Hello OpenVAS Users, it is already March and therefore time for the next generation of OpenVAS. We are pretty advanced in terms of the Beta phase already and there was a lot of testing.
Now it is time to move forward and iron out last problems strictly heading for the stable release of OpenVAS-7. Please test the current BETA tar-balls (http://www.openvas.org/install-source.html) or SVN trunk until Thursday, April 3rd and provide feedback on your findings. Study the CHANGES files from the packages about what changed since OpenVAS-6! Or just dive into OpenVAS-7 directly :-) Below you find a list of Changes from OpenVAS-6 to OpenVAS-7 across all packages. Please speak up if something is missing or wrong. Basically we are feature-complete. Well, I have a list of 500+ missing features here, but we also have to leave something for OpenVAS-7 maintenance releases and of course for OpenVAS-8. So, primarily the task is bug-hunting and identifying inconsistencies. We need to be realistic in terms of time left we can spend on the changes. Please take care to work only with separate installations or with carefully backed up environments. Migrations work the usual way. Note: We are working on some last improvements. Right after April 3rd we should switch to RC-Phase. Of course we adjust the schedule upon findings of major problems. I am aware this is quite a pace I am asking for. However, I appreciate feedback on experiences with OpenVAS-7 compared to OpenVAS-6. All the best Jan Major changes from OpenVAS-6 to OpenVAS-7 ----------------------------------------- * Access Control: - Groups: For access permissions users can now be associated with Groups. The web interface allows full management of these groups for users with Administrator role. - Permissions: Under menu "Configuration" there is now a new item "Permissions". Here the user has a comfortable overview on all of his access permissions and opportunities to manage them. * Scanning: - Alive-Test (Up-Test, Ping-Test): The type of this test that determines whether a system is active and therefore can be scanned is now adjustable as a property of the object "Target". Which means it can be changed without the need to change Tasks or Scan Configurations. Possible methods are the same as before: ICMP, TCP and ARP. The default setting for the Alive-Test changes from ICMP&TCP&ARP to just ICMP. Hence it can happen that results change for some of your Tasks because some systems are not regarded as alive anymore. But in most cases where larger IP ranges are scanned the scan duration will significantly drop down. However, you do not need to change a Scan Configuration or Task to get back to the previous state, you just need to adjust the Alive-Test method for the respective Target. - New pre-configure Scan Configuration "Host Discovery". This Scan Configuration simply searches for real systems for the given target addresses. No vulnerability tests are executed. The result is just a list of hosts that are regarded active. - New pre-configure Scan Configuration "System Discovery". This Scan Configuration applies any NVTs that discover operating system types and/or hardware device types. No vulnerability tests are executed. The main result is an overview on the found operating system and devices. - New pre-configure Scan Configuration "Discovery". This Scan Configuration applies any NVTs that discover as many details about the target system, installed services and applications, as possible. No vulnerability tests are executed. - Tasks: New class "Alterable Task" allows to change Target and Scan Config even if there are already reports for this task. This allows to have a playground task not designed to grant consistency between its reports. - Problems with DNS resolving during scan: Each failed resolving of a target system name is not listed in section "Errors" of the report browser. - The Scanner preference "silent_dependencies" was removed. It was reducing the number of reported results to only those NVTs that were explicitly selected. This is not necessary anymore because the filtering can now take care of reducing reports. Furthermore, incomplete reports without log information do not offer adequate transparency. In case you applied Scan Configurations that were using this preference, you will get more (all) results now in new reports. Note that when using one of the pre-defined Scan Configurations you will see no changes because these were explicitly selecting all the NVTs. - The Scanner preference "host_expansion" was removed. Its purpose was to automatically expand the target hosts. This functionality should not be done by a Scanner, especially because it can lead to unforeseeable expansions. Using one of the pre-defined Scan Configurations or derived ones, no changes of the behavior will happen. - The Scanner will not create explicit results for detected ports anymore. These results had no reference to NVTs and were redundant anyway. An overview on the detected ports is already provided by other NVTs as log information. Additionally the new user interface even offers a explicit tabular overview in identified ports as part of the new report browser. * Vulnerability Management: - Severity replaces Threat: The concept of Threat Classes is extended to the Severity concept where the severity is not just a class but also contains a specific CVSS value. The CVSS value of a Severity is always the highest occurring CVSS value in the corresponding scan results. This allows a higher granularity in the view and for example improves sorting. This means comprehensive changes for the whole application: . Task Overview: So far only the Threat level was stored for Tasks. Because old tasks covered results with only threat level and no CVSS level (meanwhile all NVTs are assigned with a CVSS), the migration will use old rules of attaching a threat level and therefore insert the maximum of the respective level. This means that the Severity may show a higher CVSS value than then highest value actually present in the results. But this guarantees that the threat level will remain the same. The following values are therefore applied during the migration: High: 10.0, Medium: 5.0, Low: 2.0. Of course for new scans the exact values as occurring in the results are applied. . Task-Details: For the list of reports of a task the very same changes and migration rule is applied as for the Task Overview. . Notes: The distinction of High, Medium, Low is dropped and the migration will place into one class. This prevents that notes may get invisible when NVTs are updated. . Overrides: The distinction of High, Medium, Low is dropped and the migration will place into one class. This prevents that overrides may not be applied when NVTs are updated. . Furthermore, the New Severity is not anymore just a threat level but rather a CVSS value. Old overrides with just threat level are migrated with the same scheme as the Tasks and Reports (see above). - Tags: The new configuration object class "Tag" allows to attach short texts to almost any other object. These texts are available to filtering and are included in export files. This enables to create thematic groups or attach arbitrary attributes to objects. - Reports: Under menu "Scan Management" there is now an overview on any available scan report, regardless of the relations to a task. The powerfilter is available here as well. This new view replaces the report list in the task details dialog. Suitable filters are set automatically. - Search interface for all objects of the SecInfo Management: Via new menu item "All SecInfo" it is possible to search for keywords and with other methods of the Powerfilter through almost 300.000 objects of various types. - Web interface is extended with multi-lingual support and translated into German language. - Integrated online CVSS calculator: Under menu "Extras/CVSS Calculator" a form is available that supports calculating a CVSS value. - Reports: The browser for the report view was entirely reworked and split up into multiple sections, each with a page of its own. Countless changes and extensions were applied. Attention: The changes are significant regarding the default view and regarding the powerfilter. Older stored powerfilters for reports may not work anymore and need to be re-created. - Reports: Users can now individually configure the severity class ranges (High, Medium, Low) for the results view. Attention: The predefined class range is now the one of NIST. Therefore the colors in the view can change for old results and filters may return different results. If you want to switch back to the old behavior, just enter "My Settings" and select "OpenVAS Classic" for severity classes. - Powerfilter: The powerfilter now offers a expand/collapse functionality in order to offer a regular dialog as equivalent to the content of the filter string. Dialog and filter string are automatically mutually synchronized. - Target: It is now possible to reduce the selected range of target systems via some rules. This includes an exclude list, reduction of double entries via Reverse Lookup and making Reverse Lookup obligatory. - Host access rules: More opportunities to deny or allow scan of host for each users, for example hostnames can now also be applied. - Interface access rules: This new feature allows on the one hand to specify a special interface (like "eth1") for each task. On the other hand it is possible to express rules to allow or deny access to interfaces for each user. - Reports: The port information is now extended with the current IANA service name that is registered for this port. - New pre-defined Report Format Plugin "CSV Results": Comma-separated text table of single results. - New pre-defined Report Format Plugin "CSV Hosts": Comma-separated text table of result overview for each target system. - Tasks: It is now possible to configure the order in which the target hosts are scanned: Sequential (like before), reverse and random. - Task Details: The list of reports is now handled via the new object management. This also adds the powerfilter to this page. - Notes/Overrides: The actual note text is now used as identifier in the list instead of the NVT name. - Web-GUI: Consistent access to object details always via identifier in first column. The redundant button for Details is therefore removed from the set of Actions. - OVAL Definitions: The overview as well as the details dialog for OVAL Definitions has been reworked. * Protocols: - OMP now in version 5.0 - OAP dropped. Most functionality moved to OMP. - User management is made available via OMP. - Feed management is made available via OMP. - OTP has been cut down to essentials. This was a first step towards replacing OTP by a superior protocol "OSP" eventually. * Architecture: - OpenVAS Administrator was dropped. Most functionality went into OpenVAS Manager. - No support for Greenbone Security Desktop anymore. - OpenVAS Scanner and OpenVAS Manager react on SIGHUP with reloading configs. -- Dr. Jan-Oliver Wagner | ++49-541-335084-0 | http://www.greenbone.net/ Greenbone Networks GmbH, Neuer Graben 17, 49074 Osnabrück | AG Osnabrück, HR B 202460 Geschäftsführer: Lukas Grunwald, Dr. Jan-Oliver Wagner _______________________________________________ Openvas-discuss mailing list [email protected] https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss
