Mailing List Archive

issues with local security checks
Greetings,



I've spent some time trying to get the local security checks to work
with nessus 2.1.2. My nessus server/client is a RedHat 8.0 with nessus
2.1.2 (including nasl and libnessus) and SSL is enabled. I'm attempting
to run the local security checks on both the Red Hat box and a Solaris 8
box I have. Neither have been patched of lately, so there definitely
should be some hits on the local security checks. Details of both
follow.



Nessus settings selected:

- Plugins (Solaris Local Security Checks or Red Hat Local
Security Checks)

- Enable Dependencies at Runtime

- Enable expirimental Scripts

- Thorough Tests

- Reporting (Verbose, Paranoid)

- Log Verbosity (Debug 0)



For the Solaris box I get an SSH info message stating:

It was possible to log into the remote host using the supplied asymetric
keys;The output of 'uname -a is ;: SunOS unknown 5.8 Generic 108528-23
sunru sparc SUNW,Sun-Blade-100;; Local security checks have been enabled
for this host. According to nessusd.messages, all of the Soiaris
plugins get run against it. I know for a that many of the patches the
plugins check for are not on my system. Is there any reason that these
are not reported, or maybe am I doing something wrong.



For the RedHat Box I get the follwing SSH info:

It was possible to log into the remote host using the supplied asymetric
keys;The output of "uname -a" is: Linux pikelinux 2.4.18-14 #1 Wed Sep
4 13:35:50 EDT2002 i686 8686 8386 GUN/Linux. The remote linux
distribution is not supported, therfore local security checks have not
been enabled.



Any help or guidance would be appreciated.



Thanks,

Jeff
Re: issues with local security checks [ In reply to ]
On Fri, Aug 27, 2004 at 02:12:05PM -0400, Jeff Pike wrote:

Hi,


> I've spent some time trying to get the local security checks to work
> with nessus 2.1.2. My nessus server/client is a RedHat 8.0 with nessus
> 2.1.2 (including nasl and libnessus) and SSL is enabled. I'm attempting
> to run the local security checks on both the Red Hat box and a Solaris 8
> box I have. Neither have been patched of lately, so there definitely
> should be some hits on the local security checks. Details of both
> follow.
> For the Solaris box I get an SSH info message stating:
[...]

Could you send me :
- your ~/.nessusrc
- /usr/local/var/nessus/users/<you>/kbs/<ip_of_the_solaris_box>


> For the RedHat Box I get the follwing SSH info:
[...]
RedHat 8.0 is not a supported operating system. We only support Fedora
(FC1 and FC2) and RHEL 2.1 and 3.0.


-- Renaud