Renaud, Nicolas,
The problem persists. Below is a series of tests I performed along with
the results. (All tests conducted with Nessus 3.0.5 for ES4. The
problem also occurred under Nessus 3.0.4, prior to upgrading).
Note the additional (possibly related) problem that plugin 19506 does
not report correct plugin information after running nessus-update-plugins unless
the .db files are deleted from /opt/nessus/var/nessus.
I'm willing to send you more sensitive information and files off-list
on your request.
========================================
TEST 1:
- Stopped nessusd
- Uninstalled Nessus
- Saved /opt/nessus/etc/nessus/nessus-fetch.rc
- Deleted the /opt/nessus and ~/.nessus directories
- Re-installed Nessus (Nessus-3.0.5-es4.i386.rpm)
- Restored /opt/nessus/etc/nessus/nessus-fetch.rc
- Re-created Nessus users
- Ran /opt/nessus/sbin/nessus-update-plugins (no errors)
- Started nessusd (no errors)
- Performed the scan (same NessusClient, target, configuration)
RESULTS 1:
- The 'find_service.nes ... could not be found' messages are gone
- Target host, a fully-patched RHEL4 system, still shows 12 missing
Fedora patches (plugins 24049, 24051, 24052, 24054, 24067, 24077, 24078, 24188,
24189, 24196, 24229, and 24231)
- Plugin 19506 ERRONEOUSLY reports 'Plugin feed version : 200701050232'
and 'Type of plugin feed : Release', even though plugin_feed_info.inc shows 'PLUGIN_SET
= 200701200615' and 'PLUGIN_FEED = Direct'
========================================
TEST 2:
- Stopped nessusd
- Removed .db files from /opt/nessus/var/nessus
- Started nessusd
- Performed the scan (same NessusClient, target, configuration)
RESULTS 2:
- Target host still shows the same 12 missing Fedora patches
- Plugin 19506 now CORRECTLY reports 'Plugin feed version :
200701200615' and 'Type of plugin feed : Direct'
========================================
TEST 3:
- Installed Nessus on a 'clean' server
- Did not register or run nessus-update-plugins
- Created nessus users
- Started nessusd
- Performed the scan (same NessusClient, target, configuration)
RESULTS 3:
- No errors. Target host shows no missing patches
- Plugin 19506 CORRECTLY reports 'Plugin feed version : 200701050232'
and 'Type of plugin feed : Release'
========================================
TEST 4:
- Stopped nessusd on 'clean' server
- Registered Nessus (CE9D-50F1-F4F3-9862-1868)
- Running 'nessus-fetch --register' retrieved newest plugin set
- Started nessusd
- Performed the scan (same NessusClient, target, configuration)
RESULTS 4:
- No errors. Target host shows no missing patches
- Plugin 19506 ERRONEOUSLY still reports 'Plugin feed version :
200701050232' and 'Type of plugin feed : Release', even though
plugin_feed_info.inc shows 'PLUGIN_SET = 200701200615' and 'PLUGIN_FEED = Registered
(7 days delay)'
========================================
TEST 5:
- Stopped nessusd on 'clean' server
- Removed .db files from /opt/nessus/var/nessus
- Started nessusd
- Performed the scan (same NessusClient, target, configuration)
RESULTS 5:
- No errors. Target host shows no missing patches
- Plugin 19506 now CORRECTLY reports 'Plugin feed version :
200701200615' and 'Type of plugin feed : Registered (7 days delay)'
========================================
- John Scherff
-----Original Message-----
From: nessus-bounces@list.nessus.org [mailto:nessus-bounces@list.nessus.org] On
Behalf Of Renaud Deraison
Sent: Saturday, January 20, 2007 7:34 AM
To: Nessus List
Subject: Re: SSH Credentials problem
On Jan 20, 2007, at 12:06 PM, John Scherff
wrote:
> Follow-up (see below): I see a large number of
“<service> depends
> on find_service.nes which could not be found” in the
> nessusd.messages log file. I do not see this same error
when
> scanning from a freshly-installed server. I see it only on
the
> ‘direct-feed’ server.
It seems like you've done a "rm /opt/nessus/lib/nessus/plugins/*"
which you really, really don't want to do.
Re-install Nessus to fix this.
--
Renaud_______________________________________________
Nessus mailing list
Nessus@list.nessus.org
http://mail.nessus.org/mailman/listinfo/nessus