Hello,
I am currently worlking on a minimal set of nasl scripts for debian
local security checks.
This turned out to be a harder job than I expected and I am not there yet.
Below I describe my findings and problems so far.
I'd appreciate any helping hand to get this feed running properly.
Which in fact would mean that you try to establish the debian
local security checks running yourself and share your findings.
Necessary script files to execute Debian Local Security Checks
--------------------------------------------------------------------------------------------------
* debian_package.inc:
We have a version in openvas-plugins.
There is another in nessus-plugins-2.2.10 which seems to
contain some improvements.
To my understanding the one from 2.2.10 is under GPL and
we should consider adopting it.
* global_settings.inc:
No differnce between the one from openvas-plugins and 2.2.10.
* ssh_get_info.nasl:
The one in openvas-plugins is contributed by Thomas Reinke.
It is a bit outdated though (e.g. Debian 4.0 is missing).
Perhaps Tomas is willing to provide an update patch.
However, also need to fix dependency to be
ssh_authorization intead of ssh_settings (see below).
* ssh_func.inc:
Seems, the one we have in openvas-plugins is not GPLed.
The latest GPLed I found was in nessus-plugins-GPL-2.2.5.
The difference to the one in openvas-plugins is renaming
Nessus->OpenVAS and a fix to call rsa_sign differently.
* ssh_authorization.nasl:
A script I once wrote myself and pulled from
from
http://mail.nessus.org/pipermail/plugins-writers/2005-July/msg00000.html
It needs only to replace default username slad by e.g. sshovas
I wrote it because ssh_settings.inc was not free.
I have a confirming email by Renaud that it is GPLed by him on 2005-07-25.
However it is neither GPL in 2.2.6 nor in 2.2.10.
* find_service.nes: I just used the one from openvas-plugins.
* debian_DSA-*.nasl:
To my understanding, the Debian local security checks of
2.2.10 are GPL. We should consider updating our plugins
from this package.
See http://mail.nessus.org/pipermail/nessus/2007-October/017677.html
where I asked for confirmation of my understanding.
No answer so far.
Test installation
-------------------------
I compiled and installed
openvas-libraries 1.0.0
openvas-libnasl 0.9.1
openvas-server 0.9.1
openvas-plugins 0.9.0
I used a special prefix and for -plugins I applied
--enable-install=buildusername
Then I remove anything from prefix/lib/openvas/plugins/
and copied the above described files there.
Finally of openvas-mkcert and openvas-adduser.
Creating local user
------------------------------
(my system) $ ssh-keygen -t dsa -f id_dsa_sshovas -C "Key for OpenVAS Local
Security Checks"
(target system) # adduser --disabled-password sshovas
Name: OpenVAS Local Security Checks
# su - sshovas
$ mkdir .ssh
$ cp /some/path/id_dsa_sshovas.pub .ssh/authorized_keys
$ chmod 500 .ssh
$ chmod 400 .ssh/authorized_keys
Running the test
--------------------------
I prepared an older state of a Debian Sarge system
with some missing security fixes. My reference here is
debian_DSA-1193.nasl, a test for an outdated xterm.
Running a scan via OpenVAS-Client does however
not result in reporting the security problem.
Neither openvasd.dump nor openvasd.messages
shows any information of relevance.
This is where I think that OpenVAS has far too bad
debugging methodology. This problem
is of course inherited from Nessus. We should
try to be better.
Well, and this is where I am struck right now.
Need to find out about how to debug why nothing
happens, whether the plugins are executed at all,
how to pull information from the knowledge base
etc.
Best
Jan
--
Dr. Jan-Oliver Wagner Intevation GmbH
Amtsgericht Osnabrück, HR B 18998 http://www.intevation.de/
Geschäftsführer: Frank Koormann, Bernhard Reiter, Dr. Jan-Oliver Wagner
_______________________________________________
Openvas-devel mailing list
Openvas-devel@wald.intevation.org
http://lists.wald.intevation.org/mailman/listinfo/openvas-devel
