Bug 273241

Summary: nessus rpm package didn't install nessus-update-plugins
Product: [Fedora] Fedora Reporter: Lyle Lasheimok <lyle.lasheimok>
Component: nessus-coreAssignee: Andreas Bierfert <andreas.bierfert>
Status: CLOSED WONTFIX QA Contact: Fedora Extras Quality Assurance <extras-qa>
Severity: medium Docs Contact:
Priority: medium    
Version: 7CC: pwouters
Target Milestone: ---   
Target Release: ---   
Hardware: i386   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2011-09-08 17:44:12 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Lyle Lasheimok 2007-08-31 20:35:37 UTC 
Description of problem:

After installation, nessus needs to download its plugins. So it requires
registration to receive a key. Once the key is received, you need to call a
program called nessus-fetch, which downloads the plugins.
This in turn tries to call nessus-update-plugins, which is not installed on my
system, although I installed all nessus rpms together with all dependencies.

Version-Release number of selected component (if applicable):
2.2.9-2.fc7

How reproducible:
I tried to uninstall all nessus rpms and install them again, same result. This
script is missing.

Steps to Reproduce:
1. yum install nessus-client nessus-gui nessus-server nessus-core nessus-libraries
2. start nessus-fetch with the key received per email
3.
  
Actual results:

[root@localhost ~]# /usr/bin/nessus-fetch --register B1E0-A2BD-4B4F-54EF-6CE0
Your activation code has been registered properly - thank you.
Now fetching the newest plugin set from plugins.nessus.org...
Could not execute /usr/sbin/nessus-update-plugins - No such file or directory
Your Nessus installation is now up-to-date.
Make sure to call regularly use the command 'nessus-update-plugins' to stay
up-to-date
To automate the update process, please visit
<http://www.nessus.org/documentation/index.php?doc=cron>

This happens within a few moments. It didn't download anything, and no plugins
show up in the gui.

Expected results:

I kind of expected it would download and install the plugins.

Additional info:
Comment 1 Andreas Bierfert 2007-09-01 08:06:21 UTC 
The nessus-update-plugins script is missing intentionally. The problem is that
most of the plugins are not licensed via a free license and thus cannot be
packaged for fedora (last time I checked not even the -GPL plugin tarball
provided at nessus.org was really all gpl). I don't know if it would be allowed
in fedora to provide a script which fetches non-gpl plugins which need
registration but I don't fell fine with packaging it. What you can however do
very easily is to go to the nessus webpages download section and download the
plugins and plugins-GPL tarball and install them manually without these tools. I
know that this is not really and optimal solution but it is the best I can think
of atm.
Comment 2 Paul Wouters 2011-09-07 20:00:51 UTC 
Either support for the nessusd (nessus-server) needs to be dropped, or nessus-update-plugins should be included. Currently, this is just shipping something that cannot ever work.
Comment 3 Paul Wouters 2011-09-07 20:10:37 UTC 
(there is not a single supplied plugin for the server to perform a single pentest, and the script to grab the non-free-for-commercial plugins has been stripped from the package, so nonfree updates cannot be installed by willing users)
Comment 4 Andreas Bierfert 2011-09-08 17:44:12 UTC 
As stated in comment 1 this is intentional. The upstream tarballs are just not clearly licensed. If you want the plugins you can download them on the nessus webpage.