[prev in list] [next in list] [prev in thread] [next in thread]
List: openvas-development
Subject: Re: [Openvas-devel] Sequencing of scripts - dependency ordering messed up?
From: "Jan-Oliver Wagner" <Jan-Oliver.Wagner () greenbone ! net>
Date: 2012-09-19 19:42:33
Message-ID: 201209192142.33487.Jan-Oliver.Wagner () greenbone ! net
[Download RAW message or body]
On Thursday 13 September 2012 00:02:45 Thomas Reinke wrote:
> We're running into a hiccup with openvassd (rls 5) that I wouldn't
> mind getting some feedback on.
>
> After upgrading both scanner and scripts, and removing find_service.nes
> from the plugins directory so that there was no possibility of confusion
> with find_service.nasl and the built in find_service plugin, a look at
> the openvassd.messages log is showing that find_service.nasl is being
> launched BEFORE nmap.nasl.
>
> My understanding is that nmap.nasl, with a category of ACT_SCANNER,
> should ALWAYS execute before something like find_service.nasl, with
> a category of ACT_GATHER_INFO.
>
> Is there something I'm missing? Shouldn't all ACT_SCANNER class
> scripts be COMPLETELY finished, regardless of user config, before
> other categories start firing up? This is preventing find_service.nasl
> from working correctly.
The source of the problem is ssh_authorization.
This ACT_SETTINGS script should not do anything else than care about
settings. It should _not_ do tests on a certain port.
My proposal is to have a "ssh_check.nasl" in ACT_GATHER_INFO
and replace a couple of dependencies to ssh_authorization to ssh_check
(or even remove the dependency as we actually only need the
login/SSH/success KB entry - no?).
ssh_check.nasl would do the port check and set the KB entry accordingly.
Would this be a adequate solution?
One problem would probably arise from this: netstat_portscan.nasl. =
This NVT is ACT_SCANNER but logs into target using SSH.
Which is heavily in conflice with the ACT_ sequence.
It could not use ' script_mandatory_keys("login/SSH/success"); '
anymore.
Would that be a problem?
Best
Jan
-- =
Dr. Jan-Oliver Wagner | ++49-541-335084-0 | http://www.greenbone.net/
Greenbone Networks GmbH, Neuer Graben 17, 49074 Osnabr=FCck | AG Osnabr=FCc=
k, HR B =
202460
Gesch=E4ftsf=FChrer: Lukas Grunwald, Dr. Jan-Oliver Wagner
_______________________________________________
Openvas-devel mailing list
Openvas-devel@wald.intevation.org
http://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-devel
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic