Jan-Oliver Wagner wrote:
> Hi Thomas,
>
> On Donnerstag, 19. November 2009, Thomas Reinke wrote:
>>> + if(defined_func("script_mandatory_keys"))
>>> + script_mandatory_keys("Tools/Present/nmap");
>>> +
>>> exit(0);
>>> }
>>
>> I had looked at this originally and decided against it.
>>
>> The way the toolcheck nasl runs, if the "Perform tool
>> check" preference is set to no, none of the Tools/*
>> keys will be set, having the effect of disabling
>> scripts relying on these tools. I'm not convinced
>> that this is correct behaviour.
>>
>> I believe (although I might be mistaken) that
>> toolcheck is an advisory report, by default enabled,
>> to let one know that there are additional tools
>> that one could install to improve scanner functionality.
>> I don't think it was intended as a setting to turn off
>> all supplementary tools.
>
> the original idea is that it is not only advisory.
> The concept of mandatory keys allows to
> prevent launch of scripts that can not at all
> return anything useful if the precondition is not met.
> Like a nmap scan of no nmap available.
>
> Why is this important? We want only a single check
> for the nmap binary and version. Not 4000 in case
> 4000 IPs are scanned. This is to be multiplied with the
> number of tools/versions and with the scripts using them.
Agreed.
>
> A positive side effect is also that the reports have
> the single statement that e.g. no nmap scripts
> are executed instead of 4000 entries that nmap
> was not found.
I agree this is a good thing.
>
>> In other words, if we want to rely on Tools/* keys,
>> we need to change the toolcheck nasl script to
>> check for tools, ALWAYS populate keys, and only report
>> based on the preference setting. Then, and only
>> then, is it ok to make various scripts dependent on the
>> tools/* keys.
>
> the mandatory keys feature can only consider presence,
> not values. If toolcheck.nasl would set values we are back
> to 4000 nmap trials.
>
>
> What exactly is the harm done by toolcheck and mandatory_keys?
Ok...scenario -- I run 20 reports a day. Each report says
"You are missing ovaldi and nikto". I get it. I'm missing
those two. So I turn off the "Perform tool check".
Those annoying messages go away. Great. But now, despite the
fact that I have nmap on my system, all nmap functionality
has gone away as well, despite it being available.
Solution #1:
Change the preference to "Disable use of 3rd party tools
such as nmap" or some such thing to avoid misunderstanding
what the setting is. Because that's what it is doing right now.
And that's the misunderstanding I had.
Solution #2:
As per your comment that it is not advisory, change toolcheck.nasl
to ALWAYS run, and provide users with a way of disabling the
reporting from toolcheck.nasl if they already are perfectly aware
of what tools they have installed on their scanner and don't want
to see those messages.
Personally, I like the second solution better. I don't see a
reason for the preference setting as it is currenty is - I don't
know of a good reason to NOT run toolcheck.nasl, but I can see
good reasons to suppress the reporting that toolcheck.nasl does.
Thomas
_______________________________________________
Openvas-devel mailing list
Openvas-devel@wald.intevation.org
http://lists.wald.intevation.org/mailman/listinfo/openvas-devel
