After tinkering around a bit more, I found the problem I was having.
Whenever I enable KB saving either on NessusWX or the nessus client it
doesn't save the vulnerabilities to the database. If I disable this it works
fine saving to both the vulnerability and knowledgebase tables.
Jeff
-----Original Message-----
From: nessus-devel-bounces@list.nessus.org
[mailto:nessus-devel-bounces@list.nessus.org] On Behalf Of Marsh, Cory
Sent: Thursday, January 15, 2004 2:47 PM
To: nessus-devel@list.nessus.org
Subject: RE: [Nessus-devel] [Database-devel] questions...
Perhaps it wasn't clear that I was referring to the knowledgebase saving
feature not being tested with the sql code. I was not saying that the
knowledgebase is not saved to the database. This is the default case.
-----Original Message-----
From: Jeff Dell [mailto:jdell@activeworx.com]
Sent: Thursday, January 15, 2004 12:33 PM
To: nessus-devel@list.nessus.org
Subject: RE: [Nessus-devel] [Database-devel] questions...
I personally feel that being able to report to the database on knowledgebase
information would be a really nice feature.
As far as the segfault that I was getting... I was seeing it in the
nessusd.messages file after the scan completed and it was a few lines up
from the bottom. Perform a scan with NessusWX and tail the file. When it
tries to populate the knowledgebase and vulnerability tables after the scan,
I get a message that says "[time] [pid] SIGSEGV occurred !".
Jeff
-----Original Message-----
From: nessus-devel-bounces@list.nessus.org
[mailto:nessus-devel-bounces@list.nessus.org] On Behalf Of Marsh, Cory
Sent: Thursday, January 15, 2004 2:17 PM
To: nessus-devel@list.nessus.org
Subject: RE: [Nessus-devel] [Database-devel] questions...
NESSUS_SQL has *NOT* been tested with the knowledgebase code. I am going to
guess that this is your problem. If the knowledgebase saving feature
deletes the knowledgebase AFTER saving it and BEFORE the DB code is called,
you will see nothing in the knowledgebase OR the vulnerability table. I
recommend recompiling your nessusd WITHOUT --enable-save-kb. If both the
SQL save AND a static file knowledgebase save is a required (or useful)
feature, we may want to look at doing SQL reads to get the data for SQL
users, or modifying the save_knowledgebase code to support the DB. I see
both as valid options and renaud may have more input.
-Cory
-----Original Message-----
From: Robert Rich [mailto:rrich@gstisecurity.com]
Sent: Thursday, January 15, 2004 10:11 AM
To: Javier Fernandez-Sanguino
Cc: Jeff Dell; Marsh, Cory; nessus-devel@list.nessus.org
Subject: Re: [Nessus-devel] [Database-devel] questions...
There is definitely database communication. Based on some previous
discussion, i created the db but left it empty and simply allowed
nessusd to create the schema.
After three scans (the last one still running), this is the number of
rows in each table:
executedplugin: 9476
host: 15
hostsession: 54
knowledgebase: 0
service: 0
session: 3
userlist: 0
usersession: 0
vulnerability: 0
Your last point related to 'realtime' status is part of what makes this
so interesting to me. I've been watching the tables grow as time
progresses. I do see the following in nessus.messages:
$ grep kb nessusd.messages | tail -20 | head -4
[Thu Jan 15 09:30:56 2004][1480] user rrich : new KB will be saved as
/export/home/rrich/local/var/nessus/users/rrich/kbs/10.10.10.239
[Thu Jan 15 09:30:58 2004][1484] user rrich : new KB will be saved as
/export/home/rrich/local/var/nessus/users/rrich/kbs/10.10.10.240
[Thu Jan 15 09:31:00 2004][1486] user rrich : new KB will be saved as
/export/home/rrich/local/var/nessus/users/rrich/kbs/10.10.10.241
[Thu Jan 15 09:31:02 2004][1487] user rrich : new KB will be saved as
/export/home/rrich/local/var/nessus/users/rrich/kbs/10.10.10.242
Here were my configure args from the build of nessus-core
$ grep CONFIGURE_ARGS nessus.tmpl
CONFIGURE_ARGS = --prefix=/export/home/rrich/local --enable-release
--disable-gtk --enable-save-sessions --enable-save-kb
--with-mysql=/usr/local/mysql --with-x
Is it possible the --enable-save-kb is conflicting?
Javier Fernandez-Sanguino wrote:
> Robert Rich wrote:
>
>> I've been following this thread with interest and have been
>> building/testing the NESSUS_SQL code.
>> I do have a question that may relate to Jeff's problem. If i build
>> nessusd out of NESSUS_SQL, do i have to use the nessus client from
>> that same codebase? The system i'm building nessusd on has some gtk
>> issues, so i've been using both the gtk client and windows (NessusWX)
>> client from different systems running code from HEAD. While i
>> haven't seen any segfaults as indicated by Jeff below, i also have
>> not seen any data in the knowledgebase table.
>> Thoughts?
>>
>
> There's really no reason why you shouldn't be able to use a different
> client. Client/server communication is standarised and it should not
> be affected by the SQL code. We will try to add some debug information
> in the code in order to see what's going on.
>
> Do you see if there is any database communication at all? (snooping
> the loopback interface for example) Do you see if the host / session
> /hostsession tables are being updated when you run a scan?
>
> As a matter of fact you should be albe to see information from the
> scan in real time when you are using the database code, since the
> tables are updated when the session starts/ends, while the host is
> being scanned, etc.
>
> Regards
>
> Javi
This transmission may contain information that is privileged, confidential
and/or exempt from disclosure under applicable law. If you are not the
intended recipient, you are hereby notified that any disclosure, copying,
distribution, or use of the information contained herein (including any
reliance thereon) is STRICTLY PROHIBITED. If you received this transmission
in error, please immediately contact the sender and destroy the material in
its entirety, whether in electronic or hard copy format. Thank you. A1.
_______________________________________________
Nessus-devel mailing list
Nessus-devel@list.nessus.org
http://mail.nessus.org/mailman/listinfo/nessus-devel _______________________________________________
Nessus-devel mailing list
Nessus-devel@list.nessus.org
http://mail.nessus.org/mailman/listinfo/nessus-devel [INFO] -- Access Manager:
This transmission may contain information that is privileged, confidential
and/or exempt from disclosure under applicable law. If you are not the
intended recipient, you are hereby notified that any disclosure, copying,
distribution, or use of the information contained herein (including any
reliance thereon) is STRICTLY PROHIBITED. If you received this transmission
in error, please immediately contact the sender and destroy the material in
its entirety, whether in electronic or hard copy format. Thank you. A2
_______________________________________________
Nessus-devel mailing list
Nessus-devel@list.nessus.org
http://mail.nessus.org/mailman/listinfo/nessus-devel