[Openvas-commits] r1468 - trunk/openvas-compendium

Tue Sep 30 10:05:39 CEST 2008

Author: mwiegand
Date: 2008-09-30 10:05:38 +0200 (Tue, 30 Sep 2008)
New Revision: 1468

Modified:
   trunk/openvas-compendium/ChangeLog
   trunk/openvas-compendium/openvas-compendium.tex
Log:
* openvas-compendium.tex: Updated SLAD plugins section, made
installation instructions more generic, typo fixes.


Modified: trunk/openvas-compendium/ChangeLog
===================================================================

--- trunk/openvas-compendium/ChangeLog	2008-09-29 14:59:36 UTC (rev 1467)
+++ trunk/openvas-compendium/ChangeLog	2008-09-30 08:05:38 UTC (rev 1468)
@@ -1,5 +1,10 @@
-2008-09-26  Jan-Oliver Wagner <jan-oliver.wagner at intevation.de>
+2008-09-30  Michael Wiegand <michael.wiegand at intevation.de>
 
+	* openvas-compendium.tex: Updated SLAD plugins section, made
+	installation instructions more generic, typo fixes.
+
+2008-09-26  Michael Wiegand <michael.wiegand at intevation.de>
+
 	* openvas-compendium.tex: Updated sections regarding binary packages,
 	adapted section about SLAD plugins, other small fixes.
 

Modified: trunk/openvas-compendium/openvas-compendium.tex
===================================================================
--- trunk/openvas-compendium/openvas-compendium.tex	2008-09-29 14:59:36 UTC (rev 1467)
+++ trunk/openvas-compendium/openvas-compendium.tex	2008-09-30 08:05:38 UTC (rev 1468)
@@ -131,7 +131,7 @@
 You may find some sections not comprehensive enough and you
 may miss some topics entirely.
 
-Futher authors are welcome and if you identify important aspects
+Further authors are welcome and if you identify important aspects
 that need to be added here, please coordinate with the OpenVAS
 team if you plan to get an author for this compendium.
 It is important that you coordinate before starting to write
@@ -148,9 +148,9 @@
 \compendiumauthor{Michael Wiegand}
 
 OpenVAS stands for Open Vulnerability Assessment System and represents a comprehensive
-tool-chain for network security scanning including a graphical user front-end and incporating
-various third-party security applicaitons. The core
-is a server component with a set of Network Vulnerability Tests (NVTs) to detect
+tool-chain for network security scanning including a graphical user front-end
+and incorporating various third-party security applicaitons. The core is a
+server component with a set of Network Vulnerability Tests (NVTs) to detect
 security problems in remote systems and applications.
 
 The OpenVAS development team consists of various intersted
@@ -337,215 +337,52 @@
 \xname{installing-binary-packages-server}
 \section{Installing Binary Packages}
 
-Binary packages for the major linux distributions and some other platforms are
+Binary packages for the major Linux distributions and some other platforms are
 available for download from the OpenVAS website or from services provided by
 third parties.
 
-\xname{installing-debian-server}
-\subsection{Debian "Sid" (unstable) and "Lenny" (testing)}
+Please note that the amount of configuration that is done during installation
+depends on the distribution and the package maintainers. Refer to section
+\ref{sec:Configuring OpenVAS-Server} for the complete configuration
+instructions.
 
-OpenVAS server is currently being integrated into Debian. The following modules
-are already available for ``Sid'' and ``Lenny'':
-\begin{itemize}
- \item libopenvas1
- \item libopenvas1-dev
-\end{itemize}
+If there are no (or not all) OpenVAS modules packaged for the distribution of
+your choice, installation from source (see section
+\ref{sec:compiling-openvas-server-from-source}) is usually possible on most
+Unix-based platforms. You might also want to let the maintainers of this
+distribution know that you would like to see OpenVAS packaged for their
+distribution and that they can turn to the OpenVAS development team should they
+need more information.
 
-The following modules are only available for ``Lenny'':
-\begin{itemize}
- \item libopenvasnasl1
- \item libopenvasnasl1-dev
-\end{itemize}
+\xname{installing-debian-server}
+\subsection{Debian and Ubuntu}
 
- You can install these modules with the following commands: 
+OpenVAS-Server is currently being integrated into Debian and Ubuntu. This means
+that you can install OpenVAS-Server using the \verb|apt-get| mechanism.
 
-\begin{verbatim}
- # apt-get install libopenvas1
- # apt-get install libopenvas1-dev
- # apt-get install libopenvasnasl1
- # apt-get install libopenvasnasl1-dev
-\end{verbatim}
+While the integration into Debian and Ubuntu is in progress, some parts of
+OpenVAS may not yet be available from the official repositories, but might be
+available from other repositories. Please refer to the OpenVAS website for
+up-to-date information regarding package availability.
 
-NOTE: For the remaining modules you will need to get the latest source tar-balls
-and compile them on your own.
-
-\xname{installing-etch-server}
-\subsection{Debian 4.0 ``Etch''(stable)}
-
-The OpenVAS-Server modules are not official packages for the Debian 4.0 release
-("Etch"). To help you to run OpenVAS-Server on Debian Etch, the OpenVAS project
-provides backports for some modules for Etch. You can install these modules on
-Debian Etch by following these steps:
-
-Select the following resource and add the line to the file
-\verb!/etc/apt/sources.list! on your system:
-
-\begin{verbatim}
-deb http://apt.intevation.de/ etch openvas
-\end{verbatim} 
-
-Then, update your package list and install the available modules: (Please note
-that some modules are not yet available as backports. You have to compile the
-remaining modules on your own.)
-\begin{verbatim}
-# apt-get update
-# apt-get install libopenvas1
-# apt-get install libopenvas1-dev
-\end{verbatim}
-
-Note: If you know of further sources of backports, let the
-OpenVAS team know and they will be added to this list.
-
 \xname{installing-gentoo-server}
 \subsection{Gentoo}
 \label{sec:gentoo-server}
 
-The ebuilds are in the Gentoo portage. To get the most recent packages simply
-run:
+OpenVAS packages for Gentoo are available in the Gentoo portage. Please refer
+to the Gentoo documentation and the OpenVAS website for information on
+installing these packages.
 
-\begin{verbatim}
- #emerge --sync
-\end{verbatim}
+\xname{installing-rpms-server}
+\subsection{OpenSUSE 10.2, 10.3, 11.0 (also Fedora 8, 9 and Mandriva 2007,
+2008)}
 
-Because all OpenVAS packages are masked, you need to unmask the packages by
-keyword using one of the following ways:
-\begin{enumerate}
- \item  Edit \verb!/etc/portage/package.keywords! and add the packages:
-\begin{verbatim}
- net-analyzer/openvas ~x86
- net-analyzer/openvas-client ~x86
- net-analyzer/openvas-libnasl ~x86
- net-analyzer/openvas-libraries ~x86
- net-analyzer/openvas-plugins ~x86
- net-analyzer/openvas-server ~x86
-\end{verbatim} 
- After that you can run:
-\begin{verbatim}
- #emerge net-analyzer/openvas
- #emerge net-analyzer/openvas-server
- #emerge net-analyzer/openvas-client
-\end{verbatim} 
-\item To emerge all masked OpenVAS packages together you can use
-the following command:
-\begin{verbatim}
- # ACCEPT_KEYWORDS="~x86" emerge openvas
-\end{verbatim} 
-\end{enumerate}
+Packages for some versions of OpenSUSE, Fedora, Mandriva and other RPM-based
+distributions are available from an unofficial repository that can be found at
+\hyperurl{http://download.opensuse.org/repositories/home:/bitshuffler:/openvas/}
+. Please refer to the documentation provided with your distribution for
+information on adding repositories and installing these packages.
 
- For the server package there are the following "USE-Flags": gtk tcpd debug
-prelude
-
- Set them in the \verb!/etc/make.conf! to enable the support e.g. for prelude:
-\begin{verbatim}
- USE="prelude"
-\end{verbatim}
-
-or run it via the command line:
-
-\begin{verbatim}
- # ACCEPT_KEYWORDS="~x86" USE="prelude -debug" emerge openvas  
-\end{verbatim} 
-
-\xname{installing-suse-server}
-\subsection{OpenSUSE 10.2}
-
-In the download area you will find the files
-
-\begin{itemize}
-\item openvas-libraries-N.N.N-M.suse102.openvas.i586.rpm 
-\item openvas-libnasl-N.N.N-M.suse102.openvas.i586.rpm 
-\item openvas-server-N.N.N-M.suse102.openvas.i586.rpm 
-\item openvas-plugins-N.N.N-M.suse102.openvas.i586.rpm 
-\end{itemize}
-
-where N.N.N stands for the version of OpenVAS-Client and M for the package
-release number.
-
-For installation follow these steps as user "root" (insert the most
-current version numbers):
-\begin{verbatim}
-# rpm -i openvas-libraries-N.N.N-M.suse102.openvas.i586.rpm
-# rpm -i openvas-libnasl-N.N.N-M.suse102.openvas.i586.rpm
-# rpm -i openvas-server-N.N.N-M.suse102.openvas.i586.rpm
-# rpm -i openvas-plugins-N.N.N-M.suse102.openvas.i586.rpm
-# openvas-mkcert
-# openvas-adduser
-# openvas-nvt-sync
-# openvasd -D
-\end{verbatim}
-
-Note that you need to restart openvasd after each reboot and
-after each NVT synchronization.
-
-The corresponding source RPM files are
-named openvas-MODULE-N.N.N-M.suse102.openvas.src.rpm (where MODULE is
-"libraries", "libnasl", "server" and "plugins"). You will need these files only
-if you plan to rebuild the actual installation package.
-
-Finally, you will find the
-files openvas-MODULE-devel-N.N.N-M.suse102.openvas.i586.rpm (except for module
-"plugins"). These packages will install some files that are needed to compile
-some of the packages or rebuild packages from the source RPM packages. For
-simply running the OpenVAS server, it is not necessary to install the -devel-
-packages.
-
-\xname{installing-fedora-server}
-\subsection{Fedora 8}
-
-In the download area you will find the files
-\begin{itemize}
-\item openvas-libraries-N.N.N-M.fc8.openvas.i586.rpm
-\item openvas-libnasl-N.N.N-M.fc8.openvas.i586.rpm
-\item openvas-server-N.N.N-M.fc8.openvas.i586.rpm
-\item openvas-plugins-N.N.N-M.fc8.openvas.i586.rpm
-\end{itemize}
-
- where N.N.N stands for the version of OpenVAS-Client and M for the package
-release number.
-
- For installation follow these steps as user "root" (insert the most current
-version numbers):
-\begin{verbatim}
-# rpm -i openvas-libraries-N.N.N-M.fc8.openvas.i586.rpm
-# rpm -i openvas-libnasl-N.N.N-M.fc8.openvas.i586.rpm
-# rpm -i openvas-server-N.N.N-M.fc8.openvas.i586.rpm
-# rpm -i openvas-plugins-N.N.N-M.fc8.openvas.i586.rpm
-# openvas-mkcert
-# openvas-adduser
-# openvas-nvt-sync
-# openvasd -D 
-\end{verbatim}
-
-Note that you need to restart openvasd after each reboot and
-after each NVT synchronization.
-
-Also note that you may need to open the OpenVAS port to allow OpenVAS-Client to
-connect from other machines. This could be done by switching off the firewall
-(not recommended) or by adding a line like this to the file
-\verb|/etc/sysconfig/iptables| at the appropriate position:
-
-\begin{verbatim}
- -A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 1241 -j
-ACCEPT
-\end{verbatim}
-
-You need to run the following command after this change:
-\begin{verbatim}
-/etc/init.d/iptables restart
-\end{verbatim}
-
-The corresponding source RPM files are named
-openvas-MODULE-N.N.N-M.fc8.openvas.src.rpm (where MODULE is "libraries",
-"libnasl", "server" and "plugins"). You will need these files only if you plan
-to rebuild the actual installation package.
-
-Finally, you will find the
-files openvas-MODULE-devel-N.N.N-M.fc8.openvas.i586.rpm (except for module
-"plugins"). These packages will install some files that are needed to compile
-some of the packages or rebuild packages from the source RPM packages. For
-simply running the OpenVAS server, it is not necessary to install the -devel-
-packages.
-
 \xname{installing-freebsd-server}
 \subsection{FreeBSD}
 
@@ -573,6 +410,7 @@
 
 \xname{compiling-openvas-server-from-source}
 \section{Compiling OpenVAS-Server from Source Packages}
+\label{sec:compiling-openvas-server-from-source}
 
 \xname{latest-source-code-release-server}
 \subsection{Latest source code release}
@@ -1330,103 +1168,49 @@
 \xname{installing-binary-packages-client}
 \section{Installing Binary Packages}
 
-Binary packages for the major linux distributions and some other platforms are
+Binary packages for the major Linux distributions and some other platforms are
 available for download from the OpenVAS website or from services provided by
 third parties.
 
+If OpenVAS-Client is not yet packaged for the distribution of your choice,
+installation from source (see section
+\ref{sec:compiling-openvas-client-from-source}) is usually possible on most
+Unix-based platforms. You might also want to let the maintainers of this
+distribution know that you would like to see OpenVAS packaged for their
+distribution and that they can turn to the OpenVAS development team should they
+need more information.
+
 \xname{installing-debian-client}
-\subsection{Debian "Sid" (unstable) and "Lenny" (testing)}
+\subsection{Debian and Ubuntu}
 
-OpenVAS-Client is an official Debian package for the distributions "unstable"
-("Sid) and "testing" ("Lenny"). You can find more information about the Debian
-packages on the OpenVAS-Client package pages for
-Sid\footnote{\hyperurl{http://packages.debian.org/sid/openvas-client}} and
-Lenny\footnote{\hyperurl{http://packages.debian.org/lenny/openvas-client}}.
+OpenVAS-Client is an official package for the Debian distributions "unstable"
+("Sid) and "testing" ("Lenny") and for Ubuntu releases onward from release 8.10
+(``Intrepid Ibex''). This means that you can install OpenVAS-Server using the
+\verb|apt-get| mechanism if you are using one of these distributions. Please
+refer to the OpenVAS website for up-to-date information regarding package
+availability for older versions.
 
-This means you can simply install OpenVAS-Client on Debian Sid or Debian
-Lenny with the following command:
-\begin{verbatim}
-# apt-get install openvas-client
-\end{verbatim}
-
-\xname{installing-etch-client}
-\subsection{Debian "Etch" 4.0 (stable)}
-
-OpenVAS-Client is not an official package for the Debian 4.0 release ("Etch").
-To enable you to easily run OpenVAS-Client on Debian Etch, the OpenVAS
-project provides backports for Etch. You can install OpenVAS-Client on
-Debian Etch by following these steps:
-
-Select the following resource and add the line
-to the file /etc/apt/sources.list on your system:
-\begin{verbatim}
- deb http://apt.intevation.de/ etch openvas
-\end{verbatim}
-
-Then, update your package list and install OpenVAS-Client:
-
-\begin{verbatim}
- # apt-get update
- # apt-get install openvas-client
-\end{verbatim} 
-
-\xname{installing-ubuntu-client}
-\subsection{Ubuntu 8.10 "Intrepid Ibex"}
-
-OpenVAS-Client has been added to the upcoming Ubuntu 8.10 release
-("Intrepid Ibex") which is scheduled for release in October 2008. You can find
-more information about the Ubuntu
-package on the OpenVAS Client package page for Intrepid Ibex (at
-\hyperurl{http://packages.ubuntu.com/intrepid/openvas-client}).
-
-This means you can simply install OpenVAS-Client on Ubuntu 8.10 with the
-following command:
-
-\begin{verbatim}
-# apt-get install openvas-client
-\end{verbatim}
-
-Backported packages are also available for the Ubuntu 8.04 LTS release ("Hardy
-Heron"). To install OpenVAS-Client on Ubuntu 8.04 LTS, simply follow the
-instructions for Debian 4.0 "Etch" as described above.
-
 \xname{installing-gentoo-client}
 \subsection{Gentoo}
 
-Please see the installation description for OpenVAS-Server on Gentoo in
-section \ref{sec:gentoo-server}.
+OpenVAS-Client packages for Gentoo are available in the Gentoo portage. Please
+refer to the Gentoo documentation and the OpenVAS website for information on
+installing these packages.
 
-\xname{installing-suse-client}
-\subsection{OpenSUSE 10.2}
+\xname{installing-rpms-client}
+\subsection{OpenSUSE 10.2, 10.3, 11.0 (also Fedora 8, 9 and Mandriva 2007,
+2008)}
 
-In the download area you will find the file
-openvas-client-N.N.N-M.suse102.openvas.i586.rpm where N.N.N stands for the
-version of OpenVAS-Client and M for the package release number.
+Packages for some versions of OpenSUSE, Fedora, Mandriva and other RPM-based
+distributions are available from an unofficial repository that can be found at
+\hyperurl{http://download.opensuse.org/repositories/home:/bitshuffler:/openvas/}
+. Please refer to the documentation provided with your distribution for
+information on adding repositories and installing these packages.
 
-The corresponding source RPM files are named
-openvas-client-N.N.N-M.suse102.openvas.src.rpm.
-You will need these files only if you plan to rebuild the actual installation
-package.
-
-\xname{installing-fedora-client}
-\subsection{Fedora 8}
-
-In the download area you will find the file
-openvas-client-N.N.N-M.fc8.openvas.i586.rpm
-where N.N.N stands for the version of OpenVAS-Client and
-M for the package release number.
-
-The corresponding source RPM files are named
-openvas-client-N.N.N-M.fc8.openvas.src.rpm.
-You will need these files only if you plan to rebuild
-the actual installation package.
-
 \xname{installing-windows-client}
 \subsection{Windows XP SP2}
 
-In the download area you will find the file OpenVAS-Client-N.N.N-M-LL-setup.exe
-where N.N.N stands for the version of OpenVAS-Client, M for the package release
-number and LL for the language (e.g. en=English, de=German, sv=Swedish).
+Packages for Microsoft Windows XP SP2 are available from the OpenVAS website.
 
 \xname{installing-freebsd-client}
 \subsection{FreeBSD}
@@ -1449,6 +1233,7 @@
 
 \xname{compiling-openvas-client-from-source}
 \section{Compiling OpenVAS-Client from Source Packages}
+\label{sec:compiling-openvas-client-from-source}
 
 \xname{latest-source-code-release-client}
 \subsection{Latest source code release}
@@ -1506,8 +1291,8 @@
 features that might be of interest for advanced users.
 
 This documentation assumes OpenVAS-Client in version 2.0-beta1. Newer version
-might offer additional or changed functionality. In case, please refer to the
-website for information or support.
+might offer additional or changed functionality. In this case, please refer to
+the OpenVAS website for information or support.
 
 \xname{the-main-window}
 \section{The Main Window}
@@ -2613,44 +2398,10 @@
 SLAD plugin selects all relevant Snort messages from a MySQL Database and sends
 them to the management platform.
 
-\paragraph{Snort-Installation}
+To use the SLAD Snort plugin, Snort needs to be installed with MySQL support.
+Information on how to do this is usually provided with the Snort package for
+your distributions or can be found in the Snort installation itself. 
 
-To use the Snort plugin, Snort needs to be installed with MySQL support. This
-could be done with Debian by using the \verb|apt-get| tool.
-
-% ?
-Answer for the Configuration with mysql to use the snort-mysql database.
-For the Hostname use your MySQL-Server Host where the SLAD-Plugin collects to.
-In the most cases this is 127.0.0.1, but you can use any other host here.
-Then use the database you want to use for logging, in most cases this will 
-be "snort", you must install mysql first, and create the database via
-"mysql create snort" and set the permissions first. For further information 
-consult your mysql-manual.
-
-\begin{verbatim}
-# mysqladmin create snort
-# apt-get install mysql-server snort-mysql
-# zcat /usr/share/doc/snort-mysql/create_mysql.gz | mysql snort
-\end{verbatim}
-
-After you installed Snort, you need to change the local-plugin configuration.
-This could be found at "/opt/slad/plugins/snort/snortconfig".
-
-\begin{verbatim}
-#!/bin/sh
-SNORTDBPW="changeme"
-MYSQLHOST="localhost"
-MYSQLUSER="snort"
-MYSQLDB="snort"
-SID="0"
-\end{verbatim}
-
-You can test the configuration by fetching the local-events by running:
-
-\begin{verbatim}
-# ./getsnortevents.sh
-\end{verbatim}
-
 \subsubsection{LMSensors}
 
 This fetches the events from your hardware monitoring, (for example someone
@@ -2668,13 +2419,10 @@
 Three different levels of detail are supported:
 
 \begin{description}
-% ?
-\item[--low] Returns logfile values in a low detail level highesT aggregation.
-
-\item[--medium] Returns logfile aggregation in a medium detail level.
-
-\item[--high] Full and lowest aggregation level of logfile-values.
-
+\item[Low] Returns logfile values in a low detail level and with the highest
+aggregation.
+\item[Medium] Returns logfile values in a medium detail level.
+\item[High] Detailed logfile values with the lowest aggregation level.
 \end{description}
 
 \subsubsection{TrapWatch}
@@ -2688,59 +2436,11 @@
 into the report. This can be useful to detect changes in the network, like
 machines being unplugged or added to the network.
 Support for Netscreen firewall traps, HP-Procure switches and Cisco hardware
-is installed out of the Box.
-If non-standard MIBs are used, it might necessary to configure TrapWatch
-accordingly.
+is installed out of the box. If non-standard MIBs are used, it might necessary
+to configure TrapWatch accordingly. Please note that to enable TrapWatch, you
+need to install an SNMP trap handler that puts the TRAP results into your syslog
+file.
 
-To enable TrapWatch, you need to install an SNMP trap handler that puts the
-TRAP results into a syslog file. If you use Debian you can use the ``SNMP Trap
-Format'' package:
-
-\begin{verbatim}
-# apt-get install snmptrapfmt
-\end{verbatim}
-
-After the service is installed, you will get all new traps from the box.
-% Box? Which box?
-SNMP traps need to be correctly configured in your network hardware. It is
-highly recommended to test your setup before the first use with SLAD.
-To test the SNMP-TrapWatch feature, you can call the TrapWatch subsystem
-manually via:
-
-\begin{verbatim}
-# /opt/slad/plugins/trapwatch/trapwatch.sh --high
-\end{verbatim}
-
-The result should look like the following:
-
-\begin{tiny}
-\begin{verbatim}
-I 08/18/06 12:28:27 ports: port C4 is now off-line
-I 08/18/06 12:28:30 ports: port C4 is now on-line
-I 08/18/06 12:28:32 ports: port C4 is now off-line
-I 08/18/06 12:28:49 ports: port B4 is now on-line
-I 08/18/06 12:29:10 ports: port B4 is now off-line
-2006-08-18 14:31:25 [Root]system-alert-00026: IPSec tunnel on int ethernet1 with
-tunnel ID 0x8 received a packet with a bad SPI.
-217.0.72.117->193.108.181.253/56, ESP, SPI 0x0, SEQ 0x45080218
-I 08/18/06 15:55:04 ports: port F1 is now off-line
-I 08/18/06 15:55:06 ports: port F1 is now on-line
-I 08/18/06 15:57:00 sntp: updated time by 4 seconds
-2006-08-18 18:04:53 [Root]system-critical-00436: Large ICMP packet! From
-210.51.16.51 to 193.108.181.6, proto 1 (zone Untrust int ethernet1). Occurred 1
-times.
-2006-08-18 18:05:33 [Root]system-critical-00436: Large ICMP packet! From
-210.51.16.51 to 193.108.181.6, proto 1 (zone Untrust int ethernet1). Occurred 1
-times.
-I 08/18/06 19:15:24 ports: port F1 is now off-line
-I 08/18/06 19:15:26 ports: port F1 is now on-line
-2006-08-18 18:34:09 [Root]system-critical-00438: FIN but no ACK bit! From
-83.76.204.46:56242 to 193.108.181.101:6346, proto TCP (zone Untrust int
-ethernet1). Occurred 2 times.
-\end{verbatim}
-\end{tiny}
-
-
 \xname{nikto}
 \section{Nikto}
 \compendiumauthor{Michael Wiegand}

