Hello all,
When performing assessments, I usually strip out all aggressive plugins from nessus.
This extra step is taken as a "cya" just in case things go amiss during an assessment.
With that in mind, I added an additional flag to nessus-update-plugins. This flag, -s,
will not change the normal process of updating plugins, but will take the additional
step of removing all plugins categorized as dangerous, ie. ACT_DENIAL, ACT_KILL_HOST
and ACT_DESTRUCTIVE_ATTACK from the nessus plugins dir. I plan on incorporating this
into my scanning process and would be interested in hearing if others would find this
useful.
I've attached a patch for those interested.
-dave
--- nessus-update-plugins 2004-02-23 21:29:22.000000000 -0500
+++ nessus-update-plugins_with_s_flag 2004-02-23 21:44:36.000000000 -0500
@@ -104,6 +104,7 @@
echo "-v : be verbose"
echo "-r <pluginname> : view the content of a plugin"
echo "-i <pluginname> : only install <pluginname>"
+ echo "-s : only update non-destructive plugins"
echo "-h : this help screen"
echo
echo "Default action : update the nessusd plugins"
@@ -166,7 +167,7 @@
export http_proxy
-opts=`getopt "vlr:hi:" $*`
+opts=`getopt "vlr:hi:s" $*`
for i in $opts
do
@@ -192,6 +193,10 @@
expect_i="y"
;;
+ -s)
+ SAFE="y";
+ ;;
+
*)
test -n "$expect_r" &&
{
@@ -268,6 +273,14 @@
chown 0 $pluginsdir/*.nasl
chgrp 0 $pluginsdir/*.inc
+if [ "$SAFE" = "y" ];
+then
+for i in `grep -l "ACT_[DESTRUCTIVE_ATTACK|DENIAL|KILL_HOST]" $pluginsdir/*`
+do
+ rm -rf "$i"
+done
+fi
+
# HUP nessusd
test -f ${prefix}/var/nessus/nessusd.pid && {
pid=`cat ${prefix}/var/nessus/nessusd.pid`
_______________________________________________
Nessus mailing list
[EMAIL PROTECTED]
http://mail.nessus.org/mailman/listinfo/nessus
