Starting Nessus
This script automates the start of nessus in Linux when you have a common set of parameters and only changing scan-destinations. It take the nessus parameters (rc-file, username, password, port, host) and file destination as coded parts and the ip/netmask location and unit as parameters. Then it will put the resulting file in a "report"-directory under /opt/nessus/scan_src/ (the rc-file should be located here too).
#!/bin/bash
debug=0
THISFILE=`basename $0 .sh`
LOG=/var/log/$THISFILE.log
PATH=/bin:/sbin:/usr/bin:/usr/sbin:/opt/nessus/bin:/opt/nessus/sbin
timestamp=`date +%Y-%m-%d-%H%M%s`
NSSRC=/opt/nessus/scan_src
DATE=`date -I`
NRC=/opt/nessus/scan_src/my-nessusrc.nessusrc
NUSER=nessususer
NPASSWD=123456
NTYPE=nessus
NSERVER=localhost
NPORT=1241
NESSUSREP=$4.nessus
if [ ! -e $LOG ]; then touch $LOG ; if [ ! -w $LOG ]; then echo 'permission denied' ; exit 77 ; fi ; fi ;
echo ''
echo '' >> $LOG
echo '=================================================================' >> $LOG
echo '' >> $LOG
echo 'starting ' $THISFILE ' at ' $timestamp >> $LOG
echo '' >> $LOG
#################################################################
# Test if the needed programms and files are there and accessible
/bin/pidof nessusd >> $LOG 2>&1
if [ $? -eq 1 ] ; then /opt/nessus/sbin/nessusd -D ; fi
# nessus scan_src directory
echo "if [ ! -d \'/opt/nessus/scan_src\' ] ; then exit 101 ; fi" >> $LOG
if [ ! -d '/opt/nessus/scan_src' ] ; then exit 101 ; fi
echo "if [ ! -x \'/opt/nessus/scan_src/\' ] ; then exit 77 ; fi" >> $LOG
if [ ! -x '/opt/nessus/scan_src/' ] ; then echo "!!! FAIL !!!!" >> $LOG ; exit 77 ; fi
# the programms we need
if [ ! -x /usr/bin/nmap ] ; then echo "ERROR: nmap not found. Probably not installed on your system?" >> $LOG ; exit 77 ; fi
if [ ! -x /opt/nessus/bin/nessus ]; then echo "ERROR: Nessus not found. Probably not installed on your system?" >> $LOG ; exit 77 ; fi
# Helper function
help () { echo "try: "$THISFIE" IP bitmask organisation Target [L]\n"; exit 0; }
# if everything is allright we start here or echo the error-msg
if [ $1 = "--help" -o $1 = "-h" ] ; then help ; exit 0 ;
elif [ $# -ge 4 ] ; then
# if [ `mkdir -p /opt/nessus/scan_src/reports/$3/$DATE` -o -d /opt/nessus/scan_src/reports/$3/$DATE ] ; then echo ; else exit 73 ; fi
# if [ `mkdir -p /opt/nessus/scan_src/tmp/$3/$DATE` -o -d /opt/nessus/scan_src/tmp/$3/$DATE ] ; then echo ; else exit 73 ; fi
# if [ `touch /opt/nessus/scan_src/tmp/$3/$DATE/$4.b` -o -e /opt/nessus/scan_src/tmp/$3/$DATE/$4.b ] ; then echo ; else exit 73 ; fi
#### we only need this if the above did not work probably
mkdir -p /opt/nessus/scan_src/reports/$3/$DATE
mkdir -p /opt/nessus/scan_src/tmp/$3/$DATE
REPORTS="/opt/nessus/scan_src/reports/$3/`date -I`"
TMP="/opt/nessus/scan_src/tmp/$3/`date -I`"
chmod 640 $REPORTS
chmod 640 $TMP
touch /opt/nessus/scan_src/tmp/$3/$DATE/$4.c
C=/opt/nessus/scan_src/tmp/$3/$DATE/$4.c
NESSUSOPT="-V -c $NRC -T $NTYPE -qx $NSERVER $NPORT $NUSER $NPASSWD $C $REPORTS/$NESSUSREP"
####
# if an fith arg is given we change the nmap scan type
echo "$1/$2" > $C
cat $C >> $LOG
echo '___________' >> $LOG
echo 'now starting the nessus-scan' >> $LOG
echo '___________' >> $LOG
# now the real scan
/opt/nessus/bin/nessus $NESSUSOPT >> $LOG 2>&1
echo 'nessus did work well. you should have '$NESSUSREP' in' $REPORTS >> $LOG
echo 'have a nice day! FIN' >> $LOG
echo '___________' >> $LOG
else
help #the function we defined above
exit 64
fi
echo 'successful terminating ' $THISFILE ' at ' `date +%Y-%m-%d-%H%M%s` >> $LOG
exit 0
Submitted by Lorenz Kaminski