Mailing List Archive: New NESSUS_SQL tag in CVS sources

New NESSUS_SQL tag in CVS sources

jfernandez at germinus

Feb 18, 2003, 2:49 AM

Post #1 of 7 (1312 views)

Just a note to say I have just created the NESSUS_SQL tag in the CVS
sources (1.3.4 version), as per Renaud request. I will include there all
the changes made by William Heinbockel and the database squemas/diagrams
sent by Eric Arnoth.

For those you want to keep up with the development in this branch either
check changes through the cvsweb interface [1] or download it from the
CVS directly [2]

Regards

Javi

[1]
http://cvs.nessus.org/cgi-bin/cvsweb.cgi/nessus-core/?only_with_tag=NESSUS_SQL

[2]
$ export CVSROOT=":pserver:anonymous@cvs.nessus.org:/usr/local/cvs"
$ cvs login
$ cvs -z3 checkout -rNESSUS_SQL nessus-core

Re: New NESSUS_SQL tag in CVS sources [ In reply to ]

wjh3710 at osfmail

Feb 18, 2003, 7:58 AM

Post #2 of 7 (1295 views)

On Tue, 18 Feb 2003, Javier Fernandez-Sanguino wrote:

> Just a note to say I have just created the NESSUS_SQL tag in the CVS
> sources (1.3.4 version), as per Renaud request. I will include there all
> the changes made by William Heinbockel and the database squemas/diagrams
> sent by Eric Arnoth.
>
> For those you want to keep up with the development in this branch either
> check changes through the cvsweb interface [1] or download it from the
> CVS directly [2]
>
> Regards
>
> Javi
>
> [1]
> http://cvs.nessus.org/cgi-bin/cvsweb.cgi/nessus-core/?only_with_tag=NESSUS_SQL
>
> [2]
> $ export CVSROOT=":pserver:anonymous@cvs.nessus.org:/usr/local/cvs"
> $ cvs login
> $ cvs -z3 checkout -rNESSUS_SQL nessus-core
>
>

I was just looking over the database schema(.png) in the CVS there
are a couple of things that I suggest changing.

I don't see any use for the Knowledgebase table.

HOST Table:
Change the IP to VARCHAR(16), unless you want to add it '0' fillers
Add StartTime and EndTime values
Add a Status value - DEAD, CURRENTLY TESTING, or SUCCESS (or similar)

EXECUTED_PLUGINS Table:
Change the Complete value to be of TinyInt (or similar) so that the
status can be more than two options - VULNERABILITY FOUND,
TEST PASSED, PLUGIN NOT RUN (failed a dependency)

Would there be any benefit to adding CVE and BID numbers into the
NESSUS_PLUGIN Table?

Also, some of the Fields will have to support NULL values.

Currently, I am upgrading my files to match the schema.
Also, I have renamed the save_mysql files to save_db and made the
code inside Nessus as well as the code in the database library, more
flexible so that other db architectures can easily be added.

I will hopefully upload the files to Javi in the next couple of days
so that he can add them into the CVS repository.

----------------------
William Heinbockel
Information Security Incident Response Assistant
Co-op Risk & Safety Management
Rochester Institute of Technology
E-mail: wjh3710@rit.edu

Re: New NESSUS_SQL tag in CVS sources [ In reply to ]

jfernandez at germinus

Feb 18, 2003, 8:08 AM

Post #3 of 7 (1301 views)

William Heinbockel wrote:

> I was just looking over the database schema(.png) in the CVS there
> are a couple of things that I suggest changing.
>
> I don't see any use for the Knowledgebase table.

The knowledgebase items that are currently stored in text files could be
stored in the database. I.e. plugins could add them there too (includes
information such as OS of the remote host)

> HOST Table:
> Change the IP to VARCHAR(16), unless you want to add it '0' fillers

You are right.

> Add StartTime and EndTime values
> Add a Status value - DEAD, CURRENTLY TESTING, or SUCCESS (or similar)

Yes, those are good suggestions.

>
> EXECUTED_PLUGINS Table:
> Change the Complete value to be of TinyInt (or similar) so that the
> status can be more than two options - VULNERABILITY FOUND,
> TEST PASSED, PLUGIN NOT RUN (failed a dependency)
>
> Would there be any benefit to adding CVE and BID numbers into the
> NESSUS_PLUGIN Table?

Not really, I believe it ties us too much since there are some plugins
that are related to two or more CVE and/or BID items.

> Also, some of the Fields will have to support NULL values.

If there's a NOT NULL you do not force to add any information in the
column IIRC.

>
> Currently, I am upgrading my files to match the schema.
> Also, I have renamed the save_mysql files to save_db and made the
> code inside Nessus as well as the code in the database library, more
> flexible so that other db architectures can easily be added.
>
> I will hopefully upload the files to Javi in the next couple of days
> so that he can add them into the CVS repository.

Great, I have added the save_mysql.c code and the patches for the
moment. Feel free to send any code my way :-) Adding information in the
configure to detect database libraries is in my TODO.

Javi

PS: I'm adding all your suggestions to the TODO since Eric is going to
give me a .dia that does not segfault on me ;-)

Re: New NESSUS_SQL tag in CVS sources [ In reply to ]

jfernandez at germinus

Feb 18, 2003, 8:36 AM

Post #4 of 7 (1302 views)

Now that I think of it...

Javier Fernandez-Sanguino wrote:
> William Heinbockel wrote:
>
>> HOST Table:
>> Add StartTime and EndTime values

Shouldn't this one be associated with the session information? Maybe we
need to introduce a HostSession table with the following columns:
Hostid, SessionId, StartTime, EndTime.

Since IMHO it does not make much sense to have this information in the
Hosts table since this is used to keep generic information on hosts, not
specific information associated to sessions.

Opinions?

Javi

Re: New NESSUS_SQL tag in CVS sources [ In reply to ]

wjh3710 at osfmail

Feb 18, 2003, 8:49 AM

Post #5 of 7 (1300 views)

On Tue, 18 Feb 2003, Javier Fernandez-Sanguino wrote:

> Now that I think of it...
>
> Javier Fernandez-Sanguino wrote:
> > William Heinbockel wrote:
> >
> >> HOST Table:
> >> Add StartTime and EndTime values
>
>
> Shouldn't this one be associated with the session information? Maybe we
> need to introduce a HostSession table with the following columns:
> Hostid, SessionId, StartTime, EndTime.
>
> Since IMHO it does not make much sense to have this information in the
> Hosts table since this is used to keep generic information on hosts, not
> specific information associated to sessions.
>
> Opinions?

If the Host table is used only to keep generic information, then yes,
a new table should be added for the StartTime and EndTime.

>
> Javi
>
>

----------------------
William Heinbockel
Information Security Incident Response Assistant
Co-op Risk & Safety Management
Rochester Institute of Technology
E-mail: wjh3710@rit.edu

Re: New NESSUS_SQL tag in CVS sources [ In reply to ]

jfernandez at germinus

Feb 20, 2003, 12:10 PM

Post #6 of 7 (1300 views)

Eric Arnoth wrote:
> On Tuesday 18 February 2003 10:08, Javier Fernandez-Sanguino wrote:
>
>
>>PS: I'm adding all your suggestions to the TODO since Eric is going to
>>give me a .dia that does not segfault on me ;-)
>
> It's in the works. I'm taking the liberty of implementing the suggestions of
> this thread as I understand them.
>
>

That's great, take a look at the doc/database/TODO.txt file. I have
found some other issues while constructing a script which imports from
NBE to the database format (in nessus-tools) [1].

Javi

[1] This allows for past prototyping and determining database-scheme
issues while at the same time of providing me with a way to load old
reports into the database.

Re: New NESSUS_SQL tag in CVS sources [ In reply to ]

earnoth at comcast

Feb 20, 2003, 12:11 PM

Post #7 of 7 (1301 views)

On Tuesday 18 February 2003 10:08, Javier Fernandez-Sanguino wrote:

> PS: I'm adding all your suggestions to the TODO since Eric is going to
> give me a .dia that does not segfault on me ;-)
It's in the works. I'm taking the liberty of implementing the suggestions of
this thread as I understand them.

--
Eric I. Arnoth CISSP (http://www.isc2.org)
earnoth@comcast.net
http://mywebpages.comcast.net/earnoth
¤ø,¸¸,ø¤º°*°º¤ø,¸¸,ø¤ø,¸¸,ø¤º°*°º¤ø,¸¸,ø¤ø,¸¸,ø¤º°*°º¤ø,¸¸,ø¤ø,¸¸,ø¤º°*°º¤ø,¸¸,ø