#!/bin/sh -e
#
# nessus-update-plugins-gpl
#
# This script will retrieve all the newest GPL plugins from 
# www.nessus.org.
#
# NOTE: the use of this script is dangerous as the authenticity of 
#       the scripts is not checked for. USE THIS SCRIPT WITH CAUTION
# 
# 
# Author  : Renaud Deraison <deraison@cvs.nessus.org>
# License : GPL (but for two lines of script, does it matter ?)
# 
#
# usage : nessus-update-plugins-gpl [-v] [-r name] [-d dir]
# 
#
# -d <dir>  : use <dir> as the plugin dir
# -r <name> : read a plugin name
# -v        : be verbose
# -vv       : be more verbose (debug)
#


# Temporarly disabled, see 
# http://bugs.nessus.org/show_bug.cgi?id=1652
echo "ERROR: This script has been disabled as the GPL plugin feed at www.nessus.org" >&2
echo "ERROR: is not currently available." >&2
echo "ERROR: For more information see: " >&2 
echo "ERROR: http://bugs.nessus.org/show_bug.cgi?id=1652" >&2
echo >&2
echo "You might want to use the OpenVAS plugin feed available at " >&2
echo "http://wald.intevation.org/frs/?group_id=29&release_id=154" >&2
echo "(this script might download that feed automatically in the future)" >&2
echo "or register your Nessus installation with 'nessus-fetch' ">&2
echo "and download the registered feed using 'nessus-update-plugins'." >&2
exit 1



# Proxy users
#
# If you are behind a proxy, you can set this options here
# or in ~/.nessus-update-pluginsrc
#
# If you edit THIS file, then the proxy (and proxy username/password)
# will be system-wide. 

proxy_user=
proxy_passwd=
proxy=
location="http://www.nessus.org/nasl/all-2.0.tar.gz"
location_md5="http://www.nessus.org/nasl/all-2.0.tar.gz.md5"
location_sig="http://www.nessus.org/nasl/all-2.0.sig"
# NASL to look for in the download tar.gz
check_nasl="gpl_feed.nasl"

# Examples :
# proxy_user="renaud"
# proxy_passwd="topsecr3t"
# proxy="proxy.fr.nessus.org:8080"
#
# You can copy the lines above and put them
# in your ~/.nessus-update-pluginsrc



#
# The command we use to retrieve the plugins
#
fetch_cmd="wget"

#
# The arguments of this command :
#    -source for lynx/links
#    -q -O -  for wget
#    -s -o - for curl
# 
fetch_args=""




#-------------- DO NOT EDIT THIS FILE BEYOND THAT POINT ---------------------#



gzip=/bin/gzip
prefix=/usr
exec_prefix=${prefix}
bindir=${exec_prefix}/bin
sbindir=${exec_prefix}/sbin
libexecdir=${exec_prefix}/libexec
datadir=${prefix}/share
sysconfdir=/etc
sharedstatedir=${prefix}/com
localstatedir=/var/run
libdir=/var/lib
includedir=${prefix}/include
oldincludedir=/usr/include
infodir=${prefix}/share/info
mandir=${prefix}/share/man

pluginsdir="$libdir/nessus/plugins"

case `id` in uid=0*) ;; *)
    echo "only root should use nessus-update-plugins-gpl"
        exit 1
	esac
	


if [ ! -r "$sysconfdir/nessus/nessusd.conf" ]; then
	if [ ! -e "$sysconfdir/nessus/nessusd.conf" ]; then
	echo "$sysconfdir/nessus/nessusd.conf does not exist!"
	echo "Do you have the nessus daemon installed?"
	else
	echo "I cannot read $sysconfdir/nessus/nessusd.conf."
	echo "Are you root?"
	fi
	exit 1
fi
newdir=`awk '/plugins_folder/ {print $3}' $sysconfdir/nessus/nessusd.conf`
test -n "$newdir" && pluginsdir="$newdir"



test -z "$fetch_cmd" && {
	echo "\$fetch_cmd not set in $0 - aborting"
	exit 1
	}


fetchprogram=`echo $fetch_cmd | cut -d " " -f 1`
if [ -n "$fetchprogram" -a ! -x "$fetchprogram" ]
then
  echo "The program '$fetchprogram' can not be found or executed"
  echo "Please configure this script by changing the option"
  echo "\$fetch_cmd or by installing $fetchprogram"
  exit 1
fi

#
# Read the configuration file, if any
#
test -f ~/.nessus-update-pluginsrc && . ~/.nessus-update-pluginsrc

help_screen()
{
 echo "nessus-update-plugins-gpl 1.0.6, by Renaud Deraison <deraison@cvs.nessus.org>"
 echo
 echo
 echo "Usage : nessus-update-plugins-gpl [-v[v][-h] [-r name] [-d dir]"
 echo
 echo "-v              : be verbose"
 echo "-vv             : be more verbose (debug)"
 echo "-h              : this help screen"
 echo "-d DIR          : install plugins in DIR"
 echo "-r NAME         : read plugin named NAME"
 echo
 echo "Default action  : update the nessusd plugins"
 exit 0
}



proxyopts=""

echo "$fetch_cmd" | grep "lynx" 2>&1 > /dev/null &&
{
 test -n "$proxy" && http_proxy="http://$proxy/"
 test -n "$proxy_user" && proxyopts="-pauth=\"$proxy_user:$proxy_passwd\""
} 

echo "$fetch_cmd" | grep "wget" 2>&1 > /dev/null &&
{
 test -n "$proxy" && http_proxy="http://$proxy/"
 test -n "$proxy_user" && proxyopts="--proxy=on --proxy-user=$proxy_user --proxy-passwd=$proxy_passwd"
}


export http_proxy

opts=`getopt "vld:r:hi:" $*`

for i in $opts
do
 case $i in
 -h)
   help_screen
   ;;
   
  -v)
   if [ -z "$verbose" ];
    then
      verbose="y"
     else
       set -x
   fi
   ;;
 
 -r)
   expect_r="y"
   ;;

 -d)
   expect_d="y"
   ;;
   
  -i)
   expect_i="y"
   ;;
    
  *)
   test -n "$expect_d" &&
     {
      pluginsdir="$i"
      unset expect_d
     }

   test -n "$expect_r" &&
     {
      plug_name="$i"
      unset expect_r
     }
     
   test -n "$expect_i" &&
     {
      install_plug="$i"
      unset expect_i
     }  
   ;;
 esac
done   



test -n "$plug_name" && view_plugin "$plug_name"
test -n "$install_plug" && install_plugin "$install_plug"

tar="-xf"	
test -z "$verbose" || tar="-xvf"



if [ ! -d $pluginsdir ] ; then
	echo "E: Plugindir $pluginsdir is not a directory!"
	exit 1
fi


if [ -z "$fetch_cmd" -o -z "$gzip" ] ; then
 echo "Error \$fetch_cmd or \$gzip are not set - abort"
 exit 1
fi

cwd=`pwd`
tmpdir=$TEMPDIR
test -z "$tmpdir" &&
{
 tmpdir=$TMPDIR
 test -z "$tmpdir" && tmpdir=/tmp
}
fetch_dir="$tmpdir/nessus-update-plugins-$$"
# Create the directory if it does not exist
# This together with a proper umask prevents symlink attacks
umask 077
mkdir -m 0700 "$fetch_dir" || {
	echo "E: Could not create temporary directory ($fetch_dir)"
        exit 1
}
cd "$fetch_dir"
[ "$verbose" = "y"  ] && echo  "I: Downloading MD5 from $location_md5"
$fetch_cmd $fetch_args $proxyopts "$location_md5" > all-2.0.tar.gz.md5
test -s "$pluginsdir/MD5" && {
	if [ -x /usr/bin/diff ];
	then 
	 diff "$pluginsdir/MD5"  all-2.0.tar.gz.md5 > /dev/null && {
	 cd "$cwd"
         [ "$verbose" = "y"  ] && echo "I: Plugins uptodate (MD5 matches)"
	 rm -rf "$fetch_dir"
	 exit 0
	}
	fi
}
	
[ "$verbose" = "y"  ] && echo "I: Downloading plugins signature from $location_sig"
[ ! -e all-2.0.sig ] && \
    $fetch_cmd $fetch_args $proxyopts "$location_sig" > all-2.0.sig
[ "$verbose" = "y"  ] && echo "I: Downloading plugins from $location"
[ ! -e all-2.0.tar.gz ] && \
    $fetch_cmd $fetch_args $proxyopts "$location" > all-2.0.tar.gz
test -s all-2.0.tar.gz || {
	echo "E: Downloading http://www.nessus.org/nasl/all-2.0.tar.gz failed"
        echo "E: Please check $fetch_dir"
	cd "$cwd"
	exit 1
	}

# Check the archive signature
[ "$verbose" = "y"  ] && echo  "I: Checking the archive signature"
test -x $sbindir/nessus-check-signature && {
	$sbindir/nessus-check-signature all-2.0.tar.gz all-2.0.sig || {
		echo "E: Aborting"
		exit 1
		}
	}

	
[ "$verbose" = "y"  ] && echo  "I: Uncompressing the archive"
cat all-2.0.tar.gz | $gzip -cd 2>/dev/null > all-2.0.tar
test $? = 0 || {
 mv all-2.0.tar.gz all-2.0.tar	# Some version of lynx gunzip data on the fly
}
[ "$verbose" = "y"  ] && echo "I: Extracting the archive"
cat all-2.0.tar | tar $tar - 
rm all-2.0.tar
test -s "$check_nasl" || {
	echo "E: Something went wrong when installing the plugins - uncompressing the plugins archive failed"
        echo "E: Please check $fetch_dir"
	cd "$cwd"
	exit 1
	}
	
[ "$verbose" = "y"  ] && echo  "I: Copying the plugins to $pluginsdir"
find . -name "*.nasl" -exec cp {} "$pluginsdir/" \;
find . -name "*.inc" -exec cp {} "$pluginsdir/" \;


test -d "$pluginsdir/.bin" &&
{ 
 precomp_support=y
 rm -rf "$pluginsdir/.bin"
 mkdir "$pluginsdir/.bin"
}

cp -p all-2.0.tar.gz.md5 "$pluginsdir/MD5"

cd "$cwd"
# We remove the downloaded files as they are not needed anymore
rm -rf "$fetch_dir"

[ "$verbose" = "y"  ] && echo "I: Fixing permissions and owner of plugin files"
if [ -x /usr/bin/xargs ];
then
 cd $pluginsdir
 ls | xargs -n 200 chown 0:0 
else
 chown 0:0 $pluginsdir/*.nasl
 chown 0:0 $pluginsdir/*.inc
fi

# Recompile the plugins - Nessus 2.1.x and newer...
test -n "$precomp_support" &&
{
 [ "$verbose" = "y"  ] && echo "I: Recompiling plugins"
 $sbindir/nessusd -R
}


# HUP nessusd
[ "$verbose" = "y"  ] && echo  "I: Trying to restart the Nessus server"
pidfile=/var/run/nessusd.pid
if [ -f "$pidfile" ] ; then
    [ "$verbose" = "y"  ] && echo  "I: Restarting the Nessus server"
    pid=`cat "$pidfile"`
    kill -1 $pid 2>/dev/null
else
    echo "W: Cannot find a running instance of Nessus, did not find $pidfile"
fi

exit 0
# End of script
