George-
I have re-downloaded the scripts from your site. Here is what i have
completed, and changed and the results of which:
executed as sudo chmod +x <script names>
then the following changes were made to update-nessus-plugins
line 161 added additional paths below is the exact line:
$ENV{PATH} =
'/bin:/usr/bin:/usr/local/bin:/usr/local/sbin:/opt/nessus/bin:/opt/nessus/sbin';
# nb: also passed to nessus-update-plugins
(i tried adding the "/opt/nessus/auto" to this but after which
received the following error, i'm not so concerned with this error):
Insecure directory in $ENV{PATH} while running with -T switch at
./update-nessus-plugins line 291.
Line 183 changed the nessus plugin path, below is the exact line:
my $plugins_dir = '/opt/nessus/lib/nessus/plugins'; # where plugins are stored.
no other changes have been made to this script, or the
describe-nessus-plugin script.
I have the plugins located in /opt/nessus/auto and have been using the
following command after changing into that directory to execute:
./update-nessus-plugins -bps > plugin-report.txt
the scripts execute and the plugins are updated, however (i've been
watching the RSS for new or updated plugins) and when i re-run the
script (knowing that new or updated plugins are available) the scripts
throws a generic error indicating that W32.Sassor nasl isn't
available, i rerun the same command and everything works like expected
and the output is recorded to the txt file as indicated.
Is there a different file that can be modified or purged to stop the
W32.Sassor errors, or the other funky .nasl plugins that don't exist?
I'm sure everything is correct in my syntax and what not. I'm also
running perl 5.8.8 and all modules have been double checked and are
installed.
Let me know your thoughts on this...
Thanks
christopher ashby
On Wed, Dec 10, 2008 at 3:48 PM, George A. Theall
<[email protected]> wrote:
> On Dec 10, 2008, at 2:34 PM, christopher ashby wrote:
>
>> Noticing some new plugin published, I attempted to execute this script
>> again as root:
>>
>> r...@ubuntu804jeos:/home/cashby# perl -T
>> /opt/nessus/auto/update-nessus-plugins -bps >
>> /home/cashby/plugin-report.txt
>>
>> this is the error received:
>> Can't run 'describe-nessus-plugin -f
>
> If I've been following along correctly, you put describe-nessus-plugin
> in /opt/nessus/auto but didn't add that to the PATH environment
> variable in update-nessus-plugins.
>
>> r...@ubuntu804jeos:/home/cashby# perl -T
>> /opt/nessus/auto/describe-nessus-plugin -f
>> bugtraq_id,category,cve_id,family,id,name,risk,summary,version,xref -l
>> english /opt/nessus/lib/nessus/plugins/powerdns_malformed_query.nasl
>>
>> I received the following error:
>>
>> /opt/nessus/lib/nessus/plugins/powerdns_malformed_query.nasl
>> Insecure dependency in sprintf while running with -T switch at
>> /opt/nessus/auto/describe-nessus-plugin line 510.
>>
>> Is it possible to remove the -T switch from the first line of this
>> code, and still have it properly execute?
>
> That wouldn't be a good idea. Taint mode helps ensure that malicious
> input doesn't get used when invoking a subshell or to modify files and
> the like.
>
> Which version of Perl are you using (eg, "perl -V")? And what
> modifications if any have you made to describe-nessus-plugins?
>
> George
> --
> [email protected]
>
>
>
> _______________________________________________
> Nessus mailing list
> [email protected]
> http://mail.nessus.org/mailman/listinfo/nessus
>
_______________________________________________
Nessus mailing list
[email protected]
http://mail.nessus.org/mailman/listinfo/nessus
