#!/bin/sh
#
# nessus-update-plugins
#
# This script will retrieve all the newest plugins from 
# www.nessus.org using the utility 'nessus-fetch'.
# 
# 
# Author  : Renaud Deraison <deraison@cvs.nessus.org>
# License : GPL (but for two lines of script, does it matter ?)
# 
#
# usage : nessus-update-plugins [-v[v]] [-h]
# 
#
# -v        : be verbose
# -vv       : be more verbose (debug)
#


#
# The command we use to retrieve the plugins
#


#-------------- DO NOT EDIT THIS FILE BEYOND THAT POINT ---------------------#



gzip=/bin/gzip
prefix=/usr
exec_prefix=${prefix}
bindir=${exec_prefix}/bin
sbindir=${exec_prefix}/sbin
libexecdir=${exec_prefix}/libexec
datadir=${prefix}/share
sysconfdir=/etc
sharedstatedir=${prefix}/com
localstatedir=/var/run
libdir=/var/lib
includedir=${prefix}/include
oldincludedir=/usr/include
infodir=${prefix}/share/info
mandir=${prefix}/share/man

pluginsdir="$libdir/nessus/plugins"



case `id` in uid=0*) ;; 
   *euid=0*) ;;
   *)
    echo "E: only root should use nessus-update-plugins"
        exit 1
	esac
	

if [ ! -x "$bindir/nessus-fetch" ]; then
 echo "nessus-fetch(1) (part of nessus-core) is not installed on your system"
 echo "Hint (for Debian users): have you installed the nessusd package?"
 echo "Aborting"
 exit 1
fi

if [ ! -x "$gzip" ]; then
 echo "E: gzip is not installed on your system"
 echo "Aborting"
fi

if [ ! -r "$sysconfdir/nessus/nessusd.conf" ]; then
	if [ ! -e "$sysconfdir/nessus/nessusd.conf" ]; then
	echo "E: $sysconfdir/nessus/nessusd.conf does not exist!"
	echo "E: Do you have the nessus daemon installed?"
	else
	echo "E: I cannot read $sysconfdir/nessus/nessusd.conf."
	echo "E: Are you root?"
	fi
	exit 1
fi
newdir=`awk '/plugins_folder/ {print $3}' $sysconfdir/nessus/nessusd.conf`
test -n "$newdir" && pluginsdir="$newdir"




help_screen()
{
 echo "nessus-update-plugins 2.0.0, by Renaud Deraison <deraison@cvs.nessus.org>"
 echo
 echo
 echo "Usage : nessus-update-plugins [-v[v] [-h]"
 echo
 echo "-v              : be verbose"
 echo "-vv             : be more verbose (debug)"
 echo "-h              : this help screen"
 echo
 echo "Default action  : update the nessusd plugins"
 exit 0
}



opts=`getopt "vh" $*`

for i in $opts
do
 case $i in
 -h)
   help_screen
   ;;
   
  -v)
   if [ -z "$verbose" ];
    then
      verbose="y"
     else
       set -x
   fi
   ;;
 esac
done
 

if [ -z "$verbose" ];
then
 tar="-xf"	
else
 tar="-xvf"
fi



if [ ! -d $pluginsdir ] ; then
	echo "E: Plugindir $pluginsdir is not a directory!"
	exit 1
fi


	
cwd=`pwd`
tmpdir=$TEMPDIR
test -z "$tmpdir" &&
{
 tmpdir=$TMPDIR
 test -z "$tmpdir" && tmpdir=/tmp
}


mkdir -m 0700 "$tmpdir/nessus-update-plugins-$$" || {
	echo "E: Could not create temporary directory ($tmpdir/nessus-update-plugins-$$)"
	exit 1
}
cd "$tmpdir/nessus-update-plugins-$$"
[ "$verbose" = "y"  ] && echo  "I: Downloading plugins MD5 file"
$bindir/nessus-fetch --plugins-md5 || { 
	echo "E: Could not retrieve the plugins MD5"
	echo "Aborting"
	exit 1
	}
 
[ "$verbose" = "y"  ] && echo  "I: Comparing MD5 checksum"
test -s "$pluginsdir/MD5" && {
	if [ -x /usr/bin/diff ];
	then 
	 diff "$pluginsdir/MD5"  all-2.0.tar.gz.md5 > /dev/null && {
         [ "$verbose" = "y"  ] && echo "I: Plugins uptodate (MD5 matches)"
	 cd "$cwd"
	 rm -rf "$tmpdir/nessus-update-plugins-$$"
	 exit 0
	}
	fi
}


[ "$verbose" = "y"  ] && echo "I: Downloading plugins using nessus-fetch"
$bindir/nessus-fetch --plugins || {
	echo "E: Could not retrieve the Nessus plugins"
	echo "Aborting"
	exit 1 
	}
	

# Check the archive signature
[ "$verbose" = "y"  ] && echo "I: Checking archive signature"
test -x $sbindir/nessus-check-signature && {
	$sbindir/nessus-check-signature all-2.0.tar.gz all-2.0.sig || {
                echo "E: Archive signature does not match"
		echo "Aborting"
		exit 1
		}
	}

rm -f all-2.0.sig
	
[ "$verbose" = "y"  ] && echo "I: Extracting the archive"
cd "$pluginsdir/"
$gzip -cd "$tmpdir/nessus-update-plugins-$$/all-2.0.tar.gz" | tar $tar - 
[ "$verbose" = "y"  ] && echo "I: Updating MD5 file"
rm -f "$pluginsdir/MD5"
mv "$tmpdir/nessus-update-plugins-$$/all-2.0.tar.gz.md5" "$pluginsdir/MD5"

cd "$cwd"
rm -rf "$tmpdir/nessus-update-plugins-$$"

[ "$verbose" = "y"  ] && echo "I: Fixing permissions and owner of plugin files"
chown -R 0:0 "$pluginsdir/"


# HUP nessusd
[ "$verbose" = "y"  ] && echo  "I: Trying to restart the Nessus server"
pidfile=/var/run/nessusd.pid
if [ -f "$pidfile" ] ; then
    [ "$verbose" = "y"  ] && echo  "I: Restarting the Nessus server"
    pid=`cat "$pidfile"`
    # TODO: Could warn if $pid does not exist in the process table...
    kill -1 $pid 2>/dev/null
else
   echo "W: Cannot find a running instance of Nessus, did not find $pidfile"
fi

exit 0
