Bug 515043 - Nessus described as not in Fedora, but it is (and nikto, john, crack)
Summary: Nessus described as not in Fedora, but it is (and nikto, john, crack)
Keywords:
Status: CLOSED CURRENTRELEASE
Alias: None
Product: Fedora Documentation
Classification: Fedora
Component: security-guide
Version: devel
Hardware: All
OS: All
low
low
Target Milestone: ---
Assignee: eric
QA Contact: Scott Radvan
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2009-08-01 07:57 UTC by J. Randall Owens
Modified: 2015-04-07 03:19 UTC (History)
2 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2009-08-07 15:45:06 UTC
Embargoed:


Attachments (Terms of Use)
Proposed patch for Wstation.xml (631 bytes, patch)
2009-08-01 15:17 UTC, eric
no flags Details | Diff
Proposed patch for Vulnerability_Assessment (1.61 KB, patch)
2009-08-01 17:07 UTC, eric
no flags Details | Diff

Description J. Randall Owens 2009-08-01 07:57:54 UTC
Description of problem:
In section 1.2.3.2 about Nessus, it has the following note:
Nessus is not included with Fedora and is not supported. It has been included in this document as a reference to users who may be interested in using this popular application.

But I have on my system a nessus-core-2.2.11-3.fc11.x86_64, built on x86-5.fedora.phx.redhat.com, packager & vendor both Fedora Project.  It didn't make the DVD cut, but it's there in the Everything release (see http://download.fedoraproject.org/pub/fedora/linux/releases/11/Everything/source/SRPMS/ )

Version-Release number of selected component (if applicable):
fedora-security-guide-en-US-1.0-17.fc11.noarch

Comment 1 J. Randall Owens 2009-08-01 08:03:32 UTC
While we're at it, about the same goes for nikto right after that, section 1.2.3.3.  I've got nikto-2.03-1.fc11.noarch, built by Fedora Project, just about like the Nessus, and also in the same releases/11/Everything/... directory.

Comment 2 J. Randall Owens 2009-08-01 08:54:08 UTC
Also, john-1.7.0.2-7.fc11.x86_64 and crack-5.0a-11.fc11.x86_64, in section 2.1.3.2.1. Forcing Strong Passwords.

Comment 3 eric 2009-08-01 12:43:06 UTC
Hmmm...  Nessus is a special case where the scanner, itself, is FOSS everything is about it is not.  You must register it before you can use it and it requires a $1200/yr license if you are using it commercially.  I'm not sure what it gives you when you register it for "home" use.  I'm not sure about nikto and crack.  John, however, is available and is FOSS and doesn't require any type of registration.

Let me see if I can change the text on John and figure out better words for Nessus.

Comment 4 eric 2009-08-01 15:17:03 UTC
Created attachment 355882 [details]
Proposed patch for Wstation.xml

Just removed that note.

Comment 5 eric 2009-08-01 17:07:04 UTC
Created attachment 355887 [details]
Proposed patch for Vulnerability_Assessment

Clarified the Nessus content and removed the note about Nikto.  I'd like to do more research on nikto, though, to see what can be added to this area to beef it up.

Comment 6 eric 2009-08-05 15:31:28 UTC
I'll apply these changes to the guide tonight and push an update.

Comment 7 Fedora Update System 2009-08-05 21:32:25 UTC
fedora-security-guide-en-US-1.0-18.fc11 has been submitted as an update for Fedora 11.
http://admin.fedoraproject.org/updates/fedora-security-guide-en-US-1.0-18.fc11

Comment 8 Fedora Update System 2009-08-05 21:43:31 UTC
fedora-security-guide-en-US-1.0-18.fc10 has been submitted as an update for Fedora 10.
http://admin.fedoraproject.org/updates/fedora-security-guide-en-US-1.0-18.fc10

Comment 9 Fedora Update System 2009-08-07 04:57:10 UTC
fedora-security-guide-en-US-1.0-18.fc11 has been pushed to the Fedora 11 stable repository.  If problems still persist, please make note of it in this bug report.

Comment 10 Fedora Update System 2009-08-07 04:57:28 UTC
fedora-security-guide-en-US-1.0-18.fc10 has been pushed to the Fedora 10 stable repository.  If problems still persist, please make note of it in this bug report.

Comment 11 eric 2009-08-07 15:45:06 UTC
Text should be fixed in latest release.  Latest release is in the mirrors at this time.


Note You need to log in before you can comment on or make changes to this bug.