Hi On Thursday 11 March 2010 20:35:50 Richard Morgan wrote: > I've inherited an OpenVAS 2.0.1 setup from someone else who's left the > company and we've been using it. We noticed in comparing results against > nessus scan results that weak SSL ciphers identified by nessus were not > identified by OpenVAS. > > The nvt-sync process is cron'ed and I have recent (March 10th) .nasl files > in place. > > I've searched for the ssl_ciphers NVT with google and I see commits for it > in > http://www.mail-archive.com/[email protected]/msg04835.ht >ml so we know it exists. For some reason, we don't seem to have it, > though.
ssl_ciphers is one of the few ".nes" plugins. In constrast to the nasl-plugins, these are written in C and not in the interpreted language NASL. Thus, they have to be compiled for the specific machine you are using. In the 2.0 series of OpenVAS these plugins were shipped with the openvas-plugins package. This package is obsoleted in OpenVAS 3.0, and the C-plugins are now part of the openvas-scanner (former openvas-server) package. > My questions: > > 1. How do I search the OpenVAs site for plugins, if I don't have the OID? I think you cannot. You can always do a svn checkout of trunk/openvas-plugins and grep in there, though. First of all, look in your plugins directory for a file ssl_ciphers.nes, e.g. "ls /var/lib/openvas/plugins/*.nes" > 2. How do I find and download a specific plugin, ssl_ciphers in this case, > so it can be used in my scans? You could download the source and compile it on your machine, but I discourage you to do. I would update to 3.0 if your infrastructure permits. Note that there might be a general issue with the ssl_ciphers NVT, as it uses openssl and we switched to gnutls in the rest of the code. Iirc, I looked at this plugin and found that I had to fiddle with it to make it work. Also, its classification scheme for "weak ciphers" is somewhat arbitray (and outdated). hth -- felix -- Felix Wolfsteller | ++49 541 335083-783 | http://www.intevation.de/ PGP Key: 39DE0100 Intevation GmbH, Neuer Graben 17, 49074 Osnabrück | AG Osnabrück, HR B 18998 Geschäftsführer: Frank Koormann, Bernhard Reiter, Dr. Jan-Oliver Wagner _______________________________________________ Openvas-discuss mailing list [email protected] http://lists.wald.intevation.org/mailman/listinfo/openvas-discuss
