[Openvas-discuss] My own NASL

Chandrashekhar B bchandra at secpod.com
Tue Aug 21 14:41:35 CEST 2012


Juan,

 

If you have the openvas-plugins svn checked out, you can grep for pread in
that. There isn’t a good documentation yet for NASL.

 

Chandra.

www.scaprepo.com

 

From: Juan José Pavlik Salles [mailto:jjpavlik at gmail.com] 
Sent: Tuesday, August 21, 2012 5:36 PM
To: bchandra at secpod.com
Cc: Mailing-List openvas
Subject: Re: [Openvas-discuss] My own NASL

 

Hi Chandra, thanks for answering, i will try the pread function. Is there
any documentation to read about it?

About the LSC, my boss doesn't like the idea of having all the users &
passwords of the servers we should scan in one server. He said a minor leak
in this server would cause a mayor one in the hole network, and he doesn't
want to take that risk. So.. i have to look for a safer way.   

2012/8/20 Chandrashekhar B <bchandra at secpod.com>

Juan,

 

You can run a Perl script from the machine which is running OpenVAS using
NASL’s pread() function. We are using this method to execute external
scanners like snmpwalk. 

 

Any particular reason why you were told strongly not use LSC?

 

Chandra.

www.scaprepo.com

 

From: Openvas-discuss [mailto:openvas-discuss-bounces at wald.intevation.org]
On Behalf Of Juan José Pavlik Salles
Sent: Monday, August 20, 2012 7:26 AM
To: Mailing-List openvas
Subject: [Openvas-discuss] My own NASL

 

Hi, i want to show all the needed security updates on my servers, but i was
strongly told not to use Local Security Checks. So i came up with this
solution:

-I've ocs inventory installed on my servers, and i wrote a module that sends
the needed security updates to the ocs inventory server.

Now i need to write a NASL wich i can use to get that information from the
ocs database, is it possible??? Can i execute some perl script from the NASL
and get its output??? Is this a good idea??? Thanks

-- 
Pavlik Juan José

  _____  

No virus found in this message.
Checked by AVG - www.avg.com
Version: 2012.0.2197 / Virus Database: 2437/5207 - Release Date: 08/18/12




-- 
Pavlik Juan José

  _____  

No virus found in this message.
Checked by AVG - www.avg.com
Version: 2012.0.2197 / Virus Database: 2437/5212 - Release Date: 08/20/12

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.wald.intevation.org/pipermail/openvas-discuss/attachments/20120821/18bfa865/attachment.html>


More information about the Openvas-discuss mailing list