I'm happy to announce the availability of Nessus 2.2.3.
Nessus 2.2.3 new features and fixes
-----------------------------------
Nessus 2.2.3 contains a new option called 'silent dependencies', as
well as a bunch of minor improvements and bug fixes.
The 'silent dependencies' option is designed to remove all the
un-necessary noise from a Nessus scan. Up until today, if you wanted to
scan your network only for one limited set of plugins, you'd get the
results of the dependencies in the report too.
For instance, if you scanned only for smb_nt_ms04-040.nasl, you'd get
the results of netbios_name_get.nasl, smb_login.nasl and possibly more
plugins. When performing a large scan, these results quickly get in the
way. If the option 'silent dependencies' is enabled, then the
dependencies are enabled but their result do not show up in the report,
which in turn reduces the volume of data to process after a scan.
Silent dependencies were first implemented in NessusWX by Nicolas
Pouvesle, and have now been ported to nessusd directly (so the filtering
occurs on the server-side).
Also, the Nessus GUI has been sightly simplified : I removed
some options I have recommended not using for a long time (detached
scans), and I created a new 'Credentials' tab where you can put your
Windows and Unix usernames and passwords for credential-based scanning.
Regarding the bug fixes, x86-64 users should now be able to start their
scans, and other minor issues have been fixed (full changelog at the
end of this message).
Download :
-----------
You can download Nessus 2.2.3 at :
<http://www.nessus.org/download/>
We have changed the way the license agreement works on the Nessus
website - if you /refuse/ the Tenable License, you will be redirected
to a 100% GPL Nessus package, containing only the GPL plugins. This will
hopefully make the life of distros packages managers much more simple.
Plugins licensing
------------------
A lot of you have probably followed the debates over the license
changes on various lists.
Thanks to the input we've received both on-list and off-list, we
have published a plugin licensing FAQ at :
<http://www.nessus.org/plugins/?view=faq>
If you have a generic question which is not answered, feel free to ask.
Nessus 2.0 end-of-life
----------------------
When Nessus 2.2.0 was released in late october, I said that Nessus 2.0
would be end-of-lifed within six months.
Nessus 2.0 will officially be end-of-lifed on March 28th. What this
means is that starting on March 28th, we will not garantee that new
Nessus plugins will work properly with Nessus 2.0.
So now would be a good time to upgrade to Nessus 2.2.
ChangeLog :
-----------
. changes by Michel Arboi :
- Call setrlimit() without any limits when calling popen() (this solves
the issue that some systems have when executing nmap which takes too
much memory).
. changes by Nicolas Pouvesle :
- Replaced the functions in libnasl/nasl/smb_crypt.* by crypt_func.nasl
. changes by Renaud Deraison :
- Added the 'silent dependencies' option (suggested by Nicolas Pouvesle)
- Added a new 'Credentials' Tab to put SSH and SMB credentials
- Removed some un-recommended options from the GUI (detached scan)
- Fixed a NULL-ptr dereferencement in libnasl
- Fixed a segfault occuring in the client when running Nessus on a x86-64
CPU
- Several portability issues have been fixed
Thanks,
-- Renaud
Nessus 2.2.3 new features and fixes
-----------------------------------
Nessus 2.2.3 contains a new option called 'silent dependencies', as
well as a bunch of minor improvements and bug fixes.
The 'silent dependencies' option is designed to remove all the
un-necessary noise from a Nessus scan. Up until today, if you wanted to
scan your network only for one limited set of plugins, you'd get the
results of the dependencies in the report too.
For instance, if you scanned only for smb_nt_ms04-040.nasl, you'd get
the results of netbios_name_get.nasl, smb_login.nasl and possibly more
plugins. When performing a large scan, these results quickly get in the
way. If the option 'silent dependencies' is enabled, then the
dependencies are enabled but their result do not show up in the report,
which in turn reduces the volume of data to process after a scan.
Silent dependencies were first implemented in NessusWX by Nicolas
Pouvesle, and have now been ported to nessusd directly (so the filtering
occurs on the server-side).
Also, the Nessus GUI has been sightly simplified : I removed
some options I have recommended not using for a long time (detached
scans), and I created a new 'Credentials' tab where you can put your
Windows and Unix usernames and passwords for credential-based scanning.
Regarding the bug fixes, x86-64 users should now be able to start their
scans, and other minor issues have been fixed (full changelog at the
end of this message).
Download :
-----------
You can download Nessus 2.2.3 at :
<http://www.nessus.org/download/>
We have changed the way the license agreement works on the Nessus
website - if you /refuse/ the Tenable License, you will be redirected
to a 100% GPL Nessus package, containing only the GPL plugins. This will
hopefully make the life of distros packages managers much more simple.
Plugins licensing
------------------
A lot of you have probably followed the debates over the license
changes on various lists.
Thanks to the input we've received both on-list and off-list, we
have published a plugin licensing FAQ at :
<http://www.nessus.org/plugins/?view=faq>
If you have a generic question which is not answered, feel free to ask.
Nessus 2.0 end-of-life
----------------------
When Nessus 2.2.0 was released in late october, I said that Nessus 2.0
would be end-of-lifed within six months.
Nessus 2.0 will officially be end-of-lifed on March 28th. What this
means is that starting on March 28th, we will not garantee that new
Nessus plugins will work properly with Nessus 2.0.
So now would be a good time to upgrade to Nessus 2.2.
ChangeLog :
-----------
. changes by Michel Arboi :
- Call setrlimit() without any limits when calling popen() (this solves
the issue that some systems have when executing nmap which takes too
much memory).
. changes by Nicolas Pouvesle :
- Replaced the functions in libnasl/nasl/smb_crypt.* by crypt_func.nasl
. changes by Renaud Deraison :
- Added the 'silent dependencies' option (suggested by Nicolas Pouvesle)
- Added a new 'Credentials' Tab to put SSH and SMB credentials
- Removed some un-recommended options from the GUI (detached scan)
- Fixed a NULL-ptr dereferencement in libnasl
- Fixed a segfault occuring in the client when running Nessus on a x86-64
CPU
- Several portability issues have been fixed
Thanks,
-- Renaud