From owner-freebsd-security@FreeBSD.ORG Sun Feb 5 10:41:53 2006 Return-Path: X-Original-To: freebsd-security@freebsd.org Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id C12DB16A422 for ; Sun, 5 Feb 2006 10:41:53 +0000 (GMT) (envelope-from pietro.cerutti@gmail.com) Received: from uproxy.gmail.com (uproxy.gmail.com [66.249.92.204]) by mx1.FreeBSD.org (Postfix) with ESMTP id 38D9543D45 for ; Sun, 5 Feb 2006 10:41:52 +0000 (GMT) (envelope-from pietro.cerutti@gmail.com) Received: by uproxy.gmail.com with SMTP id m2so384616ugc for ; Sun, 05 Feb 2006 02:41:50 -0800 (PST) DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=beta; d=gmail.com; h=received:message-id:date:from:to:subject:cc:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references; b=mwEk5n4MrXkw8IcHOfrPEw01FMZAow37oKtqPBdjKBlDkOH5C+a1ejEMB+02ftYKi37oBYdFVlLbSy3W7yPo0ZlzkUQkZafJRKTZReT3jxVvwjY8NNyhfXE48cveGLSF1Zee14JNWlEbwF3SCh2l5YrVnFcw/2l9miTnycj333Y= Received: by 10.48.47.14 with SMTP id u14mr895248nfu; Sun, 05 Feb 2006 02:41:50 -0800 (PST) Received: by 10.49.30.6 with HTTP; Sun, 5 Feb 2006 02:41:50 -0800 (PST) Message-ID: Date: Sun, 5 Feb 2006 11:41:50 +0100 From: Pietro Cerutti To: gahn In-Reply-To: <20060204201445.48432.qmail@web52101.mail.yahoo.com> MIME-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: quoted-printable Content-Disposition: inline References: <20060204201445.48432.qmail@web52101.mail.yahoo.com> Cc: freebsd security Subject: Re: nnamp question X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 05 Feb 2006 10:41:53 -0000 On 2/4/06, gahn wrote: > Hi: Hi, > nmap -e fx0 -v -sP 192.168.128.0/23 > > Starting Nmap 3.95 ( http://www.insecure.org/nmap/ ) > at 2006-02-04 14:04 CST > getinterfaces: Failed to open ethernet interface (el0) > QUITTING! > > What did I do wrong? Are you running nmap as root? If not, you should. Only root can put interfaces in promiscuous mode. > > Thanks Hope this helps, regards -- Pietro Cerutti Non lasciar calpestare i TUOI diritti! Don't let 'em take YOUR rights! NO al Trusted Computing! Say NO to Trusted Computing! www.no1984.org www.againsttcpa.com From owner-freebsd-security@FreeBSD.ORG Tue Feb 7 14:53:56 2006 Return-Path: X-Original-To: freebsd-security@freebsd.org Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 98FDE16A420 for ; Tue, 7 Feb 2006 14:53:56 +0000 (GMT) (envelope-from Markus.Orebrand@operax.com) Received: from smtp.operax.com (net-internal.operax.com [213.50.74.197]) by mx1.FreeBSD.org (Postfix) with SMTP id B990343D46 for ; Tue, 7 Feb 2006 14:53:55 +0000 (GMT) (envelope-from Markus.Orebrand@operax.com) Received: (qmail 90137 invoked by uid 0); 7 Feb 2006 14:53:51 -0000 Received: from lulex02.ad.operax.com (192.168.2.13) by treo.operax.com with SMTP; 7 Feb 2006 14:53:51 -0000 X-MimeOLE: Produced By Microsoft Exchange V6.5 Content-class: urn:content-classes:message MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable Date: Tue, 7 Feb 2006 15:53:50 +0100 Message-ID: <33656995C5C5094A983DE84DA649A9244A0046@lulex02.ad.operax.com> X-MS-Has-Attach: X-MS-TNEF-Correlator: Thread-Topic: LDAP and Linux compatibility Thread-Index: AcYr9k6KhEwR5GmHSYyoZR9PaG7P/Q== From: =?iso-8859-1?Q?Markus_=D6rebrand?= To: Subject: LDAP and Linux compatibility X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 07 Feb 2006 14:53:56 -0000 While this is a fairly old thread, there may still be people looking for the *correct* answer for this question (at least I were 10 minutes ago...) So, the problem is that some applications (acroread7 in this case) refuse to start when run on a NIS or LDAP (client?), with a message containing: GLib-WARNING **: getpwuid_r(): failed due to unknown user id See more about the problem in previous posts in this thread. The resolution is to edit /compat/linux/etc/nsswitch.conf, and change passwd: files shadow: files group: files to: passwd: db files nisplus nis shadow: db files nisplus nis group: db files nisplus nis LDAP clients should also have 'ldap' after 'nis' in these rows. By the way, editing /etc/nsswitch.conf is the way to go to set lookup priorities for PAM in Linux.=20 -- Markus =D6rebrand Markus.Orebrand@operax.com Systems Administrator Operax - Guaranteed QoS From owner-freebsd-security@FreeBSD.ORG Tue Feb 7 15:07:32 2006 Return-Path: X-Original-To: freebsd-security@freebsd.org Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 8DAF716A420 for ; Tue, 7 Feb 2006 15:07:32 +0000 (GMT) (envelope-from Markus.Orebrand@operax.com) Received: from smtp.operax.com (net-internal.operax.com [213.50.74.197]) by mx1.FreeBSD.org (Postfix) with SMTP id AF04243D7B for ; Tue, 7 Feb 2006 15:07:25 +0000 (GMT) (envelope-from Markus.Orebrand@operax.com) Received: (qmail 69687 invoked by uid 0); 7 Feb 2006 15:07:24 -0000 Received: from lulex02.ad.operax.com (192.168.2.13) by treo.operax.com with SMTP; 7 Feb 2006 15:07:24 -0000 X-MimeOLE: Produced By Microsoft Exchange V6.5 Content-class: urn:content-classes:message MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable Date: Tue, 7 Feb 2006 16:07:23 +0100 Message-ID: <33656995C5C5094A983DE84DA649A9244A004F@lulex02.ad.operax.com> X-MS-Has-Attach: X-MS-TNEF-Correlator: Thread-Topic: LDAP and Linux compatibility Thread-Index: AcYr9k6KhEwR5GmHSYyoZR9PaG7P/QAAWlFw From: =?iso-8859-1?Q?Markus_=D6rebrand?= To: Subject: RE: LDAP and Linux compatibility X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 07 Feb 2006 15:07:32 -0000 The old thread is here: http://lists.freebsd.org/pipermail/freebsd-security/2005-March/002766.ht ml -- Markus =D6rebrand Markus.Orebrand@operax.com Systems Administrator Operax - Guaranteed QoS > -----Original Message----- > From: owner-freebsd-security@freebsd.org=20 > [mailto:owner-freebsd-security@freebsd.org] On Behalf Of=20 > Markus =D6rebrand > Sent: den 7 februari 2006 15:54 > To: freebsd-security@freebsd.org > Subject: LDAP and Linux compatibility >=20 > While this is a fairly old thread, there may still be people=20 > looking for > the *correct* answer for this question (at least I were 10 minutes > ago...) >=20 > So, the problem is that some applications (acroread7 in this case) > refuse to start when run on a NIS or LDAP (client?), with a message > containing: >=20 > GLib-WARNING **: getpwuid_r(): failed due to unknown user id >=20 > See more about the problem in previous posts in this thread. >=20 > The resolution is to edit /compat/linux/etc/nsswitch.conf, and change >=20 > passwd: files > shadow: files > group: files >=20 > to: >=20 > passwd: db files nisplus nis > shadow: db files nisplus nis > group: db files nisplus nis >=20 > LDAP clients should also have 'ldap' after 'nis' in these rows. >=20 > By the way, editing /etc/nsswitch.conf is the way to go to set lookup > priorities for PAM in Linux.=20 >=20 > -- > Markus =D6rebrand Markus.Orebrand@operax.com > Systems Administrator Operax - Guaranteed QoS >=20 > _______________________________________________ > freebsd-security@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-security > To unsubscribe, send any mail to=20 > "freebsd-security-unsubscribe@freebsd.org" >=20 From owner-freebsd-security@FreeBSD.ORG Wed Feb 8 16:09:29 2006 Return-Path: X-Original-To: freebsd-security@freebsd.org Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id B15F316A420 for ; Wed, 8 Feb 2006 16:09:29 +0000 (GMT) (envelope-from TArneaud@verisign.com.au) Received: from robin.verisign.com (robin.verisign.com [65.205.251.75]) by mx1.FreeBSD.org (Postfix) with ESMTP id 66FAF43D46 for ; Wed, 8 Feb 2006 16:09:29 +0000 (GMT) (envelope-from TArneaud@verisign.com.au) Received: from mou1wnexcn01.vcorp.ad.vrsn.com (mailer1.verisign.com [65.205.251.34]) by robin.verisign.com (8.13.1/8.13.4) with ESMTP id k18G9Snb031479; Wed, 8 Feb 2006 08:09:28 -0800 Received: from MEL1WNEXCB01.vcorp.ad.vrsn.com ([10.79.12.29]) by mou1wnexcn01.vcorp.ad.vrsn.com with Microsoft SMTPSVC(6.0.3790.1830); Wed, 8 Feb 2006 08:09:27 -0800 X-MimeOLE: Produced By Microsoft Exchange V6.5.7226.0 Content-class: urn:content-classes:message MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable Date: Thu, 9 Feb 2006 03:09:25 +1100 Message-ID: X-MS-Has-Attach: X-MS-TNEF-Correlator: Thread-Topic: nnamp question Thread-Index: AcYqQWzi/eoeHZ/aSkCvvEVlHsDgzAChHn+g From: "Arneaud, Tim" To: "gahn" X-OriginalArrivalTime: 08 Feb 2006 16:09:28.0069 (UTC) FILETIME=[097AB350:01C62CCA] Cc: freebsd security Subject: RE: nnamp question X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 08 Feb 2006 16:09:29 -0000 nmap -e fx0 -v -sP 192.168.128.0/23 -> is a "Ping Scan however, and this does not require root privilages... -sP (Ping Scan) -v (Increase verbosity level) -e : Use specified interface=20 Error: > getinterfaces: Failed to open ethernet interface (el0) QUITTING! Which seems to indicate that nmap is being told to look for an interface that can't/doesn't exist... el is an old 3Com ISA card You mentioned using ethernet device "fx0" - did you mean "fxp0", the Intel Intel EtherExpress Pro/100 style cards? ...or you may have already discovered this ;) It might be worth checking exactly what interfaces and hardware you do have on this system... ...and you could also try running the command without specifying the interface directly and rely on the routing table to sort it out. Nmap does not require the "-e" flag to run a "Ping Scan". nmap -v -sP 192.168.128.0/23 Hope this helps! Kind Regards, Tim Arneaud -----Original Message----- From: owner-freebsd-security@freebsd.org [mailto:owner-freebsd-security@freebsd.org] On Behalf Of Pietro Cerutti Sent: Sunday, 5 February 2006 9:42 PM To: gahn Cc: freebsd security Subject: Re: nnamp question On 2/4/06, gahn wrote: > Hi: Hi, > nmap -e fx0 -v -sP 192.168.128.0/23 > > Starting Nmap 3.95 ( http://www.insecure.org/nmap/ ) at 2006-02-04=20 > 14:04 CST > getinterfaces: Failed to open ethernet interface (el0) QUITTING! > > What did I do wrong? Are you running nmap as root? If not, you should. Only root can put interfaces in promiscuous mode. > > Thanks Hope this helps, regards -- Pietro Cerutti Non lasciar calpestare i TUOI diritti! Don't let 'em take YOUR rights! NO al Trusted Computing! Say NO to Trusted Computing! www.no1984.org www.againsttcpa.com _______________________________________________ freebsd-security@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-security To unsubscribe, send any mail to "freebsd-security-unsubscribe@freebsd.org" From owner-freebsd-security@FreeBSD.ORG Wed Feb 8 18:05:33 2006 Return-Path: X-Original-To: freebsd-security@freebsd.org Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 4D04D16A422 for ; Wed, 8 Feb 2006 18:05:33 +0000 (GMT) (envelope-from ipfreak@yahoo.com) Received: from web52110.mail.yahoo.com (web52110.mail.yahoo.com [206.190.48.113]) by mx1.FreeBSD.org (Postfix) with SMTP id DAEA943D6E for ; Wed, 8 Feb 2006 18:05:24 +0000 (GMT) (envelope-from ipfreak@yahoo.com) Received: (qmail 57970 invoked by uid 60001); 8 Feb 2006 18:05:24 -0000 DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=s1024; d=yahoo.com; h=Message-ID:Received:Date:From:Subject:To:Cc:In-Reply-To:MIME-Version:Content-Type:Content-Transfer-Encoding; b=y8tWoS2TP1aBtfhc//xyi6K5pPHgg+DC3//MAk/QhtiGuJyRX5IbW0q3HaLG9qK7H9wqjmScXl+VBqlhplct/O0iG3++OI2oMHfaYhyPk09tV5PETirHhfPpIaLDL89yxhpCz878MwTI5sWuQnF1XT7oLAE9MdExnflQbiEtxBc= ; Message-ID: <20060208180524.57968.qmail@web52110.mail.yahoo.com> Received: from [70.109.54.68] by web52110.mail.yahoo.com via HTTP; Wed, 08 Feb 2006 10:05:23 PST Date: Wed, 8 Feb 2006 10:05:23 -0800 (PST) From: gahn To: "Arneaud, Tim" In-Reply-To: MIME-Version: 1.0 Content-Type: text/plain; charset=iso-8859-1 Content-Transfer-Encoding: 8bit Cc: freebsd security Subject: RE: nnamp question X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 08 Feb 2006 18:05:33 -0000 Thanks Tim: well, the real interface is rl0...:) sorry for the confusion. the problem is that the nmap seems to have mind of its own and stick with em0: sis# nmap -e rl0 -v -sP 192.168.126.0/23 Starting Nmap 3.95 ( http://www.insecure.org/nmap/ ) at 2006-02-08 12:01 CST getinterfaces: Failed to open ethernet interface (em0) QUITTING! It has 4 interfacres but nmap just sticks with em0. i am lost ... Thanks --- "Arneaud, Tim" wrote: > > nmap -e fx0 -v -sP 192.168.128.0/23 > > -> is a "Ping Scan however, and this does not > require root privilages... > > -sP (Ping Scan) > -v (Increase verbosity level) > -e : Use specified interface > > Error: > > getinterfaces: Failed to open ethernet interface > (el0) QUITTING! > > Which seems to indicate that nmap is being told to > look for an interface > that can't/doesn't exist... > el is an old 3Com ISA card > > You mentioned using ethernet device "fx0" - did you > mean "fxp0", the > Intel Intel EtherExpress Pro/100 style cards? > ...or you may have already discovered this ;) > > It might be worth checking exactly what interfaces > and hardware you do > have on this system... > ...and you could also try running the command > without specifying the > interface directly and rely on the routing table to > sort it out. Nmap > does not require the "-e" flag to run a "Ping Scan". > > nmap -v -sP 192.168.128.0/23 > > Hope this helps! > > Kind Regards, > Tim Arneaud > > > > -----Original Message----- > From: owner-freebsd-security@freebsd.org > [mailto:owner-freebsd-security@freebsd.org] On > Behalf Of Pietro Cerutti > Sent: Sunday, 5 February 2006 9:42 PM > To: gahn > Cc: freebsd security > Subject: Re: nnamp question > > On 2/4/06, gahn wrote: > > Hi: > > Hi, > > > nmap -e fx0 -v -sP 192.168.128.0/23 > > > > Starting Nmap 3.95 ( http://www.insecure.org/nmap/ > ) at 2006-02-04 > > 14:04 CST > > getinterfaces: Failed to open ethernet interface > (el0) QUITTING! > > > > What did I do wrong? > > Are you running nmap as root? If not, you should. > Only root can put > interfaces in promiscuous mode. > > > > > Thanks > > Hope this helps, > regards > > -- > Pietro Cerutti > > > Non lasciar calpestare i TUOI diritti! > Don't let 'em take YOUR rights! > > NO al Trusted Computing! > Say NO to Trusted Computing! > > www.no1984.org > www.againsttcpa.com > _______________________________________________ > freebsd-security@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-security > To unsubscribe, send any mail to > "freebsd-security-unsubscribe@freebsd.org" > > __________________________________________________ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com From owner-freebsd-security@FreeBSD.ORG Thu Feb 9 12:08:45 2006 Return-Path: X-Original-To: freebsd-security@freebsd.org Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 55C2016A420 for ; Thu, 9 Feb 2006 12:08:45 +0000 (GMT) (envelope-from andy@tcpd.net) Received: from mx1.out.mail.glbx.net (mx1.out.mail.glbx.net [80.76.201.105]) by mx1.FreeBSD.org (Postfix) with ESMTP id 4831F43D76 for ; Thu, 9 Feb 2006 12:08:41 +0000 (GMT) (envelope-from andy@tcpd.net) Received: from hydrogen.glbx.net ([80.76.194.12] helo=[172.16.0.12]) by mx1.mail.glbx.net with esmtpsa (Exim 4.60; TLSv1:RC4-SHA:128) id 1F7AbF-0005tD-4M; Thu, 09 Feb 2006 12:08:37 +0000 In-Reply-To: <20060208180524.57968.qmail@web52110.mail.yahoo.com> References: <20060208180524.57968.qmail@web52110.mail.yahoo.com> Mime-Version: 1.0 (Apple Message framework v746.2) Content-Type: text/plain; charset=US-ASCII; delsp=yes; format=flowed Message-Id: <35556F4C-AEBF-446B-8F79-0DC533465751@tcpd.net> Content-Transfer-Encoding: 7bit From: Andrew Gilligan Date: Thu, 9 Feb 2006 12:08:34 +0000 To: freebsd-security@freebsd.org X-Mailer: Apple Mail (2.746.2) X-Mailman-Approved-At: Thu, 09 Feb 2006 12:41:40 +0000 Cc: gahn Subject: Re: nnamp question X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 09 Feb 2006 12:08:45 -0000 On 8 Feb 2006, at 18:05, gahn wrote: > Thanks Tim: > > well, the real interface is rl0...:) sorry for the > confusion. > > the problem is that the nmap seems to have mind of its > own and stick with em0: > > sis# nmap -e rl0 -v -sP 192.168.126.0/23 > > Starting Nmap 3.95 ( http://www.insecure.org/nmap/ ) > at 2006-02-08 12:01 CST > getinterfaces: Failed to open ethernet interface (em0) > QUITTING! > > It has 4 interfacres but nmap just sticks with em0. i > am lost ... It could be that you're running out of BPF devices. With recent versions of nmap, I needed to create 11 entries in /dev before I could get it to work. The machine in question was FreeBSD 4.11 with 4 physical interfaces. To check, run nmap through truss: truss nmap -e rl0 -sP 192.168.126.0/23 And look for something like: open("/dev/bpf4",0x1,027757740460) ERR#16 'Device busy' open("/dev/bpf5",0x1,027757740460) ERR#16 'Device busy' open("/dev/bpf6",0x1,027757740460) ERR#2 'No such file or directory' If you see that, then just add any BPF devices you need: cd /dev && sh ./MAKEDEV bpf6 Regards, -Andy From owner-freebsd-security@FreeBSD.ORG Thu Feb 9 23:21:32 2006 Return-Path: X-Original-To: freebsd-security@freebsd.org Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 8900C16A420 for ; Thu, 9 Feb 2006 23:21:32 +0000 (GMT) (envelope-from drosih@rpi.edu) Received: from smtp3.server.rpi.edu (smtp3.server.rpi.edu [128.113.2.3]) by mx1.FreeBSD.org (Postfix) with ESMTP id EFE3243D48 for ; Thu, 9 Feb 2006 23:21:31 +0000 (GMT) (envelope-from drosih@rpi.edu) Received: from [128.113.24.47] (gilead.netel.rpi.edu [128.113.24.47]) by smtp3.server.rpi.edu (8.13.0/8.13.0) with ESMTP id k19NLUKw018286 for ; Thu, 9 Feb 2006 18:21:30 -0500 Mime-Version: 1.0 Message-Id: Date: Thu, 9 Feb 2006 18:21:29 -0500 To: freebsd-security@freebsd.org From: Garance A Drosihn Content-Type: text/plain; charset="us-ascii" ; format="flowed" X-CanItPRO-Stream: default X-RPI-SA-Score: undef - spam-scanning disabled X-Scanned-By: CanIt (www . canit . ca) on 128.113.2.3 Subject: Running nessus on freebsd... X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 09 Feb 2006 23:21:32 -0000 I'm trying to get nessus setup for doing some internal security checking. I installed the ports for nessus and nessus-plugins, and everything worked as expected. I then registered for the full feed of plugins, which got me up to over 10,000 plugins. I restarted nessus, and it didn't work at all. I am running without X11, so I'm doing batch runs. I already have nmap installed, so I assume nessus is using that. After much futzing around, and some arbitrary trial-and-error guessing, I found that I could get nessus to work reasonably well by cutting the number of plugins down to just under 3,400. I did this first lopping off all plugins for 'hpux', then all plugins for 'solaris*x86*', and so-on, and so-on, etc. Basically removing checks for OS's that I know I will not be checking, except that I also had to remove a bunch of samba-related checks which I really should probably keep. I should note that the server always starts up fine, but running the client results in messages such as: *** The daemon shut down the communication *** nessus: nessusd abruptly shut the communication \ down - the test may be incomplete and then the server is off spinning in some CPU loop, and the client is doing nothing much. This happens before the server has sent any packets to the target host. I could obviously provide more details about what errors I'm seeing, but it seems odd to me that I'm having problems with so many plugins, and yet a quick skim of various mailing lists don't show anyone else having these problems. I had been running 6.x-stable as of about a month ago, so I updated my machine to the status as of this morning, and that didn't seem to help much. I'm running on a single-CPU Athlon (i386, not amd64) machine. Are other people here running nessus (2.2.6) with the "registered plugins"? (not the commercial registration). -- Garance Alistair Drosehn = gad@gilead.netel.rpi.edu Senior Systems Programmer or gad@freebsd.org Rensselaer Polytechnic Institute or drosih@rpi.edu From owner-freebsd-security@FreeBSD.ORG Fri Feb 10 14:48:08 2006 Return-Path: X-Original-To: freebsd-security@freebsd.org Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id DA3AF16A420 for ; Fri, 10 Feb 2006 14:48:08 +0000 (GMT) (envelope-from mike@sentex.net) Received: from smarthost1.sentex.ca (smarthost1.sentex.ca [64.7.153.18]) by mx1.FreeBSD.org (Postfix) with ESMTP id 2D92243D4C for ; Fri, 10 Feb 2006 14:48:03 +0000 (GMT) (envelope-from mike@sentex.net) Received: from lava.sentex.ca (pyroxene.sentex.ca [199.212.134.18]) by smarthost1.sentex.ca (8.13.4/8.13.4) with ESMTP id k1AEm2j0002223; Fri, 10 Feb 2006 09:48:02 -0500 (EST) (envelope-from mike@sentex.net) Received: from simian.sentex.net (simeon.sentex.ca [192.168.43.27]) by lava.sentex.ca (8.13.3/8.13.3) with ESMTP id k1AEm1Vv064233 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Fri, 10 Feb 2006 09:48:01 -0500 (EST) (envelope-from mike@sentex.net) Message-Id: <6.2.3.4.0.20060210093914.09537c70@64.7.153.2> X-Mailer: QUALCOMM Windows Eudora Version 6.2.3.4 Date: Fri, 10 Feb 2006 09:47:55 -0500 To: Garance A Drosihn , freebsd-security@freebsd.org From: Mike Tancsa In-Reply-To: References: Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii"; format=flowed X-Virus-Scanned: by amavisd-new X-Scanned-By: MIMEDefang 2.51 on 64.7.153.18 Cc: Subject: Re: Running nessus on freebsd... X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 10 Feb 2006 14:48:09 -0000 At 06:21 PM 09/02/2006, Garance A Drosihn wrote: >Are other people here running nessus (2.2.6) with the "registered >plugins"? (not the commercial registration). Hi, I am running the same sort of setup, with registered plugins but with the X-client. Typically, I shut down the daemon, run the nessus-update-plugins, start the daemon up again, run "nessus" which opens up an X app on my workstation and then login and away it goes. Does it work for you if you do it via X ? [verify1]% nessus -v nessus (Nessus) 2.2.6 for FreeBSD (C) 1998 - 2003 Renaud Deraison SSL used for client - server communication [verify1]% ---Mike From owner-freebsd-security@FreeBSD.ORG Sat Feb 11 13:23:21 2006 Return-Path: X-Original-To: freebsd-security@FreeBSD.org Delivered-To: freebsd-security@FreeBSD.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 5458F16A420; Sat, 11 Feb 2006 13:23:21 +0000 (GMT) (envelope-from pjd@pacomp.pl) Received: from mail.pacomp.pl (ana50.internetdsl.tpnet.pl [83.17.82.50]) by mx1.FreeBSD.org (Postfix) with ESMTP id BFC4B43D49; Sat, 11 Feb 2006 13:23:19 +0000 (GMT) (envelope-from pjd@pacomp.pl) Received: from localhost (djx30.neoplus.adsl.tpnet.pl [83.24.1.30]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by mail.pacomp.pl (Postfix) with ESMTP id BDD944AD13; Sat, 11 Feb 2006 14:23:18 +0100 (CET) Date: Sat, 11 Feb 2006 14:23:01 +0100 From: Pawel Jakub Dawidek To: freebsd-current@FreeBSD.org Message-ID: <20060211132301.GF3975@garage.freebsd.pl> Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="E7i4zwmWs5DOuDSH" Content-Disposition: inline X-PGP-Key-URL: http://people.freebsd.org/~pjd/pjd.asc X-OS: FreeBSD 7.0-CURRENT i386 User-Agent: mutt-ng/devel-r535 (FreeBSD) Cc: freebsd-security@FreeBSD.org Subject: GELI improvements. X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 11 Feb 2006 13:23:21 -0000 --E7i4zwmWs5DOuDSH Content-Type: text/plain; charset=iso-8859-2 Content-Disposition: inline Content-Transfer-Encoding: quoted-printable Hi. I added possibility to use key files for encrypted provider which are attached on boot. Before only passphrase could be used. I also fixed the tasing code - before it sometimes stopped to taste providers too early, so it was possible that kernel didn't ask for the passphrase. If you had problems with this, you may want to try again. --=20 Pawel Jakub Dawidek http://www.wheel.pl pjd@FreeBSD.org http://www.FreeBSD.org FreeBSD committer Am I Evil? Yes, I Am! --E7i4zwmWs5DOuDSH Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.2 (FreeBSD) iD8DBQFD7eU1ForvXbEpPzQRAq0lAKDNEB0sQ6WqWe8Sv7kkclVNh+serACdEMk4 LQBOSQ6UGrfKSQtM5X2Gh6k= =h2RC -----END PGP SIGNATURE----- --E7i4zwmWs5DOuDSH--