Looks like I can't rely on the "version" property to check for Nessus
plugin updates/new insertions.
I mean, I see how updating the relevant property when a plug is updated
is left to the plug author, but I also see that the setting _itself_ of
the property is not mandatory. Sadly a quick look at the NASL plugs shows:
andrew@andreucci:~$ NESSUSPLUGSDIR=/usr/local/lib/nessus/plugins; \
for ABC in $(ls -1 $NESSUSPLUGSDIR/*.nasl); do \
printf "%-40s : " $(basename $ABC); \
[ -z "$(grep -i "script_version" $ABC)" ] && echo -n "NOT "; \
echo "versioned"; \
done
3com_switches.nasl : versioned
BEA_weblogic_Reveal_Script_Code.nasl : versioned
[...snip]
citrix_find.nasl : NOT versioned
[...snip]
eftp_bufferoverflow.nasl : NOT versioned
eftp_directory_traversal.nasl : NOT versioned
[...etc]
andrew@andreucci:~$
I have already implemented a procedure that keeps a hash of the plugin
file contents to check for updates. The problem is:
- I can't grep other useful plug information from sources, e.g. what
about .nes plugs?
- nessus -qp gives out the info (nice!), but I can't reliably check for
updates
possible solutions:
- include plug filename in nessus -qp output, so that I can use the hash
trick (this info may come otherwise handy)
- force proper use of versioning directive (hmmm...)
- ???
In other news, for a number of reasons I'd suggest adding a switch to
avoid dumping table commands in nessus -qSp output
(OK, I know, vim, diff, mail :-)
--andrew
