Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Nessus-Users
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: RUN-ONCE PLUGINS?

from [John Scherff] Network Security [Permanent Link]
Subject: Re: RUN-ONCE PLUGINS?
Date: Tue, 1 May 2007 23:32:01 -0700 
Perfect.  Thank you, Renaud.

The first method is what I do now.  I have a plugin that gets a bunch of SAVCE 
preferences from the nessusrc file and puts them into the KB for my other SAVCE 
plugins. I generate that nessusrc file with updated values on the fly with a 
perl script prior to the scan.  It works, but it's clunky.  I wanted something 
a little more elegant.

Thanks again for the tip.

John

-----Original Message-----
From: Renaud Deraison <deraison@nessus.org>
To: nessus@list.nessus.org List <nessus@list.nessus.org>
CC: John Scherff
Sent: Tue May 01 21:49:27 2007
Subject: Re: RUN-ONCE PLUGINS?


Hi John,

On May 1, 2007, at 11:25 PM, John Scherff wrote:


Is it possible to have a plugin run just once for the entire scan  
and set some kind of variable for use by all plugins on all hosts?

I'm trying to write a plugin that will download the three most  
recent virus definition dates from Symantec (I know 21725 checks  
whether signatures are current, but I'm trying to write a smallish  
nessus-based audit tool for my system administrators that will run  
inside vmware-player machine and will not depend on a plugin feed).



What you're requesting can not be done _cleanly_. What I'd suggest is  
to have a cron job (eg: a perl script) creating a plugin with the  
newest version number instead.

That being said, you could create temporary files as use them as  
locks (the code below has not been tested but should put you on the  
right track) :


#
# If another plugin is doing an update, wait for a bit
#
while ( file_stat("symantec-lockfile.txt") > 0 )
{
  sleep(1);
}


#
# Check the timestamp
#
buf = fread("symantec-timestamp.txt");

# If there is no lockfile or if it is too old, then fetch the newest  
sigs
if ( isnull(buf) || unixtime() - int(buf) > (3600*24) )
{
  fwrite(file:"symantec-tmp.txt", data:"wait";);
  argv[0] = "curl";
  argv[1] = "http://definitions.symantec.com/defs/";;
  results = pread(cmd: "curl", argv: argv, nice: 5);
  foreach line ( split( results) ) {
        match = eregmatch( string: line, pattern: '([0-9]{8})-[0-9]{3}- 
i32.exe', icase: TRUE );
        if( !isnull( match ) ) signature += match[1] + ' ';
  }

  fwrite(file:"symantec-datafile.txt", data:signature);
  fwrite(file:"symantec-timestamp.txt", data:string(unixtime()));
  unlink("symantec-lockfile.txt");
}
else
{
  signature = fread("symantec-datafile.txt");
}



                                -- Renaud

_______________________________________________
Nessus mailing list
Nessus@list.nessus.org
http://mail.nessus.org/mailman/listinfo/nessus
[More messages with this same subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: NASL DOCS, jfvanmeter
Next by Date:  RE: NASL DOCS, Mercer, Jeff C - Raleigh, NC
Previous by Thread:  Re: RUN-ONCE PLUGINS?, Renaud Deraison
Next by Thread:  RE: RUN-ONCE PLUGINS?, John Scherff
Indexes:  [Date] [Thread] [Top] [All Lists]