Hello community,
I want to run Nessus 6.5.4 under FreeBSD 10.2 RELEASE. It works like a charm, until I install it in a jail. If I start a scan it always fails because there are no targets available.
In the logfile I can see a message which says that the specified target is declined as "dead". So the host discovery doesn't seem to work right. Without host discovery turned on, the scans are working.
Nmap doesn't run in a jail, too. There is always an error saying that there is no route to target available.
I wanted to test it because in early versions, Nessus used Nmap for host discovery and other things. Maybe the same problem causes the two dysfunctions.
The Jails are built up by hand, extracting base.txz to a directory. The jails.conf looks like the following:
In pf there is a NAT-rule for the jail. Traceroute, ping, fetch, and so on is working out of the jail.
Does anyone know how to get Nessus and/or Nmap running in a jail?
The only information I have found was a message in the mailing list but there was never an reply to it.
After searching in the forum I have found several answers about allow.raw_sockets and compiling nmap inside the jail (not installing it with pkg). But I have done both things before.
Greetings
Phips
I want to run Nessus 6.5.4 under FreeBSD 10.2 RELEASE. It works like a charm, until I install it in a jail. If I start a scan it always fails because there are no targets available.
In the logfile I can see a message which says that the specified target is declined as "dead". So the host discovery doesn't seem to work right. Without host discovery turned on, the scans are working.
Nmap doesn't run in a jail, too. There is always an error saying that there is no route to target available.
I wanted to test it because in early versions, Nessus used Nmap for host discovery and other things. Maybe the same problem causes the two dysfunctions.
The Jails are built up by hand, extracting base.txz to a directory. The jails.conf looks like the following:
Code:
exec.clean;
exec.start += "/bin/sh /etc/rc";
exec.stop = "/bin/sh /etc/rc.shutdown";
mount.devfs;
allow.set_hostname = 0;
allow.raw_sockets = 0;
nessus {
host.hostname = "nessus.example.com";
path = "/usr/local/jails/nessus";
interface="lo0";
ip4.addr = "10.0.0.1/32";
allow.raw_sockets = 1;
exec.consolelog = "/var/log/jails/nessus_console.log";
}
In pf there is a NAT-rule for the jail. Traceroute, ping, fetch, and so on is working out of the jail.
Does anyone know how to get Nessus and/or Nmap running in a jail?
The only information I have found was a message in the mailing list but there was never an reply to it.
After searching in the forum I have found several answers about allow.raw_sockets and compiling nmap inside the jail (not installing it with pkg). But I have done both things before.
Greetings
Phips