Hi! > -----Original Message----- > From: [email protected] [mailto:openvas- > [email protected]] On Behalf Of Jan-Oliver Wagner > Sent: Tuesday, August 25, 2009 2:40 PM > To: [email protected] > Subject: Re: [Openvas-plugins] network information: Security Note or > Log? > > On Dienstag, 25. August 2009, Chandrashekhar B wrote: > > -----Original Message----- > > > I stumbled (again) across the question how we should treat > > > the results of NVTs like os_fingerprint.nasl which > > > tries to guess some information (here the OS) > > > and adds this to the KB. > > > It also sends a security_note about the result. > > > > > IMHO this should only be a log_message() as the OS > > > type as such has not relation to security status. > > > > I think all discovered information should be in the report, so > > security_note() is appropriate in this case. log_message() should > only be > > used to log information such as plugins's inability to perform > something, > > error messages etc., > > > > The discovered information is always useful to analyze the > effectiveness of > > the report, not everyone looks at logs. > > I agree in principle. > > But yet again: Should the NVTs that do collect information > into the KB report on their own Security-level message? Isn't it a > better > design to have other scripts report on such information. > > The significant difference is that eg. NVTs can depend on > os_fingerprint > to use their results and a independent NVT can report the OS - thus > allowing > to run even NVTs that need OS without getting tons of messages about > NVTs > while flexible to siwth on the OS-Reporter NVT whenever wished.
IMHO it is a good idea to have independent NVT to report OS version because there are different methods and NVTs that could report OS version. There could be one script that reads OS version info provided by various plugins from KB and reports the most reliable one. Perhaps, os_fingerprint plugin use ICMP method to determine OS version, but that method is not as reliable as some local check which directly reads version from system. IMO, in that case only version reported by local check should be in report. Also, if there is only one plugin reporting OS version on report level, users can easily uncheck that plugin if they don't want OS version in report. On the other hand, NVTs that need OS version info would still be able to work normally. Regards, Goran Licina -- Laboratory for Systems and Signals Department of Electronic Systems and Information Processing Faculty of Electrical Engineering and Computing University of Zagreb _______________________________________________ Openvas-plugins mailing list [email protected] http://lists.wald.intevation.org/mailman/listinfo/openvas-plugins
