On Thu, Jul 08, 2004 at 10:04:37AM -0400, Reg Quinton wrote:
Hi,
> I too am very interested in knowing more about how this new SSH based
> functionality works -- it looks really important for my work. The web page
> we're pointed to only talks about checking for patches and doesn't really
> give a rough sense of how that's done.
The process is the following :
- The plugin ssh_get_info.nasl logs into the remote host using the
provided key and password.
- Once it's logged in, it does a "uname -a". Depending on the output, it
will perform a few other commands (cat /etc/redhat-release, rpm -qa,
pkg_info), and it will store the result in the knowledge base.
- Every other plugin only use the knowledge base.
> Would it be possible (say) to write a check that determines that
> /var/log/authlog is not properly protected? Does that involve nothing more
> than running an "ls -l" command on the remote machine and analyzing the
> output within a nasl script?
>
> I am curious too.
It would be perfectly possible to do so, and 'ls -l' would be the way to
go.
My concern at this time is to minimize the number of times we log
into the remote host - you don't want a Nessus scan to
generate 300 login/logouts entries in utmp/wtmp.
So I was thinking log in twice only :
- ssh_get_info.nasl to gather as much info about the remote host as
possible
- Create a <ostype>_policy.nasl to analyze the local security policy for
a given OS. This is not done yet, maybe we can start working on this.
-- Renaud
_______________________________________________
Nessus mailing list
[EMAIL PROTECTED]
http://mail.nessus.org/mailman/listinfo/nessus
