I tried to connect directly to the host with the same user I use for
Nessus and I get all the information regarding the different package
installed with dpkg -l.
But when I try to use the same user with Nessus, the report contains
only the "scanned" information. When I give Nessus a root account to log
on, the report contain all the information about the packages. So I
don't understand why!!
If it works locally with a non root account, it's supposed to work in
Nessus with the same account because it's the same command.
Regards
--
I am wondrering why a root account is needed to louch a local check.
It's not, as long as (1) you're only talking about basic patch audits
and (2) the target systems aren't locked down so hard that non-root
users can't query what's installed.
George
--
theall_at_tenablesecurity.com
--
I am wondrering why a root account is needed to louch a local check.
I've seen in the ss_get_info.nasl that the command used to list the
package is "dpkg -l" and as far as I know, this command doesn't need any
root permissions to be executed.
Regards
Julien
--------------------------------------------------------
Ce message et toutes les pieces jointes peuvent etre confidentiels, et, de
plus, peuvent etre couverts par un privilege ou une protection legale. Il est
etabli a l'intention exclusive de ses destinataires. Toute utilisation de ce
message non conforme a sa destination, toute diffusion ou toute publication,
totale ou partielle, est interdite, sauf autorisation expresse prealable.
Toutes opinions exprimees dans ce message, sont personnelles a leur auteur et
ne sauraient necessairement refleter celle de IXIS Corporate & Investment Bank,
de ses filiales ou de sa maison mere. Elles sont aussi susceptibles de
modification sans notification prealable. Tous droits reserves. Si vous recevez
ce message par erreur, merci de le detruire et d'en avertir immediatement
l'expediteur. Toute communication avec IXIS Corporate & Investment Bank peut
etre controlee, enregistree et conservee. IXIS Corporate & Investment Bank
decline toute responsabilite au titre de ce message s'il a ete altere, deforme
ou falsifie. Les communications sur Internet n'etant pas securisees, IXIS
Corporate & Investment Bank informe qu'il ne peut accepter aucune
responsabilite quant au contenu de ce message.
This email and any attachment may be confidential and may also be legally
privileged or otherwise protected from disclosure. It is intended only for the
stated addressee(s) and access to it by any other person(s) is unauthorised.
Any use, dissemination or disclosure not in accordance with its purpose, either
in whole or in part, is prohibited without our prior formal approval. Any
opinion expressed in this message may be personal to the author and may not
necessarily reflect the opinion of IXIS Corporate & Investment Bank, its
affiliates or parent company. It may also be subject to change without prior
notice. Copyright reserved. If you are not an addressee, you must not disclose,
copy, circulate or in any other way use or rely on the information contained in
this email. If you have received it in error, please inform us immediately and
delete all copies. Any communication made with IXIS Corporate & Investment Bank
(whether personal or business) may be monitored and a record kept. IXIS
Corporate & Investment Bank shall not be liable for the message if altered,
changed or falsified. As communication on the Internet is not secure, IXIS
Corporate & Investment Bank does not accept responsibility for the content of
this message. --------------------------------------------------------
_______________________________________________
Nessus mailing list
Nessus@list.nessus.org
http://mail.nessus.org/mailman/listinfo/nessus
