Andrew,
Nessus will tell you if you're missing any hotfixes.
However, if you really need the list, try the below script... I tested
it on a couple hosts and it seems to work. Name it
smb_hotfixes_list.nasl or something, pick a different plugin ID if you
wish (I can never remember which range I'm supposed to use), place it in
the /opt/nessus/lib/nessus/plugins directory, run
/opt/nessus/sbin/nessusd -t, restart nessusd (just to be sure), and then
run a scan. FYI, I put the results in a hash first (rather than
concatenating directly to the report string) to remove duplicates and
sort the output.
If you want these in MSYY-NNN format, you'll have to write an include
file that does the mapping for you... probably an exercise in futility.
Cheers,
John Scherff
24 Hour Fitness
Sr. IT Security Engineer
# ==========================================================
# Author: John Scherff, 24 Hour Fitness, 25 October 2007
# ==========================================================
desc["english"] = "
Synopsis :
Installed Windows Hotfixes
Description :
The Windows hotfixes listed below are installed on this computer.
Risk factor :
None";
if( description ) {
script_id( 66001 );
script_version( "$Revision: 1.60 $" );
script_description( english: desc["english"] );
script_category( ACT_GATHER_INFO );
name["english"] = "Installed Windows Hotfix List";
script_name( english: name["english"] );
summary["english"] = "Lists Windows hotfixes that have been installed
on the computer.";
script_summary( english: summary["english"] );
copyright["english"] = "This Script is Copyright (C) 2007 John Scherff
/ 24 Hour Fitness";
script_copyright( english: copyright["english"] );
family["english"] = "Windows";
script_family( english: family["english"] );
script_dependencies( "smb_hotfixes.nasl" );
script_require_keys( "SMB/Registry/Enumerated" );
exit( 0 );
}
smbEnumerationStatus = get_kb_item( "SMB/Registry/Enumerated" );
if( smbEnumerationStatus != TRUE ) exit( 0 );
hotfixHash = make_array();
hotfixList = '';
kbPrefixAry = make_list(
"SMB/Registry/HKLM/SOFTWARE/Microsoft/Updates/*",
"SMB/Registry/HKLM/SOFTWARE/Microsoft/Windows
NT/CurrentVersion/HotFix/*",
"SMB/Registry/HKLM/SOFTWARE/Microsoft/Fpc/Hotfixes/*",
"SMB/Registry/HKLM/SOFTWARE/Microsoft/Updates/Windows Media Player/*"
);
foreach kbPrefix ( kbPrefixAry ) {
kbHash = get_kb_list( kbPrefix );
foreach kbKey ( keys( kbHash ) ) {
if( kbHash[kbKey] == TRUE ) {
match = eregmatch(
pattern: '/(KB[0-9]{6}[A-Z0-9_]{0,6})',
string: kbKey,
icase: TRUE
);
if( match ) hotfixHash[match[1]] = 1;
}
}
}
foreach hotfixKey ( sort( keys( hotfixHash ) ) ) {
hotfixList += ' - ' + hotfixKey + '\n';
}
if( hotfixList) {
report = string( desc["english"], '\n\nPlugin Output :\n\n' +
hotfixList + '\n' );
security_note( port: 0, data: report );
}
________________________________
From: nessus-bounces@list.nessus.org
[mailto:nessus-bounces@list.nessus.org] On Behalf Of Andrew Court
Sent: Thursday, October 25, 2007 12:10 PM
To: nessus@list.nessus.org
Subject: Plugin 13855 - installed hotfixes
Hi,
This is probably pretty basic, but, here goes. Plugin 13855 enumerates
the list of installed hotfixes on a windows box. It stores the
information in the KB to prevent extended use of the remote registry.
However I want that list of installed hotfixes. How do I include it in
the nsr/nbe report that nessus outputs. I know I can use get_kb_item in
a nasl script to get information from the kb but I am not sure how to
tell it which info to get. I want the list of installed patches for a
patch audit, so if anyone has any custom scripts they have used for
patch audits, I would be very much obliged if they sent them to me.
Kind Regards,
Andrew Court
IT Security Specialist | BT Retail - Ireland |
E:Andrew.Court@bt.com |Mobile: +353 86 1720 692 | Fax: +353 1 432 5899|
www.btireland.com <file://www.btireland.com>
_______________________________________________
Nessus mailing list
Nessus@list.nessus.org
http://mail.nessus.org/mailman/listinfo/nessus
