Author: jan
Date: 2016-12-01 17:07:55 +0100 (Thu, 01 Dec 2016)
New Revision: 26748

Modified:
   trunk/ospd/ChangeLog
   trunk/ospd/INSTALL
   trunk/ospd/ospd/ospd.py
Log:
* ospd/ospd.py: Fix some comments to be less explicit with names which
could outdate unnoticed.

* INSTALL: Update to reflect the unix domain socket option.



Modified: trunk/ospd/ChangeLog
===================================================================
--- trunk/ospd/ChangeLog        2016-12-01 07:28:12 UTC (rev 26747)
+++ trunk/ospd/ChangeLog        2016-12-01 16:07:55 UTC (rev 26748)
@@ -1,3 +1,10 @@
+2016-12-01  Jan-Oliver Wagner <jan-oliver.wag...@greenbone.net>
+
+       * ospd/ospd.py: Fix some comments to be less explicit with names which
+       could outdate unnoticed.
+
+       * INSTALL: Update to reflect the unix domain socket option.
+
 2016-11-25  Hani Benhabiles <hani.benhabi...@greenbone.net>
 
        * ospd/misc.py: Remove UNIX_SOCK variable.

Modified: trunk/ospd/INSTALL
===================================================================
--- trunk/ospd/INSTALL  2016-12-01 07:28:12 UTC (rev 26747)
+++ trunk/ospd/INSTALL  2016-12-01 16:07:55 UTC (rev 26748)
@@ -46,7 +46,13 @@
 Creating certificates
 ---------------------
 
-You need TLS certificates for each of your OSPD service. You may use
+An OSPD service can be started using a unix domain socket (only on
+respective systems) or using a TCP socket. The latter uses TLS-based
+encryption and authorization while the first is not encrypted and uses
+the standard file access rights for authorization.
+
+For the TCP socket communication it is mandatory to use adequate
+TLS certificates which you need for each of your OSPD service. You may use
 the same certificates for all services if you like.
 
 By default those certificates are used which are also used by OpenVAS
@@ -58,7 +64,8 @@
 
 $ openvas-manage-certs.sh -s
 
-And sign it with the CA checked for by the client.
+And sign it with the CA checked for by the client. The client is usually
+OpenVAS Manager for which a global trusted CA certficate can be configured.
 
 
 Registering a OSP daemon at OpenVAS Manager
@@ -81,6 +88,10 @@
            --scanner-key-pub=/usr/var/lib/openvas/CA/clientcert.pem \
            --scanner-key-priv=/usr/var/lib/openvas/private/CA/clientkey.pem 
 
+In case the OSP daemon runs on the same system as openvasmd and uses a unix 
domain socket:
+
+$ openvasmd --create-scanner="OSP Scanner-Name" --scanner-type="OSP" 
--scanner-host=/my/path/to/socket
+
 Check whether OpenVAS Manager can connect to the OSP daemon (needs to run of 
course):
 
 $ openvasmd --get-scanners

Modified: trunk/ospd/ospd/ospd.py
===================================================================
--- trunk/ospd/ospd/ospd.py     2016-12-01 07:28:12 UTC (rev 26747)
+++ trunk/ospd/ospd/ospd.py     2016-12-01 16:07:55 UTC (rev 26748)
@@ -239,13 +239,11 @@
       get_scanner_version.
     * Use Call set_command_attributes at init time to add scanner command
       specific options eg. the w3af profile for w3af wrapper.
-
-    See OSPDw3af and OSPDOvaldi for wrappers examples.
     """
 
     def __init__(self, certfile, keyfile, cafile):
         """ Initializes the daemon's internal data. """
-        # Generate certificate for default params with openvas-mkcert or
+        # Generate certificate for default params with
         # openvas-manage-certs
         self.certs = dict()
         self.certs['cert_file'] = certfile

_______________________________________________
Openvas-commits mailing list
Openvas-commits@wald.intevation.org
https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-commits

Reply via email to