Mailing List Archive

On Mon, 20 Jun 2005 M.A.C.Dekker@telecom.tno.nl wrote:

> Dear all,
> Is it possible to run a local check for risky lines in say the apache
> config http.config or the php config php.ini files?
> I seem to see only local scans on registry-values?

Hi,
No you can also read from local files. For example see:
flash_player_overflows.nasl

> I'm thinking about some standalone file-finder, perl or so, however I
> would just love to bring it as a nasl script.

This is a good idea and entirely possible in nasl.

--
- Josh

>
> Thanks in advance,
>
> Marnix
> --
> Marnix Dekker
> PhD researcher
> TNO ICT - Dpt Security
> Twente University - DIES
> 0031610968797
> _______________________________________________
> Plugins-writers mailing list
> Plugins-writers@list.nessus.org
> http://mail.nessus.org/mailman/listinfo/plugins-writers
>
>

On Jun 20, 2005, at 3:39 AM, <M.A.C.Dekker@telecom.tno.nl>
<M.A.C.Dekker@telecom.tno.nl> wrote:
> Dear all,
> Is it possible to run a local check for risky lines in say the apache
> config http.config or the php config php.ini files?
> I seem to see only local scans on registry-values?
> I'm thinking about some standalone file-finder, perl or so, however I
> would just love to bring it as a nasl script.

I am guessing since you mentioned registry, you are looking at
windows. If so, take a look at the smb_file_funcs.inc, it has the
functions you need to read files on a windows box.



--
MadHat (at) Unspecific.com, C²ISSP
E786 7B30 7534 DCC2 94D5 91DE E922 0B21 9DDC 3E98
gpg --keyserver wwwkeys.us.pgp.net --recv-keys 9DDC3E98

On Mon, Jun 20, 2005 at 10:39:33AM +0200,
M.A.C.Dekker@telecom.tno.nl wrote:

> Is it possible to run a local check for risky lines in say
> the apache config http.config or the php config php.ini
> files? I seem to see only local scans on registry-values?

As others have pointed out, this is do-able under Windows.

Under *nix, though, plugins can't run arbitrary commands by
default unless they have been signed using the private key
corresponding to the public key nessus_org.pem (in
/usr/local/var/nessus by default). You can shoot yourself in
the foot^H^H^H^H^Hget around this restriction if you insist
by setting 'nasl_no_signature_check' in nessusd.conf and
restarting the Nessus server. See Edgeos' Nessus Knowledge
Base for more info on this:

http://www.edgeos.com/nessuskb/details.php?option_id=288

George

--
theall@tenablesecurity.com

On Jun 20, 2005, at 12:38 PM, George A. Theall wrote:
> On Mon, Jun 20, 2005 at 10:39:33AM +0200,
> M.A.C.Dekker@telecom.tno.nl wrote:
>
>
>> Is it possible to run a local check for risky lines in say
>> the apache config http.config or the php config php.ini
>> files? I seem to see only local scans on registry-values?
>>
>
> As others have pointed out, this is do-able under Windows.
>
> Under *nix, though, plugins can't run arbitrary commands by
> default unless they have been signed using the private key
> corresponding to the public key nessus_org.pem (in
> /usr/local/var/nessus by default). You can shoot yourself in
> the foot^H^H^H^H^Hget around this restriction if you insist
> by setting 'nasl_no_signature_check' in nessusd.conf and
> restarting the Nessus server. See Edgeos' Nessus Knowledge
> Base for more info on this:
>
> http://www.edgeos.com/nessuskb/details.php?option_id=288

Is it possible to gen your own keys and sign your own nasl scripts?
I mean I know it would break the auto-update, but would allow you to
do other things.

--
MadHat (at) Unspecific.com, C²ISSP
E786 7B30 7534 DCC2 94D5 91DE E922 0B21 9DDC 3E98
gpg --keyserver wwwkeys.us.pgp.net --recv-keys 9DDC3E98

On Mon, Jun 20, 2005 at 01:25:08PM -0500, MadHat wrote:

> Is it possible to gen your own keys and sign your own nasl
> scripts?

Not without some code changes; eg,

http://mail.nessus.org/pipermail/plugins-writers/2005-June/msg00006.html

http://mail.nessus.org/pipermail/plugins-writers/2005-June/msg00005.html

Use at your own risk -- I've not tried this and have no idea
how well this will work in future versions.

George

--
theall@tenablesecurity.com

Sorry for the confusion, it is a *nix machine I'm looking at.
Thanks for the tip about the signing.

Now I only found windows-plugins, does anyone know of a plugin come that searches for a file and search for a string inside of it? Or anything close to that?

Thanks a lot,

-----Original Message-----
From: MadHat [mailto:madhat@unspecific.com]
Sent: Monday, June 20, 2005 18:59
To: Dekker, M.A.C.
Cc: plugins-writers@list.nessus.org
Subject: Re: [Plugins-writers] local checks

On Jun 20, 2005, at 3:39 AM, <M.A.C.Dekker@telecom.tno.nl> <M.A.C.Dekker@telecom.tno.nl> wrote:
> Dear all,
> Is it possible to run a local check for risky lines in say the apache
> config http.config or the php config php.ini files?
> I seem to see only local scans on registry-values?
> I'm thinking about some standalone file-finder, perl or so, however I
> would just love to bring it as a nasl script.

I am guessing since you mentioned registry, you are looking at windows. If so, take a look at the smb_file_funcs.inc, it has the functions you need to read files on a windows box.



--
MadHat (at) Unspecific.com, C²ISSP
E786 7B30 7534 DCC2 94D5 91DE E922 0B21 9DDC 3E98 gpg --keyserver wwwkeys.us.pgp.net --recv-keys 9DDC3E98