I believe the point here is that this type of information could be passed by the server back to the client where the client could do whatever may be desired, report generation being one example. Presumably this would require changes in plugins and the plugin environment, NTP (client/server protocol), and of course with clients that consume the new data (perhaps NTP is well enough designed to allow an extension without upsetting existing clients).
> -----Original Message----- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED]] > Sent: Friday, February 07, 2003 7:08 PM > To: Jim Cervantes; Norbert Kiesel; William Heinbockel > Cc: Nessus List > Subject: RE: How do I know which attacks were run? > > > Hi: > Would this information be in addition to the nessusd logs. > > >-- Original Message -- > >From: "Jim Cervantes" <[EMAIL PROTECTED]> > >To: "Norbert Kiesel" <[EMAIL PROTECTED]>, > > "William Heinbockel" <[EMAIL PROTECTED]> > >Cc: "Nessus List" <[EMAIL PROTECTED]> > >Subject: RE: How do I know which attacks were run? > >Date: Fri, 7 Feb 2003 18:32:22 -0500 > > > > > >Yes, yes, yes! I would really like to know that plugin XYZ ran, that it > >found the pertinent service (or to be told explicitly that it did not), > >detected a vulnerability (or to be told explicitly that it did not), etc. > > > >> -----Original Message----- > >> From: [EMAIL PROTECTED] > >> [mailto:[EMAIL PROTECTED]]On Behalf Of Norbert Kiesel > >> Sent: Friday, February 07, 2003 5:05 PM > >> To: William Heinbockel > >> Cc: Nessus List > >> Subject: Re: How do I know which attacks were run? > >> > >> > >> Hi, > >> > >> yes this would work - kind of. Then I would get a list of all plugins > >> which were enabled. What would be really cool would be to get > something > >> like: > >> 1023:LAUNCHED > >> 1024:DISABLED > >> 1025:NOPORT > >> 1026:UNSAFE > >> 1027:NOPORT > >> 1028:LAUNCHED > >> ... > >> > >> i.e. about the same information we currently have in the log file (with > >> preferences_log_whole_attack enabled), just in a better > parseable format > >> and in the result instead of the log. > >> > >> AFAICS, this result per plugin is currently not stored anywhere (i.e. > >> attack.c just writes it into the log file). > >> > >> --nk > >> > >> > >> On Fri, 2003-02-07 at 12:52, William Heinbockel wrote: > >> > On Fri, 7 Feb 2003, Norbert Kiesel wrote: > >> > > >> > > Hi, > >> > > > >> > > I would like to know which attacks (i.e. attack_ids) were run > >> against a > >> > > target (so that I know whether i did not find a vuln because it's > not > >> > > there or because i just disabled this plugin). Is there any > >> place where > >> > > I can access this kind of information? Currently I hacked > >> > > nessusd/attack.c to include the attack_id in the (three) > >> places where it > >> > > writes "launching ... against" or "not launching ..." into the log > >> > > file. One drawback is that this only writes it into the log, not > the > >> > > result file (i.e. i currently stop nessusd after each scan > >> and copy the > >> > > logfile). > >> > > > >> > > Any ideas? > >> > > >> > Right now, there is no way to output the tests run into a report. > >> > > >> > Putting this code into one of the report sections will > >> > print all of the tests into the report. > >> > > >> > Format the output string as needed... > >> > > >> > <START CODE> > >> > struct arglist * temp = arg_get_value( Prefs, "PLUGIN_SET" ); > >> > while( temp && temp->next ) { > >> > if( temp->value == (void *) 1 ) > >> > fprintf( file, "Plugin %s was run.\n", temp->name ); > >> > } > >> > <END CODE> > >> > > >> > I'm currently working on adding that and some other information > >> > into the Nessus reports, but have temporarily been sidetracked > >> > with adding a database-backend to the Nessus server. > >> > > >> > Hope that helps. > >> > > >> > > > >> > > so long > >> > > Norbert > >> > > > >> > > -- > >> > > Norbert Kiesel <[EMAIL PROTECTED]> > >> > > TBD Networks > >> > > > >> > > > >> > > >> > ---------------------- > >> > William Heinbockel > >> > Information Security Incident Response Assistant > >> > Co-op Risk & Safety Management > >> > Rochester Institute of Technology > >> > E-mail: [EMAIL PROTECTED] > >> -- > >> Norbert Kiesel <[EMAIL PROTECTED]> > >> TBD Networks > >> > > > >
