[Openvas-commits] r8632 - in trunk/openvas-plugins: . scripts
scm-commit@wald.intevation.org
scm-commit at wald.intevation.org
Tue Aug 3 15:35:29 CEST 2010
Author: mwiegand
Date: 2010-08-03 15:35:26 +0200 (Tue, 03 Aug 2010)
New Revision: 8632
Modified:
trunk/openvas-plugins/ChangeLog
trunk/openvas-plugins/scripts/slad.inc
trunk/openvas-plugins/scripts/slad_fetch_results.nasl
Log:
* scripts/slad_fetch_results.nasl, scripts/slad.inc: Adding updates
proposed by Thomas Rotter.
Modified: trunk/openvas-plugins/ChangeLog
===================================================================
--- trunk/openvas-plugins/ChangeLog 2010-08-03 13:23:38 UTC (rev 8631)
+++ trunk/openvas-plugins/ChangeLog 2010-08-03 13:35:26 UTC (rev 8632)
@@ -1,3 +1,8 @@
+2010-08-03 Michael Wiegand <michael.wiegand at greenbone.net>
+
+ * scripts/slad_fetch_results.nasl, scripts/slad.inc: Adding updates
+ proposed by Thomas Rotter.
+
2010-08-03 Michael Meyer <michael.meyer at greenbone.net>
* scripts/gb_opera_mult_vuln_win02_july10.nasl:
Modified: trunk/openvas-plugins/scripts/slad.inc
===================================================================
--- trunk/openvas-plugins/scripts/slad.inc 2010-08-03 13:23:38 UTC (rev 8631)
+++ trunk/openvas-plugins/scripts/slad.inc 2010-08-03 13:35:26 UTC (rev 8632)
@@ -7,6 +7,9 @@
# Dirk Jagdmann
# Michael Wiegand
#
+# Changes:
+# Thomas Rotter
+#
# Copyright:
# Copyright (c) 2005 DN-Systems GmbH
#
@@ -65,26 +68,28 @@
function check_and_run_slad_plugins(sock, slad_exe, runlevel, run){
val = get_slad_plugins(sock:sock, slad_exe:slad_exe);
desc = get_slad_description (entry:runlevel);
+ shortdesc = get_slad_short_description (entry:runlevel);
if (run == "yes" && runlevel >< val){
slad_cmd = slad_exe + " -r " + runlevel;
sladresult = ssh_cmd (socket: sock, cmd: slad_cmd, timeout: 60);
- if ("200 queued" >< sladresult) result = 'This Plugins was started:\n' + desc + '\n\n';
- else if ("403 plugin already running" >< sladresult) result = 'This Plugins is already running:\n' + desc + '\n\n';
+ if ("200 queued" >< sladresult) result = shortdesc + ':\tThe Plugins was started.\n';
+ else if ("403 plugin already running" >< sladresult) result = shortdesc + ':\tThe Plugin is already running.\n';
else result = desc +':\n' + sladresult;
}else if (run == "yes" && runlevel >!< val){
- result = 'This Plugin was not present on target system, but selected to execute:\n' + desc + '\n\n';
+ result = shortdesc + ':\tThe Plugin was not present on target system, but selected to execute.\n';
}else if(run == "no" && runlevel >< val){
- result = 'This Plugin was present on target system, but not selected to execute:\n' + desc + '\n\n';
+ result = shortdesc + ':\tThe Plugin was present on target system, but not selected to execute.\n';
}else if(run == "no" && runlevel >!< val){
- result = 'This Plugin was not present on target system and not selected to execute:\n' + desc + '\n\n';
+ result = shortdesc + ':\tThe Plugin was not present on target system and not selected to execute.\n';
}else result = sladresult;
return result;
}
function run_slad (sock, slad_exe) {
- # tripwire
- run = script_get_preference ("Execute Tripwire HIDS to check system's file integrity (Linux only)");
- runlevel = "tripwire:tripwire:tripwire";
+
+ # chkrootkit
+ run = script_get_preference ("Execute ChkRootKit to find installed rootkits (Linux only)");
+ runlevel = "chkrootkit:chkrootkit:normal";
results += check_and_run_slad_plugins (sock:sock, slad_exe:slad_exe, runlevel:runlevel, run:run);
# ClamAV
@@ -96,30 +101,7 @@
else if (level == "Remove infected files exclude archives (.zip, .tgz, etc)") runlevel = "ClamAV:ClamAVDelNoArch:DeleteClamAVNoArch";
results += check_and_run_slad_plugins (sock:sock, slad_exe:slad_exe, runlevel:runlevel, run:run);
- # lsof
- run = script_get_preference ("Execute LSOF to retrieve a list of open files (Linux only)");
- runlevel = "lsof:lsof:lsof";
- results += check_and_run_slad_plugins (sock:sock, slad_exe:slad_exe, runlevel:runlevel, run:run);
-
- # tiger
- run = script_get_preference ("Execute Tiger for various checks (Linux only)");
- level = script_get_preference ("tiger level");
- if (level == "Checks user and passwd on local system") runlevel = "tiger:tigeruser:tigeruser";
- else if (level == "Check Filesystem Permissions") runlevel = "tiger:tigerperm:tigerperm";
- else if (level == "Check Systems Configuration and applications") runlevel = "tiger:tigerconfig:tigerconfig";
- else if (level == "Check running System and Processes") runlevel = "tiger:tigersystem:tigersystem";
- else if (level == "Perform all Tiger checks on system") runlevel = "tiger:fulltiger:fulltiger";
- results += check_and_run_slad_plugins (sock:sock, slad_exe:slad_exe, runlevel:runlevel, run:run);
-
- # syslogwatch
- run = script_get_preference ("Analyse Syslog-Files for security incidents (Linux only)");
- level = script_get_preference ("syslogwatch level");
- if (level == "Analyse SysLogs low detail") runlevel = "syslogwatch:logwatchlow:logwatchlow";
- else if (level == "Analyse SysLogs medium detail") runlevel = "syslogwatch:logwatchmed:logwatchmed";
- else if (level == "Analyse SysLogs high detail") runlevel = "syslogwatch:logwatchhigh:logwatchhigh";
- results += check_and_run_slad_plugins (sock:sock, slad_exe:slad_exe, runlevel:runlevel, run:run);
-
- # sensors
+ # hardware MB sensors
run = script_get_preference ("fetch hardware MB sensors (Linux only)");
runlevel = "sensors:sensors:sensors";
results += check_and_run_slad_plugins (sock:sock, slad_exe:slad_exe, runlevel:runlevel, run:run);
@@ -132,13 +114,58 @@
else if (level == "Full-Crack (very slow)") runlevel = "john:fulljohn:fulljohn";
results += check_and_run_slad_plugins (sock:sock, slad_exe:slad_exe, runlevel:runlevel, run:run);
+ # lsof
+ run = script_get_preference ("Execute LSOF to retrieve a list of open files (Linux only)");
+ runlevel = "lsof:lsof:lsof";
+ results += check_and_run_slad_plugins (sock:sock, slad_exe:slad_exe, runlevel:runlevel, run:run);
+
+ # MBSA
+ run = script_get_preference ("Execute Microsoft Baseline Security Analyzer (Windows only)");
+ level = script_get_preference ("MBSA level");
+ if (level == "Run MBSA and check only for missing updates on Windows Update") runlevel = "MBSA:updates:mbsaupdates";
+ else if (level == "Run MBSA and check only for missing updates on WSUS") runlevel = "MBSA:wsusupdates:mbsawsusupdates";
+ else if (level == "Run MBSA and check only local Userpasswords") runlevel = "MBSA:password:mbsapassword";
+ else if (level == "Run MBSA and check the OS") runlevel = "MBSA:os:mbsaos";
+ else if (level == "Run MBSA and check only InternetInformationServer") runlevel = "MBSA:iis:mbsaiis";
+ else if (level == "Run MBSA and check only SQL Server") runlevel = "MBSA:sql:mbsasql";
+ else if (level == "Run MBSA and perform all Tests") runlevel = "MBSA:all:mbsaall";
+ results += check_and_run_slad_plugins (sock:sock, slad_exe:slad_exe, runlevel:runlevel, run:run);
+
+ # netstat
+ run = script_get_preference ("Execute Netstat to Displays all connections and listening ports. (Windows only)");
+ level = script_get_preference ("netstat level");
+ if (level == "udp/tcp and udpv6/tcpv6") runlevel = "Netstat:na:netstat-na";
+ else if (level == "tcp and tcpv6") runlevel = "Netstat:natcp:netstat-natcp";
+ else if (level == "udp and udpv6") runlevel = "Netstat:naudp:netstat-naudp";
+ results += check_and_run_slad_plugins (sock:sock, slad_exe:slad_exe, runlevel:runlevel, run:run);
+
# ovaldi
run = script_get_preference ("Execute ovaldi for scanning OVAL described issues");
report_format = script_get_preference("ovaldi report format");
if (report_format == "Text") runlevel = "ovaldi:short:short";
else if (report_format == "HTML") runlevel = "ovaldi:html:html";
results += check_and_run_slad_plugins (sock:sock, slad_exe:slad_exe, runlevel:runlevel, run:run);
+
+ # tiger
+ run = script_get_preference ("Execute Tiger for various checks (Linux only)");
+ level = script_get_preference ("tiger level");
+ if (level == "Checks user and passwd on local system") runlevel = "tiger:tigeruser:tigeruser";
+ else if (level == "Check Filesystem Permissions") runlevel = "tiger:tigerperm:tigerperm";
+ else if (level == "Check Systems Configuration and applications") runlevel = "tiger:tigerconfig:tigerconfig";
+ else if (level == "Check running System and Processes") runlevel = "tiger:tigersystem:tigersystem";
+ else if (level == "Perform all Tiger checks on system") runlevel = "tiger:fulltiger:fulltiger";
+ results += check_and_run_slad_plugins (sock:sock, slad_exe:slad_exe, runlevel:runlevel, run:run);
+ # tripwire
+ run = script_get_preference ("Execute Tripwire HIDS to check system's file integrity (Linux only)");
+ runlevel = "tripwire:tripwire:tripwire";
+ results += check_and_run_slad_plugins (sock:sock, slad_exe:slad_exe, runlevel:runlevel, run:run);
+
+ # SFC
+ run = script_get_preference ("Execute SFC to Scan integrity of all protected system files. This Funktion will only work on (Windows Vista/2008 and later)");
+ runlevel = "SFC:verifyonly:sfcverifyonly";
+ results += check_and_run_slad_plugins (sock:sock, slad_exe:slad_exe, runlevel:runlevel, run:run);
+
# snmptrapwatch
run = script_get_preference ("Analyse SNMP-Traps collected by snmptrapd (Linux only)");
runlevel = "snmptrapwatch:snmptrapwatch:trapwatch";
@@ -154,38 +181,17 @@
runlevel = "sshvulnkey:sshvuln:normal";
results += check_and_run_slad_plugins (sock:sock, slad_exe:slad_exe, runlevel:runlevel, run:run);
- # chkrootkit
- run = script_get_preference ("Execute ChkRootKit to find installed rootkits (Linux only)");
- runlevel = "chkrootkit:chkrootkit:normal";
+ # syslogwatch
+ run = script_get_preference ("Analyse Syslog-Files for security incidents (Linux only)");
+ level = script_get_preference ("syslogwatch level");
+ if (level == "Analyse SysLogs low detail") runlevel = "syslogwatch:logwatchlow:logwatchlow";
+ else if (level == "Analyse SysLogs medium detail") runlevel = "syslogwatch:logwatchmed:logwatchmed";
+ else if (level == "Analyse SysLogs high detail") runlevel = "syslogwatch:logwatchhigh:logwatchhigh";
results += check_and_run_slad_plugins (sock:sock, slad_exe:slad_exe, runlevel:runlevel, run:run);
- # netstat
- run = script_get_preference ("Execute Netstat to Displays all connections and listening ports. (Windows only)");
- level = script_get_preference ("netstat level");
- if (level == "udp/tcp and udpv6/tcpv6") runlevel = "Netstat:na:netstat-na";
- else if (level == "tcp and tcpv6") runlevel = "Netstat:natcp:netstat-natcp";
- else if (level == "udp and udpv6") runlevel = "Netstat:naudp:netstat-naudp";
- results += check_and_run_slad_plugins (sock:sock, slad_exe:slad_exe, runlevel:runlevel, run:run);
-
- # SFC
- run = script_get_preference ("Execute SFC to Scan integrity of all protected system files. This Funktion will only work on (Windows Vista/2008 and later)");
- runlevel = "SFC:verifyonly:sfcverifyonly";
- results += check_and_run_slad_plugins (sock:sock, slad_exe:slad_exe, runlevel:runlevel, run:run);
-
- # MBSA
- run = script_get_preference ("Execute Microsoft Baseline Security Analyzer (Windows only)");
- level = script_get_preference ("MBSA level");
- if (level == "Run MBSA and check only for missing updates on Windows Update") runlevel = "MBSA:updates:mbsaupdates";
- else if (level == "Run MBSA and check only for missing updates on WSUS") runlevel = "MBSA:wsusupdates:mbsawsusupdates";
- else if (level == "Run MBSA and check only local Userpasswords") runlevel = "MBSA:password:mbsapassword";
- else if (level == "Run MBSA and check the OS") runlevel = "MBSA:os:mbsaos";
- else if (level == "Run MBSA and check only InternetInformationServer") runlevel = "MBSA:iis:mbsaiis";
- else if (level == "Run MBSA and check only SQL Server") runlevel = "MBSA:sql:mbsasql";
- else if (level == "Run MBSA and perform all Tests") runlevel = "MBSA:all:mbsaall";
- results += check_and_run_slad_plugins (sock:sock, slad_exe:slad_exe, runlevel:runlevel, run:run);
- if (results) security_warning (data: results);
- else security_warning (data: string('SLAD Run: No result was fetched. Perhaps no test has been selected?'));
+ if (results) security_note (data: results);
+ else security_note (data: string('SLAD Run: No result was fetched. Perhaps no test has been selected?'));
}
function get_slad_description (entry) {
@@ -227,6 +233,24 @@
else if (entry == "MBSA:all:mbsaall") return "Execute Microsoft Baseline Security Analyzer and perform all Tests";
}
+function get_slad_short_description (entry) {
+ if (entry =~ "tripwire:.*") return "Tripwire HIDS";
+ else if (entry =~ "ClamAV:.*") return "ClamAV";
+ else if (entry =~ "lsof:.*") return "LSOF";
+ else if (entry =~ "tiger:.*") return "Tiger";
+ else if (entry =~ "syslogwatch:.*") return "SyslogWatch";
+ else if (entry =~ "sensors:.*") return "Hardware MB sensors";
+ else if (entry =~ "john:.*") return "John-the-Ripper";
+ else if (entry =~ "ovaldi:.*") return "Ovaldi";
+ else if (entry =~ "snmptrapwatch:.*") return "Snmptrapd";
+ else if (entry =~ "snort:.*") return "Snort";
+ else if (entry =~ "sshvulnkey:.*") return "ssh vulnkey";
+ else if (entry =~ "chkrootkit:.*") return "ChkRootKit";
+ else if (entry =~ "Netstat:.*") return "Netstat";
+ else if (entry =~ "SFC:.*") return "SFC";
+ else if (entry =~ "MBSA:.*") return "MBSA";
+}
+
function dump_preferences () {
display ("tripwire: ", script_get_preference ("Execute Tripwire HIDS to check system's file integrity (Linux only)"), "\n");
display ("ClamAV: ", script_get_preference ("Execute ClamAV to search for virus-infected files (Linux only)"), "\n");
Modified: trunk/openvas-plugins/scripts/slad_fetch_results.nasl
===================================================================
--- trunk/openvas-plugins/scripts/slad_fetch_results.nasl 2010-08-03 13:23:38 UTC (rev 8631)
+++ trunk/openvas-plugins/scripts/slad_fetch_results.nasl 2010-08-03 13:35:26 UTC (rev 8632)
@@ -7,6 +7,9 @@
# Dirk Jagdmann
# Michael Wiegand
#
+# Changes:
+# Thomas Rotter
+#
# Copyright:
# Copyright (c) 2005 DN-Systems GmbH
#
@@ -70,7 +73,8 @@
log_message(port:port, data:get_ssh_error());
exit(0);
}
-
+
+
slad_exe = '/opt/slad/bin/sladd';
slad_cmd = slad_exe + ' -s jobs';
@@ -94,10 +98,11 @@
results += string (desc + "\n");
slad_cmd = slad_exe + ' -s ' + job;
results += ssh_cmd (socket:sock, cmd:slad_cmd, timeout:60);
- results += string ("\n");
+ results += string ("\n--------------------------------------------------------------------------------\n\n");
}
}
if (results) security_warning (data: results);
- if (running) security_warning (data: string ('Still running processes: \n' + running));
+ if (running) security_note (data: string ('Still running processes: \n' + running));
+ if (!running && !results) security_note (data: string ('Slad_Fetch has no Result polled.'));
close (sock);
}
More information about the Openvas-commits
mailing list