Now that nessus has gone fully commercial, we've had to reduce the
number of Nessus installs we have - and now have to scan networks
remotely over slow WAN links. :-(
I'm now getting a lot of problems with "poor" reports. e.g. Nessus
running with full local admin privs no longer "seeing" what remote
services and software is installed on the remote PC - and therefore
misreports the AV status, patches missing, etc. If I run the same scan a
second/third time, it might actually work 100% - it all comes down to
timeouts/etc.
So: which of the timeout options should I look at increasing?
"checks_read_timeout"? "Services[entry]:Network connection timeout"?
What about "plugins_timeout"? What if it takes 4 minutes to completely
enumerate the services installed on the remote PC?
Also, I am assuming this is a timeout problem. Should the failure to get
enumeration of software and services on a remote PC (with full admin
privs, and lots of evidence the process works in general) show up as
failures in nessusd.messages? I've looked through there and cannot find
"timed","killed" and I'd expect to.
This is with nessus-3.2.1 under RHE4
--
Cheers
Jason Haar
Information Security Manager, Trimble Navigation Ltd.
Phone: +64 3 9635 377 Fax: +64 3 9635 417
PGP Fingerprint: 7A2E 0407 C9A6 CAF6 2B9F 8422 C063 5EBB FE1D 66D1
_______________________________________________
Nessus mailing list
Nessus@list.nessus.org
http://mail.nessus.org/mailman/listinfo/nessus
number of Nessus installs we have - and now have to scan networks
remotely over slow WAN links. :-(
I'm now getting a lot of problems with "poor" reports. e.g. Nessus
running with full local admin privs no longer "seeing" what remote
services and software is installed on the remote PC - and therefore
misreports the AV status, patches missing, etc. If I run the same scan a
second/third time, it might actually work 100% - it all comes down to
timeouts/etc.
So: which of the timeout options should I look at increasing?
"checks_read_timeout"? "Services[entry]:Network connection timeout"?
What about "plugins_timeout"? What if it takes 4 minutes to completely
enumerate the services installed on the remote PC?
Also, I am assuming this is a timeout problem. Should the failure to get
enumeration of software and services on a remote PC (with full admin
privs, and lots of evidence the process works in general) show up as
failures in nessusd.messages? I've looked through there and cannot find
"timed","killed" and I'd expect to.
This is with nessus-3.2.1 under RHE4
--
Cheers
Jason Haar
Information Security Manager, Trimble Navigation Ltd.
Phone: +64 3 9635 377 Fax: +64 3 9635 417
PGP Fingerprint: 7A2E 0407 C9A6 CAF6 2B9F 8422 C063 5EBB FE1D 66D1
_______________________________________________
Nessus mailing list
Nessus@list.nessus.org
http://mail.nessus.org/mailman/listinfo/nessus