hi george,
here's what the process table looks like when nessus appears to hang:
vishnu> ps -ef | grep nessus
root 24885 1 0 00:35 ? 00:00:00 nessusd: waiting for
incoming connections
root 31753 24885 2 10:26 ? 00:00:02 nessusd: serving
140.107.74.124
root 31801 31753 0 10:31 ? 00:00:00 nessusd: testing
hitchcock.fhcrc.org
root 31805 31801 0 10:31 ? 00:00:00 nessusd: testing
hitchcock.fhcrc.org (/opt/vdops/lib/nessus/plugins/nmap.nasl)
vishnu>
yes, log_whole_attack is set to 'yes' in nessud.conf ...
vishnu:/opt/vdops/etc/nessus # grep log_whole_attack nessusd.conf
log_whole_attack = yes
vishnu:/opt/vdops/etc/nessus #
however, vishnu:/opt/vdops/var/nessus/logs/nessusd.dump and
nessusd.messages are empty ...
i've redirected logging to syslog:
vishnu:/opt/vdops/etc/nessus # grep logfile nessusd.conf
logfile = syslog
vishnu:/opt/vdops/etc/nessus #
and my original post contained everything related to 'nessus' in syslog
... not much to see ...
so you run on a linux 2.6 kernel, and so does kristopher karas ... that
suggests that this issue is peculiar to my installation, not to 2.6 in
general.
i just tried doing a scan with NessusWX ... after letting it 'hang' for
~10 minutes, i stopped it, and the client survived the experience ...
though the related processes in the process table didn't die ... i'm going
to stop/start nessusd to do that ...
vishnu> ps -ef | grep nessus
root 24885 1 0 00:35 ? 00:00:00 nessusd: waiting for
incoming connections
root 31753 24885 0 10:26 ? 00:00:02 nessusd: serving
140.107.74.124
root 31801 31753 0 10:31 ? 00:00:00 nessusd: testing
hitchcock.fhcrc.org
root 31805 31801 0 10:31 ? 00:00:00 nessusd: testing
hitchcock.fhcrc.org (/opt/vdops/lib/nessus/plugins/nmap.nasl)
skendric 31887 30392 0 10:47 pts/7 00:00:00 grep nessus
vishnu>
here is the report:
NESSUS SECURITY SCAN REPORT
Created 13.10.2004 Sorted by host names
Session Name : Hitchcock
Start Time : 13.10.2004 10:28:06
Finish Time : 00.00.0000 00:00:00
Elapsed Time : 5103 day(s) 65517:65517:65533
Plugins used in this scan:
Id Name
----------------------------------------------------------------------------
Preferences settings for this scan:
max_hosts = 16
max_checks = 10
log_whole_attack = yes
cgi_path = /cgi-bin
port_range = 1-65535
optimize_test = yes
language = english
checks_read_timeout = 5
non_simult_ports = 139, 445
plugins_timeout = 320
safe_checks = no
auto_enable_dependencies = yes
use_mac_addr = no
save_knowledge_base = no
kb_restore = no
only_test_hosts_whose_kb_we_dont_have = no
only_test_hosts_whose_kb_we_have = no
kb_dont_replay_scanners = no
kb_dont_replay_info_gathering = no
kb_dont_replay_attacks = no
kb_dont_replay_denials = no
kb_max_age = 864000
plugin_upload = no
plugin_upload_suffixes = .nasl, .inc
slice_network_addresses = no
ntp_save_sessions = yes
ntp_detached_sessions = yes
server_info_nessusd_version = 2.1.3
server_info_libnasl_version = 2.1.3
server_info_libnessus_version = 2.1.3
server_info_thread_manager = fork
server_info_os = Linux
server_info_os_version = 2.6.5-7.108-default
reverse_lookup = no
ntp_keep_communication_alive = yes
ntp_opt_show_end = yes
save_session = no
detached_scan = no
continuous_scan = no
Total security holes found : 0
high severity : 0
low severity : 0
informational : 0
Scanned hosts:
Name High Low Info
------------------------------------------------
hitchcock.fhcrc.org 0 0 0
--sk
stuart kendrick
fhcrc
From: George Theall <theall@tifaware.com>
Subject: Re: linux 2.6 / hangs
To: nessus@list.nessus.org
Message-ID: <20041013140759.GB32120@tifaware.com>
Content-Type: text/plain; charset="us-ascii"
I am, albeit compiling everything from source on a Red Hat 9 platform.
Is log_whole_attack is set to "yes" in nessusd.conf? If not, would you
mind making the change, restarting nessusd, launching an attack again,
and posting the results?
Also, when nessusd appears to hang, what nessus / nmap related processes
are active on the server?
George
_______________________________________________
Nessus mailing list
Nessus@list.nessus.org
http://mail.nessus.org/mailman/listinfo/nessus
