date:20151020

Re: [Openvas-discuss] Vulnerabilities OpenVAS

2015-10-20 Thread Diego Gomes

Thanks Chris,

So, I need to:

vi /usr/lib/systemd/system/openvas-scanner.service

insert 
"--gnutls-priorities="SECURE128:-AES-128-CBC:-CAMELLIA-128-CBC:-VERS-SSL3.0:-VERS-TLS1.0""
 this line at the end of the file?

The same for /usr/lib/systemd/system/openvas-manager.service

?
Diego

> From: fisch@gmx.de
> To: openvas-discuss@wald.intevation.org
> Date: Tue, 20 Oct 2015 14:13:38 +0200
> Subject: Re: [Openvas-discuss] Vulnerabilities OpenVAS
> 
> Hi,
> 
> > gsad 
> > --gnutls-priorities="SECURE128:-AES-128-CBC:-CAMELLIA-128-CBC:-VERS-SSL3.0:-VERS-TLS1.0"
> > 
> > restarted openvas-manager, openvas-scanner, gsad
> > 
> > Started scan against localhost and the same results:
> 
> you also need to add this gnutls-priorities to the openvas-manager 
> (openvasmd) and openvas-scanner (openvassd) startup.
> ___
> Openvas-discuss mailing list
> Openvas-discuss@wald.intevation.org
> https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss
  ___
Openvas-discuss mailing list
Openvas-discuss@wald.intevation.org
https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss

Re: [Openvas-discuss] Vulnerabilities OpenVAS

2015-10-20 Thread Eero Volotinen

You need to configure gnutls-priority string for each daemon, now you just
configured it for gsad (greenbone security assistant)

--
Eero

2015-10-20 15:07 GMT+03:00 Diego Gomes :

> Hello,
>
> I used this command:
>
> gsad
> --gnutls-priorities="SECURE128:-AES-128-CBC:-CAMELLIA-128-CBC:-VERS-SSL3.0:-VERS-TLS1.0"
>
> restarted openvas-manager, openvas-scanner, gsad
>
> Started scan against localhost and the same results:
> Check for SSL Weak Ciphers
> 
> - tcp/9390 (6017/openvasmd)
> Deprecated SSLv2 and SSLv3 Protocol Detection - tcp/9390 (6017/openvasmd)
> 
> POODLE SSLv3 Protocol CBC ciphers Information Disclosure Vulnerability
> 
> - - tcp/9390 (6017/openvasmd)
>
> In the /var/log/openvas/gsad.log I see this message (not sure if is
> because of my changes above)
>
> gsad main:WARNING:2015-10-20 09h55.07 BRST:6029: MHD: Failed to receive
> data: The TLS connection was non-properly terminated.
> gsad main:WARNING:2015-10-20 09h55.07 BRST:6029: MHD: Failed to receive
> data: The TLS connection was non-properly terminated.
> gsad main:WARNING:2015-10-20 09h55.48 BRST:6029: MHD: Error: received
> handshake message out of context
>
>
> --
> Date: Mon, 19 Oct 2015 01:39:10 +0300
>
> Subject: Re: [Openvas-discuss] Vulnerabilities OpenVAS
> From: eero.voloti...@iki.fi
> To: diego_...@hotmail.com
> CC: openvas-discuss@wald.intevation.org
>
> You need to install centos 7 to get openvas 8. Centos 6 is not supported
> due too old library version(s).
>
> I think openvas  7 also supports gnu priority strings, but it is always
> wise to update to lastest version.
>
> --
> Eero
>
> 2015-10-19 1:36 GMT+03:00 Diego Gomes :
>
> Thanks Eero,
>
> So, Can I understand that I am running openvas 7?
>
> And I understand that atomic team did not release openvas 8, because I did
> not find any update yet.
>
> So, I need to wait for version 8 from atomic corp and use gnutls? I will
> need to study how to do it.
>
> Thanks,
>
> Diego
>
> --
> Date: Mon, 19 Oct 2015 01:32:48 +0300
> Subject: Re: [Openvas-discuss] Vulnerabilities OpenVAS
> From: eero.voloti...@iki.fi
> To: diego_...@hotmail.com
> CC: openvas-discuss@wald.intevation.org
>
>
> well. update to openvas 8 and then use gnutls priority strings to change
> ssl cipher settings..
>
> Eero
>
> 2015-10-19 1:28 GMT+03:00 Diego Gomes :
>
> Hello,
>
> I ran against localhost and I found those Vulnerabilities for tcp/9390
> (openvasmd)
>
>  - POODLE SSLv3 Protocol CBC ciphers Information Disclosure Vulnerability
>  - Deprecated SSLv2 and SSLv3 Protocol Detection
>  - Check for SSL Weak Ciphers
>
> My version is:
> rpm -qa |grep -i openvas
> openvas-manager-5.0.9-28.el6.art.x86_64
> openvas-scanner-4.0.6-19.el6.art.x86_64
> openvas-libraries-7.0.9-18.el6.art.x86_64
> openvas-1.0-17.el6.art.noarch
> openvas-cli-1.3.1-6.el6.art.x86_64
>
> How should we fix those 3 vulnerabilities?
>
> Thanks,
>
> Diego
>
>
>
> ___
> Openvas-discuss mailing list
> Openvas-discuss@wald.intevation.org
> https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss
>
>
>
>
___
Openvas-discuss mailing list
Openvas-discuss@wald.intevation.org
https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss

Re: [Openvas-discuss] Vulnerabilities OpenVAS

2015-10-20 Thread Diego Gomes

Eero, did you already do it?

Sorry but, do you mean that I need to run like this?

openvasmd 
--gnutls-priorities="SECURE128:-AES-128-CBC:-CAMELLIA-128-CBC:-VERS-SSL3.0:-VERS-TLS1.0"
openvassd 
--gnutls-priorities="SECURE128:-AES-128-CBC:-CAMELLIA-128-CBC:-VERS-SSL3.0:-VERS-TLS1.0"

Thanks,

Diego

Date: Tue, 20 Oct 2015 15:15:14 +0300
Subject: Re: [Openvas-discuss] Vulnerabilities OpenVAS
From: eero.voloti...@iki.fi
To: diego_...@hotmail.com
CC: openvas-discuss@wald.intevation.org

You need to configure gnutls-priority string for each daemon, now you just 
configured it for gsad (greenbone security assistant)
--Eero
2015-10-20 15:07 GMT+03:00 Diego Gomes :



Hello,

I used this command:

gsad 
--gnutls-priorities="SECURE128:-AES-128-CBC:-CAMELLIA-128-CBC:-VERS-SSL3.0:-VERS-TLS1.0"

restarted openvas-manager, openvas-scanner, gsad

Started scan against localhost and the same results:
Check for SSL Weak Ciphers - tcp/9390 (6017/openvasmd)
Deprecated SSLv2 and SSLv3 Protocol Detection - tcp/9390 (6017/openvasmd)
POODLE SSLv3 Protocol CBC ciphers Information Disclosure Vulnerability - - 
tcp/9390 (6017/openvasmd)

In the /var/log/openvas/gsad.log I see this message (not sure if is because of 
my changes above)

gsad main:WARNING:2015-10-20 09h55.07 BRST:6029: MHD: Failed to receive data: 
The TLS connection was non-properly terminated.
gsad main:WARNING:2015-10-20 09h55.07 BRST:6029: MHD: Failed to receive data: 
The TLS connection was non-properly terminated.
gsad main:WARNING:2015-10-20 09h55.48 BRST:6029: MHD: Error: received handshake 
message out of context


Date: Mon, 19 Oct 2015 01:39:10 +0300
Subject: Re: [Openvas-discuss] Vulnerabilities OpenVAS
From: eero.voloti...@iki.fi
To: diego_...@hotmail.com
CC: openvas-discuss@wald.intevation.org

You need to install centos 7 to get openvas 8. Centos 6 is not supported due 
too old library version(s).
I think openvas  7 also supports gnu priority strings, but it is always wise to 
update to lastest version.
--Eero
2015-10-19 1:36 GMT+03:00 Diego Gomes :



Thanks Eero,

So, Can I understand that I am running openvas 7?

And I understand that atomic team did not release openvas 8, because I did not 
find any update yet.

So, I need to wait for version 8 from atomic corp and use gnutls? I will need 
to study how to do it.

Thanks,

Diego

Date: Mon, 19 Oct 2015 01:32:48 +0300
Subject: Re: [Openvas-discuss] Vulnerabilities OpenVAS
From: eero.voloti...@iki.fi
To: diego_...@hotmail.com
CC: openvas-discuss@wald.intevation.org

well. update to openvas 8 and then use gnutls priority strings to change ssl 
cipher settings..
Eero
2015-10-19 1:28 GMT+03:00 Diego Gomes :



Hello,

I ran against localhost and I found those Vulnerabilities for tcp/9390 
(openvasmd)

 - POODLE SSLv3 Protocol CBC ciphers Information Disclosure Vulnerability
 - Deprecated SSLv2 and SSLv3 Protocol Detection
 - Check for SSL Weak Ciphers

 My version is:
rpm -qa |grep -i 
openvasopenvas-manager-5.0.9-28.el6.art.x86_64openvas-scanner-4.0.6-19.el6.art.x86_64openvas-libraries-7.0.9-18.el6.art.x86_64openvas-1.0-17.el6.art.noarchopenvas-cli-1.3.1-6.el6.art.x86_64

How should we fix those 3 vulnerabilities?

Thanks,

Diego


  

___

Openvas-discuss mailing list

Openvas-discuss@wald.intevation.org

https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss

  

  

  ___
Openvas-discuss mailing list
Openvas-discuss@wald.intevation.org
https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss

Re: [Openvas-discuss] Vulnerabilities OpenVAS

2015-10-20 Thread Reindl Harald



Am 20.10.2015 um 14:15 schrieb Eero Volotinen:

You need to configure gnutls-priority string for each daemon, now you
just configured it for gsad (greenbone security assistant)


the main question remains why a vulnerability scanner complaining about 
other services not at least starts with secure defaults itself without 
user intervention




signature.asc
Description: OpenPGP digital signature
___
Openvas-discuss mailing list
Openvas-discuss@wald.intevation.org
https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss

Re: [Openvas-discuss] Vulnerabilities OpenVAS

2015-10-20 Thread Diego Gomes

Right, why did not have a step by step to fix it?

of course, everybody wants that no vulnerability in your scanner, right?

and it is very confused to apply those fix

Now, I am not sure if just running:

gsad 
--gnutls-priorities="SECURE128:-AES-128-CBC:-CAMELLIA-128-CBC:-VERS-SSL3.0:-VERS-TLS1.0"

is enought for gsad. Should I insert it in the systemd as well?

Diego

Date: Tue, 20 Oct 2015 15:31:38 +0300
From: eero.voloti...@iki.fi
To: h.rei...@thelounge.net
CC: openvas-discuss@wald.intevation.org
Subject: Re: [Openvas-discuss] Vulnerabilities OpenVAS

Yes, It should enable only tlsv1.2 on default settings, if possible :)
--Eero
2015-10-20 15:29 GMT+03:00 Reindl Harald :


Am 20.10.2015 um 14:15 schrieb Eero Volotinen:


You need to configure gnutls-priority string for each daemon, now you

just configured it for gsad (greenbone security assistant)




the main question remains why a vulnerability scanner complaining about other 
services not at least starts with secure defaults itself without user 
intervention




___

Openvas-discuss mailing list

Openvas-discuss@wald.intevation.org

https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss



___
Openvas-discuss mailing list
Openvas-discuss@wald.intevation.org
https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss  
  ___
Openvas-discuss mailing list
Openvas-discuss@wald.intevation.org
https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss

Re: [Openvas-discuss] Vulnerabilities OpenVAS

2015-10-20 Thread Chris

Hi,

> gsad 
> --gnutls-priorities="SECURE128:-AES-128-CBC:-CAMELLIA-128-CBC:-VERS-SSL3.0:-VERS-TLS1.0"
> 
> restarted openvas-manager, openvas-scanner, gsad
> 
> Started scan against localhost and the same results:

you also need to add this gnutls-priorities to the openvas-manager (openvasmd) 
and openvas-scanner (openvassd) startup.
___
Openvas-discuss mailing list
Openvas-discuss@wald.intevation.org
https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss

Re: [Openvas-discuss] Vulnerabilities OpenVAS

2015-10-20 Thread Eero Volotinen

and also remember to issue daemon reload to systemd to get modified
startup-script changes to effective.


--
Eero


2015-10-20 15:13 GMT+03:00 Chris :

> Hi,
>
> > gsad
> --gnutls-priorities="SECURE128:-AES-128-CBC:-CAMELLIA-128-CBC:-VERS-SSL3.0:-VERS-TLS1.0"
> >
> > restarted openvas-manager, openvas-scanner, gsad
> >
> > Started scan against localhost and the same results:
>
> you also need to add this gnutls-priorities to the openvas-manager
> (openvasmd) and openvas-scanner (openvassd) startup.
> ___
> Openvas-discuss mailing list
> Openvas-discuss@wald.intevation.org
> https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss
>
___
Openvas-discuss mailing list
Openvas-discuss@wald.intevation.org
https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss

Re: [Openvas-discuss] Vulnerabilities OpenVAS

2015-10-20 Thread Eero Volotinen

Yes, It should enable only tlsv1.2 on default settings, if possible :)

--
Eero

2015-10-20 15:29 GMT+03:00 Reindl Harald :

>
> Am 20.10.2015 um 14:15 schrieb Eero Volotinen:
>
>> You need to configure gnutls-priority string for each daemon, now you
>> just configured it for gsad (greenbone security assistant)
>>
>
> the main question remains why a vulnerability scanner complaining about
> other services not at least starts with secure defaults itself without user
> intervention
>
>
> ___
> Openvas-discuss mailing list
> Openvas-discuss@wald.intevation.org
> https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss
>
___
Openvas-discuss mailing list
Openvas-discuss@wald.intevation.org
https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss

Re: [Openvas-discuss] Vulnerabilities OpenVAS

2015-10-20 Thread Eero Volotinen

Something like that, but should enable only TLSv1.2 for best security.

--
Eero

2015-10-20 15:30 GMT+03:00 Diego Gomes :

> Thanks Chris,
>
> So, I need to:
>
> vi /usr/lib/systemd/system/openvas-scanner.service
>
> insert
> "--gnutls-priorities="SECURE128:-AES-128-CBC:-CAMELLIA-128-CBC:-VERS-SSL3.0:-VERS-TLS1.0""
> this line at the end of the file?
>
> The same for /usr/lib/systemd/system/openvas-manager.service
>
> ?
> Diego
>
> > From: fisch@gmx.de
> > To: openvas-discuss@wald.intevation.org
> > Date: Tue, 20 Oct 2015 14:13:38 +0200
> > Subject: Re: [Openvas-discuss] Vulnerabilities OpenVAS
> >
> > Hi,
> >
> > > gsad
> --gnutls-priorities="SECURE128:-AES-128-CBC:-CAMELLIA-128-CBC:-VERS-SSL3.0:-VERS-TLS1.0"
> > >
> > > restarted openvas-manager, openvas-scanner, gsad
> > >
> > > Started scan against localhost and the same results:
> >
> > you also need to add this gnutls-priorities to the openvas-manager
> (openvasmd) and openvas-scanner (openvassd) startup.
> > ___
> > Openvas-discuss mailing list
> > Openvas-discuss@wald.intevation.org
> >
> https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss
>
> ___
> Openvas-discuss mailing list
> Openvas-discuss@wald.intevation.org
> https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss
>
___
Openvas-discuss mailing list
Openvas-discuss@wald.intevation.org
https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss

Re: [Openvas-discuss] Report

2015-10-20 Thread Diego Gomes

Thanks Matthew! Now I can see the Filter over there.

So, Can I understand that now, the report attached and sent by email will be 
with that filter I created, right?

And for example:

Scan Management --> Reports --> Chose Report

Change the Report to Summary and Download
Almost in the end of the page, I can see Full Report and Filtered Report.

How should be the configuration to have a Filter applied in this page too?
Thanks,

Diego

---

> To: diego_...@hotmail.com
> CC: openvas-discuss@wald.intevation.org; eero.voloti...@iki.fi
> Subject: Re: [Openvas-discuss] Report
> From: matthew.mund...@greenbone.net
> Date: Tue, 20 Oct 2015 16:43:41 +0200
> 
> > I created a Filter with this term:
> > sort-reverse=threat result_hosts_only=1 notes=1 overrides=1 levels=hm 
> > first=1 rows=1000
> >
> > And Type: Report
> 
> The type should be Result.  Report is for filtering reports.
> 
> --
> Greenbone Networks GmbH
> Neuer Graben 17, 49074 Osnabrueck, Germany | AG Osnabrueck, HR B 202460
> Executive Directors: Lukas Grunwald, Dr. Jan-Oliver Wagner

  ___
Openvas-discuss mailing list
Openvas-discuss@wald.intevation.org
https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss

Re: [Openvas-discuss] Installing OpenVAS 8 under OpenBSD 5.7/5.8

2015-10-20 Thread Vinicius Abrahao

Hi Carlos, did you already run with sucess the OpenVAS under FreeBSD?
(under what version and architecture,
if I may ask??)

thanks in advance,
Vinícius

On Tue, Oct 20, 2015 at 11:24 AM, Carlos L. Martinez <
carlopm...@protonmail.ch> wrote:

> Hi all,
>
>  Anyone had tried to install openvas 8 under OpenBSD 5.7/5.8?? I am
> testing OpenVAS performance under FreeBSD and CentOS and I would like to
> test it under OpenBSD also.
>
>  Tips? Any problem to compile OpenVAS from source code under OpenBSD?
>
> Thanks.
>
> ___
> Openvas-discuss mailing list
> Openvas-discuss@wald.intevation.org
> https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss
>



-- 

Vinícius Abrahão Bazana Schmidt
Desenvolvimento & Consultoria
Dextra Sistemas
www.dextra.com.br
+55 19 3256-6722 Ramal 246

Este email é confidencial.
This message is confidential.

--
vi[nnix]™
aka: Vinícius Abrahão Bazana Schmidt
vischmidt.wordpress.com
twitter.com/vischmidt
___
Openvas-discuss mailing list
Openvas-discuss@wald.intevation.org
https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss

Re: [Openvas-discuss] Vulnerabilities OpenVAS

2015-10-20 Thread Reindl Harald




Am 20.10.2015 um 18:53 schrieb Diego Gomes:

Yes, it seems..

Maybe because I am not so familiar with this method of systemd!

I will try anyway,


it is as simple as i explained

just take a systemd-unit from /usr/lib/systemd/system and copy it to 
/ect/systemd/system - the reason why you first disable it is that enable 
a service is nothing else than a symlink which is still there and links 
to /usr/lib/systemd/system


from the moment on a unit in /etc/systemd/system with the same name 
exists "systemctl enable service" will prefer that instead the one from 
the package


that's really as simple as something can be - try the same with sysvinit 
to prevent your changes overwritten by random updates and you will end 
with think about a different name for the service with all the bad 
impact changed start ordering


having a systemd-unit in /etc/systemd/system called "httpd.service" will 
be handeled exactly like the one shipped with the distribution and so 
any "After=httpd.service" or "Before=httpd-service" will work as before


the only shame is that OpenVAS needs to be secured by the user while it 
is used to find unsecure settings in any other software - i would call 
that situation pervert but that don't change the fact override a 
systemd-unit is as easy as something can be




To: openvas-discuss@wald.intevation.org
From: h.rei...@thelounge.net
Date: Tue, 20 Oct 2015 18:51:19 +0200
Subject: Re: [Openvas-discuss] Vulnerabilities OpenVAS



Am 20.10.2015 um 18:45 schrieb Diego Gomes:

Thanks Reindl,

It seems a little complicated, right? Does anyone applying it to secure
the own OpenVAS?


there is nothing complicated in clone and edit a systemd-unit and it
should be a regular and well known task for anybody maintaining a server


To: openvas-discuss@wald.intevation.org
From: h.rei...@thelounge.net
Date: Tue, 20 Oct 2015 14:35:23 +0200
Subject: Re: [Openvas-discuss] Vulnerabilities OpenVAS

Am 20.10.2015 um 14:30 schrieb Diego Gomes:

Thanks Chris,

So, I need to:

vi /usr/lib/systemd/system/openvas-scanner.service


never ever touch /usr/lib/systemd/system/

whatever you touch would be overwritten with the next update and so you
throw away one of the biggest improvements compard to sysvinit

* disable services you want to edit
* copy the systemd-unit to /etc/systemd/system/
* edit the copy there
* enable the service again
* systemctl daemon reload
* systemctl restart servicename


insert
"--gnutls-priorities="SECURE128:-AES-128-CBC:-CAMELLIA-128-CBC:-VERS-SSL3.0:-VERS-TLS1.0""
this line at the end of the file?


for sure not at the end of the systemd-unit
what should systemd do with that line?

it's a param for the ExecStart process if there is not a config file


The same for /usr/lib/systemd/system/openvas-manager.service


same as above - don't touch /usr/lib/systemd




signature.asc
Description: OpenPGP digital signature
___
Openvas-discuss mailing list
Openvas-discuss@wald.intevation.org
https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss

Re: [Openvas-discuss] Vulnerabilities OpenVAS

2015-10-20 Thread Diego Gomes

Thanks Reindl,

It seems a little complicated, right? Does anyone applying it to secure the own 
OpenVAS?

Diego

To: openvas-discuss@wald.intevation.org
From: h.rei...@thelounge.net
Date: Tue, 20 Oct 2015 14:35:23 +0200
Subject: Re: [Openvas-discuss] Vulnerabilities OpenVAS

 
Am 20.10.2015 um 14:30 schrieb Diego Gomes:
> Thanks Chris,
>
> So, I need to:
>
> vi /usr/lib/systemd/system/openvas-scanner.service
 
never ever touch /usr/lib/systemd/system/
 
whatever you touch would be overwritten with the next update and so you 
throw away one of the biggest improvements compard to sysvinit
 
* disable services you want to edit
* copy the systemd-unit to /etc/systemd/system/
* edit the copy there
* enable the service again
* systemctl daemon reload
* systemctl restart servicename
 
> insert
> "--gnutls-priorities="SECURE128:-AES-128-CBC:-CAMELLIA-128-CBC:-VERS-SSL3.0:-VERS-TLS1.0""
> this line at the end of the file?
 
for sure not at the end of the systemd-unit
what should systemd do with that line?
 
it's a param for the ExecStart process if there is not a config file
 
> The same for /usr/lib/systemd/system/openvas-manager.service
 
same as above - don't touch /usr/lib/systemd
 
>  > From: fisch@gmx.de
>  > To: openvas-discuss@wald.intevation.org
>  > Date: Tue, 20 Oct 2015 14:13:38 +0200
>  > Subject: Re: [Openvas-discuss] Vulnerabilities OpenVAS
>  >
>  > Hi,
>  >
>  > > gsad
> --gnutls-priorities="SECURE128:-AES-128-CBC:-CAMELLIA-128-CBC:-VERS-SSL3.0:-VERS-TLS1.0"
>  > >
>  > > restarted openvas-manager, openvas-scanner, gsad
>  > >
>  > > Started scan against localhost and the same results:
>  >
>  > you also need to add this gnutls-priorities to the openvas-manager
> (openvasmd) and openvas-scanner (openvassd) startup.
 

___
Openvas-discuss mailing list
Openvas-discuss@wald.intevation.org
https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss  
  ___
Openvas-discuss mailing list
Openvas-discuss@wald.intevation.org
https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss

Re: [Openvas-discuss] Nessus comparison

2015-10-20 Thread Brandon Perry

Reported vulnerability count is not a useful measurement for comparing two 
vulnerability scanners.

One vulnerability scanner may report all missing patches, including ones that 
are superseded by others in the same report, while another does not.

For instance, OpenVAS is far more useful to me than Nessus due to the 
architecture of the scanner, and of course being open source is great. All the 
patch scanners out there will help you begin regularly auditing and patching 
your networks.

> On Oct 20, 2015, at 8:51 PM, Diego Gomes  wrote:
> 
> Hi guys!
> 
> We have here Nessus Professional!
> 
> I identified some different results while comparing...
> 
> For example, I noticed that OpenVAS found more vuls than Nessus. (ok, not 
> sure if false-positive or mismatch plugin, configuration, etc...)
> 
> But, what I mean is
> 
> Should be OpenVAS more efficient than Nessus? Should I trust in one and not 
> in other?
> 
> Of course, we always need to use 2 different tools for analysis, but my 
> questions is very interesting and I would like to check your opinions about 
> it!
> 
> Thanks,
> 
> Diego
> ___
> Openvas-discuss mailing list
> Openvas-discuss@wald.intevation.org
> https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss

signature.asc
Description: Message signed with OpenPGP using GPGMail
___
Openvas-discuss mailing list
Openvas-discuss@wald.intevation.org
https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss

Re: [Openvas-discuss] Nessus comparison

2015-10-20 Thread Eero Volotinen

Well, I was using nessus professional (commercial edition) for many years,
but about two years go I switched to OpenVAS.

For our PCI DSS needs openvas is enought good and it's more flexible than
Nessus. I think also that openvas lsc (local checks, patch check) support
is better than in Nessus.

Of course any vunerability scanner results are not 100% reliable. You
always need manual testing to verify findings.

--
Eero

2015-10-21 4:51 GMT+03:00 Diego Gomes :

> Hi guys!
>
> We have here Nessus Professional!
>
> I identified some different results while comparing...
>
> For example, I noticed that OpenVAS found more vuls than Nessus. (ok, not
> sure if false-positive or mismatch plugin, configuration, etc...)
>
> But, what I mean is
>
> Should be OpenVAS more efficient than Nessus? Should I trust in one and
> not in other?
>
> Of course, we always need to use 2 different tools for analysis, but my
> questions is very interesting and I would like to check your opinions about
> it!
>
> Thanks,
>
> Diego
>
> ___
> Openvas-discuss mailing list
> Openvas-discuss@wald.intevation.org
> https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss
>
___
Openvas-discuss mailing list
Openvas-discuss@wald.intevation.org
https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss

Re: [Openvas-discuss] Vulnerabilities OpenVAS

Re: [Openvas-discuss] Vulnerabilities OpenVAS

Re: [Openvas-discuss] Vulnerabilities OpenVAS

Re: [Openvas-discuss] Vulnerabilities OpenVAS

Re: [Openvas-discuss] Vulnerabilities OpenVAS

Re: [Openvas-discuss] Vulnerabilities OpenVAS

Re: [Openvas-discuss] Vulnerabilities OpenVAS

Re: [Openvas-discuss] Vulnerabilities OpenVAS

Re: [Openvas-discuss] Vulnerabilities OpenVAS

Re: [Openvas-discuss] Report

Re: [Openvas-discuss] Installing OpenVAS 8 under OpenBSD 5.7/5.8

Re: [Openvas-discuss] Vulnerabilities OpenVAS

Re: [Openvas-discuss] Vulnerabilities OpenVAS

Re: [Openvas-discuss] Nessus comparison

Re: [Openvas-discuss] Nessus comparison

15 matches

Site Navigation

Mail list logo

Footer information