====== Starting Nessus ====== This script automates the start of nessus in Linux when you have a common set of parameters and only changing scan-destinations. It take the nessus parameters (rc-file, username, password, port, host) and file destination as coded parts and the ip/netmask location and unit as parameters. Then it will put the resulting file in a "report"-directory under /opt/nessus/scan_src/ (the rc-file should be located here too). #!/bin/bash debug=0 THISFILE=`basename $0 .sh` LOG=/var/log/$THISFILE.log PATH=/bin:/sbin:/usr/bin:/usr/sbin:/opt/nessus/bin:/opt/nessus/sbin timestamp=`date +%Y-%m-%d-%H%M%s` NSSRC=/opt/nessus/scan_src DATE=`date -I` NRC=/opt/nessus/scan_src/my-nessusrc.nessusrc NUSER=nessususer NPASSWD=123456 NTYPE=nessus NSERVER=localhost NPORT=1241 NESSUSREP=$4.nessus if [ ! -e $LOG ]; then touch $LOG ; if [ ! -w $LOG ]; then echo 'permission denied' ; exit 77 ; fi ; fi ; echo '' echo '' >> $LOG echo '=================================================================' >> $LOG echo '' >> $LOG echo 'starting ' $THISFILE ' at ' $timestamp >> $LOG echo '' >> $LOG ################################################################# # Test if the needed programms and files are there and accessible /bin/pidof nessusd >> $LOG 2>&1 if [ $? -eq 1 ] ; then /opt/nessus/sbin/nessusd -D ; fi # nessus scan_src directory echo "if [ ! -d \'/opt/nessus/scan_src\' ] ; then exit 101 ; fi" >> $LOG if [ ! -d '/opt/nessus/scan_src' ] ; then exit 101 ; fi echo "if [ ! -x \'/opt/nessus/scan_src/\' ] ; then exit 77 ; fi" >> $LOG if [ ! -x '/opt/nessus/scan_src/' ] ; then echo "!!! FAIL !!!!" >> $LOG ; exit 77 ; fi # the programms we need if [ ! -x /usr/bin/nmap ] ; then echo "ERROR: nmap not found. Probably not installed on your system?" >> $LOG ; exit 77 ; fi if [ ! -x /opt/nessus/bin/nessus ]; then echo "ERROR: Nessus not found. Probably not installed on your system?" >> $LOG ; exit 77 ; fi # Helper function help () { echo "try: "$THISFIE" IP bitmask organisation Target [L]\n"; exit 0; } # if everything is allright we start here or echo the error-msg if [ $1 = "--help" -o $1 = "-h" ] ; then help ; exit 0 ; elif [ $# -ge 4 ] ; then # if [ `mkdir -p /opt/nessus/scan_src/reports/$3/$DATE` -o -d /opt/nessus/scan_src/reports/$3/$DATE ] ; then echo ; else exit 73 ; fi # if [ `mkdir -p /opt/nessus/scan_src/tmp/$3/$DATE` -o -d /opt/nessus/scan_src/tmp/$3/$DATE ] ; then echo ; else exit 73 ; fi # if [ `touch /opt/nessus/scan_src/tmp/$3/$DATE/$4.b` -o -e /opt/nessus/scan_src/tmp/$3/$DATE/$4.b ] ; then echo ; else exit 73 ; fi #### we only need this if the above did not work probably mkdir -p /opt/nessus/scan_src/reports/$3/$DATE mkdir -p /opt/nessus/scan_src/tmp/$3/$DATE REPORTS="/opt/nessus/scan_src/reports/$3/`date -I`" TMP="/opt/nessus/scan_src/tmp/$3/`date -I`" chmod 640 $REPORTS chmod 640 $TMP touch /opt/nessus/scan_src/tmp/$3/$DATE/$4.c C=/opt/nessus/scan_src/tmp/$3/$DATE/$4.c NESSUSOPT="-V -c $NRC -T $NTYPE -qx $NSERVER $NPORT $NUSER $NPASSWD $C $REPORTS/$NESSUSREP" #### # if an fith arg is given we change the nmap scan type echo "$1/$2" > $C cat $C >> $LOG echo '___________' >> $LOG echo 'now starting the nessus-scan' >> $LOG echo '___________' >> $LOG # now the real scan /opt/nessus/bin/nessus $NESSUSOPT >> $LOG 2>&1 echo 'nessus did work well. you should have '$NESSUSREP' in' $REPORTS >> $LOG echo 'have a nice day! FIN' >> $LOG echo '___________' >> $LOG else help #the function we defined above exit 64 fi echo 'successful terminating ' $THISFILE ' at ' `date +%Y-%m-%d-%H%M%s` >> $LOG exit 0 Submitted by Lorenz Kaminski