Mailing List Archive

On Wed, Aug 10, 2005 at 04:28:56PM +0200, Jan-Oliver Wagner wrote:

> I would love to see a plugin that produces a security
> note or warning in the case when nasl_no_signature_checks
> has been enabled. Similar to the plugin that
> warns if you only have gpl feed.
>
> Are the config parameters of nessusd easily available
> for nasl plugins?

I'm pretty sure they're not. You could do this, though, with pread(); eg,

buf = pread(cmd:"nessusd", argv:make_list("nessusd", "-s"));
if ("nasl_no_signature_check = yes" >< buf) {
security_note("nasl_no_signature_checks is enabled!");
}

But then you'd either need to sign it using the nessus.org private key
or enable the parameter. :-)

George
--
theall@tenablesecurity.com

On Thu Aug 11 2005 at 21:18, George A. Theall wrote:

>> Are the config parameters of nessusd easily available
>> for nasl plugins?

> I'm pretty sure they're not.

I added "get_preference" a while ago to retrieve the port range.
I don't know if nasl_no_signature_checks can be read this way.

On Thu, Aug 11, 2005 at 10:05:50PM +0200, Michel Arboi wrote:

>>>Are the config parameters of nessusd easily available
>>>for nasl plugins?
>
>
>>I'm pretty sure they're not.
>
>
> I added "get_preference" a while ago to retrieve the port range.
> I don't know if nasl_no_signature_checks can be read this way.

That only appears to work for those server prefs that appear in
SERVER_PREFS block in a config file; nasl_no_signature_check is not one
of those.

George
--
theall@tenablesecurity.com

On Aug 10, 2005, at 16:28, Jan-Oliver Wagner wrote:

> Hi,
>
> I would love to see a plugin that produces a security
> note or warning in the case when nasl_no_signature_checks
> has been enabled.

What would be the point of that ? Nessus is designed to audit a
network, not waste time auditing itself.


-- Renaud

On Fri, Aug 12, 2005 at 10:49:46AM +0200, Renaud Deraison wrote:
> On Aug 10, 2005, at 16:28, Jan-Oliver Wagner wrote:
> >I would love to see a plugin that produces a security
> >note or warning in the case when nasl_no_signature_checks
> >has been enabled.
>
> What would be the point of that ? Nessus is designed to audit a
> network, not waste time auditing itself.

well, doing an audit I'd appreciate to know some quality measures of
the tool's configuration I am using. One aspect e.g. is whether I use
the limited gpl-feed or the comprehensive registered feed
(there is a plugin for this).
Another quality aspect (at least for me) is whether only
trusted plugins are executed or whether no trust-check happens.

I could think of another one: date when the last fetch-update
happened (e.g. sec. note if its past 7 days, sec. warning if
its past 30 days - replace numbers by something reasonable).

I don't think there will be much more than these few and
I expect no real waste of time compared to running all other plugins.

I was not asking anyone to implement this. I just thought I share
my idea. If its conceptually nonsense, just let me know - after all
I am not a security expert.

Best

Jan

--
Jan-Oliver Wagner http://intevation.de/~jan/
Intevation GmbH http://intevation.de/
Kolab Konsortium http://kolab-konsortium.de/
FreeGIS http://freegis.org/