Hello, The OpenVAS community is proud to announce the availability of OpenVAS-4, the next generation of the Open Vulnerability Assessment System. Though only eight months since OpenVAS 3.1, the new release represents the biggest step forward ever in the history of OpenVAS.
The most significant new features are a Report Format Plugin Framework, a Master-Slave mode and an improved Scanner. The extended OpenVAS Management Protocol (OMP) 2.0 of OpenVAS Manager makes several new features consistently available to all of its clients (Web, Desktop, CLI). This is the first release that is directly accompanied with installation packages for over 20 platforms, several installation quick guides, a tool to check proper setup and, last but not least a virtual appliance. OpenVAS-4 covers the following OpenVAS modules: Libraries 4.0, Scanner 3.2, Manager 2.0, Administrator 1.1, GSA 2.0, GSD 1.1 and CLI 1.1. At the OpenVAS developer conference #3, July 7-9 in Osnabrück, Germany, the feature set for OpenVAS-5 will take shape. Availability: * Source Code downloads are directly available from OpenVAS homepage: http://www.openvas.org * Binary installation packages: http://www.openvas.org/install-packages.html * Virtual Appliance: http://www.openvas.org/vm.htm New features and changes: * New: Report Format plugin framework. All previous reporting features were converted to plugins. The XML representation of a report is now the base for any plugin and thus consistency of reports is gained. Report Format Plugins can be set active so that they appear in the selection lists. Selections can consider content types so that for example only the plugins with content type "text" are offered as email body. It is possible to use parameters for the plugins so the user can adjust the behaviour of the Report Format to the individual preferences or needs. A verification method allows to distribute signatures for valid plugins via the NVT Feed. * New default Report Format: TXT for simple text. * New default Report Format: LaTeX for LaTeX source. * New sample Report Format: Simple Bar Chart. Demonstrates how to use Gnuplot for graphical reports. * New sample Report Format: Simple Topo Plot. Demonstrates how to use Graphviz for graphical reports. * New sample Report Format: Simple Pie Chart. Demonstrates how to use PyChart for graphical reports. * New sample Report Format: Simple Map Plot. Demonstrates how to use MapServer and GDAL for graphical reports. * New sample Report Format: Sourcefire Host Input. Demonstrates that Report Formats can be used to build connectors. * New: Master-Slave mode. Any OpenVAS Manager can use one or many other OpenVAS Manager as slave to run scans. The whole scan task is transferred to the slave, results are continuously reported to the Master during scan process. After the scan is finished all data is removed from the slave. The master can also retrieve system reports from the slave and thus can collect the performance overview for all configured slaves. * New Escalator: HTTP GET. This allows for example to access text message (SMS) gateways or ticket management systems. * Extended Escalator: For email escalation it is now possible to select from configured Report Formats to be included in the email body. * Agents: A verification method was added. This allows to distribute signatures for valid agents via the NVT Feed. * Credentials: Can now be edited. This allows to change the login name or password without the need to create a new scan configuration. * Credentials: Auto-generated installer packages are now created on the fly. If the generators are improved, it is now easy to create an updated package for already existing credentials. * Targets: Credentials for SMB and SSH are now distinguished. * Targets: Various opportunities have been added to specify and combine IP ranges and ports. * Tasks: The task overview is delivered much faster now. * Reports: The report filtering is much faster now. * Performance: A fall-back performance report delivers some base data if no other tool is configured. * Web interface: Changed login mechanism from HTTP BasicAuth to session based authentication. * Scan behaviour: By default now only ports are scanned that are specified as part of the target. * No binary NVTs: The remaining binary NVTs are turned into built-in functionality. Binary plugins are (finally) no more supported by OpenVAS. * Network scan NVTs: Network-wide initial scans now posible. * Scan performance increased: Lower memory footprint (~10% more concurrent scans possible) * Scan Feature for VHosts: Preferences allow to specify VHosts. * Scanner: Command line options "--dump-cfg" and "--gen-config" are removed. * Scanner: Configuration file "openvassd.conf" not mandatory anymore. * Helper tool openvas-mkcert: New switches and does not create openvassd.conf. * OpenVAS is now compliant with the Filesystem Hierarchy Standard (FHS 2.3). * Consolidated default ports: Manager listens on 9390, Scanner on 9391, GSA on 9392 and Administrator on 9393. * OpenVAS build environment now consistently uses cmake and pkgconfig across all modules. * Compile-time hardening flags are now enabled by default across all modules. * All applications now consistently deliver output of --version compliant with the GNU Coding Standard. * OMP self-documentation: Part of the Managers' XML-based communication protocol OMP 2.0 is to deliver the full specification and documentation of the protocol itself (command "HELP"). It can be retrieved as XML-, RNC- or HTML representation. See here for online documentation: http://www.openvas.org/omp-2-0.html * OAP self-documentation: Part of the Administrators' XML-based communication protocol OAP 1.0 is to deliver the full specification and documentation of the protocol itself (command "HELP"). It can be retrieved as XML-, RNC- or HTML representation. See here for online documentation: http://www.openvas.org/oap-1-0.html * Extended Language Support: Dekstop client GSD now supports english, german and french. Compatibility and migration: * The OpenVAS NVT Feed will be extended with tests that take advantage of the network scan feature but fully keeps the behaviour for previous releases. Also the replacement methods for the former binary NVTs are compatible across OpenVAS 2 through 4. * The OpenVAS Manager has a migration option for updating an OpenVAS Manager 1.0 SQL database. But there is no support to downgrade the database back to 1.0. * Migration from OpenVAS 2.x/3.x: Several default file locations changed for the new OpenVAS Scanner. Installing OpenVAS-4 "ontop" of an older release will likely cause trouble because the old, and now only optional "openvassd.conf" forces wrong paths. Delete or move away that file before starting with OpenVAS-4. * OpenVAS Scanner communication protocol (OTP) remains compatible with the previous release, so the latest release of the old OpenVAS-Client still works. Best regards, -- Dr. Jan-Oliver Wagner | ++49-541-335084-0 | http://www.greenbone.net/ Greenbone Networks GmbH, Neuer Graben 17, 49074 Osnabrück | AG Osnabrück, HR B 202460 Geschäftsführer: Lukas Grunwald, Dr. Jan-Oliver Wagner _______________________________________________ Openvas-announce mailing list Openvas-announce@wald.intevation.org http://lists.wald.intevation.org/mailman/listinfo/openvas-announce
