FYI, what I settled on was to have a nightly cron job (perl script)
generate a custom .inc file which simply sets a variable to a string
containing the current signature dates; e.g., currentSignatures =
string( '20070505;20070506;20070507' ); The plugin simply includes this
and checks whether the host's signature value is in this string.
That should be slightly more efficient (less IO) than having nasl
generate a file and/or check the timestamp / lock status, right?
________________________________
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of John Scherff
Sent: Tuesday, May 01, 2007 11:32 PM
To: [EMAIL PROTECTED]; [email protected]
Subject: Re: RUN-ONCE PLUGINS?
Perfect. Thank you, Renaud.
The first method is what I do now. I have a plugin that gets a
bunch of SAVCE preferences from the nessusrc file and puts them into the
KB for my other SAVCE plugins. I generate that nessusrc file with
updated values on the fly with a perl script prior to the scan. It
works, but it's clunky. I wanted something a little more elegant.
Thanks again for the tip.
John
-----Original Message-----
From: Renaud Deraison <[EMAIL PROTECTED]>
To: [email protected] List <[email protected]>
CC: John Scherff
Sent: Tue May 01 21:49:27 2007
Subject: Re: RUN-ONCE PLUGINS?
Hi John,
On May 1, 2007, at 11:25 PM, John Scherff wrote:
> Is it possible to have a plugin run just once for the entire
scan
> and set some kind of variable for use by all plugins on all
hosts?
>
> I'm trying to write a plugin that will download the three most
> recent virus definition dates from Symantec (I know 21725
checks
> whether signatures are current, but I'm trying to write a
smallish
> nessus-based audit tool for my system administrators that will
run
> inside vmware-player machine and will not depend on a plugin
feed).
What you're requesting can not be done _cleanly_. What I'd
suggest is
to have a cron job (eg: a perl script) creating a plugin with
the
newest version number instead.
That being said, you could create temporary files as use them as
locks (the code below has not been tested but should put you on
the
right track) :
#
# If another plugin is doing an update, wait for a bit
#
while ( file_stat("symantec-lockfile.txt") > 0 )
{
sleep(1);
}
#
# Check the timestamp
#
buf = fread("symantec-timestamp.txt");
# If there is no lockfile or if it is too old, then fetch the
newest
sigs
if ( isnull(buf) || unixtime() - int(buf) > (3600*24) )
{
fwrite(file:"symantec-tmp.txt", data:"wait");
argv[0] = "curl";
argv[1] = "http://definitions.symantec.com/defs/";;
results = pread(cmd: "curl", argv: argv, nice: 5);
foreach line ( split( results) ) {
match = eregmatch( string: line, pattern:
'([0-9]{8})-[0-9]{3}-
i32.exe', icase: TRUE );
if( !isnull( match ) ) signature += match[1] + ' ';
}
fwrite(file:"symantec-datafile.txt", data:signature);
fwrite(file:"symantec-timestamp.txt",
data:string(unixtime()));
unlink("symantec-lockfile.txt");
}
else
{
signature = fread("symantec-datafile.txt");
}
-- Renaud
_______________________________________________
Nessus mailing list
[email protected]
http://mail.nessus.org/mailman/listinfo/nessus
