saverio.ferraro@fastwebnet.it wrote:
Hi,
I want to know if Nessus 's server (nessusd) can store directly his report
on a database (MySQL or Postgress) without to go through the client (NessusWX).
You can have it two ways:
a) Patch the Nessus code to log onto a database as the support for
this is not in Nessus proper.
1.- Download the Nessus source code
2.- Use the following patches:
http://mail.nessus.org/pipermail/nessus-devel/2005-March/msg00000.html
(original patch for 2.2.3)
http://mail.nessus.org/mailman/htdig/nessus-devel/2005-August/msg00000.html
(patch from Sandro Poppi fixing issues with fork())
3.- run 'autoconf'
4.- run './configure --with-mysql' (and with any other additional
options you might need)
5.- build
6.- test
You can actually use the NESSUS_SQL tag to download the sources from
CVS, but you will need to do part of step 2 as Sandro's patch is not
(yet) included.
These steps are explained more thoroughly at in the README file
available in the sources:
http://cvsweb.nessus.org/cgi-bin/viewcvs.cgi/nessus-core/doc/database/Attic/README.txt?rev=1.1.2.15&only_with_tag=NESSUS_SQL&content-type=text/vnd.viewcvs-markup
or
http://tinyurl.com/7qpp3
b) Use a script to parse nbe results to MySQL. You can use lots of
them, I wrote a nessus-extract script (again in CVS, use the
NESSUS_SQL tag to retrieve it)
To use the CVS you can either use the Web interface at
http://cvsweb.nessus.org/cgi-bin/viewcvs.cgi/
So, for the NESSUS_SQL branch to download the script you will need to use
http://cvsweb.nessus.org/cgi-bin/viewcvs.cgi/nessus-tools/nessus-extract/?only_with_tag=NESSUS_SQL
or
http://tinyurl.com/c773p
Or use the CVS programs directly:
$ export CVSROOT=":pserver:anonymous@cvs.nessus.org/usr/local/cvs"
$ cvs login
CVS password: [enter 'anon' here]
$ cvs co -r NESSUS_SQL nessus-tools
That will create a 'nessus-tools' directory with the scripts above.
Similarly if you run
$ cvs co -r NESSUS_SQL nessus-core
You will get the 2.2.4 source code patched with the SQL patches. You
will need to add Sandro Poppi 's patches yourself. For those of you
that don't know how to:
[ in the source nessus-core directory ]
$ wget -O patches.tar
http://mail.nessus.org/mailman/htdig/nessus-devel/2005-August/gzLrqf54D1JH.gz
$ tar -xf patches.tar
$ cat *diff | patch -p3
And that should leave you with paches sources, you need to fix the
REJECTS (there are a few) and then just run
$ autoconf
$ ./configure --with-mysql
$ make
And, if all goes well you have your Nessus compiled with SQL support.
I will try to integrate Poppi's patches in CVS (to prevent the REJECTS
from appearing and prevent you guys the extra step of applying them),
maybe this afternoon.
As for the patches, I don't run those anymore in a production
environment and I support these in a "best effort" way. If you want to
use them you will need to keep up with new Nessus releases yourself
and notice they are _not_ recommended for production environment and
support for them might be sub-optimal. So, if you use them, you are on
your own.
Since these patches are community supported, however, please send to
the mailing list any fix you might introduce and/or any issue you
might find. Use the '[Database-devel]' tag for those so they can be
easily found by other users.
Regards
Javier
_______________________________________________
Nessus mailing list
Nessus@list.nessus.org
http://mail.nessus.org/mailman/listinfo/nessus
