I never try nessus on gentoo (last time i check :P, im using it under ubuntu), i just emerge it before and never run it. Yesterday, when i was trying to run nessus, ive found that it suck all my CPU, the process are so slow even my cursor are in slow motion :D, even for loging in my nessus-client to the localhost nessus server. The unbelieveable part was the "top" output from my gentoo, it suck my CPU 101%, wtf..
so i check the nessus version that im running, im still running nessus version 2.2.6, which is reported still has a bug on it not only in memory handling but it cant be use to scan et all (blah...) , so i decide to remove it (unmerge) and then install the fancy "nessus-client" version 1.0.2 and nessus-bin version 3.0.5 (as its listed on emerge --search). FYI, Gentoo using suse package (sad, they dont make it for gentoo, hell yeah.. who cares :P) then converted it using the rpm, but the problem is when i try to emerge nessus-bin, the nessus already updated to newer version, which is 3.0.6 and the ebuild are for nessus version 3.0.5, with a little effort i figure out how to make this new version works on your gentoo. follow this step to hack the ebuild files and successfuly install the nessus
1. grab a copy of newer nessus, im using suse version > Nessus-3.0.6-suse10.0.i586.rpm
and put it on /usr/portage/distfiles
2. i need to make a symbolic link some library, because it still using the lower version (mine is newer), u can pass this step if your libssl and libcrypto already 0.9.7 version.
sudo ln -s /usr/lib/libssl.so.0.9.8 /usr/lib/libssl.so.0.9.7
sudo ln -s /usr/lib/libcrypto.so.0.9.8 /usr/lib/libcrypto.so.0.9.7
3. edit your nessus-bin ebuild at /usr/portage/net-analyzer/nessus-bin
change the ebuild name from nessus-bin-3.0.5.ebuild to nessus-bin-3.0.6.ebuild
and tweak some part of the header, also the Manifest files (modify the signature)
for an easy way , ive already created the ebuild for nessus-bin version 3.0.6 , you all can grab it here. extract and copy all the folder under directory /usr/portage/net-analyzer/
4. Final step, just do the magic command "emerge nessus-bin" and you will get a nessus-bin 3.0.6
thats all folk, enjoy your nessus! Be Safe :)
No comments:
Post a Comment