SLAD NASL Scripts
SLAD can be run directly as stand-alone application or be driven through the Nessus
Gtk client. For the latter purpose there are two NASL scripts slad_submit_jobs.nasl
and slad_fetch_reports.nasl to submit job requests to SLAD and receive
latest scan results from SLAD and show them in a Nessus report respectively.
Technically, all communication between Nessus / BOSS and SLAD is done by exchanging
files through the directories of SLAD's inbound and outbound queue. For this purpose the
Nessus SSH support for remote security checks is used.
How to integrate SLAD into the Nessus System
To install the SLAD NASL Plugins follow the steps outlined below:
- Make sure Nessus is set up to perform local security scans (via SSH) against
the system running SLAD. For more details on how to do this see
http://www.nessus.org/documentation/index.php?doc=ssh
- If the two NASL plugins do not come with the standard Nessus release
install them manually by copying them directly into your Nessus
plugins directory (typically /usr/local/lib/nessus/plugins/).
- In case the SLAD NASL Plugins are not signed deactivate the signature
check feature by editing the Nessus configuration file nessusd.conf
(typically located in /usr/local/etc/nessus/) so it contains the
line:
nasl_no_signature_check = yes
- Restart the the Nessus daemon to make sure the new plugins are loaded
and your changes to the configuration file take effect.
How to use SLAD with Nessus
After restarting Nessus server and client the SLAD plugins should show up in
the list of available plugins as part of the "General" plugin family.
A typical usage scenario (performing a Chkrootkit scan) is described below:
- To submit the job request select the "SLAD Submit Jobs" plugin (and make
sure the "SLAD Fetch Reports" plugin is not selected). Unless you want to
perform a regular Nessus security scan at the same time it is usually
a good idea to deselect ALL other Nessus plugins as well.
- Go to the preferences section "SLAD Submit Jobs" and check the checkbox
labeled "Chkrootkit". Here you may select other scan jobs you would like
to perform at the same time as well.
- Select your scan target (the host running SLAD) and start the scan. You
will obtain a Nessus report containing a security note informing you
that the job request has been submitted successfully. If there was a
problem with the SSH connection to the SLAD system for example an error
message will be shown in the report.
- Wait until you think the SLAD scan might have finished. Select the
"SLAD Fetch Reports" plugin (and make sure the "SLAD Submit Jobs" plugin
is deselected).
- Go to the preferences section "SLAD Fetch Reports" and check the checkbox
labeled "Chkrootkit". If you submitted other jobs before you might select
those here as well.
- Select the same scan target and start the scan. If in the meantime the scan
has finished in SLAD you will receive a Nessus report including the scan
results from Chkrootkit. If there are no scan reports available (yet)
you may retry to obtain reports from SLAD at a later point again.
Check out some screenshots here.
|