Re: batch job - hide username/password

Sat, 13 May 2006 18:13:29 -0700 

At 8:09 AM +0200 5/13/06, Andy Kocher wrote:

Hi,

I'm running nessus scans as batch jobs and would like to
know if there is a way to hide username/password while
executing the 'ps -ef' command on a Solaris box.  The
same goes for update-nessusrc.


I'm running nessus-2.2.7 on FreeBSD, which I compile
from source (using the ports collection).  I added a
patch to it which allows me to specify "prompt" as
the userid or password.  If you specify that word for
either field, then the program reads stdin for the
value to use.  This works fine for my purposes, but
I don't know if it would work for other situations.

Which is to say, everyone is welcome to use it, but I
make no guarantees about it...    :-)

================================================
--- nessus.c.orig       Tue Nov  1 13:29:40 2005
+++ nessus.c    Wed Feb  8 17:22:18 2006
@@ -806,6 +806,7 @@
   int opt_i= 0;
   int opt_o= 0;
   char * inf = NULL, *outf = NULL;
+  char *nl_idx, prompt_buff[120];

   /*
    * Version check
@@ -1175,12 +1176,41 @@

     /* next argument: LOGIN */
     arg = argv[inc_optind()];
+    if (strcasecmp("prompt", arg) == 0) {
+       bzero(arg, strlen(arg));
+       fprintf(stderr, "Enter nessus userid: ");
+       nl_idx = fgets(prompt_buff, sizeof(prompt_buff) - 1, stdin);
+       if (nl_idx == NULL) {
+           fprintf(stderr, "Problem reading userid, exiting...\n");
+           exit(1);
+       }
+       nl_idx = strchr(prompt_buff, '\n');
+       if (nl_idx != NULL)
+           *nl_idx = '\0';
+       arg = &prompt_buff[0];
+    }
     cli_args_login(cli, arg);
     bzero(arg, strlen(arg));
/* next argument: PASSWORD */ 
     arg = argv[inc_optind()];
+    if (strcasecmp("prompt", arg) == 0) {
+       bzero(arg, strlen(arg));
+       fprintf(stderr, "Enter password: ");
+       system("/bin/stty -echo");
+       nl_idx = fgets(prompt_buff, sizeof(prompt_buff) - 1, stdin);
+       system("/bin/stty echo");
+       if (nl_idx == NULL) {
+           fprintf(stderr, "Problem reading password, exiting...\n");
+           exit(1);
+       }
+       nl_idx = strchr(prompt_buff, '\n');
+       if (nl_idx != NULL)
+           *nl_idx = '\0';
+           fprintf(stderr, "(%d bytes)\n", (int)strlen(prompt_buff));
+       arg = &prompt_buff[0];
+    }
     cli_args_password(cli, arg);
     bzero(arg, strlen(arg));



--
Garance Alistair Drosehn            =   [EMAIL PROTECTED]
Senior Systems Programmer           or  [EMAIL PROTECTED]
Rensselaer Polytechnic Institute    or  [EMAIL PROTECTED]
_______________________________________________
Nessus mailing list
[email protected]
http://mail.nessus.org/mailman/listinfo/nessus

Reply via email to