Author: timb Date: 2007-07-19 23:50:46 +0200 (Thu, 19 Jul 2007) New Revision: 283
Added: trunk/doc/website/openvas-client.html trunk/doc/website/packages/ trunk/doc/website/packages/debian/ trunk/doc/website/packages/debian/Packages trunk/doc/website/packages/debian/Packages.gz trunk/doc/website/packages/debian/Release trunk/doc/website/packages/debian/Release.gpg trunk/doc/website/packages/debian/openvas-client_0.9.0-1_i386.deb trunk/doc/website/roadmap.html Modified: trunk/doc/website/constitution.htm4 trunk/doc/website/index.htm4 trunk/doc/website/openvas-client.htm4 Log: Updated main and constitution pages after reacceptance by SPI Added early test release of Debian packages for OpenVAS-Client Modified: trunk/doc/website/constitution.htm4 =================================================================== --- trunk/doc/website/constitution.htm4 2007-07-19 15:28:11 UTC (rev 282) +++ trunk/doc/website/constitution.htm4 2007-07-19 21:50:46 UTC (rev 283) @@ -29,10 +29,11 @@ <h2>Constitution for OpenVAS project</h2> <p> -This is the current (June 2007) constitution for the -for OpenVAS. It was originally <a href="http://www.spi-inc.org/secretary/agenda/2005/2005-11-15.html";>accepted</a> by -<a href="http://www.spi-inc.org/";>SPI</a> on the 15th November 2005 but due to inactivity of the project -may require modification and resubmission. +This is the current (June 2007) constitution for OpenVAS +. It was originally <a href="http://www.spi-inc.org/secretary/agenda/2005/2005-11-15.html";>accepted</a> by +<a href="http://www.spi-inc.org/";>SPI</a> on the 15th November 2005. We were briefly delisted by SPI during a +period of hosting difficulties but were reaccepted after successful discussions at +<a href="http://www.debconf.org/";>DebConfi</a> 7. </p> <h3>Project contacts</h3> Modified: trunk/doc/website/index.htm4 =================================================================== --- trunk/doc/website/index.htm4 2007-07-19 15:28:11 UTC (rev 282) +++ trunk/doc/website/index.htm4 2007-07-19 21:50:46 UTC (rev 283) @@ -44,10 +44,7 @@ Status: The forked code basis is currently cleaned up and reviewed. Especially we're working to replace OpenSSL by GNUTLS due to the lack of a OpenSSL exception for distribution. -See the <a href="roadmap.html">Roadmap</a> for further details. It -appears we have been dropped as a project by <a href="http://www.spi-inc.org/";>SPI</a>, however we are -still largely operating under the <a href="constitution.html">constitution</a> -originally submitted to and accepted by them. +See the <a href="roadmap.html">Roadmap</a> for further details. </p> <h2>Contact</h2> Modified: trunk/doc/website/openvas-client.htm4 =================================================================== --- trunk/doc/website/openvas-client.htm4 2007-07-19 15:28:11 UTC (rev 282) +++ trunk/doc/website/openvas-client.htm4 2007-07-19 21:50:46 UTC (rev 283) @@ -56,11 +56,16 @@ <h3>Readily available installation package</h3> +<h4>Debian unstable</h4> + <p> -So far, there are no readily available installation -package for any operating system. -<p> +Add the following line to your sources.list and then apt-get update && apt-get install openvas-client +</p> +<code> +deb http://www.openvas.org/package/debian ./ +</code> + <h3>Latest release</h3> <p> Added: trunk/doc/website/openvas-client.html =================================================================== --- trunk/doc/website/openvas-client.html 2007-07-19 15:28:11 UTC (rev 282) +++ trunk/doc/website/openvas-client.html 2007-07-19 21:50:46 UTC (rev 283) @@ -0,0 +1,180 @@ +<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" + "http://www.w3.org/TR/html4/strict.dtd";> + + + + + + + + + + + + + + + + + + + + +<html> + <head> + <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> + <meta name="keywords" content="OpenVAS, Security"> + <link rel="stylesheet" type="text/css" href="openvas.css"> + <title>OpenVAS - OpenVAS - Open Vulnerability Assessment System Community Site</title> + </head> + <body> + <div id="header"> + <table id="navbar"> + <tr valign="bottom"> + <td style="width:172px; text-align: left; padding-bottom: 8px;"> + <a href="index.html"><img src="pix/OpenVAS-logo.png" alt="OpenVAS"></a> + </td> + <td style="text-align: left;vertical-align:middle;"> + </td> + </tr> + </table> + </div> + + <div id="boxes"> + <div class="box"> + <h1>About</h1> + <p> + <a href="constitution.html">Constitution</a><br> + <a href="openvas-client.html">OpenVAS-Client</a><br> + </p> + </div> + + <div class="box"> + <h1>Support</h1> + <p> + Mailinglist Discussion:<br> + <a href="http://lists.wald.intevation.org/pipermail/openvas-discuss/";>Archive</a> + | <a href="http://lists.wald.intevation.org/mailman/listinfo/openvas-discuss";>Subscribe</a> + <br> + Mailinglist Announcements:<br> + <a href="http://lists.wald.intevation.org/pipermail/openvas-announce/";>Archive</a> + | <a href="http://lists.wald.intevation.org/mailman/listinfo/openvas-announce";>Subscribe</a> + </p> + </div> + + <div class="box"> + <h1>Developers Corner</h1> + <p> + <a href="http://wald.intevation.org/projects/openvas/";>Development Platform</a> + </p> + + <p> + Mailinglist Development:<br> + <a href="http://lists.wald.intevation.org/pipermail/openvas-devel/";>Archive</a> + | <a href="http://lists.wald.intevation.org/mailman/listinfo/openvas-devel";>Subscribe</a> + <br> + Mailinglist Source Code Commits:<br> + <a href="http://lists.wald.intevation.org/pipermail/openvas-commits/";>Archive</a> + | <a href="http://lists.wald.intevation.org/mailman/listinfo/openvas-commits";>Subscribe</a> + </p> + </div> + + <div class="box"> + <h1>Download</h1> + <p> + So far, no releases of OpenVAS Server have happened. Version 1.0 will be released + after code cleanup is finished (see <a href="roadmap.html">Roadmap</a>). + </p> + + <p> + However the source code is managed with Subversion and is available via + the development platform. + </p> + + <p> + <a href="http://wald.intevation.org/frs/?group_id=29&release_id=150";>OpenVAS-Client 0.9.0</a> + </p> + </div> + </div> + + <div id="main"> + + +<h2>About OpenVAS-Client</h2> + +<p> +OpenVAS-Client is a terminal and GUI client application +for OpenVAS and Nessus. In fact +it implements the Nessus Transfer Protocol (NTP). +The GUI is implemented using GTK+ 2.4 and allows for managing +network vulnerability scan sessions. +</p> + +<a href="pix/openvasclient-screenshot.png"><img border="0" src="pix/openvasclient-screenshot-small.png" alt="Screenshot of OpenVAS-Client Main Dialog"></a> + +<p> +OpenVAS-Client is a successor of NessusClient 1.X. The fork happened +with NessusClient CVS HEAD 20070704. The reason was that the original +authors of NessusClient +decided to stop active development for this (GTK-based) +NessusClient in favour of a newly written QT-based version +released as proprietary software. +</p> + +<p> +OpenVAS-Client is release under GNU GPLv2 +and may be linked with OpenSSL. +</p> + +<h2>Installing OpenVAS-Client</h2> + +<h3>Readily available installation package</h3> + +<h4>Debian unstable</h4> + +<p> +Add the following line to your sources.list and then apt-get update && apt-get install openvas-client +</p> + +<code> +deb http://www.openvas.org/package/debian ./ +</code> + +<h3>Latest release</h3> + +<p> +The download link for the latest source code release can +be found in the "Download" box to the right. +</p> + +<p> +Download the ".tar.gz" source code archive and unpack +with "tar -xzf openvas-client-N.N.N.tar.gz". Currently +it is easiest to work on a GNU/Linux system, but others +may work as well. +</p> + +<p> +Now read the file <a href="http://wald.intevation.org/plugins/scmsvn/viewcvs.php/trunk/openvas-client/README?root=openvas&view=markup";>README</a> inside the new directory for next +steps. +</p> + +<h3>Most current state of development (directly from the source code management system)</h3> + +<p> +You need subversion to retrieve the code: +</p> + +<p> +$ svn checkout https://svn.wald.intevation.org/svn/openvas/trunk/openvas-client +</p> + +<p> +Change to the new directory and follow the instructions of the <a href="http://wald.intevation.org/plugins/scmsvn/viewcvs.php/trunk/openvas-client/README?root=openvas&view=markup";>README</a> file. +</p> + + </div> + <div id="footer"> + </div> + </body> +</html> Added: trunk/doc/website/packages/debian/Packages =================================================================== --- trunk/doc/website/packages/debian/Packages 2007-07-19 15:28:11 UTC (rev 282) +++ trunk/doc/website/packages/debian/Packages 2007-07-19 21:50:46 UTC (rev 283) @@ -0,0 +1,25 @@ +Package: openvas-client +Priority: extra +Section: net +Installed-Size: 804 +Maintainer: Tim Brown <[EMAIL PROTECTED]> +Architecture: i386 +Version: 0.9.0-1 +Depends: libatk1.0-0 (>= 1.13.2), libc6 (>= 2.6-1), libcairo2 (>= 1.4.0), libfontconfig1 (>= 2.4.0), libglib2.0-0 (>= 2.12.9), libgtk2.0-0 (>= 2.10.12-3), libpango1.0-0 (>= 1.16.4), libssl0.9.8 (>= 0.9.8e-1), libx11-6, libxcursor1 (>> 1.1.2), libxext6, libxfixes3 (>= 1:4.0.1), libxi6, libxinerama1, libxrandr2 (>= 2:1.2.0), libxrender1, zlib1g (>= 1:1.2.3.3.dfsg-1) +Filename: ./openvas-client_0.9.0-1_i386.deb +Size: 270560 +MD5sum: c7cf36a30e3889ac1c303be7f49380a1 +SHA1: 129ec4b9f6dbffb6ef12ac97e17b107df9a72175 +SHA256: 8f6e9ecb2a85ad76f2a9620ae8ec9f4f800062656242384d75c79ffab79c81a2 +Description: Remote network security auditor, the client + The OpenVAS Security Scanner is a security auditing tool. It makes + possible to test security modules in an attempt to find vulnerable + spots that should be fixed. + . + It is made up of two parts: a server, and a client. The server/daemon, + openvasd, is in charge of the attacks, whereas the client, + OpenVAS-Client, provides the user a nice X11/GTK+ interface. + . + This package contains the GTK+ client, which exists in other + forms and on other platforms, too. + Added: trunk/doc/website/packages/debian/Packages.gz =================================================================== (Binary files differ) Property changes on: trunk/doc/website/packages/debian/Packages.gz ___________________________________________________________________ Name: svn:mime-type + application/octet-stream Added: trunk/doc/website/packages/debian/Release =================================================================== --- trunk/doc/website/packages/debian/Release 2007-07-19 15:28:11 UTC (rev 282) +++ trunk/doc/website/packages/debian/Release 2007-07-19 21:50:46 UTC (rev 283) @@ -0,0 +1,13 @@ +Date: Thu, 19 Jul 2007 21:29:43 UTC +MD5Sum: + 28f79a3984420b074305d5d8257deb8b 1275 Packages + 03073f68748ff285a41a4419e15afec3 767 Packages.gz + d41d8cd98f00b204e9800998ecf8427e 0 Release +SHA1: + c94f9f4f6c12c46ed9c34e740dfcc607682f076b 1275 Packages + 5a76a2f083f95d38059966e6075e25b7aa893454 767 Packages.gz + da39a3ee5e6b4b0d3255bfef95601890afd80709 0 Release +SHA256: + 464f11fe3b1b4fe09fdee9537bfda9cf50b3c72ed89f8550a439950b7fffcb8e 1275 Packages + 28a1ac1df5e9923ed878be76172ea0fcbb24500c9003a15d9d516162d56873d4 767 Packages.gz + e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 0 Release Added: trunk/doc/website/packages/debian/Release.gpg =================================================================== --- trunk/doc/website/packages/debian/Release.gpg 2007-07-19 15:28:11 UTC (rev 282) +++ trunk/doc/website/packages/debian/Release.gpg 2007-07-19 21:50:46 UTC (rev 283) @@ -0,0 +1,7 @@ +-----BEGIN PGP SIGNATURE----- +Version: GnuPG v1.4.6 (GNU/Linux) + +iD8DBQBGn9gFVAlO5exu9x8RAi9kAJwM5MKoA3Gv6Rb/bhC3KkhWLMTzmgCgxLdb +h1A4+uKJic0DCLaNH/r40YY= +=YHdZ +-----END PGP SIGNATURE----- Added: trunk/doc/website/packages/debian/openvas-client_0.9.0-1_i386.deb =================================================================== (Binary files differ) Property changes on: trunk/doc/website/packages/debian/openvas-client_0.9.0-1_i386.deb ___________________________________________________________________ Name: svn:mime-type + application/octet-stream Added: trunk/doc/website/roadmap.html =================================================================== --- trunk/doc/website/roadmap.html 2007-07-19 15:28:11 UTC (rev 282) +++ trunk/doc/website/roadmap.html 2007-07-19 21:50:46 UTC (rev 283) @@ -0,0 +1,223 @@ +<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" + "http://www.w3.org/TR/html4/strict.dtd";> + + + + + + + + + + + + + + + + + + + + +<html> + <head> + <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> + <meta name="keywords" content="OpenVAS, Security"> + <link rel="stylesheet" type="text/css" href="openvas.css"> + <title>OpenVAS - OpenVAS - Open Vulnerability Assessment System Community Site</title> + </head> + <body> + <div id="header"> + <table id="navbar"> + <tr valign="bottom"> + <td style="width:172px; text-align: left; padding-bottom: 8px;"> + <a href="index.html"><img src="pix/OpenVAS-logo.png" alt="OpenVAS"></a> + </td> + <td style="text-align: left;vertical-align:middle;"> + </td> + </tr> + </table> + </div> + + <div id="boxes"> + <div class="box"> + <h1>About</h1> + <p> + <a href="constitution.html">Constitution</a><br> + <a href="openvas-client.html">OpenVAS-Client</a><br> + </p> + </div> + + <div class="box"> + <h1>Support</h1> + <p> + Mailinglist Discussion:<br> + <a href="http://lists.wald.intevation.org/pipermail/openvas-discuss/";>Archive</a> + | <a href="http://lists.wald.intevation.org/mailman/listinfo/openvas-discuss";>Subscribe</a> + <br> + Mailinglist Announcements:<br> + <a href="http://lists.wald.intevation.org/pipermail/openvas-announce/";>Archive</a> + | <a href="http://lists.wald.intevation.org/mailman/listinfo/openvas-announce";>Subscribe</a> + </p> + </div> + + <div class="box"> + <h1>Developers Corner</h1> + <p> + <a href="http://wald.intevation.org/projects/openvas/";>Development Platform</a> + </p> + + <p> + Mailinglist Development:<br> + <a href="http://lists.wald.intevation.org/pipermail/openvas-devel/";>Archive</a> + | <a href="http://lists.wald.intevation.org/mailman/listinfo/openvas-devel";>Subscribe</a> + <br> + Mailinglist Source Code Commits:<br> + <a href="http://lists.wald.intevation.org/pipermail/openvas-commits/";>Archive</a> + | <a href="http://lists.wald.intevation.org/mailman/listinfo/openvas-commits";>Subscribe</a> + </p> + </div> + + <div class="box"> + <h1>Download</h1> + <p> + So far, no releases of OpenVAS Server have happened. Version 1.0 will be released + after code cleanup is finished (see <a href="roadmap.html">Roadmap</a>). + </p> + + <p> + However the source code is managed with Subversion and is available via + the development platform. + </p> + + <p> + <a href="http://wald.intevation.org/frs/?group_id=29&release_id=150";>OpenVAS-Client 0.9.0</a> + </p> + </div> + </div> + + <div id="main"> + + +<h2>Roadmap of OpenVAS project</h2> + +<p> +This is the current (June 2007) status of the +planned roadmap for OpenVAS. +<p> + +<h3>OpenVAS Release 0.9 (ca. August 2007)</h3> + +<p> +A first deveopment release for testing purposes. +</p> + +<h3>OpenVAS-Client Release 1.0 (ca. August 2007)</h3> + +<p> +The first stable release of the GUI client with some +enhanced features compared to NessusClient 1.X. +</p> + +<h3>OpenVAS Release 1.0 (ca. October 2007)</h3> + +<p> +More or less same functionality +as Nessus-2, but with OpenSSL replaced by GNU/TLS to resolve +license conflict (OpenVAS 1.0 may then be distributed +in binary form even compiled with SSL support which is not +allowed for Nessus. This is regarded relevant at least for +many GNU/Linux distributions). +</p> + +<h2>Ideas for future OpenVAS functionalities</h2> + +<p> +These ideas result from general brain storming +on the openvas-discuss mailing list and OpenVAS deleoper +conferences. +</p> + +<p> +The following items have not yet been decided upon for +the fixed roadmap and may still be subject to discussion. +There is no order in the list, new items are just appended. +</p> + +<ul> +<li> Plugin severity override: + <p> + Some places value some vulnerabilities more than others. + For example: some places rank anonymous CIFS connections + as vital to their business. Others say its a big risk. + Having a front end to override the degree instead of patching the + plugin would be nice. + This is related to ideas about fals-positive marking. + </p> + +<li> Configurable option "Don't automatically add and run new plugins": + <p> + An option to say: "do not add new plugins to the .nessusrc file(s)". + Or maybe, add all new ones as "no". Sometimes I want to run a given + set of plugins periodically. I don't want all new ones to also get run. + </p> + +<li> Direct support of Database: + <p> + OpenVAS Server should optionally write results into a database. + It is to be discussed whether this is done additional to sending + the results via Nessus Protocol. Also the question is open whether + the server manages access to the database directly or whether users + submit DB connection and authorization details so that the + data are written there. + </p> + +<li> Re-connnect to running OpenVAS scans: + <p> + OpenVAS should run in the background without + a permanent connection to the client. + Re-connection should then allow to get the results. + Email notification at scan completion is helpful + as well. + </p> + +<li> New Client-Server protocol: + <p> + Replace the old Nessus Protocol by something + based on standard protocol technologies and + iron out current weaknesses like the chracter encoding. + </p> + +<li> Trace function: + <p> + Show sets of queries. Each query is composed of the rule + that was used, the destination IP and port, the data sent, + and the data returned. This will make it easier to determine false positives. + </p> + +<li> Improved NASL debugging + +<li> Condensed Plugins: + <p> + E.g. all the Debian local security checks could be condensed + into few (for each year). It is not clear yet which other implications + this might mean. + </p> + +<li> Generic Plugins: + <p> + Plugins with some heuristics to generically detect weaknesses + in web applications. + </p> + +<li> Consider popular issue-tracker or helpdesk systems to pull issues from + scan reports, sort them, prioritize and assign them. +</ul> + + + </div> + <div id="footer"> + </div> + </body> +</html> _______________________________________________ Openvas-commits mailing list [email protected] http://lists.wald.intevation.org/mailman/listinfo/openvas-commits
