Bug 708799

Summary: nessusd service leaves process running and CPU pegged after client exits
Product: [Fedora] Fedora Reporter: Paul Blankenbaker <paul.blankenbaker>
Component: nessus-coreAssignee: Andreas Bierfert <andreas.bierfert>
Status: CLOSED WONTFIX QA Contact: Fedora Extras Quality Assurance <extras-qa>
Severity: medium Docs Contact:
Priority: unspecified    
Version: 15CC: andreas.bierfert
Target Milestone: ---   
Target Release: ---   
Hardware: i686   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2012-08-07 14:52:11 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Attachments:
Description Flags
RPM referenced in the test case (however, found that test would fail even if Nessus plugins were not installed - reported in step 15) none

Description Paul Blankenbaker 2011-05-29 16:36:46 UTC 
Created attachment 501624 [details]
RPM referenced in the test case (however, found that test would fail even if Nessus plugins were not installed - reported in step 15)

Description of problem:

The nessusd service seems to leave lingering nessusd processes after a client connection exits.

 * Start nessusd service
 * Bring up a nessus client and log in
 * Terminate ness client
 * Observe nessusd process spawned for client still running and consuming 100% CPU


Version-Release number of selected component (if applicable):

[root@nessus ~]# rpm -qa | grep nessus
nessus-core-2.2.11-6.fc15.i686
nessus-libraries-2.2.11-4.fc15.i686
nessus-client-2.2.11-6.fc15.i686
nessus-server-2.2.11-6.fc15.i686
nessus-gui-2.2.11-6.fc15.i686


How reproducible:

Very

Steps to Reproduce:

1. Install Fedora 15 32 bit from Live ISO

2. Update the Fedora 15 32 bit packages

  yum update

3. Install nessus packages via:

  yum install nessus-server nessus-client nessus-gui

4. Added nessus user by running:

  nessus-adduser
  ...
  Login             : pkb
  Password          : ***********
  DN                :
  Rules             :
  default accept


5. Set the nessus certificate (just pressed enter to take the defaults):

  nessus-mkcert

6. Installed GPL version of Nessus plugins (these do not appear to be available in Fed\
ora):

  rpm -ivh /tmp/nessus-plugins-gpl-2.2.11-4.nst15.i686.rpm

7. Updated the /etc/nessus/nessusd.conf file with the following line (for plugins from\
 above):

  plugins_folder = /usr/lib/nessus/plugins

8. Started the nessus service

  [root@nessus ~]# systemctl start nessusd.service
  [root@nessus ~]# systemctl status nessusd.service
  nessusd.service - LSB: start and stop the nessus daemon
                  Loaded: loaded (/etc/rc.d/init.d/nessusd)
                    Active: active (running) since Sun, 29 May 2011 11:02:01 -0400; 2s\
 ago
                     Process: 8900 ExecStop=/etc/rc.d/init.d/nessusd stop (code=exited\
, status=0/SUCCESS)
                      Process: 8913 ExecStart=/etc/rc.d/init.d/nessusd start (code=exi\
ted, status=0/SUCCESS)
                      Main PID: 8918 (nessusd)
                        CGroup: name=systemd:/system/nessusd.service
                                  └ 8918 nessusd: waiting for incoming connections

9. Looked at number of nessusd processes running:

  [root@nessus ~]# ps -fC nessusd
  UID        PID  PPID  C STIME TTY          TIME CMD
  root      8918     1  0 10:47 ?        00:00:00 nessusd: waiting for incoming co

10. Brought up the nessus GUI using GNOME menu entry and logged in, then looked at number \
of nessusd processes:

  [root@nessus ~]# ps -fC nessusd
  UID        PID  PPID  C STIME TTY          TIME CMD
  root      8918     1  0 10:47 ?        00:00:00 nessusd: waiting for incomin
  root      8994  8918  4 10:48 ?        00:00:00 nessusd: serving 127.0.0.1

11. Quit the nessus GUI client and looked at the number of processes:

[root@nessus ~]# ps -fC nessusd
UID        PID  PPID  C STIME TTY          TIME CMD
root      8918     1  0 10:47 ?        00:00:00 nessusd: waiting for incomin
root      8994  8918 11 10:48 ?        00:00:08 nessusd: serving 127.0.0.1

12. Noticed that process 8994 was still running. Running top showed that this process was \
consuming 100% CPU (pegged).

13. Tried stopping the nessusd service and then checking on what nessusd processes were ru\
nning. Still shows process 8994 running (though the main process waiting for connections t\
erminated normally).

  [root@nessus ~]# service nessusd stop; sleep 10; ps -fC nessusd
  Stopping nessusd (via systemctl):                          [  OK  ]
  UID        PID  PPID  C STIME TTY          TIME CMD
  root      8994     1 56 10:48 ?        00:02:13 nessusd: serving 127.0.0.1

14. So, for whatever reason, these child processes spawned by nessusd do not seem to termi\
nating nicely and leave the system in a bad state.

15. I uninstalled all of the "nessus" packages and then repeated the above steps, but skip\
ping steps 6 and 7 and just setting up Nessus without any plugins (everything at it's defa\
ult state "as shipped in Fedora"). I encountered the same issue. The following command was\
 used to remove Nessus:

  yum remove $(rpm -qa | grep ^nessus-) && rm -fr /etc/nessus/


  
Actual results:

Observe the nessusd process which was forked to handle the client still running:

  UID        PID  PPID  C STIME TTY          TIME CMD
  root      8994     1 56 10:48 ?        00:02:13 nessusd: serving 127.0.0.1



Expected results:

Expected the nessusd child process forked to be terminated once the client closed the connection. Also, expected all nessusd processes to shut down (be stopped) when stopping the service.

Additional info:

As the Nessus packages are very old, it may be that they are being phased out of inclusion in the Fedora repositories (possibly being replaced by the openvas packages). If this is the case, maybe the simplest solution is just to remove the nessus packages from the repositories.
Comment 1 Fedora End Of Life 2012-08-07 14:52:13 UTC 
This message is a notice that Fedora 15 is now at end of life. Fedora
has stopped maintaining and issuing updates for Fedora 15. It is
Fedora's policy to close all bug reports from releases that are no
longer maintained. At this time, all open bugs with a Fedora 'version'
of '15' have been closed as WONTFIX.

(Please note: Our normal process is to give advanced warning of this
occurring, but we forgot to do that. A thousand apologies.)

Package Maintainer: If you wish for this bug to remain open because you
plan to fix it in a currently maintained version, feel free to reopen
this bug and simply change the 'version' to a later Fedora version.

Bug Reporter: Thank you for reporting this issue and we are sorry that
we were unable to fix it before Fedora 15 reached end of life. If you
would still like to see this bug fixed and are able to reproduce it
against a later version of Fedora, you are encouraged to click on
"Clone This Bug" (top right of this page) and open it against that
version of Fedora.

Although we aim to fix as many bugs as possible during every release's
lifetime, sometimes those efforts are overtaken by events. Often a
more recent Fedora release includes newer upstream software that fixes
bugs or makes them obsolete.

The process we are following is described here:
http://fedoraproject.org/wiki/BugZappers/HouseKeeping