PDA

View Full Version : Nessus fails



blase
01-15-2003, 11:01 PM
Nessus (local client, local server) seems to fail. I'll keep looking at it, but here's what I know:

Using the 1.1.03 version (3.1?) of Knoppix-EN.

When I run 'nessusd -D', Nessus complains about a certificate:
*** 'ca_file' is not set - did you run nessus-mkcert ?

According to msgs on google, this was due to a bad RPM, and getting a new/fixed RPM solved the problem.

Has anyone had better luck with this? So far, I have:

Attempted to apt-get install nessusd, since I know debian better than RPM's (Linux's answer to .dll hell): apt-get Result wasn't pretty. Uglier still when I did an apt-get update.

running nessus-mkcert did have one error in the midst of it:
------------------------ snip
Congratulations. Your server certificate was properly created.

mv: cannot stat `/etc/nessus/nessusd.conf.tmp': No such file or directory
/etc/nessus/nessusd.conf updated

The following files were created :

. Certification authority :
Certificate = /var/lib/nessus/CA/cacert.pem
Private key = /var/lib/nessus/private/CA/cakey.pem

. Nessus Server :
Certificate = /var/lib/nessus/CA/servercert.pem
Private key = /var/lib/nessus/private/CA/serverkey.pem
--------------------- end snip
... but since /etc/nessus/nessusd.conf is created, I figured that was ok.

I've never edited/altered nessusd.conf before, so it might be possible to alter nessusd behavior to not insist on certificates.

Throughout, it seems like there's a chance I'll find something is unable to write due to read/write permissions limitations (I've found several X-based utilities that don't like everything being owned by root, when I try to save files).

eadz
01-16-2003, 05:05 AM
there is a "start nessus" menu option in the kde knoppix menu, you probally have to use that as it may start nessusd with some special options.

Jeremiah Cornelius
01-19-2003, 09:39 PM
nessus-mkcert normally updates the /etc/nessus/nessusd.conf file. On Knoppix, this is a symlink to the KNOPPIX loopback on the CD-ROM, so nessusd.conf is readonly. The nessus-mkcert program cannot update the conf file, but does not report the error.

You can delete the symlink, manually copy the KNOPPIX/etc/nessus/ version of the file, then run nessus-mkcert. This will work.

There is also a 'Start Nessus' menu item under the KDE system on Knoppix. It probably automates these steps - I haven't yet used this.

mmaki
01-20-2003, 06:51 AM
Nessus does run from the CD if started from the KDE...System...Security menu. Use a user name of knoppix and a password of knoppix. It worked for me, though it seemed slower than usual at scanning.