Forum Discussion
Improved Find Command Support in AIX Change The Nessus...
Improved Find Command Support in AIX
Change
The Nessus detection library for handling the ‘find’ command has been updated to allow for better support on hosts running AIX.
Due to the differences between the implementations of the ‘find’ command between platforms, the parameters can be different. This is especially true for AIX, which has limited functionality. One of the main limitations of the AIX implementation is the lack of the ‘max_depth’ or similar parameter. Without this type of parameter, the find command may end up traversing deep into the filesystem and result in performance degradation. Because of this, the ‘Perform thorough tests’ scan preference must be enabled in order to utilize the find command for AIX hosts.
Impact
Customers should expect improved detection of products on AIX hosts when running a scan with thorough tests enabled, potentially resulting in a significant increase in new vulnerability detections. This improvement may also result in slightly longer scan times and increased CPU utilization on the systems scanned.
Hosts running an OS other than AIX are unaffected by these changes.
Target Release Date
16 August 2021
Update: Released in Nessus plugin feed 202108161759
1 Reply
Well this will not be good for us as we are not allowed to enable 'Perform through tests' on systems other than non-production, of which identifying those becomes almost everyone considers all of their stuff to be 'production' in this sense, because in the past doing so caused some of the other test to go too deep and caused impact. I get its a fine balance as to which feature triggers what in a plugin, but not running 'find' in any plugin for AIX without this setting? Before this, for any *nix, in '.audit' files where 'find' was used I'd just add in directories to exclude, via 'prune', rather than worry as much about 'max_depth' to reduce the impact described.
https://docs.tenable.com/nessus/Content/AssessmentSettings.htm
Perform thorough tests (may disrupt your network or impact scan speed): Causes various plugins to work harder. For example, when looking through SMB file shares, a plugin can analyze 3 directory levels deep instead of 1. This could cause much more network traffic and analysis in some cases. By being more thorough, the scan is more intrusive and is more likely to disrupt the network, while potentially providing better audit results.
