Hello Henri,
looks good. You only need to verify
that the OS entry produced by new host_details always delivers
something that corresponds to what is set mandatory in the LSCs.
It'll be yet another large patch. Perhaps it makes sense
to incorporate the change into the currently applied patch series
on the RPM based LSCs?
Also, first do the host_details patch.
Apparently, Micha applies the ssh patch already ;-)
Any concerns out there?
Best
Jan
On Tuesday, 31. January 2012, Henri Doreau wrote:
> some issues have been raised concerning the scheduling of local
> security checks. It was suggested to make them call
> script_mandatory_keys() to select the LSCs that actually correspond to
> the target. This considerably reduces the load during authenticated
> scan and should therefore speedup large scans.
>
> I gave it a try with the following approach: using OS CPE information
> registered by gather-package-list.nasl to determine whether a LSCs has
> to run or not.
>
> Three patches are attached:
>
> host_details_mkey.diff:
> If gather-package-list.nasl registers an OS CPE, the CPE code gets
> additionally reduced to a shorter common expression (e.g.
> cpe:/o:debian:debian_linux:6.0 -> cpe:/o:debian, or maybe
> cpe:/o:debian:debian_linux) and is stored as a KB key
> "HostDetails/OS/<reduced_cpe>" so that LSCs can rely upon this.
>
> ssh_auth_successkey.diff
> If SSH authentication is successful, then put "login/SSH/success" into the
> KB.
>
> deb_sample_mkey.diff:
> Typical LSC change, added dependencies on the two keys above.
--
Dr. Jan-Oliver Wagner | ++49-541-335084-0 | http://www.greenbone.net/
Greenbone Networks GmbH, Neuer Graben 17, 49074 Osnabrück | AG Osnabrück, HR B
202460
Geschäftsführer: Lukas Grunwald, Dr. Jan-Oliver Wagner
_______________________________________________
Openvas-plugins mailing list
[email protected]
http://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-plugins
