Error E0002 when I try to scan any server

George Theall theall at tifaware.com
Fri Nov 5 20:43:26 EST 2004 

On Fri, Nov 05, 2004 at 11:18:32AM -0800, R B wrote:

>    However, when I run nessus and try to scan any server, including
>    localhost, it is failing and writes"E002 - These hosts could not
>    tested because you are not allowed to do so: IP address", it then
>    shows another error that says: "nessus returned an ampty report"
...
>    I have a feeling this may be due to some rule settings on
>    nessusd.rules. So, what propert rule should I have in that file? 

You're right -- it sounds like a problem with how rules have been set. 
In Nessus, rules can be defined in any of three ways:

  - ${prefix}/etc/nessusd.rules
    Applies to all users for all scans. These rules can not be 
    overridden. You might set this, for example, so as to allow 
    scanning your organization's network(s) to prevent someone
    from (accidentally???) scanning external hosts.

  - $localstatedir/nessus/users/$login/auth/rules
    Applies to the given user. You might set these, for example,
    so as to allow different groups within your organization to
    scan machines under their respective control.

  - rules set in the nessus client
    Applies only for the current scan. A user might set these
    to make it easier to specify targets in a scan; eg,
    targets are 192.168.1.0/24 but rules prevent scanning of 
    sensitive machines 192.168.1.1 and 192.168.1.2. Note that
    while a user can specify these rules, s/he can not use a 
    less restrictive set of rules than what was given by either
    of the previous two sources.

For information about the syntax of rules, do a "man nessus-adduser" or
see:

  http://mail.nessus.org/pipermail/nessus-devel/2004-November/msg00012.html

To track down the problem, first look at nessusd.rules. If it doesn't exist,
I recommend you create it; eg,

    accept 192.168.0.0/16
    default deny

Then, look at the rules file for the particular user that you're running 
the scan as. Both files are plain text files so you can edit them with
vi,  emacs,  pico, or whatever your favourite editor is.

George
-- 
theall at tifaware.com
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
Url : http://mail.nessus.org/pipermail/nessus/attachments/20041105/b77595c7/attachment.bin

More information about the Nessus mailing list