Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Nessus-Users
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

RE: RUN-ONCE PLUGINS?

from [John Scherff] Network Security [Permanent Link]
Subject: RE: RUN-ONCE PLUGINS?
Date: Tue, 8 May 2007 09:52:12 -0700 
FYI, what I settled on was to have a nightly cron job (perl script)
generate a custom .inc file which simply sets a variable to a string
containing the current signature dates; e.g., currentSignatures =
string( '20070505;20070506;20070507' ); The plugin simply includes this
and checks whether the host's signature value is in this string.
 
That should be slightly more efficient (less IO) than having nasl
generate a file and/or check the timestamp / lock status, right?


________________________________

        From: nessus-bounces@list.nessus.org
[mailto:nessus-bounces@list.nessus.org] On Behalf Of John Scherff
        Sent: Tuesday, May 01, 2007 11:32 PM
        To: deraison@nessus.org; nessus@list.nessus.org
        Subject: Re: RUN-ONCE PLUGINS?
        
        

        Perfect.  Thank you, Renaud.
        
        The first method is what I do now.  I have a plugin that gets a
bunch of SAVCE preferences from the nessusrc file and puts them into the
KB for my other SAVCE plugins. I generate that nessusrc file with
updated values on the fly with a perl script prior to the scan.  It
works, but it's clunky.  I wanted something a little more elegant.
        
        Thanks again for the tip.
        
        John
        
        -----Original Message-----
        From: Renaud Deraison <deraison@nessus.org>
        To: nessus@list.nessus.org List <nessus@list.nessus.org>
        CC: John Scherff
        Sent: Tue May 01 21:49:27 2007
        Subject: Re: RUN-ONCE PLUGINS?
        
        
        Hi John,
        
        On May 1, 2007, at 11:25 PM, John Scherff wrote:
        
        > Is it possible to have a plugin run just once for the entire
scan 
        > and set some kind of variable for use by all plugins on all
hosts?
        >
        > I'm trying to write a plugin that will download the three most

        > recent virus definition dates from Symantec (I know 21725
checks 
        > whether signatures are current, but I'm trying to write a
smallish 
        > nessus-based audit tool for my system administrators that will
run 
        > inside vmware-player machine and will not depend on a plugin
feed).
        
        
        What you're requesting can not be done _cleanly_. What I'd
suggest is 
        to have a cron job (eg: a perl script) creating a plugin with
the 
        newest version number instead.
        
        That being said, you could create temporary files as use them as

        locks (the code below has not been tested but should put you on
the 
        right track) :
        
        
        #
        # If another plugin is doing an update, wait for a bit
        #
        while ( file_stat("symantec-lockfile.txt") > 0 )
        {
          sleep(1);
        }
        
        
        #
        # Check the timestamp
        #
        buf = fread("symantec-timestamp.txt");
        
        # If there is no lockfile or if it is too old, then fetch the
newest 
        sigs
        if ( isnull(buf) || unixtime() - int(buf) > (3600*24) )
        {
          fwrite(file:"symantec-tmp.txt", data:"wait";);
          argv[0] = "curl";
          argv[1] = "http://definitions.symantec.com/defs/";;
          results = pread(cmd: "curl", argv: argv, nice: 5);
          foreach line ( split( results) ) {
                match = eregmatch( string: line, pattern:
'([0-9]{8})-[0-9]{3}-
        i32.exe', icase: TRUE );
                if( !isnull( match ) ) signature += match[1] + ' ';
          }
        
          fwrite(file:"symantec-datafile.txt", data:signature);
          fwrite(file:"symantec-timestamp.txt",
data:string(unixtime()));
          unlink("symantec-lockfile.txt");
        }
        else
        {
          signature = fread("symantec-datafile.txt");
        }
        
        
        
                                        -- Renaud
        


_______________________________________________
Nessus mailing list
Nessus@list.nessus.org
http://mail.nessus.org/mailman/listinfo/nessus
[More messages with this same subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Windows Local Group Names, John Scherff
Next by Date:  Not able to scan with Nessus-3.1.3, Varun Chandramohan
Previous by Thread:  Re: RUN-ONCE PLUGINS?, John Scherff
Next by Thread:  Re: NASL DOCS, George A. Theall
Indexes:  [Date] [Thread] [Top] [All Lists]