• Support
  • Forums
  • Blogs

Vulnerabilty scans not being properly collected

eiaccbeiaccb

New Life Form
+4
Another glitch in vulnerability scans. Some long scan jobs complete correctly at the sensor, but the server loses track of them and appear in the jobs running list, never completing.

The cause is that the nessus_job.pl execution that was responsible for it dies because it loses connection to the database. It dies without collecting the job results and the job is not marked as completed ("C") in the database. Besides the problem of not getting the results, there does not seem to be a way to remove those jobs from that state beyond fiddling directly with the vuln_jobs table.  The fix is very easy and I just paste it here:

--- /usr/share/ossim/scripts/vulnmeter/nessus_jobs.pl.orig      2018-09-21 12:16:19.000000000 +0200
+++ /usr/share/ossim/scripts/vulnmeter/nessus_jobs.pl   2018-09-21 19:41:39.662632500 +0200
@@ -4818,6 +4818,7 @@
     my $sql = qq{ SELECT vns.port, vns.user, vns.password, AES_DECRYPT(vns.password,'$uuid'), inet6_ntoa(s.ip)
                                FROM vuln_nessus_servers vns, sensor s
                                WHERE vns.enabled='1' AND vns.hostname='$sensor_id' AND HEX(s.id) = UPPER(vns.hostname) };
+    if ( check_dbOK() == 0 ) { $dbh = conn_db(); }
     my $sthss=$dbh->prepare( $sql );
     $sthss->execute;
     my @datass=$sthss->fetchrow_array;

Notice that the equality check needs to be against a numerical 0, not the "0" that is used in similar places in the code (that are very probably wrong).

Hope it is of use to anyone.

Share post:

Sign In or Register to comment.