Advanced
Mailing List Archive

Mailing List Archive

  1. Home >
  2. Nessus>
  3. plugins
Nessus 2.2.7 Reporting Inconsistency
nessusd at nemesis316
Jul 27, 2006, 1:47 PM
Post #1 of 8 (4513 views)
Permalink
Hello All,



I am currently running Nessus 2.2.7 on a Debian 3.1 platform. For the last several months, I have extensively QA Windows's base Nessus checks. I have come across a reporting inconsistency when running two of the same Nessus check against the same target.



My assumption of Nessus checks is that each unique script ID\file name is considered a unique Nessus check. For example Nessus Script ID: 18490 would be considered a unique Nessus check



I would take the original Nessus check (18490) and make two copies of it. The first copy I change the script ID to 7000100 and rename the file to threat1.nasl. The second copy I change the script ID to 7000200 and rename the file to threat2.nasl.



Test 1:

When I run script ID 7000100 by itself, the script reports correctly.



Test 2:

When I run script ID 7000200 by itself, the script reports correctly.



Test 3:

When I run both script ID 7000100 and 7000200, the report will only report on one of the script IDs. Nessus dump file does not report any problems and Nessus messages file show only running one script ID and not the other.



What would cause this reporting inconsistency?



Thanks,

Paul
Re: Nessus 2.2.7 Reporting Inconsistency [ In reply to ]
theall at tenablesecurity
Jul 27, 2006, 5:40 PM
Post #2 of 8 (4393 views)
Permalink
Paul Bellefeuille wrote:
> Hello All,
>
>
>
> I am currently running Nessus 2.2.7 on a Debian 3.1 platform. For the
> last several months, I have extensively QA Windows’s base Nessus checks.
> I have come across a reporting inconsistency when running two of the
> same Nessus check against the same target.
>
>
>
> My assumption of Nessus checks is that each unique script ID\file name
> is considered a unique Nessus check. For example Nessus Script ID: 18490
> would be considered a unique Nessus check
>
>
>
> I would take the original Nessus check (18490) and make two copies of
> it. The first copy I change the script ID to 7000100 and rename the file
> to threat1.nasl. The second copy I change the script ID to 7000200 and
> rename the file to threat2.nasl.
>
>
>
> Test 1:
>
> When I run script ID 7000100 by itself, the script reports correctly.
>
>
>
> Test 2:
>
> When I run script ID 7000200 by itself, the script reports correctly.
>
>
>
> Test 3:
>
> When I run both script ID 7000100 and 7000200, the report will only
> report on one of the script IDs. Nessus dump file does not report any
> problems and Nessus messages file show only running one script ID and
> not the other.
>
>
>
> What would cause this reporting inconsistency?
>
>
>
> Thanks,
>
> Paul
>
>
> ------------------------------------------------------------------------
>
> _______________________________________________
> Plugins-writers mailing list
> Plugins-writers@list.nessus.org
> http://mail.nessus.org/mailman/listinfo/plugins-writers


--
theall@tenablesecurity.com
_______________________________________________
Plugins-writers mailing list
Plugins-writers@list.nessus.org
http://mail.nessus.org/mailman/listinfo/plugins-writers
Re: Nessus 2.2.7 Reporting Inconsistency [ In reply to ]
theall at tenablesecurity
Jul 27, 2006, 5:44 PM
Post #3 of 8 (4393 views)
Permalink
On Thu, Jul 27, 2006 at 03:47:13PM -0500, Paul Bellefeuille wrote:

[Apologies for the previous message.]

> My assumption of Nessus checks is that each unique script ID\file name
> is considered a unique Nessus check. For example Nessus Script ID: 18490
> would be considered a unique Nessus check

I'm not sure this is a good assumption: in the past, I've noticed issues
when two plugins share the same script_name as well.

George
--
theall@tenablesecurity.com
_______________________________________________
Plugins-writers mailing list
Plugins-writers@list.nessus.org
http://mail.nessus.org/mailman/listinfo/plugins-writers
Re: Nessus 2.2.7 Reporting Inconsistency [ In reply to ]
nessusd at nemesis316
Jul 28, 2006, 12:01 AM
Post #4 of 8 (4384 views)
Permalink
> I'm not sure this is a good assumption: in the past, I've noticed issues when two plugins share the same script_name as well.

This may be true but as I stated before I change the script ID and the file name. (The first copy I change the script ID to 7000100 and rename the file to threat1.nasl. The second copy I change the script ID to 7000200 and rename the file to threat2.nasl.)



What would cause this reporting inconsistency?



Thanks,

Paul
Re: Nessus 2.2.7 Reporting Inconsistency [ In reply to ]
deraison at nessus
Jul 28, 2006, 12:25 AM
Post #5 of 8 (4392 views)
Permalink
On Jul 28, 2006, at 9:01 AM, Paul Bellefeuille wrote:

> > I'm not sure this is a good assumption: in the past, I've noticed
> issues when two plugins share the same script_name as well.
>
> This may be true but as I stated before I change the script ID and
> the file name. (The first copy I change the script ID to 7000100
> and rename the file to threat1.nasl. The second copy I change the
> script ID to 7000200 and rename the file to threat2.nasl.)
>
> What would cause this reporting inconsistency?

You need to change script_name() as well (not the file name, the
actual call in the file), otherwise only one of the two files will be
loaded by nessusd.



-- Renaud
_______________________________________________
Plugins-writers mailing list
Plugins-writers@list.nessus.org
http://mail.nessus.org/mailman/listinfo/plugins-writers
Re: Nessus 2.2.7 Reporting Inconsistency [ In reply to ]
nessusd at nemesis316
Jul 28, 2006, 12:30 AM
Post #6 of 8 (4382 views)
Permalink
I need to make a correction to my last posting:

>This may be true but as I stated before I change the script ID and the file name...

I should have said:

That's weird because most of the Windows base scripts share the same script_name(script_name(english:name["english"]);) I do not quite understand how script_name would affect reporting nor do I understand why I am getting reporting inconsistency in my scenario. Could some explain?

Thanks,
Paul
Re: Nessus 2.2.7 Reporting Inconsistency [ In reply to ]
nessusd at nemesis316
Jul 28, 2006, 12:40 AM
Post #7 of 8 (4399 views)
Permalink
>>You need to change script_name() as well (not the file name, the actual call in the file), otherwise only one of the two files will be loaded by nessusd.

Thanks Renaud

Thanks,
Paul
Re: Nessus 2.2.7 Reporting Inconsistency [ In reply to ]
theall at tenablesecurity
Jul 28, 2006, 3:36 AM
Post #8 of 8 (4373 views)
Permalink
On Fri, Jul 28, 2006 at 02:30:26AM -0500, Paul Bellefeuille wrote:

> That's weird because most of the Windows base scripts share the same
> script_name(script_name(english:name["english"]);)

name["english"] would give the actual value used by script_name in such
cases.

George
--
theall@tenablesecurity.com
_______________________________________________
Plugins-writers mailing list
Plugins-writers@list.nessus.org
http://mail.nessus.org/mailman/listinfo/plugins-writers

©2024 GT.net. A Gossamer Threads company.
5th Floor, 455 Granville St., Vancouver, BC V6C 1T1, Canada | Legal