[Nessus-devel] Re: [Database-devel] Issue with nessus sql in 2.2.4/2.2.5 - solved

[Sandro Poppi <spoppi_at_gmx.net>]

Javier,

after lots of debugging and searching the web I think I found the issue:

nessusd uses fork() to create various processes for handling scans.
Within these processes your db code uses always the same connection from
different processes which is said not to be the "clean" way (see e.g.
http://www.issociate.de/board/post/9207/DBD::mysql_fork()_problem.html
although this is not C related it fits anyway ;)

My code adds overhead of opening and closing a db connection for each 
scan, but this - at least for me ;) - is acceptable.

The changes have been primarily made (and tested) for the mysql code so 
postgresql has to be reviewed and patched accordingly.

To optimize that one could find a better solution by checking 
parent/child process and open/close the connection only where really 
needed and not everytime.

Additionally I did:
- corrected arg_set_value length parameters: Use real length instead of type
- added some missing frees in database.c

Find attached my patch to your distributed diff.

Setup tested with the following versions:
Fedora Core 4
Nessus 2.2.5
kernel-2.6.12-1.1398_FC4smp on a P4 with HT enabled
mysql-4.1.12-2.FC4.1

Regards,
Sandro

Sandro Poppi wrote:
> Javier,
>
> I added your latest db patch to nessus 2.2.4 which compiled fine.
>
> Whenever I start nessusd the first nessus scan seems to hang. In the db 
> I get a single entry for a new session indicating that the scan started 
> but with a NULL endtime (which is ok at this stage ;)
>
> The nessus client doesn't even show any indicator of portscan or check.
>
> In this stage nessus.messages states:
> Sat Jul  2 19:04:31 2005][6857] nessusd 2.2.4. started
> [Sat Jul  2 19:05:35 2005][6857] connection from 127.0.0.1
> [Sat Jul  2 19:05:35 2005][6865] Client requested protocol version 12.
> [Sat Jul  2 19:05:35 2005][6865] successful login of root from 127.0.0.1
> [Sat Jul  2 19:06:09 2005][6865] Redirecting debugging output to 
> /var/nessus/logs/nessusd.dump
> [Sat Jul  2 19:07:04 2005][6865] MYSQL : connected to DB host: localhost
> [Sat Jul  2 19:07:04 2005][6865] Error ! max_hosts = 0 -- check 
> /etc/nessus/nessusd.conf
> [Sat Jul  2 19:07:04 2005][6865] user root starts a new scan. Target(s) 
> : 192.168.2.1, with max_hosts = 5 and max_checks = 10
> [Sat Jul  2 19:07:04 2005][6865] user root : testing 192.168.2.1 
> (192.168.2.1) [6868]
> [Sat Jul  2 19:07:04 2005][6868] SQL : find by name: "router"
>
> Nothing more.
> Then when I kill the according nessusd process the session table is 
> updated and some additional entries in nessusd.messages are logged:
> [Sat Jul  2 19:16:44 2005][6865] user root : test complete
> [Sat Jul  2 19:16:44 2005][6865] DATABASE: closed DB connection
> [Sat Jul  2 19:16:44 2005][6865] user root : Kept alive connection
>
> Further scans are no longer logged to the db, and nessusd.messages states:
> [Sat Jul  2 19:18:21 2005][6920] DATABASE: can't add host, no DB connection
>
> Nothing's written to the db but from now the scan is run (showing 
> indicators for portscan and checks as expected).
>
> My setup is:
> Fedora Core 3
> mysql-3.23.58-16.FC3.1
> kernel 2.6.11-1.14_FC3smp on a P4 with HT enabled
>
> Any idea?
>
> Thanks,
> Sandro

--
"Linux is like a wigwam: no windows, no gates ... apache inside!"

http://www.lug-burghausen.org/

Attachment: db-patches-poppi.tar.gz
Description: GNU Zip compressed data