df3ab8a9ce
PR: ports/54051 Submitted by: maintainer |
||
---|---|---|
.. | ||
patch-aa | ||
patch-ab | ||
patch-ac | ||
README.BPF |
Nessus uses the pcap library, which uses the berkeley packet filter (bpf) to do its job. Since Nessus used multiple processes, several pcap-aware plugins will need to access the the bpf at the same time. This means that you need to recompile your kernel with the following option : For FreeBSD 5.x: pseudo-device bpfilter For FreeBSD 4.x: pseudo-device bpfilter NUM Where 'NUM' is the number of bpf you want -- it should be equal to the 'max hosts number' option you enter in nessusd x the 'max plugins' option. If for instance you want to have 10 nessusd running at the same time, each running 5 plugins in parallel, you should create 50 (10 * 5) bpfs (as nessusd is extremely lightweight, you can expect to have this amount of processes running at the same time) If you plan to scan a whole network, we recommand you create at least 100 of them. Once your kernel has been rebuilt, get root, cd to /dev and do : i=0; while [ $i -lt 100]; do ./MAKEDEV bpf$i let i=$i+1 done On FreeBSD, you can directly do : ./MAKEDEV bpf+100 (For FreeBSD 5.x this is not needed since the devfs creates devices when needed) If you can not recompile your kernel, you can try to run the configure script with the option --enable-bpf-sharing. In this case, nessusd will try to share one /dev/bpf among multiple processes and do the filtering in userland. NOTE THAT THIS OPTION IS HIGHLY EXPERIMENTAL AND WE DO NOT RECOMMAND ENABLING IT.