Author: jan
Date: 2007-11-01 23:55:52 +0100 (Thu, 01 Nov 2007)
New Revision: 507
Added:
trunk/openvas-plugins/scripts/ssh_authorization.nasl
Modified:
trunk/openvas-plugins/ChangeLog
trunk/openvas-plugins/scripts/debian_package.inc
trunk/openvas-plugins/scripts/global_settings.nasl
trunk/openvas-plugins/scripts/ssh_func.inc
trunk/openvas-plugins/scripts/ssh_get_info.nasl
Log:
* scripts/ssh_authorization.nasl: New. Set information for
ssh key-based authorization in KB.
* scripts/global_settings.nasl: Synchronized with
nessus-plugins 2.2.10.
* scripts/ssh_func.inc: Removed old signature, it is
broken anyway.
* scripts/debian_package.inc: Synchronized with
nessus-plugins 2.2.10. Replaced Host/Debian/release
by ssh/login/release and Host/Debian/dpkg-l
by ssh/login/packages.
Added dirty bug fix for identification of Debian
release version.
* scripts/ssh_get_info.nasl: Synchronized with
and update contributed by Thomas Reinke.
Apart from this: Modified to use ssh_authorization.nasl
instead of ssh_settings.nasl. Also, added setting Host/Debian/dpkg-l
for convenience. Finally, added a security note if no system
was identified.
Modified: trunk/openvas-plugins/ChangeLog
===================================================================
--- trunk/openvas-plugins/ChangeLog 2007-11-01 13:30:22 UTC (rev 506)
+++ trunk/openvas-plugins/ChangeLog 2007-11-01 22:55:52 UTC (rev 507)
@@ -1,5 +1,30 @@
2007-11-01 Jan-Oliver Wagner <[EMAIL PROTECTED]>
+ * scripts/ssh_authorization.nasl: New. Set information for
+ ssh key-based authorization in KB.
+
+ * scripts/global_settings.nasl: Synchronized with
+ nessus-plugins 2.2.10.
+
+ * scripts/ssh_func.inc: Removed old signature, it is
+ broken anyway.
+
+ * scripts/debian_package.inc: Synchronized with
+ nessus-plugins 2.2.10. Replaced Host/Debian/release
+ by ssh/login/release and Host/Debian/dpkg-l
+ by ssh/login/packages.
+ Added dirty bug fix for identification of Debian
+ release version.
+
+ * scripts/ssh_get_info.nasl: Synchronized with
+ and update contributed by Thomas Reinke.
+ Apart from this: Modified to use ssh_authorization.nasl
+ instead of ssh_settings.nasl. Also, added setting Host/Debian/dpkg-l
+ for convenience. Finally, added a security note if no system
+ was identified.
+
+2007-11-01 Jan-Oliver Wagner <[EMAIL PROTECTED]>
+
* MANIFEST: Updated.
2007-11-01 Javier Fernandez-Sanguino <[EMAIL PROTECTED]>
Modified: trunk/openvas-plugins/scripts/debian_package.inc
===================================================================
--- trunk/openvas-plugins/scripts/debian_package.inc 2007-11-01 13:30:22 UTC
(rev 506)
+++ trunk/openvas-plugins/scripts/debian_package.inc 2007-11-01 22:55:52 UTC
(rev 507)
@@ -31,7 +31,7 @@
v1 = eregmatch(string: ver1, pattern: "^([0-9]+:)?(.+)(-([a-z0-9+.]+))?$",
icase: 1);
v2 = eregmatch(string: ver2, pattern: "^([0-9]+:)?(.+)(-([a-z0-9+.]+))?$",
icase: 1);
- if (isnull(v1) || isnull(v2)) return;
+ if (isnull(v1) || isnull(v2)) return NULL;
e1 = int(v1[1]); uv1 = v1[2]; dr1 = v1[4];
e2 = int(v2[1]); uv2 = v2[2]; dr2 = v2[4];
@@ -48,13 +48,13 @@
local_var debver, dpkg_l, pkgver;
local_var installed, ver, v;
- debver = chomp(get_kb_item("Host/Debian/release"));
+ debver = chomp(get_kb_item("ssh/login/release"));
if ( ! debver ) return 0; # Not debian
# Try something smarter but slower below
## if (debver && release != debver) return 0;
- dpkg_l = get_kb_item("Host/Debian/dpkg-l");
+ dpkg_l = get_kb_item("ssh/login/packages");
installed = egrep(string: dpkg_l, pattern: '^ii +' + prefix + ' +');
if (! installed) return 0;
ver = ereg_replace( string: installed, replace: "\1",
@@ -68,12 +68,17 @@
# Look at "DSA 865-1" for example. So we fall back to /etc/debian-release
# and hope that such mix did not occur
- if (ereg(string: ver, pattern: '[0-9]$')) pkgver = '3.1';
+ if (ereg(string: ver, pattern: '[0-9]$')) pkgver = debver; # or '4.0'?
+ else if (ereg(string: ver, pattern: 'etch[0-9]$')) pkgver = '4.0';
+ else if (ereg(string: ver, pattern: 'sarge[0-9]$')) pkgver = '3.1';
else if (ereg(string: ver, pattern: 'woody[0-9]$')) pkgver = '3.0';
else if (ereg(string: ver, pattern: 'potato[0-9]$')) pkgver = '2.2';
else if (ereg(string: ver, pattern: 'hamm[0-9]$')) pkgver = '2.0';
else pkgver = debver;
+ # This is a dirty work around that fixes at least for 3.1
+ release = strcat('DEB', release);
+
if (pkgver && release != pkgver) return 0;
if (deb_ver_cmp(ver1: ver, ver2: reference) < 0)
@@ -83,4 +88,3 @@
}
return 0;
}
-
Modified: trunk/openvas-plugins/scripts/global_settings.nasl
===================================================================
--- trunk/openvas-plugins/scripts/global_settings.nasl 2007-11-01 13:30:22 UTC
(rev 506)
+++ trunk/openvas-plugins/scripts/global_settings.nasl 2007-11-01 22:55:52 UTC
(rev 507)
@@ -41,6 +41,7 @@
script_add_preference(name:"Report paranoia", type:"radio",
value:"Normal;Avoid false alarms;Paranoid (more false alarms)");
script_add_preference(name:"Log verbosity", type:"radio",
value:"Normal;Quiet;Verbose;Debug");
script_add_preference(name:"Debug level", type:"entry", value:"0");
+ script_add_preference(name:"HTTP User-Agent", type:"entry",
value:"Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0)");
exit(0);
}
@@ -79,3 +80,6 @@
if (! opt) opt = "Mixed (RFC 1918)";
set_kb_item(name:"global_settings/network_type", value:opt);
+opt = script_get_preference("HTTP User-Agent");
+if (! opt) opt = "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0)";
+set_kb_item(name:"global_settings/http_user_agent", value:opt);
Added: trunk/openvas-plugins/scripts/ssh_authorization.nasl
===================================================================
--- trunk/openvas-plugins/scripts/ssh_authorization.nasl 2007-11-01
13:30:22 UTC (rev 506)
+++ trunk/openvas-plugins/scripts/ssh_authorization.nasl 2007-11-01
22:55:52 UTC (rev 507)
@@ -0,0 +1,72 @@
+# OpenVAS
+# $Id$
+# Description: Set information for ssh key-based authorization in KB.
+#
+# Authors:
+# Jan-Oliver Wagner <[EMAIL PROTECTED]>
+#
+# Copyright:
+# Copyright (C) 2007 Intevation GmbH
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2,
+# or, at your option, any later version as published by the
+# Free Software Foundation
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+
+if (!defined_func("bn_random")) exit(0);
+
+if(description)
+{
+ script_id(90022);
+ script_version ("1.0");
+ name["english"] = "SSH Authorization";
+
+ script_name(english:name["english"]);
+
+ desc["english"] = "
+This script allows users to enter the information
+required to authorize and login via a ssh key.
+
+These data are stored in the knowledge base
+and used by other tests.
+
+Risk factor: None";
+
+ script_description(english:desc["english"]);
+
+ summary["english"] = "Sets SSH key-based authorization";
+ script_summary(english:summary["english"]);
+
+ script_category(ACT_INIT);
+
+ script_copyright(english:"Copyright 2007 Intevation GmbH, License: GNU
GPLv2+");
+ family["english"] = "Settings";
+ script_family(english:family["english"]);
+
+ script_add_preference(name:"SSH login name:", type:"entry", value:"sshovas");
+ script_add_preference(name:"SSH public key:", type:"file", value:"");
+ script_add_preference(name:"SSH private key:", type:"file", value:"");
+ script_add_preference(name:"SSH key passphrase:", type:"password", value:"");
+
+ exit(0);
+}
+
+ssh_login_name = script_get_preference("SSH login name:");
+ssh_public_key = script_get_preference_file_content("SSH public key:");
+ssh_private_key = script_get_preference_file_content("SSH private key:");
+ssh_key_passphrase = script_get_preference("SSH key passphrase:");
+
+set_kb_item(name: "Secret/SSH/login", value: ssh_login_name);
+set_kb_item(name: "Secret/SSH/password", value: "");
+set_kb_item(name: "Secret/SSH/publickey", value: ssh_public_key);
+set_kb_item(name: "Secret/SSH/privatekey", value: ssh_private_key);
+set_kb_item(name: "Secret/SSH/passphrase", value: ssh_key_passphrase);
Modified: trunk/openvas-plugins/scripts/ssh_func.inc
===================================================================
--- trunk/openvas-plugins/scripts/ssh_func.inc 2007-11-01 13:30:22 UTC (rev
506)
+++ trunk/openvas-plugins/scripts/ssh_func.inc 2007-11-01 22:55:52 UTC (rev
507)
@@ -1,4 +1,3 @@
-#TRUSTED
6cee90649201329e430b740af5cc531194d602633e3b961883212401682e69ef428989355d25c8cbb0fda119fe56dfc1c8d5e78b10018d0214b0d26c357b4e2d04f445472449469b927795751f984352034aeb8bc0dce1065eca54be942beed0298d844a0fcd02dd5a18269cf7277eb00b7ff31de821b271da501740ef979696c374c6efbb6e04eafedfee63ff81fd856ee1196a35fe53c7203b23b54e774178a8e8888446988180a37371a79aa46c349570c4ac13383ffe5d41a6eda62615e3c1b319cfa53d116e364e853266791bea4efbd01d3f88db70874ab55cb75dedd9ec96c69853b8cbaf734b13c5a937b5c332244112057140660ee764746ae9862c0d2e73f125cce8c8f5622aa84cc2806f35512ab89ca86f274ab3fdc039bfc66ff18d713c02f45d53e5b9ab754f2c768af986e660ef50b06f36841e17114bee49252af5d76894457df1c025fda05aadba06dd83f20694c93b5b9b19416f74fba21d00ee394d34684f392922814048b30d6143d4809c94359012989e989ae124072126fa05d70c44d5c78ff7efb93ae5f78da71b1281ee5bedce076f6968aaf278a968910e461ef73db5b1998ebd26afd85463924d994513290a8eafce4d9109fb2d690e9620df486e491bf80f48ff60d81d50cd261512a108384d413fc3dbbf3278b6f10eb99937973d4ed191472adb6834f011845ea8fb3bed08faa0d3842dc7
#------------------------------------------------------------------------------
#
# (C) Nicolas Pouvesle
Modified: trunk/openvas-plugins/scripts/ssh_get_info.nasl
===================================================================
--- trunk/openvas-plugins/scripts/ssh_get_info.nasl 2007-11-01 13:30:22 UTC
(rev 506)
+++ trunk/openvas-plugins/scripts/ssh_get_info.nasl 2007-11-01 22:55:52 UTC
(rev 507)
@@ -41,7 +41,7 @@
script_copyright(english:"Copyright (c) 2005 E-Soft Inc.
http://www.securityspace.com";);
family["english"] = "Misc.";
script_family(english:family["english"]);
- script_dependencie("find_service.nes", "ssh_settings.nasl");
+ script_dependencie("find_service.nes", "ssh_authorization.nasl");
exit(0);
}
@@ -115,6 +115,20 @@
security_note(port:port, data:string("We are able to login and detect that
you are running ", rls));
exit(0);
}
+if("Fedora Core release 5 (Bordeaux)" >< rls) {
+ set_kb_item(name: "ssh/login/release", value: "FC5");
+ buf = ssh_cmd(socket:sock, cmd:"/bin/rpm -qa --qf
'%{NAME}~%{VERSION}~%{RELEASE};'");
+ set_kb_item(name: "ssh/login/rpms", value: ";" + buf);
+ security_note(port:port, data:string("We are able to login and detect that
you are running ", rls));
+ exit(0);
+}
+if("Fedora Core release 6 (Zod)" >< rls) {
+ set_kb_item(name: "ssh/login/release", value: "FC6");
+ buf = ssh_cmd(socket:sock, cmd:"/bin/rpm -qa --qf
'%{NAME}~%{VERSION}~%{RELEASE};'");
+ set_kb_item(name: "ssh/login/rpms", value: ";" + buf);
+ security_note(port:port, data:string("We are able to login and detect that
you are running ", rls));
+ exit(0);
+}
# Red Hat Enterprise Linux ES release 2.1 (Panama)
# Red Hat Enterprise Linux AS release 3 (Taroon Update 1)
@@ -144,6 +158,20 @@
exit(0);
}
+if("Mandriva Linux release 2007.1" >< rls) {
+ set_kb_item(name: "ssh/login/release", value: "MNDK_2007.1");
+ buf = ssh_cmd(socket:sock, cmd:"/bin/rpm -qa --qf
'%{NAME}~%{VERSION}~%{RELEASE};'");
+ set_kb_item(name: "ssh/login/rpms", value: ";" + buf);
+ security_note(port:port, data:string("We are able to login and detect that
you are running ", rls));
+ exit(0);
+}
+if("Mandriva Linux release 2007.0" >< rls) {
+ set_kb_item(name: "ssh/login/release", value: "MNDK_2007.0");
+ buf = ssh_cmd(socket:sock, cmd:"/bin/rpm -qa --qf
'%{NAME}~%{VERSION}~%{RELEASE};'");
+ set_kb_item(name: "ssh/login/rpms", value: ";" + buf);
+ security_note(port:port, data:string("We are able to login and detect that
you are running ", rls));
+ exit(0);
+}
if("Mandriva Linux release 2006.0" >< rls) {
set_kb_item(name: "ssh/login/release", value: "MNDK_2006.0");
buf = ssh_cmd(socket:sock, cmd:"/bin/rpm -qa --qf
'%{NAME}~%{VERSION}~%{RELEASE};'");
@@ -252,6 +280,20 @@
security_note(port:port, data:string("We are able to login and detect that
you are running Ubuntu 5.10"));
exit(0);
}
+if("DISTRIB_ID=Ubuntu"><rls && "DISTRIB_RELEASE=6.10"><rls) {
+ set_kb_item(name: "ssh/login/release", value: "UBUNTU6.10");
+ buf = ssh_cmd(socket:sock, cmd:"COLUMNS=200 dpkg -l");
+ set_kb_item(name: "ssh/login/packages", value:buf);
+ security_note(port:port, data:string("We are able to login and detect that
you are running Ubuntu 6.10"));
+ exit(0);
+}
+if("DISTRIB_ID=Ubuntu"><rls && "DISTRIB_RELEASE=7.10"><rls) {
+ set_kb_item(name: "ssh/login/release", value: "UBUNTU7.10");
+ buf = ssh_cmd(socket:sock, cmd:"COLUMNS=200 dpkg -l");
+ set_kb_item(name: "ssh/login/packages", value:buf);
+ security_note(port:port, data:string("We are able to login and detect that
you are running Ubuntu 7.10"));
+ exit(0);
+}
# How about Conectiva Linux?
rls = ssh_cmd(socket:sock, cmd:"cat /etc/conectiva-release");
@@ -335,7 +377,7 @@
exit(0);
}
-#How about FreeBSD? If the uname line begins with "FreeBSD ", we got a match
+#How about FreeBSD? If the uname line begins with "FreeBSD ", we have a match
if(substr(uname, 0, 7)=="FreeBSD ") {
version=eregmatch(pattern:"^[^ ]+ [^ ]+ ([^ ]+)+",string:uname);
splitup = eregmatch(pattern:"([^-]+)-([^-]+)-p([0-9]+)",
string:version[1]);
@@ -382,6 +424,10 @@
set_kb_item(name: "ssh/login/release", value: "DEB2.2");
buf = ssh_cmd(socket:sock, cmd:"COLUMNS=200 dpkg -l");
set_kb_item(name: "ssh/login/packages", value:buf);
+ # the following is only for convenience to suffice
+ # old local security checks that expet the list under
+ # this kb item.
+ set_kb_item(name: "Host/Debian/dpkg-l", value:buf);
security_note(port:port, data:string("We are able to login and detect that
you are running Debian 2.2 (Potato)"));
exit(0);
}
@@ -389,6 +435,10 @@
set_kb_item(name: "ssh/login/release", value: "DEB3.0");
buf = ssh_cmd(socket:sock, cmd:"COLUMNS=200 dpkg -l");
set_kb_item(name: "ssh/login/packages", value:buf);
+ # the following is only for convenience to suffice
+ # old local security checks that expet the list under
+ # this kb item.
+ set_kb_item(name: "Host/Debian/dpkg-l", value:buf);
security_note(port:port, data:string("We are able to login and detect that
you are running Debian 3.0 (Woody)"));
exit(0);
}
@@ -396,12 +446,41 @@
set_kb_item(name: "ssh/login/release", value: "DEB3.1");
buf = ssh_cmd(socket:sock, cmd:"COLUMNS=200 dpkg -l");
set_kb_item(name: "ssh/login/packages", value:buf);
+ # the following is only for convenience to suffice
+ # old local security checks that expet the list under
+ # this kb item.
+ set_kb_item(name: "Host/Debian/dpkg-l", value:buf);
security_note(port:port, data:string("We are able to login and detect that
you are running Debian 3.1 (Sarge)"));
exit(0);
}
+if("4.0"><rls) {
+ set_kb_item(name: "ssh/login/release", value: "DEB4.0");
+ buf = ssh_cmd(socket:sock, cmd:"COLUMNS=200 dpkg -l");
+ set_kb_item(name: "ssh/login/packages", value:buf);
+ # the following is only for convenience to suffice
+ # old local security checks that expet the list under
+ # this kb item.
+ set_kb_item(name: "Host/Debian/dpkg-l", value:buf);
+ security_note(port:port, data:string("We are able to login and detect that
you are running Debian 4.0 (Etch)"));
+ exit(0);
+}
# How about Slackware?
rls = ssh_cmd(socket:sock, cmd:"cat /etc/slackware-version");
+if("Slackware 12.0"><rls) {
+ set_kb_item(name: "ssh/login/release", value: "SLK12.0");
+ buf = ssh_cmd(socket:sock, cmd:"ls /var/log/packages");
+ set_kb_item(name: "ssh/login/slackpack", value:buf);
+ security_note(port:port, data:string("We are able to login and detect that
you are running Slackware 12.0"));
+ exit(0);
+}
+if("Slackware 11.0"><rls) {
+ set_kb_item(name: "ssh/login/release", value: "SLK11.0");
+ buf = ssh_cmd(socket:sock, cmd:"ls /var/log/packages");
+ set_kb_item(name: "ssh/login/slackpack", value:buf);
+ security_note(port:port, data:string("We are able to login and detect that
you are running Slackware 11.0"));
+ exit(0);
+}
if("Slackware 10.2"><rls) {
set_kb_item(name: "ssh/login/release", value: "SLK10.2");
buf = ssh_cmd(socket:sock, cmd:"ls /var/log/packages");
@@ -446,7 +525,23 @@
}
# How about SuSe?
# SuSE Linux 9.x (i586)
+# SUSE LINUX 10.1
+
rls = ssh_cmd(socket:sock, cmd:"cat /etc/SuSE-release");
+if("SUSE LINUX 10.2 "><rls) {
+ set_kb_item(name: "ssh/login/release", value: "SUSE10.2");
+ buf = ssh_cmd(socket:sock, cmd:"/bin/rpm -qa --qf
'%{NAME}~%{VERSION}~%{RELEASE};'");
+ set_kb_item(name: "ssh/login/rpms", value: ";" + buf);
+ security_note(port:port, data:string("We are able to login and detect that
you are running SuSE Linux 10.2"));
+ exit(0);
+}
+if("SUSE LINUX 10.1 "><rls) {
+ set_kb_item(name: "ssh/login/release", value: "SUSE10.1");
+ buf = ssh_cmd(socket:sock, cmd:"/bin/rpm -qa --qf
'%{NAME}~%{VERSION}~%{RELEASE};'");
+ set_kb_item(name: "ssh/login/rpms", value: ";" + buf);
+ security_note(port:port, data:string("We are able to login and detect that
you are running SuSE Linux 10.1"));
+ exit(0);
+}
if("SuSE Linux 9.3 "><rls) {
set_kb_item(name: "ssh/login/release", value: "SUSE9.3");
buf = ssh_cmd(socket:sock, cmd:"/bin/rpm -qa --qf
'%{NAME}~%{VERSION}~%{RELEASE};'");
@@ -579,7 +674,6 @@
#{ "NetBSD", "????????????????", },
#{ "OpenBSD", "????????????????", },
-#{ "CentOS", "????????????????", },
#{ "WhiteBox", "????????????????", },
#{ "Linspire", "????????????????", },
#{ "Desktop BSD","????????????????", },
@@ -588,4 +682,6 @@
#{ "JDS", "/etc/sun-release", },
#{ "Yellow Dog", "/etc/yellowdog-release", },
+security_note(port: 0, data: strcat('System identifier unknown: "', uname,
'"\nTherefore no local security checks applied (missing list of installed
packages) though ssh login provided and works'));
+
exit(0);
_______________________________________________
Openvas-commits mailing list
[email protected]
http://lists.wald.intevation.org/mailman/listinfo/openvas-commits
