Re: [Openvas-discuss] Ubuntu packages
On Tuesday 05 Feb 2013 00:06:08 Philipp Seidel wrote: the OpenVAS packages via OBS are slightly out of date. Thats why I have registered a OpenVAS Team on Launchpad.net[0] to build up to date packages. At the moment there are stable packages[1] (OpenVAS 5) and nightly builds[2] (upcoming OpenVAS 6) for Ubuntu 10.04, 12.04 and 12.10. The PPA can also be used to update OpenVAS on BackTrack 5r3. If you are looking for the menu entries just install 'openvas-backtrack'. [0] https://launchpad.net/~openvas [1] https://launchpad.net/~openvas/+archive/stable [2] https://launchpad.net/~openvas/+archive/nightly Cc'ing the Debian developers list... Awesome. Is the packaging based on the existing debian work that has been done or is it brand spanking new? I only ask because I'd been playing around with cleaning up the existing packaging to get Debian up to date. Also, is it possible to get the source? Tim -- Tim Brown mailto:t...@openvas.org http://www.openvas.org/ signature.asc Description: This is a digitally signed message part. ___ Openvas-discuss mailing list Openvas-discuss@wald.intevation.org https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss
Re: [Openvas-discuss] the comparation of scanning report
On Monday 19 Nov 2012 03:05:59 王风军 wrote: Hi, my admired friends, my questions are as follows, 1, After I used 'openvas-vnt-sync' update the plugins, the total plugins number is 28410, but the nessus plugins is 52064, why the difference is so great? whether I don't have the new and full plugins? The checks are not necessarily the same. There are definately checks that are in OpenVAS but not in Nessus and vice versa. Moreover, some checks are implemented differently - for example it is possible that maybe one has individual checks for each version that has a vulnerability whilst the other might have one check for the latest version. 2, I have understood the difference between openvas and MBSA, but for a new installed windows OS, e.g. windows xp or windows 7, the MBSA can scan the number of the leaks are above 100, the openvas can scan the leaks result: high:2, medium:1, low:2,log:16. It is likely that the openvas scan a very little leaks, and most of them are log type, what's more, the nessus can scan more leaks. whether I don't have the latest and full leaks database or not? It doesn't appear you are confirming like with like. OpenVAS can scan for 1000s of problems on these systems, but it appears that in your case only a few were found to be a problem. Did you run OpenVAS with full SMB credentials (as MBSA will use your current user access when scanning)? If you run OpenVAS with a SMB username and password all of the checks should run and the comparison should be a lot more fair. Tim -- Tim Brown mailto:t...@openvas.org http://www.openvas.org/ signature.asc Description: This is a digitally signed message part. ___ Openvas-discuss mailing list Openvas-discuss@wald.intevation.org https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss
Re: [Openvas-discuss] plugins questions about openvas project
On Friday 16 Nov 2012 08:35:04 王风军 wrote: Hi, my admired friends, I have two plugin questiones about openvas, they are as follows, 1, What is the difference of plugins about openvas and nessus. Can the openvas use the nessus plugins directly? why the plugins number is different between openvas and nessus? The plugins share a common language (although OpenVAS has been extended since the original fork). A lot of plugins should just work on either but there is no guarantee of this from either side. Moreover, I believe Tenable's position is that the use of (non-GPL) Nessus plugins in OpenVAS would be a breach of licensing. The reason the numbers are different is that having 1 namespace could lead to collisions (for example in databases) if a Nessus and OpenVAS report were merged, or if a plugin from 1 was used on the other. We opted for OIDs to make the namespace expandable - you can either request your own OID family from IANA(?) or request a sub-branch from OpenVAS and work on it with no fear of another developer re-using your ID. 2, What is the difference of openvas and microsoft's mbsa tool. The latter software function is to scan the windows system to find the systme leaks and vulnerablility, and to patch them. I compared the scan result, they are great different, Is it different leaks and vulnerbility between openvas and mbsa scanner? OpenVAS will do both authenticated and unauthenticated testing. Some of the plugins will mimic parts of MBSA but, for example, MBSA has no capability to check for web vulnerabilities in WordPress, whereas plugins for such a class of vulnerability could exist within OpenVAS. It is glad for me to receiving your replying mails. best regards Cheers, Tim -- Tim Brown mailto:t...@openvas.org http://www.openvas.org/ signature.asc Description: This is a digitally signed message part. ___ Openvas-discuss mailing list Openvas-discuss@wald.intevation.org https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss
Re: [Openvas-discuss] openvas gnutls bug again?
On Wednesday 31 Oct 2012 20:30:49 Reindl Harald wrote: nice - but the base of CentOS is stoneold it is based on Fedora12/13 until Fedora 15 openvas worked now we have fedora 17 and soon F18 since HUNDRETS of packages are working well with the gnutls of recent distributions and only openVAS does onot run since nearly a year it is pretty clear that openVAS is HORRIBLE broken WHY in the world was the switch to gnutls done instead use openssl which works since decades relieable? I'm not going to comment on the specifics of the bug, there are more active developers than I who will be able to help I'm sure however here are a couple of things to consider. If you think that OpenSSL is perfect then I'd suggest you read randombit.net's cryptography list[1] (you'll actually find people on there recommending GNU TLS over OpenSSL in fact - although it's largely a matter of taste - both having their own deficiencies). The reason OpenVAS uses GNU TLS is that to do otherwise would be against the license[2] under which OpenVAS is developed. In order to link against OpenSSL an exemption is required. This wasn't a problem when Tenable were releasing their own source and could grant themselves the exemption, but they never AFAIK explicitly stated that this was okay and indeed after closing the source (leading to the fork) made it clear that they wouldn't grant the exemption on their code to OpenVAS. Tim [1] http://lists.randombit.net/pipermail/cryptography/2012-October/003373.html [2] http://lists.wald.intevation.org/pipermail/openvas-discuss/2006- May/000192.html -- Tim Brown mailto:timb@openvas,org http://www.openvas.org/ signature.asc Description: This is a digitally signed message part. ___ Openvas-discuss mailing list Openvas-discuss@wald.intevation.org http://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss
Re: [Openvas-discuss] Survey: Who uses OTP?
The full stack is way to heavy for pentesting. I currently use OpenVAS-Client to drive OpenVAS. Thus far it still works. That being said, the protocol is terrible and could do with being binned. I guess the question is with what and how? Tim -- Tim Brown mailto:timb@openvas,org http://www.openvas.org/ signature.asc Description: This is a digitally signed message part. ___ Openvas-discuss mailing list Openvas-discuss@wald.intevation.org http://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss
[Openvas-discuss] Fwd: [Full-disclosure] Operation Bring Peace To Machines - War Game
If anyone fancies a nice starter into the world of OpenVAS development, the following may be of interest. Some time ago I wrot an PoC XSLT for OpenVAS Manager to generate IVIL output from OpenVAS. It seems IVIL is getting more interest so it would be nice to finish off the XSLT: -- Forwarded Message -- Subject: [Full-disclosure] Operation Bring Peace To Machines - War Game Date: Thursday 16 Feb 2012, 11:19:33 From: Jerome Athias jer...@netpeas.com To: full-disclos...@lists.grok.org.uk, bugt...@securityfocus.com Good morning Hacker, Your mission, should you decide to accept it is to save the CyberSpace. As mentioned in the U.S. INTERNATIONAL STRATEGY FOR CYBERSPACE[1] document, we need interoperable and secure technical standards, determined by technical experts. Requirements: ~15 minutes of your time, a headset and the Boléro The Rand Strategy Assessment Center provides you the following computerised model: Software Vulnerability Mitigation Automation, (an incomplete Conceptual Map) https://corevidence.com/research/vulnerability_interoperability_ivil_v1.jpg some links extracted: [1] http://www.whitehouse.gov/blog/2011/05/16/launching-us-international-strategy- cyberspace IVIL-XML http://www.cupfighter.net/index.php/2010/10/ivil-an-xml-schema-to-exchange- vulnerability-information/ ThreadFixhttp://code.google.com/p/threadfix/ We will provide you soon IVIL v1.0, so be ready for action! i = x2ivil + ivil2x where i is interoperability and x a software (vulnerability scanner,... + waf, virtual patching system, ...) Examples: openvas2ivil nessus2ivil qualys2ivil nikto2ivil ivil2mod_security ivil2snort As always, should you or any of your I.M. Force be caught or killed, the Secretary will disavow any knowledge of your actions. This tape will always stay here. -- Jerome Athias - NETpeas VP, Director of Software Engineer Palo Alto - Paris - Casablanca www.netpeas.com - Stay updated on Security: www.vulnerabilitydatabase.com The computer security is an art form. It's the ultimate martial art. - -- Tim Brown mailto:t...@openvas.org http://www.openvas.org/ signature.asc Description: This is a digitally signed message part. ___ Openvas-discuss mailing list Openvas-discuss@wald.intevation.org http://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss
Re: [Openvas-discuss] OpenVAS Documentation Project
On Tuesday 06 Sep 2011 09:03:10 Jim Halfpenny wrote: Hi, I've managed Confluence before so I would be happy to help install and/or maintain it. There is a bundled installation package which contains confluence and the Java application sever (tomcat IIRC) in one which makes for easy installation. I would advise some caution when installing plugins as this seems to be the easiest way to move from a stable installation to a support nightmare. Where did we get with this? I have 2 lots of wiki content from previous iterations.. the official wiki from when the project started. Tim -- Tim Brown mailto:t...@openvas.org http://www.openvas.org/ signature.asc Description: This is a digitally signed message part. ___ Openvas-discuss mailing list Openvas-discuss@wald.intevation.org http://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss
Re: [Openvas-discuss] [Openvas-devel] Downtime next monday (30th)
On Thursday 26 Jan 2012 08:29:40 Jan-Oliver Wagner wrote: Hello, just to ensure everyone is aware: The OpenVAS development platform will undergo a comprehensive upgrade next monday (Jan 30th) and go offline ca. 11-16UTC. Website, SVN, Bug tracker, ... everything will be unavailable during this time. Any chance to use the US mirror for the website? Tim -- Tim Brown mailto:t...@openvas.org http://www.openvas.org/ signature.asc Description: This is a digitally signed message part. ___ Openvas-discuss mailing list Openvas-discuss@wald.intevation.org http://lists.wald.intevation.org/mailman/listinfo/openvas-discuss
Re: [Openvas-discuss] VDSL connection breaks
On Thursday 21 Jul 2011 15:18:54 Allon Moritz - First Security wrote: Never mind. I used the Full and very deep ultimate scan config which had the safe checks flag set to no. Enabling it solved the problem. It's still interesting fro a security perspective and something we might want to look at. Can you let me know the vendor / product number off list and we'll take it from there. Tim -- Tim Brown mailto:t...@openvas.org http://www.openvas.org/ signature.asc Description: This is a digitally signed message part. ___ Openvas-discuss mailing list Openvas-discuss@wald.intevation.org http://lists.wald.intevation.org/mailman/listinfo/openvas-discuss
[Openvas-discuss] Fwd: Re: Associating NVT's with CVE's
Eeek, this appeared to get lost in the ether (or at least I just got a bounce message from my mail server about it not being sent). -- Forwarded Message -- Subject: Re: [Openvas-discuss] Associating NVT's with CVE's Date: Monday 06 June 2011, 22:51:16 From: Tim Brown t...@openvas.org To: openvas-discuss@wald.intevation.org CC: Alicia Smith asm...@neospire.net, Thomas Reinke li...@securityspace.com On Thursday 26 May 2011 20:08:29 Alicia Smith wrote: Thank you, I'm putting together a list now. I'll post it as soon as completed! Alicia Smith Awesome. That will help with the gap analysis I'm doing against the OSVDB database. Tim -- Tim Brown mailto:t...@openvas.org http://www.openvas.org/ - -- Tim Brown mailto:t...@openvas.org http://www.openvas.org/ signature.asc Description: This is a digitally signed message part. ___ Openvas-discuss mailing list Openvas-discuss@wald.intevation.org http://lists.wald.intevation.org/mailman/listinfo/openvas-discuss
[Openvas-discuss] OpenVAS web site translations
Hi all, We had an offer of a translation of the OpenVAS web site into Belorussian (http://webhostinggeeks.com/science/openvas-be) and initially I was simply going to link to the page however we don't really have a space for it on the current site and whilst one such link won't be too obvious, if we get more then things could become quite cluttered so what do people think? Tim -- Tim Brown mailto:t...@openvas.org http://www.openvas.org/ signature.asc Description: This is a digitally signed message part. ___ Openvas-discuss mailing list Openvas-discuss@wald.intevation.org http://lists.wald.intevation.org/mailman/listinfo/openvas-discuss
Re: [Openvas-discuss] gsad: Validating host and password fields when creating slaves
On Saturday 05 March 2011 11:31:27 Stefan Schwarz wrote: Hi, after having problems with slave-settings i discovered following problems with validating. Host-entries shouldn't be restricted to IP-addresses. At least - should also be a valid char. Passwords shouldn't be validated not at all. Any chars should be allowed. There's a fine line between not restricting peoples ability to use whatever password they want and accepting input which may turn out to cause other types of security flaw (see for example the recent command injection vulnerability). I'm all for loosening the controls but we must do so in a fashion that ensures new weaknesses are not introduced. I believe your problems stem from a change to tighten the accepted character sets in response to that command injection vulnerability. I'd want to take a look at where those values are used and in what context before any significant changes are approved. Tim -- Tim Brown mailto:t...@openvas.org http://www.openvas.org/ signature.asc Description: This is a digitally signed message part. ___ Openvas-discuss mailing list Openvas-discuss@wald.intevation.org http://lists.wald.intevation.org/mailman/listinfo/openvas-discuss
Re: [Openvas-discuss] Login via gsad fails with special chars in password
On Saturday 12 February 2011 14:52:28 Stefan Schwarz wrote: Hi, using SVN Rev 10296 i cannot login any more via gsad while logins using gsd work fine. gsad.log shows (substituted uid and password instead of real userid and password): gsad base: DEBUG:2011-02-12 14h01.10 utc:23996: text to transform: [login_pagetoken/tokentimeSat Mar 21 12:12:18 1970 /time/login_page] gsad main: DEBUG:2011-02-12 14h01.10 utc:23996: connectiontype=2 gsad vali: DEBUG:2011-02-12 14h01.15 utc:23996: openvas_validate: name login value uid gsad vali: DEBUG:2011-02-12 14h01.15 utc:23996: matching ^[[:alnum:]]{1,10}$ against uid: gsad vali: DEBUG:2011-02-12 14h01.15 utc:23996: openvas_validate: matched gsad vali: DEBUG:2011-02-12 14h01.15 utc:23996: openvas_validate: name password value pass gsad vali: DEBUG:2011-02-12 14h01.15 utc:23996: matching ^[[:alnum:], \./]{0,40}$ against pass: gsad vali: DEBUG:2011-02-12 14h01.15 utc:23996: openvas_validate: failed to match gsad base: DEBUG:2011-02-12 14h01.15 utc:23996: text to transform: [gsad_responsetitleInternal error: exec_omp_post:1765/titlemessageAn internal error occured inside GSA daemon. Diagnostics: Login or password missing./messagebackurl/omp?cmd=get_tasks/backurltoken/token/gsa d_response] Your password is failing the internal validation routine designed to prevent malicious input. At the moment, the validation routine only allows (up to 40) alphanumeric, , ., or / characters. From what I can tell, this has been the case since validation was introduced (r6042) in December 2009. Tim -- Tim Brown mailto:t...@openvas.org http://www.openvas.org/ signature.asc Description: This is a digitally signed message part. ___ Openvas-discuss mailing list Openvas-discuss@wald.intevation.org http://lists.wald.intevation.org/mailman/listinfo/openvas-discuss
Re: [Openvas-discuss] Login via gsad fails with special chars in password
On Saturday 12 February 2011 22:46:12 Stefan Schwarz wrote: Am 12.02.2011 23:07, schrieb Tim Brown: On Saturday 12 February 2011 14:52:28 Stefan Schwarz wrote: Hi, using SVN Rev 10296 i cannot login any more via gsad while logins using gsd work fine. [] Your password is failing the internal validation routine designed to prevent malicious input. At the moment, the validation routine only allows (up to 40) alphanumeric, , ., or / characters. From what I can tell, this has been the case since validation was introduced (r6042) in December 2009. I was always able to use gsad with this account. There must have been a change within last revisions. Out of interest, what character is causing the problem? Tim -- Tim Brown mailto:t...@openvas.org http://www.openvas.org/ signature.asc Description: This is a digitally signed message part. ___ Openvas-discuss mailing list Openvas-discuss@wald.intevation.org http://lists.wald.intevation.org/mailman/listinfo/openvas-discuss
Re: [Openvas-discuss] [Openvas-announce] openvas-manager 1.0.4 released (highly recommended security fix)
On Wednesday 19 January 2011 16:12:23 Jan-Oliver Wagner wrote: Main changes since 1.0.3: * A security-relevant bug has been fixed regarding email escalation methods. Configured OpenVAS users were able to damage installation and/or gain higher privileges. As per http://www.openvas.org/security.html which describes the OpenVAS posture on security vulnerabilities in OpenVAS components, an advisory has been released for this issue. The advisory can be found at http://www.openvas.org/OVSA20110118.html. Tim -- Tim Brown mailto:t...@openvas.org http://www.openvas.org/ signature.asc Description: This is a digitally signed message part. ___ Openvas-discuss mailing list Openvas-discuss@wald.intevation.org http://lists.wald.intevation.org/mailman/listinfo/openvas-discuss
Re: [Openvas-discuss] OpenVAS Scanner on SUN machine (SPARC)?!?
On Thursday 06 January 2011 11:52:14 Projekte wrote: for a project to pass my trainee to IT-Professional, I have the task to set up an OpenVAS scanserver wich is controlled by different OpenVAS Clients. My Problem is, that my Projectclient gave me a Sun Machine to realise the Project. As far as I read me through informations and documentations in the Internet I understand that the OpenVAS Scaner will not work on Solaris. But is it possible to run a Linux Distribution like FreeBSD, Ubuntu 8.04 or else (SPARC supported)? Or is it even because the SPARC Architeture impossible to run the OpenVAS-Scaner on the SUN machine? There's no particula reason why OpenVAS shouldn't work on Solaris. However it dosn't get a lot of testing so there may be bugs that are Solaris specific. My sugegstion would be to run through the standard installation process and if you hit any problems send us bug reports. I'm a big fan of Solaris and have test systems that I can work on, so if there are particular bugs I'm more than happy to investigate if needs be. Having said that, you could also install the Linux on it and then install it that way which should also work. There's nothing that is x86 specific, as long as you install from source. Tim -- Tim Brown mailto:t...@openvas.org http://www.openvas.org/ signature.asc Description: This is a digitally signed message part. ___ Openvas-discuss mailing list Openvas-discuss@wald.intevation.org http://lists.wald.intevation.org/mailman/listinfo/openvas-discuss
Re: [Openvas-discuss] 3 Questions about OpenVAS/Nessus/Greenbone
On Thursday 09 December 2010 16:48:36 Luiz Ricardo wrote: 1- In April 2009 some people was performed comparison with Nessus and in this paper the OpenVAS solution has a lower plugins detection than Nessus solution. Today Its the same condition !? It's not an effective measure IMO, but: $ find /opt/nessus/lib/nessus/plugins/ -name *.nasl | wc -l 40211 $ find openvas-plugins/scripts -name *.nasl | wc -l 19765 There are plugins that exist in OpenVAS and not Nessus but there are also plugins that are in Nessus and not OpenVAS. You should also consider that techniques for validating vulnerabilities vary. 2- When I visit the Greenbone website in the solutions section has a text its say: Includes approved and customized versions of * Scan engine: OpenVAS Scanner, OpenVAS Manager, OpenVAS Administrator. What is the difference in opensource version and paid version !? I'll let Greebone answer that but they're not the only people who have developed additional feeds and/or services based on OpenVAS. 3- It's possible I use the Nessus plugin in OpenVAS ? If yes, what I need ? (Change .nasl files, do new signature above this files) Tenable's positition is, I believe, that this would break your license with them. We take no such position but we don't support to ensure that it works. From a technical perspective, OpenVAS branched from Nessus some time ago, so there may be incompatibilities between the two NASL interpreters such that our plugins won't work on Nessus and vice versa. Personally I'd run both, OpenVAS and a licensed copy of Nessus but OpenVAS is there for those without deep pockets or who believe in F/OSS. With regard to commerical products using customised releases of OpenVAS you'd need to ask individual vendors. Tim -- Tim Brown mailto:t...@openvas.org http://www.openvas.org/ signature.asc Description: This is a digitally signed message part. ___ Openvas-discuss mailing list Openvas-discuss@wald.intevation.org http://lists.wald.intevation.org/mailman/listinfo/openvas-discuss
Re: [Openvas-discuss] Fwd: Manager can't update/rebuild DB: database table is locked
On Friday 15 October 2010 23:27:12 Brandon Perry wrote: Maybe I am misunderstanding what the intended outcome is, but should it not be this for consistency's sake? export LD_LIBRARY_PATH=$LD_LIBRARY_PATH;/opt/sqlite/lib Please don't do this, it's bad security practice to set your LD_LIBRARY_PATH in such a manner. I have a stack of research on the runtime linker due to be published soon but for now take a look at a recent blog post I wrote on the subject: http://www.nth-dimension.org.uk/blog.php?id=87 I wrote this blog post for entirely unrelated reasons, but I can't really allow bad practice to be advocated on this list without challenge. Tim -- Tim Brown mailto:t...@openvas.org http://www.openvas.org/ signature.asc Description: This is a digitally signed message part. ___ Openvas-discuss mailing list Openvas-discuss@wald.intevation.org http://lists.wald.intevation.org/mailman/listinfo/openvas-discuss
[Openvas-discuss] OpenVAS vulnerability handling process (was Re: Small symlink vuln in OpenVAS)
On Wednesday 08 September 2010 19:31:37 Tim Brown wrote: For the future, secur...@openvas.org has been set up to take future reports of potential advisories and our vendor entry at OSVDB has been updated to that effect. I will be drafting a page for the web site in due course which will set out our process for dealing with new reports and will of course be making this available to the rest of the OpenVAS community in due course. All, I've uploaded a first draft of the OpenVAS vulnerability handling process and contacts page. At the moment it is only in SVN but it will in due course make it's way to: * http://www.openvas.org/security.html If anyone wants to read it, and give me any feedback it can be found at: * http://wald.intevation.org/plugins/scmsvn/viewcvs.php/trunk/doc/website/security.htm4?rev=9146root=openvasview=markup Tim -- Tim Brown mailto:t...@openvas.org http://www.openvas.org/ signature.asc Description: This is a digitally signed message part. ___ Openvas-discuss mailing list Openvas-discuss@wald.intevation.org http://lists.wald.intevation.org/mailman/listinfo/openvas-discuss
Re: [Openvas-discuss] user install with prefix
On Wednesday 29 September 2010 10:22:20 Zaki Akhmad wrote: Hello, I want to install openvas-libraries on /opt/openvas directory so I did configure with prefix $ ./configure --prefix=/opt/openvas but user can't create that directory. Is it I should make that directory first as root then change the permissions and owner to user's or there's a better way to do this? /opt is not designed for user installs. You can create it and change the permissions, but that is more of a general Unix house keeping question. For user installs, I would suggest --prefix=$HOME/openvas. Tim -- Tim Brown mailto:t...@openvas.org http://www.openvas.org/ signature.asc Description: This is a digitally signed message part. ___ Openvas-discuss mailing list Openvas-discuss@wald.intevation.org http://lists.wald.intevation.org/mailman/listinfo/openvas-discuss
Re: [Openvas-discuss] Where i can find the last nvt updates
On Wednesday 08 September 2010 17:12:41 Ricardo F wrote: Hello, There are some place where i can find the last nvt update or added to the proyect without run the udpate plugin. Thanks They're all manage via our SVN repository. That means you can subscribe to openvas-commits or read the various commit logs to see what's going on. Also, http://wald.intevation.org/plugins/scmsvn/viewcvs.php/trunk/openvas- plugins/ChangeLog?rev=8995root=openvasview=log will let you see the change log for the openvas-plugins module. Tim -- Tim Brown mailto:t...@openvas.org http://www.openvas.org/ signature.asc Description: This is a digitally signed message part. ___ Openvas-discuss mailing list Openvas-discuss@wald.intevation.org http://lists.wald.intevation.org/mailman/listinfo/openvas-discuss
Re: [Openvas-discuss] WMI Support
On Wednesday 21 July 2010 22:36:39 Stephan Kleine wrote: I have no idea what that sourcearchive.com site is and also I think you are mixing up 0.1.6 and 0.1.16 since I don't see any .16 (of which you spoke earlier) on their site. Please make a habit of getting source archives only and just only from the upstream site since everything else will get you into trouble sooner or later. E.g. for 1.3.12 they offer the archive at http://dev.zenoss.org/svn/trunk/inst/externallibs/wmi-1.3.12.tar.bz2 I agree, not least of which because some questions have been raised about whether the version of libwmi that OpenVAS currently recommends to link to is truely GPLv2+. Stephan, we will pick this up this week. Tim -- Tim Brown mailto:t...@openvas.org http://www.openvas.org/ signature.asc Description: This is a digitally signed message part. ___ Openvas-discuss mailing list Openvas-discuss@wald.intevation.org http://lists.wald.intevation.org/mailman/listinfo/openvas-discuss
Re: [Openvas-discuss] Fw: openvassd not running and cant connect to server
On Monday 21 June 2010 23:54:22 NISU DOJ wrote: I fixed the problems in y prior email, owever I am now having issues with plugins. After running the nvt-sync command and running the openvassd daemon, I get the following extracted messages which results in only one plugin getting loaded (service detection). SLAD requires specific tools (such as John) to be installed on the target hosts and the presence of an SSH key too I think. Unless you have installed the various things it uses, I would simply disable the SLAD NVTs in your scan configurations. Tim -- Tim Brown mailto:t...@openvas.org http://www.openvas.org/ signature.asc Description: This is a digitally signed message part. ___ Openvas-discuss mailing list Openvas-discuss@wald.intevation.org http://lists.wald.intevation.org/mailman/listinfo/openvas-discuss
Re: [Openvas-discuss] openvas-cli 0.1.0
On Monday 22 March 2010 14:28:21 Hartmut Goebel wrote: Am 22.03.2010 15:21, schrieb Jan-Oliver Wagner: One of my goals is to have openvas-cli compile easily on many platforms, including Windows and Solaris. Hmm, what about using a version of the program written in a script language? When choosing a decent language, we save the compilation issues at all ;-) The counter argument of course is that scripting languages /may/ have no place on production systems. That's not to say however that a version of openvas- cli in Perl wouldn't be appreciated, just none of that Ruby/Python tat ;). Tim -- Tim Brown mailto:t...@openvas.org http://www.openvas.org/ signature.asc Description: This is a digitally signed message part. ___ Openvas-discuss mailing list Openvas-discuss@wald.intevation.org http://lists.wald.intevation.org/mailman/listinfo/openvas-discuss
Re: [Openvas-discuss] Plugin source too many connections
On Tuesday 16 March 2010 14:06:00 John A. Sullivan III wrote: Hello, all. We typically update plugins daily at 10:00 EDT. For the last two days, we've been getting this error: OpenVASScanner: ERROR updateOpenVAS failed - @ERROR: max connections (20) reached - try again later#012rsync error: error starting client-server protocol (code 5) at main.c(1506) [Receiver=3.0.7] Has anything changed to produce this problem? Thanks - John Most likely the number of OpenVAS users. I guess the Intevation guys will be able to tell you more. I've CCd Jan so that he sees this. Tim -- Tim Brown mailto:t...@openvas.org http://www.openvas.org/ signature.asc Description: This is a digitally signed message part. ___ Openvas-discuss mailing list Openvas-discuss@wald.intevation.org http://lists.wald.intevation.org/mailman/listinfo/openvas-discuss
Re: [Openvas-discuss] Get to start SPI's Click Pledge for OpenVAS
On Monday 17 August 2009 08:12:26 Jan-Oliver Wagner wrote: this topic was discussed a couple of times now and actually everyone wants it and it only needs to be coordinated with SPI. Do they? I'm still unsure as to what we want to take donations *for* and I think we need to work that out before we start taking peoples money. It's been available for quite some time, but with the exception of the DevCon discussions I've not heard anyone mention it. I really want to have this done within this month! Anyone here to take over the job to communicate with SPI? I don't expect much work. Just a couple of emails, finding out about the right Clickpledge URL and putting the URL to our website. It's listed on http://www.spi-inc.org/donations: https://co.clickandpledge.com/default.aspx?wid=20203 What I would propose is that we work out what we would like to take donations for and that I then put this to SPI's legal team to confirm that doing so is with in the bounds of what is allowed given their non-profit status. So far the list of reasons for donations consists of: * Paying towards DevCon costs * Paying prize money for plugin development contest Both of which I believe are acceptable. What other things would we like to do? Tim -- Tim Brown mailto:t...@machine.org.uk http://www.machine.org.uk/ ___ Openvas-discuss mailing list Openvas-discuss@wald.intevation.org http://lists.wald.intevation.org/mailman/listinfo/openvas-discuss
Re: [Openvas-discuss] Article writer for OpenVAS needed
On Thursday 20 August 2009 15:57:51 Jan-Oliver Wagner wrote: Hello, a german computer magazine searches for an author who like to write an article about OpenVAS. It is not mandatory to write the article in german, english would be accepted as well. I guess german is preferred though. Let me know and I can connect you. Best Jan More than happy to write it. I may also be able to get it translated in to German by one of my colleagues if necessary. What's the view point for the article? Tim -- Tim Brown mailto:t...@openvas.org http://www.openvas.org/ ___ Openvas-discuss mailing list Openvas-discuss@wald.intevation.org http://lists.wald.intevation.org/mailman/listinfo/openvas-discuss
Re: [Openvas-discuss] Article writer for OpenVAS needed
On Thursday 20 August 2009 16:42:50 Geoff Galitz wrote: I mentioned in a private reply to Jan that I already started on an article like this. I'm open to collaboration if you (and anyone else) are. Can do, can do... any idea what the audience is, subject matter etc? I like to know where I'm pitching when I write :). Tim -- Tim Brown mailto:t...@openvas.org http://www.openvas.org/ ___ Openvas-discuss mailing list Openvas-discuss@wald.intevation.org http://lists.wald.intevation.org/mailman/listinfo/openvas-discuss
Re: [Openvas-discuss] Get to start SPI's Click Pledge for OpenVAS
On Monday 17 August 2009 08:12:26 Jan-Oliver Wagner wrote: this topic was discussed a couple of times now and actually everyone wants it and it only needs to be coordinated with SPI. Do they? I'm still unsure as to what we want to take donations *for* and I think we need to work that out before we start taking peoples money. It's been available for quite some time, but with the exception of the DevCon discussions I've not heard anyone mention it. I really want to have this done within this month! Anyone here to take over the job to communicate with SPI? I don't expect much work. Just a couple of emails, finding out about the right Clickpledge URL and putting the URL to our website. It's listed on http://www.spi-inc.org/donations: https://co.clickandpledge.com/default.aspx?wid=20203 What I would propose is that we work out what we would like to take donations for and that I then put this to SPI's legal team to confirm that doing so is with in the bounds of what is allowed given their non-profit status. So far the list of reasons for donations consists of: * Paying towards DevCon costs * Paying prize money for plugin development contest Both of which I believe are acceptable. What other things would we like to do? Tim -- Tim Brown mailto:t...@machine.org.uk http://www.machine.org.uk/ -- Tim Brown mailto:t...@openvas.org http://www.openvas.org/ ___ Openvas-discuss mailing list Openvas-discuss@wald.intevation.org http://lists.wald.intevation.org/mailman/listinfo/openvas-discuss
[Openvas-discuss] HAR 2009
So I already know that myself and two other OpenVAS developers will be attending HAR 2009 in a few weeks time, so I figured a page on their wiki might be useful: https://wiki.har2009.org/page/OpenVAS Cheers, Tim -- Tim Brown mailto:t...@nth-dimension.org.uk http://www.nth-dimension.org.uk/ ___ Openvas-discuss mailing list Openvas-discuss@wald.intevation.org http://lists.wald.intevation.org/mailman/listinfo/openvas-discuss
Re: [Openvas-discuss] How to use port scanners properly?
On Wednesday 22 July 2009 22:31:25 Yungwei Chen wrote: Hi, I installed OpenVAS client and server on the same linux mahcine, and my target machine is a local microsoft xp machine. The latest NVTs have been downloaded. I would like to know if results were correct in the following cases. Thanks. case 1: I executed a task with a range of ports and with multiple port scanners. ports were scanned completely, but the checks were never completed (it always showed 0% completion). Any idea? case 2: I executed a task with a range of ports and with one single port scanner, Strobe. I noticed that only checks were completed, but no port was scanned. Did I miss something? Yungwei, My normal scan options are as follows: Port range: 1-65535 Consider unscanned ports as closed: FALSE Hosts to test concurrently: 20 Checks to perform concurrently: 4 Optimise the test: TRUE Port scanner: OpenVAS TCP scanner These settings seem to do the trick fine. Tim -- Tim Brown mailto:t...@nth-dimension.org.uk http://www.nth-dimension.org.uk/ ___ Openvas-discuss mailing list Openvas-discuss@wald.intevation.org http://lists.wald.intevation.org/mailman/listinfo/openvas-discuss
Re: [Openvas-discuss] [Openvas-plugins] Conficker worm detection -OpenVAS plugins
Chandra, Summarising my response to what you asked/stated yesterday on IRC (you'd already logged off for the day). The payload I submitted to you guys for MS08-067 is not the same as the one used by nmap for ms08-067, nmap actuaally uses a different payload developed later by one of my colleagues which is available from http://labs.portcullis.co.uk/. Moreover, neither are the same as the payload nmap uses for the Conficker check, since this validates whether Conficker's own custom patch for MS08-067 has been applied. Conficker's patch behaves differently from Microsoft's. The conficker NASL I sent round generates the nmap payload to test for Conficker but I was troubled by a) SMB authentication problems and b) as I note below I haven't had a chance to run it against a compromised system. We may be able to use my first payload to detect Conficker but for that... I/we need to run it against a Conficker infected box so that we see how it responds... I will ask around but as I have some good contacts in the AV / malware community. Indeed, we probably need to do that anyway so we can see how the SMB function in openvas decode the respond - smb_rev() in particular. Cheers, Tim -- Tim Brown mailto:t...@nth-dimension.org.uk http://www.nth-dimension.org.uk/ ___ Openvas-discuss mailing list Openvas-discuss@wald.intevation.org http://lists.wald.intevation.org/mailman/listinfo/openvas-discuss
Re: [Openvas-discuss] Setting Plugin Timeout not working?
Marc, How long does nikto run for, if you run it manually with the same options. It may be my misunderstanding but the timeouts that are set on the plugin are only for the plugin itself. In the case of the nikto plugin it launches nikto as a separate process. The timeout has no control over the lifetime of the nikto process itself (except *maybe* if nikto was to overrun the plugin timeout?). I'm not totally familiar with the plugin scheduling though, so I expect someone else to provide a better answer ;). Cheers, Tim -- Tim Brown mailto:t...@nth-dimension.org.uk http://www.nth-dimension.org.uk/ ___ Openvas-discuss mailing list Openvas-discuss@wald.intevation.org http://lists.wald.intevation.org/mailman/listinfo/openvas-discuss
Re: [Openvas-discuss] Local checks and SSH
On Thursday 19 March 2009 16:25:58 Shawn Duffy wrote: OK no problem. So are you saying that SSH connections and local checks are not supported at all or are they simply hit or miss? Hit and miss. I started working on fixing the bugs and soon realised that it would probably take rewriting the .inc file and at this stage began investigating other options. It seems to work better with standard OpenSSH than the various variation. Tim -- Tim Brown mailto:t...@nth-dimension.org.uk http://www.nth-dimension.org.uk/ ___ Openvas-discuss mailing list Openvas-discuss@wald.intevation.org http://lists.wald.intevation.org/mailman/listinfo/openvas-discuss
Re: [Openvas-discuss] Next Tier for the OpenVAS feed: join with OSSIM/AlienVault
On Thursday 08 January 2009 15:55:55 Eric Gearhart wrote: Sorry to bring up an old thread, but I was just looking at open source SIM projects and I noticed OSSIM uses Nessus. Naturally the first thing that popped into my head was that they ought to move to OpenVAS Anyone know if the endeavor to help get OSSIM running OpenVAS in lieu of Nessus went anywhere? We've had some discussions with the OSSIM folk. In fact, their feed is OpenVAS compatible but no we've not merged the feeds (yet?) although there is some overlap in the offerings. It's on my big list of things I want to get done ;). Maybe we should invite Dominic to the next DevCon? Tim -- Tim Brown mailto:t...@nth-dimension.org.uk http://www.nth-dimension.org.uk/ ___ Openvas-discuss mailing list Openvas-discuss@wald.intevation.org http://lists.wald.intevation.org/mailman/listinfo/openvas-discuss
Re: [Openvas-discuss] Mac OS X Problems
On Friday 19 December 2008 09:12:45 Michael Wiegand wrote: * Andrew Blyth [19. Dec 2008]: Dear All I am running a Mac OS X (10.5). When I try and configure/compile openvas-libraries-2.0.0 I get the following error message: checking for __dn_expand in -lresolv... no configure: error: you need to install resolve library with development files I know that the resolve files are on my machine: $ ls -l /usr/include/resolv.h -rw-r--r-- 1 root wheel 19363 5 Oct 2007 /usr/include/resolv.h $ I think the resolv.h in Mac OS X is slightly different from what openvas-libraries expects. This is most likely a bug, since the functionality should be present in OS X. Would you mind filing a bug report against openvas-libraries at http://bugs.openvas.org/ so we can collect the information there? Thank you! This has now been fixed in trunk. Tim -- Tim Brown mailto:t...@nth-dimension.org.uk http://www.nth-dimension.org.uk/ ___ Openvas-discuss mailing list Openvas-discuss@wald.intevation.org http://lists.wald.intevation.org/mailman/listinfo/openvas-discuss
Re: [Openvas-discuss] Web client
On Friday 14 November 2008 10:34:16 Jan-Oliver Wagner wrote: On Freitag, 14. November 2008, Robert Rose wrote: I've just got OpenVAS version 2 beta installed running on CentOS, I'm most impressed! thanks :-) I'm wondering if there is a web client planned, yes. My personal idea is to have one based on OpenVAS 3.0. And I'd like to start the 3.0-beta cycle in spring 2009. We have no resources for a web client development yet (neither financially nor (wo)man-power), but Intevation will prepare ground to allow for writing a web client. similar to NessusWC ? Has anyone looked at Auto Nessus - http://www.autonessus.com/ - Seems like an interesting project in this sphere and FOSS (GPLv3) too. Maybe someone would like to contact them? Cheers, Tim -- Tim Brown mailto:[EMAIL PROTECTED] http://www.nth-dimension.org.uk/ ___ Openvas-discuss mailing list Openvas-discuss@wald.intevation.org http://lists.wald.intevation.org/mailman/listinfo/openvas-discuss
Re: [Openvas-discuss] Packet logs and licensing
On Monday 10 November 2008 04:10:34 Ron wrote: Hi everybody, Just subscribed to this list because I have a question that I figure you guys have come across before. Hopefully you can save me some time (and a lawsuit or two :) ). I'm currently adding vulnerability checks to Nmap using the scripting engine. So far, I've been basing them on scripts that people put online without licensing (I don't base them on the code, just on the network traffic). I'd like to add support for other Windows vulnerabilities, though. For example, having a check for ms06-040 would be really nice. However, I can't find any free checkers (and even GPL, without special accommodations, is incompatible with Nmap's license). Even with ms08-067, I'm using a check that's used by Metasploit, but it crashes over 50% of systems, which is definitely not good. Foundstone and Nessus have better ones, but their licensing makes it prohibitive. Which leads me to my question -- I have no interest in looking at the source for checks done by, say, Foundstone or Nessus. However, looking at their network traffic and reproducing their checks can be extremely helpful. But I don't know how licensing works, in this case -- does the licensing on their code apply to network traffic with Windows, or does the licensing end at the sourcecode level? I'd like to add the same checks as them at the traffic level, but I don't want to violate licenses. Can somebody here tell me where the line between violations/fair use is drawn in this case? With the nature of OpenVAS, you must have run across this before. The licensing will be in relation to the source code, OTOH you need to be in a position where you have a license on the source code that allows you to execute it for the purposes you have outlined. That means for example that if you're working on nmap scripts for $corp based on Nessus, that $corp has an appropriate license to allow generation of packets from Nessus. Note also that depending on your locality, various EULA could have further impact on how you are allowed to use the results (such as packet captures) from commercial tools. Just for kicks, my colleague is the one who wrote the original code (http://labs.portcullis.co.uk/application/ms08-067-check/) on which Metasploits check for MS08-067 is based so I could probably get it ported relatively easily. OTOH, the check we (OpenVAS) use is based on earlier packet analysis by one of the guys in India of traffic captured by myself using a port of the original POC to Samba's RPC client (http://www.nth-dimension.org.uk/blog.php?id=72). Traditional reverse engineering style really, one person examines the code, documents (in this case as .pcap's) what happens and then someone else goes off and writes the check. Essentially, the checks *I* write are either for things I have discovered, things where I can write a check based on an advisory, or things where I can reverse engineer what is going on from packet level dumps. For obvious reasons, I stay clear of looking at how Nessus 3.x does things. Cheers, Tim -- Tim Brown mailto:[EMAIL PROTECTED] http://www.nth-dimension.org.uk/ ___ Openvas-discuss mailing list Openvas-discuss@wald.intevation.org http://lists.wald.intevation.org/mailman/listinfo/openvas-discuss
[Openvas-discuss] OpenVAS donations?
Michael, Thanks for your response on OFTC I appreciate it, but could you clarify the position as to what SPI require from OpenVAS in order to start taking donations on our behalf? Essentially, we intend to run a competition to encourage the Infosec community to get involved in developing plugins for OpenVAS and to that end, several of us intend to make donations that will be allocated as prizes for the most promising contributions. General proposal for the competion can be found at http://lists.wald.intevation.org/pipermail/openvas-discuss/2008-June/000627.html. Note that I have copied this to openvas-discuss, since I do not believe that any of the contents of your response should be of a confidential nature. All the best, Tim -- Tim Brown mailto:[EMAIL PROTECTED] http://www.nth-dimension.org.uk/ signature.asc Description: This is a digitally signed message part. ___ Openvas-discuss mailing list Openvas-discuss@wald.intevation.org http://lists.wald.intevation.org/mailman/listinfo/openvas-discuss
Re: [Openvas-discuss] idea: Contest 'Best advances for OpenVAS Network Vulnerability Tests'
On Friday 18 July 2008 09:23:15 Jonas Andradas Arias wrote: It might be a good idea if there was an account (be it Paypal or pure bank account) where people (like myself) would be able to donate money for the prize. Jonás. I will be contacting SPI (http://www.spi-inc.org/) regarding this, as OpenVAS is a member project. Cheers, Tim -- Tim Brown mailto:[EMAIL PROTECTED] http://www.nth-dimension.org.uk/ ___ Openvas-discuss mailing list Openvas-discuss@wald.intevation.org http://lists.wald.intevation.org/mailman/listinfo/openvas-discuss
Re: [Openvas-discuss] Compile question...
On Sunday 16 March 2008 19:16:45 Aleksander Adamowski wrote: On 3/14/08, Jan-Oliver Wagner [EMAIL PROTECTED] wrote: I've also tried changing configure.in according to autoconf manual, setting the corresponding line to: AC_SEARCH_LIBS(dn_expand, resolv, LIBS=-lresolv $LIBS, But it seems the autoconf manual contains an error here since this resulted in absolute nonsense in generated configure, exchanging library name and function name: this sound like it should be: AC_SEARCH_LIBS(resolv, dn_expand, LIBS=-lresolv $LIBS, It was originally, and has been giving the original error that started this thread. libresolv is a pretty standard library. Has anyone looked at how other projects check for it in their configure.in files? Tim -- Tim Brown mailto:[EMAIL PROTECTED] http://www.nth-dimension.org.uk/ ___ Openvas-discuss mailing list Openvas-discuss@wald.intevation.org http://lists.wald.intevation.org/mailman/listinfo/openvas-discuss
Re: [Openvas-discuss] idea: Contest 'Best advances for OpenVAS Network Vulnerability Tests'
On Thursday 26 June 2008 14:51:08 Jan-Oliver Wagner wrote: how about arranging a Contest 'Best advances for OpenVAS Network Vulnerability Tests' in order to make OpenVAS more known, get people to look on how to implement further NVTs or in other ways implement ideas to improve OpenVAS? I'm game, I'll throw in the 100 euro prize personally. I suspect we need to get details up on the web site and announce it on the various security forums. Are we considering your email a formal announcement of intent? Tim -- Tim Brown mailto:[EMAIL PROTECTED] http://www.nth-dimension.org.uk/ signature.asc Description: This is a digitally signed message part. ___ Openvas-discuss mailing list Openvas-discuss@wald.intevation.org http://lists.wald.intevation.org/mailman/listinfo/openvas-discuss
Re: [Openvas-discuss] OpenVAS - ready to try? Or not?
On Wednesday 09 July 2008 15:16:11 Jonas Andradas wrote: I am not a Debian developer, nor mantainer or packager (at least yet) but I think it would make sense to package the non-GTK client separately, since most logically the GTK client package must have gtk as a dependency, and for a headless machine it would be otherwise unnecesary to have gtk installed. So probably the best way to go would be to have the non-GTK client in a package and the GTK one as a different one that would replace the non-GTK client if installed (my guess here). Good call, I don't see why we shouldn't be able to do this. Cheers, Tim -- Tim Brown mailto:[EMAIL PROTECTED] http://www.nth-dimension.org.uk/ ___ Openvas-discuss mailing list Openvas-discuss@wald.intevation.org http://lists.wald.intevation.org/mailman/listinfo/openvas-discuss
[Openvas-discuss] Fwd: Call for nominations - 2008 SPI Board Election
Since OpenVAS is a associated project of SPI, I would encourage everyone to get involved. In terms of the life cycle of our project it is too early to consider putting forwards OpenVAS developers to represent SPI but we can join SPI and have an affect on the board members elected. Cheers, Tim -- Forwarded Message -- Subject: Call for nominations - 2008 SPI Board Election Date: Friday 04 July 2008 From: Neil McGovern [EMAIL PROTECTED] To: [EMAIL PROTECTED] As per our by-laws[0] and resolution 2004-08-10-dbg.2[1], two board seats are up for election. At that time, anyone who wishes to run for any of these seats, including any interested incumbents, will be asked to send a position statement to the Secretary. These position statements will be collected until the 13th of July. From the 15th to the 28th of July, voting will take place should there be a need. After the election results are posted, the Board will select from among its members the executive (president, vp, treasurer, secretary). [0] http://www.spi-inc.org/corporate/by-laws [1] http://www.spi-inc.org/corporate/resolutions/2004-08-10-dbg.2 -- Neil McGovern Secretary, Software in the Public Interest, Inc. --- -- Tim Brown mailto:[EMAIL PROTECTED] http://www.nth-dimension.org.uk/ ___ Openvas-discuss mailing list Openvas-discuss@wald.intevation.org http://lists.wald.intevation.org/mailman/listinfo/openvas-discuss
[Openvas-discuss] bugs.openvas.org (was Re: resolv error during configuration step of openvas-libraries source install)
All, This seems like a good opportunity to point out a couple of resources that might be useful. The first is bugs.openvas.org which takes you to the GForge bug tracking page for OpenVAS. I would encourage everyone to post any bugs they find there so that we don't lose them. Secondly, if you're working on distro specific elements relating to build or packaging, openvas-distro is a good place to prod, rather than discuss which is really for more organisational matters. Cheers, Tim -- Tim Brown mailto:[EMAIL PROTECTED] http://www.nth-dimension.org.uk/ ___ Openvas-discuss mailing list Openvas-discuss@wald.intevation.org http://lists.wald.intevation.org/mailman/listinfo/openvas-discuss
Re: [Openvas-discuss] OpenVAS is in FreeBSD ports tree
On Sunday 08 June 2008 19:08:16 Tomoyuki Sakurai wrote: OpenVAS suite is now available in FreeBSD ports tree. http://www.freshports.org/security/openvas-server Hey thats great. If you want to push your patches back to us, we'll see that they get into trunk (where applicable). I've moved this conversation to openvas-distro as it's the designated channel for distribution chatter. Cheers, Tim -- Tim Brown mailto:[EMAIL PROTECTED] http://www.nth-dimension.org.uk/ ___ Openvas-discuss mailing list Openvas-discuss@wald.intevation.org http://lists.wald.intevation.org/mailman/listinfo/openvas-discuss
Re: [Openvas-discuss] OpenVAS and Cygwin
On Wednesday 21 May 2008 13:54:19 John Chajecki wrote: 1. The OpenVAS client seems to clash with with Cygwin and refuses to launch when Cygwin is active. We have installed OpenVAS client 1.0.3 on Windows. Not sure about that, I would wait and see what other people say on the subject. Jan is often a good bet since he builds the Windows client. 2. We downloaded the manua but we can't read it. It seems to be written with something called LyX. We have downloaded LyX and we now have a pretty LyX associated with users-manual.lyx but when we click on it nothing appeared to happen. About 5 minutes later however, a web browser like window suddenly opened up on the desktop with the manual displayed. I realise this may be a LyX issue, but why can't the manuals be written in a common file format like html or PDF rather than some obscure format that no one has heard of (yes - I have asked around!)? The markup format we use for the manual is LaTeX. This is a pretty common, open format which is heavily within the science and technology community. Having said that, it's main use here is to allow the generation of HTML and PDFs from a single source. Maybe it would be worth updating the relevant packages to generate one of those formats as part of the distribution process. I think it's a fair point that end users shouldn't have to rely on having LyX (or another LaTeX editor) installed to use OpenVAS. Thoughts anyone? Tim -- Tim Brown mailto:[EMAIL PROTECTED] http://www.nth-dimension.org.uk/ ___ Openvas-discuss mailing list Openvas-discuss@wald.intevation.org http://lists.wald.intevation.org/mailman/listinfo/openvas-discuss
Re: [Openvas-discuss] Security language is english !?
On Wed, 30 Apr 2008, Jan-Oliver Wagner wrote: AFAIU, the security language is english. All relevant sources of security alerts are in english and need to be understood anyway by the auditors. (Yes, there are some non-english sources of security alerts, but in fact these could even be better implemented as separate base NASL scripts and form some sort of a profile of its own). True. So, I'd be interested in your opinion/thoughts on whether we should remove any of the Server-side localization support for NASL scripts ? I've just done a quick poll of our office regarding this. Amongst a Turk, a German, an Indian and a native English speaker, the opinion is that at a technical level, yes English is expected. However, the German also gave tha business justification that not everyone who might use OpenVAS might be technical. The Turk also made an interesting point, that in Turkey there is a large community of developers who spend their time porting applications to Turkish because they do not wish to use an English based application. I'm not sure of any specific conclusions to draw from this but maybe it's a problem to let the community solve. I do however wonder what effort would be required to port OpenVAS to GLib et al which might solve I18N issues. Tim -- Tim Brown mailto:[EMAIL PROTECTED] http://www.nth-dimension.org.uk ___ Openvas-discuss mailing list Openvas-discuss@wald.intevation.org http://lists.wald.intevation.org/mailman/listinfo/openvas-discuss
Re: [Openvas-discuss] Use glib ?
Quick answer. In my opinion it makes sense. Tim -- Tim Brown mailto:[EMAIL PROTECTED] http://www.nth-dimension.org.uk/ ___ Openvas-discuss mailing list Openvas-discuss@wald.intevation.org http://lists.wald.intevation.org/mailman/listinfo/openvas-discuss
Re: [Openvas-discuss] AMD64 issues with configure script
On Tuesday 25 March 2008 21:30:36 Vazquez, Ed wrote: Any hope of resolution? Always ;) Can you possibly do a similar dump of your build process for Nessus 2.2.11? Note that the check performed by configure isn't actually defined by us, but is rather a result of the particular macro we use in configure.in and the transform applied by autoconf to build configure. It might well be that if the configure for nessus 2.2.11 was generated with a different autoconf version that the checks performed are not quite the same. A copy of configure and config.log for your Nessus build would therefore be very useful. Cheers, Tim -- Tim Brown mailto:[EMAIL PROTECTED] http://www.nth-dimension.org.uk/ ___ Openvas-discuss mailing list Openvas-discuss@wald.intevation.org http://lists.wald.intevation.org/mailman/listinfo/openvas-discuss
Re: [Openvas-discuss] AMD64 issues with configure script
On Wednesday 26 March 2008 01:30:41 Tim Brown wrote: Found the reason - http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=242462 Working on a patch now. Patch committed, please free to test from SVN trunk. We now check for __dn_expand which should be available on all architectures. Same patch has been applied to multiple other packages in Debian so should work just fine. Cheers, Tim -- Tim Brown mailto:[EMAIL PROTECTED] http://www.nth-dimension.org.uk/ ___ Openvas-discuss mailing list Openvas-discuss@wald.intevation.org http://lists.wald.intevation.org/mailman/listinfo/openvas-discuss
Re: [Openvas-discuss] AMD64 issues with configure script
On Wednesday 26 March 2008 01:15:13 Tim Brown wrote: On Tuesday 25 March 2008 21:30:36 Vazquez, Ed wrote: Any hope of resolution? Always ;) Can you possibly do a similar dump of your build process for Nessus 2.2.11? Note that the check performed by configure isn't actually defined by us, but is rather a result of the particular macro we use in configure.in and the transform applied by autoconf to build configure. It might well be that if the configure for nessus 2.2.11 was generated with a different autoconf version that the checks performed are not quite the same. A copy of configure and config.log for your Nessus build would therefore be very useful. Cheers, Tim Found the reason - http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=242462 Working on a patch now. Tim -- Tim Brown mailto:[EMAIL PROTECTED] http://www.nth-dimension.org.uk/ ___ Openvas-discuss mailing list Openvas-discuss@wald.intevation.org http://lists.wald.intevation.org/mailman/listinfo/openvas-discuss
Re: [Openvas-discuss] [Openvas-devel] Voting on Change Requests #1 - #4
On Wednesday 20 February 2008 00:08:24 Jan-Oliver Wagner wrote: Hi, I'd like to call for voting on the change requests #1 - #4, listed here: http://www.openvas.org/openvas-crs.html Naturally, I am in favour of all 4 of them :-) However, please read and judge whether it is a good or bad idea or wether it needs further refinement. I am not totally sure about the proper voting scheme. Tim, Robert: Does SPI require something special or do we just decide upon a simple voting? The full details as we expressed them in the constitution can be found at http://seedsforchange.org.uk/free/consens, but it essentially comes down to a show of negative hands. If noone raises strong objections against an idea then we can proceed. One thing that isn't defined is the period in which people need to respond in order for an objection to be considered. In the past I've seen people work on the 24 hour rule, but since we're spread across multiple continents and time zones, I'd propose a longer period. OTOH we can't have an indefinite period of time. How about 48 hours with an gentlemens agreement not to start a call for voting over weekends. Tim -- Tim Brown mailto:[EMAIL PROTECTED] http://www.nth-dimension.org.uk/ ___ Openvas-devel mailing list [EMAIL PROTECTED] http://lists.wald.intevation.org/mailman/listinfo/openvas-devel ___ Openvas-discuss mailing list Openvas-discuss@wald.intevation.org http://lists.wald.intevation.org/mailman/listinfo/openvas-discuss
[Openvas-discuss] Fwd: openvas-client 1.0.2-1 MIGRATED to testing
All, OpenVAS-Client has been migrated to Debian testing. Tim -- Forwarded Message -- Subject: openvas-client 1.0.2-1 MIGRATED to testing Date: Wednesday 16 January 2008 From: Debian testing watch [EMAIL PROTECTED] To: [EMAIL PROTECTED] FYI: The status of the openvas-client source package in Debian's testing distribution has changed. Previous version: (not in testing) Current version: 1.0.2-1 -- This email is automatically generated; [EMAIL PROTECTED] is responsible. See http://people.debian.org/~henning/trille/ for more information. --- -- Tim Brown mailto:[EMAIL PROTECTED] http://www.nth-dimension.org.uk/ FYI: The status of the openvas-client source package in Debian's testing distribution has changed. Previous version: (not in testing) Current version: 1.0.2-1 -- This email is automatically generated; [EMAIL PROTECTED] is responsible. See http://people.debian.org/~henning/trille/ for more information. ___ Openvas-discuss mailing list Openvas-discuss@wald.intevation.org http://lists.wald.intevation.org/mailman/listinfo/openvas-discuss
Re: [Openvas-discuss] Debian openvas-client package
On Saturday 29 December 2007 22:49:09 Javier Fernández-Sanguino Peña wrote: And I have just uploaded to Debian's queue. Good stuff, I assume my choice of dpatch for the ongoing patching for gdchart was okay? Now we need to get cracking on the other stuff. Happy new year! You too sir - and that goes for the rest of the folk working on OpenVAS ;) Tim -- Tim Brown mailto:[EMAIL PROTECTED] http://www.nth-dimension.org.uk/ ___ Openvas-discuss mailing list Openvas-discuss@wald.intevation.org http://lists.wald.intevation.org/mailman/listinfo/openvas-discuss
[Openvas-discuss] Debian openvas-client package
All, I have updated the packaging/debian directory of openvas-client to make OpenVAS client build in compliance with Debian policy and to (hopefully) ensure that when JFS and I submit the new package to Debian that it is accepted. Changed made include: packaging/debian/openvas-client.menu: Updated in line with Debian Menu sub-policy packaging/debian: Incorporates the fixes to use libgdchart-gd2-noxpm-dev Makefile: Removed man8 from make install packaging/debian/control: Depends on dpatch I made these changes in TRUNK and then overlayed them on the existing 1.0.2 release which I have submitted to mentors.debian.net for JFS. All further builds of this package should be trivial (fingers crossed). Tim -- Tim Brown mailto:[EMAIL PROTECTED] http://www.nth-dimension.org.uk/ ___ Openvas-discuss mailing list Openvas-discuss@wald.intevation.org http://lists.wald.intevation.org/mailman/listinfo/openvas-discuss
Re: [Openvas-discuss] Progress on Debian uptake of OpenVAS?
On Friday 23 November 2007 22:23:01 Jan-Oliver Wagner wrote: Javier, Tim, any news about the progress of the Debian uptake of OpenVAS client and server packages? Anything I can do? IMO we have resolved the copyright issues with the client package. We do however need to resolve the issue with including our own gdchart. I'm more than happy to take a look at it, but I wondered what the collective wisdom was on this task. Can I simply remove the existing gdchart directory from subversion and then patch the build process to use the system installed equivalent. This strikes me as the cleanest approach but might also lead to temporary breakage of the version in SVN for other distros. Any thoughts? As for the server, I've just been building a new VM in which I can work on OpenVAS developments, so I'll hopefully start packaging the server components this week. Tim -- Tim Brown mailto:[EMAIL PROTECTED] http://www.nth-dimension.org.uk/ ___ Openvas-discuss mailing list Openvas-discuss@wald.intevation.org http://lists.wald.intevation.org/mailman/listinfo/openvas-discuss
Re: [Openvas-discuss] OpenVAS-is-alive PR?
On Tuesday 13 November 2007 22:43:14 Jan-Oliver Wagner wrote: Hello, with the latest releases OpenVAS IMHO entered beta phase towards the first stable release. I think it is time to give a sign that OpenVAS is alive to some people. Probably it is best to keep the ball low (direct translation of the german phrase :-) and so I thought that putting a small german PR into the german Pro-Linux (http://www.pro-linux.de/) could be a good start to see what happens. Below is a proposal for the text in german and english (not a 1:1 translation though). Let me know what you think. Especially Tim and Robert, of course. Hi Jan, Apologies for not getting back to you sooner, I'm actually on holiday ATM and not getting my mail in a regular fashion. The wording you have used looks good. Incidentally, I've been pimping up OpenVAS's continued existence here in the UK so far by talking to colleagues at other security firms and there still seems to be interest in the project :). As a final point, I am aware that we need to get Freshmeat up to date with where we are, it's only my list of things to do, rest assured. Tim -- Tim Brown mailto:[EMAIL PROTECTED] http://www.nth-dimension.org.uk/ ___ Openvas-discuss mailing list Openvas-discuss@wald.intevation.org http://lists.wald.intevation.org/mailman/listinfo/openvas-discuss
Re: [Openvas-discuss] question on testing current OpenVAS
On Friday 27 July 2007 15:34:31 Rodney Thayer wrote: Hi there, I've been following along because I'd like to transition my training work (at Black Hat and elsewhere) to using OpenVAS when possible. Is this stuff ready to test in a friendly lab environment yet? Including the client? I get the impression that all your good work has it on the verge of being all together and at some appropriate moment I want to start testing so as to offer feedback. I can't speak for others, but I've used OpenVAS both client and server for real world penetration tests and had it work. A lab is definately a place to run it, since if you control the conditions it runs under, you can provide accurate feedback as to where it sucks. Tim -- Tim Brown mailto:[EMAIL PROTECTED] http://www.nth-dimension.org.uk/ ___ Openvas-discuss mailing list Openvas-discuss@wald.intevation.org http://lists.wald.intevation.org/mailman/listinfo/openvas-discuss
Re: [Openvas-discuss] nessusclient_1.0.2-1_i386.changes ACCEPTED
On Tuesday 24 July 2007 15:11:29 Javier Fernández-Sanguino Peña wrote: Well, I upload this one before Openvas-client exist. Now we can introduce OpenVAS-client and make it Replace: nessusclient. Javier, Have you looked at the openvasl-client package I produced? Packaging files are under http://www.nth-dimension.org.uk/cgi-bin/cvsweb/debian-sec/openvas-client/ or I can grant CVS access. They're lintian clean AFAIK,but I haven't submitted. them to Debian because a) my mentor is overloaded with my security packages and b) I didn't want to step on your toes. Give me a shout if you want to discuss this further. Tim -- Tim Brown mailto:[EMAIL PROTECTED] http://www.nth-dimension.org.uk/ ___ Openvas-discuss mailing list Openvas-discuss@wald.intevation.org http://lists.wald.intevation.org/mailman/listinfo/openvas-discuss
Re: [Openvas-discuss] Roadmap for OpenVAS-Client
On Thursday 05 July 2007 21:59:52 Jan-Oliver Wagner wrote: Hello Javier, On Thursday 05 July 2007 19:23, Javier Fernández-Sanguino Peña wrote: On Thu, Jul 05, 2007 at 05:02:05PM +0200, Jan-Oliver Wagner wrote: Any other consideration for a initial 0.9.0 release? Have a OpenVas-client Debian package available? Note that I sent a while back Debian packages for nessusclient (see http://ftp-master.debian.org/new.html) so it might be trivial to adapt the 'debian' directory to make packages for OpenVAS-client and have them in Debian at the same time as the 0.9.0 release. yes, that is a good point. NessusClient can be dropped anyway now since there is only proprietory versions left. OpenVAS-Client ist the way to go. I will try my very best to support the Debian package, but I'd appreciate any help as well! Best Jan Javier/Jan, I'm more than happy to work on packing the client for Debian. I already package arp-scan and sucrack for Debian. Tim -- Tim Brown mailto:[EMAIL PROTECTED] http://www.nth-dimension.org.uk/ ___ Openvas-discuss mailing list Openvas-discuss@wald.intevation.org http://lists.wald.intevation.org/mailman/listinfo/openvas-discuss
[Openvas-discuss] planet.openvas.*
All, I am pleased to announce that http://planet.openvas.[org|com|net] is now back online. Tim -- Tim Brown mailto:[EMAIL PROTECTED] http://www.nth-dimension.org.uk/ ___ Openvas-discuss mailing list Openvas-discuss@wald.intevation.org http://lists.wald.intevation.org/mailman/listinfo/openvas-discuss
[Openvas-discuss] SPI associate project status [was Re: OpenVAS constitution]
On 6/16/07, Tim Brown [EMAIL PROTECTED] wrote: All, I have relocated the original constitution as was accepted by SPI at http://www.openvas.org/constitution.html. This should be seen as a talking point as I am unaware of whether bother William and Robert wish to continue with the project. I imagine Robert does since he has signed up on wald, but I'm not sure about William. Anyway, discuss... All, Essentially the outcome of the SPI board meeting was they agreed in principle to approve us, but that this would formally occur at the next meeting allowing time for the correct motion to be circulated (various SPI board members were actually actively writing a resolution as the meeting progressed in an effort to get it accepted immediately but we ran out of time). For our part we need to provide SPI with a list of people who they can contact regarding the project. So far, there is myself and Robert, and maybe William(?), but even once those 3 names are agreed upon to sign off key decisions, I would suggest we provide some additional names to avoid failures such as those previously experienced. Jan, I would imagine that one of your guys would be another name to add to that list, who would you suggest? Yourself or another? Anyway, raise your hand if you want to help out. To be clear: Robert, myself and William will remain official points of contact until such time as it can be confirmed whether William is active within the project (if not we will open a new thread to find an active development contact). This is a request for additional active contributors who are happy to act as a point of contact to step forwards. These names will be part of the motion at the next SPI board meeting. Tim -- Tim Brown mailto:[EMAIL PROTECTED] http://www.nth-dimension.org.uk/ ___ Openvas-discuss mailing list Openvas-discuss@wald.intevation.org http://lists.wald.intevation.org/mailman/listinfo/openvas-discuss