NOPC, the Nessus-based offline UNIX patch checker has had some changes made and been made available in our tools section. This article discusses the new features in detail and provides some working examples.
Introduction
There have been some updates to the NOPC tool. The latest version is now 0.4.5.
Updated features and bug fixes
- Added Output CSV Format to display information of affected CVEs and CVSS scores
- Fixed bug in Ubuntu, Redhat and others where “host/cpu” type (value of either: x86_64, i686) is required
- Fixed OSX mktemp problem by forcing temp storage in /tmp/kb.xxxx directory
- Fixed bug in HP-UX section where “/Host/HP-UX/hardware” is required
Usage
The following are optional parameters:
- -d ‘nessus plugin dir’
- -l ‘output type’
- -n ‘location of nasl command’
- -s ‘system type’
The -d option is not required as the default settings is the location for a standard nessus installation (/opt/nessus/lib/nessus/plugins/).
The -l option decides how the output is displayed (see below for support output types). The -n option is not required if you include the nasl command in your path (e.g. export PATH=$PATH:/opt/nessus/bin/). The -s option selects which operating system that will analysed (discussed later).
Output types
Basically, there are raw and CSV output types. There are different output variations available particularly for CSV as follows:
* -l ’0′ = Displays outdated package information only. This is the Installed and Fixed version for each outdated package
* -l ’1′ = Displays NASL name and outdated packages
* -l ’2′ = Displays CVEs for each affected package in (CSV comma separated format)
* -l ’3′ = Displays CVEs and CVSSv2 score for each affected package (CSV comma separated format)
* -l ’4′ = Displays CVE for each affected package (tab separated format)
* -l ’5′ = Displays CVE and CVSSv2 score for each affected package (tab separated format)
Interactive mode
If nopc.sh is launched with no -s option, it will go to interactive mode.
Example
$ nopc.sh -l 3 [+] What type of system have you got the patch output for? 1 - Redhat 2 - OSX 3 - Debian 4 - Ubuntu 5 - Slackware * 6 - Solaris (Maybe !11) * 7 - AIX 8 - HP-UX * 9 - FreeBSD * 10 - Cisco ASA/IOS * UNTESTED!! Enter 1-10? 4 [+] Ubuntu Selected [+] Run 'dpkg -l|cat > patchlist.txt' [+] Enter Location of file: patch-ubuntu-krb5-2.txt [+] Enter the Value of DISTRIB_RELEASE=() from /etc/lsb-release e.g. 11.10 [+] Enter Text Requested: 10.04 [+] Enter value of 'uname -m' e.g. x86_64, i686 [+] Enter Text Requested: i586 [+] To run this in a script the command would be: /opt/bin/nopc.sh -l '3' -s '4' 'patch-ubuntu-krb5-2.txt' '10.04' 'i586' [+] Locating Nasls [+] Checking for 2314 Missing Patches NOPC, Ubuntu Plugin ID, CVE, CVSSv2, Severity, KB, Title 61379, "CVE-2012-1012, CVE-2012-1013, CVE-2012-1014, CVE-2012-1015", 9.3, High, "USN-1520-1", "Ubuntu 10.04 LTS / 11.04 / 11.10 / 12.04 LTS : krb5 vulnerabilities (USN-1520-1)" 51116, "CVE-2010-1323, CVE-2010-1324, CVE-2010-4020, CVE-2010-4021", 4.3, Medium, "USN-1030-1", "Ubuntu 6.06 LTS / 8.04 LTS / 9.10 / 10.04 LTS / 10.10 : krb5 vulnerabilities (USN-1030-1)" 52682, "CVE-2011-0284", 7.6, High, "USN-1088-1", "Ubuntu 9.10 / 10.04 LTS / 10.10 : krb5 vulnerability (USN-1088-1)" 55074, "CVE-2011-0285", 10, High, "USN-1116-1", "Ubuntu 9.10 / 10.04 LTS / 10.10 : krb5 vulnerability (USN-1116-1)" 51985, "CVE-2010-4022, CVE-2011-0281, CVE-2011-0282", 5, Medium, "USN-1062-1", "Ubuntu 8.04 LTS / 9.10 / 10.04 LTS / 10.10 : krb5 vulnerabilities (USN-1062-1)" 49772, "CVE-2010-1322", 6.5, Medium, "USN-999-1", "Ubuntu 10.04 LTS / 10.10 : krb5 vulnerability (USN-999-1)"
Command line
You will notice that the interactive version displays corresponding command-line syntax you could have used. In the example above the following non-interactive invocation could have been used:
/opt/bin/nopc.sh -l '3' -s '4' 'patch-ubuntu-krb5-2.txt' '10.04' 'i586'
Other interesting variations include for Mac OSX, the location of files for Nessus is may not be same Linux (e.g. /library/Nessus) and hence you will need to add -d and -n options to run as follows:
$ nopc.sh -d "/Library/Nessus/run/lib/nessus/plugins/" -n "/Library/Nessus/run/bin/nasl" -l '3' -s '4' 'patch-ubuntu-10.04.txt' '10.04' 'i586'
You can also use specific plugins, which what I did in testing nopc.sh out. For example, copy a number of nasls into a directory myplugins and then:
$ nopc.sh -d "myplugins/" -l '3' -s '4' 'patch-ubuntu-10.04.txt' '10.04' 'i586'
Hidden options
You will see that there are 10 options in the interactive mode.
1 - Redhat 2 - OSX 3 - Debian 4 - Ubuntu 5 - Slackware * 6 - Solaris (Maybe !11) * 7 - AIX 8 - HP-UX * 9 - FreeBSD * 10 - Cisco ASA/IOS
However a few more are added in this release:
11. SuSE 12. CentOS 13. Fedora 14. Gentoo 15. Mandrake
Example
$ nopc.sh -s 11 [+] SuSE Selected [+] Run '/bin/rpm -qa --qf '%{NAME}-%{VERSION}-%{RELEASE}|%{EPOCH}\n' > patchlist.txt' [+] Enter Location of file: patch-suse10-multi1.txt [+] Run 'cat /etc/SuSE-release > release.txt [+] Enter Location of file: release-suse-10.txt [+] Enter value of 'uname -m' e.g. x86_64, i686 [+] Enter Text Requested: i686 [+] To run this in a script the command would be: /opt/bin/nopc.sh -s '11' 'patch-suse10-multi1.txt' 'release-suse-10.txt' 'i686' [+] SuSE Selected [+] Locating Nasls [+] Checking for 4905 Missing Patches /opt/nessus/lib/nessus/plugins/suse_SA_2007_004.nasl: Success /opt/nessus/lib/nessus/plugins/suse_SA_2007_025.nasl: Success /opt/nessus/lib/nessus/plugins/suse_SA_2007_038.nasl: Success
Note for these distributions, some simple tests were performed to ensure it is working (as they are not as commonly seen OS).
The next version of NOPC will update the interactive screen and also include an option to which output type format to use.
Summary
This article presents the improvements and fixes to NOPC for the version 0.4.5 release. We have gone through examples and how to use it.
If you find any bugs with this version, please let us know, particularly if you know you are reviewing a vulnerable system and NOPC generates no output or errors.