Rodolfo, I can understand why you were confused as to why my script kills the Daemon instead of using the -HUP that nessus-update-plugins was using. So let me explain.
We were using a cron job to kick off nessus-update-plugins every 4 hours, to make sure that we had the latest plugins available for scanning. We also do regular scanning of certain host within our organization. Unfortunately, there were times when these two collided, and the results from the scan were completely wrong. We would get scans back on machines claiming that there were no holes, however we always have at least one warning on our PCs, so we knew these scans had to be wrong. The problem was that when nessus-update-plugins "kicked" the daemon, it screwed up any running scans. So we established the following order of events to prevent this from happening. 1. The nessus-plugin-logger.pl script waits until no one is connected to the daemon before updating the plugins. This ensures no scans are interupted. 2. When no one is connected, we kill the daemon to ensure that no one connects to do a scan while the plugins are being updated. 3. When the update is complete the daemon is restarted, and hence reloads itself with the latest plugin list. We felt this was the safest way to handle the issue. Feel free to modify the script in any way that fits your needs; that's what it is there for. :-) It was of course written to fit our needs, so the specifics of it are geared toward that end. Hope this clears everything up for you. If you have any other comments/suggestions, don't hesitate to contact me. Have a great day. Austin -----Original Message----- From: Rodolfo Baader [mailto:[EMAIL PROTECTED]] Sent: Tuesday, July 16, 2002 9:54 AM To: Gilbert, Austin Subject: Re: asking for nessus-plugin-logger Gilbert: Thanks for the script. It works good and does a good job, but i�ve a couple of comments: First of all, i�m running nessus on a FreeBSD machine, so i had to change the options to the ps command form "-ea" to "-ax" in order to make it work. The other thing I saw is that I don�t understand why it is necessary to kill the daemon and restart it. If you look at the nessus-update-plugins, it only kills -HUP the daemon, in order to "see" the new plugins. Isn�t this enough? Well, hope this comments help. Thanks again, Regards, Rodolfo "Gilbert, Austin" wrote: > Rodolfo, > > I am always pleased when people are interested in my work!! > > Keep in mind these perl scripts require Mail::Sendmail and > Time::Local. > > Here is the nessus-plugin-logger.pl and an added bonus, > nessus-alert.pl which tells you who has executed scans with your > daemon in the last 24 hours. > > Cheers, > Austin > > -----Original Message----- > From: Rodolfo Baader [mailto:[EMAIL PROTECTED]] > Sent: Monday, July 15, 2002 9:54 AM > To: [EMAIL PROTECTED] > Subject: asking for nessus-plugin-logger > > Gilbert: > > I�m sorry to bother you, but I read on nessus-list archives > (http://msgs.securepoint.com/nessus/) about a tool you wrote called > nessus-plugin-logger. I'm very interested on using this tool. > Unfortunatelly, the attached files you sent are not stored on that > server, so i�d be glad if you can send this to me. > > TIA, > > Rodolfo. > > IMPORTANT NOTICE: > > This message is intended only for the use of the individual or entity > to which it is addressed and may contain information that is > privileged, confidential and exempt from disclosure under applicable > law. If you have received this message in error, you are hereby > notified that we do not consent to any reading, dissemination, > distribution or copying of this message. If you have received this > communication in error, please notify the sender immediately and > destroy the transmitted information. > > > > > ---------------------------------------------------------------------- -- > > nessus-alert.plName: nessus-alert.pl > Type: Perl Program (application/x-perl) > > Name: nessus-plugin-logger.pl > nessus-plugin-logger.pl Type: Perl Program (application/x-perl) > Encoding: quoted-printable IMPORTANT NOTICE: This message is intended only for the use of the individual or entity to which it is addressed and may contain information that is privileged, confidential and exempt from disclosure under applicable law. If you have received this message in error, you are hereby notified that we do not consent to any reading, dissemination, distribution or copying of this message. If you have received this communication in error, please notify the sender immediately and destroy the transmitted information.
