Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Nessus-Users
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: Need more details about Nessus to perform local security checks on t

from [Tom Lapp] Network Security [Permanent Link]
Subject: Re: Need more details about Nessus to perform local security checks on top of SSH
Date: Sat, 29 Jan 2005 14:57:44 -0500 
ssh listening on 22

results||xx.xx.xx.xx|general/tcp|12634|Security Note|\nThe output of
"uname -a" is :\nLinux hostname 2.6.2 #1 SMP Sun Feb 15 21:46:14 UTC
2004 i686 Pentium III (Coppermine) GenuineIntel GNU/Linux\n\nLocal
security checks have been enabled for this host.\n

Thanks

tom


On Sat, 29 Jan 2005 14:29:17 -0500, Nicolas Pouvesle
<npouvesle@tenablesecurity.com> wrote:

verbose mode increases (debug) informations the report will give you not
the log files.

So with verbose level, what is the result of ssh_get_info.nasl in the
report (plugin id : 12634) ?
And on what port your ssh server is listenning ?


Nicolas


Tom Lapp wrote:

George,
    I have dependencies enabled.  Here is some output (log level
verbose).  All of the 200+ GLSA checks report the same error.  Thanks.

[Sat Jan 29 13:44:05 2005][18630] user nessus : session will be saved
as /var/lib/nessus/users/nessus/sessions/20050129-134405-index
[Sat Jan 29 13:44:13 2005][18630] user nessus starts a new attack.
Target(s) : xx.xx.xx.xx, with max_hosts = 16 and max_checks = 10
[Sat Jan 29 13:44:14 2005][18630] user nessus : testing xx.xx.xx.xx
(xx.xx.xx.xx) [18640]
[Sat Jan 29 13:44:14 2005][18640] user nessus : new KB will be saved
as /var/lib/nessus/users/nessus/kbs/xx.xx.xx.xx
[Sat Jan 29 13:44:14 2005][18640] user nessus : launching
ssh_settings.nasl against xx.xx.xx.xx [18641]
[Sat Jan 29 13:44:14 2005][18640] ssh_settings.nasl (process 18641)
finished its job in 0.239 seconds
[Sat Jan 29 13:44:14 2005][18640] user nessus : launching
find_service.nes against xx.xx.xx.xx [18642]
[Sat Jan 29 13:44:14 2005][18640] find_service.nes (process 18642)
finished its job in 0.172 seconds
[Sat Jan 29 13:44:14 2005][18640] user nessus : launching
ssh_get_info.nasl against xx.xx.xx.xx [18643]
[Sat Jan 29 13:44:15 2005][18640] ssh_get_info.nasl (process 18643)
finished its job in 0.579 seconds
[Sat Jan 29 13:44:15 2005][18640] user nessus : Not launching
gentoo_GLSA-200410-26.nasl against xx.xx.xx.xx because the key
Host/Gentoo/qpkg-l
ist is missing (this is not an error)
[Sat Jan 29 13:44:15 2005][18640] user nessus : Not launching
gentoo_GLSA-200406-01.nasl against xx.xx.xx.xx because the key
Host/Gentoo/qpkg-l
ist is missing (this is not an error)
[Sat Jan 29 13:44:15 2005][18640] user nessus : Not launching
gentoo_GLSA-200402-01.nasl against xx.xx.xx.xx because the key
Host/Gentoo/qpkg-l
ist is missing (this is not an error)
[Sat Jan 29 13:44:15 2005][18640] user nessus : Not launching
gentoo_GLSA-200404-01.nasl against xx.xx.xx.xx because the key
Host/Gentoo/qpkg-l
ist is missing (this is not an error)
[Sat Jan 29 13:44:15 2005][18640] user nessus : Not launching
gentoo_GLSA-200407-12.nasl against xx.xx.xx.xx because the key
Host/Gentoo/qpkg-l
ist is missing (this is not an error)
[Sat Jan 29 13:44:15 2005][18640] user nessus : Not launching
gentoo_GLSA-200408-17.nasl against xx.xx.xx.xx because the key
Host/Gentoo/qpkg-l
ist is missing (this is not an error)
[Sat Jan 29 13:44:15 2005][18640] user nessus : Not launching
gentoo_GLSA-200408-19.nasl against xx.xx.xx.xx because the key
Host/Gentoo/qpkg-l
ist is missing (this is not an error)



On Sat, 29 Jan 2005 12:31:19 -0500, George Theall <theall@tifaware.com> 
wrote:


On Sat, Jan 29, 2005 at 12:07:32PM -0500, Tom Lapp wrote:



I am recieving the following error when scanning a gentoo box with
GLSA plugins.  I'm not sure what I am missing.  I have
gentoolkit-0.2.0_pre8-r1 installed.


Have you explicitly enabled plugin #12634 (ssh_get_info.nasl) or at
least enabled dependencies when running the scan? If so, what does it
report?

By the way, gentoolkit isn't used for local security checks. Instead,
ssh_get_info.nasl merely do


es a find on /var/db/pkg; ie, it runs


'find /var/db/pkg/ -mindepth 2 -maxdepth 2 -printf "%P\n"'.

George
--
theall@tifaware.com


_______________________________________________
Nessus mailing list
Nessus@list.nessus.org
http://mail.nessus.org/mailman/listinfo/nessus





_______________________________________________
Nessus mailing list
Nessus@list.nessus.org
http://mail.nessus.org/mailman/listinfo/nessus


_______________________________________________
Nessus mailing list
Nessus@list.nessus.org
http://mail.nessus.org/mailman/listinfo/nessus


_______________________________________________
Nessus mailing list
Nessus@list.nessus.org
http://mail.nessus.org/mailman/listinfo/nessus
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  ping before scan of the host, chmod077
Next by Date:  Re: Need more details about Nessus to perform local security checks on top of SSH, Nicolas Pouvesle
Previous by Thread:  Re: Need more details about Nessus to perform local security checks on top of SSH, Nicolas Pouvesle
Next by Thread:  Re: Need more details about Nessus to perform local security checks on top of SSH, Nicolas Pouvesle
Indexes:  [Date] [Thread] [Top] [All Lists]