[Openvas-commits] r3346 - trunk/openvas-compendium

scm-commit@wald.intevation.org scm-commit at wald.intevation.org
Tue May 12 23:16:28 CEST 2009


Author: geoff
Date: 2009-05-12 23:16:27 +0200 (Tue, 12 May 2009)
New Revision: 3346

Modified:
   trunk/openvas-compendium/ChangeLog
   trunk/openvas-compendium/openvas-compendium.tex
Log:
Edited "The Signature Verification Process" for grammar and flow.


Modified: trunk/openvas-compendium/ChangeLog
===================================================================
--- trunk/openvas-compendium/ChangeLog	2009-05-12 20:04:51 UTC (rev 3345)
+++ trunk/openvas-compendium/ChangeLog	2009-05-12 21:16:27 UTC (rev 3346)
@@ -1,3 +1,8 @@
+2009-05-12 Geoff Galitz <geoff at galitz.org>
+
+	* openvas-compendium.tex: Edited "The Signature Verification Process"
+	for grammar and flow
+
 2009-05-11  Felix Wolfsteller <felix.wolfsteller at intevation.de>
 
 	* openvas-compendium.tex, openvas-compendium.de.tex: The OpenVAS SSH Key

Modified: trunk/openvas-compendium/openvas-compendium.tex
===================================================================
--- trunk/openvas-compendium/openvas-compendium.tex	2009-05-12 20:04:51 UTC (rev 3345)
+++ trunk/openvas-compendium/openvas-compendium.tex	2009-05-12 21:16:27 UTC (rev 3346)
@@ -943,33 +943,34 @@
 \xname{the-signature-verification-process}
 \subsection{The Signature Verification Process}
 
-The signature verification of the OpenVAS server is activated by setting
-``nasl\_no\_signature\_check = no'' in the OpenVAS-Server configuration (see
-section \ref{sec:advanced-configuration-server}).
+Signature verification in OpenVAS is set with the ``nasl\_no\_signature\_check = no''
+directive in the OpenVAS-Server configuration file
+(see section \ref{sec:advanced-configuration-server}).
 
-At start-up the openvas daemon (openvasd) checks all signatures for validity.
-Only fully trusted files are considered by the server and thus loaded and made
-available to OpenVAS client.
+At start-up the openvas daemon (openvasd) verifies all signatures.
+In this mode, only fully verified files are trusted by the server
+and thus loaded and made available to the OpenVAS client.
 
 The trust check uses a special list of certificates managed for the
 OpenVAS server. It is a standard GnuPG keyring located by default in
 /etc/openvas/gnupg.
 
-When OpenVAS verifies the signature for a file it checks all signatures
-contained in the signature file and all signatures must be fully valid. This
+When OpenVAS performs the verification process it checks all signatures
+in the signature file. All signatures must be valid. This
 means that all of the following criteria must be fulfilled for all signatures
-which have signed this particular file:
+for a particular file:
 
 \begin{itemize}
  \item The certificate must be present in the keyring.
- \item The key must be fully valid.
+ \item The key must be valid.
  \item The signature must be valid.
 \end{itemize}
 
 If any of the signatures does not meet all of these criteria, that file is
-considered untrustworthy and will not be executed at all. If all signatures meet
-the criteria, the script is trusted fully and may execute all functions. If no
-signature file exists, the script is not executed at all.
+considered untrustworthy and will not be executed. If all signatures meet
+the criteria, the script is trusted and may execute all functions. If no
+signature file exists, the file is considered untrustworthy and the script
+is not executed.
 
 Again, please note the difference to Nessus: For Nessus signatures, three levels
 were distinguished: no signature, a bad signature and a good signature. Plugins



More information about the Openvas-commits mailing list