[Openvas-devel] Change Request #24: OpenVAS-Server: Reorganize NVTs in Subdirectories

Stjepan Gros sgros.ml at gmail.com
Mon Dec 8 21:02:00 CET 2008 

On Mon, Dec 8, 2008 at 9:02 AM, Michael Wiegand
<michael.wiegand at intevation.de> wrote:
> * Stjepan Gros [ 6. Dec 2008]:
>> with much help/guidelince from Michael Wiegand I wrote change request
>> towards reorganizing NVTs. There are two goals with this change. One
>> is to be LSB/FHS compliant, while the other is to enable new features
>> by NVT reorganization. The feature specifically mentioned is speeding
>> up load time of openvasd and possiblity to dinamically load (or not to
>> load) plugins. I would like your feedback on the listed changes and
>> also any modification or addition required to the list.
>
> It probably won't surprise you that I vote +1 on this one. :)
>
> I think there are a few more issues we should discuss:
>
> - How will the server admin be able to switch on/off individual
>  subdirectories? Should this happen in the server configuration file?

There are few possibilities, from the simplest to the most complex:

1. The simplest way is to restart openvasd. that way it is possible to
comment out specific directories in the configuration file.
2. Using SIGHUP to reload configuration file, the same as 1 but more dynamic
3. Via some IPC mechanism that will allow commands to be sent to
openvasd and thus, this is fully dynamic scenario

A variant of 1 and 2 is to modify openvasd in such a way to load only
plugins that have, e.g. executable bit set. it's easy then to disable
specific plugin by chmod-ing it.

For a start I would suggest 1. Otherwise we could set too ambitious
goals which have equally high probability of failing. :)

> - Should the selection be communicated to the client? And if so, in
>  which way?

This requires knowledge and modification of the communication protocol
between the two, which I don't have. So I would suggest also that in
the initial scenario this part is not changed, i.e. client gets a
current list of plugins when it connects to the server.

In the long term, the answer to this question depends on the uses
cases of openvasd+openvasclient. I don't have enough experience to
make judgements here. This also influences the previous item about
switching on/off specific subdirectories. Maybe success/fail stories
would be useful?

> - You suggested "grammar to include new directives" for the NASL
>  subsystem, is this necessary? Should NVTs be aware that they are in a
>  different subdirectory?

No, what I meant was only to introduce three configuration directives
to openvasd.conf that will allow administrator to specify where
plugins are, where global includes are and where to place caches. I
believe there is no point in making NVTs aware of their physical
placement.

Stjepan

More information about the Openvas-devel mailing list