On Fri, Aug 12, 2005 at 10:49:46AM +0200, Renaud Deraison wrote: > On Aug 10, 2005, at 16:28, Jan-Oliver Wagner wrote: > >I would love to see a plugin that produces a security > >note or warning in the case when nasl_no_signature_checks > >has been enabled. > > What would be the point of that ? Nessus is designed to audit a > network, not waste time auditing itself. well, doing an audit I'd appreciate to know some quality measures of the tool's configuration I am using. One aspect e.g. is whether I use the limited gpl-feed or the comprehensive registered feed (there is a plugin for this). Another quality aspect (at least for me) is whether only trusted plugins are executed or whether no trust-check happens. I could think of another one: date when the last fetch-update happened (e.g. sec. note if its past 7 days, sec. warning if its past 30 days - replace numbers by something reasonable). I don't think there will be much more than these few and I expect no real waste of time compared to running all other plugins. I was not asking anyone to implement this. I just thought I share my idea. If its conceptually nonsense, just let me know - after all I am not a security expert. Best Jan -- Jan-Oliver Wagner http://intevation.de/~jan/ Intevation GmbH http://intevation.de/ Kolab Konsortium http://kolab-konsortium.de/ FreeGIS http://freegis.org/ _______________________________________________ Plugins-writers mailing list Plugins-writers@private http://mail.nessus.org/mailman/listinfo/plugins-writers
This archive was generated by hypermail 2.1.3 : Fri Aug 12 2005 - 03:41:39 PDT