Nessus issue

I have ten nodes that sit on the same hardware and was installed from
the same image. Everything is identical. They all have NFS setup on
them the same way.
node comes back after a scan stating that it can mount NFS without
being root. The other nine do not. I have logged into the Nessus node
and tried to mount these without root and it will not mount. I have
used two accounts to try this, mine and the one that runs the Nessus
cron job. using sudo will they mount.
I only do external scan of these nodes, Nessus does not login to them.
Anyone else out there have this issue before and is there anything I
can do to fix this false positive.
Thanks,
Art

No. 1# | By Developer Tags User at [2008-5-4] | size: 1152 bytes

"Art" <artgenos@gmail.comwrites:
I have ten nodes that sit on the same hardware and was installed from
the same image. Everything is identical. They all have NFS setup on
them the same way.

node comes back after a scan stating that it can mount NFS without
being root. The other nine do not. I have logged into the Nessus node
and tried to mount these without root and it will not mount. I have
used two accounts to try this, mine and the one that runs the Nessus
cron job. using sudo will they mount.

I only do external scan of these nodes, Nessus does not login to them.
Anyone else out there have this issue before and is there anything I
can do to fix this false positive.

When faced with stuff like this, I chase down the source code to the
plug-in associated with the finding from the nessus report and
replicate the test step by step to see what exactly nessus saw that
made it think there was an issue.

You never can eliminate all false positives, but you might also learn
about a vulnerability you have that you don't think kyou have
currently.

Best Regards,

Security Hot!

Security New!