30 lines
1.1 KiB
Text
30 lines
1.1 KiB
Text
Nessus uses the pcap library, which uses the berkeley packet filter (bpf)
|
|
to do its job.
|
|
|
|
Since Nessus used multiple processes, several pcap-aware plugins will
|
|
need to access the the bpf at the same time.
|
|
|
|
This means that you need to recompile your kernel with the following option:
|
|
|
|
pseudo-device bpf
|
|
|
|
If for instance you want to have 10 nessusd running at the same time,
|
|
each running 5 plugins in parallel, you should create 50 (10 * 5) bpfs
|
|
(as nessusd is extremely lightweight, you can expect to have this amount
|
|
of processes running at the same time)
|
|
|
|
If you plan to scan a whole network, we recommand you create at least
|
|
100 of them.
|
|
|
|
Once your kernel has been rebuilt, get root, cd to /dev
|
|
and do:
|
|
|
|
./MAKEDEV bpf+100
|
|
|
|
For FreeBSD 5.x this is not needed since the devfs creates devices when needed.
|
|
|
|
If you can not recompile your kernel, you can try to run the configure
|
|
script with the option --enable-bpf-sharing. In this case, nessusd will
|
|
try to share one /dev/bpf among multiple processes and do the filtering
|
|
in userland. NOTE THAT THIS OPTION IS HIGHLY EXPERIMENTAL AND WE DO
|
|
NOT RECOMMAND ENABLING IT.
|