ALERT: Some images may not load properly within the Knowledge Base Article. If you see a broken image, please right-click and select 'Open image in a new tab'. We apologize for this inconvenience.

Harvest Agent hangup on Nessus Scan

book

Article ID: 199042

calendar_today

Updated On:

Products

CA Harvest Software Change Manager CA Harvest Software Change Manager - OpenMake Meister

Issue/Introduction

Running a Nessus scan against a LINUX server running a Harvest agent leads to a hangup of the agent. The agent needs to be restarted.

Cause

I did a quick search to find out what the Nessus software does, and it appears that it is used to discover any security threats or concerns on the computer.  According to what I’ve learned, examples of vulnerabilities and exposures Nessus can scan for include:

  • Vulnerabilities that could allow unauthorized control or access to sensitive data on a system.
  • Misconfiguration (e.g. open mail relay, missing patches, etc.).
  • Default passwords, a few common passwords, and blank/absent passwords on some system accounts. Nessus can also call Hydra (an external tool) to launch a dictionary attack.
  • Denials of service vulnerabilities

Environment

Release : 13.0.3

Component : CA Harvest Software Change Manager

Resolution

The user guide for the Nessus scanner is here: https://docs.tenable.com/nessus/8_0/Content/Resources/PDF/Nessus_8_0.pdf

It does say on p. 133

Caution: In some rare cases, probing might disrupt some services and cause unforeseen side effects.

It also contains information about how to configure scans which might include ways to tell it to ignore the port that SCM Agent is using, put the agntd process on a “whitelist” to specify that it’s not a harmful application, how to configure and run reports, and access log files that might tell you exactly why it is killing the SCM Agent process.

You might also check with the technical support team for Nessus to hear their suggestions on how to prevent Nessus from killing the SCM Agent process.

If the user guide and/or Nessus support team cannot provide a way to make the Nessus scanner ignore the SCM Agent software, your other option is to restart it after the scan is completed. If the Nessus scan runs on a schedule, then restarting the agent can be set up on a schedule as well. There’s also a way to set up a small batch script to check every few minutes and if the agntd process is down, restart it.