Please see my answers below. Thank you.
From: George A. Theall [mailto:theall@tenablesecurity.com]
To: nessus@list.nessus.org
Sent: Tue, 16 Jan 2007 17:38:58 -0700
Subject: Re: Scanning Win2k with Nessus
On Tue, Jan 16, 2007 at 03:53:23PM -0700, Beau Nuanes wrote:
> 1) Installed NessusClient and Nessus on a Fedora Core 6 machine.
Which versions specifically?
I am running 3.0.4 for Nessusd and 1.0.2 for NessusClient
> 2) Disabled "Safe Checks" and "Optimize the test" in NessusClient.
Disabling safe checks might lead to crashes -- I'd leave it on unless
you're operating in a lab or until you become more familiar with Nessus.
At this point I am running in a test environment. When I move to production, and after I have become more familiar with Nessus, I will definitely heed your advice and enable safe checks.
Are you enabling plugin dependencies when you run the scan?
Yes, dependencies at runtime are enabled. Silent dependencies are not.
> 4) Created a Nessus user on the win2k machines and gave him/her
> administrative privledges (I'll change this by editing the winreg key
> once I have this working)
Read Tenable's white paper on configuring Nessus for checks with
credentials:
http://www.nessus.org/documentation/nessus_credential_checks.pdf
and pay particular attention to the section on configuring a local
account and inheriting guest privileges.
This setting is not available on my targets, win2k machines. The user I created is in the Administrators group though, which I thought would be sufficient. Is there an equivalent Security option to the one referred to in nessus_credential_checks.pdf for win2k?
> My problem is that it appears that I am not attempting to authenticate
> at all. The Event viewer on the Win2k machines do not even show an
> attempted login. The "Local Checks Failed" plugin is active but does
> not give me anything in the report.
Since you mention "Local Checks Failed" plugin, I assume you have a
registered or direct plugin feed, right?
Yes, a registered feed.
What lines associated with that plugin (hostlevel_check_failed.nasl) do
you see in nessusd.messages? What port range are you using for your scans?
The only lines that I see in nessusd.messages associated with that plugin are:
Loading hostlevel_check_failed.nasl
Should I see more information in nessusd.messages? The port range that I am scanning is the default range. I have not edited nessus-services at all so it's the default range "out of the box".
George
--
theall@tenablesecurity.com
_______________________________________________
Nessus mailing list
Nessus@list.nessus.org
http://mail.nessus.org/mailman/listinfo/nessus
_______________________________________________
Nessus mailing list
Nessus@list.nessus.org
http://mail.nessus.org/mailman/listinfo/nessus
|