[Openvas-commits] r1298 - in trunk/openvas-plugins: . scripts

scm-commit@wald.intevation.org scm-commit at wald.intevation.org
Tue Sep 9 09:45:46 CEST 2008


Author: mwiegand
Date: 2008-09-09 09:45:45 +0200 (Tue, 09 Sep 2008)
New Revision: 1298

Added:
   trunk/openvas-plugins/scripts/gather-package-list-sigkeyid.nasl
Modified:
   trunk/openvas-plugins/ChangeLog
Log:
* scripts/gather-package-list-sigkeyid.nasl: Added. Modification of
gather-package-list.nasl to included the ID of the signature key when
gathering package information for RPM-based distributions. Needed by
openvasd/oval_plugins.c.


Modified: trunk/openvas-plugins/ChangeLog
===================================================================
--- trunk/openvas-plugins/ChangeLog	2008-09-09 07:38:50 UTC (rev 1297)
+++ trunk/openvas-plugins/ChangeLog	2008-09-09 07:45:45 UTC (rev 1298)
@@ -1,4 +1,12 @@
-2008-09-08 Chandrashekhar B <bchandra at secpod.com>
+2008-09-09  Michael Wiegand <michael.wiegand at intevation.de>
+
+	* scripts/gather-package-list-sigkeyid.nasl: Added. Modification of
+	gather-package-list.nasl to included the ID of the signature key when
+	gathering package information for RPM-based distributions. Needed by
+	openvasd/oval_plugins.c.
+
+2008-09-08  Chandrashekhar B <bchandra at secpod.com>
+
 	* scripts/secpod_ssh_sys_info.nasl:
 	  Changed the dependency to ssh_authorization.nasl
 

Added: trunk/openvas-plugins/scripts/gather-package-list-sigkeyid.nasl
===================================================================
--- trunk/openvas-plugins/scripts/gather-package-list-sigkeyid.nasl	2008-09-09 07:38:50 UTC (rev 1297)
+++ trunk/openvas-plugins/scripts/gather-package-list-sigkeyid.nasl	2008-09-09 07:45:45 UTC (rev 1298)
@@ -0,0 +1,746 @@
+# OpenVAS Vulnerability Test
+# $Id$
+# Description: Gather installed packages/rpms/etc for local security checks
+#
+# Authors:
+# Thomas Reinke <reinke at securityspace.com>
+#
+# Copyright:
+# Copyright (c) 2008 E-Soft Inc. http://www.securityspace.com
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License Version 2
+# 
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+# 
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA  02110-1301  USA
+#
+
+if(description)
+{
+ script_id(50283);
+ script_version("$");
+ 
+ name["english"] = "Determine OS and list of installed packages (with keyid) via SSH login";
+ script_name(english:name["english"]);
+ 
+ desc["english"] = "
+This script will, if given a userid/password or
+key to the remote system, login to that system,
+determine the OS it is running, and for supported
+systems, extract the list of installed packages/rpms.
+
+Risk factor : None";
+
+ script_description(english:desc["english"]);
+ 
+ summary["english"] = "Determine OS and list of installed packages (with keyid) via SSH login";
+ script_summary(english:summary["english"]);
+ 
+ script_category(ACT_GATHER_INFO);
+ 
+ script_copyright(english:"Copyright (c) 2008 E-Soft Inc. http://www.securityspace.com");
+ family["english"] = "Misc.";
+ script_family(english:family["english"]);
+ script_dependencie("find_service.nes", "ssh_settings.nasl");
+ exit(0);
+}
+
+#
+# The script code starts here
+#
+cmdline = 0;
+include("ss_ssh_func.inc");
+
+port = get_kb_item("Services/ssh");
+if(!port) {
+    port = 22;
+}
+sock = ssh_login_or_reuse_connection();
+if(!sock) {
+    exit(0);
+}
+
+# First command: Grab uname -a of the remote system
+uname = ssh_cmd(socket:sock, cmd:"uname -a");
+set_kb_item(name: "ssh/login/uname", value:uname);
+
+# Ok...let's first check if this is a RedHat/Fedora Core/Mandrake release
+rls = ssh_cmd(socket:sock, cmd:"cat /etc/redhat-release");
+if("Red Hat Linux release 7.3" >< rls) {
+    set_kb_item(name: "ssh/login/release", value: "RH7.3");
+    buf = ssh_cmd(socket:sock, cmd:"/bin/rpm -qa --qf '%{NAME}~%{VERSION}~%{RELEASE}~%{SIGGPG:pgpsig};'");
+    set_kb_item(name: "ssh/login/rpms", value: ";" + buf);
+    security_note(port:port, data:string("We are able to login and detect that you are running ", rls));
+    exit(0);
+}
+if("Red Hat Linux release 8.0 (Psyche)" >< rls) {
+    set_kb_item(name: "ssh/login/release", value: "RH8.0");
+    buf = ssh_cmd(socket:sock, cmd:"/bin/rpm -qa --qf '%{NAME}~%{VERSION}~%{RELEASE}~%{SIGGPG:pgpsig};'");
+    set_kb_item(name: "ssh/login/rpms", value: ";" + buf);
+    security_note(port:port, data:string("We are able to login and detect that you are running ", rls));
+    exit(0);
+}
+if("Red Hat Linux release 9 (Shrike)" >< rls) {
+    set_kb_item(name: "ssh/login/release", value: "RH9");
+    buf = ssh_cmd(socket:sock, cmd:"/bin/rpm -qa --qf '%{NAME}~%{VERSION}~%{RELEASE}~%{SIGGPG:pgpsig};'");
+    set_kb_item(name: "ssh/login/rpms", value: ";" + buf);
+    security_note(port:port, data:string("We are able to login and detect that you are running ", rls));
+    exit(0);
+}
+if("Fedora Core release 1 (Yarrow)" >< rls) {
+    set_kb_item(name: "ssh/login/release", value: "FC1");
+    buf = ssh_cmd(socket:sock, cmd:"/bin/rpm -qa --qf '%{NAME}~%{VERSION}~%{RELEASE}~%{SIGGPG:pgpsig};'");
+    set_kb_item(name: "ssh/login/rpms", value: ";" + buf);
+    security_note(port:port, data:string("We are able to login and detect that you are running ", rls));
+    exit(0);
+}
+if("Fedora Core release 2 (Tettnang)" >< rls) {
+    set_kb_item(name: "ssh/login/release", value: "FC2");
+    buf = ssh_cmd(socket:sock, cmd:"/bin/rpm -qa --qf '%{NAME}~%{VERSION}~%{RELEASE}~%{SIGGPG:pgpsig};'");
+    set_kb_item(name: "ssh/login/rpms", value: ";" + buf);
+    security_note(port:port, data:string("We are able to login and detect that you are running ", rls));
+    exit(0);
+}
+if("Fedora Core release 3 (Heidelberg)" >< rls) {
+    set_kb_item(name: "ssh/login/release", value: "FC3");
+    buf = ssh_cmd(socket:sock, cmd:"/bin/rpm -qa --qf '%{NAME}~%{VERSION}~%{RELEASE}~%{SIGGPG:pgpsig};'");
+    set_kb_item(name: "ssh/login/rpms", value: ";" + buf);
+    security_note(port:port, data:string("We are able to login and detect that you are running ", rls));
+    exit(0);
+}
+if("Fedora Core release 4 (Stentz)" >< rls) {
+    set_kb_item(name: "ssh/login/release", value: "FC4");
+    buf = ssh_cmd(socket:sock, cmd:"/bin/rpm -qa --qf '%{NAME}~%{VERSION}~%{RELEASE}~%{SIGGPG:pgpsig};'");
+    set_kb_item(name: "ssh/login/rpms", value: ";" + buf);
+    security_note(port:port, data:string("We are able to login and detect that you are running ", rls));
+    exit(0);
+}
+if("Fedora Core release 5 (Bordeaux)" >< rls) {
+    set_kb_item(name: "ssh/login/release", value: "FC5");
+    buf = ssh_cmd(socket:sock, cmd:"/bin/rpm -qa --qf '%{NAME}~%{VERSION}~%{RELEASE}~%{SIGGPG:pgpsig};'");
+    set_kb_item(name: "ssh/login/rpms", value: ";" + buf);
+    security_note(port:port, data:string("We are able to login and detect that you are running ", rls));
+    exit(0);
+}
+if("Fedora Core release 6 (Zod)" >< rls) {
+    set_kb_item(name: "ssh/login/release", value: "FC6");
+    buf = ssh_cmd(socket:sock, cmd:"/bin/rpm -qa --qf '%{NAME}~%{VERSION}~%{RELEASE}~%{SIGGPG:pgpsig};'");
+    set_kb_item(name: "ssh/login/rpms", value: ";" + buf);
+    security_note(port:port, data:string("We are able to login and detect that you are running ", rls));
+    exit(0);
+}
+if("Fedora release 7 (Moonshine)" >< rls) {
+    set_kb_item(name: "ssh/login/release", value: "FC7");
+    buf = ssh_cmd(socket:sock, cmd:"/bin/rpm -qa --qf '%{NAME}~%{VERSION}~%{RELEASE}~%{SIGGPG:pgpsig};'");
+    set_kb_item(name: "ssh/login/rpms", value: ";" + buf);
+    security_note(port:port, data:string("We are able to login and detect that you are running ", rls));
+    exit(0);
+}
+if("Fedora release 8 (Werewolf)" >< rls) {
+    set_kb_item(name: "ssh/login/release", value: "FC8");
+    buf = ssh_cmd(socket:sock, cmd:"/bin/rpm -qa --qf '%{NAME}~%{VERSION}~%{RELEASE}~%{SIGGPG:pgpsig};'");
+    set_kb_item(name: "ssh/login/rpms", value: ";" + buf);
+    security_note(port:port, data:string("We are able to login and detect that you are running ", rls));
+    exit(0);
+}
+if("Fedora release 9 (Sulphur)" >< rls) {
+    set_kb_item(name: "ssh/login/release", value: "FC9");
+    buf = ssh_cmd(socket:sock, cmd:"/bin/rpm -qa --qf '%{NAME}~%{VERSION}~%{RELEASE}~%{SIGGPG:pgpsig};'");
+    set_kb_item(name: "ssh/login/rpms", value: ";" + buf);
+    security_note(port:port, data:string("We are able to login and detect that you are running ", rls));
+    exit(0);
+}
+
+# Red Hat Enterprise Linux ES release 2.1 (Panama)
+# Red Hat Enterprise Linux AS release 3 (Taroon Update 1)
+# Red Hat Enterprise Linux AS release 3 (Taroon Update 2)
+# Red Hat Enterprise Linux AS release 3 (Taroon Update 3)
+# Red Hat Enterprise Linux Desktop release 3.90
+
+if(egrep(pattern:"Red Hat Enterprise.*release 2\.1", string:rls)) {
+    set_kb_item(name: "ssh/login/release", value: "RHENT_2.1");
+    buf = ssh_cmd(socket:sock, cmd:"/bin/rpm -qa --qf '%{NAME}~%{VERSION}~%{RELEASE}~%{SIGGPG:pgpsig};'");
+    set_kb_item(name: "ssh/login/rpms", value: ";" + buf);
+    security_note(port:port, data:string("We are able to login and detect that you are running ", rls));
+    exit(0);
+}
+if(egrep(pattern:"Red Hat Enterprise.*release 3 ", string:rls)) {
+    set_kb_item(name: "ssh/login/release", value: "RHENT_3");
+    buf = ssh_cmd(socket:sock, cmd:"/bin/rpm -qa --qf '%{NAME}~%{VERSION}~%{RELEASE}~%{SIGGPG:pgpsig};'");
+    set_kb_item(name: "ssh/login/rpms", value: ";" + buf);
+    security_note(port:port, data:string("We are able to login and detect that you are running ", rls));
+    exit(0);
+}
+if(egrep(pattern:"Red Hat Enterprise.*release 4 ", string:rls)) {
+    set_kb_item(name: "ssh/login/release", value: "RHENT_4");
+    buf = ssh_cmd(socket:sock, cmd:"/bin/rpm -qa --qf '%{NAME}~%{VERSION}~%{RELEASE}~%{SIGGPG:pgpsig};'");
+    set_kb_item(name: "ssh/login/rpms", value: ";" + buf);
+    security_note(port:port, data:string("We are able to login and detect that you are running ", rls));
+    exit(0);
+}
+if(egrep(pattern:"Red Hat Enterprise.*release 5 ", string:rls)) {
+    set_kb_item(name: "ssh/login/release", value: "RHENT_5");
+    buf = ssh_cmd(socket:sock, cmd:"/bin/rpm -qa --qf '%{NAME}~%{VERSION}~%{RELEASE}~%{SIGGPG:pgpsig};'");
+    set_kb_item(name: "ssh/login/rpms", value: ";" + buf);
+    security_note(port:port, data:string("We are able to login and detect that you are running ", rls));
+    exit(0);
+}
+
+if("Mandriva Linux release 2008.1" >< rls) {
+    set_kb_item(name: "ssh/login/release", value: "MNDK_2008.1");
+    buf = ssh_cmd(socket:sock, cmd:"/bin/rpm -qa --qf '%{NAME}~%{VERSION}~%{RELEASE}~%{SIGGPG:pgpsig};'");
+    set_kb_item(name: "ssh/login/rpms", value: ";" + buf);
+    security_note(port:port, data:string("We are able to login and detect that you are running ", rls));
+    exit(0);
+}
+if("Mandriva Linux release 2008.0" >< rls) {
+    set_kb_item(name: "ssh/login/release", value: "MNDK_2008.0");
+    buf = ssh_cmd(socket:sock, cmd:"/bin/rpm -qa --qf '%{NAME}~%{VERSION}~%{RELEASE}~%{SIGGPG:pgpsig};'");
+    set_kb_item(name: "ssh/login/rpms", value: ";" + buf);
+    security_note(port:port, data:string("We are able to login and detect that you are running ", rls));
+    exit(0);
+}
+if("Mandriva Linux release 2007.1" >< rls) {
+    set_kb_item(name: "ssh/login/release", value: "MNDK_2007.1");
+    buf = ssh_cmd(socket:sock, cmd:"/bin/rpm -qa --qf '%{NAME}~%{VERSION}~%{RELEASE}~%{SIGGPG:pgpsig};'");
+    set_kb_item(name: "ssh/login/rpms", value: ";" + buf);
+    security_note(port:port, data:string("We are able to login and detect that you are running ", rls));
+    exit(0);
+}
+if("Mandriva Linux release 2007.0" >< rls) {
+    set_kb_item(name: "ssh/login/release", value: "MNDK_2007.0");
+    buf = ssh_cmd(socket:sock, cmd:"/bin/rpm -qa --qf '%{NAME}~%{VERSION}~%{RELEASE}~%{SIGGPG:pgpsig};'");
+    set_kb_item(name: "ssh/login/rpms", value: ";" + buf);
+    security_note(port:port, data:string("We are able to login and detect that you are running ", rls));
+    exit(0);
+}
+if("Mandriva Linux release 2006.0" >< rls) {
+    set_kb_item(name: "ssh/login/release", value: "MNDK_2006.0");
+    buf = ssh_cmd(socket:sock, cmd:"/bin/rpm -qa --qf '%{NAME}~%{VERSION}~%{RELEASE}~%{SIGGPG:pgpsig};'");
+    set_kb_item(name: "ssh/login/rpms", value: ";" + buf);
+    security_note(port:port, data:string("We are able to login and detect that you are running ", rls));
+    exit(0);
+}
+if("Mandrakelinux release 10.2" >< rls) {
+    set_kb_item(name: "ssh/login/release", value: "MNDK_10.2");
+    buf = ssh_cmd(socket:sock, cmd:"/bin/rpm -qa --qf '%{NAME}~%{VERSION}~%{RELEASE}~%{SIGGPG:pgpsig};'");
+    set_kb_item(name: "ssh/login/rpms", value: ";" + buf);
+    security_note(port:port, data:string("We are able to login and detect that you are running ", rls));
+    exit(0);
+}
+if("Mandrakelinux release 10.1" >< rls) {
+    set_kb_item(name: "ssh/login/release", value: "MNDK_10.1");
+    buf = ssh_cmd(socket:sock, cmd:"/bin/rpm -qa --qf '%{NAME}~%{VERSION}~%{RELEASE}~%{SIGGPG:pgpsig};'");
+    set_kb_item(name: "ssh/login/rpms", value: ";" + buf);
+    security_note(port:port, data:string("We are able to login and detect that you are running ", rls));
+    exit(0);
+}
+if("Mandrake Linux release 10.0" >< rls) {
+    set_kb_item(name: "ssh/login/release", value: "MNDK_10.0");
+    buf = ssh_cmd(socket:sock, cmd:"/bin/rpm -qa --qf '%{NAME}~%{VERSION}~%{RELEASE}~%{SIGGPG:pgpsig};'");
+    set_kb_item(name: "ssh/login/rpms", value: ";" + buf);
+    security_note(port:port, data:string("We are able to login and detect that you are running ", rls));
+    exit(0);
+}
+if("Mandrake Linux release 9.2" >< rls) {
+    set_kb_item(name: "ssh/login/release", value: "MNDK_9.2");
+    buf = ssh_cmd(socket:sock, cmd:"/bin/rpm -qa --qf '%{NAME}~%{VERSION}~%{RELEASE}~%{SIGGPG:pgpsig};'");
+    set_kb_item(name: "ssh/login/rpms", value: ";" + buf);
+    security_note(port:port, data:string("We are able to login and detect that you are running ", rls));
+    exit(0);
+}
+if("Mandrake Linux release 9.1" >< rls) {
+    set_kb_item(name: "ssh/login/release", value: "MNDK_9.1");
+    buf = ssh_cmd(socket:sock, cmd:"/bin/rpm -qa --qf '%{NAME}~%{VERSION}~%{RELEASE}~%{SIGGPG:pgpsig};'");
+    set_kb_item(name: "ssh/login/rpms", value: ";" + buf);
+    security_note(port:port, data:string("We are able to login and detect that you are running ", rls));
+    exit(0);
+}
+if("Mandrake Linux release 8.1" >< rls) {
+    set_kb_item(name: "ssh/login/release", value: "MNDK_8.1");
+    buf = ssh_cmd(socket:sock, cmd:"/bin/rpm -qa --qf '%{NAME}~%{VERSION}~%{RELEASE}~%{SIGGPG:pgpsig};'");
+    set_kb_item(name: "ssh/login/rpms", value: ";" + buf);
+    security_note(port:port, data:string("We are able to login and detect that you are running ", rls));
+    exit(0);
+}
+if("Mandrake Linux release 8.0" >< rls) {
+    set_kb_item(name: "ssh/login/release", value: "MNDK_8.0");
+    buf = ssh_cmd(socket:sock, cmd:"/bin/rpm -qa --qf '%{NAME}~%{VERSION}~%{RELEASE}~%{SIGGPG:pgpsig};'");
+    set_kb_item(name: "ssh/login/rpms", value: ";" + buf);
+    security_note(port:port, data:string("We are able to login and detect that you are running ", rls));
+    exit(0);
+}
+if("Mandrake Linux release 7.2" >< rls) {
+    set_kb_item(name: "ssh/login/release", value: "MNDK_7.2");
+    buf = ssh_cmd(socket:sock, cmd:"/bin/rpm -qa --qf '%{NAME}~%{VERSION}~%{RELEASE}~%{SIGGPG:pgpsig};'");
+    set_kb_item(name: "ssh/login/rpms", value: ";" + buf);
+    security_note(port:port, data:string("We are able to login and detect that you are running ", rls));
+    exit(0);
+}
+
+# Ok...also using /etc/redhat-release is CentOS...let's try them now
+# We'll stay with major release # checking unless we find out we need to do
+# otherwise.
+#CentOS release 4.0 (Final)
+#CentOS release 4.1 (Final)
+#CentOS release 3.4 (final)
+if("CentOS release 4" >< rls) {
+    set_kb_item(name: "ssh/login/release", value: "CENTOS4");
+    buf = ssh_cmd(socket:sock, cmd:"/bin/rpm -qa --qf '%{NAME}~%{VERSION}~%{RELEASE}~%{SIGGPG:pgpsig};'");
+    set_kb_item(name: "ssh/login/rpms", value: ";" + buf);
+    security_note(port:port, data:string("We are able to login and detect that you are running CentOS release 4"));
+    exit(0);
+}
+if("CentOS release 3" >< rls) {
+    set_kb_item(name: "ssh/login/release", value: "CENTOS3");
+    buf = ssh_cmd(socket:sock, cmd:"/bin/rpm -qa --qf '%{NAME}~%{VERSION}~%{RELEASE}~%{SIGGPG:pgpsig};'");
+    set_kb_item(name: "ssh/login/rpms", value: ";" + buf);
+    security_note(port:port, data:string("We are able to login and detect that you are running CentOS release 3"));
+    exit(0);
+}
+
+# Hmmm...is it Ubuntu?
+rls = ssh_cmd(socket:sock, cmd:"cat /etc/lsb-release");
+if("DISTRIB_ID=Ubuntu"><rls && "DISTRIB_RELEASE=4.10"><rls) {
+    set_kb_item(name: "ssh/login/release", value: "UBUNTU4.1");
+    buf = ssh_cmd(socket:sock, cmd:"COLUMNS=200 dpkg -l");
+    set_kb_item(name: "ssh/login/packages", value:buf);
+    security_note(port:port, data:string("We are able to login and detect that you are running Ubuntu 4.10"));
+    exit(0);
+}
+if("DISTRIB_ID=Ubuntu"><rls && "DISTRIB_RELEASE=5.04"><rls) {
+    set_kb_item(name: "ssh/login/release", value: "UBUNTU5.04");
+    buf = ssh_cmd(socket:sock, cmd:"COLUMNS=200 dpkg -l");
+    set_kb_item(name: "ssh/login/packages", value:buf);
+    security_note(port:port, data:string("We are able to login and detect that you are running Ubuntu 5.04"));
+    exit(0);
+}
+if("DISTRIB_ID=Ubuntu"><rls && "DISTRIB_RELEASE=5.10"><rls) {
+    set_kb_item(name: "ssh/login/release", value: "UBUNTU5.10");
+    buf = ssh_cmd(socket:sock, cmd:"COLUMNS=200 dpkg -l");
+    set_kb_item(name: "ssh/login/packages", value:buf);
+    security_note(port:port, data:string("We are able to login and detect that you are running Ubuntu 5.10"));
+    exit(0);
+}
+if("DISTRIB_ID=Ubuntu"><rls && "DISTRIB_RELEASE=6.06"><rls) {
+    set_kb_item(name: "ssh/login/release", value: "UBUNTU6.06 LTS");
+    buf = ssh_cmd(socket:sock, cmd:"COLUMNS=200 dpkg -l");
+    set_kb_item(name: "ssh/login/packages", value:buf);
+    security_note(port:port, data:string("We are able to login and detect that you are running Ubuntu 6.06"));
+    exit(0);
+}
+if("DISTRIB_ID=Ubuntu"><rls && "DISTRIB_RELEASE=6.10"><rls) {
+    set_kb_item(name: "ssh/login/release", value: "UBUNTU6.10");
+    buf = ssh_cmd(socket:sock, cmd:"COLUMNS=200 dpkg -l");
+    set_kb_item(name: "ssh/login/packages", value:buf);
+    security_note(port:port, data:string("We are able to login and detect that you are running Ubuntu 6.10"));
+    exit(0);
+}
+if("DISTRIB_ID=Ubuntu"><rls && "DISTRIB_RELEASE=7.04"><rls) {
+    set_kb_item(name: "ssh/login/release", value: "UBUNTU7.04");
+    buf = ssh_cmd(socket:sock, cmd:"COLUMNS=200 dpkg -l");
+    set_kb_item(name: "ssh/login/packages", value:buf);
+    security_note(port:port, data:string("We are able to login and detect that you are running Ubuntu 7.04"));
+    exit(0);
+}
+if("DISTRIB_ID=Ubuntu"><rls && "DISTRIB_RELEASE=7.10"><rls) {
+    set_kb_item(name: "ssh/login/release", value: "UBUNTU7.10");
+    buf = ssh_cmd(socket:sock, cmd:"COLUMNS=200 dpkg -l");
+    set_kb_item(name: "ssh/login/packages", value:buf);
+    security_note(port:port, data:string("We are able to login and detect that you are running Ubuntu 7.10"));
+    exit(0);
+}
+
+# How about Conectiva Linux?
+rls = ssh_cmd(socket:sock, cmd:"cat /etc/conectiva-release");
+if("Conectiva Linux 9" >< rls) {
+    set_kb_item(name: "ssh/login/release", value: "CL9");
+    buf = ssh_cmd(socket:sock, cmd:"/bin/rpm -qa --qf '%{NAME}~%{VERSION}~%{RELEASE}~%{SIGGPG:pgpsig};'");
+    set_kb_item(name: "ssh/login/rpms", value:buf);
+    security_note(port:port, data:string("We are able to login and detect that you are running Conectiva Linux 9"));
+    exit(0);
+}
+if("Conectiva Linux 10" >< rls) {
+    set_kb_item(name: "ssh/login/release", value: "CL10");
+    buf = ssh_cmd(socket:sock, cmd:"/bin/rpm -qa --qf '%{NAME}~%{VERSION}~%{RELEASE}~%{SIGGPG:pgpsig};'");
+    set_kb_item(name: "ssh/login/rpms", value:buf);
+    security_note(port:port, data:string("We are able to login and detect that you are running Conectiva Linux 10"));
+    exit(0);
+}
+
+# How about Turbolinux?
+# Turbolinux signatures:
+# release 6.0 WorkStation (Shiga)       -- Unsupported
+# TurboLinux release 6.1 Server (Naha)	-- Unsupported
+# Turbolinux Server 6.5 (Jupiter)       -- Unsupported
+# Turbolinux Server 7.0 (Esprit)
+# Turbolinux Workstation 7.0 (Monza)
+# Turbolinux Server 8.0 (Viper)
+# Turbolinux Workstation 8.0 (SilverStone)
+# Turbolinux Server 10.0 (Celica)
+# Turbolinux Desktop 10.0 (Suzuka)
+# -- Need:
+#- Turbolinux Appliance Server 1.0 Hosting Edition
+#- Turbolinux Appliance Server 1.0 Workgroup Edition
+#- Turbolinux Home
+#- Turbolinux 10 F...
+
+rls = ssh_cmd(socket:sock, cmd:"cat /etc/turbolinux-release");
+if("Turbolinux Server 7.0" >< rls) {
+    set_kb_item(name: "ssh/login/release", value: "TLS7");
+    buf = ssh_cmd(socket:sock, cmd:"/bin/rpm -qa --qf '%{NAME}~%{VERSION}~%{RELEASE}~%{SIGGPG:pgpsig};'");
+    set_kb_item(name: "ssh/login/rpms", value:buf);
+    security_note(port:port, data:string("We are able to login and detect that you are running ", rls));
+    exit(0);
+}
+if("Turbolinux Workstation 7.0" >< rls) {
+    set_kb_item(name: "ssh/login/release", value: "TLWS7");
+    buf = ssh_cmd(socket:sock, cmd:"/bin/rpm -qa --qf '%{NAME}~%{VERSION}~%{RELEASE}~%{SIGGPG:pgpsig};'");
+    set_kb_item(name: "ssh/login/rpms", value:buf);
+    security_note(port:port, data:string("We are able to login and detect that you are running ", rls));
+    exit(0);
+}
+if("Turbolinux Server 8.0" >< rls) {
+    set_kb_item(name: "ssh/login/release", value: "TLS8");
+    buf = ssh_cmd(socket:sock, cmd:"/bin/rpm -qa --qf '%{NAME}~%{VERSION}~%{RELEASE}~%{SIGGPG:pgpsig};'");
+    set_kb_item(name: "ssh/login/rpms", value:buf);
+    security_note(port:port, data:string("We are able to login and detect that you are running ", rls));
+    exit(0);
+}
+if("Turbolinux Workstation 8.0" >< rls) {
+    set_kb_item(name: "ssh/login/release", value: "TLWS8");
+    buf = ssh_cmd(socket:sock, cmd:"/bin/rpm -qa --qf '%{NAME}~%{VERSION}~%{RELEASE}~%{SIGGPG:pgpsig};'");
+    set_kb_item(name: "ssh/login/rpms", value:buf);
+    security_note(port:port, data:string("We are able to login and detect that you are running ", rls));
+    exit(0);
+}
+if("Turbolinux Desktop 10.0" >< rls) {
+    set_kb_item(name: "ssh/login/release", value: "TLDT10");
+    buf = ssh_cmd(socket:sock, cmd:"/bin/rpm -qa --qf '%{NAME}~%{VERSION}~%{RELEASE}~%{SIGGPG:pgpsig};'");
+    set_kb_item(name: "ssh/login/rpms", value:buf);
+    security_note(port:port, data:string("We are able to login and detect that you are running ", rls));
+    exit(0);
+}
+if("Turbolinux Server 10.0" >< rls) {
+    set_kb_item(name: "ssh/login/release", value: "TLS10");
+    buf = ssh_cmd(socket:sock, cmd:"/bin/rpm -qa --qf '%{NAME}~%{VERSION}~%{RELEASE}~%{SIGGPG:pgpsig};'");
+    set_kb_item(name: "ssh/login/rpms", value:buf);
+    security_note(port:port, data:string("We are able to login and detect that you are running ", rls));
+    exit(0);
+}
+if("Turbolinux">< rls) {
+    security_note(port:port, data:string("We have detected you are running a version of Turbolinux currently not supported by SecuritySpace.  Please report the following banner to SecuritySpace: ", rls));
+    exit(0);
+}
+
+#How about FreeBSD?  If the uname line begins with "FreeBSD ", we have a match
+if(substr(uname, 0, 7)=="FreeBSD ") {
+    version=eregmatch(pattern:"^[^ ]+ [^ ]+ ([^ ]+)+",string:uname);
+    splitup = eregmatch(pattern:"([^-]+)-([^-]+)-p([0-9]+)", string:version[1]);
+    found = 0;
+    if(!isnull(splitup)) {
+	release = splitup[1];
+	patchlevel = splitup[3];
+	found = 1;
+    } else {
+	splitup = eregmatch(pattern:"([^-]+)-RELEASE", string:version[1]);
+	if(!isnull(splitup)) {
+	    release = splitup[1];
+	    patchlevel = "0";
+	    found = 1;
+	} else {
+	    splitup=eregmatch(pattern:"([^-]+)-SECURITY",string:version[1]);
+	    if(!isnull(splitup)) {
+		release = splitup[1];
+		security_note(port:port, data:string("We have detected you are running FreeBSD ", splitup[0], ". It also appears that you are using freebsd-update, a binary update tool for keeping your distribution up to date.  We will not be able to check your core distribution for vulnerabilities, but we will check your installed ports packages."));
+		found = 2;
+	    } else {
+		security_note(port:port, data:string("You appear to be running FreeBSD, but we do not recognize the output format of uname: ", uname, ". Local security checks will NOT be run."));
+	    }
+	}
+    }
+    if(found==1) {
+	set_kb_item(name: "ssh/login/freebsdrel", value: release);
+	set_kb_item(name: "ssh/login/freebsdpatchlevel", value: patchlevel);
+	security_note(port:port, data:string("We are able to login and detect that you are running FreeBSD ", release, " Patch level: ", patchlevel));
+    }
+    if(found==2) {
+	set_kb_item(name: "ssh/login/freebsdrel", value: release);
+	security_note(port:port, data:string("We are able to login and detect that you are running FreeBSD ", release, " Patch level: Unknown"));
+    }
+    if(found!=0) {
+	buf = ssh_cmd(socket:sock, cmd:"pkg_info");
+	set_kb_item(name: "ssh/login/freebsdpkg", value:buf);
+    }
+}
+
+# Hmmm...is it Debian?
+rls = ssh_cmd(socket:sock, cmd:"cat /etc/debian_version");
+if("2.2"><rls) {
+    set_kb_item(name: "ssh/login/release", value: "DEB2.2");
+    buf = ssh_cmd(socket:sock, cmd:"COLUMNS=200 dpkg -l");
+    set_kb_item(name: "ssh/login/packages", value:buf);
+    security_note(port:port, data:string("We are able to login and detect that you are running Debian 2.2 (Potato)"));
+    exit(0);
+}
+if("3.0"><rls) {
+    set_kb_item(name: "ssh/login/release", value: "DEB3.0");
+    buf = ssh_cmd(socket:sock, cmd:"COLUMNS=200 dpkg -l");
+    set_kb_item(name: "ssh/login/packages", value:buf);
+    security_note(port:port, data:string("We are able to login and detect that you are running Debian 3.0 (Woody)"));
+    exit(0);
+}
+if("3.1"><rls) {
+    set_kb_item(name: "ssh/login/release", value: "DEB3.1");
+    buf = ssh_cmd(socket:sock, cmd:"COLUMNS=200 dpkg -l");
+    set_kb_item(name: "ssh/login/packages", value:buf);
+    security_note(port:port, data:string("We are able to login and detect that you are running Debian 3.1 (Sarge)"));
+    exit(0);
+}
+if("4.0"><rls) {
+    set_kb_item(name: "ssh/login/release", value: "DEB4.0");
+    buf = ssh_cmd(socket:sock, cmd:"COLUMNS=200 dpkg -l");
+    set_kb_item(name: "ssh/login/packages", value:buf);
+    security_note(port:port, data:string("We are able to login and detect that you are running Debian 4.0 (Etch)"));
+    exit(0);
+}
+
+# How about Slackware?
+rls = ssh_cmd(socket:sock, cmd:"cat /etc/slackware-version");
+if("Slackware 12.0"><rls) {
+    set_kb_item(name: "ssh/login/release", value: "SLK12.0");
+    buf = ssh_cmd(socket:sock, cmd:"ls /var/log/packages");
+    set_kb_item(name: "ssh/login/slackpack", value:buf);
+    security_note(port:port, data:string("We are able to login and detect that you are running Slackware 12.0"));
+    exit(0);
+}
+if("Slackware 11.0"><rls) {
+    set_kb_item(name: "ssh/login/release", value: "SLK11.0");
+    buf = ssh_cmd(socket:sock, cmd:"ls /var/log/packages");
+    set_kb_item(name: "ssh/login/slackpack", value:buf);
+    security_note(port:port, data:string("We are able to login and detect that you are running Slackware 11.0"));
+    exit(0);
+}
+if("Slackware 10.2"><rls) {
+    set_kb_item(name: "ssh/login/release", value: "SLK10.2");
+    buf = ssh_cmd(socket:sock, cmd:"ls /var/log/packages");
+    set_kb_item(name: "ssh/login/slackpack", value:buf);
+    security_note(port:port, data:string("We are able to login and detect that you are running Slackware 10.2"));
+    exit(0);
+}
+if("Slackware 10.1"><rls) {
+    set_kb_item(name: "ssh/login/release", value: "SLK10.1");
+    buf = ssh_cmd(socket:sock, cmd:"ls /var/log/packages");
+    set_kb_item(name: "ssh/login/slackpack", value:buf);
+    security_note(port:port, data:string("We are able to login and detect that you are running Slackware 10.1"));
+    exit(0);
+}
+if("Slackware 10.0"><rls) {
+    set_kb_item(name: "ssh/login/release", value: "SLK10.0");
+    buf = ssh_cmd(socket:sock, cmd:"ls /var/log/packages");
+    set_kb_item(name: "ssh/login/slackpack", value:buf);
+    security_note(port:port, data:string("We are able to login and detect that you are running Slackware 10.0"));
+    exit(0);
+}
+if("Slackware 9.1"><rls) {
+    set_kb_item(name: "ssh/login/release", value: "SLK9.1");
+    buf = ssh_cmd(socket:sock, cmd:"ls /var/log/packages");
+    set_kb_item(name: "ssh/login/slackpack", value:buf);
+    security_note(port:port, data:string("We are able to login and detect that you are running Slackware 9.1"));
+    exit(0);
+}
+if("Slackware 9.0"><rls) {
+    set_kb_item(name: "ssh/login/release", value: "SLK9.0");
+    buf = ssh_cmd(socket:sock, cmd:"ls /var/log/packages");
+    set_kb_item(name: "ssh/login/slackpack", value:buf);
+    security_note(port:port, data:string("We are able to login and detect that you are running Slackware 9.0"));
+    exit(0);
+}
+if("Slackware 8.1"><rls) {
+    set_kb_item(name: "ssh/login/release", value: "SLK8.1");
+    buf = ssh_cmd(socket:sock, cmd:"ls /var/log/packages");
+    set_kb_item(name: "ssh/login/slackpack", value:buf);
+    security_note(port:port, data:string("We are able to login and detect that you are running Slackware 8.1"));
+    exit(0);
+}
+# How about SuSe?
+# SuSE Linux 9.x (i586)
+# SUSE LINUX 10.1 
+
+rls = ssh_cmd(socket:sock, cmd:"cat /etc/SuSE-release");
+if("SUSE LINUX 10.3 "><rls) {
+    set_kb_item(name: "ssh/login/release", value: "SUSE10.3");
+    buf = ssh_cmd(socket:sock, cmd:"/bin/rpm -qa --qf '%{NAME}~%{VERSION}~%{RELEASE}~%{SIGGPG:pgpsig};'");
+    set_kb_item(name: "ssh/login/rpms", value: ";" + buf);
+    security_note(port:port, data:string("We are able to login and detect that you are running SuSE Linux 10.3"));
+    exit(0);
+}
+if("SUSE LINUX 10.2 "><rls) {
+    set_kb_item(name: "ssh/login/release", value: "SUSE10.2");
+    buf = ssh_cmd(socket:sock, cmd:"/bin/rpm -qa --qf '%{NAME}~%{VERSION}~%{RELEASE}~%{SIGGPG:pgpsig};'");
+    set_kb_item(name: "ssh/login/rpms", value: ";" + buf);
+    security_note(port:port, data:string("We are able to login and detect that you are running SuSE Linux 10.2"));
+    exit(0);
+}
+if("SUSE LINUX 10.1 "><rls) {
+    set_kb_item(name: "ssh/login/release", value: "SUSE10.1");
+    buf = ssh_cmd(socket:sock, cmd:"/bin/rpm -qa --qf '%{NAME}~%{VERSION}~%{RELEASE}~%{SIGGPG:pgpsig};'");
+    set_kb_item(name: "ssh/login/rpms", value: ";" + buf);
+    security_note(port:port, data:string("We are able to login and detect that you are running SuSE Linux 10.1"));
+    exit(0);
+}
+if("SuSE Linux 9.3 "><rls) {
+    set_kb_item(name: "ssh/login/release", value: "SUSE9.3");
+    buf = ssh_cmd(socket:sock, cmd:"/bin/rpm -qa --qf '%{NAME}~%{VERSION}~%{RELEASE}~%{SIGGPG:pgpsig};'");
+    set_kb_item(name: "ssh/login/rpms", value: ";" + buf);
+    security_note(port:port, data:string("We are able to login and detect that you are running SuSE Linux 9.3"));
+    exit(0);
+}
+if("SuSE Linux 9.2 "><rls) {
+    set_kb_item(name: "ssh/login/release", value: "SUSE9.2");
+    buf = ssh_cmd(socket:sock, cmd:"/bin/rpm -qa --qf '%{NAME}~%{VERSION}~%{RELEASE}~%{SIGGPG:pgpsig};'");
+    set_kb_item(name: "ssh/login/rpms", value: ";" + buf);
+    security_note(port:port, data:string("We are able to login and detect that you are running SuSE Linux 9.2"));
+    exit(0);
+}
+if("SuSE Linux 9.1 "><rls) {
+    set_kb_item(name: "ssh/login/release", value: "SUSE9.1");
+    buf = ssh_cmd(socket:sock, cmd:"/bin/rpm -qa --qf '%{NAME}~%{VERSION}~%{RELEASE}~%{SIGGPG:pgpsig};'");
+    set_kb_item(name: "ssh/login/rpms", value: ";" + buf);
+    security_note(port:port, data:string("We are able to login and detect that you are running SuSE Linux 9.1"));
+    exit(0);
+}
+if("SuSE Linux 9.0 "><rls) {
+    set_kb_item(name: "ssh/login/release", value: "SUSE9.0");
+    buf = ssh_cmd(socket:sock, cmd:"/bin/rpm -qa --qf '%{NAME}~%{VERSION}~%{RELEASE}~%{SIGGPG:pgpsig};'");
+    set_kb_item(name: "ssh/login/rpms", value: ";" + buf);
+    security_note(port:port, data:string("We are able to login and detect that you are running SuSE Linux 9.0"));
+    exit(0);
+}
+if("SuSE Linux 8.2 "><rls) {
+    set_kb_item(name: "ssh/login/release", value: "SUSE8.2");
+    buf = ssh_cmd(socket:sock, cmd:"/bin/rpm -qa --qf '%{NAME}~%{VERSION}~%{RELEASE}~%{SIGGPG:pgpsig};'");
+    set_kb_item(name: "ssh/login/rpms", value: ";" + buf);
+    security_note(port:port, data:string("We are able to login and detect that you are running SuSE Linux 8.2"));
+    exit(0);
+}
+if("SuSE Linux 8.1 "><rls) {
+    set_kb_item(name: "ssh/login/release", value: "SUSE8.1");
+    buf = ssh_cmd(socket:sock, cmd:"/bin/rpm -qa --qf '%{NAME}~%{VERSION}~%{RELEASE}~%{SIGGPG:pgpsig};'");
+    set_kb_item(name: "ssh/login/rpms", value: ";" + buf);
+    security_note(port:port, data:string("We are able to login and detect that you are running SuSE Linux 8.1"));
+    exit(0);
+}
+if("SuSE Linux 8.0 "><rls) {
+    set_kb_item(name: "ssh/login/release", value: "SUSE8.0");
+    buf = ssh_cmd(socket:sock, cmd:"/bin/rpm -qa --qf '%{NAME}~%{VERSION}~%{RELEASE}~%{SIGGPG:pgpsig};'");
+    set_kb_item(name: "ssh/login/rpms", value: ";" + buf);
+    security_note(port:port, data:string("We are able to login and detect that you are running SuSE Linux 8.0"));
+    exit(0);
+}
+if("SuSE Linux 7.3 "><rls) {
+    set_kb_item(name: "ssh/login/release", value: "SUSE7.3");
+    buf = ssh_cmd(socket:sock, cmd:"/bin/rpm -qa --qf '%{NAME}~%{VERSION}~%{RELEASE}~%{SIGGPG:pgpsig};'");
+    set_kb_item(name: "ssh/login/rpms", value: ";" + buf);
+    security_note(port:port, data:string("We are able to login and detect that you are running SuSE Linux 7.3"));
+    exit(0);
+}
+
+# How about Trustix?
+rls = ssh_cmd(socket:sock, cmd:"cat /etc/release");
+rls2 = ssh_cmd(socket:sock, cmd:"cat /etc/trustix-release");
+if("Trustix Secure Linux release 3.0.5"><rls ||
+       "Trustix Secure Linux release 3.0.5"><rls2) {
+    set_kb_item(name: "ssh/login/release", value: "TSL3.0.5");
+    buf = ssh_cmd(socket:sock, cmd:"/bin/rpm -qa --qf '%{NAME}~%{VERSION}~%{RELEASE}~%{SIGGPG:pgpsig};'");
+    set_kb_item(name: "ssh/login/rpms", value: ";" + buf);
+    security_note(port:port, data:string("We are able to login and detect that you are running Trustix 3.0.5"));
+    exit(0);
+}
+if("Trustix Secure Linux release 3.0"><rls ||
+       "Trustix Secure Linux release 3.0"><rls2) {
+    set_kb_item(name: "ssh/login/release", value: "TSL3.0");
+    buf = ssh_cmd(socket:sock, cmd:"/bin/rpm -qa --qf '%{NAME}~%{VERSION}~%{RELEASE}~%{SIGGPG:pgpsig};'");
+    set_kb_item(name: "ssh/login/rpms", value: ";" + buf);
+    security_note(port:port, data:string("We are able to login and detect that you are running Trustix 3.0"));
+    exit(0);
+}
+if("Trustix Secure Linux release 2.2"><rls ||
+       "Trustix Secure Linux release 2.2"><rls2) {
+    set_kb_item(name: "ssh/login/release", value: "TSL2.2");
+    buf = ssh_cmd(socket:sock, cmd:"/bin/rpm -qa --qf '%{NAME}~%{VERSION}~%{RELEASE}~%{SIGGPG:pgpsig};'");
+    set_kb_item(name: "ssh/login/rpms", value: ";" + buf);
+    security_note(port:port, data:string("We are able to login and detect that you are running Trustix 2.2"));
+    exit(0);
+}
+if("Trustix Secure Linux release 2.1"><rls ||
+       "Trustix Secure Linux release 2.1"><rls2) {
+    set_kb_item(name: "ssh/login/release", value: "TSL2.1");
+    buf = ssh_cmd(socket:sock, cmd:"/bin/rpm -qa --qf '%{NAME}~%{VERSION}~%{RELEASE}~%{SIGGPG:pgpsig};'");
+    set_kb_item(name: "ssh/login/rpms", value: ";" + buf);
+    security_note(port:port, data:string("We are able to login and detect that you are running Trustix 2.1"));
+    exit(0);
+}
+if("Trustix Secure Linux release 2.0"><rls ||
+       "Trustix Secure Linux release 2.0"><rls2) {
+    set_kb_item(name: "ssh/login/release", value: "TSL2.0");
+    buf = ssh_cmd(socket:sock, cmd:"/bin/rpm -qa --qf '%{NAME}~%{VERSION}~%{RELEASE}~%{SIGGPG:pgpsig};'");
+    set_kb_item(name: "ssh/login/rpms", value: ";" + buf);
+    security_note(port:port, data:string("We are able to login and detect that you are running Trustix 2.0"));
+    exit(0);
+}
+if("Trustix Secure Linux release 1.5"><rls ||
+       "Trustix Secure Linux release 1.5"><rls2) {
+    set_kb_item(name: "ssh/login/release", value: "TSL1.5");
+    buf = ssh_cmd(socket:sock, cmd:"/bin/rpm -qa --qf '%{NAME}~%{VERSION}~%{RELEASE}~%{SIGGPG:pgpsig};'");
+    set_kb_item(name: "ssh/login/rpms", value: ";" + buf);
+    security_note(port:port, data:string("We are able to login and detect that you are running Trustix 1.5"));
+    exit(0);
+}
+if("Trustix Secure Linux release 1.2"><rls ||
+       "Trustix Secure Linux release 1.2"><rls2) {
+    set_kb_item(name: "ssh/login/release", value: "TSL1.2");
+    buf = ssh_cmd(socket:sock, cmd:"/bin/rpm -qa --qf '%{NAME}~%{VERSION}~%{RELEASE}~%{SIGGPG:pgpsig};'");
+    set_kb_item(name: "ssh/login/rpms", value: ";" + buf);
+    security_note(port:port, data:string("We are able to login and detect that you are running Trustix 1.2"));
+    exit(0);
+}
+if("Trustix Secure Linux release 1.1"><rls ||
+       "Trustix Secure Linux release 1.1"><rls2) {
+    set_kb_item(name: "ssh/login/release", value: "TSL1.1");
+    buf = ssh_cmd(socket:sock, cmd:"/bin/rpm -qa --qf '%{NAME}~%{VERSION}~%{RELEASE}~%{SIGGPG:pgpsig};'");
+    set_kb_item(name: "ssh/login/rpms", value: ";" + buf);
+    security_note(port:port, data:string("We are able to login and detect that you are running Trustix 1.1"));
+    exit(0);
+}
+# Missing Trustix e-2
+
+# How about Gentoo? Note, just check that its ANY gentoo release, since the
+# build # doesn't matter for purposes of checking package version numbers.
+rls = ssh_cmd(socket:sock, cmd:"cat /etc/gentoo-release");
+if("Gentoo"><rls) {
+    set_kb_item(name: "ssh/login/release", value: "GENTOO");
+    set_kb_item(name: "ssh/login/gentoo", value: "GENTOO");
+    buf = ssh_cmd(socket:sock, cmd:'find /var/db/pkg -mindepth 2 -maxdepth 2 -printf "%P\\n"');
+    set_kb_item(name: "ssh/login/pkg", value: buf);
+    security_note(port:port, data:string("We are able to login and detect that you are running Gentoo"));
+    exit(0);
+}
+
+#{ "NetBSD",     "????????????????",         },
+#{ "OpenBSD",    "????????????????",         },
+#{ "WhiteBox",   "????????????????",         },
+#{ "Linspire",   "????????????????",         },
+#{ "Desktop BSD","????????????????",         },
+#{ "PC-BSD",     "????????????????",         },
+#{ "FreeSBIE",   "????????????????",         },
+#{ "JDS",        "/etc/sun-release",         },
+#{ "Yellow Dog", "/etc/yellowdog-release",   },
+
+exit(0);



More information about the Openvas-commits mailing list