RE: Plugin 13855 - installed hotfixes

[Andrew Court]

Hi John, Thanks for our help. I really appreciate it. Ill test it today
and let you know how it goes.
 
Thanks again,

Andrew Court 

IT Security Specialist | BT Retail - Ireland |
E:[EMAIL PROTECTED] |Mobile: +353 86 1720 692 | Fax: +353 1 432 5899|
www.btireland.com 

        -----Original Message-----
        From: John Scherff [mailto:[EMAIL PROTECTED] 
        Sent: 27 October 2007 07:09
        To: Andrew Court
        Cc: nessus@list.nessus.org
        Subject: RE: Plugin 13855 - installed hotfixes
        
        
        Andrew,
         
        Not sure if you received this earlier.  I sent it to you and to
the list this morning from my work account ( [EMAIL PROTECTED]
<mailto:[EMAIL PROTECTED]> ), but it never showed up on the list so
we might be having SMTP issues.  Anyway, here it is from my personal
email account, just in case. 
         
        John
         
        * * * * * * 
         
        Andrew,
         
        Nessus will tell you if you're missing any hotfixes.
         
        However, if you really need the list, try the below script... I
tested it on a couple hosts and it seems to work. Name it
smb_hotfixes_list.nasl or something, pick a different plugin ID if you
wish (I can never remember which range I'm supposed to use), place it in
the /opt/nessus/lib/nessus/plugins directory, run
/opt/nessus/sbin/nessusd -t, restart nessusd (just to be sure), and then
run a scan.  FYI, I put the results in a hash first (rather than
concatenating directly to the report string) to remove duplicates and
sort the output. 
         
        If you want these in MSYY-NNN format, you'll have to write an
include file that does the mapping for you... probably an exercise in
futility. 
         
        Cheers,
         
        John Scherff
        24 Hour Fitness
        Sr. IT Security Engineer
         
         
        

        # ==========================================================
        # Author: John Scherff, 24 Hour Fitness, 25 October 2007
        # ========================================================== 
         
        desc["english"] = "
        Synopsis :
         
        Installed Windows Hotfixes
         
        Description :
         
        The Windows hotfixes listed below are installed on this
computer.
         
        Risk factor :
         
        None";
         
        if( description ) {
         
          script_id( 66001 );
          script_version( "$Revision: 1.60 $" );
          script_description( english: desc["english"] );
          script_category( ACT_GATHER_INFO ); 
         
          name["english"] = "Installed Windows Hotfix List";
          script_name( english: name["english"] );
         
          summary["english"] = "Lists Windows hotfixes that have been
installed on the computer.";
          script_summary( english: summary["english"] ); 
         
          copyright["english"] = "This Script is Copyright (C) 2007 John
Scherff / 24 Hour Fitness";
          script_copyright( english: copyright["english"] ); 
         
          family["english"] = "Windows";
          script_family( english: family["english"] );
         
          script_dependencies( "smb_hotfixes.nasl" );
          script_require_keys( "SMB/Registry/Enumerated" );
         
          exit( 0 );
        }
         
        smbEnumerationStatus = get_kb_item( "SMB/Registry/Enumerated" );
        if( smbEnumerationStatus != TRUE ) exit( 0 );
         
        hotfixHash = make_array();
        hotfixList = '';
         
        kbPrefixAry = make_list(
          "SMB/Registry/HKLM/SOFTWARE/Microsoft/Updates/*",
          "SMB/Registry/HKLM/SOFTWARE/Microsoft/Windows
NT/CurrentVersion/HotFix/*", 
          "SMB/Registry/HKLM/SOFTWARE/Microsoft/Fpc/Hotfixes/*",
          "SMB/Registry/HKLM/SOFTWARE/Microsoft/Updates/Windows Media
Player/*"
        );
         
        foreach kbPrefix ( kbPrefixAry ) {
          kbHash = get_kb_list( kbPrefix );
          foreach kbKey ( keys( kbHash ) ) {
            if( kbHash[kbKey] == TRUE ) {
              match = eregmatch( 
                pattern: '/(KB[0-9]{6}[A-Z0-9_]{0,6})',
                string: kbKey,
                icase: TRUE
              );
              if( match ) hotfixHash[match[1]] = 1;
            }
          }
        }
         
        foreach hotfixKey ( sort( keys( hotfixHash ) ) ) {
          hotfixList += ' - ' + hotfixKey + '\n';
        }
         
        if( hotfixList) {
          report = string( desc["english"], '\n\nPlugin Output :\n\n' +
hotfixList + '\n' );
          security_note( port: 0, data: report ); 
        }
         
         
         

________________________________

        From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Andrew Court
        Sent: Thursday, October 25, 2007 12:10 PM
        To: nessus@list.nessus.org
        Subject: Plugin 13855 - installed hotfixes
        
         

        Hi, 

        This is probably pretty basic, but, here goes. Plugin 13855
enumerates the list of installed hotfixes on a windows box. It stores
the information in the KB to prevent extended use of the remote
registry. However I want that list of installed hotfixes. How do I
include it in the nsr/nbe report that nessus outputs. I know I can use
get_kb_item in a nasl script to get information from the kb but I am not
sure how to tell it which info to get. I want the list of installed
patches for a patch audit, so if anyone has any custom scripts they have
used for patch audits, I would be very much obliged if they sent them to
me. 

        Kind Regards, 

        Andrew Court 

        IT Security Specialist | BT Retail - Ireland |
        E: [EMAIL PROTECTED] <mailto:[EMAIL PROTECTED]>  |Mobile:
+353 86 1720 692 | Fax: +353 1 432 5899| www.btireland.com
<file://www.btireland.com/>  



_______________________________________________
Nessus mailing list
Nessus@list.nessus.org
http://mail.nessus.org/mailman/listinfo/nessus