Chip 2007 January, February, March & April

home *** CD-ROM | disk | FTP | other *** search

/ Chip 2007 January, February, March & April / Chip-Cover-CD-2007-02.iso / Pakiet bezpieczenstwa / mini Pentoo LiveCD 2006.1 / mpentoo-2006.1.iso / modules / nessus-2.2.8.mo / usr / sbin / nessus-adduser next >

Wrap

Text File | 2006-06-13 | 6KB | 306 lines

#!/bin/sh # # nessus-adduser # # Written by Renaud Deraison <deraison@cvs.nessus.org> # # This script is distributed under the Gnu General Public License (GPL) # # check whether we have echo -n, depending # on the current shell, used case `echo -n` in \-n) Xn= ; Xc='\c' ;; *) Xn=-n ; Xc= esac umask 066 is_cygwin= prefix=/usr exec_prefix=${prefix} # add the nessus installation path PATH=${exec_prefix}/sbin:${exec_prefix}/bin:$PATH ; export PATH # make sure that we are root, if there is no id command, # you loose, anyway if [ -z "$is_cygwin" ]; then case `id 2>/dev/null` in uid=0*) # check the implementation nessusd -g || { echo "Executing nessusd failed. Make sure your library loader is configured properly" echo "and that nessusd is in your \$PATH" exit 1 } ;; *) echo "only root should use nessus-adduser" exit 1 esac else nessusd -g fi prefix=/usr exec_prefix=${prefix} bindir=${exec_prefix}/bin sbindir=${exec_prefix}/sbin libexecdir=${exec_prefix}/libexec datadir=/usr/share sysconfdir=/etc sharedstatedir=${prefix}/com localstatedir=/var/lib libdir=${exec_prefix}/lib includedir=${prefix}/include oldincludedir=/usr/include infodir=/usr/share/info mandir=/usr/share/man PATH=$PATH:$sbindir:$bindir:/usr/ssl/bin:/usr/local/ssl/bin:/opt/ssl/bin # Test if we have MD5 X=`echo x | openssl md5` if [ "$X" = "401b30e3b8b5d629635a5c613cdb7919" -o \ "$X" = "401B30E3B8B5D629635A5C613CDB7919" ]; then MD5CMD="openssl md5" else X=`echo x | md5sum | awk '{print $1}'` if [ "$X" = "401b30e3b8b5d629635a5c613cdb7919" -o \ "$X" = "401B30E3B8B5D629635A5C613CDB7919" ]; then MD5CMD=md5sum else MD5CMD="" fi fi # find nessusd by the first path segment, ask for settings nessusd_conf=` nessusd -s | sed '/^config_file *= /!d; s/^[^=]*= *//;'` # some checks [ -s "$nessusd_conf" ] || { echo "Missing or empty configuration file \"$nessusd_conf\"!" exit 2 } # path to a temporary directory test -z "$TMPDIR" && { if [ -d /var/tmp ]; then echo "Using /var/tmp as a temporary file holder" TMPDIR=/var/tmp else echo "Your \$TMPDIR variable is not set ! " echo $Xn "Enter the location to a place where I could place temporary files : [$HOME] $Xc" read TMPDIR test -z "$TMPDIR" && TMPDIR=$HOME fi } # Here we go echo echo "Add a new nessusd user" echo "----------------------" echo echo prompt=${ADDUSERPROMPT-0} ok="n" while test "$ok" = "n"; do echo $Xn "Login : $Xc" read login if [ -d $localstatedir/nessus/users/$login ]; then echo "This login already exists. Choose another one" else ok="y" fi done ok="n" while test "$ok" = "n"; do echo $Xn "Authentication (pass/cert) [pass] : $Xc" read auth test -z "$auth" && auth="pass" if [ "$auth" = "pass" -o "$auth" = "cert" ]; then ok=y fi done if [ "$auth" = "cert" ]; then dn="" echo "Please enter User Distinguished Name:" # echo $Xn "Country: $Xc" read x && [ -n "$x" ] && dn=$dn/C=$x echo $Xn "STate: $Xc" read x && [ -n "$x" ] && dn=$dn/ST=$x echo $Xn "Location: $Xc" read x && [ -n "$x" ] && dn=$dn/L=$x echo $Xn "Organization: $Xc" read x && [ -n "$x" ] && dn=$dn/O=$x echo $Xn "Organizational Unit: $Xc" read x && [ -n "$x" ] && dn=$dn/OU=$x echo $Xn "Common Name: $Xc" read x && [ -n "$x" ] && dn=$dn/CN=$x echo $Xn "e-Mail: $Xc" read x && [ -n "$x" ] && dn=$dn/Email=$x else askPasswd="Login password :" askPasswdAgain="Login password (again) :" sayPasswd="Password :" ok="n" while test "$ok" = "n"; do echo $Xn "$askPasswd $Xc" stty -echo read password echo echo $Xn "$askPasswdAgain $Xc" read password_again stty echo echo if test -z "$password" ; then echo "Your password can not be empty." else if [ "$password" != "$password_again" ]; then echo "Passwords do not match !" else ok="y" fi fi done fi if [ $prompt -eq 0 ] ; then echo echo "User rules" echo "----------" echo "nessusd has a rules system which allows you to restrict the hosts" echo "that $login has the right to test. For instance, you may want" echo "him to be able to scan his own host only." echo echo "Please see the nessus-adduser(8) man page for the rules syntax" echo echo "Enter the rules for this user, and hit ctrl-D once you are done : " echo "(the user can have an empty rules set)" mkdir -m 0700 $TMPDIR/nessus-adduser.$$/ || { echo "Error - could not create $TMPDIR/nessus-adduser.$$" ; exit 1; } cat > $TMPDIR/nessus-adduser.$$/rules.$$ || { echo "Error - could not write $TMPDIR/nessus-adduser.$$/rules.$$" exit 1 } echo echo echo "Login : $login" echo "$sayPasswd ***********" echo "DN : $dn" echo "Rules : " cat $TMPDIR/nessus-adduser.$$/rules.$$ echo echo echo $Xn "Is that ok ? (y/n) [y] $Xc" else cp /dev/null $TMPDIR/nessus-adduser.$$/rules.$$ fi read ok # check for answer, default is Yes, abort on other reply case $ok in ''|[Yy]*);; *) rm -rf $TMPDIR/nessus-adduser.$$ echo Aborted exit 0 esac # add the user rules in our rules files. # # The users file must end with the default user '*', so we add # our data at the TOP of the file #echo "$login:$password" > $TMPDIR/adduser.$$ chmod 0700 "$localstatedir/nessus/" mkdir -p "$localstatedir/nessus/users/$login" chmod 0700 "$localstatedir/nessus/users/$login" # # Create the auth. dir, which contains the user rules, # password, and plugin acl # mkdir -p "$localstatedir/nessus/users/$login/auth" chmod 0700 "$localstatedir/nessus/users/$login/auth" # # Create the plugins dir, which contains the user plugins # mkdir -p "$localstatedir/nessus/users/$login/plugins" chmod 0700 "$localstatedir/nessus/users/$login/plugins" if [ "$auth" = "pass" ]; then if [ "$MD5CMD" ]; then test -c /dev/urandom && { URANDOM=`dd if=/dev/urandom bs=16 count=16 2>/dev/null|$MD5CMD` } SEED=`(echo $SEED; date; df; ls -l; echo $URANDOM) | $MD5CMD | awk '{print $1}'` H=`echo $Xn $SEED$password$Xc | $MD5CMD | awk '{print $1}'` echo $H $SEED > "$localstatedir/nessus/users/$login/auth/hash" else echo "$password" > "$localstatedir/nessus/users/$login/auth/password" fi elif [ "$auth" = "cert" ]; then echo "$dn" > "$localstatedir/nessus/users/$login/auth/dname" fi cp $TMPDIR/nessus-adduser.$$/rules.$$ "$localstatedir/nessus/users/$login/auth/rules" rm -rf $TMPDIR/nessus-adduser.$$ echo "user added."