I have some difficulties about nessus automation. My shell scripts runs perfect under the command line but doesn't work for cron. Thought I tried to google anything I can find, I cannot fix my problem. Hope you can give me a hand.
My method for automation is quite simple.
1)Write a bash shell script named nessus-autorun.bash under the directory /nessus/nessus-auto/
2) Write a cron file named test_cron and register it.
Here is some screensnaps:
I hope it runs on 16:30 Mar 10 2004
My simple script is following. The iplist_scan only has one ip which is on my next desk.
[EMAIL PROTECTED] log]# cat /nessus/nessus-auto/nessus-autorun.bash
#!/bin/bash
cd /nessus/nessus-auto
echo `pwd`
HOST=192.168.1.110
PORT=1241
USR=scan
PWD=scan
IPLIST=iplist_scan
NSRFILE=iplist_$(date +%m%d%Y_%H:%M:%S)".nsr"
echo $NSRFILE
nessus -V -c .nessusrc -q $HOST $PORT $USR $PWD $IPLIST $NSRFILE
echo finish the scan
echo parser result
#nsr_format_perl is a homemade script to parse nsr file.
perl nsr_format_perl $NSRFILE
exit
My cronjob
[EMAIL PROTECTED] log]# crontab -l;
# DO NOT EDIT THIS FILE - edit the master and reinstall.
# (test_cron installed on Wed Mar 10 16:26:19 2004)
# (Cron version -- $Id: crontab.c,v 2.13 1994/01/17 03:20:37 vixie Exp $)
SHELL=/bin/bash
PATH=/sbin:/bin:/usr/sbin:/usr/bin:/usr/local/:/nessus/nessus-auto
MAILTO=root
HOME=/
# run-parts
#minute hour day month dayofweek command
#0-59 0-23 1-31 1-12 0-7 /usr/local/sbin/nessusd.8
30 * * * * bash /nessus/nessus-auto/nessus-autorun.bash
It seems cron is working well......
[EMAIL PROTECTED] log]# tail cron
Mar 10 16:25:53 secinfo crontab[29874]: (root) DELETE (root)
Mar 10 16:26:00 secinfo crond[1670]: (tmp.7618) ORPHAN (no passwd entry)
Mar 10 16:26:00 secinfo crond[1670]: (tmp.29381) ORPHAN (no passwd entry)
Mar 10 16:26:00 secinfo crond[1670]: (tmp.17997) ORPHAN (no passwd entry)
Mar 10 16:26:19 secinfo crontab[29875]: (root) REPLACE (root)
Mar 10 16:26:24 secinfo crontab[29876]: (root) LIST (root)
Mar 10 16:27:00 secinfo crond[1670]: (tmp.7618) ORPHAN (no passwd entry)
Mar 10 16:27:00 secinfo crond[1670]: (tmp.29381) ORPHAN (no passwd entry)
Mar 10 16:27:00 secinfo crond[1670]: (tmp.17997) ORPHAN (no passwd entry)
Mar 10 16:30:01 secinfo CROND[29879]: (root) CMD (bash /nessus/nessus-auto/nessus-autorun.bash)
There is no logs for nessus and there is no file like
[EMAIL PROTECTED] logs]# date
Wed Mar 10 16:46:04 EST 2004
[EMAIL PROTECTED] logs]# tail -100 nessusd.messages|grep 16:30|more
[EMAIL PROTECTED] logs]#
I run the script perfectlly under command line
[EMAIL PROTECTED] log]# bash /nessus/nessus-auto/nessus-autorun.bash
/nessus/nessus-auto
iplist_03102004_16:48:56.nsr
attack|192.168.1.101|1|1751
attack|192.168.1.101|2|1751
portscan|192.168.1.101|0|1218
portscan|192.168.1.101|115|1218
portscan|192.168.1.101|215|1218
portscan|192.168.1.101|404|1218
portscan|192.168.1.101|504|1218
portscan|192.168.1.101|609|1218
portscan|192.168.1.101|1211|1218
portscan|192.168.1.101|1437|1218
portscan|192.168.1.101|1537|1218
portscan|192.168.1.101|2040|1218
portscan|192.168.1.101|5000|1218
portscan|192.168.1.101|7008|1218
portscan|192.168.1.101|32778|1218
Another thing is I found my .nessusrc under /nessus/nessus-auto/ is added something I don't understand. I guessed it was doned by nessus.
Could you give me some advice here? I suspects it is about the processe privilege problem. But I don't know how to fix it.
Your assistance will be highly appreciated!
Jian Hui
Gosecure. Inc.
[EMAIL PROTECTED]
_______________________________________________ Nessus mailing list [EMAIL PROTECTED] http://mail.nessus.org/mailman/listinfo/nessus
