Posted: March 21st, 2010 | Author: xanda | Filed under: IT Related | Tags: alienvault, macos, nessus, nvt, openvast, snow leopard | 6 Comments »
Here is my simple howto and modified AlienVault NVT sync script to be use with Nessus 4 on Mac OS
First thing first, you need to have Nessus and MacPorts installed
Then install the md5sha1sum package
sudo port install md5sha1sum |
sudo port install md5sha1sum
Use the following modified script and let it automagically fetch the NVT feed for you
#!/bin/bash
#
# OpenVAS
# Description: Synchronize with with NVT feed.
# This shell script synchronizes the local set of
# OpenVAS Network Vulerability Tests (NVTs) and
# associated includefiles with a given upstream
# feed of updated or new files.
#
# Authors:
# Lukas Grunwald <l.grunwald@dn-systems.de>
# Jan-Oliver Wagner <jan-oliver.wagner@intevation.de>
# xanda <adnanDOTshukorATgmailDOTcom>
#
# Copyright DN-Systems Enterprise Internet Solutions GmbH 2007
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License version 2,
# as published by the Free Software Foundation
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
#
# Slight modifications, 2008/07 AlienVault VRT - code@alienvault.com
# Slight modifications, 2008/08 Vlatko Kosturjak Kost <kostATlinuxDOThr>
# Slight modifications, 2010/03 xanda - adnanDOTshukorATgmailDOTcom
SCANNER=$1
if [ "x$SCANNER" = "x" ]
then
echo "Usage: $0 nessus"
exit
fi
if [ ! $SCANNER = "nessus" ]
then
echo "Usage: $0 nessus"
exit
fi
# Plugin dir
if [ "x$NVT_DIR" = "x" ]; then
# Plugin dir
if [ $SCANNER = "nessus" ]; then
NVT_DIR="/Library/Nessus/run/lib/nessus/plugins"
fi
fi
# The URL of the plugin feed
FEED=rsync://feed.alienvault.com:/nvt-feed
findcmd()
{
CMD=$1
SRCH=/usr/bin:/usr/ucb:/usr/sbin:/sw/bin:/sbin:/usr/local/bin:/usr/local/sbin:/opt/local/bin:/opt/local/sbin
SAVEIFS=$IFS
IFS=:
set $SRCH
IFS=$SAVEIFS
for dir
do
[ -x $dir/$CMD ] && {
echo $dir/$CMD
return
}
done
}
chk_system_tools(){
echo "Searching for required system tools ..."
RSYNC=`findcmd rsync`
MD5SUM=`findcmd md5sum`
if [ -z "$RSYNC" ]; then
echo "Error: RSYNC not found";
exit -1
fi
if [ -z "$MD5SUM" ]; then
echo "Error: MD5SUM not found";
exit -1
fi
}
sync_nvts (){
echo "Synchonizing NVTs via RSYNC ..."
mkdir -p "$NVT_DIR"
eval "rsync -av --progress \"$FEED\" \"$NVT_DIR\""
echo "Synchronization successful."
}
echo "AlienVault NVT Feed Sync"
echo " "
echo "Configured Scanner: $SCANNER"
echo "Configured NVT Feed: $FEED"
echo "Synchronized into: $NVT_DIR"
echo " "
echo " "
chk_system_tools
sync_nvts
echo " "
echo " "
echo "Please restart your scanner daemon" |
#!/bin/bash
#
# OpenVAS
# Description: Synchronize with with NVT feed.
# This shell script synchronizes the local set of
# OpenVAS Network Vulerability Tests (NVTs) and
# associated includefiles with a given upstream
# feed of updated or new files.
#
# Authors:
# Lukas Grunwald <l.grunwald@dn-systems.de>
# Jan-Oliver Wagner <jan-oliver.wagner@intevation.de>
# xanda <adnanDOTshukorATgmailDOTcom>
#
# Copyright DN-Systems Enterprise Internet Solutions GmbH 2007
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License version 2,
# as published by the Free Software Foundation
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
#
# Slight modifications, 2008/07 AlienVault VRT - code@alienvault.com
# Slight modifications, 2008/08 Vlatko Kosturjak Kost <kostATlinuxDOThr>
# Slight modifications, 2010/03 xanda - adnanDOTshukorATgmailDOTcom
SCANNER=$1
if [ "x$SCANNER" = "x" ]
then
echo "Usage: $0 nessus"
exit
fi
if [ ! $SCANNER = "nessus" ]
then
echo "Usage: $0 nessus"
exit
fi
# Plugin dir
if [ "x$NVT_DIR" = "x" ]; then
# Plugin dir
if [ $SCANNER = "nessus" ]; then
NVT_DIR="/Library/Nessus/run/lib/nessus/plugins"
fi
fi
# The URL of the plugin feed
FEED=rsync://feed.alienvault.com:/nvt-feed
findcmd()
{
CMD=$1
SRCH=/usr/bin:/usr/ucb:/usr/sbin:/sw/bin:/sbin:/usr/local/bin:/usr/local/sbin:/opt/local/bin:/opt/local/sbin
SAVEIFS=$IFS
IFS=:
set $SRCH
IFS=$SAVEIFS
for dir
do
[ -x $dir/$CMD ] && {
echo $dir/$CMD
return
}
done
}
chk_system_tools(){
echo "Searching for required system tools ..."
RSYNC=`findcmd rsync`
MD5SUM=`findcmd md5sum`
if [ -z "$RSYNC" ]; then
echo "Error: RSYNC not found";
exit -1
fi
if [ -z "$MD5SUM" ]; then
echo "Error: MD5SUM not found";
exit -1
fi
}
sync_nvts (){
echo "Synchonizing NVTs via RSYNC ..."
mkdir -p "$NVT_DIR"
eval "rsync -av --progress \"$FEED\" \"$NVT_DIR\""
echo "Synchronization successful."
}
echo "AlienVault NVT Feed Sync"
echo " "
echo "Configured Scanner: $SCANNER"
echo "Configured NVT Feed: $FEED"
echo "Synchronized into: $NVT_DIR"
echo " "
echo " "
chk_system_tools
sync_nvts
echo " "
echo " "
echo "Please restart your scanner daemon"
chmod +x alienvault-nvt-feed.sh |
chmod +x alienvault-nvt-feed.sh
Make sure you stop the Nessus server first before run the script!
sudo ./alienvault-nvt-feed.sh nessus |
sudo ./alienvault-nvt-feed.sh nessus
Enjoy! 😉