Hello everyone,
I'd like to do several announcements today :
1. Change in policy in the Nessus Plugin Feed
2. Nessus 2.2.1 has been released
3. NessusWX workaround
4. Nessus.org got a facelift
1. Change in policy in the Nessus Plugin Feed
---------------------------------------------
We have decided to change the way the new plugins are being released
and published. Today, whenever a user types 'nessus-update-plugins',
he receives all the newest plugins from
http://www.nessus.org/nasl/all-2.0.tar.gz.
Basically, several changes are occuring :
- The first one, is that the current feed will only contain GPL plugins
(ie: currently about 2,000 plugins). This means that the current
command "nessus-update-plugins" will continue to work properly, but you
will get less plugins than what you can get today, as (as many of you
have noticed), plugins released by my company (Tenable) are *not* released
under the GPL
- When downloading Nessus 2.2.1 (and newer), you now have the
opportunity to "register". ie: submit your email address and you will
receive an "activation code", which will entitle you to receive a full
plugin feed (GPL + Tenable). We do not intend to contact you thru this
email address, except to send you an activation code and to inform you
if you generate too much traffic (believe it or not, there are people
out there downloading all the Nessus plugins _EVERY MINUTE_). To use
the activation code, you'll need to upgrade to Nessus 2.2.1 and
use the new 'nessus-fetch' command line utility.
- Users now have the opportunity to buy access to a "Direct Plugin
Feed". What this really means is that the free feed will actually be
delayed by seven days for non-GPL plugins. If you are one of these
companies who need to be 100% up-to-date, such a subscription will be of
some interest to you. More information at :
http://www.tenablesecurity.com/products/direct.shtml
So there are three ways to update plugins now :
- a GPL feed containing the plugins submitted by the community ;
- a Registered feed containing the latest plugins submitted by
the community, and the plugins written by Tenable delayed
by 7 days ;
- a commercial Direct Feed which contains all the newest and greatest
plugins ;
2. Nessus 2.2.1 has been released
---------------------------------
I am very happy with the whole Nessus 2.2.x serie - there has been no
showstopper so far, apart from minor bugs. Nessus 2.2.1 contains
the following fixes and improvements :
- We now turned on TCP buffering for every TCP sockets, which should
reduce the number of system calls and lower the load on a given host.
That allowed us to spot a minor bug in the buffering code that we fixed
as well ;
- We added a new utility called "nessus-fetch" which is intended to be
a replacement for wget/lynx/curl/whatever was used by
nessus-update-plugins.
- Michel wrote a new TCP port scanner which replaces
nmap_tcp_connect.nes, which not only performs a port scan but also
grabs banners on the fly, which in turn makes find_service.nes much
faster.
- We fixed two bugs:
- bug#1065: nessusd would do an endless stream of
gethostbyname() when testing a non-existant host name
- bug#1076: The nessus scripts would not work under bash 3.0
3. NessusWX work around
-----------------------
Nicolas Pouvesle attempted to fix a bug in NessusWX which prevents it to
work with Nessus 2.2.0. We've (re-)released NessusWX-1.4.4-NP which
is an unoffocial version which now works. If you tried it yesterday,
try the new binary we uploaded this morning.
4. Nessus.org got a facelift
----------------------------
The Nessus website has been re-done ! The new website is hopefully
cleaner and clearer. If you encounter dead links, typos or any other
problem, please let me know !
Thanks,
-- Renaud
I'd like to do several announcements today :
1. Change in policy in the Nessus Plugin Feed
2. Nessus 2.2.1 has been released
3. NessusWX workaround
4. Nessus.org got a facelift
1. Change in policy in the Nessus Plugin Feed
---------------------------------------------
We have decided to change the way the new plugins are being released
and published. Today, whenever a user types 'nessus-update-plugins',
he receives all the newest plugins from
http://www.nessus.org/nasl/all-2.0.tar.gz.
Basically, several changes are occuring :
- The first one, is that the current feed will only contain GPL plugins
(ie: currently about 2,000 plugins). This means that the current
command "nessus-update-plugins" will continue to work properly, but you
will get less plugins than what you can get today, as (as many of you
have noticed), plugins released by my company (Tenable) are *not* released
under the GPL
- When downloading Nessus 2.2.1 (and newer), you now have the
opportunity to "register". ie: submit your email address and you will
receive an "activation code", which will entitle you to receive a full
plugin feed (GPL + Tenable). We do not intend to contact you thru this
email address, except to send you an activation code and to inform you
if you generate too much traffic (believe it or not, there are people
out there downloading all the Nessus plugins _EVERY MINUTE_). To use
the activation code, you'll need to upgrade to Nessus 2.2.1 and
use the new 'nessus-fetch' command line utility.
- Users now have the opportunity to buy access to a "Direct Plugin
Feed". What this really means is that the free feed will actually be
delayed by seven days for non-GPL plugins. If you are one of these
companies who need to be 100% up-to-date, such a subscription will be of
some interest to you. More information at :
http://www.tenablesecurity.com/products/direct.shtml
So there are three ways to update plugins now :
- a GPL feed containing the plugins submitted by the community ;
- a Registered feed containing the latest plugins submitted by
the community, and the plugins written by Tenable delayed
by 7 days ;
- a commercial Direct Feed which contains all the newest and greatest
plugins ;
2. Nessus 2.2.1 has been released
---------------------------------
I am very happy with the whole Nessus 2.2.x serie - there has been no
showstopper so far, apart from minor bugs. Nessus 2.2.1 contains
the following fixes and improvements :
- We now turned on TCP buffering for every TCP sockets, which should
reduce the number of system calls and lower the load on a given host.
That allowed us to spot a minor bug in the buffering code that we fixed
as well ;
- We added a new utility called "nessus-fetch" which is intended to be
a replacement for wget/lynx/curl/whatever was used by
nessus-update-plugins.
- Michel wrote a new TCP port scanner which replaces
nmap_tcp_connect.nes, which not only performs a port scan but also
grabs banners on the fly, which in turn makes find_service.nes much
faster.
- We fixed two bugs:
- bug#1065: nessusd would do an endless stream of
gethostbyname() when testing a non-existant host name
- bug#1076: The nessus scripts would not work under bash 3.0
3. NessusWX work around
-----------------------
Nicolas Pouvesle attempted to fix a bug in NessusWX which prevents it to
work with Nessus 2.2.0. We've (re-)released NessusWX-1.4.4-NP which
is an unoffocial version which now works. If you tried it yesterday,
try the new binary we uploaded this morning.
4. Nessus.org got a facelift
----------------------------
The Nessus website has been re-done ! The new website is hopefully
cleaner and clearer. If you encounter dead links, typos or any other
problem, please let me know !
Thanks,
-- Renaud