Red Hat Bugzilla – Bug 273241
nessus rpm package didn't install nessus-update-plugins
Last modified: 2011-09-08 13:44:12 EDT
Description of problem: After installation, nessus needs to download its plugins. So it requires registration to receive a key. Once the key is received, you need to call a program called nessus-fetch, which downloads the plugins. This in turn tries to call nessus-update-plugins, which is not installed on my system, although I installed all nessus rpms together with all dependencies. Version-Release number of selected component (if applicable): 2.2.9-2.fc7 How reproducible: I tried to uninstall all nessus rpms and install them again, same result. This script is missing. Steps to Reproduce: 1. yum install nessus-client nessus-gui nessus-server nessus-core nessus-libraries 2. start nessus-fetch with the key received per email 3. Actual results: [root@localhost ~]# /usr/bin/nessus-fetch --register B1E0-A2BD-4B4F-54EF-6CE0 Your activation code has been registered properly - thank you. Now fetching the newest plugin set from plugins.nessus.org... Could not execute /usr/sbin/nessus-update-plugins - No such file or directory Your Nessus installation is now up-to-date. Make sure to call regularly use the command 'nessus-update-plugins' to stay up-to-date To automate the update process, please visit <http://www.nessus.org/documentation/index.php?doc=cron> This happens within a few moments. It didn't download anything, and no plugins show up in the gui. Expected results: I kind of expected it would download and install the plugins. Additional info:
The nessus-update-plugins script is missing intentionally. The problem is that most of the plugins are not licensed via a free license and thus cannot be packaged for fedora (last time I checked not even the -GPL plugin tarball provided at nessus.org was really all gpl). I don't know if it would be allowed in fedora to provide a script which fetches non-gpl plugins which need registration but I don't fell fine with packaging it. What you can however do very easily is to go to the nessus webpages download section and download the plugins and plugins-GPL tarball and install them manually without these tools. I know that this is not really and optimal solution but it is the best I can think of atm.
Either support for the nessusd (nessus-server) needs to be dropped, or nessus-update-plugins should be included. Currently, this is just shipping something that cannot ever work.
(there is not a single supplied plugin for the server to perform a single pentest, and the script to grab the non-free-for-commercial plugins has been stripped from the package, so nonfree updates cannot be installed by willing users)
As stated in comment 1 this is intentional. The upstream tarballs are just not clearly licensed. If you want the plugins you can download them on the nessus webpage.