Re: [Openvas-discuss] Vulnerabilities OpenVAS

2015-10-20 Thread Diego Gomes
Thanks Chris, So, I need to: vi /usr/lib/systemd/system/openvas-scanner.service insert "--gnutls-priorities="SECURE128:-AES-128-CBC:-CAMELLIA-128-CBC:-VERS-SSL3.0:-VERS-TLS1.0"" this line at the end of the file? The same for /usr/lib/systemd/system/openvas-manager.service ? Diego > From:

Re: [Openvas-discuss] Vulnerabilities OpenVAS

2015-10-20 Thread Eero Volotinen
You need to configure gnutls-priority string for each daemon, now you just configured it for gsad (greenbone security assistant) -- Eero 2015-10-20 15:07 GMT+03:00 Diego Gomes : > Hello, > > I used this command: > > gsad >

Re: [Openvas-discuss] Vulnerabilities OpenVAS

2015-10-20 Thread Diego Gomes
Eero, did you already do it? Sorry but, do you mean that I need to run like this? openvasmd --gnutls-priorities="SECURE128:-AES-128-CBC:-CAMELLIA-128-CBC:-VERS-SSL3.0:-VERS-TLS1.0" openvassd --gnutls-priorities="SECURE128:-AES-128-CBC:-CAMELLIA-128-CBC:-VERS-SSL3.0:-VERS-TLS1.0" Thanks,

Re: [Openvas-discuss] Vulnerabilities OpenVAS

2015-10-20 Thread Reindl Harald
Am 20.10.2015 um 14:15 schrieb Eero Volotinen: You need to configure gnutls-priority string for each daemon, now you just configured it for gsad (greenbone security assistant) the main question remains why a vulnerability scanner complaining about other services not at least starts with

Re: [Openvas-discuss] Vulnerabilities OpenVAS

2015-10-20 Thread Diego Gomes
Right, why did not have a step by step to fix it? of course, everybody wants that no vulnerability in your scanner, right? and it is very confused to apply those fix Now, I am not sure if just running: gsad

Re: [Openvas-discuss] Vulnerabilities OpenVAS

2015-10-20 Thread Chris
Hi, > gsad > --gnutls-priorities="SECURE128:-AES-128-CBC:-CAMELLIA-128-CBC:-VERS-SSL3.0:-VERS-TLS1.0" > > restarted openvas-manager, openvas-scanner, gsad > > Started scan against localhost and the same results: you also need to add this gnutls-priorities to the openvas-manager (openvasmd)

Re: [Openvas-discuss] Vulnerabilities OpenVAS

2015-10-20 Thread Eero Volotinen
and also remember to issue daemon reload to systemd to get modified startup-script changes to effective. -- Eero 2015-10-20 15:13 GMT+03:00 Chris : > Hi, > > > gsad > --gnutls-priorities="SECURE128:-AES-128-CBC:-CAMELLIA-128-CBC:-VERS-SSL3.0:-VERS-TLS1.0" > > > > restarted

Re: [Openvas-discuss] Vulnerabilities OpenVAS

2015-10-20 Thread Eero Volotinen
Yes, It should enable only tlsv1.2 on default settings, if possible :) -- Eero 2015-10-20 15:29 GMT+03:00 Reindl Harald : > > Am 20.10.2015 um 14:15 schrieb Eero Volotinen: > >> You need to configure gnutls-priority string for each daemon, now you >> just configured it

Re: [Openvas-discuss] Vulnerabilities OpenVAS

2015-10-20 Thread Eero Volotinen
Something like that, but should enable only TLSv1.2 for best security. -- Eero 2015-10-20 15:30 GMT+03:00 Diego Gomes : > Thanks Chris, > > So, I need to: > > vi /usr/lib/systemd/system/openvas-scanner.service > > insert >

Re: [Openvas-discuss] Report

2015-10-20 Thread Diego Gomes
Thanks Matthew! Now I can see the Filter over there. So, Can I understand that now, the report attached and sent by email will be with that filter I created, right? And for example: Scan Management --> Reports --> Chose Report Change the Report to Summary and Download Almost in the end of the

Re: [Openvas-discuss] Installing OpenVAS 8 under OpenBSD 5.7/5.8

2015-10-20 Thread Vinicius Abrahao
Hi Carlos, did you already run with sucess the OpenVAS under FreeBSD? (under what version and architecture, if I may ask??) thanks in advance, Vinícius On Tue, Oct 20, 2015 at 11:24 AM, Carlos L. Martinez < carlopm...@protonmail.ch> wrote: > Hi all, > > Anyone had tried to install openvas 8

Re: [Openvas-discuss] Vulnerabilities OpenVAS

2015-10-20 Thread Reindl Harald
Am 20.10.2015 um 18:53 schrieb Diego Gomes: Yes, it seems.. Maybe because I am not so familiar with this method of systemd! I will try anyway, it is as simple as i explained just take a systemd-unit from /usr/lib/systemd/system and copy it to /ect/systemd/system - the reason why you

Re: [Openvas-discuss] Vulnerabilities OpenVAS

2015-10-20 Thread Diego Gomes
Thanks Reindl, It seems a little complicated, right? Does anyone applying it to secure the own OpenVAS? Diego To: openvas-discuss@wald.intevation.org From: h.rei...@thelounge.net Date: Tue, 20 Oct 2015 14:35:23 +0200 Subject: Re: [Openvas-discuss] Vulnerabilities OpenVAS Am 20.10.2015 um

Re: [Openvas-discuss] Nessus comparison

2015-10-20 Thread Brandon Perry
Reported vulnerability count is not a useful measurement for comparing two vulnerability scanners. One vulnerability scanner may report all missing patches, including ones that are superseded by others in the same report, while another does not. For instance, OpenVAS is far more useful to me

Re: [Openvas-discuss] Nessus comparison

2015-10-20 Thread Eero Volotinen
Well, I was using nessus professional (commercial edition) for many years, but about two years go I switched to OpenVAS. For our PCI DSS needs openvas is enought good and it's more flexible than Nessus. I think also that openvas lsc (local checks, patch check) support is better than in Nessus.