Scan starts but won't load hosts

Paul Day paulday+nessus at toll.com.au
Thu Oct 13 19:47:09 EDT 2005 

Mainly for the googlers out there... Solution found:

getrlimit64(RLIMIT_NOFILE, 0xFFBFF5E8)          = 0
         cur = 256  max = 65536
nofiles(descriptors) 256

It _was_ set to infinity. I have no idea why, but under Solaris 10 (can't 
replicate under a BSD after setting RLIMIT_NOFILE to infinity) the nessusd 
doing the scanning chooses to close every file until it hits 
RLIMIT_NOFILE. Because there was no RLIMIT_NOFILE, it wasn't getting past 
that stage.

PD


On Wed, 5 Oct 2005, Paul Day wrote:
> I've got a strange problem I've not come across before. To add to the fun, an 
> identical setup works fine and doesn't experience the problem I'm battling on 
> this particular box.
> 
> Setup:
> - Solaris 10 sparc on a Netra X1 (SUNW,UltraAX-i2) with 2GB RAM
> - Nessus 2.2.5 + lib + plugins + libnasl for SunOS
> - Installed as part of blastwave.org's (unstable tree) pre-compiled binaries
> 
> The situation:
> - downloads
> - installs
> - mkcerts and addusers
> - registers with nessus-fetch
> - updates plugins
> - nessusd verifies plugins
> - nessusd starts
> - nessus gtk client starts (exported to laptop via ssh -Y)
> - configure scan
> - hit "start"
> - "Scanning network from localhost" window pops up...
> 
> ...and then nothing. It just sits there. It should start loading the 
> host/hosts it's scanning in said window like it normally will. Tried any 
> number of scan options and can't get it to start loading hosts (or just a 
> single host).
> 
> Connecting across the network (rather than exporting from localhost) from my 
> laptop's 2.2.5 client produces the same results. Connecting it to other 
> servers works fine - it's just this one.
> 
> nessusd.messages logs:
> [Wed Oct  5 09:58:35 2005][21618] connection from 127.0.0.1
> [Wed Oct  5 09:58:36 2005][21620] Client requested protocol version 12.
> [Wed Oct  5 09:58:36 2005][21620] successful login of root from 127.0.0.1
> [Wed Oct  5 10:01:31 2005][21620] user username : session will be saved as 
> /opt/csw/var/nessus/users/username/sessions/20051005-100131-index
> [Wed Oct  5 10:01:32 2005][21620] user username starts a new scan. Target(s) 
> : machine-name, with max_hosts = 20 and max_checks = 10
> [Wed Oct  5 10:01:32 2005][21620] user username : testing machines-name 
> (IP-address) [21622]
> 
> and then 20051005-100131-index logs:
> machine-name
> 
> And that's all that's logged. What's strange is the other Solaris 10 X1 is 
> almost a mirror image (can't think of anything different, but obviously 
> something is) and works a-ok. Nearly time to start tracing and sniffing 
> unless someone has a better idea?
> 
> Cheers,
> Paul
> 
>

-- 
Paul Day
Network Security Administrator
Toll Corporate IT

More information about the Nessus mailing list