Page 1 of 2 12 LastLast
Results 1 to 10 of 12

Thread: NESSUS Plugins - schedule or manually update?

  1. #1
    Senior Member genXer's Avatar
    Join Date
    Jun 2005
    Posts
    252

    NESSUS Plugins - schedule or manually update?

    Hello,

    I am starting to learn about NESSUS and its plugins. I noticed for the NESSUS server, you can configure cron to update the plugins every night; or whenever you wish to run (source: http://www.nessus.org/plugins/index.php?view=cron). Has anyone experienced a downside with the automatic download for every night or week? I am wondering if I should cron the NESSUS plugin feed or just set a reminder to do it every week or so.

    Also - I keep hearing rumors that NESSUS is going commericial - please tell me this isn't so.

    TIA.
    \"We\'re the middle children of history.... no purpose or place. We have no Great War, no Great Depression. Our great war is a spiritual war. Our great depression is our lives. We\'ve all been raised by television to believe that one day we\'ll all be millionaires and movie gods and rock stars -- but we won\'t. And we\'re learning slowly that fact. And we\'re very, very pissed off.\" - Tyler (Brad Pitt) Fight Club.

  2. #2
    Master-Jedi-Pimps0r & Moderator thehorse13's Avatar
    Join Date
    Dec 2002
    Location
    Washington D.C. area
    Posts
    2,885
    The CRON update is very nice. You get the NASLs that are added and updated, however, if you customize a NASL and forget to back it up somewhere else (or change the plugin name, ID and such), it will be overwritten. Other than that, unless you get CVS updates (you'll get some flakeyness here), the daily updates are excellent.

    Yes, Tenable has modified their license so now you must register in order to get use the product and get updates. Also, you have to purchase licenses for Nessus or you will have to wait 7 days to receive the newest plugins. As you may know, when there is a new vulnerability out, waiting this long makes all the difference in the world. There was a huge debate on the nessus list about this because some plugins are submitted by users and then may become part of the NASL library that costs $$$. If you have specific issues, contact Ron Gula over at Tenable. He is straight to the point about their new position. Tenable is stuck in between open source and commercial at the moment and I suspect they will migrate closer to commercial as time goes on. I have a very large deployment of their products (Lightning console, Nessus, Nevo, etc.) and I am happy with it.

    --TH13
    Our scars have the power to remind us that our past was real. -- Hannibal Lecter.
    Talent is God given. Be humble. Fame is man-given. Be grateful. Conceit is self-given. Be careful. -- John Wooden

  3. #3
    Now, RFC Compliant! Noia's Avatar
    Join Date
    Jan 2002
    Posts
    1,210
    why not just make a shortcut to nessus which goes something like

    nessus_update_plugins || nessus-front

    can't remember the acctualy application names, but that should in theory update your nessus before you open it, so you always have a freshly baked nessus infront of you without the hassle of cron jobbyness

    -Noia
    With all the subtlety of an artillery barrage / Follow blindly, for the true path is sketchy at best. .:Bring OS X to x86!:.
    Og ingen kan minnast dei linne drag i dronningas andlet den fagre dag Då landet her kvilte i heilag fred og alle hadde kjærleik å elske med.

  4. #4
    Senior Member genXer's Avatar
    Join Date
    Jun 2005
    Posts
    252
    Thanks th13 and Noia for the responses. Before I saw Noia's response, I did the cron job and it seems to be working ok.

    th13 - in comparing Nessus to ISS - I am liking Nessus more, even if it does go commercial - the reports are easier to manage and they link to the CAN/CVE issues. Have you (or Noia or anyone else) worked with ISS? Thoughts on ISS as a scanner?

    I did run into an issue on one RH Linux machine that I was curious about. I brought up the daemon and fired up Nessus - ok good. When I tried to login - it keeps coming back with "Cannot connect to [my ip]" I checked that the server ip was for my nessus server and it was - I am going to check out the faqs and website, but any ideas to address are welcome.

    Also - a bit off topic - but still related to scanners, I was asked today about a 'good' host vulnerability scanner, not Nessus or ISS, but a scanner that resides on the host(s) in needs to scan; they are looking for a deeper vulnerability scanner for the OS/OE. Thoughts?

    Thanks again.
    \"We\'re the middle children of history.... no purpose or place. We have no Great War, no Great Depression. Our great war is a spiritual war. Our great depression is our lives. We\'ve all been raised by television to believe that one day we\'ll all be millionaires and movie gods and rock stars -- but we won\'t. And we\'re learning slowly that fact. And we\'re very, very pissed off.\" - Tyler (Brad Pitt) Fight Club.

  5. #5
    Master-Jedi-Pimps0r & Moderator thehorse13's Avatar
    Join Date
    Dec 2002
    Location
    Washington D.C. area
    Posts
    2,885
    Thoughts on ISS as a scanner?
    I also have ISS deployed here. I agree that is a bit more clugy. When you get used to the unusual interface and then integrate it with Active Directory, it becomes much better. The reports are also geared for management, an area that Nessus still has to catch up with. The results it hands back to you are about as reliable as Nessus if you know how to use both scanners properly. The good news is that ISS scanner is going through a *major* rewrite. I'm hopeful that it will become much more intuitive.


    I brought up the daemon and fired up Nessus - ok good. When I tried to login - it keeps coming back with "Cannot connect to [my ip]"
    Yep, I know exactly what your issue is. Don't try to scan with the Linux front end, you're doing it wrong. Since you are a beginner go to http://nessuswx.nessus.org and download the windows front end. Point this app at your linux box and begin scanning. When you become familiar with Nessus then revisit command line scanning on Linux.

    I was asked today about a 'good' host vulnerability scanner, not Nessus or ISS, but a scanner that resides on the host(s) in needs to scan; they are looking for a deeper vulnerability scanner for the OS/OE.
    Well, I'm not sure what good that will do unless you get a managed solution. Cisco and ISS are both ramping up products that will do this. Speak to your local rep. Symantec has a solution already but I'd sooner cut my wrists than deploy it.

    If you want a simple local vulnerability scanner, try this one here:
    http://www.cisecurity.org/

    Download the benchmark tools and scan each host for security scoring based on NIST guidelines, etc. It will also tell you which patches are missing, etc. Best of all, its free.

    Now if you really want a kewl solution, visit www.eeye.com and look at Blink (HIDS) and Retina scanner. Combined, they will give you exactly what you're looking for.
    Our scars have the power to remind us that our past was real. -- Hannibal Lecter.
    Talent is God given. Be humble. Fame is man-given. Be grateful. Conceit is self-given. Be careful. -- John Wooden

  6. #6
    Senior Member genXer's Avatar
    Join Date
    Jun 2005
    Posts
    252
    th13 - thanks again for the information - great stuff!

    I will do what you suggested for gaining the experience with NESSUS and see where that takes me.

    Also - thanks for the information and link to CIS - I will try it out asap.

    Also on ISS - the same day I posted we found out that ISS was taking suggestions from various companies, including ours and we mentioned the reports they have versus NESSUS and the fact that the ISS pdf report, while as you stated "geared for management" - which they are, tend to be less user friendly (lack of interactivity in the reports - like the HTML links) than the NESSUS reports; which I believe the NESSUS reports are geared more towards the technical user. So again, we mentioned the pdf format of the reports, and that NESSUS provides more details about account issues (e.g., the name of the account and if the pw is blank) - which we have not seen when we compare a NESSUS and ISS report on the same machine.

    We were also suggesting - and we will get our way (bwah-hah-hah-hah! ok - maybe not - heh) that ISS report back what patches, hot-fixes, service packs, etc a machine would be missing and perhaps the ability to do trend analysis.

    Thanks again!
    \"We\'re the middle children of history.... no purpose or place. We have no Great War, no Great Depression. Our great war is a spiritual war. Our great depression is our lives. We\'ve all been raised by television to believe that one day we\'ll all be millionaires and movie gods and rock stars -- but we won\'t. And we\'re learning slowly that fact. And we\'re very, very pissed off.\" - Tyler (Brad Pitt) Fight Club.

  7. #7
    Master-Jedi-Pimps0r & Moderator thehorse13's Avatar
    Join Date
    Dec 2002
    Location
    Washington D.C. area
    Posts
    2,885
    patches, hot-fixes, service packs, etc a machine would be missing and perhaps the ability to do trend analysis.
    It already does this.
    Our scars have the power to remind us that our past was real. -- Hannibal Lecter.
    Talent is God given. Be humble. Fame is man-given. Be grateful. Conceit is self-given. Be careful. -- John Wooden

  8. #8
    Senior Member
    Join Date
    Oct 2002
    Posts
    4,055
    Bleh, I was just reading the link you provided above (http://nessuswx.nessus.org) since I'm looking into trying it out on my one Windows box. Some things from the "Plans" section I thought were awesome (these are features that will be implemented in future versions I assume?):

    Separate reports for each host
    Awesome, can keep detailed reports for individual hosts that are scanned.

    Graphics and diagrams in reports
    Awesome again, if I need to explain to some other users in detail the results from a report, graphics/diagrams are great.

    Sounds as if this program is really good for the new users that begin using it. Now, for add-on's, binaries, newer versions, etc I should just stick to that website? (directed at TH13) Thanks for the help, I appreciate any of it as I'm trying to learn more about this vulnerability scanner.

    EDIT: I've found this to be helpful as well.
    Space For Rent.. =]

  9. #9
    Master-Jedi-Pimps0r & Moderator thehorse13's Avatar
    Join Date
    Dec 2002
    Location
    Washington D.C. area
    Posts
    2,885
    Bleh, I was just reading the link you provided above (http://nessuswx.nessus.org) since I'm looking into trying it out on my one Windows box.
    This is just s Win32 GUI front end to the Nessus engine when it resides on a nix host. If you want a windows version of Nessus, just get a copy of Knewt, the Win32 version of the nessus engine.

    Separate reports are already supported, graphs and such are in the works.

    Sounds as if this program is really good for the new users that begin using it. Now, for add-on's, binaries, newer versions, etc I should just stick to that website?
    The best place for this is the Nessus mailing list. The site does announce updates but the list is much faster.

    Bleh?
    Our scars have the power to remind us that our past was real. -- Hannibal Lecter.
    Talent is God given. Be humble. Fame is man-given. Be grateful. Conceit is self-given. Be careful. -- John Wooden

  10. #10
    Senior Member
    Join Date
    Oct 2002
    Posts
    4,055
    just get a copy of Knewt, the Win32 version of the nessus engine.
    Where can I get that? Sorry, I'm reading quite a few manuals (as we discussed) on some of the basic's running off a nix host.

    Separate reports are already supported, graphs and such are in the works.
    Sounds good..

    The best place for this is the Nessus mailing list. The site does announce updates but the list is much faster.
    Yep, as you explained to me in our convo again. I'm going to signup for the mailing list and lurk for awhile. Try to get the feeling of things and then ask questions little by little. Again, thanks for your help TH13.

    EDIT: Bleh is like my favorite.. uhh.. dunno what its called. Don't ask
    Space For Rent.. =]

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •