Hi, I just finished running Nessus (non-safe scan) against my ASL and the IDS did not get triggered at all! Nessus should fire off all sorts of alert notifications. Also the hits in the IDS -> Rules list did not increase??
Another thing is that Nessus is picking up alot more in this beta than in 4.021. It seems the portscanner (Nmap) had no problem scanning (SYN scan) and finding all my open ports even with PSD turned on. Nessus is also showing a vulnerability in the SSH daemon being used:
The remote SSH daemon supports connections made
using the version 1.33 and/or 1.5 of the SSH protocol.
These protocols are not completely cryptographically
safe so they should not be used.
Solution :
If you use OpenSSH, set the option 'Protocol' to '2'
If you use SSH.com's set the option 'Ssh1Compatibility' to 'no'
Risk factor : Low
After checking out the /etc/ssh/sshd_config file I saw that root logins are allowed (also tested)...is this just for the beta?? It also seems that there is no TMOUT environment variable set that disconnects an idle session, unless there is something else taking care of this.
