On Monday 11 May 2009 08:41:30 David Corcuera wrote: > > What i mean was, if we have credentials and have successfully logged in > > into the remote host, we could perhaps deactivate these checks that only > > check the version we get from banner. > > > > Something like: > > > > if(local_login_succes()) exit(0); > > > > Micha > > seems good idea > > dav Imho that is not a good idea. I generally dislike exit(0)s and find that NVTs should be as self-contained as possible. A 'local_login_succes' method would require either a include or a knowledge base entry.
There is the concept and mechanism of 'exclude_keys' floating around in code, I do not know if it is used actively by nvt developers, but I found that it looks like a clear concept and could be adopted once it works transparent. I mean that if nvts did not run because of exclusive keys I want the client to receive a log message that a nvt was not launched because of a knowledge base entry. Following that, the logic would be the same as the example you gave, but it would not require any new include and would not exit(0), instead the plugin scheduler would notice that this plugin should not be launched because of a certain key (that was set by the local check variant). So long, I find adding the note ~"this issue was found remotely, some distros might have patched, consider local checks" would still be more informative. And with the severity-override feature it can be silenced with a couple of clicks and keypresses anyway. -- felix -- Felix Wolfsteller | ++49-541-335 08 3451 | http://www.intevation.de/ PGP Key: 39DE0100 Intevation GmbH, Neuer Graben 17, 49074 Osnabrück | AG Osnabrück, HR B 18998 Geschäftsführer: Frank Koormann, Bernhard Reiter, Dr. Jan-Oliver Wagner _______________________________________________ Openvas-discuss mailing list [email protected] http://lists.wald.intevation.org/mailman/listinfo/openvas-discuss
