Doug Nordwall wrote:
> is there a setting for plugins to disable them by default? the nikto.nasl
> has a nice checkbox.. any other way? I have one with reverse logic (errors
> if false) that is quite handy, btu also rings high when you forget to put in
> credentials.
>
> alternatively, I suppose, I could use a snippet of code to require
> credentials.
I have a similar problem with a plugin that requires root credentials.
If you enter the wrong root password my script will get errors from the
target (e.g. permission denied reading /etc/shadow) and thus fail.
So instead of trying to catch all possible exceptions, I decided to
write a check to see if root managed to successfully login, which requires:
1. entered username (handled by ssh_func.inc)
2. entered password (handled by ssh_func.inc)
3. correct username/password entered
4. su/sudo selected
5. su/sudo password entered (no password causes Nessus to hang)
6. correct su/sudo password entered
The best way I found was to do the normal checking for a successful SSH
connection which handles 1-3, then issue the 'id' command and check if
you get uid=0 back, that way you know you've got through 4-6 and now
have a root prompt.
Calling one plugin from another would be a nice thing to have - i.e. my
plugin checks for a valid root login, but if it fails I'd like it to
call hostlevel_check_failed.nasl and set the bit in the KB, rather than
me having to issue a security_note() for every failed plugin - and do
the above checks in every plugin instead of just script_exclude_keys().
But anyway, back to your main problem: if you want to disable the whole
plugin and not just a preference, can't you just save the scan policy
with it disabled in the plugin list, that way you don't have to code up
a checkbox/preference.
--
Simon John
nessus at the-jedi.co.uk
_______________________________________________
Plugins-writers mailing list
Plugins-writers@list.nessus.org
http://mail.nessus.org/mailman/listinfo/plugins-writers