OpenSUSE Network :: Using Nessus To Evaluate Security Of Web Server?
May 7, 2010
I am using nessus to evaluate the security of a web server. I have started up the nessus daemon on the server, here's the netstat output:
Code:
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 *:ldap *:* LISTEN 3565/slapd
tcp 0 0 *:mysql *:* LISTEN 4026/mysqld
tcp 0 0 *:pop3 *:* LISTEN 3584/xinetd
tcp 0 0 *:sunrpc *:* LISTEN 3463/portmap
tcp 0 0 *:www-http *:* LISTEN 13855/httpd2-prefor
tcp 0 0 *:ssh *:* LISTEN 3577/sshd
tcp 0 0 *:nessus *:* LISTEN 6118/nessusd: waiti
tcp 0 0 *:smtp *:* LISTEN 3636/master
tcp 0 0 *:https *:* LISTEN 13855/httpd2-prefor
udp 0 0 *:sunrpc *:* 3463/portmap
It's listening on the default nessus port 9390. I am trying to connect to the nessus server instance using Open-VAS Client. I have generated the client and server certificates, I have pointed the client at the User Certificate File, the User Key File and I have a CA cert. I have created a user account on the nessus server. The problem is that when I try and log in from the Open-VAS client it keeps saying it can't connect. Is there anywhere I can check to see if it's being caught in a firewall, or where I can see if the connection is even making it to the server..
View 4 Replies
ADVERTISEMENT
May 25, 2009
After running
Code:
nessus-fetch --register <Activation Code>
I got
Code:
nessus-update-plugins could not be found in your $PATH
When I try to run a scan on localhost I get the message "nessusd returned an empty report".
Here's the entry in nessusd.messages
Code:
[Mon May 25 00:30:03 2009][13188] user mickey.harvey : testing 127.0.0.1 (127.0.0.1) [13189]
[Mon May 25 00:30:04 2009][13189] Finished testing 127.0.0.1. Time : 0.03 secs
[Mon May 25 00:30:04 2009][13188] user mickey.harvey : test complete
[Mon May 25 00:30:04 2009][13188] Total time to scan all hosts : 1 seconds
[Mon May 25 00:30:04 2009][13188] user mickey.harvey : Kept alive connection
I would like to get the scan working and make sure that nessus is updating the plugins. I have been looking though the nessus documentation and tried searching on Goggle without any success.
View 1 Replies
View Related
Feb 6, 2010
We are trying to define an appliance based on Suse for an application server and Web server Apache, so we would like to know configuration best practices for network and security, is there any paper/doc about best practices?
View 3 Replies
View Related
Jun 30, 2011
Whether NessusCleint and Nessus Server are available as two different packages or they have been merged into a single package.
Earlier there used to be 2 diff packages one for Nessus Cleint and other for Server. But now i was not abel to find any package for clinet and in the only package thats available on nessus.org also does not contain any cleint in it.
View 6 Replies
View Related
Aug 23, 2010
Are there any tools available in openSUSE for evaluating cpu/processor performance. My processor/cpu is under warranty til end of October, will like to know whether I need to get new one or i am good. I am looking for something that can log an event and report. Have tried stress and crashme but they dont show any results.
View 9 Replies
View Related
Mar 25, 2010
Installed a security update for samba tonight via Opensuse updater.Now, when trying to access my home network an authentication box pops up (never used to)Asks me to enter authentication for my home network.I enter my username and password and hit enter. After a few seconds the authentication box pops up again askingfor the same indicating I have entered the wrong username / password combination (which I know I have not).
View 9 Replies
View Related
Apr 7, 2011
I want some advice for making my system more secure. I want deactivate any network connection that is unnecessary. Only my browser and the update ability of zypper should have access to the internet. On windows there are personal firewalls.
How can I block internetaccess for all other programmes on openSUSE?
View 8 Replies
View Related
Feb 22, 2009
The network manager will ask me for my security key and it will not accept it. Instead when I use the show password feature to see what I typed in was correct, it shows something completely different than what I typed. For instance if my Key was :when it pops up and ask to for me to retype it again it shows something completely different in hex. Is there anyway I can use a different network manager?
View 8 Replies
View Related
Jul 5, 2010
how efficient and effective are these snort, argus, ossec etc etc for an organization having 3500 PC Network, connected through 700+ Cisco Devices (Layer 2 and Layer 3), and scattered on 130 different sites (geographically)? what should be the combination of products and what should be the architecture for an efficient forensics activity?
View 2 Replies
View Related
May 30, 2011
how to secure opensue? Or point me to some good articles etc?
View 9 Replies
View Related
Jan 3, 2011
I have a RHEL 5 Server dedicated to web hosting. HTTPD 2.2.x.x is running on it with PHP and MySQL. The machine is not a server system (hardware wise, a C2D 2.66 with 2GB RAM and 2 x NICs). I have a CIR Fiber link with a pool of live IPs. The machines including this web server is plugged into a switch which has all the live interfaces and is separate from the LAN switches. The problem i am facing is that, when ever this web server is plugged in, the traffic on live switch is choked. Internet slows down to a halt (as live interface of proxy is plugged in this switch. DNS stops resolving name due to time outs. Mail delivery is slowed and the mail ques pile ups. The moment i get this machine of the switch, all the traffic becomes normal. Therefore i have deduced that this is the faulty server. I do not know if this server is hacked and working as a bot or it is a mere hardware problem(faulty LAN Card).
View 3 Replies
View Related
Jan 18, 2010
I am trying to route a security video server which is inside my network to the internet. my network is two interface eth0 (internet network xxx.xxx.xxx.198 and internal network 192.168.5.1
I am trying to see an web server on 192.168.5.184
View 2 Replies
View Related
Apr 25, 2011
So, the NSA puts out some handy documentation on locking down a RHEL server (running centos 5.6 x64 myself) here, [url]. Under "Ensure System is Not Acting as a Network Sniļ¬er" on page 63, it says that if any numbers below the first line in /proc/net/packet, that it is acting as a network sniffer.
I get the following output:
Code:
Unless I've been pwned, I don't know exactly what could be causing this. Besides samba, nmap (compiled from source, not from yum), screen, and rtorrent, there's nothing I've installed beyond the fresh install I did a few days ago. I was not running nmap when looking at /proc/net/packet.
View 8 Replies
View Related
Jan 21, 2010
I'm new to networks and servers, been using Linux on the desktop for a while now but always relied on the company's IT guy for setting up everyting LAN-based.
Now I want to build up my home LAN, and want to do it with Linux. I've managed to set up LAMP and file share servers.
What I am looking for is information on what I need, and how to set up a server for the following tasks:Centralized Username and Password, that when the user logs into any one of the desktops in the LAN, it uses this for authentication
Something that allows this authentication to be utilized in other servers (file access, web access, router logging, etc.). Something to make it easier for continuing permissions from one service to another. e.g. I have IPCop filtering content, and it has provisions for tracking who is making which request if there is authentication going on. (optionally) to run a script for mounting Samba shares or mapped network drives so from one system to the next. For example, in whatever box somebody logs in, it mounts a server share ("smb://Myserver/users/<username>") to a local folder ("my_user_share").
So;user "fred" ="smb://Myserver/users/fred" and user "wilma" = "smb://Myserver/users/wilma" but both would find their respective one mounted under "~/my_user_share". This would be irrespective of which box they are loggin in with. If the server share location changes (new server/servername), I change it on the server so the next time they log in it points to the right place.
I guess it is similar to Window's Active Directory, though I'm not sure what it's called, how to configure it and what it is and is not capable of doing.
View 2 Replies
View Related
Feb 26, 2010
I have openSUSE 11.2 installed and i need to create a gateway server that allows virtual private network connections. I want to play with my friends some lan games, but we are in different networks, so i want to create this gateway server so we can connect with VPN clients to this server and play freely.
View 7 Replies
View Related
May 12, 2011
I have an opensuse 11.3 install which I want to set up as a network boot server to install Solaris 10 on a Sun Ultra 10 client. According to what I've read, this requires rarpd and tftpd which I've set up on opensuse, but also bootparamd which I can't find for 11.3. It seems it was last included with opensuse 9.2. Does anyone know if it's available, if I could use the suse 9.2 version, or any alternative?
View 3 Replies
View Related
Feb 19, 2011
i want to install Nessus gui by using yum .HOw to Play with it .i want to conduct
Vulnerability assessments on the victim machine/ip.Can we use it for online scaning.if yes ?then how to perform ?
View 3 Replies
View Related
May 30, 2010
I'm trying to setup a NFS4 server (no security, local home network behind FW). It seems that I'm missing something because 'rpcinfo -p' does not list v4 for NFS: petit-pois:/home/eric# rpcinfo -p
[Code]...
View 3 Replies
View Related
Aug 26, 2011
I have a machine that I want to install Nessus on it.
Nessus supports many Operating Systems:
Microsoft Windows
Mac OS X
Linux
FreeBSD
The full list is here: [URL]... What would the best OS to install Nessus on for performance be?
View 1 Replies
View Related
Jun 28, 2010
I successfully installed the nessus. It was .deb file . first of all, I type
"sudo dpkg -i Nessus-4.2.2-ubuntu910_amd64.deb".
The output of this command was "You can start nessusd by typing /etc/init.d/nessusd start"
That's why I type that command and I get " $Starting Nessus : ." There is nothing like interface of this software, when I try to search GUI from synaptic package manager. So What should I do ?
View 3 Replies
View Related
Aug 5, 2010
I am trying to network a drive which is a USB drive. The directory is /media/My Book and I am at a loss on how to network it properly. From my laptop that has linux mint, I click on network and I see SFTP File Transfer on linux-8m03 but it can never seem to mount.
View 1 Replies
View Related
Jun 1, 2011
how to create network policy and system policy in opensuse11.4 and domain policies also???
View 1 Replies
View Related
Aug 5, 2011
How can i inspect and evaluate the mbr on a disk in a computer?
I'm interested in how to do this in general.
I can use gparted to see the partitions on a disk, but i don't know how to use it, or any other tool, to see just what is in the mbr.
The particular situation i'm in is that i have two disks in my computer. One has ubuntu 10.10 on a single partition, and one has 11.04 on one of 4 partitions.
The 11.04 disk used to be bootable, but somehow i messed up the disk: longer story: i installed another os on another partition, and the other os redid the mbr and installed a different version of grub, and i tried to reinstall grub but ended up with a disk that wouldn't boot. So i put my old 10.10 disk back into the machine so that i could at least boot and look around on the 11.04 disk.
Now, there are probably ways that i could recover the 11.04, but i would like very much to be able to systematically analyze the 11.04 disk to determine its exact current state before modifying it.
Since the disk is not mounted it seems like this should be in reach: i want to be able to (a) capture the mbr from the 11.04 disk [into, say, a file on the 10.10 disk] (b) get an analysis of what the mbr would do (where it points to etc, and what is at where it points to) (c) get any high level information which can easily be determined from (a) and (b).
View 5 Replies
View Related
Nov 18, 2010
I'm trying to do something like this:
Code:
#!/bin/bash
cmd1=$(cat /var/log/messages | grep -e 'blocked for more than 120 seconds' | cut -c 55-62)
if $cmd1 != 0; then echo 'okay'; fi
however i'm messing up somewhere... bash attempts to evaluate the elements in cmd1. when I try to run this script it complains saying:
Quote:
test1.sh: line 5: blocked: command not found
I am open to alternatives. My intent is to replace cat /var/log/messages with dmesg, so I can attempt to determine if a problematic application I use encounters a blocked state (unresponsive for more than 120 seconds).
Should I be using a different test condition? I tried something like:
Code:
# this declares cmd1 as an array
cmd1=($(cat /var/log/messages | grep -e 'blocked for more than 120 seconds' | cut -c 55-62))
#attempt to determine if number of elements in array is greater than zero
if ${#cmd1[@]} > 0; then echo okay; fi
But I get the same error... what am I doing wrong?
View 3 Replies
View Related
Nov 4, 2010
I want to install nessus. I run the following in the terminal:
sudo apt-get install nessus
I get a message that the package is not available and anther package replace it. However I am interested in nessus and not in openvas-client (the other package). So how can I get the nessus package.
View 5 Replies
View Related
Sep 22, 2010
I have a backtrack distro on a usb stick. I wish to do the following :-
(a) Partition the usb stick to have a ext3 filesystem, so that the instln may be persistent for the changes. But the fdisk utility creates partitions as dev/sdb1p1 and /dev/sdb1p2. These however, could not be accessed by mkfs utility. How to overcome this problem.
(b) Next , I downloaded the nessus .lzm file and put it in the /base/module dir. But unable to start the nessus daemon. It suggests an error regarding unable to create /opt/nessus and /etc/nessus/nessusd.conf. I think starting nessus as root would help but the problem persists!
View 1 Replies
View Related
Jan 20, 2011
I can see my Suse 11 severs, ftp to it and sit up share folder but can't login as user from workstation as users. It IBM eServer 235 2X3.8Ghz Xeon, 6GB of memory with 6X73.6 Hard Drive got this message error; The following security events occurred since Thu Jan 20 19:29:40 2011:
type=APPARMOR_DENIED msg=audit(1295580702.142:653): operation="inode_permission" requested_mask="r::" denied_mask="r::" fsuid=0 name="/var/lib/samba/unexpected.tdb" pid=4873 parent=1 profile="/usr/sbin/nscd"
type=APPARMOR_DENIED msg=audit(1295580702.234:654): operation="inode_permission" requested_mask="r::" denied_mask="r::" fsuid=0 name="/var/lib/samba/unexpected.tdb" pid=4873 parent=1 profile="/usr/sbin/nscd"
Charles E. Hightower
Ht280@yahoo.com
charles@santech.net
Charles E. Hightower - LinkedIn
View 1 Replies
View Related
Apr 1, 2010
I've downloaded the
Fedora-12-x86_64-disc1.iso
Fedora-12-x86_64-disc2.iso
Fedora-12-x86_64-disc3.iso
Fedora-12-x86_64-disc4.iso
Fedora-12-x86_64-disc5.iso
files. I then downloaded "Fedora-12-x86_64-CHECKSUM" and ran sha1sum.exe on my iso files and compared the results. They were wrong for all 5 iso files. Figuring there was a problem with the way I was trying to evaluate the checksum I burned a CD with the disc1.iso. I received a "INSERT A BOOT DISK" error from my machine. I then tried downloading the disc1.iso again and ran checksum on my newly downloaded file and get the same checksum on both the old and new disc1.iso files.
When I run:
I get the response:
It seems to me the checksum value should be:
What am I doing wrong? I've installed many different distros in the past and am pretty sure I burned the iso file not just copied it to the CD.
View 4 Replies
View Related
Apr 13, 2010
I need evaluate the ext3 file system performance; i need define:
- services provided
- parameters and
- the performance with different parameter values; for example, changin the value of the "data" parameter (journal, ordered, writeback).
I do not know what services ext3 provides. Well, i know intuitively that it provides services to read, write and erase files. But, there are anything more?. Where can i find the API?. Is the ext3 file system POSIX compliant?
View 7 Replies
View Related
Oct 13, 2010
I installed MySQL on my Ubuntu 10.04 desktop. As I need it only once a month I removed it from all runlevels but mysql is still running after boot up. "lsof" shows that it is running and listening for connections.
Code:
neo@ubuntu:~$ sudo lsof -i
[sudo] password for neo:
COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME
sshd 927 root 3u IPv4 7819 0t0 TCP *:ssh (LISTEN)
sshd 927 root 4u IPv6 7821 0t0 TCP *:ssh (LISTEN)
avahi-dae 945 avahi 12u IPv4 8107 0t0 UDP *:mdns
avahi-dae 945 avahi 13u IPv6 8108 0t0 UDP *:mdns
[Code]...
How can I evaluate what started the MySQL daemon? WHy is it running?
View 1 Replies
View Related
