I'm glad to announce the availability of Nessus 1.0.9 and 1.1.3.
. Nessus 1.0.9
--------------
As Nessus 1.0.9 is considered as being stable, this release is
a bugfix release only. No new stuff to play with.
Among the fixed things :
- fixed a possible deadlock in libpeks
- fixed a bug which would cause the client to crash when sending a too
long plugin list
- fixed the 'too many plugins selected' bug that would make the
client crash
- workaround for a Linux bug^H^H^Hfeature that makes recv()
behave completely differently than the rest of the world
(thanks to Andreas Steinmetz)
- various issues
- more plugins
. Nessus 1.1.3
--------------
Nessus 1.1.3 is a developement version, considered as being unstable
(even though I'm more than happy with it :). The whole 1.1.x series
is being considered as being unstable and serves as a testbed for
Nessus 1.2. By unstable, I don't mean full of bugs (even though they
can be here), but rather consider that the behavior of the new
features can be inconsistent between two minor releases.
Note that the more you test Nessus 1.1.x, the quicker Nessus 1.2
will get out.
There will be more 1.1.x releases (I aim to do that on a weekly
basis). I've been busy as hell these last months, hence the
long lifetime of 1.1.2
Ok, here's what's different between 1.1.2 and 1.1.3 :
- bugfixes. Gazillions of them (and this includes the 1.0.x fixes)
- torturecgis.nasl and webmirror.nasl, two plugins that attempt to
do 'smarter' CGI checks
- filter support in the client (ala mutt ;). Type 'l' and fill the
pop-up dialog with a regular expression you'd like to see applied
to plugin names. (".*" shows every plugin)
- Added the 'safe checks' option. When enabled, this option makes
the 'dangerous' plugins look at banner version instead of
actually try to exploit the flaw. Note that there still are
dangerous plugins out there (Denial of services being one category
of them), so don't just enable this option and launch all plugins
against your network, or you may loose your job.
As a reminder, Nessus 1.1.x is much faster, supports SSL, and has
all the 'experimental' features of 1.0.x enabled by default. And now
it has those cool 'safe checks'.
. Where to get all this nice stuff
-----------------------------------
See http://www.nessus.org for a list of mirrors, but basically :
ftp://ftp.nessus.org/pub/nessus/nessus-1.0.9/src/
ftp://ftp.nessus.org/pub/nessus/unstable/nessus-1.1.3/src/
You can also type :
lynx -source http://install.nessus.org | sh
(or wget -O - http://install.nessus.org | sh)
and ask for the version of your choice. This now works well on Solaris.
. Bonus : How to make Nessus 1.0.x and 1.1.x co-exist on the same host
----------------------------------------------------------------------
That's easy :
- uninstall your current version of Nessus.
- Install Nessus-1.0.x, by supplying the option
--prefix=/usr/local/nessus-1.0.x/
to the 'configure' script of nessus-core, nessus-libraries,
nessus-plugins, and libnasl
- Then install Nessus-1.1.x by supplying the option
--prefix=/usr/local/nessus-1.1.x/
to the 'configure' script of nessus-core, nessus-libraries,
nessus-plugins, and libnasl
- Do 'ln -s /usr/local/nessus-1.0.x /usr/local/nessus' as root
- Edit /etc/ld.so.conf and add the entry '/usr/local/nessus/lib'
- start /usr/local/sbin/nessusd -s
- Do 'cp /usr/local/nessus-1.0.x/etc/nessus/nessusd.private-keys \
/usr/local/nessus-1.1.x/etc/nessus/'
Whenever you want to change from Nessus 1.1.x to 1.0.x, just
change then symlink /usr/local/nessus so that it points to the
right version. Don't forget to add users for each installation
using nessus-adduser (user accounts can't be shared between
the two versions), and don't forget to delete your
~/.nessusrc whenever you switch from 1.0.x to 1.1.x and back.
-- Renaud
--
Renaud Deraison
The Nessus Project
http://www.nessus.org
This archive was generated by hypermail 2b30 : Mon Aug 06 2001 - 17:58:39 PDT