Hi Michael,
Thanks for the info. The reason I am curious is because there are specific category of scripts like "Windows" and the scripts there expect the kb items like:
script_require_keys("SMB/name", "SMB/login", "SMB/password",
"SMB/WindowsVersion",
"SMB/registry_access");
and it shows dependencies :
script_dependencies("netbios_name_get.nasl",
"smb_login.nasl","smb_registry_access.nasl");
So does nessus first go and check whether the dependent scripts
or it first checks the kb items.
Also how do we indicate risk levels in NASL. There is the concept of security hole and warning but is there a way to quantify the risk factor.
Thanks.
Proneet.
-----Original Message-----
From: Michel Arboi [mailto:[EMAIL PROTECTED]]
Sent: Thursday, August 14, 2003 3:38 PM
To: '[EMAIL PROTECTED]'
Subject: Re: Nessus Plugin dependecies
"Biswas, Proneet" <[EMAIL PROTECTED]> writes:
> I am new to NASL. I was trying to figure out how does NASL configure the
> OS dependencies.
Most of the time, you don't have to bother with that. There are two
exceptions where you want to disable a script for some systems:
- to speed Nessus up, if you are 100% sure that the flaw can only
exists in one OS,
- to remove false positives.
In the first case, you may use script_require_keys, and the test will
be disabled if the KB item is not here, _if_ "optimize test" is on.
In the second case, you have to write something like:
os = get_kb_item("Host/OS");
if("Windows" >!< os) exit(0);
(see backorifice1.nasl for example)
--
[EMAIL PROTECTED] http://arboi.da.ru
FAQNOPI de fr.comp.securite http://faqnopi.da.ru/
