From: Justin Turner (idolo3@yahoo.com)
Date: Thu Jul 01 2004 - 16:12:27 CDT
Dave,
I understand that Net::Nessus::ScanLite is a perl module. I will see if I can integrate that with my PHP code. It shouldn't be too much of a problem. Thanks for sharing your code with the netreg community I'm sure I speak for many when I say "thank you."
Justin Turner
"Lucas, David" <David.Lucas@unh.edu> wrote:
Ricardo,
I've inserted the nessus code into the register.cgi file and it seems to
work pretty well. Here is the code:
#---------------------------------------------------------------------------
-\
# Nessus Scanning of the Machine.
#---------------------------------------------------------------------------
-\
sub nessus_scanning {
$user = "$NESSUS_USER";
$pwd = "$NESSUS_PASS";
$addr = $ENV{REMOTE_ADDR};
$nessus = Net::Nessus::ScanLite->new(
host => "$NESSUS_HOST",
port => $NESSUS_PORT,
ssl => $NESSUS_SSL,
);
$nessus->preferences( { host_expansion => 'none',
auto_enable_dependencies => 'yes', safe_checks => 'no', checks_read_timeout
=> 1 });
$nessus->plugin_set("$NESSUS_PLUGIN");
if( $nessus->login($user, $pwd) ) {
$nessus->attack($addr);
if( $nessus->total_holes == 0){
}
else{
error_nessus("Computer seems to have holes, please patch the system
before you can proceed");}
}
else {
error_nessus("Nessus login failed %d:
%s\n",$nessus->code,$nessus->error);
}
}
I've also added the following into the variables.pl file:
$NESSUS_PASS = "PASS";
$NESSUS_HOST = "somehost.domain.com";
$NESSUS_PORT = "1241";
$NESSUS_SSL = "1";
$NESSUS_PLUGIN = "10394;12235;11835;12029;12055;12054";
If you have any questions please let me know.
Dave
-----Original Message-----
From: owner-netreg@southwestern.edu [mailto:owner-netreg@southwestern.edu]
On Behalf Of Ricardo Stella
Sent: Wednesday, June 30, 2004 5:15 PM
To: netreg@southwestern.edu
Subject: nessus example (was: NetReg: Best of worlds)
Anyone with a simple implementation of nessus over standard netreg 1.3 ?
I looked at Brown's netreg code, but again, it's HEAVILY customized, and
missing several components. I got most of it running, but they literally
rewrote the LDAP authentication routines, and are too much for me. I broke
it enough that it passes regardless of what I enter, but then the nessus
code won't even run.
Thanks in advance...
Ricardo.
**********************************************************************
To unsubscribe from this list, send an e-mail message to
majordomo@southwestern.edu containing a single line with the words:
unsubscribe netreg
Send requests for assistance to: owner-netreg@southwestern.edu
**********************************************************************
**********************************************************************
To unsubscribe from this list, send an e-mail message to
majordomo@southwestern.edu containing a single line with the words:
unsubscribe netreg
Send requests for assistance to: owner-netreg@southwestern.edu
**********************************************************************
---------------------------------
Do you Yahoo!?
Yahoo! Mail - 50x more storage than other providers!
**********************************************************************
To unsubscribe from this list, send an e-mail message to
majordomo@southwestern.edu containing a single line with the words:
unsubscribe netreg
Send requests for assistance to: owner-netreg@southwestern.edu
**********************************************************************
This archive was generated by hypermail 2.1.4 : Thu Aug 12 2004 - 12:01:46 CDT