you should be able to modify that nasl script and stick it into the 60k
range on the ID. since it just sets kb_items, making yoru mods and setting
the kb items you want should work just fine.
On 8/9/07, Serkan Özkan <[EMAIL PROTECTED]> wrote:
>
> I will try it and let you know .
> Thanks.
>
> Regards
>
>
> On 8/9/07, Pavithra H <[EMAIL PROTECTED]> wrote:
> > Code snippet from ssh_get_info.nasl which handles Slackware.
> >
> > ###################### Slackware
> > ########################################
> >
> > buf = info_send_cmd(cmd: 'cat /etc/slackware-version');
> >
> > if ("Slackware" >< buf)
> > {
> > buf = ereg_replace(string: buf, pattern: "^Slackware +", replace:
> "");
> > report += '\nThe remote Slackware system is :\n' + buf;
> > if (buf !~ '^[0-9.]+[ \t\r\n]*$')
> > {
> > report += '\nThe Slackware version is unknown, therefore
> > local security checks have been disabled\n';
> > security_note(port:port, data:report);
> > exit(0);
> > }
> > set_kb_item(name:"Host/Slackware/release", value:
> > chomp(buf));
> >
> > buf = info_send_cmd(cmd: 'ls -1 /var/log/packages');
> >
> > if (buf)
> > {
> > report += '\nLocal security checks have been enabled for this
> host.';
> > set_kb_item(name:"Host/Slackware/packages",
> > value:buf);
> > set_kb_item(name:'Host/local_checks_enabled', value:
> > TRUE);
> > security_note(port:port, data:report);
> > }
> > else
> > {
> > report +=
> > 'For any reason, /var/log/packages/ could not be read,
> > therefore local security checks have been disabled';
> > set_kb_item(name:'HostLevelChecks/failure',
> > value:"'/var/log/packages' could not be read");
> > security_note(port:port, data:report);
> > }
> > misc_calls_and_exit();
> > }
> >
> > report +=
> > '\nThe remote Linux distribution is not supported, therefore local
> security
> > checks have not been enabled';
> > security_note(port:port, data:report);
> > set_kb_item(name:'HostLevelChecks/failure',
> > value:"Unsupported Linux distribution");
> > misc_calls_and_exit();
> > }
> >
> > ########################################################################
> >
> > From the code it is inferred that executing a command 'cat
> > /etc/slackware-version' confirms Slackware has been installed and then
> only
> > proceed further. So if you have the permission to edit this plugin as
> below.
> > But remember this will break the chain of detecting Slackware and
> enforcing
> > the local checks in Slackware. If you run this script any other system
> it
> > sets the kb item for Slackware since we dont any checks to say which Os
> is
> > running.
> >
> > #############################################
> > # hard code Slackware release version here
> > buf = 10.0; # whatever version that has been installed
> > set_kb_item(name:"Host/Slackware/release", value:
> > chomp(buf));
> >
> > buf = info_send_cmd(cmd: 'ls -1 /var/log/packages');
> >
> > if (buf)
> > {
> > report += '\nLocal security checks have been enabled for this
> host.';
> > set_kb_item(name:"Host/Slackware/packages",
> > value:buf);
> > set_kb_item(name:'Host/local_checks_enabled', value:
> > TRUE);
> > security_note(port:port, data:report);
> > }
> > else
> > {
> > report +=
> > 'For any reason, /var/log/packages/ could not be read,
> > therefore local security checks have been disabled';
> > set_kb_item(name:'HostLevelChecks/failure',
> > value:"'/var/log/packages' could not be read");
> > security_note(port:port, data:report);
> > }
> > misc_calls_and_exit();
> > }
> >
> > report +=
> > '\nThe remote Linux distribution is not supported, therefore local
> security
> > checks have not been enabled';
> > security_note(port:port, data:report);
> > set_kb_item(name:'HostLevelChecks/failure',
> > value:"Unsupported Linux distribution");
> > misc_calls_and_exit();
> > #####################
> >
> > PS: I have not tested the code. Pls try the code & do reply.
> >
> > On 8/9/07, Serkan Özkan <[EMAIL PROTECTED] > wrote:
> > > Yes, i have it.
> > >
> > > On 8/9/07, Pavithra H < [EMAIL PROTECTED]> wrote:
> > > > hey do you have the permission to modify the plugin
> ssh_get_info.nasl?
> > > >
> > >
> >
> >
> >
> > --
> > Thanks,
> > Pavithra.H
> > Research Analyst, Thirdbrigade Labs
> > Bangalore
> _______________________________________________
> Nessus mailing list
> [email protected]
> http://mail.nessus.org/mailman/listinfo/nessus
>
--
Doug Nordwall
Unix, Network, and Security Administrator
You mean the vision is subject to low subscription rates?!!? - Scott Stone,
on MMORPGs
_______________________________________________
Nessus mailing list
[email protected]
http://mail.nessus.org/mailman/listinfo/nessus
