From 1a87f11f42b69d4565ffc38139c66f06dabdc454 Mon Sep 17 00:00:00 2001 From: nnposter Date: Sun, 4 Oct 2020 02:52:31 +0000 Subject: [PATCH] Default rule base for script mysql-audit. See #2125 --- CHANGELOG | 5 +++++ scripts/mysql-audit.nse | 10 ++++------ 2 files changed, 9 insertions(+), 6 deletions(-) diff --git a/CHANGELOG b/CHANGELOG index 5d5c084a6..1e2c47097 100644 --- a/CHANGELOG +++ b/CHANGELOG @@ -1,5 +1,10 @@ #Nmap Changelog ($Id$); -*-text-*- +o [NSE] Script mysql-audit now defaults to the bundled mysql-cis.audit for + the audit rule base. [nnposter] + +Nmap 7.90 [2020-10-03] + o [GH#2126] Fix the "iocp" Nsock engine for Windows to be able to correctly handle PCAP read events. This engine is now the default for Windows, which should greatly improve performance over the previous default, the "poll" diff --git a/scripts/mysql-audit.nse b/scripts/mysql-audit.nse index c6b934066..32a1482ce 100644 --- a/scripts/mysql-audit.nse +++ b/scripts/mysql-audit.nse @@ -19,7 +19,7 @@ audits by creating appropriate audit files). -- -- @args mysql-audit.username the username with which to connect to the database -- @args mysql-audit.password the password with which to connect to the database --- @args mysql-audit.filename the name of the file containing the audit rulebase +-- @args mysql-audit.filename the name of the file containing the audit rulebase, "mysql-cis.audit" by default -- -- @output -- PORT STATE SERVICE @@ -102,6 +102,8 @@ local function loadAuditRulebase( filename ) test = function(t) table.insert(rules, t) end; }, {__index = _G}) + filename = nmap.fetchfile("nselib/data/" .. filename) or filename + stdnse.debug(1, "Loading rules from: %s", filename) local file, err = loadfile(filename, "t", env) if ( not(file) ) then @@ -119,11 +121,7 @@ action = function( host, port ) local username = stdnse.get_script_args("mysql-audit.username") local password = stdnse.get_script_args("mysql-audit.password") - local filename = stdnse.get_script_args("mysql-audit.filename") - - if ( not(filename) ) then - return fail("No audit rulebase file was supplied (see mysql-audit.filename)") - end + local filename = stdnse.get_script_args("mysql-audit.filename") or "mysql-cis.audit" if ( not(username) ) then return fail("No username was supplied (see mysql-audit.username)")