Default rule base for script mysql-audit. See #2125

CHANGELOG

@@ -1,5 +1,10 @@
 #Nmap Changelog ($Id$); -*-text-*-
 
+o [NSE] Script mysql-audit now defaults to the bundled mysql-cis.audit for
+  the audit rule base. [nnposter]
+
+Nmap 7.90 [2020-10-03]
+
 o [GH#2126] Fix the "iocp" Nsock engine for Windows to be able to correctly
   handle PCAP read events. This engine is now the default for Windows, which
   should greatly improve performance over the previous default, the "poll"

scripts/mysql-audit.nse

@@ -19,7 +19,7 @@ audits by creating appropriate audit files).
 --
 -- @args mysql-audit.username the username with which to connect to the database
 -- @args mysql-audit.password the password with which to connect to the database
--- @args mysql-audit.filename the name of the file containing the audit rulebase
+-- @args mysql-audit.filename the name of the file containing the audit rulebase, "mysql-cis.audit" by default
 --
 -- @output
 -- PORT     STATE SERVICE
@@ -102,6 +102,8 @@ local function loadAuditRulebase( filename )
     test = function(t) table.insert(rules, t) end;
   }, {__index = _G})
 
+  filename = nmap.fetchfile("nselib/data/" .. filename) or filename
+  stdnse.debug(1, "Loading rules from: %s", filename)
   local file, err = loadfile(filename, "t", env)
 
   if ( not(file) ) then
@@ -119,11 +121,7 @@ action = function( host, port )
 
   local username = stdnse.get_script_args("mysql-audit.username")
   local password = stdnse.get_script_args("mysql-audit.password")
-  local filename = stdnse.get_script_args("mysql-audit.filename")
+  local filename = stdnse.get_script_args("mysql-audit.filename") or "mysql-cis.audit"
-
-  if ( not(filename) ) then
-    return fail("No audit rulebase file was supplied (see mysql-audit.filename)")
-  end
 
   if ( not(username) ) then
     return fail("No username was supplied (see mysql-audit.username)")