Results 1 to 5 of 5

Thread: Shell Script

  1. #1

    Shell Script

    I guess this is not quite a security question, but sort of is . For NESSUS you have to run "nessusd -D" which requires root. I am the only one on my computer so I do not want to have to "su -" every time I want to use NESSUS so I was trying to write a shell script, but I am not sure how to do it so that it allows for either root to run "nessusd -D." I do realize it may not be the safest thing, but if you have any idea's those are welcom as well. Here's my script.

    Code:
    #!/bin/csh
    su -
    ***************************(censored :D)
    cd /usr/local/sbin
    ./nessusd -D
    exit
    cd /usr/local/bin
    ./nessus

  2. #2
    Senior Member n01100110's Avatar
    Join Date
    Jan 2002
    Posts
    352
    Well , there always is SUDO... But i've heard people say things like "if you want to use sudo , you might as well give them root"... man sudo for more info..
    "Serenity is not the absence of conflict, but the ability to cope with it."

  3. #3
    Senior Member
    Join Date
    Jun 2003
    Posts
    723
    n01100110 is dead on, SUDO
    Do unto others as you would have them do unto you.
    The international ban against torturing prisoners of war does not necessarily apply to suspects detained in America\'s war on terror, Attorney General John Ashcroft told a Senate oversight committee
    -- true colors revealed, a brown shirt and jackboots

  4. #4

    RE: Worked Thanks to #lobby

    Code:
    #!/bin/csh
    #killall nessusd
    pkill nessusd
    sudo -u <user> | ./nessusd -D
    cd /usr/local/sbin
    ./nessusd -D
    cd /usr/local/bin
    ./nessus

  5. #5
    Senior Member
    Join Date
    Jul 2001
    Posts
    461
    Sudo works nicely, as someone stated above... alternatively.



    This is only a slightly better idea than putting your root password in a script, but. If you are bound and determined.

    I am not a big user of nessus, so I do not know if the owner or group of nessus is already important to it, so, this may screw up something, but not so that you cannot recover from it by reversing the steps you take. Make sure you record detailed information about the nessus command/file before you modify anything, like owner, group, exact permisions, etc...

    ls -l nessus > nessus-permisions-before-change

    will do that for ya....

    Now,

    Look up SUID.

    make sure that root is the owner of the nessus command, add yourself to a group that has ownership on the nessus command. Make sure that nobody but the owner and the group can execute the command. Then set the SUID bit on the file. You probably want to look that up so that you can see what it is all about, but, here is quick and dirty commands.

    cd /wherever/nessus/lives
    ls -l nessus (to find out who owner and group are)
    chown root nessus (if the owner is not allready nessus)
    chgrp somegroup nessus (change group ownership to somegroup, you must be member of somegroup)
    chmod 550 nessus (make sure that only owner and group can execute nessus)
    chmod o+S nessus (this sets the file nessus to SUID, which means execute with the permisions of the owner of the file, for executables anyway)

    Perhaps not the most secure thing, I do not know if there are any vulnerabilities in nessus, which could be exploited which it is running as root this way, but if you are bound and determined to not have to enter your root password everytime, this way should work.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •