October 8th, 2003, 02:53 AM
I guess this is not quite a security question, but sort of is . For NESSUS you have to run "nessusd -D" which requires root. I am the only one on my computer so I do not want to have to "su -" every time I want to use NESSUS so I was trying to write a shell script, but I am not sure how to do it so that it allows for either root to run "nessusd -D." I do realize it may not be the safest thing, but if you have any idea's those are welcom as well. Here's my script.
October 8th, 2003, 02:59 AM
Well , there always is SUDO... But i've heard people say things like "if you want to use sudo , you might as well give them root"... man sudo for more info..
"Serenity is not the absence of conflict, but the ability to cope with it."
October 8th, 2003, 04:01 AM
n01100110 is dead on, SUDO
Do unto others as you would have them do unto you.
The international ban against torturing prisoners of war does not necessarily apply to suspects detained in America\'s war on terror, Attorney General John Ashcroft told a Senate oversight committee
-- true colors revealed, a brown shirt and jackboots
October 8th, 2003, 04:04 AM
RE: Worked Thanks to #lobby
sudo -u <user> | ./nessusd -D
October 8th, 2003, 05:12 AM
Sudo works nicely, as someone stated above... alternatively.
This is only a slightly better idea than putting your root password in a script, but. If you are bound and determined.
I am not a big user of nessus, so I do not know if the owner or group of nessus is already important to it, so, this may screw up something, but not so that you cannot recover from it by reversing the steps you take. Make sure you record detailed information about the nessus command/file before you modify anything, like owner, group, exact permisions, etc...
ls -l nessus > nessus-permisions-before-change
will do that for ya....
Look up SUID.
make sure that root is the owner of the nessus command, add yourself to a group that has ownership on the nessus command. Make sure that nobody but the owner and the group can execute the command. Then set the SUID bit on the file. You probably want to look that up so that you can see what it is all about, but, here is quick and dirty commands.
ls -l nessus (to find out who owner and group are)
chown root nessus (if the owner is not allready nessus)
chgrp somegroup nessus (change group ownership to somegroup, you must be member of somegroup)
chmod 550 nessus (make sure that only owner and group can execute nessus)
chmod o+S nessus (this sets the file nessus to SUID, which means execute with the permisions of the owner of the file, for executables anyway)
Perhaps not the most secure thing, I do not know if there are any vulnerabilities in nessus, which could be exploited which it is running as root this way, but if you are bound and determined to not have to enter your root password everytime, this way should work.