Am 05.10.2011 18:32, schrieb Thomas Reinke:
So that's not a local security check. Local security checks are those
that are done by having had the ability to ssh directly into the box
in question, and grab the actual deployed RPMs/packages.
Are there false positives that are truly generated
Right now, local security checks (LSC) and the banner security checks
are independent of each other. The local security checks are accurate,
while the banner security checks suffer from fp hits on certain linux
distros due to how backports are done to older versions of software to
fix problems.
*** Thomas Reinke li...@securityspace.com wrote:
1) We disable the banner checks if a local security check was run.
2) Use a more granular approach - up report the version of
3) A even more granular approach of flagging that an LSC detecting
4) http://seclists.org/openvas/2010/q4/152
Micha
Am 06.10.2011 15:13, schrieb Michael Meyer:
*** Thomas Reinkeli...@securityspace.com wrote:
1) We disable the banner checks if a local security check was run.
2) Use a more granular approach - up report the version of
3) A even more granular approach of flagging that an LSC detecting
4)
*** Stefan Schwarz stefan.schw...@unibw.de wrote:
Am 06.10.2011 15:13, schrieb Michael Meyer:
*** Thomas Reinkeli...@securityspace.com wrote:
1) We disable the banner checks if a local security check was run.
2) Use a more granular approach - up report the version of
3) A even more
I was really disappointed to see that even local checks on RHEL family do
not remove false positives -- though requesting package patchlevel is trivial.
Is there any effort to fix that ongoing?
___
Openvas-discuss mailing list
Le 05/10/2011 15:23, ArkanoiD a écrit :
I was really disappointed to see that even local checks on RHEL family do
not remove false positives -- though requesting package patchlevel is trivial.
And not only on RHEL : Ubuntu, Debian, CentOS ... :/
Is there any effort to fix that ongoing?
Which tests are tripping false positives? The local security checks
should not be tripping false positives, certainly not those that are
based on direct examination of rpms, dpkgs, etc.
Thomas
ArkanoiD wrote:
I was really disappointed to see that even local checks on RHEL family do
not remove
PIRONNEAU thibaut.pironn...@clermont-universite.fr
Sender: openvas-discuss-boun...@wald.intevation.org
Date: Wed, 05 Oct 2011 15:27:44
To: openvas-discuss@wald.intevation.org
Subject: Re: [Openvas-discuss] false positives and version detection
Le 05/10/2011 15:23, ArkanoiD a écrit :
I was really
On Wednesday 05 October 2011 15:58:31 Thibaut PIRONNEAU wrote:
For example on an up to date CentOS 5.7, I have a lot of apache, php,
mysql alerts... But it's not a local scan. My scanner is on an other
machine, but in the same network.
an unauthenticated scan has always less information
So that's not a local security check. Local security checks are those
that are done by having had the ability to ssh directly into the box
in question, and grab the actual deployed RPMs/packages.
Are there false positives that are truly generated from local security
checks?
Thomas
Thibaut
11 matches
Mail list logo