RE: SSH Credentials problem

["John Scherff" <JScherff@24hourfit.com>]

Renaud, Nicolas,

 

Ditto for the rpm_exists function in rpm.inc, except that one needs both FC5 and FC6… and unless I’m missing something, CentOS-3 and CentOS-4, too.

 

John Scherff

 

---

From: nessus-bounces@list.nessus.org [mailto:nessus-bounces@list.nessus.org] On Behalf Of John Scherff
Sent: Saturday, January 20, 2007 5:02 PM
To: Renaud Deraison; Nicolas Pouvesle
Cc: Justin Kwong; Nessus List; Jesse Mauntel
Subject: RE: SSH Credentials problem

 

Renaud, Nicolas,

 

Never mind, I figured it out.

 

You guys released a bunch of new Fedora Core 6 plugins over the past week.  Those plugins call rpm_check (in rpm.inc) with the parameter ‘release: FC6’.  Unfortunately, you forgot to test for ‘release == FC6’ in rpm.inc.  I added that line, stopped nessusd, rebuilt plugins-code.db, started nessusd, and re-ran the scan.  Problem solved.

 

I trust you’ll fix rpm.inc soon.  Those new fedora plugins were released on Jan 17, which means they hit the registered feed on the 24^th (Wed), right?

 

John Scherff

 

---

From: nessus-bounces@list.nessus.org [mailto:nessus-bounces@list.nessus.org] On Behalf Of John Scherff
Sent: Saturday, January 20, 2007 1:05 PM
To: Renaud Deraison; Nicolas Pouvesle
Cc: Justin Kwong; Nessus List; Jesse Mauntel
Subject: RE: SSH Credentials problem

 

Renaud, Nicolas,

 

The problem persists. Below is a series of tests I performed along with the results.  (All tests conducted with Nessus 3.0.5 for ES4.  The problem also occurred under Nessus 3.0.4, prior to upgrading).

 

Note the additional (possibly related) problem that plugin 19506 does not report correct plugin information after running nessus-update-plugins unless the .db files are deleted from /opt/nessus/var/nessus.

 

I'm willing to send you more sensitive information and files off-list on your request.

 

========================================

 

TEST 1:

 

- Stopped nessusd

- Uninstalled Nessus

- Saved /opt/nessus/etc/nessus/nessus-fetch.rc

- Deleted the /opt/nessus and ~/.nessus directories

- Re-installed Nessus (Nessus-3.0.5-es4.i386.rpm)

- Restored /opt/nessus/etc/nessus/nessus-fetch.rc

- Re-created Nessus users

- Ran /opt/nessus/sbin/nessus-update-plugins (no errors)

- Started nessusd (no errors)

- Performed the scan (same NessusClient, target, configuration)

 

RESULTS 1:

 

- The 'find_service.nes ... could not be found' messages are gone

 

- Target host, a fully-patched RHEL4 system, still shows 12 missing Fedora patches (plugins 24049, 24051, 24052, 24054, 24067, 24077, 24078, 24188, 24189, 24196, 24229, and 24231)

 

- Plugin 19506 ERRONEOUSLY reports 'Plugin feed version : 200701050232' and 'Type of plugin feed : Release', even though plugin_feed_info.inc shows 'PLUGIN_SET = 200701200615' and 'PLUGIN_FEED = Direct'

 

========================================

 

TEST 2:

 

- Stopped nessusd

- Removed .db files from /opt/nessus/var/nessus

- Started nessusd

- Performed the scan (same NessusClient, target, configuration)

 

RESULTS 2:

 

- Target host still shows the same 12 missing Fedora patches

 

- Plugin 19506 now CORRECTLY reports 'Plugin feed version : 200701200615' and 'Type of plugin feed : Direct'

 

========================================

 

TEST 3:

 

- Installed Nessus on a 'clean' server

- Did not register or run nessus-update-plugins

- Created nessus users

- Started nessusd

- Performed the scan (same NessusClient, target, configuration)

 

RESULTS 3:

 

- No errors. Target host shows no missing patches

 

- Plugin 19506 CORRECTLY reports 'Plugin feed version : 200701050232' and 'Type of plugin feed : Release'

 

========================================

 

TEST 4:

 

- Stopped nessusd on 'clean' server

- Registered Nessus (CE9D-50F1-F4F3-9862-1868)

- Running 'nessus-fetch --register' retrieved newest plugin set

- Started nessusd

- Performed the scan (same NessusClient, target, configuration)

 

RESULTS 4:

 

- No errors. Target host shows no missing patches

 

- Plugin 19506 ERRONEOUSLY still reports 'Plugin feed version : 200701050232' and 'Type of plugin feed : Release', even though plugin_feed_info.inc shows 'PLUGIN_SET = 200701200615' and 'PLUGIN_FEED = Registered (7 days delay)'

 

========================================

 

TEST 5:

 

- Stopped nessusd on 'clean' server

- Removed .db files from /opt/nessus/var/nessus

- Started nessusd

- Performed the scan (same NessusClient, target, configuration)

 

RESULTS 5:

 

- No errors. Target host shows no missing patches

 

- Plugin 19506 now CORRECTLY reports 'Plugin feed version : 200701200615' and 'Type of plugin feed : Registered (7 days delay)'

 

========================================

 

- John Scherff

 

 

 

 

-----Original Message-----
From: nessus-bounces@list.nessus.org [mailto:nessus-bounces@list.nessus.org] On Behalf Of Renaud Deraison
Sent: Saturday, January 20, 2007 7:34 AM
To: Nessus List
Subject: Re: SSH Credentials problem

 

 

On Jan 20, 2007, at 12:06 PM, John Scherff wrote:

 

> Follow-up (see below): I see a large number of “<service> depends 

> on find_service.nes which could not be found” in the 

> nessusd.messages log file.  I do not see this same error when 

> scanning from a freshly-installed server.  I see it only on the 

> ‘direct-feed’ server.

 

It seems like you've done a "rm /opt/nessus/lib/nessus/plugins/*" 

which you really, really don't want to do.

 

Re-install Nessus to fix this.

 

 

                        -- Renaud_______________________________________________

Nessus mailing list

Nessus@list.nessus.org

http://mail.nessus.org/mailman/listinfo/nessus

_______________________________________________
Nessus mailing list
Nessus@list.nessus.org
http://mail.nessus.org/mailman/listinfo/nessus