Am 05.03.2017 um 11:58 schrieb Vito Logrillo:
Hi All, sorry for my noob question, but i'm trying to understand how security scans work. My target is a custom linux distribution on an IoT system: i can set-up an SSH connection but i can't download any package in a simple way. 1. To perform an authenticated scan, an agent or a software should be downloaded on the target machine? Or a shell script? 2. Which are the benefits? It can check all installed packages? Even if they are not active?
the benefit is that it can also check services where the ports are not reachable from the network
depending on what service and the complete setup a vunerability on whatever is running can become very quickly a remote exploit - simple example: you allow users to upload php-scripts on your webserver - from that moment on your services on 127.0.0.1 are no longer isloated until you disable a lot of php functionality
_______________________________________________ Openvas-discuss mailing list [email protected] https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss
