[Openvas-commits] r6055 - in trunk/openvas-plugins: . scripts
scm-commit@wald.intevation.org
scm-commit at wald.intevation.org
Thu Dec 3 15:52:05 CET 2009
Author: mwiegand
Date: 2009-12-03 15:52:01 +0100 (Thu, 03 Dec 2009)
New Revision: 6055
Added:
trunk/openvas-plugins/scripts/slad.inc
Removed:
trunk/openvas-plugins/scripts/slad_init.nasl
trunk/openvas-plugins/scripts/slad_ssh.inc
Modified:
trunk/openvas-plugins/ChangeLog
trunk/openvas-plugins/scripts/slad_fetch_results.nasl
trunk/openvas-plugins/scripts/slad_run.nasl
Log:
Improved SLAD support.
* scripts/slad_fetch_results.nasl, scripts/slad_run.nasl: Made header
more verbose. Now uses ssh_authorization.nasl for SSH credentials
management.
* scripts/slad_ssh.inc, scripts/slad_init.nasl: Removed obsolete
separate SSH credentials management.
* scripts/slad.inc: New. Provides functionality needed by slad_run.nasl
and slad_fetch_results.nasl.
Modified: trunk/openvas-plugins/ChangeLog
===================================================================
--- trunk/openvas-plugins/ChangeLog 2009-12-03 11:57:42 UTC (rev 6054)
+++ trunk/openvas-plugins/ChangeLog 2009-12-03 14:52:01 UTC (rev 6055)
@@ -1,3 +1,17 @@
+2009-12-03 Michael Wiegand <michael.wiegand at intevation.de>
+
+ Improved SLAD support.
+
+ * scripts/slad_fetch_results.nasl, scripts/slad_run.nasl: Made header
+ more verbose. Now uses ssh_authorization.nasl for SSH credentials
+ management.
+
+ * scripts/slad_ssh.inc, scripts/slad_init.nasl: Removed obsolete
+ separate SSH credentials management.
+
+ * scripts/slad.inc: New. Provides functionality needed by slad_run.nasl
+ and slad_fetch_results.nasl.
+
2009-12-03 Michael Meyer <michael.meyer at intevation.de>
* scripts/pligg_cms_detect.nasl,
Added: trunk/openvas-plugins/scripts/slad.inc
===================================================================
--- trunk/openvas-plugins/scripts/slad.inc 2009-12-03 11:57:42 UTC (rev 6054)
+++ trunk/openvas-plugins/scripts/slad.inc 2009-12-03 14:52:01 UTC (rev 6055)
@@ -0,0 +1,160 @@
+###############################################################################
+# OpenVAS Vulnerability Test Support File
+#
+# Support functions for SLAD queries
+#
+# Authors:
+# Dirk Jagdmann
+# Michael Wiegand
+#
+# Copyright:
+# Copyright (c) 2005 DN-Systems GmbH
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2
+# (or any later version), as published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+################################################################################
+
+function init_add_preferences () {
+ script_add_preference (name: "Execute Tripwire HIDS to check system's file integrity (Linux only)", type: "checkbox", value: "no");
+ script_add_preference (name: "Execute ClamAV to search for virus-infected files (Linux only)", type: "checkbox", value: "no");
+ script_add_preference (name: "ClamAV level", type: "radio", value: "Move infected files to quarantine;Remove infected files;Move infected files to quarantine exclude archives (.zip, .tgz, etc);Remove infected files exclude archives (.zip, .tgz, etc)");
+ script_add_preference (name: "Execute LSOF to retrieve a list of open files (Linux only)", type: "checkbox", value: "no");
+ script_add_preference (name: "Execute Tiger for various checks (Linux only)", type: "checkbox", value: "no");
+ script_add_preference (name: "tiger level", type: "radio", value: "Checks user and passwd on local system;Check Filesystem Permissions;Check Systems Configuration and applications;Check running System and Processes;Perform all Tiger checks on system");
+ script_add_preference (name: "Analyse Syslog-Files for security incidents (Linux only)", type: "checkbox", value: "no");
+ script_add_preference (name: "syslogwatch level", type: "radio", value: "Analyse SysLogs low detail;Analyse SysLogs medium detail;Analyse SysLogs high detail");
+ script_add_preference (name: "fetch hardware MB sensors (Linux only)", type: "checkbox", value: "no");
+ script_add_preference (name: "Execute John-the-Ripper to find weak user passwords", type: "checkbox", value: "no");
+ script_add_preference (name: "john level", type: "radio", value: "Fast-Crack;Dictionary Mode (slow);Full-Crack (very slow)");
+ script_add_preference (name: "Execute ovaldi for scanning OVAL described issues", type: "checkbox", value: "no");
+ script_add_preference (name: "ovaldi report format", type: "radio", value: "Text;HTML");
+ script_add_preference (name: "Analyse SNMP-Traps collected by snmptrapd (Linux only)", type: "checkbox", value: "no");
+ script_add_preference (name: "Fetch Snort-Events from the Snort MYSQL Database (Linux only)", type: "checkbox", value: "no");
+ script_add_preference (name: "Execute ssh vulnkey to detect unsecure SSH RSA and DSA keys from broken Debian OpenSSL pkt (Linux only)", type: "checkbox", value: "no");
+ script_add_preference (name: "Execute ChkRootKit to find installed rootkits (Linux only)", type: "checkbox", value: "no");
+}
+
+function run_slad (sock, slad_exe) {
+ # tripwire
+ run = script_get_preference ("Execute Tripwire HIDS to check system's file integrity (Linux only)");
+ slad_cmd = slad_exe + " -r tripwire:tripwire";
+ if (run == "yes") results += ssh_cmd (socket: sock, cmd: slad_cmd, timeout: 60);
+ # ClamAV
+ run = script_get_preference ("Execute ClamAV to search for virus-infected files (Linux only)");
+ level = script_get_preference ("ClamAV level");
+ if (level == "Move infected files to quarantine") slad_cmd = slad_exe + " -r ClamAV:ClamAVQua";
+ else if (level == "Remove infected files") slad_cmd = slad_exe + " -r ClamAV:ClamAVDel";
+ else if (level == "Move infected files to quarantine exclude archives (.zip, .tgz, etc)") slad_cmd = slad_exe + " -r ClamAV:ClamAVNoArch";
+ else if (level == "Remove infected files exclude archives (.zip, .tgz, etc)") slad_cmd = slad_exe + " -r ClamAV:ClamAVDelNoArch";
+ if (run == "yes") results += ssh_cmd (socket: sock, cmd: slad_cmd, timeout: 60);
+ # lsof
+ run = script_get_preference ("Execute LSOF to retrieve a list of open files (Linux only)");
+ slad_cmd = slad_exe + " -r lsof:lsof";
+ if (run == "yes") results += ssh_cmd (socket: sock, cmd: slad_cmd, timeout: 60);
+ # tiger
+ run = script_get_preference ("Execute Tiger for various checks (Linux only)");
+ level = script_get_preference ("tiger level");
+ if (level == "Checks user and passwd on local system") slad_cmd = slad_exe + " -r tiger:tigeruser";
+ else if (level == "Check Filesystem Permissions") slad_cmd = slad_exe + " -r tiger:tigerperm";
+ else if (level == "Check Systems Configuration and applications") slad_cmd = slad_exe + " -r tiger:tigerconfig";
+ else if (level == "Check running System and Processes") slad_cmd = slad_exe + " -r tiger:tigersystem";
+ else if (level == "Perform all Tiger checks on system") slad_cmd = slad_exe + " -r tiger:fulltiger";
+ if (run == "yes") results += ssh_cmd (socket: sock, cmd: slad_cmd, timeout: 60);
+ # syslogwatch
+ run = script_get_preference ("Analyse Syslog-Files for security incidents (Linux only)");
+ level = script_get_preference ("syslogwatch level");
+ if (level == "Analyse SysLogs low detail") slad_cmd = slad_exe + " -r syslogwatch:logwatchlow";
+ else if (level == "Analyse SysLogs medium detail") slad_cmd = slad_exe + " -r syslogwatch:logwatchmed";
+ else if (level == "Analyse SysLogs high detail") slad_cmd = slad_exe + " -r syslogwatch:logwatchhigh";
+ if (run == "yes") results += ssh_cmd (socket: sock, cmd: slad_cmd, timeout: 60);
+ # sensors
+ run = script_get_preference ("fetch hardware MB sensors (Linux only)");
+ slad_cmd = slad_exe + " -r sensors:sensors";
+ if (run == "yes") results += ssh_cmd (socket: sock, cmd: slad_cmd, timeout: 60);
+ # john
+ run = script_get_preference ("Execute John-the-Ripper to find weak user passwords");
+ level = script_get_preference ("john level");
+ if (level == "Fast-Crack") slad_cmd = slad_exe + " -r john:fastjohn";
+ else if (level == "Dictionary Mode (slow)") slad_cmd = slad_exe + " -r john:dictjohn";
+ else if (level == "Full-Crack (very slow)") slad_cmd = slad_exe + " -r john:fulljohn";
+ if (run == "yes") results += ssh_cmd (socket: sock, cmd: slad_cmd, timeout: 60);
+ # ovaldi
+ run = script_get_preference ("Execute ovaldi for scanning OVAL described issues");
+ report_format = script_get_preference("ovaldi report format");
+ if (report_format == "Text") slad_cmd = slad_exe + " -r ovaldi:short";
+ else if (report_format == "Text") slad_cmd = slad_exe + " -r ovaldi:html";
+ if (run == "yes") results += ssh_cmd (socket: sock, cmd: slad_cmd, timeout: 60);
+ # snmptrapwatch
+ run = script_get_preference ("Analyse SNMP-Traps collected by snmptrapd (Linux only)");
+ slad_cmd = slad_exe + " -r snmptrapwatch:snmptrapwatch";
+ if (run == "yes") results += ssh_cmd (socket: sock, cmd: slad_cmd, timeout: 60);
+ # snort
+ run = script_get_preference ("Fetch Snort-Events from the Snort MYSQL Database (Linux only)");
+ slad_cmd = slad_exe + " -r snort:snort";
+ if (run == "yes") results += ssh_cmd (socket: sock, cmd: slad_cmd, timeout: 60);
+ # sshvulnkey
+ run = script_get_preference ("Execute ssh vulnkey to detect unsecure SSH RSA and DSA keys from broken Debian OpenSSL pkt (Linux only)");
+ slad_cmd = slad_exe + " -r sshvulnkey:sshvuln";
+ if (run == "yes") results += ssh_cmd (socket: sock, cmd: slad_cmd, timeout: 60);
+ # chkrootkit
+ run = script_get_preference ("Execute ChkRootKit to find installed rootkits (Linux only)");
+ slad_cmd = slad_exe + " -r chkrootkit:chkrootkit";
+ if (run == "yes") results += ssh_cmd (socket: sock, cmd: slad_cmd, timeout: 60);
+ if (results) security_warning (data: results);
+}
+
+function get_slad_description (entry) {
+ if (entry == "tripwire:tripwire:tripwire") return "Execute Tripwire HIDS to check system's file integrity";
+ else if (entry == "ClamAV:ClamAVQua:QuarantClamAV") return "Execute ClamAV to search for virus-infected files: Move infected files to quarantine";
+ else if (entry == "ClamAV:ClamAVDel:DeleteClamAV") return "Execute ClamAV to search for virus-infected files: Remove infected files";
+ else if (entry == "ClamAV:ClamAVNoArch:QuarantClamAVNoArch") return "Execute ClamAV to search for virus-infected files: Move infected files to quarantine exclude archives (.zip, .tgz, etc)";
+ else if (entry == "ClamAV:ClamAVDelNoArch:DeleteClamAVNoArch") return "Execute ClamAV to search for virus-infected files: Remove infected files exclude archives (.zip, .tgz, etc)";
+ else if (entry == "lsof:lsof:lsof") return "Execute LSOF to retrieve a list of open files";
+ else if (entry == "tiger:tigeruser:tigeruser") return "Execute Tiger for various checks: Checks user and passwd on local system";
+ else if (entry == "tiger:tigerperm:tigerperm") return "Execute Tiger for various checks: Check Filesystem Permissions";
+ else if (entry == "tiger:tigerconfig:tigerconfig") return "Execute Tiger for various checks: Check Systems Configuration and applications";
+ else if (entry == "tiger:tigersystem:tigersystem") return "Execute Tiger for various checks: Check running System and Processes";
+ else if (entry == "tiger:fulltiger:fulltiger") return "Execute Tiger for various checks: Perform all Tiger checks on system";
+ else if (entry == "syslogwatch:logwatchlow:logwatchlow") return "Analyse Syslog-Files for security incidents: Analyse SysLogs low detail";
+ else if (entry == "syslogwatch:logwatchmed:logwatchmed") return "Analyse Syslog-Files for security incidents: Analyse SysLogs medium detail";
+ else if (entry == "syslogwatch:logwatchhigh:logwatchhigh") return "Analyse Syslog-Files for security incidents: Analyse SysLogs high detail";
+ else if (entry == "sensors:sensors:sensors") return "fetch hardware MB sensors";
+ else if (entry == "john:fastjohn:fastjohn") return "Execute John-the-Ripper to find weak user passwords: Fast-Crack";
+ else if (entry == "john:dictjohn:dictjohn") return "Execute John-the-Ripper to find weak user passwords: Dictionary Mode (slow)";
+ else if (entry == "john:fulljohn:fulljohn") return "Execute John-the-Ripper to find weak user passwords: Full-Crack (very slow)";
+ else if (entry == "ovaldi:short:short") return "Execute ovaldi for scanning OVAL described issues: Text Report";
+ else if (entry == "ovaldi:html:html") return "Execute ovaldi for scanning OVAL described issues: HTML Report";
+ else if (entry == "snmptrapwatch:snmptrapwatch:trapwatch") return "Analyse SNMP-Traps collected by snmptrapd: SNMP Traps in the daemon.log";
+ else if (entry == "snort:snort:snort") return "Fetch Snort-Events from the Snort MYSQL Database";
+ else if (entry == "sshvulnkey:sshvuln:normal") return "Execute ssh vulnkey to detect unsecure SSH RSA and DSA keys from broken Debian OpenSSL pkt";
+ else if (entry == "chkrootkit:chkrootkit:normal") return "Execute ChkRootKit to find installed rootkits";
+}
+
+function dump_preferences () {
+ display ("tripwire: ", script_get_preference ("Execute Tripwire HIDS to check system's file integrity (Linux only)"), "\n");
+ display ("ClamAV: ", script_get_preference ("Execute ClamAV to search for virus-infected files (Linux only)"), "\n");
+ display (" level: ", script_get_preference ("ClamAV level"), "\n");
+ display ("lsof: ", script_get_preference ("Execute LSOF to retrieve a list of open files (Linux only)"), "\n");
+ display ("tiger: ", script_get_preference ("Execute Tiger for various checks (Linux only)"), "\n");
+ display (" level: ", script_get_preference ("tiger level"), "\n");
+ display ("syslogwatch: ", script_get_preference ("Analyse Syslog-Files for security incidents (Linux only)"), "\n");
+ display (" level: ", script_get_preference ("syslogwatch level"), "\n");
+ display ("sensors: ", script_get_preference ("fetch hardware MB sensors"), "\n");
+ display ("john: ", script_get_preference ("Execute John-the-Ripper to find weak user passwords (Linux only)"), "\n");
+ display (" level: ", script_get_preference ("john level"), "\n");
+ display ("ovaldi: ", script_get_preference ("Execute ovaldi for scanning OVAL described issues (Linux only)"), "\n");
+ display ("snmptrapwatch: ", script_get_preference ("Analyse SNMP-Traps collected by snmptrapd (Linux only)"), "\n");
+ display ("snort: ", script_get_preference ("Fetch Snort-Events from the Snort MYSQL Database (Linux only)"), "\n");
+ display ("sshvulnkey: ", script_get_preference ("Execute ssh vulnkey to detect unsecure SSH RSA and DSA keys from broken Debian OpenSSL pkt (Linux only)"), "\n");
+ display ("chkrootkit: ", script_get_preference ("Execute ChkRootKit to find installed rootkits (Linux only)"), "\n");
+}
Modified: trunk/openvas-plugins/scripts/slad_fetch_results.nasl
===================================================================
--- trunk/openvas-plugins/scripts/slad_fetch_results.nasl 2009-12-03 11:57:42 UTC (rev 6054)
+++ trunk/openvas-plugins/scripts/slad_fetch_results.nasl 2009-12-03 14:52:01 UTC (rev 6055)
@@ -1,15 +1,33 @@
+###############################################################################
+# OpenVAS Vulnerability Test
#
+# Fetch results of SLAD queries from a remote machine
#
-# Copyright 2005 DN Systems GmbH
+# Authors:
+# Dirk Jagdmann
+# Michael Wiegand
#
-# License: GNU GPLv2 or any later version
+# Copyright:
+# Copyright (c) 2005 DN-Systems GmbH
#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2
+# (or any later version), as published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+################################################################################
debug = 0;
include ("ssh_func.inc");
include ("slad.inc");
-include ("slad_ssh.inc");
if(description) {
script_id(90003);
@@ -37,15 +55,20 @@
family = "SLAD";
script_family(family);
- script_dependencies ("find_service.nes", "slad_init.nasl");
+ script_dependencies ("find_service.nes", "ssh_authorization.nasl");
script_require_ports (22, "Services/ssh");
- script_require_keys ("SLAD/login");
+ script_require_keys ("Secret/SSH/login");
exit(0);
}
{
- sock = slad_ssh_login ();
+ sock = ssh_login_or_reuse_connection();
+ if(!sock) {
+ # Send "error" as set by ssh_funcs.
+ log_message(port:port, data:get_ssh_error());
+ exit(0);
+ }
slad_exe = '/opt/slad/bin/sladd';
slad_cmd = slad_exe + ' -s jobs';
Deleted: trunk/openvas-plugins/scripts/slad_init.nasl
===================================================================
--- trunk/openvas-plugins/scripts/slad_init.nasl 2009-12-03 11:57:42 UTC (rev 6054)
+++ trunk/openvas-plugins/scripts/slad_init.nasl 2009-12-03 14:52:01 UTC (rev 6055)
@@ -1,72 +0,0 @@
-#
-#
-# Copyright 2005 DN Systems GmbH
-#
-# License: GNU GPLv2 or any later version
-#
-
-debug = 0;
-slad_login_name = "slad";
-
-if(description) {
- script_id(90001);
- script_version ("1.0");
- name = "SLAD Init";
-
- script_name(name);
-
- desc = "
-This script provides the SLAD scripts with login
-information.";
-
- script_description(desc);
-
- summary = "Set SLAD login information";
- script_summary(summary);
-
- script_category(ACT_INIT);
-
- script_copyright("This script is Copyright 2005 DN Systems GmbH");
- family = "SLAD";
- script_family(family);
-
- # The script preferences
- script_add_preference (name: "slad SSH public key:", type: "file",
- value: "");
- script_add_preference (name: "slad SSH private key:", type: "file",
- value: "");
- script_add_preference (name: "slad SSH key passphrase:", type: "password",
- value: "");
- exit(0);
-}
-
-{
- if (debug) {
- display ("kb: n: <", get_kb_item ("SLAD/login"), ">\n");
- display ("pub: ", get_kb_item ("SLAD/publickey"), "\n");
- display ("priv: ", get_kb_item ("SLAD/privatekey"), "\n");
- }
-
- # Get the values from the script preferences
- slad_public_key = script_get_preference_file_content ("slad SSH public key:");
- slad_private_key = script_get_preference_file_content ("slad SSH private key:");
- slad_key_passphrase = script_get_preference ("slad SSH key passphrase:");
-
- if (debug) {
- display ("d1: pp: <", slad_key_passphrase, ">\n");
- display ("pub: ", slad_public_key, "\n");
- display ("priv: ", slad_private_key, "\n");
- }
-
- # Store secret information for running/fetching results
- if (slad_key_passphrase)
- replace_kb_item (name: "Secret/SLAD/passphrase", value: slad_key_passphrase);
-
- replace_kb_item (name: "SLAD/login", value: slad_login_name);
-
- if (slad_public_key)
- replace_kb_item (name: "SLAD/publickey", value: slad_public_key);
-
- if (slad_private_key)
- replace_kb_item (name: "SLAD/privatekey", value: slad_private_key);
-}
Modified: trunk/openvas-plugins/scripts/slad_run.nasl
===================================================================
--- trunk/openvas-plugins/scripts/slad_run.nasl 2009-12-03 11:57:42 UTC (rev 6054)
+++ trunk/openvas-plugins/scripts/slad_run.nasl 2009-12-03 14:52:01 UTC (rev 6055)
@@ -1,14 +1,32 @@
+###############################################################################
+# OpenVAS Vulnerability Test
#
+# Fetch results of SLAD queries from a remote machine
#
-# Copyright 2005 DN Systems GmbH
+# Authors:
+# Dirk Jagdmann
+# Michael Wiegand
#
-# License: GNU GPLv2 or any later version
+# Copyright:
+# Copyright (c) 2005 DN-Systems GmbH
#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2
+# (or any later version), as published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+################################################################################
debug = 0;
include ("ssh_func.inc");
-include ("slad_ssh.inc");
include ("slad.inc");
if (description) {
@@ -28,7 +46,7 @@
script_description(desc);
- summary = "Connects to SLAD to tun programs remotely";
+ summary = "Connects to SLAD to run programs remotely";
script_summary(summary);
script_category(ACT_GATHER_INFO);
@@ -37,7 +55,7 @@
family = "SLAD";
script_family(family);
- script_dependencies ("find_service.nes", "slad_init.nasl");
+ script_dependencies ("find_service.nes", "ssh_authorization.nasl");
script_require_ports (22, "Services/ssh");
# Dynamic entries for running from slad.inc
@@ -52,7 +70,12 @@
if (debug)
dump_preferences ();
- sock = slad_ssh_login ();
+ sock = ssh_login_or_reuse_connection();
+ if(!sock) {
+# Send "error" as set by ssh_funcs.
+ log_message(port:port, data:get_ssh_error());
+ exit(0);
+ }
run_slad (sock: sock, slad_exe: "/opt/slad/bin/sladd");
close (sock);
Deleted: trunk/openvas-plugins/scripts/slad_ssh.inc
===================================================================
--- trunk/openvas-plugins/scripts/slad_ssh.inc 2009-12-03 11:57:42 UTC (rev 6054)
+++ trunk/openvas-plugins/scripts/slad_ssh.inc 2009-12-03 14:52:01 UTC (rev 6055)
@@ -1,49 +0,0 @@
-#
-#
-# Copyright 2005 DN Systems GmbH
-#
-# License: GNU GPLv2 or any later version
-#
-function slad_ssh_login () {
- slad_key_passphrase = get_kb_item ("Secret/SLAD/passphrase");
- slad_login_name = get_kb_item ("SLAD/login");
- slad_public_key = get_kb_item ("SLAD/publickey");
- slad_private_key = get_kb_item ("SLAD/privatekey");
-
- if (debug) {
- display ("slad_run: n: <", slad_login_name,
- "> pp: <", slad_key_passphrase, ">\n");
- display ("pub: ", slad_public_key, "\n");
- display ("priv: ", slad_private_key, "\n");
- }
-
- port = kb_ssh_transport();
- if (!port) port = 22;
- else port = int (port);
-
- if (!slad_login_name) {
- security_note (port: port, data: "No username given for SLAD checks. SLAD checks will be disabled.");
- exit (0);
- }
- if (!slad_private_key) {
- security_note (port: port, data: "No key given for SLAD checks. SLAD checks will be disabled.");
- exit (0);
- }
-
- # Connect via SSH
- sock = open_sock_tcp (port);
- if (!sock || sock < 1) {
- security_warning (port: port, data: "Could not get socket.");
- exit (0);
- }
- if (ssh_login (socket:sock, login: slad_login_name, password: NULL,
- pub: slad_public_key, priv: slad_private_key,
- passphrase: slad_key_passphrase) != 0) {
- msg = "SSH login failed: " + get_ssh_error();
- security_warning (port: port, data: msg);
- close (sock);
- exit (0);
- }
-
- return sock;
-}
More information about the Openvas-commits
mailing list