][23672] launching netstat_portscan.nasl [23676]
[Mon Sep 20 15:40:32 2004][23672] shared_socket: Process 23676 creates a socket - Secret/SSH/socket
[Mon Sep 20 15:40:33 2004][23672] netstat_portscan.nasl (process 23676) finished its job in 0.609 seconds
[Mon Sep 20 15:40:33 2004][23672] shared_socket: Process 23676 forgot to release a shared socket!
...
[Mon Sep 20 15:41:18 2004][23672] launching ssh_get_info.nasl [24075]
[Mon Sep 20 15:41:18 2004][23672] shared_socket: Secret/SSH/socket now locked by 24075
[Mon Sep 20 15:41:18 2004][23672] Process 24075 seems to have died too early
[Mon Sep 20 15:41:18 2004][23672] ssh_get_info.nasl (process 24075) finished its job in 0.071 seconds
[Mon Sep 20 15:41:18 2004][23672] shared_socket: Process 24075 forgot to release a shared socket!


with netstat scanner disabled:
...
[Mon Sep 20 15:36:59 2004][22924] launching ssh_get_info.nasl [23326]
[Mon Sep 20 15:36:59 2004][22924] shared_socket: Process 23326 creates a socket - Secret/SSH/socket
[Mon Sep 20 15:37:05 2004][22924] ssh_get_info.nasl (process 23326) finished its job in 5.505 seconds
[Mon Sep 20 15:37:05 2004][22924] shared_socket: Process 23326 forgot to release a shared socket!

I guess the process creating the "shared" socket won't release it...

The command nessusd -d outputs:

This is Nessus 2.1.3 for Linux 2.6.3-7mdk
compiled with gcc version 3.3.2 (Mandrake Linux 10.0 3.3.2-6mdk)
Current setup :
        nasl                           : 2.1.3
        libnessus                      : 2.1.3
        SSL support                    : enabled
        SSL is used for client / server communication
        Running as euid                : 0


Include these infos in your bug reports

Otherwise, Nessus 2.1.3 seems to work much better than the previous experimental release! Good work! ;-)

Has anybody else experienced the same problem or it's just my box playing tricks?

Hope it helps,

Davide


At 20.45 17/09/2004, Renaud Deraison wrote:

I am pleased to announce the availability of Nessus 2.1.3.

Nessus 2.1.3 has now been upgraded to the 'beta' status, if this release goes
well bug-wise, I'll probably release Nessus 2.2.0 (officially stable)
in a week or two - so please test it extensively and let me know your results.

As you probably already know, Nessus 2.1 gives to Nessus the ability to
perform local security checks against remote hosts over SSH, provided you
give it a key pair and a username to log into the remote servers.

Local security checks can be done against the following platforms:

- AIX
- Fedora
- FreeBSD
- Gentoo
- MacOS X
- Mandrake
- Red Hat Enterprise Linux
- Solaris
- SuSE Linux
- Microsoft Windows


Please read <http://www.nessus.org/doc/nessus_ssh_local.html> for more details.


On a more technical side, Nessus 2.1.x sports a complete rewrite of the
way the processes communicate between each other, thus making several
nessusd processes less CPU intensive and paving the way for more collaboration
between scripts. It also introduces the concept of "trusted nasl scripts",
a small set of scripts which can execute local commands or store KB data
in a separate location. The NASL language has also been extended with
new functions and some syntax changes that we'll probably use over time.



At this point, I consider Nessus 2.1.3 as being stable and bug-free, and
I'm releasing it to confirm my assumption. If you can test it, please
report :

- If the package compiles at all on your system
- If you can get the SSH plugins to log into remote hosts
- If you feel that nessusd is faster or slower than Nessus 2.0.x
- If you feel that nessusd is using more or less CPU than Nessus 2.0.x

Nessus 2.1.3 is available at :

        http://ftp.nessus.org/nessus/src/nessus-2.1.3/



Thanks,
                                -- Renaud
_______________________________________________
Nessus mailing list
Nessus@list.nessus.org
http://mail.nessus.org/mailman/listinfo/nessus

_______________________________________________
Nessus mailing list
Nessus@list.nessus.org
http://mail.nessus.org/mailman/listinfo/nessus
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  RE: Nessus 2.1.3 released, Stefaan Van Dooren
Next by Date:  Re: Nessus 2.1.3 released, Michel Arboi
Previous by Thread:  RE: Nessus 2.1.3 released, Stefaan Van Dooren
Next by Thread:  Re: Nessus 2.1.3 released, Michel Arboi
Indexes:  [Date] [Thread] [Top] [All Lists]