On Tue, Aug 05, 2003 at 01:44:00PM +0200, Daniel VARGA wrote:
> Hi all,
>
> I am new on this list so if my question is not appropriate here, send me to
> some RTFM (just tell me what to look for!) :)
>
> my Task:
> I need to find out 3 things on my network:
> a) what computers are on my network I cannot log into with my
> user/password (I am domain admin, so I should know about these systems;). I
> need an alert in this case.
Edit smb_login.nasl and modify the end of the script from :
if(strlen(user_login))
{
if(v[9])
{
p[g_index]="****";
}
}
to :
if(strlen(user_login))
{
if(v[9])
{
p[g_index]="****";
}
else security_note(port:port, data:"Could not log into this system!");
}
> b) on the computers I can log into, is the McShield service running?
> BONUS: c) are the DAT files up to date?
>
> Problem:
> I have zero idea how to do a), any ideas are welcome
> to b): I rewrote some default plugin so now I get an alert from Nessus if
> the McShield is running. But I want an alert, if it is NOT running :) How?
For (b), your code is nearly correct :
> port = get_kb_item("SMB/transport");
> if(!port)port = 139;
>
> services = get_kb_item("SMB/svcs");
>
> if(services)
> {
> if("[McShield]" >< services)
> security_warning(port);
> }
You should change 'if("[McShield]" >< services)' to
'if("[McShield]" >!< services)'.
For your bonus question, it depends on the size of the .DAT files and
their number. What I'd do would be to write a plugin which downloads one
of them and compute its MD5 and compare it with the expected MD5.
ie: Your plugin could be generated by a cronjob every 20mn and include
the latest MD5 of the DAT file you want to compute.
-- Renaud
This archive was generated by hypermail 2b30 : Tue Aug 05 2003 - 06:25:43 PDT