Nessus Security Scanner
performs several security checks, each of them being coded as an external plugin coded in NASL. As new security holes are published every day, new plugins appear on the Nessus web-site (www.nessus.org), and having an up-to-date nessusd server can be difficult and time consuming.
The script nessus-update-plugins-gpl will fetch all the newest GPL security checks for you, install them at the proper location, and restart nessusd(8) so that it take them into account.
nessus-update-plugins uses lynx(1), tar(1) and gzip(1) to do its job.
This script has been superseded by the nessus-update-plugins program and is only provided for those users that do not use the registered plugin feed. Use of the registered plugin feed, however, is encouraged.
Make nessus-update-plugins-gpl display the source code of the plugin <pluginname>
Only install the plugin pluginname
If you are behind a web proxy, then read the manual page of nessus-fetch to configure nessus-fetch with a proper proxy support.
nessus-update-plugins-gpl uses lynx(1) to retrieve the archive of the new plugins, at http://www.nessus.org/nasl/all-2.0.tar.gz. The scripts are not signed so a cracker may poison your DNS server and force this script to retrieve scripts on another web server, and then force your nessusd to execute nasl scripts that do something else. Even if this can not do much harm (see the NASL reference guide for more information on that subject) you should be extra careful regarding this.
So use this script with caution
lynx(1), gzip(1), tar(1)
nessus(1), nessusd(8), nessus-adduser(8)
The canonical places where you will find more information
about the Nessus project are :
http://www.nessus.org (Official site)
http://cvs.nessus.org (Developers site)
Renaud Deraison <[email protected]>. This script has been released under the GPL