Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Nessus-Users
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: Changing your nessus password

from [George A. Theall] Network Security [Permanent Link]
Subject: Re: Changing your nessus password
Date: Tue, 24 May 2005 17:10:57 -0400 
On Tue, May 24, 2005 at 09:47:37AM -0600, Anna Grace Zapata
wrote:


Can someone tell me if it is possible to change your
nessus password?  If so, how do I go about that?


Assuming you're using password-based authentication, then a
user's password is stored under his/her auth directory, in a
file named either 'password' or 'hash'. If nessus-adduser
can't find a way to calculate MD5 message digests when
creating an account, it stores the password as plaintext in
the file 'password'. All you'd need to do in such cases is
edit it and replace the password with a new one in
plaintext. 

More than likely, though, it's "encrypted" and stored in the
file 'hash'. If so, there's no straightforward way to change
it. Michel Arboi did publish a Perl daemon to handle this.
If you have a need to change passwords periodically, you
might consider setting it up, although understand it's not
part of Nessus per se so you're pretty much unsupported with
it. You'll find it here:

 
http://cvsweb.nessus.org/cgi-bin/viewcvs.cgi/nessus-tools/nessus-chpw.pl

Oh, and if instead you're using certificate-based
authentication, then the password's tied to your private key
and you'll need to change it with OpenSSL or something like
that.

George

--
theall@tenablesecurity.com
_______________________________________________
Nessus mailing list
Nessus@list.nessus.org
http://mail.nessus.org/mailman/listinfo/nessus
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  RE: Problems with registration feed plugins, George A. Theall
Next by Date:  Re: Called name not present error, Brent Deterding
Previous by Thread:  Re: Changing your nessus password, Michel Arboi
Next by Thread:  how to edit the html report from nix client, Jason Humes
Indexes:  [Date] [Thread] [Top] [All Lists]