From owner-freebsd-ports Wed Oct 3 19:43: 4 2001 Delivered-To: freebsd-ports@freebsd.org Received: from digger1.defence.gov.au (digger1.defence.gov.au [203.5.217.4]) by hub.freebsd.org (Postfix) with ESMTP id 4EF4C37B401; Wed, 3 Oct 2001 19:42:56 -0700 (PDT) Received: from dsto-ms2.dsto.defence.gov.au (dsto-ms2.dsto.defence.gov.au [131.185.2.150]) by digger1.defence.gov.au (8.10.1/8.10.1) with ESMTP id f942gI818166; Thu, 4 Oct 2001 12:12:18 +0930 (CST) Received: from muttley.dsto.defence.gov.au (unverified) by dsto-ms2.dsto.defence.gov.au (Content Technologies SMTPRS 4.1.5) with ESMTP id ; Thu, 4 Oct 2001 12:10:42 +0930 Received: from salex001.dsto.defence.gov.au (salex001.dsto.defence.gov.au [131.185.2.9]) by muttley.dsto.defence.gov.au (8.9.3/8.9.3/8.9.3.LMD.990513) with ESMTP id MAA18331; Thu, 4 Oct 2001 12:07:22 +0930 (CST) Received: from fang.dsto.defence.gov.au ([131.185.2.5]) by salex001.dsto.defence.gov.au with SMTP (Microsoft Exchange Internet Mail Service Version 5.5.2653.13) id 4AVVR48Q; Thu, 4 Oct 2001 12:07:18 +0930 Received: from dsto.defence.gov.au (fuzz.dsto.defence.gov.au [131.185.75.229]) by fang.dsto.defence.gov.au (8.9.3/8.9.3/8.9.3.LMD.990513) with ESMTP id MAA17117; Thu, 4 Oct 2001 12:07:22 +0930 (CST) Message-ID: <3BBBCB63.9840B269@dsto.defence.gov.au> Date: Thu, 04 Oct 2001 12:07:23 +0930 From: "Thyer, Matthew" X-Mailer: Mozilla 4.76 [en] (X11; U; FreeBSD 5.0-CURRENT i386) X-Accept-Language: en MIME-Version: 1.0 To: olgeni@freebsd.org Cc: ports@freebsd.org Subject: ports/security/nessus-devel ? Content-Type: multipart/mixed; boundary="------------00D3BD59DD4FB37497CC4843" Sender: owner-freebsd-ports@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org This is a multi-part message in MIME format. --------------00D3BD59DD4FB37497CC4843 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Nessus comes in two streams, the stable 1.0.X (currently 1.0.9) and the development 1.1.X (currently 1.1.3) which will evolve into the 1.2 major release when debugged. The ports collection has 1.0.9 in ports/security/nessus. The developer wants a lot more people to test/debug the 1.1 stream and 1.1 has some neat attributes such as: - much faster - supports SSL - has experimental features of 1.0.X enabled by default - has a safe check option Would you consider making ports/security/nessus-devel (downside being it could change weekly or fortnightly) ? Please find attached the release notes from Renaud Deraison re: the 1.0.9 and 1.1.3 releases. -- Matthew Thyer Phone: +61 8 8259 7249 Science Corporate Information Systems Fax: +61 8 8259 5537 Defence Science and Technology Organisation, Edinburgh PO Box 1500 Edinburgh South Australia 5111 IMPORTANT: This email remains the property of the Australian Defence Organisation and is subject to the jurisdiction of section 70 of the CRIMES ACT 1914. If you have received this email in error, you are requested to contact the sender and delete the email. --------------00D3BD59DD4FB37497CC4843 Content-Type: text/plain; charset=us-ascii; name="nessus.txt" Content-Transfer-Encoding: 7bit Content-Disposition: inline; filename="nessus.txt" I'm glad to announce the availability of Nessus 1.0.9 and 1.1.3. . Nessus 1.0.9 -------------- As Nessus 1.0.9 is considered as being stable, this release is a bugfix release only. No new stuff to play with. Among the fixed things : - fixed a possible deadlock in libpeks - fixed a bug which would cause the client to crash when sending a too long plugin list - fixed the 'too many plugins selected' bug that would make the client crash - workaround for a Linux bug^H^H^Hfeature that makes recv() behave completely differently than the rest of the world (thanks to Andreas Steinmetz) - various issues - more plugins . Nessus 1.1.3 -------------- Nessus 1.1.3 is a developement version, considered as being unstable (even though I'm more than happy with it :). The whole 1.1.x series is being considered as being unstable and serves as a testbed for Nessus 1.2. By unstable, I don't mean full of bugs (even though they can be here), but rather consider that the behavior of the new features can be inconsistent between two minor releases. Note that the more you test Nessus 1.1.x, the quicker Nessus 1.2 will get out. There will be more 1.1.x releases (I aim to do that on a weekly basis). I've been busy as hell these last months, hence the long lifetime of 1.1.2 Ok, here's what's different between 1.1.2 and 1.1.3 : - bugfixes. Gazillions of them (and this includes the 1.0.x fixes) - torturecgis.nasl and webmirror.nasl, two plugins that attempt to do 'smarter' CGI checks - filter support in the client (ala mutt ;). Type 'l' and fill the pop-up dialog with a regular expression you'd like to see applied to plugin names. (".*" shows every plugin) - Added the 'safe checks' option. When enabled, this option makes the 'dangerous' plugins look at banner version instead of actually try to exploit the flaw. Note that there still are dangerous plugins out there (Denial of services being one category of them), so don't just enable this option and launch all plugins against your network, or you may loose your job. As a reminder, Nessus 1.1.x is much faster, supports SSL, and has all the 'experimental' features of 1.0.x enabled by default. And now it has those cool 'safe checks'. . Where to get all this nice stuff ----------------------------------- See http://www.nessus.org for a list of mirrors, but basically : ftp://ftp.nessus.org/pub/nessus/nessus-1.0.9/src/ ftp://ftp.nessus.org/pub/nessus/unstable/nessus-1.1.3/src/ You can also type : lynx -source http://install.nessus.org | sh (or wget -O - http://install.nessus.org | sh) and ask for the version of your choice. This now works well on Solaris. . Bonus : How to make Nessus 1.0.x and 1.1.x co-exist on the same host ---------------------------------------------------------------------- That's easy : - uninstall your current version of Nessus. - Install Nessus-1.0.x, by supplying the option --prefix=/usr/local/nessus-1.0.x/ to the 'configure' script of nessus-core, nessus-libraries, nessus-plugins, and libnasl - Then install Nessus-1.1.x by supplying the option --prefix=/usr/local/nessus-1.1.x/ to the 'configure' script of nessus-core, nessus-libraries, nessus-plugins, and libnasl - Do 'ln -s /usr/local/nessus-1.0.x /usr/local/nessus' as root - Edit /etc/ld.so.conf and add the entry '/usr/local/nessus/lib' - start /usr/local/sbin/nessusd -s - Do 'cp /usr/local/nessus-1.0.x/etc/nessus/nessusd.private-keys \ /usr/local/nessus-1.1.x/etc/nessus/' Whenever you want to change from Nessus 1.1.x to 1.0.x, just change then symlink /usr/local/nessus so that it points to the right version. Don't forget to add users for each installation using nessus-adduser (user accounts can't be shared between the two versions), and don't forget to delete your ~/.nessusrc whenever you switch from 1.0.x to 1.1.x and back. -- Renaud -- Renaud Deraison The Nessus Project http://www.nessus.org -- Nessus-announce is not a conventional mailing list, it is a 'one-way' announcement list for Nessus. If you would not like to receive nessus announcements send a message: To: majordomo@list.nessus.org Subject: unsubscribe nessus-announce end For more info about Nessus see http://www.nessus.org. For more info about Nessus mailing lists see http://list.nessus.org. For more general information about majordomo send a message: To: majordomo@list.nessus.org Subject: help end Problems/difficulties > jb@list.nessus.org Have a :) day! --------------00D3BD59DD4FB37497CC4843-- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-ports" in the body of the message