Mailing List Archive

Preferences for new Nessus GUI: XML or nessusrc?
Hi!

As described in the document
http://ftp.intevation.de/boss/concept/concept-boss-1.0.1.pdf
there has to be a local storage for tasks and scope (a superset of
the thing formerly known as session).

If there are no compatibility issues, this local storage will be in
XML format.

My question is: Should nessus preferences be kept in these XML
files, too, or should the old .nessusrc be used for this?

As the new GUI should support multiple server connections, the only
way to use the old nessusrc format would be to missuse the sections,
or to introduce something like

nessusd_host = localhost
nessusd_user = foo
nessusd_host[scope1] = the.other.host
ssl_version[scope1] = none

where "scope1" is a scope identifier which shouldn't be the title,
because a title can be text with spaces and special characters and
can be renamed.

XML is not the solution for everything, but in this case it may have
advantages.

What do you think?

Thomas

--
Email: thomas@intevation.de
http://intevation.de/~thomas/
Re: Preferences for new Nessus GUI: XML or nessusrc? [ In reply to ]
On Thu, Sep 16, 2004 at 06:57:33PM +0200, Thomas Arendsen Hein wrote:
> My question is: Should nessus preferences be kept in these XML
> files, too, or should the old .nessusrc be used for this?

In any way, I'd like to keep backward compatibility with the old
.nessusrc files.

Since we decided that using XML was experimental at this time (until
we know for sure that there's not portability issue with gtk and such),
I'd stick to the current prefs scheme and make it evolve a bit later on
if necessary.


-- Renaud
Re: Preferences for new Nessus GUI: XML or nessusrc? [ In reply to ]
* Renaud Deraison <deraison@nessus.org> [20040916 19:09]:
> On Thu, Sep 16, 2004 at 06:57:33PM +0200, Thomas Arendsen Hein wrote:
> > My question is: Should nessus preferences be kept in these XML
> > files, too, or should the old .nessusrc be used for this?
>
> In any way, I'd like to keep backward compatibility with the old
> .nessusrc files.

We found a solution without changing the format of the .nessusrc
which doesn't need XML: We can just map the structure of tasks and
scopes to directories in the file system.

~/.nessusrc:
- old format
- new key: client_directory (default value = ~/.nessus or similar)
- contains global preferences (e.g. paranoia_level) and
default values for scopes

Example directory structure:

~/.nessus/
~/.nessus/task1/
~/.nessus/task1/task.nessusrc
~/.nessus/task1/logo.png
~/.nessus/task1/report.sty
~/.nessus/task1/scope1/
~/.nessus/task1/scope1/scope.nessusrc
~/.nessus/task1/scope1/report-20040917-103459/
~/.nessus/task1/scope1/report-20040917-103459/report.nessusrc
~/.nessus/task1/scope1/report-20040917-103459/report.nbe
~/.nessus/task1/scope1/report-20040917-103459/report.pdf
~/.nessus/task1/scope1/report-20040920-122011/
~/.nessus/task1/scope1/report-20040920-122011/report.nessusrc
~/.nessus/task1/scope1/report-20040920-122011/report.nbe
~/.nessus/task1/scope1/report-20040920-122011/report.tex

task.nessusrc:
- format of nessusrc
- only keys "title" and "comment"
(or maybe store comment in a separate plain text file?)
- no connection config or plugin selection here

scope.nessusrc:
- format of nessusrc, uses ~/.nessusrc for default values
- new keys: "title" and "comment"

report.nessusrc:
- copy of scope.nessusrc at the time the scan was performed
- new key: "server_session_name" with the name of the saved session
on the nessus server.
- should connection config (nessusd_host, nessusd_user, ssl paths)
be removed from this file and only plugin selection be kept?

Every directory may contain other files, e.g. logo.png and
report.sty for creating reports with a company logo on it.


This way we can drop the requirement for XML and keep absolute
compatibility for old clients, and the command line client doesn't
need to know about all these new things (e.g. multi server support)
then.

Question: Should scopes have an option like "always use global
settings", so the local scope.nessusrc will only be used for title
and comment, i.e. like with tasks?

Thomas

--
Email: thomas@intevation.de
http://intevation.de/~thomas/