This is interesting... Noticing some new plugin published, I attempted to execute this script again as root:
[EMAIL PROTECTED]:/home/cashby# perl -T /opt/nessus/auto/update-nessus-plugins -bps > /home/cashby/plugin-report.txt this is the error received: Can't run 'describe-nessus-plugin -f bugtraq_id,category,cve_id,family,id,name,risk,summary,version,xref -l english powerdns_malformed_query.nasl' - No such file or directory at /opt/nessus/auto/update-nessus-plugins line 356 I decided to run the script manually to determine if any issued existed: [EMAIL PROTECTED]:/home/cashby# perl -T /opt/nessus/auto/describe-nessus-plugin -f bugtraq_id,category,cve_id,family,id,name,risk,summary,version,xref -l english /opt/nessus/lib/nessus/plugins/powerdns_malformed_query.nasl I received the following error: /opt/nessus/lib/nessus/plugins/powerdns_malformed_query.nasl Insecure dependency in sprintf while running with -T switch at /opt/nessus/auto/describe-nessus-plugin line 510. Is it possible to remove the -T switch from the first line of this code, and still have it properly execute? ashby On Wed, Dec 10, 2008 at 1:16 PM, Mercer, Jeff C - Raleigh, NC <[EMAIL PROTECTED]> wrote: > It is not necessary for normal operation of Nessus. > > It's just a useful little script that will make a backup copy of the existing > plugins before updating, and can optionally report on all the plugins that > have been changed. > > -------- > Jeff Mercer - CISO - Security Vulnerability Assessments > > >>-----Original Message----- >>From: [EMAIL PROTECTED] >>[mailto:[EMAIL PROTECTED] On Behalf Of Lachance, François >>Sent: Wednesday, December 10, 2008 12:15 PM >>To: nessus@list.nessus.org >>Subject: RE: Update Nessus Plugins Script >> >>I have been following this thread, and I'm not sure I >>understand why using an extra script to download patches is >>necessary. Can anyone enlighten me on what you are trying to >>accomplish? >> >>Thanks, >> >>François >> >>-----Original Message----- >>From: [EMAIL PROTECTED] >>[mailto:[EMAIL PROTECTED] On Behalf Of Mercer, >>Jeff C - Raleigh, NC >>Sent: December-10-08 10:15 AM >>To: christopher ashby; nessus@list.nessus.org >>Subject: RE: Update Nessus Plugins Script >> >>I got them to work the other week, though I did get that same >>W32.Sasser >>error that you did when I tried to update today. I re-ran the >>update and >>it worked correctly. >> >>I'm assuming you've installed all the necessary perl modules. You might >>want to do a "cpan upgrade" just to make sure you have the latest >>version of the modules. I also found it's better to just run the whole >>thing as root rather than try and use sudo. >> >>I had to modify a couple of lines as well. Here's my diff between the >>original and modified forms of update-nessus-plugins: >> >> >>< = original >>> = updated >> >>161c33 >>< $ENV{PATH} = >>'/bin:/usr/bin:/usr/local/bin:/usr/local/sbin:/opt/nessus/bin:/ >>opt/nessu >>s/sbin'; # nb: also passed to nessus-update-plugins >>--- >>> $ENV{PATH} = >>'/bin:/usr/bin:/usr/local/bin:/usr/local/sbin:/opt/nessus/bin'; # nb: >>also passed to nessus-update-plugins >>290c162 >>< my $cmd = 'nessus-update-plugins'; >>--- >>> my $cmd = '/opt/nessus/sbin/nessus-update-plugins'; >>352c224,225 >>< my $cmd = 'describe-nessus-plugin ' . >>--- >>> my $cmd = 'describe-nessus-plugin ' . >>> '-f ' . join(',', @info_funcs) . ' ' . >>382c255 >>< open(NEW, $plugin) or croak "Can't read >>'$plugin' - $!\n"; >>--- >>> open(NEW, "$plugins_dir/$plugin") or croak "Can't read >>'$plugin' - $!\n"; >> >> >> >>I'm running RHEL as well, so I think this should work for you as well. >> >>-------- >>Jeff Mercer - CISO - Security Vulnerability Assessments >> >> >>>-----Original Message----- >>>From: [EMAIL PROTECTED] >>>[mailto:[EMAIL PROTECTED] On Behalf Of christopher ashby >>>Sent: Saturday, December 06, 2008 11:10 AM >>>To: nessus@list.nessus.org >>>Subject: Update Nessus Plugins Script >>> >>>List- >>> >>>Has anyone successfully implemented these scripts with Nessus? I >>>currently have Nessus 3.2.1 on a RH Server and use the command line to >>>execute my scans. Here is what happens when I attempt to use these >>>scripts: >>> >>>The 1st script (update-nessus-plugins.pl) executes properly and >>>updates the plugins, creates the MD5, and archives everything >>>according to plan. When this scripts executes the >>>describe-nessus-plugin.pl script, it gives me an error saying that the >>>""plugin isn't available?? >>> >>>I have execute this in debug mode, and receive the same generic error. >>> If i execute the perl script (describe-nessus-plugin.pl) on it's own, >>>it properly gives me the output? I have modified the >>>update-nessus-plugin.pl script adding/updating the paths (line161 & >>>183) and then modifying lines 352-355 which call the >>>describe-nessus-plugins.pl script. This modification was made because >>>if i execute the script (describe-nessus-plugins.pl) without any >>>switches it's outcome is exactly what i need. >>> >>>Here is the command i execute in an attempt to get the >>outcome desired: >>> >>>sudo perl -T /opt/nessus/auto/update-nessus-plugins.pl -b -p -s >> >>>/home/cashby/plugins-report.txt >>> >>>i have also attempted this with the same outcome: >>> >>>sudo perl -T /opt/nessus/auto/update-nessus-plugins.pl -bps >> >>>/home/cashby/plugins-report.txt >>> >>>I have attached the scripts for anyone to view, if anyone has any >>>suggestions that would be appreciated! >>> >>>thanks- >>>Christopher Ashby >>> >>_______________________________________________ >>Nessus mailing list >>Nessus@list.nessus.org >>http://mail.nessus.org/mailman/listinfo/nessus >>_______________________________________________ >>Nessus mailing list >>Nessus@list.nessus.org >>http://mail.nessus.org/mailman/listinfo/nessus >> > _______________________________________________ > Nessus mailing list > Nessus@list.nessus.org > http://mail.nessus.org/mailman/listinfo/nessus > _______________________________________________ Nessus mailing list Nessus@list.nessus.org http://mail.nessus.org/mailman/listinfo/nessus
