Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Nessus-Users
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: Audit Policy help

from [Ron Gula] Network Security [Permanent Link]
Subject: Re: Audit Policy help
Date: Fri, 25 Jan 2008 11:04:44 -0500 
Hi Graham,

I tried that exact same policy with good results:

[root@kingghidora ~]# cat content.audit
<check_type : "WindowsFiles">
<item>
         type: FILE_CONTENT_CHECK
         description: "Determine if server is hosting copyright content"
         file_extension:  "mp3"
         expect: "ID3"
</item>
</check_type>
[root@kingghidora ~]# /opt/nessus/bin/nasl -t 192.168.20.16 
/opt/nessus/lib/nessus/plugins/compliance_check_windows_file_content.nbin


             Windows File Contents Compliance Checks, version 1.0.11

Which file contains your security policy : ./content.audit
Login : Administrator
Password : ************
Domain :
"Determine if server is hosting copyright content" : [PASSED]


The extra lines in your email make me beleive that this file was written 
  on a Windows system or somehow contains some extra return characters 
in it. Could you try running dos2unix on the file and retesting?

Also, you don't need the 'expect' statement if you just want to look for 
files with certain extensions. There are also other keywords you can use 
to exclude certain directories which could speed up your testing.

As a Direct Feed or Security Center customer if you need further 
support, you should open up a ticket with our help desk.

Ron Gula
Tenable Network Security







Taylor, Graham wrote:

Hi people, I am new to writing audit policies and have run into a
problem :- ( I need to find out if any mp3 files are stored on a
machine, not necessarily in an SMB share. The policy I have written is
this:

 

<check_type : "WindowsFiles">

 

<item>

        type: FILE_CONTENT_CHECK

        description: "Determine if server is hosting copyright content"

        file_extension:  "mp3"

        expect: "ID3"

        

</item>

 

</check_type>

 

 

The error I get when I run it is:

 

Parse error line 6 - unknown token '_extension:'



Nessus ID : 21156
<http://www.nessus.org/plugins/index.php?view=single&id=21156> 

 

 

 

I am running 

 

(Nessus) 3.0.6. [build 283] for Linux

 

 

Regards Graham

 

 

 

Graham Taylor

Head of IT Security, UK and Asia Pacific 

 

Tel :  020 7214 4311 (DDI) 
Mob : 07947386312

Fax:  020 7214 4327  



_______________________________________________
Nessus mailing list
Nessus@list.nessus.org
http://mail.nessus.org/mailman/listinfo/nessus
[More messages with this same subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Audit Policy help, Taylor, Graham
Next by Date:  Exporting 'Network(s) to scan', Rathbun, Dan
Previous by Thread:  Audit Policy help, Taylor, Graham
Next by Thread:  Exporting 'Network(s) to scan', Rathbun, Dan
Indexes:  [Date] [Thread] [Top] [All Lists]