Re: [Openvas-discuss] Ideas and wishes for future improvements of OpenVAS
Hi All, I would love to replace the authentication front end. Personally, I feel like its a mess In my opinion, we should replace it with something similar to courier's Authdaemond. (We don't have to create a separate authentication daemon, Maybe a plugin architecture?) Courier is abstracted from the password storage backends (SQL,LDAP,PAM). This ranks high up there for me.. Maybe we can also allow authentication over ssh-agent Just my thoughts On 5/16/07, Jan-Oliver Wagner [EMAIL PROTECTED] wrote: Hello, despite the fact that OpenVAS 1.0 ist not out yet, I'd already now like to hear about ideas what features or other improvements would be most interesting for OpenVAS for the tima past 1.0. From the list of wishes and ideas I hope to derive a roadmap that makes OpenVAS a interesting security network scanner. Of course I am aware that providing a steam of new plugins is one of the key factors to make OpenVAS interesting ;-) Best Jan -- Dr. Jan-Oliver WagnerIntevation GmbH, Osnabrück Amtsgericht Osnabrück, HR B 18998 http://www.intevation.de/ Geschäftsführer: Frank Koormann, Bernhard Reiter, Dr. Jan-Oliver Wagner ___ Openvas-discuss mailing list Openvas-discuss@wald.intevation.org http://lists.wald.intevation.org/mailman/listinfo/openvas-discuss ___ Openvas-discuss mailing list Openvas-discuss@wald.intevation.org http://lists.wald.intevation.org/mailman/listinfo/openvas-discuss
Re: [Openvas-discuss] Ideas and wishes for future improvements of OpenVAS
- Plugin severity override: some places value some vulnerabilities more than others. For example: some places rank anonymous CIFS connections as vital to their business. Others say its a big risk. Having a front end to override the degree instead of patching the plugin would be nice. - An option to say: do not add new plugins to the .nessusrc file. Or maybe, add all new ones as no. Sometimes I want to run a given set of plugins periodically. I don't want all new ones to also get run. - Ability to do a diff between two scan results. - database option for the results. On 5/16/07, Jan-Oliver Wagner [EMAIL PROTECTED] wrote: Hello, despite the fact that OpenVAS 1.0 ist not out yet, I'd already now like to hear about ideas what features or other improvements would be most interesting for OpenVAS for the tima past 1.0. From the list of wishes and ideas I hope to derive a roadmap that makes OpenVAS a interesting security network scanner. Of course I am aware that providing a steam of new plugins is one of the key factors to make OpenVAS interesting ;-) Best Jan -- Dr. Jan-Oliver WagnerIntevation GmbH, Osnabrück Amtsgericht Osnabrück, HR B 18998 http://www.intevation.de/ Geschäftsführer: Frank Koormann, Bernhard Reiter, Dr. Jan-Oliver Wagner ___ Openvas-discuss mailing list Openvas-discuss@wald.intevation.org http://lists.wald.intevation.org/mailman/listinfo/openvas-discuss ___ Openvas-discuss mailing list Openvas-discuss@wald.intevation.org http://lists.wald.intevation.org/mailman/listinfo/openvas-discuss
Re: [Openvas-discuss] Ideas and wishes for future improvements of OpenVAS
On Wednesday 16 May 2007 21:00, Kenneth Ng wrote: - Plugin severity override: some places value some vulnerabilities more than others. For example: some places rank anonymous CIFS connections as vital to their business. Others say its a big risk. Having a front end to override the degree instead of patching the plugin would be nice. perhaps this is related to the false-positive marking discussion I remember to have read somewhere. Anyway, a good point. - An option to say: do not add new plugins to the .nessusrc file. Or maybe, add all new ones as no. Sometimes I want to run a given set of plugins periodically. I don't want all new ones to also get run. I remember to have read this wish before. Yes, I stumbled across this already myself. - Ability to do a diff between two scan results. A long-standing wish indeed. IMHO this should have high priority. It is a client-side feature though. So maybe to implement in NessusClient. - database option for the results. IIRC there even is/was a branch in Nessus CVS with this feature? Perhaps worth investigating this. Best Jan -- Dr. Jan-Oliver Wagner Intevation GmbH Amtsgericht Osnabrück, HR B 18998 http://www.intevation.de/ Geschäftsführer: Frank Koormann, Bernhard Reiter, Dr. Jan-Oliver Wagner ___ Openvas-discuss mailing list Openvas-discuss@wald.intevation.org http://lists.wald.intevation.org/mailman/listinfo/openvas-discuss
