Remember that your changes will be overwritten the next time Nessus updates its 
plugins.

________________________________

From: [EMAIL PROTECTED] on behalf of Pavithra H
Sent: Thu 8/9/2007 7:10 AM
To: Serkan Özkan; [email protected]
Subject: Re: force slackware plugins


Code snippet from ssh_get_info.nasl which handles Slackware.

###################### Slackware ########################################

  buf = info_send_cmd(cmd: 'cat /etc/slackware-version');

  if ("Slackware" >< buf)
  {
    buf = ereg_replace(string: buf, pattern: "^Slackware +", replace: "");
    report += '\nThe remote Slackware system is :\n' + buf;
    if (buf !~ '^[0-9.]+[ \t\r\n]*$')
    {
      report += '\nThe Slackware version is unknown, therefore 
local security checks have been disabled\n';
      security_note(port:port, data:report);
      exit(0);
    }
    set_kb_item(name:"Host/Slackware/release", value: chomp(buf));

    buf = info_send_cmd(cmd: 'ls -1 /var/log/packages');

    if (buf)
    {
      report += '\nLocal security checks have been enabled for this host.';
      set_kb_item(name:"Host/Slackware/packages", value:buf);
      set_kb_item(name:'Host/local_checks_enabled', value: TRUE);
      security_note(port:port, data:report);
    }
    else
    {
      report += 
'For any reason, /var/log/packages/ could not be read, 
therefore local security checks have been disabled';
    set_kb_item(name:'HostLevelChecks/failure', value:"'/var/log/packages' 
could not be read");
    security_note(port:port, data:report);
    }
    misc_calls_and_exit();
  }

  report += 
'\nThe remote Linux distribution is not supported, therefore local security 
checks have not been enabled';
  security_note(port:port, data:report);
  set_kb_item(name:'HostLevelChecks/failure', value:"Unsupported Linux 
distribution");
  misc_calls_and_exit();
}

########################################################################

>From the code it is inferred that executing a command 'cat 
>/etc/slackware-version' confirms Slackware has been installed and then only 
>proceed further. So if you have the permission to edit this plugin as below. 
>But remember this will break the chain of detecting Slackware and enforcing 
>the local checks in Slackware. If you run this script any other system it sets 
>the kb item for Slackware since we dont any checks to say which Os is running.

#############################################
    # hard code Slackware release version here 
    buf = 10.0; # whatever version that has been installed
    set_kb_item(name:"Host/Slackware/release", value: chomp(buf));

    buf = info_send_cmd(cmd: 'ls -1 /var/log/packages');

    if (buf)
    {
      report += '\nLocal security checks have been enabled for this host.';
      set_kb_item(name:"Host/Slackware/packages", value:buf);
      set_kb_item(name:'Host/local_checks_enabled', value: TRUE);
      security_note(port:port, data:report);
    }
    else
    {
      report += 
'For any reason, /var/log/packages/ could not be read, 
therefore local security checks have been disabled';
    set_kb_item(name:'HostLevelChecks/failure', value:"'/var/log/packages' 
could not be read");
    security_note(port:port, data:report);
    }
    misc_calls_and_exit();
  }

  report += 
'\nThe remote Linux distribution is not supported, therefore local security 
checks have not been enabled';
  security_note(port:port, data:report);
  set_kb_item(name:'HostLevelChecks/failure', value:"Unsupported Linux 
distribution");
  misc_calls_and_exit();
#####################

PS: I have not tested the code. Pls try the code & do reply.


On 8/9/07, Serkan Özkan <[EMAIL PROTECTED] > wrote: 

        Yes, i have it.
        
        On 8/9/07, Pavithra H < [EMAIL PROTECTED] <mailto:[EMAIL PROTECTED]> > 
wrote:
        > hey do you have the permission to modify the plugin ssh_get_info.nasl?
        >
        




-- 
Thanks,
Pavithra.H
Research Analyst, Thirdbrigade Labs 
Bangalore 
_______________________________________________
Nessus mailing list
[email protected]
http://mail.nessus.org/mailman/listinfo/nessus

Reply via email to