jan at intevation
Jan 6, 2005, 8:30 PM
Post #5 of 5
Re: Serious trouble: plugins not always executed
[In reply to]
I think I solved this issue now.
I detected that the version that has a strange behaviour was
the one build through rpmbuild.
In fact it turned out that if you compile nessus-libraries with
this will create a libnessus.so which will behave strange when
doing SSH tests. The strangeness are multiple broken pipes
one can watch in the nessus.dump file.
The file size of the so-file is different if you use the CFLAGS
Maybe the multiple goto statements are too hard to optimize for gcc.
I 'healed' that in RPM by using this line
because rpmbuild default is a environment CFLAGS with -O2 set.
Alas, that took _quite_ some hours to find out :-(
On Thu, Jan 06, 2005 at 12:13:42PM +0100, Jan-Oliver Wagner wrote:
> we are currently intensively testing the 2.3.0 version
> (mostly current CVS) and we faced a serious problem
> that unfortunately appears very hard to track.
> Using 2.3.0 or current CVS using only Local Security
> Checks plugin (ie. only uname -a) does only occasionally work.
> Whether it works or not seems to change with using
> different servers that have different plugin sets.
> We even observed that, when using many plugins, only
> a portion of it is really executed (no error messages).
> Debugging is difficult, but it seems that the SSH access
> sometimes really happens but the results don't make it
> back to Nessus Server. Sometime even SSH access did
> not happen and, alas, sometimes everything works.
> If someone of you is interested in helping us to track
> down the problem it would be most helpful for us
> if you try to reproduce the problem.
> For this, basically you need to:
> - install everything from CVS into a new location
> (with a new Nessuse Server users and a new Cert)
> - use a new user for Nessus GTK Client
> - Create and place the SSH certificate properly
> - Select only "Local Security Checks" plugin
> and switch on dependencies consideration.
> - Enter the SSH properties in the Plugin Prefs.
> - Run the test multiple times.
> If you just have a idea where we might have to look for in
> the code this would be equally welcome.
> One of our suspects is the hashing. We'll remove it and see
> if it works better.
Jan-Oliver Wagner http://intevation.de/~jan/
Intevation GmbH http://intevation.de/