#!/bin/sh # # nessus-update-plugins # # This script will retrieve all the newest plugins from # www.nessus.org. # # NOTE: the use of this script is dangerous as the authenticity of # the scripts is not checked for. USE THIS SCRIPT WITH CAUTION # # # Author : Renaud Deraison # License : GPL (but for two lines of script, does it matter ?) # # # usage : nessus-update-plugins [-v] # # # -r : read a plugin name # -v : be verbose # -vv : be more verbose (debug) # # Proxy users # # If you are behind a proxy, you can set this options here # or in ~/.nessus-update-pluginsrc # # If you edit THIS file, then the proxy (and proxy username/password) # will be system-wide. proxy_user= proxy_passwd= proxy= location="http://www.nessus.org/nasl/all-2.0.tar.gz" # Examples : # proxy_user="renaud" # proxy_passwd="topsecr3t" # proxy="proxy.fr.nessus.org:8080" # # You can copy the lines above and put them # in your ~/.nessus-update-pluginsrc # # The command we use to retrieve the plugins # fetch_cmd="@FETCHCMD@" # # The arguments of this command : # -source for lynx/links # -q -o - for wget # -s -o - for curl # fetch_args="@FETCHARGS@" #-------------- DO NOT EDIT THIS FILE BEYOND THAT POINT ---------------------# gzip=@GZIP@ prefix=@prefix@ exec_prefix=@exec_prefix@ bindir=@bindir@ sbindir=@sbindir@ libexecdir=@libexecdir@ datadir=@datadir@ sysconfdir=@sysconfdir@ sharedstatedir=@sharedstatedir@ localstatedir=@localstatedir@ libdir=@libdir@ includedir=@includedir@ oldincludedir=@oldincludedir@ infodir=@infodir@ mandir=@mandir@ pluginsdir="$libdir/nessus/plugins" newdir=`cat $sysconfdir/nessus/nessusd.conf | grep plugins_folder | awk '{print $3}'` test -n "$newdir" && pluginsdir="$newdir" test -z "$fetch_cmd" && { echo "\$fetch_cmd not set in $0 - aborting" exit 1 } fetchprogram=`echo $fetch_cmd | cut -d " " -f 1` if [ -n "$fetchprogram" -a ! -x "$fetchprogram" ] then echo "The program '$fetchprogram' can not be found or executed" echo "Please configure this script by changing the option" echo "\$fetch_cmd or by installing $fetchprogram" exit 1 fi # # Read the configuration file, if any # test -f ~/.nessus-update-pluginsrc && . ~/.nessus-update-pluginsrc help_screen() { echo "nessus-update-plugins 1.0.5, by Renaud Deraison " echo echo echo "Usage : nessus-update-plugins [-v[v]] [-r name] [-h]" echo echo "-v : be verbose" echo "-h : this help screen" echo echo "Default action : update the nessusd plugins" exit 0 } proxyopts="" echo "$fetch_cmd" | grep "lynx" 2>&1 > /dev/null && { test -n "$proxy" && http_proxy="http://$proxy/" test -n "$proxy_user" && proxyopts="-pauth=\"$proxy_user:$proxy_passwd\"" } echo "$fetch_cmd" | grep "wget" 2>&1 > /dev/null && { test -n "$proxy" && http_proxy="http://$proxy/" test -n "$proxy_user" && proxyopts="--proxy=on --proxy-user=$proxy_user --proxy-passwd=$proxy_passwd" } export http_proxy opts=`getopt "vlr:hi:" $*` for i in $opts do case $i in -h ) help_screen ;; -v) if [ -z "$verbose" ]; then verbose="y" else set -x fi ;; -r) expect_r="y" ;; -i) expect_i="y" ;; *) test -n "$expect_r" && { plug_name="$i" unset expect_r } test -n "$expect_i" && { install_plug="$i" unset expect_i } ;; esac done test -n "$plug_name" && view_plugin "$plug_name" test -n "$install_plug" && install_plugin "$install_plug" tar="-xf" test -z "$verbose" || tar="-xvf" case `id` in uid=0*) ;; *) echo "only root should use nessus-update-plugins" exit 1 esac if [ -n "$fetch_cmd" -a -n "$gzip" ] ; then cwd=`pwd` tmpdir=$TEMPDIR test -z "$tmpdir" && { tmpdir=$TMPDIR test -z "$tmpdir" && tmpdir=/tmp } mkdir "$tmpdir/nessus-update-plugins-$$" || { echo "Could not create temporary directory ($tmpdir/nessus-update-plugins-$$)" exit 1 } cd "$tmpdir/nessus-update-plugins-$$" $fetch_cmd $fetch_args $proxyopts "$location" > all-2.0.tar.gz test -f all-2.0.tar.gz || { echo "Downloading http://www.nessus.org/nasl/all-2.0.tar.gz failed" cd "$cwd" rm -rf "$tmpdir/nessus-update-plugins-$$" exit 1 } cat all-2.0.tar.gz | $gzip -cd 2>/dev/null > all-2.0.tar test $? = 0 || { mv all-2.0.tar.gz all-2.0.tar # Some version of lynx gunzip data on the fly } cat all-2.0.tar | tar $tar - rm all-2.0.tar test -f nessus_detect.nasl || { echo "Something went wrong when installing the plugins - uncompressing the plugins archive failed" cd "$cwd" rm -rf "$tmpdir/nessus-update-plugins-$$" exit 1 } cp -p *.nasl "$pluginsdir/" cp -p *.inc "$pluginsdir/" cd "$cwd" rm -rf "$tmpdir/nessus-update-plugins-$$" if [ -x /usr/bin/xargs ]; then cd $pluginsdir ls | xargs -n 1 chown 0:0 else chown 0:0 $pluginsdir/*.nasl chown 0:0 $pluginsdir/*.inc fi # HUP nessusd test -f @localstatedir@/nessus/nessusd.pid && { pid=`cat @localstatedir@/nessus/nessusd.pid` kill -1 $pid 2>/dev/null } exit 0 else echo "Error \$fetch_cmd or \$gzip are not set - abort" exit 1 fi