Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Nessus-Users
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

RE: SSH Credentials problem

from [John Scherff] Network Security [Permanent Link]
Subject: RE: SSH Credentials problem
Date: Sat, 20 Jan 2007 17:01:50 -0800 
Renaud, Nicolas,

 

Never mind, I figured it out.

 

You guys released a bunch of new Fedora Core 6 plugins over the past
week.  Those plugins call rpm_check (in rpm.inc) with the parameter
'release: FC6'.  Unfortunately, you forgot to test for 'release == FC6'
in rpm.inc.  I added that line, stopped nessusd, rebuilt
plugins-code.db, started nessusd, and re-ran the scan.  Problem solved. 

 

I trust you'll fix rpm.inc soon.  Those new fedora plugins were released
on Jan 17, which means they hit the registered feed on the 24th (Wed),
right?

 

John Scherff

 

________________________________

From: nessus-bounces@list.nessus.org
[mailto:nessus-bounces@list.nessus.org] On Behalf Of John Scherff
Sent: Saturday, January 20, 2007 1:05 PM
To: Renaud Deraison; Nicolas Pouvesle
Cc: Justin Kwong; Nessus List; Jesse Mauntel
Subject: RE: SSH Credentials problem

 

Renaud, Nicolas,

 

The problem persists. Below is a series of tests I performed along with
the results.  (All tests conducted with Nessus 3.0.5 for ES4.  The
problem also occurred under Nessus 3.0.4, prior to upgrading).

 

Note the additional (possibly related) problem that plugin 19506 does
not report correct plugin information after running
nessus-update-plugins unless the .db files are deleted from
/opt/nessus/var/nessus.

 

I'm willing to send you more sensitive information and files off-list on
your request.

 

========================================

 

TEST 1:

 

- Stopped nessusd

- Uninstalled Nessus

- Saved /opt/nessus/etc/nessus/nessus-fetch.rc

- Deleted the /opt/nessus and ~/.nessus directories

- Re-installed Nessus (Nessus-3.0.5-es4.i386.rpm)

- Restored /opt/nessus/etc/nessus/nessus-fetch.rc

- Re-created Nessus users

- Ran /opt/nessus/sbin/nessus-update-plugins (no errors)

- Started nessusd (no errors)

- Performed the scan (same NessusClient, target, configuration)

 

RESULTS 1:

 

- The 'find_service.nes ... could not be found' messages are gone

 

- Target host, a fully-patched RHEL4 system, still shows 12 missing
Fedora patches (plugins 24049, 24051, 24052, 24054, 24067, 24077, 24078,
24188, 24189, 24196, 24229, and 24231)

 

- Plugin 19506 ERRONEOUSLY reports 'Plugin feed version : 200701050232'
and 'Type of plugin feed : Release', even though plugin_feed_info.inc
shows 'PLUGIN_SET = 200701200615' and 'PLUGIN_FEED = Direct'

 

========================================

 

TEST 2:

 

- Stopped nessusd

- Removed .db files from /opt/nessus/var/nessus

- Started nessusd

- Performed the scan (same NessusClient, target, configuration)

 

RESULTS 2:

 

- Target host still shows the same 12 missing Fedora patches

 

- Plugin 19506 now CORRECTLY reports 'Plugin feed version :
200701200615' and 'Type of plugin feed : Direct'

 

========================================

 

TEST 3:

 

- Installed Nessus on a 'clean' server

- Did not register or run nessus-update-plugins

- Created nessus users

- Started nessusd

- Performed the scan (same NessusClient, target, configuration)

 

RESULTS 3:

 

- No errors. Target host shows no missing patches

 

- Plugin 19506 CORRECTLY reports 'Plugin feed version : 200701050232'
and 'Type of plugin feed : Release'

 

========================================

 

TEST 4:

 

- Stopped nessusd on 'clean' server

- Registered Nessus (CE9D-50F1-F4F3-9862-1868)

- Running 'nessus-fetch --register' retrieved newest plugin set

- Started nessusd

- Performed the scan (same NessusClient, target, configuration)

 

RESULTS 4:

 

- No errors. Target host shows no missing patches

 

- Plugin 19506 ERRONEOUSLY still reports 'Plugin feed version :
200701050232' and 'Type of plugin feed : Release', even though
plugin_feed_info.inc shows 'PLUGIN_SET = 200701200615' and 'PLUGIN_FEED
= Registered (7 days delay)'

 

========================================

 

TEST 5:

 

- Stopped nessusd on 'clean' server

- Removed .db files from /opt/nessus/var/nessus

- Started nessusd

- Performed the scan (same NessusClient, target, configuration)

 

RESULTS 5:

 

- No errors. Target host shows no missing patches

 

- Plugin 19506 now CORRECTLY reports 'Plugin feed version :
200701200615' and 'Type of plugin feed : Registered (7 days delay)'

 

========================================

 

- John Scherff

 

 

 

 

-----Original Message-----
From: nessus-bounces@list.nessus.org
[mailto:nessus-bounces@list.nessus.org] On Behalf Of Renaud Deraison
Sent: Saturday, January 20, 2007 7:34 AM
To: Nessus List
Subject: Re: SSH Credentials problem

 

 

On Jan 20, 2007, at 12:06 PM, John Scherff wrote:

 


Follow-up (see below): I see a large number of "<service> depends  



on find_service.nes which could not be found" in the  



nessusd.messages log file.  I do not see this same error when  



scanning from a freshly-installed server.  I see it only on the  



'direct-feed' server.


 

It seems like you've done a "rm /opt/nessus/lib/nessus/plugins/*"  

which you really, really don't want to do.

 

Re-install Nessus to fix this.

 

 

                        --
Renaud_______________________________________________

Nessus mailing list

Nessus@list.nessus.org

http://mail.nessus.org/mailman/listinfo/nessus


_______________________________________________
Nessus mailing list
Nessus@list.nessus.org
http://mail.nessus.org/mailman/listinfo/nessus
[More messages with this same subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  RE: SSH Credentials problem, John Scherff
Next by Date:  RE: SSH Credentials problem, John Scherff
Previous by Thread:  RE: SSH Credentials problem, John Scherff
Next by Thread:  RE: SSH Credentials problem, John Scherff
Indexes:  [Date] [Thread] [Top] [All Lists]