1824000 Members
4159 Online
109667 Solutions
New Discussion юеВ

Nessus client scanning

 
Terrence
Regular Advisor

Nessus client scanning

I'm trying to get Nessus to scan other servers besides the one it resides on, but all it will do on clients is to do seemingly truncated port scan and then stop. I've run the nessus-mkcert-client but it doesn't seem to help. The command itself doesn't seem to have a quit function so I have to control C out. (It ask if you want to do another client certificate and then even if you answer no, it continues) Is there a step I'm missing with the clients? Like with IDS am I supposed to move something over to the client?
4 REPLIES 4
Joanne Keegan
Regular Advisor

Re: Nessus client scanning

Hi Terrence,

I've used Nessus quite abit. I have experienced some sproblems like this. I have some questions for you - what OS is this loaded on? Are you using DNS? Are you running it via command line or GUI? What other options are you using apart from the port scan? Are you getting any type of report generated from the port scan?

Let me know, I'd like to help.

Jo
Steven Sim Kok Leong
Honored Contributor

Re: Nessus client scanning

Hi,

To troubleshoot the problem on the client system,
1) check where exactly nessus hung. Nessus creates a temporary progress log in /tmp which tracks which portions of the nessus scan have completed.
2) perform a netstat or lsof to check which port it is currently performing a check on

By default, nessus sets the nmap portscan to the port range of 1-15000 in its configuration file. You can finetune it to your requirements. Personally, I prefer the entire port range of 0-65535 to be scanned, in order to detect any trojans or backdoors.

If nessus hangs at the portscan or a plugin execution, you can terminate only the specific portscan or plugin execution to allow remainder of nessus scan to run to completion. First, run lsof to identify the nessusd processes bound to opened ports on the scanned system. Then send a HUP signal (kill -HUP) to these processes. Once the hung nessus child processes are terminated, nessus will run its scan to completion.

Hope this helps. Regards.

Steven Sim Kok Leong
Terrence
Regular Advisor

Re: Nessus client scanning

I am running Nessus on 11i. Dns is handled by a windows server, but I have also tried by ip and gotten the same results. I'm running it via the gui. I choose the entire port range 1-65535, and enable all but dangerous attacks. It never gets to the attacks, it stops fairly quickly in the port scan and brings up the report screen. All it displays is 10 or so ports but with no details or information.
Steven Sim Kok Leong
Honored Contributor

Re: Nessus client scanning

Hi,

You will need to check the logs for more details. While the nessus scan is running, you can check the transitional log file in /tmp. For logs of past scans, you can check the nessus log file. By default, your nessus.conf specifies the log file as /usr/local/var/nessus/nessusd.messages. If that doesn't give enough details, check the dump as well. The default dumpfile location is /usr/local/var/nessus/nessusd.dump, also specified in your nessus.conf.

Hope this helps. Regards.

Steven Sim Kok Leong