Thanks for the information. I've assigned the UID 43333123. My next issue is that the instructions around this are unclear to me. I've placed the NASL in /var/lib/openvas/plugins; GPG signed it; checked for syntax errors with openvas-nasl (none found); issued openvasmd --rebuild; and restarted the openvasmd service. However, the plugin still does not appear within the "Product detection" plugin family when creating a new scan configuration. What is the correct process?
Correct me if I'm wrong, but the remote Splunk detection plugin appears to be only be useful in finding a Splunk web server. That's a start but it doesn't help in identifying if systems have forwarders installed - forwarders tend to listen on port 8089 and do not have this URL:"/en-US/account/login". I'm not sure if the forwarders provide a banner response so remote testing would be inaccurate at best. Thanks again for your help, John Landers ---------------------------------------------------------------- Message: 2 Date: Wed, 5 Dec 2012 09:09:12 +0100 From: Michael Meyer <[email protected]> To: [email protected] Subject: Re: [Openvas-plugins] Importing Custom NVTs Message-ID: <[email protected]> Content-Type: text/plain; charset=iso-8859-1 You could set 'nasl_no_signature_check = yes' in openvassd.conf to use unsigned scripts. If you don't have a openvassd.conf run 'openvassd -s > /etc/openvas/openvassd.conf' > SCRIPT_OID = "unassigned"; This will not work. You need to assign an OID. Use '43333123' for example. There is also a remote detection NVT for splunk. See http://openvas.komma-nix.de/index.php?oid=100693 HTH Micha -- Michael Meyer OpenPGP Key: 52A6EFA6 http://www.greenbone.net/ Greenbone Networks GmbH, Neuer Graben 17, 49074 Osnabr?ck | AG Osnabr?ck, HR B 202460 Gesch?ftsf?hrer: Lukas Grunwald, Dr. Jan-Oliver Wagner
_______________________________________________ Openvas-plugins mailing list [email protected] https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-plugins
