Just to keep people interested up to date, and even if the current
status of the code is pre-alpha at best, I'm sending your way the README
file I've just commited to CVS related to the database development. Also
included is the current db schema (more or less stabilised) just in case
you want to browse it.
Comments and offers of help are, of course, always welcome.
Regards
Javi
README file for the Nessus Database integration
-----------------------------------------------
INTRODUCTION
------------
The current directory contains the description of the database schema
used for Nessus integration with relational databases. The schema is
based on the one proposed by Javier Fernandez-Sanguino in the
nessus-devel mailing list (15th January 2003, Message-ID:
<3E25971F.8030402@germinus.com>) and was contributed by Eric Arnoth
(10th February 2003, Message-id:
<200302091552.50196.earnoth@comcast.net>)
The drawings are made with Dia (http://www.lysator.liu.se/~alla/dia/)
and the sql statements for database creation (provided currently for
PostgreSQL and mySQL) have been created with the help of the Dia2sql
python script developed by Eric Arnoth (available in this same
directory).
STEPS
-----
In order to use the database integration in Nessus you have to do the
following:
1.- Make the database
2.- (optional) Import (if any) your current reports into the database
3.- Compile Nessus to use the database as a backend repository of information
STEP 1: Make the database
-------------------------
In order to use the database code included in Nessus (currently, in
the NESSUS_SQL branch of the CVS sources only) you need to import the
SQL statements into a database. For example, once you have created the
database (let's call it NessusAudit) and given appropiate permissions
to a user, you can create the necessary tables with:
$ cat nessus_db_schema.pgsql | psql NessusAudit
or
$ cat nessus_db_schema.mysql | mysql NessusAudit
Note that the Nessus code will not create the database for you. You
have to do it yourself. The Nessus-db integration code will just add
the information relevant to Nessus runs.
There are three tables in the database that need to be populated with
information before using it (and this needs to be done off-line too):
the Plugin table (and associated PluginCVE and PluginBID) and the
Service and Protocol tables. Here's you can add this information
yourself:
- The NessusPlugin, PluginCVE and PluginBID database information can
be created using the 'nessus-extract.pl' script.
- The Protocol and Services database should be created using the
'create-service-proto.pl' script that adds the information available
in 'nessus-services' and 'iana-port-numbers'. Note: All of these get
merged by Nessus into $localstatedir/nessus/services.txt (by
services.c in the nessus-libraries)
- The user database needs to be recreated using a script based on the
information under the $localstatedir/nessus/users/ directory. (script
currently not available)
All these scripts are provided in the nessus-tools CVS module, under
the nessus-extract directory. The code which uses the schema described
here is available also in the NESSUS_SQL.
Note: The database schema is under revision but mostly stable (minor
tweaks here and there)
STEP 2: Import your current reports (optional)
----------------------------------------------
You might want to have the reports of previous Nessus runs into the
database so you can do the proper analysis in the database instead of
parsing the .nbe files. Also, having these reports in the database
might help to do tren analysis with the new information on detected
vulnerabilities that the Nessus server will add into the database.
In order to import current reports into the database use the
import-nbe.pl script which takes .nbe reports and converts them into
SQL statements to include in the database.
The import-nbe.pl script is available in the nessus-tools CVS module,
under the nessus-extract directory, in the NESSUS_SQL branch. Or at
http://cvs.nessus.org/cgi-bin/cvsweb.cgi/nessus-tools/nessus-extract/Attic/import-nbe.pl?hideattic=0&only_with_tag=NESSUS_SQL
STEP 3: Nessus server reporting to the database
----------------------------------------------
(currently under heavy development)
The last step is compiling the Nessus server so that it stores the
information from runs into the database.
The current status of this code is pre-alpha (at best). There are
backends for MySQL (tested slightly) and PostgreSQL (untested) which
will add just some information into the database. All of these are in
the NESSUS_SQL branch of the nessus-core CVS module. This code is
splitted of 1.3, if you compile it you will not get some of the
features in the 2.0 branch.
You can compile support for your favorite database in the Nessus
server using the configure script. Just './configure --with-mysql' (or
--with-postgresql) before compiling the code.
That should introduce the new code to report into the database.
Notice that the C code does not yet introduce valid information (only
on how the run is going, not the results itself) and needs to be
tweaked in order to work (i.e. database location and passwords).
If you do test this code please send comments on in to the
nessus-devel mailing list (nessus-devel@lists.debian.org).
Note: Due to the way the Nessus server handles information from
reports (through the knowledgebase) it's currently not possible to add
the information directly through the knowledgebase without parsing it
beforehand. This code will be introduced, but it will take some time.
STEP 4: Report bugs or comments
-------------------------------
Of course, we welcome bug reports or comments on the database
integration stuff even if it's yet in pre-alpha state. If you are
willing to contribute we would like to hear from you too. Please
forward all your mails to nessus-devel@lists.debian.org.
In order to draw the attention of the people developing the database
integration code please use the following as a prefix in all your
subject lines: "[Database-devel]" (this also helps other people in the
list who do not care about this development to ignore those
messages, so please, use it).
CREDITS
-------
The people developing the work of Nessus' database integration are:
Coordination and db design: Javier Fernandez-Sanguino Pen~a
<jfernandez@germinus.com>
MySQL development: William Heinbockel <wjh3710@osfmail.isc.rit.edu>
PostgreSQL development and db design: Eric I. Arnoth <earnoth@comcast.net>
Other people that have contributed with comments on the db design and
development are:
- Renaud Deraison (of course)
- Erik Anderson <eanders@pobox.com>
- Tony Carter
- Alex Zimi
-- Javier Fernández-Sanguino <jfernandez@germinus.com>
Mon, 24 Mar 2003 12:53:32 +0100
status of the code is pre-alpha at best, I'm sending your way the README
file I've just commited to CVS related to the database development. Also
included is the current db schema (more or less stabilised) just in case
you want to browse it.
Comments and offers of help are, of course, always welcome.
Regards
Javi
README file for the Nessus Database integration
-----------------------------------------------
INTRODUCTION
------------
The current directory contains the description of the database schema
used for Nessus integration with relational databases. The schema is
based on the one proposed by Javier Fernandez-Sanguino in the
nessus-devel mailing list (15th January 2003, Message-ID:
<3E25971F.8030402@germinus.com>) and was contributed by Eric Arnoth
(10th February 2003, Message-id:
<200302091552.50196.earnoth@comcast.net>)
The drawings are made with Dia (http://www.lysator.liu.se/~alla/dia/)
and the sql statements for database creation (provided currently for
PostgreSQL and mySQL) have been created with the help of the Dia2sql
python script developed by Eric Arnoth (available in this same
directory).
STEPS
-----
In order to use the database integration in Nessus you have to do the
following:
1.- Make the database
2.- (optional) Import (if any) your current reports into the database
3.- Compile Nessus to use the database as a backend repository of information
STEP 1: Make the database
-------------------------
In order to use the database code included in Nessus (currently, in
the NESSUS_SQL branch of the CVS sources only) you need to import the
SQL statements into a database. For example, once you have created the
database (let's call it NessusAudit) and given appropiate permissions
to a user, you can create the necessary tables with:
$ cat nessus_db_schema.pgsql | psql NessusAudit
or
$ cat nessus_db_schema.mysql | mysql NessusAudit
Note that the Nessus code will not create the database for you. You
have to do it yourself. The Nessus-db integration code will just add
the information relevant to Nessus runs.
There are three tables in the database that need to be populated with
information before using it (and this needs to be done off-line too):
the Plugin table (and associated PluginCVE and PluginBID) and the
Service and Protocol tables. Here's you can add this information
yourself:
- The NessusPlugin, PluginCVE and PluginBID database information can
be created using the 'nessus-extract.pl' script.
- The Protocol and Services database should be created using the
'create-service-proto.pl' script that adds the information available
in 'nessus-services' and 'iana-port-numbers'. Note: All of these get
merged by Nessus into $localstatedir/nessus/services.txt (by
services.c in the nessus-libraries)
- The user database needs to be recreated using a script based on the
information under the $localstatedir/nessus/users/ directory. (script
currently not available)
All these scripts are provided in the nessus-tools CVS module, under
the nessus-extract directory. The code which uses the schema described
here is available also in the NESSUS_SQL.
Note: The database schema is under revision but mostly stable (minor
tweaks here and there)
STEP 2: Import your current reports (optional)
----------------------------------------------
You might want to have the reports of previous Nessus runs into the
database so you can do the proper analysis in the database instead of
parsing the .nbe files. Also, having these reports in the database
might help to do tren analysis with the new information on detected
vulnerabilities that the Nessus server will add into the database.
In order to import current reports into the database use the
import-nbe.pl script which takes .nbe reports and converts them into
SQL statements to include in the database.
The import-nbe.pl script is available in the nessus-tools CVS module,
under the nessus-extract directory, in the NESSUS_SQL branch. Or at
http://cvs.nessus.org/cgi-bin/cvsweb.cgi/nessus-tools/nessus-extract/Attic/import-nbe.pl?hideattic=0&only_with_tag=NESSUS_SQL
STEP 3: Nessus server reporting to the database
----------------------------------------------
(currently under heavy development)
The last step is compiling the Nessus server so that it stores the
information from runs into the database.
The current status of this code is pre-alpha (at best). There are
backends for MySQL (tested slightly) and PostgreSQL (untested) which
will add just some information into the database. All of these are in
the NESSUS_SQL branch of the nessus-core CVS module. This code is
splitted of 1.3, if you compile it you will not get some of the
features in the 2.0 branch.
You can compile support for your favorite database in the Nessus
server using the configure script. Just './configure --with-mysql' (or
--with-postgresql) before compiling the code.
That should introduce the new code to report into the database.
Notice that the C code does not yet introduce valid information (only
on how the run is going, not the results itself) and needs to be
tweaked in order to work (i.e. database location and passwords).
If you do test this code please send comments on in to the
nessus-devel mailing list (nessus-devel@lists.debian.org).
Note: Due to the way the Nessus server handles information from
reports (through the knowledgebase) it's currently not possible to add
the information directly through the knowledgebase without parsing it
beforehand. This code will be introduced, but it will take some time.
STEP 4: Report bugs or comments
-------------------------------
Of course, we welcome bug reports or comments on the database
integration stuff even if it's yet in pre-alpha state. If you are
willing to contribute we would like to hear from you too. Please
forward all your mails to nessus-devel@lists.debian.org.
In order to draw the attention of the people developing the database
integration code please use the following as a prefix in all your
subject lines: "[Database-devel]" (this also helps other people in the
list who do not care about this development to ignore those
messages, so please, use it).
CREDITS
-------
The people developing the work of Nessus' database integration are:
Coordination and db design: Javier Fernandez-Sanguino Pen~a
<jfernandez@germinus.com>
MySQL development: William Heinbockel <wjh3710@osfmail.isc.rit.edu>
PostgreSQL development and db design: Eric I. Arnoth <earnoth@comcast.net>
Other people that have contributed with comments on the db design and
development are:
- Renaud Deraison (of course)
- Erik Anderson <eanders@pobox.com>
- Tony Carter
- Alex Zimi
-- Javier Fernández-Sanguino <jfernandez@germinus.com>
Mon, 24 Mar 2003 12:53:32 +0100
Attached Files:
-
nessus_db_schema.png (139 KB)