In the ScanLite docs, it says be careful with the ntp_version setting as
it can change results. I assume it is referring to the scan results. Is
there a way that I can tell what NTP version my other clients
(Unix/Windows) are using (the docs say ScanLite defaults to v1.2)?
Thanks,
Steve
>>> Dave King <[EMAIL PROTECTED]> 3/16/2007 10:01 AM >>>
Interesting. Are you using the same preferences and plugins using
scanlite as you are using the Nessus client? If you are I guess
there's
always a chance that Nessus is sending back a response but Nessus
isn't
categorizing it correctly as a hole message and ignoring it or
something
(even though I don't remember ever having that problem).
Laters,
Dave
Steve Reagan wrote:
> I updated the Net::Nessus::Messages module to include the "NOTE"
info
> that Dave provided. Now, when I run the anti-virus plugin scan
against
> my test machine, I get the following info from ScanLite:
>
> Total info's = 1
> Info:
> ID: 16193
> Port: 445
> Dessc:
> Synopsis :
>
> An antivirus is installed on the remote host.
>
> Description :
>
> The remote host has an antivirus installed and running.
> The remote antivirus engine and virus definitions are
> up to date.
>
> Risk factor :
>
> None
>
> Plugin output :
>
>
> The remote host has the McAfee antivirus installed. It has been
> fingerprinted as :
>
> McAfee VirusScan Enterprise : 8.0.0.912
> Engine version : 5100
> DAT version : 4984
> Updated date : 14 March 2007
> ePO Agent : not present.
>
>
>
> Total hole's = 0
>
> When I run the anti-virus plugin scan with my anti-virus
> disabled, ScanLite does not report it as a hole, as the other Nessus
> clients do (Linux/Windows). So it looks like my credentials are
> passing now, but ScanLite is not reporting the hole from the scan
> results for some reason.
>
> >>> Dave King <[EMAIL PROTECTED]> 3/14/2007 4:26 PM >>>
> If I remember right when preferences get sent to the server they all
get
> sent together, I'm pretty sure the separation is mostly for
> organizational purposes for the .nessusrc file and for Nessus
Clients,
> but the server just needs all the prefs and doesn't care how they're
> separated. Maybe someone form the Nessus team or NessusClient team
> could verify this. It may be though that you need to use the longer
> name like is in the .nessusrc file. so instead of what I said before
it
> should be
>
> $nessus->preferences( { "Login configurations[entry]:SMB account" =>
> 'username', "Login configurations[password]:SMB password" =>
> 'password' });
>
> You can always try it and a plugin (I believe it's 10394
> <index.php?view=single&id=10394>) will tell you if you're logged
into
> the host correctly. If you still can't get it to work let me know
and
> in the next couple of days I can look at my scanlite setup and see
how I
> was running it.
>
> Laters,
> Dave
>
>
> Steve Reagan wrote:
> > $nessus->preferences( { "SMB account" => 'username', "SMB password"
=>
> > 'password' });
> >
> > I've noticed that the syntax is different for defining plugin_set,
> > such as:
> >
> > $nessus->plugin_set("10835;10861");
> >
> > So do the plugin preferences get lumped into "preferences" or are
they
> > defined separately? The entries look very different in the
.nessusrc
> > file with the plugin preferences section being labeled
plugins_prefs.
> > The section names in the .nessusrc don't seem to match up exactly
with
> > what is used in scanlite.
> >
> > The .nessusrc entry for plugin preferences SMB credentials looks
like:
> >
> > begin(PLUGINS_PREFS)
> > Login configurations[entry]:SMB account : = myuser
> > Login configurations[password]:SMB password : = mypw
> > end(PLUGINS_PREFS)
> > While the server preferences look like:
> >
> > begin(SERVER_PREFS)
> > silent_dependencies = yes
> > auto_enable_dependencies = yes
> > safe_checks = yes
> > end(SERVER_PREFS)
> > Thanks for any input,
> > Steve
> > >>> Dave King <[EMAIL PROTECTED]> 3/14/2007 11:26 AM >>>
> > I haven't messed with scanlite for a little while, but from what I
> > remember it should be something like this
> >
> > use Net::Nessus::ScanLite;
> > my $nessus = Net::Nessus::ScanLite->new( host => "some.host.net"
port =>
> > 1234, ssl => 1, );
> >
> > $nessus->preferences( { "SMB account" => 'username', "SMB password"
=>
> > 'password' });
> >
> > then you would continue on with the plugins and such as shown on
this
> > page
> >
>
http://search.cpan.org/~jpb/Net-Nessus-ScanLite-0.01/lib/Net/Nessus/ScanLite.pm
>
<http://search.cpan.org/%7Ejpb/Net-Nessus-ScanLite-0.01/lib/Net/Nessus/ScanLite.pm>
> >
>
<http://search.cpan.org/%7Ejpb/Net-Nessus-ScanLite-0.01/lib/Net/Nessus/ScanLite.pm>
> >
> > One problem you may run into with the perl Nessus modules is that
they
> > don't support Note messages. It does holes and infos just fine,
but
> > Notes will simply be skipped over. I patched my own
> > Net::Nessus::Messages file to convert Notes to Infos and I could
look in
> > that and let you know which line had to be changed (it seems like
it was
> > a pretty easy fix).
> >
> > If you're not tied to Perl, then you may want to check out Ruby's
> > nessuslibs. I wrote this about a year ago and need to go back and
> > finish it up, but it should be more functional than any of the
perl
> > modules. It should do all the basics anyways. It's found at
> > http://rubyforge.org/projects/nessuslibs/ and if anyone does try it
out
> > let me know if you have any suggestions on how I could make it
better.
> >
> > Dave
> >
> >
> >
> > Steve Reagan wrote:
> > > Does anyone know the syntax for supplying plugins_prefs from
scanlite?
> > > Specifically, I'm trying to configure a SMB user/password.
> > >
> > > An alternative would be if I could make the server override the
> > > scanlite settings and use the SMB user/password in the .nessusrc
file.
> > > A big thanks to anyone that can offer some input.
> > >
> > > Steve
> > >
>
------------------------------------------------------------------------
> > >
> > > _______________________________________________
> > > Nessus mailing list
> > > [email protected]
> > > http://mail.nessus.org/mailman/listinfo/nessus
> _______________________________________________
> Nessus mailing list
> [email protected]
> http://mail.nessus.org/mailman/listinfo/nessus
_______________________________________________
Nessus mailing list
[email protected]
http://mail.nessus.org/mailman/listinfo/nessus
