From d.jagdmann at dn-systems.de Sat Aug 1 04:35:15 2009 From: d.jagdmann at dn-systems.de (Dirk Jagdmann) Date: Fri, 31 Jul 2009 19:35:15 -0700 Subject: [Openvas-devel] SSH library evaluation update In-Reply-To: <716E2A9232E94354B903FF76AF242109@geoffPC> References: <716E2A9232E94354B903FF76AF242109@geoffPC> Message-ID: <4A73A9E3.2030409@dn-systems.de> I'm testing with FreeBSD. > Projects currently being reviewed: > * libssh > * cryptlib which one do you mean exactly? http://www.libssh.org/ http://www.libssh2.org/ cryptlib is currently only available in version 3.3.1 and the FreeBSD port was done on 2008-07. The current release is 3.3.3. So it seems there is no active FreeBSD maintainer available. I have checked compiling all three libraries on FreeBSD 7.x 32bit x86 and all compiled without problems. cryptlib (3.3.1) does not support 64bit x86. libssh and libssh2 build on 64bit x86. And while speaking of FreeBSD. They only have OpenVAS 1.0 in their ports tree. Maybe someone should volunteer to maintain the FreeBSD OpenVAS ports. -- Dirk Jagdmann : Coder Tel. +49-5121-28989-15 -- DN-Systems Enterprise Internet Solutions GmbH Hornemannstr. 11 31137 Hildesheim, Germany Tel. +49-5121-28989-0 Fax. +49-5121-28989-11 Handelsregister HRB-3213 Amtsgericht Hildesheim Gesch?ftsf?hrer: Lukas Grunwald From mmundell at intevation.de Sun Aug 2 15:29:57 2009 From: mmundell at intevation.de (Matthew Mundell) Date: 02 Aug 2009 13:28:57 -0001 Subject: [Openvas-devel] Call for vote on CR#38 (Reorganize OpenVAS libraries) In-Reply-To: Message of Fri, 31 Jul 2009 23:31:34 +0200. <200907312331.34416.Jan-Oliver.Wagner@greenbone.net> Message-ID: <20090802133000.5468BDEEA9@mail.ukfsn.org> +1 From michael.wiegand at intevation.de Mon Aug 3 11:05:16 2009 From: michael.wiegand at intevation.de (Michael Wiegand) Date: Mon, 3 Aug 2009 11:05:16 +0200 Subject: [Openvas-devel] Call for vote on CR#38 (Reorganize OpenVAS libraries) In-Reply-To: <200907312331.34416.Jan-Oliver.Wagner@greenbone.net> References: <200907312331.34416.Jan-Oliver.Wagner@greenbone.net> Message-ID: <20090803090516.GA31299@intevation.de> * Jan-Oliver Wagner [31. Jul 2009]: > I'd like to call for a vote on CR#38 > > http://www.openvas.org/openvas-cr-38.html > "Reorganize OpenVAS libraries" +1 from me. Regards, Michael -- Michael Wiegand | OpenPGP: D7D049EC | Intevation GmbH - www.intevation.de Neuer Graben 17, 49074 Osnabr?ck, Germany | AG Osnabr?ck, HR B 18998 Gesch?ftsf?hrer: Frank Koormann, Bernhard Reiter, Dr. Jan-Oliver Wagner -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 198 bytes Desc: not available Url : http://lists.wald.intevation.org/pipermail/openvas-devel/attachments/20090803/f05abf59/attachment.pgp From hanno at hboeck.de Mon Aug 3 15:57:55 2009 From: hanno at hboeck.de (Hanno =?utf-8?q?B=C3=B6ck?=) Date: Mon, 3 Aug 2009 15:57:55 +0200 Subject: [Openvas-devel] Segfault with gpgme 1.2.0 Message-ID: <200908031557.55499.hanno@hboeck.de> Works fine with 1.1.8, with 1.2.0 I get: libertalia hanno # openvasd store_init(): called with NULL Loading the OpenVAS plugins...[1620]() gpgme_new failed: User defined source 1/Not operational Segmentation fault Is this a known issue? Should I open a bug in the tracker? -- Hanno B?ck Blog: http://www.hboeck.de/ GPG: 3DBD3B20 Jabber/Mail: hanno at hboeck.de http://schokokeks.org - professional webhosting -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 198 bytes Desc: This is a digitally signed message part. Url : http://lists.wald.intevation.org/pipermail/openvas-devel/attachments/20090803/76fcba57/attachment.pgp From jfs at debian.org Mon Aug 3 12:01:33 2009 From: jfs at debian.org (Javier Fernandez-Sanguino) Date: Mon, 3 Aug 2009 12:01:33 +0200 Subject: [Openvas-devel] Call for vote on CR#38 (Reorganize OpenVAS libraries) In-Reply-To: <200907312331.34416.Jan-Oliver.Wagner@greenbone.net> References: <200907312331.34416.Jan-Oliver.Wagner@greenbone.net> Message-ID: 2009/7/31 Jan-Oliver Wagner : > Hello, > > I'd like to call for a vote on CR#38 +1 to the change since code duplication makes it really difficult to provide support (especially for security-related bugs) Since there are going to be a lot of changes and the ABI might not be backwards compatible please make sure there is a SONAME bump when the libraries change so that people don't try to mix older versions of openvas-{client,server} with the new libraries provided by openvas-libraries. Regards Javier From jfs at debian.org Mon Aug 3 12:01:33 2009 From: jfs at debian.org (Javier Fernandez-Sanguino) Date: Mon, 3 Aug 2009 12:01:33 +0200 Subject: [Openvas-devel] Call for vote on CR#38 (Reorganize OpenVAS libraries) In-Reply-To: <200907312331.34416.Jan-Oliver.Wagner@greenbone.net> References: <200907312331.34416.Jan-Oliver.Wagner@greenbone.net> Message-ID: 2009/7/31 Jan-Oliver Wagner : > Hello, > > I'd like to call for a vote on CR#38 +1 to the change since code duplication makes it really difficult to provide support (especially for security-related bugs) Since there are going to be a lot of changes and the ABI might not be backwards compatible please make sure there is a SONAME bump when the libraries change so that people don't try to mix older versions of openvas-{client,server} with the new libraries provided by openvas-libraries. Regards Javier From Jan-Oliver.Wagner at greenbone.net Mon Aug 3 16:05:58 2009 From: Jan-Oliver.Wagner at greenbone.net (Jan-Oliver Wagner) Date: Mon, 3 Aug 2009 16:05:58 +0200 Subject: [Openvas-devel] Call for vote on CR#38 (Reorganize OpenVAS libraries) In-Reply-To: References: <200907312331.34416.Jan-Oliver.Wagner@greenbone.net> Message-ID: <200908031605.59128.Jan-Oliver.Wagner@greenbone.net> On Monday 03 August 2009 12:01:33 Javier Fernandez-Sanguino wrote: > Since there are going to be a lot of changes and the ABI might not be > backwards compatible please make sure there is a SONAME bump when the > libraries change so that people don't try to mix older versions of > openvas-{client,server} with the new libraries provided by > openvas-libraries. thanks for the hint. I added this to CR#38. Best Jan -- Dr. Jan-Oliver Wagner | ++49-541-335084-0 | http://www.greenbone.net/ Greenbone Networks GmbH, Neuer Graben 17, 49074 Osnabr?ck AG Osnabr?ck, HR B 202460 | Gesch?ftsf?hrer: Lukas Grunwald, Dr. Jan-Oliver Wagner From michael.wiegand at intevation.de Mon Aug 3 16:05:38 2009 From: michael.wiegand at intevation.de (Michael Wiegand) Date: Mon, 3 Aug 2009 16:05:38 +0200 Subject: [Openvas-devel] Segfault with gpgme 1.2.0 In-Reply-To: <200908031557.55499.hanno@hboeck.de> References: <200908031557.55499.hanno@hboeck.de> Message-ID: <20090803140537.GD15850@intevation.de> * Hanno B?ck [ 3. Aug 2009]: > Works fine with 1.1.8, with 1.2.0 I get: > > libertalia hanno # openvasd > store_init(): called with NULL > Loading the OpenVAS plugins...[1620]() gpgme_new failed: User defined source > 1/Not operational > Segmentation fault > > Is this a known issue? Should I open a bug in the tracker? Haven't seen that before. In other words, yes, please file a bug report. Thank you! Regards, Michael -- Michael Wiegand | OpenPGP: D7D049EC | Intevation GmbH - www.intevation.de Neuer Graben 17, 49074 Osnabr?ck, Germany | AG Osnabr?ck, HR B 18998 Gesch?ftsf?hrer: Frank Koormann, Bernhard Reiter, Dr. Jan-Oliver Wagner -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 198 bytes Desc: not available Url : http://lists.wald.intevation.org/pipermail/openvas-devel/attachments/20090803/4f4a46c1/attachment.pgp From geoff at galitz.org Mon Aug 3 15:17:47 2009 From: geoff at galitz.org (Geoff Galitz) Date: Mon, 3 Aug 2009 15:17:47 +0200 Subject: [Openvas-devel] SSH library evaluation update In-Reply-To: <4A73A9E3.2030409@dn-systems.de> References: <716E2A9232E94354B903FF76AF242109@geoffPC> <4A73A9E3.2030409@dn-systems.de> Message-ID: <4DCCC3D36F4440A9A3F0A353D66A5294@geoffPC> > > Projects currently being reviewed: > > * libssh > > * cryptlib > > which one do you mean exactly? > http://www.libssh.org/ > http://www.libssh2.org/ I am looking at both libssh and libssh2. I presume FreeBSD support is something you need for OpenVAS? -geoff --------------------------------- Geoff Galitz Blankenheim NRW, Germany http://www.galitz.org/ http://german-way.com/blog/ From d.jagdmann at dn-systems.de Mon Aug 3 19:54:37 2009 From: d.jagdmann at dn-systems.de (Dirk Jagdmann) Date: Mon, 03 Aug 2009 10:54:37 -0700 Subject: [Openvas-devel] SSH library evaluation update In-Reply-To: <4DCCC3D36F4440A9A3F0A353D66A5294@geoffPC> References: <716E2A9232E94354B903FF76AF242109@geoffPC> <4A73A9E3.2030409@dn-systems.de> <4DCCC3D36F4440A9A3F0A353D66A5294@geoffPC> Message-ID: <4A77245D.6010406@dn-systems.de> > I presume FreeBSD support is something you need for OpenVAS? Not personally, but you asked for people to test things. And I don't have access to commercial unix and there are lots of other people who _could_ do linux tests. -- Dirk Jagdmann : Coder Tel. +49-5121-28989-15 -- DN-Systems Enterprise Internet Solutions GmbH Hornemannstr. 11 31137 Hildesheim, Germany Tel. +49-5121-28989-0 Fax. +49-5121-28989-11 Handelsregister HRB-3213 Amtsgericht Hildesheim Gesch?ftsf?hrer: Lukas Grunwald From geoff at galitz.org Mon Aug 3 22:55:27 2009 From: geoff at galitz.org (Geoff Galitz) Date: Mon, 3 Aug 2009 22:55:27 +0200 Subject: [Openvas-devel] SSH library evaluation update In-Reply-To: <4A77245D.6010406@dn-systems.de> References: <716E2A9232E94354B903FF76AF242109@geoffPC> <4A73A9E3.2030409@dn-systems.de> <4DCCC3D36F4440A9A3F0A353D66A5294@geoffPC> <4A77245D.6010406@dn-systems.de> Message-ID: <5ACB735153A14DE2B867F322F3608C38@geoffPC> > Not personally, but you asked for people to test things. And I don't have > access > to commercial unix and there are lots of other people who _could_ do linux > tests. > Understood. Thanks for the help! -geoff --------------------------------- Geoff Galitz Blankenheim NRW, Germany http://www.galitz.org/ http://german-way.com/blog/ From Jan-Oliver.Wagner at greenbone.net Tue Aug 4 16:11:56 2009 From: Jan-Oliver.Wagner at greenbone.net (Jan-Oliver Wagner) Date: Tue, 4 Aug 2009 16:11:56 +0200 Subject: [Openvas-devel] New releases for 2-0 modules planned In-Reply-To: <200907312301.59165.Jan-Oliver.Wagner@greenbone.net> References: <200907312301.59165.Jan-Oliver.Wagner@greenbone.net> Message-ID: <200908041611.56570.Jan-Oliver.Wagner@greenbone.net> Hi, On Friday 31 July 2009 23:01:58 Jan-Oliver Wagner wrote: > I ported back several patches from trunk to 2-0 > and would like to have new 2.0.x releases > of openvas-libraries, openvas-libnasl, > openvas-server and openvas-client soon (within > next 1-2 weeks). > > Is there anything importantwe need > to get into this maintenance releases? no feedback so far. Please test the 2-0 versions of trunk as intensive as possible. Any comment is welcome. So I propose to start the cycle with openvas-libraries and let the other modules follow step by step quickly after that. Michael: Can you double check the ChangeLog of trunk for missing backports? Also, for the other modules we need to raise the dependency on libraries and nasl. > Most prominently I can think of Jan's patches > to the Debian packaging. I've seen some work here, but not on openvas-libraries. Felix, Jan: Do you think you can solve the debian packaging for openvas-libraries soon enough so we use it already for this cycle? Best Jan -- Dr. Jan-Oliver Wagner | ++49-541-335084-0 | http://www.greenbone.net/ Greenbone Networks GmbH, Neuer Graben 17, 49074 Osnabr?ck AG Osnabr?ck, HR B 202460 | Gesch?ftsf?hrer: Lukas Grunwald, Dr. Jan-Oliver Wagner From jfs at computer.org Tue Aug 4 16:31:42 2009 From: jfs at computer.org (Javier Fernandez-Sanguino) Date: Tue, 4 Aug 2009 16:31:42 +0200 Subject: [Openvas-devel] New releases for 2-0 modules planned In-Reply-To: <200908041611.56570.Jan-Oliver.Wagner@greenbone.net> References: <200907312301.59165.Jan-Oliver.Wagner@greenbone.net> <200908041611.56570.Jan-Oliver.Wagner@greenbone.net> Message-ID: 2009/8/4 Jan-Oliver Wagner : >> Most prominently I can think of Jan's patches >> to the Debian packaging. > > I've seen some work here, but not on openvas-libraries. > Felix, Jan: Do you think you can solve the debian > packaging for openvas-libraries soon enough so we > use it already for this cycle? There is nothing to "solve" in the Debian packaging, although it could be updated with the next release. Actually, the patch used in the Debian packaging (at packaging/debian/patches) for the 2.0.3 release should be fixed in the next release. The patch might seem complex but this due to need to regenerate all the autotools/autoconf stuff. It's actually quite simple see [1]: ---------------------------------------------------------------------------------------------------------------------------------- diff -urNad openvas-libraries-2.0.3~/configure.in openvas-libraries-2.0.3/configure.in --- openvas-libraries-2.0.3~/configure.in 2009-07-26 22:45:14.000000000 +0000 +++ openvas-libraries-2.0.3/configure.in 2009-07-26 22:45:46.000000000 +0000 @@ -106,6 +106,9 @@ AC_CHECK_LIB(pcap, pcap_restart, LIBS="-lpcap $LIBS", AC_MSG_ERROR(you need to install pcap library with development files)) +AC_CHECK_LIB(gcrypt, gcry_strerror, LIBS="-lgcrypt $LIBS", + AC_MSG_ERROR(you need to install gcrypt library with development files)) + # These libraries break stuff under IRIX if test "`uname`" != "IRIX" ; then ---------------------------------------------------------------------------------------------------------------------------------- This is needed or otherwise it will not build properly since the libraries depend on gcrypt. We have not reported this yet as a bug in the build system of openvas-libraries, but it should be considered as such. Regards Javier [1] http://wald.intevation.org/plugins/scmsvn/viewcvs.php/trunk/openvas-libraries/packaging/debian/patches/configure-grypt.dpatch?rev=4173&root=openvas&view=markup From Jan-Oliver.Wagner at greenbone.net Tue Aug 4 17:25:35 2009 From: Jan-Oliver.Wagner at greenbone.net (Jan-Oliver Wagner) Date: Tue, 4 Aug 2009 17:25:35 +0200 Subject: [Openvas-devel] New web page on team and tasks they do for OpenVAS Message-ID: <200908041725.35803.Jan-Oliver.Wagner@greenbone.net> Hi OpenVAS Team, as agreed on OpenVAS DevCon and me volunteered, I assembled a initial list of community tasks into a web page: http://www.openvas.org/team_tasks.html Probably this is far from complete. I.e. who maintains the freshmeat entry, who takes care of OpenSUSE build service, who does the Debian packaging etc. etc. Oh, and: Who maintains the list of maintainers ;-) Any comments, suggestions? Best Jan -- Dr. Jan-Oliver Wagner | ++49-541-335084-0 | http://www.greenbone.net/ Greenbone Networks GmbH, Neuer Graben 17, 49074 Osnabr?ck AG Osnabr?ck, HR B 202460 | Gesch?ftsf?hrer: Lukas Grunwald, Dr. Jan-Oliver Wagner From michael.wiegand at intevation.de Wed Aug 5 08:10:59 2009 From: michael.wiegand at intevation.de (Michael Wiegand) Date: Wed, 5 Aug 2009 08:10:59 +0200 Subject: [Openvas-devel] New releases for 2-0 modules planned In-Reply-To: References: <200907312301.59165.Jan-Oliver.Wagner@greenbone.net> <200908041611.56570.Jan-Oliver.Wagner@greenbone.net> Message-ID: <20090805061059.GA19983@intevation.de> * Javier Fernandez-Sanguino [ 4. Aug 2009]: > 2009/8/4 Jan-Oliver Wagner : > >> Most prominently I can think of Jan's patches > >> to the Debian packaging. > > > > I've seen some work here, but not on openvas-libraries. > > Felix, Jan: Do you think you can solve the debian > > packaging for openvas-libraries soon enough so we > > use it already for this cycle? > > There is nothing to "solve" in the Debian packaging, although it could > be updated with the next release. Actually, the patch used in the > Debian packaging (at packaging/debian/patches) for the 2.0.3 release > should be fixed in the next release. The patch might seem complex but > this due to need to regenerate all the autotools/autoconf stuff. It's > actually quite simple see [1]: The issue you are referring to has already been solved in the trunk a few weeks ago, see [1]. This fix will of course be backported to the 2.0 branch before release. I think Jan-Oliver was not referring to this issue, but rather to the reorganization of the packaging structure as proposed by Jan and Felix. Regards, Michael [1] http://wald.intevation.org/plugins/scmsvn/viewcvs.php?rev=3763&root=openvas&view=rev -- Michael Wiegand | OpenPGP: D7D049EC | Intevation GmbH - www.intevation.de Neuer Graben 17, 49074 Osnabr?ck, Germany | AG Osnabr?ck, HR B 18998 Gesch?ftsf?hrer: Frank Koormann, Bernhard Reiter, Dr. Jan-Oliver Wagner -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 198 bytes Desc: not available Url : http://lists.wald.intevation.org/pipermail/openvas-devel/attachments/20090805/c2a74d72/attachment.pgp From bitdealer at gmail.com Wed Aug 5 03:42:00 2009 From: bitdealer at gmail.com (Stephan Kleine) Date: Wed, 5 Aug 2009 03:42:00 +0200 Subject: [Openvas-devel] New releases for 2-0 modules planned Message-ID: Hi. If you are willing to package an archive as you would do for the final release then I'll happily throw it into OBS and pester you with the results ;P But I'm not gonna waste my time with svn revisions because, IMHO, the autoconf stuff is too non deterministic across all those versions / distributions. If you are willing please let me know and CC me explicitly since I'm not subscribed to -devel. regards, Stephan From Jan-Oliver.Wagner at greenbone.net Wed Aug 5 11:00:24 2009 From: Jan-Oliver.Wagner at greenbone.net (Jan-Oliver Wagner) Date: Wed, 5 Aug 2009 11:00:24 +0200 Subject: [Openvas-devel] OpenVAS Release Live Cycle Message-ID: <200908051100.24973.Jan-Oliver.Wagner@greenbone.net> Hi, I crafted a first version of the the procdure for retirement as part of the release life cycle description as discussed at the DevCon2. It is not linked yet: http://www.openvas.org/release-life-cycle.html Please comment, improve. I'd like to try out the procedure with OpenVAS 1.0 starting end of september. All the best Jan -- Dr. Jan-Oliver Wagner | ++49-541-335084-0 | http://www.greenbone.net/ Greenbone Networks GmbH, Neuer Graben 17, 49074 Osnabr?ck AG Osnabr?ck, HR B 202460 | Gesch?ftsf?hrer: Lukas Grunwald, Dr. Jan-Oliver Wagner From Jan-Oliver.Wagner at greenbone.net Wed Aug 5 12:15:38 2009 From: Jan-Oliver.Wagner at greenbone.net (Jan-Oliver Wagner) Date: Wed, 5 Aug 2009 12:15:38 +0200 Subject: [Openvas-devel] Voting on Bug #779 with 300 Euro, now 600 In-Reply-To: <200905261953.53101.jan-oliver.wagner@intevation.de> References: <200904291411.43773.jan-oliver.wagner@intevation.de> <200905191105.50788.jan-oliver.wagner@intevation.de> <200905261953.53101.jan-oliver.wagner@intevation.de> Message-ID: <200908051215.38718.Jan-Oliver.Wagner@greenbone.net> Hi, bug #779 is solved! A joined efford of Chandra, Thomas and Felix (partly during the OpenVAS DevCon2) established the solution. It is included in trunk, ready for the next 2.0 releases and also in the Feed. Thanks again Best Jan On Tuesday 26 May 2009 19:53:52 Jan-Oliver Wagner wrote: > Hello, > > I increase my vote to 600 Euro. > > Again: The individual or team that solves the bug _first_, will receive the > money. > > Please note that no one should simply "take" the bug, stopping others > from working on it, and thus delaying the solution. Teaming up might make > sense though ;-) > > Best > > Jan > > On Tuesday 19 May 2009 11:05:48 Jan-Oliver Wagner wrote: > > Hello, > > > > I increase my vote to 500 Euro. > > > > Whoever solves this first, should receive the money. > > > > Best > > > > Jan > > > > On Montag, 11. Mai 2009, Jan-Oliver Wagner wrote: > > > Hello, > > > > > > I increase my vote to 400 Euro ;-) > > > > > > Best > > > > > > Jan > > > > > > On Mittwoch, 29. April 2009, Jan-Oliver Wagner wrote: > > > > bug #779 (concurrent checks problem)[1] is something I want to have > > > > resolved as soon as possible. We have invested quite some time > > > > into analysing the problem and now need to urgently care for other > > > > OpenVAS-realated things. > > > > > > > > So, in lack of time, I offer to pay 300 Euro for ultimately resolving > > > > the bug. > > > > > > > > Best > > > > > > > > Jan > > > > > > > > > > > > [1] http://bugs.openvas.com/779 -- Dr. Jan-Oliver Wagner | ++49-541-335084-0 | http://www.greenbone.net/ Greenbone Networks GmbH, Neuer Graben 17, 49074 Osnabr?ck AG Osnabr?ck, HR B 202460 | Gesch?ftsf?hrer: Lukas Grunwald, Dr. Jan-Oliver Wagner From michael.wiegand at intevation.de Wed Aug 5 14:39:19 2009 From: michael.wiegand at intevation.de (Michael Wiegand) Date: Wed, 5 Aug 2009 14:39:19 +0200 Subject: [Openvas-devel] New releases for 2-0 modules planned In-Reply-To: <200908041611.56570.Jan-Oliver.Wagner@greenbone.net> References: <200907312301.59165.Jan-Oliver.Wagner@greenbone.net> <200908041611.56570.Jan-Oliver.Wagner@greenbone.net> Message-ID: <20090805123918.GE19983@intevation.de> * Jan-Oliver Wagner [ 4. Aug 2009]: > Michael: Can you double check the ChangeLog of trunk > for missing backports? Done. I backported the fixes for the bugs #1033 and #1035 (see http://bugs.openvas.org/1033 and http://bugs.openvas.org/1035). The release can go ahead as far as I am concerned. Regards, Michael -- Michael Wiegand | OpenPGP: D7D049EC | Intevation GmbH - www.intevation.de Neuer Graben 17, 49074 Osnabr?ck, Germany | AG Osnabr?ck, HR B 18998 Gesch?ftsf?hrer: Frank Koormann, Bernhard Reiter, Dr. Jan-Oliver Wagner -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 198 bytes Desc: not available Url : http://lists.wald.intevation.org/pipermail/openvas-devel/attachments/20090805/50dc6837/attachment.pgp From Jan-Oliver.Wagner at greenbone.net Thu Aug 6 08:15:29 2009 From: Jan-Oliver.Wagner at greenbone.net (Jan-Oliver Wagner) Date: Thu, 6 Aug 2009 08:15:29 +0200 Subject: [Openvas-devel] Call for vote on CR#38 (Reorganize OpenVAS libraries) In-Reply-To: <200907312331.34416.Jan-Oliver.Wagner@greenbone.net> References: <200907312331.34416.Jan-Oliver.Wagner@greenbone.net> Message-ID: <200908060815.29784.Jan-Oliver.Wagner@greenbone.net> Hi, more votes/opinions? Best Jan On Friday 31 July 2009 23:31:34 Jan-Oliver Wagner wrote: > Hello, > > I'd like to call for a vote on CR#38 > > http://www.openvas.org/openvas-cr-38.html > "Reorganize OpenVAS libraries" > > This is a very important change request and > if there are any doubts about this change, please > let us know. > > The change includes a couple of consequence, > please see the "Effects" section. > > I am aware that the "cmake" decision is not yet done. > However, I think this should not prevent the general > decision on how to organize OpenVAS libraries. > > Of course my vote is: +1. > > All the best > > Jan -- Dr. Jan-Oliver Wagner | ++49-541-335084-0 | http://www.greenbone.net/ Greenbone Networks GmbH, Neuer Graben 17, 49074 Osnabr?ck AG Osnabr?ck, HR B 202460 | Gesch?ftsf?hrer: Lukas Grunwald, Dr. Jan-Oliver Wagner From Jan-Oliver.Wagner at greenbone.net Thu Aug 6 08:19:01 2009 From: Jan-Oliver.Wagner at greenbone.net (Jan-Oliver Wagner) Date: Thu, 6 Aug 2009 08:19:01 +0200 Subject: [Openvas-devel] Voting on Bug #779 with 300 Euro, now 600 In-Reply-To: <200908051215.38718.Jan-Oliver.Wagner@greenbone.net> References: <200904291411.43773.jan-oliver.wagner@intevation.de> <200905261953.53101.jan-oliver.wagner@intevation.de> <200908051215.38718.Jan-Oliver.Wagner@greenbone.net> Message-ID: <200908060819.01312.Jan-Oliver.Wagner@greenbone.net> Hi again, On Wednesday 05 August 2009 12:15:38 Jan-Oliver Wagner wrote: > bug #779 is solved! > > A joined efford of Chandra, Thomas and Felix > (partly during the OpenVAS DevCon2) established > the solution. It is included in trunk, ready for > the next 2.0 releases and also in the Feed. the bug hunters decided to have the money go to the OpenVAS project. Thanks a lot!!! I will transfer the money to a german associate organisation of SPI. Tim: Really, really time to get click and pledge running! Best Jan -- Dr. Jan-Oliver Wagner | ++49-541-335084-0 | http://www.greenbone.net/ Greenbone Networks GmbH, Neuer Graben 17, 49074 Osnabr?ck AG Osnabr?ck, HR B 202460 | Gesch?ftsf?hrer: Lukas Grunwald, Dr. Jan-Oliver Wagner From felix.wolfsteller at intevation.de Thu Aug 6 08:41:19 2009 From: felix.wolfsteller at intevation.de (Felix Wolfsteller) Date: Thu, 6 Aug 2009 08:41:19 +0200 Subject: [Openvas-devel] Call for vote on CR#38 (Reorganize OpenVAS libraries) In-Reply-To: <200908060815.29784.Jan-Oliver.Wagner@greenbone.net> References: <200907312331.34416.Jan-Oliver.Wagner@greenbone.net> <200908060815.29784.Jan-Oliver.Wagner@greenbone.net> Message-ID: <200908060841.19639.felix.wolfsteller@intevation.de> +1 On Thursday 06 August 2009 08:15:29 Jan-Oliver Wagner wrote: > Hi, > > more votes/opinions? > > Best > > Jan > > On Friday 31 July 2009 23:31:34 Jan-Oliver Wagner wrote: > > Hello, > > > > I'd like to call for a vote on CR#38 > > > > http://www.openvas.org/openvas-cr-38.html > > "Reorganize OpenVAS libraries" > > > > This is a very important change request and > > if there are any doubts about this change, please > > let us know. > > > > The change includes a couple of consequence, > > please see the "Effects" section. > > > > I am aware that the "cmake" decision is not yet done. > > However, I think this should not prevent the general > > decision on how to organize OpenVAS libraries. > > > > Of course my vote is: +1. > > > > All the best > > > > Jan -- Felix Wolfsteller | ++49-541-335 08 3451 | http://www.intevation.de/ PGP Key: 39DE0100 Intevation GmbH, Neuer Graben 17, 49074 Osnabr?ck | AG Osnabr?ck, HR B 18998 Gesch?ftsf?hrer: Frank Koormann, Bernhard Reiter, Dr. Jan-Oliver Wagner From felix.wolfsteller at intevation.de Thu Aug 6 08:53:44 2009 From: felix.wolfsteller at intevation.de (Felix Wolfsteller) Date: Thu, 6 Aug 2009 08:53:44 +0200 Subject: [Openvas-devel] [Openvas-commits] r4262 - in trunk/openvas-plugins: . scripts In-Reply-To: <20090729172856.DDB3585D918F@pyrosoma.intevation.org> References: <20090729172856.DDB3585D918F@pyrosoma.intevation.org> Message-ID: <200908060853.45017.felix.wolfsteller@intevation.de> Hi Thomas Although the ChangeLog entry (not the commit message though) states On Wednesday 29 July 2009 19:28:56 scm-commit at wald.intevation.org wrote: > Author: reinke > Date: 2009-07-29 19:28:37 +0200 (Wed, 29 Jul 2009) > New Revision: 4262 > + scripts/ovcesa2009_1163.nasl, > + scripts/ovcesa2009_1178.nasl: > + New scripts; updates to ovcesa scripts to remove "english" decls > + the opposite happened, or at least some nvts from this commit still contain "english" parts. I will attempt to remove them now. Enjoy -- Felix -- Felix Wolfsteller | ++49-541-335 08 3451 | http://www.intevation.de/ PGP Key: 39DE0100 Intevation GmbH, Neuer Graben 17, 49074 Osnabr?ck | AG Osnabr?ck, HR B 18998 Gesch?ftsf?hrer: Frank Koormann, Bernhard Reiter, Dr. Jan-Oliver Wagner From reinke at securityspace.com Thu Aug 6 15:29:57 2009 From: reinke at securityspace.com (Thomas Reinke) Date: Thu, 06 Aug 2009 09:29:57 -0400 Subject: [Openvas-devel] [Openvas-commits] r4262 - in trunk/openvas-plugins: . scripts In-Reply-To: <200908060853.45017.felix.wolfsteller@intevation.de> References: <20090729172856.DDB3585D918F@pyrosoma.intevation.org> <200908060853.45017.felix.wolfsteller@intevation.de> Message-ID: <4A7ADAD5.3090308@securityspace.com> Felix Wolfsteller wrote: > Hi Thomas > Although the ChangeLog entry (not the commit message though) states > > On Wednesday 29 July 2009 19:28:56 scm-commit at wald.intevation.org wrote: >> Author: reinke >> Date: 2009-07-29 19:28:37 +0200 (Wed, 29 Jul 2009) >> New Revision: 4262 >> + scripts/ovcesa2009_1163.nasl, >> + scripts/ovcesa2009_1178.nasl: >> + New scripts; updates to ovcesa scripts to remove "english" decls >> + > > the opposite happened, or at least some nvts from this commit still > contain "english" parts. > I will attempt to remove them now. > > Enjoy > -- Felix > Ah...I believe I know what happened here. These scripts, because of how they can be automatically after initial generation generation, are unlike other distributions where updates do not occur. Because of the update attribute, we sync the OpenVAS version of centos scripts to our version. So, if you had made edits to them, those edits would have been undone after the next update we provided. I've manually synced up our ovcesa portion of the repository to what OpenVAS has. We'll take a look at making a quick fix to our process to avoid doing an overwrite of changes made at your end like this in the future. Thomas From lists at securityspace.com Thu Aug 6 16:24:50 2009 From: lists at securityspace.com (Thomas Reinke) Date: Thu, 06 Aug 2009 10:24:50 -0400 Subject: [Openvas-devel] [Openvas-commits] r4262 - in trunk/openvas-plugins: . scripts In-Reply-To: <4A7ADAD5.3090308@securityspace.com> References: <20090729172856.DDB3585D918F@pyrosoma.intevation.org> <200908060853.45017.felix.wolfsteller@intevation.de> <4A7ADAD5.3090308@securityspace.com> Message-ID: <4A7AE7B2.1030705@securityspace.com> Hmm...proofread before send...must learn that. > > Ah...I believe I know what happened here. These scripts, because of > how they can be automatically after initial generation generation, are ** how they can be automatically updated after initial generation... ** > unlike other distributions where updates do not occur. Because of > the update attribute, we sync the OpenVAS version of centos scripts > to our version. So, if you had made edits to them, those edits > would have been undone after the next update we provided. > > I've manually synced up our ovcesa portion of the repository to what > OpenVAS has. We'll take a look at making a quick fix to our > process to avoid doing an overwrite of changes made at your end > like this in the future. > > Thomas > _______________________________________________ > Openvas-devel mailing list > Openvas-devel at wald.intevation.org > http://lists.wald.intevation.org/mailman/listinfo/openvas-devel > From bchandra at secpod.com Thu Aug 6 08:42:29 2009 From: bchandra at secpod.com (Chandrashekhar B) Date: Thu, 6 Aug 2009 12:12:29 +0530 Subject: [Openvas-devel] Call for vote on CR#38 (Reorganize OpenVASlibraries) In-Reply-To: <200907312331.34416.Jan-Oliver.Wagner@greenbone.net> References: <200907312331.34416.Jan-Oliver.Wagner@greenbone.net> Message-ID: <41F67339BFA544BA9BAFC7519D812675@bchandra> +1 Chandra -----Original Message----- From: openvas-devel-bounces at wald.intevation.org [mailto:openvas-devel-bounces at wald.intevation.org] On Behalf Of Jan-Oliver Wagner Sent: Saturday, August 01, 2009 3:02 AM To: openvas-devel at wald.intevation.org Subject: [Openvas-devel] Call for vote on CR#38 (Reorganize OpenVASlibraries) Hello, I'd like to call for a vote on CR#38 http://www.openvas.org/openvas-cr-38.html "Reorganize OpenVAS libraries" This is a very important change request and if there are any doubts about this change, please let us know. The change includes a couple of consequence, please see the "Effects" section. I am aware that the "cmake" decision is not yet done. However, I think this should not prevent the general decision on how to organize OpenVAS libraries. Of course my vote is: +1. All the best Jan -- Dr. Jan-Oliver Wagner | ++49-541-335084-0 | http://www.greenbone.net/ Greenbone Networks GmbH, Neuer Graben 17, 49074 Osnabr?ck AG Osnabr?ck, HR B 202460 | Gesch?ftsf?hrer: Lukas Grunwald, Dr. Jan-Oliver Wagner _______________________________________________ Openvas-devel mailing list Openvas-devel at wald.intevation.org http://lists.wald.intevation.org/mailman/listinfo/openvas-devel From lists at securityspace.com Thu Aug 6 23:59:06 2009 From: lists at securityspace.com (Thomas Reinke) Date: Thu, 06 Aug 2009 17:59:06 -0400 Subject: [Openvas-devel] [Openvas-commits] r4370 - in trunk/openvas-plugins: . scripts In-Reply-To: <20090805121417.32FD185D9190@pyrosoma.intevation.org> References: <20090805121417.32FD185D9190@pyrosoma.intevation.org> Message-ID: <4A7B522A.6040301@securityspace.com> gb_openssl_n_gnutls_ssl_spoof_vuln_win.nasl has a dependency on gb_gnutls_detect_win.nasl which doesn't exist in the repository. Thomas scm-commit at wald.intevation.org wrote: > Author: chandra > Date: 2009-08-05 14:14:14 +0200 (Wed, 05 Aug 2009) > New Revision: 4370 > > Added: > trunk/openvas-plugins/scripts/gb_baofeng_storm_detect.nasl > trunk/openvas-plugins/scripts/gb_baofeng_storm_smpl_bof_vuln.nasl > trunk/openvas-plugins/scripts/gb_firefox_ssl_spoof_vuln_win.nasl > trunk/openvas-plugins/scripts/gb_openssl_n_gnutls_ssl_spoof_vuln_win.nasl > trunk/openvas-plugins/scripts/secpod_asterisk_detect.nasl > trunk/openvas-plugins/scripts/secpod_asterisk_rtp_text_frames_dos_vuln.nasl > trunk/openvas-plugins/scripts/secpod_marcelo_costa_fileserver_dir_trav_vuln.nasl > trunk/openvas-plugins/scripts/secpod_php_address_book_detect.nasl > trunk/openvas-plugins/scripts/secpod_php_address_book_sql_inj_vuln.nasl From bchandra at secpod.com Fri Aug 7 06:07:29 2009 From: bchandra at secpod.com (Chandrashekhar B) Date: Fri, 7 Aug 2009 09:37:29 +0530 Subject: [Openvas-devel] [Openvas-commits] r4370 - intrunk/openvas-plugins: . scripts In-Reply-To: <4A7B522A.6040301@securityspace.com> References: <20090805121417.32FD185D9190@pyrosoma.intevation.org> <4A7B522A.6040301@securityspace.com> Message-ID: Committed! Had missed during commit. Thanks, Chandra. -----Original Message----- From: openvas-devel-bounces at wald.intevation.org [mailto:openvas-devel-bounces at wald.intevation.org] On Behalf Of Thomas Reinke Sent: Friday, August 07, 2009 3:29 AM To: openvas-devel at wald.intevation.org Subject: Re: [Openvas-devel] [Openvas-commits] r4370 - intrunk/openvas-plugins: . scripts gb_openssl_n_gnutls_ssl_spoof_vuln_win.nasl has a dependency on gb_gnutls_detect_win.nasl which doesn't exist in the repository. Thomas scm-commit at wald.intevation.org wrote: > Author: chandra > Date: 2009-08-05 14:14:14 +0200 (Wed, 05 Aug 2009) > New Revision: 4370 > > Added: > trunk/openvas-plugins/scripts/gb_baofeng_storm_detect.nasl > trunk/openvas-plugins/scripts/gb_baofeng_storm_smpl_bof_vuln.nasl > trunk/openvas-plugins/scripts/gb_firefox_ssl_spoof_vuln_win.nasl > trunk/openvas-plugins/scripts/gb_openssl_n_gnutls_ssl_spoof_vuln_win.nasl > trunk/openvas-plugins/scripts/secpod_asterisk_detect.nasl > trunk/openvas-plugins/scripts/secpod_asterisk_rtp_text_frames_dos_vuln.nasl > trunk/openvas-plugins/scripts/secpod_marcelo_costa_fileserver_dir_trav_vuln. nasl > trunk/openvas-plugins/scripts/secpod_php_address_book_detect.nasl > trunk/openvas-plugins/scripts/secpod_php_address_book_sql_inj_vuln.nasl _______________________________________________ Openvas-devel mailing list Openvas-devel at wald.intevation.org http://lists.wald.intevation.org/mailman/listinfo/openvas-devel From lists at securityspace.com Fri Aug 7 23:28:29 2009 From: lists at securityspace.com (Thomas Reinke) Date: Fri, 07 Aug 2009 17:28:29 -0400 Subject: [Openvas-devel] CR #40 - find_service.c Message-ID: <4A7C9C7D.5030608@securityspace.com> Hi all, We've put up a CR (http://www.openvas.org/openvas-cr-40.html) to facilitate discussion on the concept of replacing the existing find_service.c In the CR, while I make note of the ability for us to replace find_service.c, there are certain issues with doing that. I've documented the problems, while also proposing an altered approach that allows us to avoid these problems while still meeting our goals of a) being able to update detection methods with the script feed b) leveraging nmap's service detection database. Please read and comment. Thomas From geoff at galitz.org Sun Aug 9 10:12:44 2009 From: geoff at galitz.org (Geoff Galitz) Date: Sun, 9 Aug 2009 10:12:44 +0200 Subject: [Openvas-devel] OpenVAS server on Windows? Message-ID: <8D68541DA7FC495BB84F6A2CB291F001@geoffPC> I'm looking to get this SSH evaluation done this weekend, but I have a question. Is SSH library support for the server portion important on Windows? IOW, is Windows a target platform for OpenVAS server development? -geoff --------------------------------- Geoff Galitz Blankenheim NRW, Germany http://www.galitz.org/ http://german-way.com/blog/ -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.wald.intevation.org/pipermail/openvas-devel/attachments/20090809/2d9b40d4/attachment.html From Jan-Oliver.Wagner at greenbone.net Sun Aug 9 20:38:29 2009 From: Jan-Oliver.Wagner at greenbone.net (Jan-Oliver Wagner) Date: Sun, 9 Aug 2009 20:38:29 +0200 Subject: [Openvas-devel] OpenVAS server on Windows? In-Reply-To: <8D68541DA7FC495BB84F6A2CB291F001@geoffPC> References: <8D68541DA7FC495BB84F6A2CB291F001@geoffPC> Message-ID: <200908092038.30185.Jan-Oliver.Wagner@greenbone.net> On Sunday 09 August 2009 10:12:44 Geoff Galitz wrote: > I'm looking to get this SSH evaluation done this weekend, but I have a > question. Is SSH library support for the server portion important on > Windows? IOW, is Windows a target platform for OpenVAS server development? Windows is not a target platform for the scanner. IMHO this does not make sense at all. Only clients we try to get working on Windows. Best Jan -- Dr. Jan-Oliver Wagner | ++49-541-335084-0 | http://www.greenbone.net/ Greenbone Networks GmbH, Neuer Graben 17, 49074 Osnabr?ck AG Osnabr?ck, HR B 202460 | Gesch?ftsf?hrer: Lukas Grunwald, Dr. Jan-Oliver Wagner From kost at linux.hr Mon Aug 10 09:15:59 2009 From: kost at linux.hr (Vlatko Kosturjak) Date: Mon, 10 Aug 2009 09:15:59 +0200 Subject: [Openvas-devel] Removal of C plugins Message-ID: <4A7FC92F.6080503@linux.hr> I just commited 3com_hub replacement to trunk. That means most old vulnerability checks implemented in C are now implemented in NASL. As they are old I was limited in testing them, so if you can test it more, it would be appreciated. (I have found single 3com switch, could find any other 3com model, and I don't have SGI box to test SGI objectserver vuln...) That means we still have following generic plugins to replace: * portscanners (tcp/syn) - should be replaced by nmap? * ssl_ciphers - SSL implementation missing, basic SSLv2 implementation in ssl_funcs.inc, but for this we need SSLv2 and SSLv3 implementation. Should we implement SSL in NASL or use openssl/gnutls and export useful f() to NASL? * find_service - part of CR#40, http://www.openvas.org/openvas-cr-40.html Also here's something that was discovered during C plugins replacement development: - openvas NASL is missing layer 2 functions (in order to implement 3com_hub fully in NASL, it is required to have layer 2 functions) - openvas NASL is missing network info functions (what mac addres, what subnet, what interface packet will go through, ...). It could be done using pread and parsing output from ifconfig/route/, but it seems clumsy and not portable. Kost From kost at linux.hr Mon Aug 10 09:19:14 2009 From: kost at linux.hr (Vlatko Kosturjak) Date: Mon, 10 Aug 2009 09:19:14 +0200 Subject: [Openvas-devel] Remote PW crack in OpenVAS Message-ID: <4A7FC9F2.7030403@linux.hr> I have started implementation of password cracking in OpenVAS. As OpenVAS dropped hydra due to many reasons, I've implemented ssh password cracking for the start. Let me know if you find any errors or suggestions. Also, I think I need to raise following question. What about script_id/oid reuses? For example, hydra_ssh NASL had certain script_id and now it is deleted. Should we use same script_id for ncrack/pd or we should choose new script_id/oids? Kost From felix.wolfsteller at intevation.de Mon Aug 10 09:29:38 2009 From: felix.wolfsteller at intevation.de (Felix Wolfsteller) Date: Mon, 10 Aug 2009 09:29:38 +0200 Subject: [Openvas-devel] Remote PW crack in OpenVAS In-Reply-To: <4A7FC9F2.7030403@linux.hr> References: <4A7FC9F2.7030403@linux.hr> Message-ID: <200908100929.38474.felix.wolfsteller@intevation.de> On Monday 10 August 2009 09:19:14 Vlatko Kosturjak wrote: > Also, I think I need to raise following question. What about > script_id/oid reuses? For example, hydra_ssh NASL had certain script_id > and now it is deleted. Should we use same script_id for ncrack/pd or we > should choose new script_id/oids? imo, once in time a OID has been used (might even be by typo in svn), it should not be used by another NVT again. Same is true for reimplementations of old c- plugins. The nasl- equivalents should get a new, unique OID. -- felix -- Felix Wolfsteller | ++49-541-335 08 3451 | http://www.intevation.de/ PGP Key: 39DE0100 Intevation GmbH, Neuer Graben 17, 49074 Osnabr?ck | AG Osnabr?ck, HR B 18998 Gesch?ftsf?hrer: Frank Koormann, Bernhard Reiter, Dr. Jan-Oliver Wagner From kost at linux.hr Mon Aug 10 10:39:14 2009 From: kost at linux.hr (Vlatko Kosturjak) Date: Mon, 10 Aug 2009 10:39:14 +0200 Subject: [Openvas-devel] Remote PW crack in OpenVAS In-Reply-To: <4A7FC9F2.7030403@linux.hr> References: <4A7FC9F2.7030403@linux.hr> Message-ID: <4A7FDCB2.6030106@linux.hr> Vlatko Kosturjak wrote: > I have started implementation of password cracking in OpenVAS. > As OpenVAS dropped hydra due to many reasons, I've implemented ssh > password cracking for the start. Let me know if you find any errors or > suggestions. Quick note. If you're testing ncrack (remote-pwcrack-ncrack-ssh.nasl), make sure you apply this patch on ncrack (it's against latest SVN version - specifically r14894): http://seclists.org/nmap-dev/2009/q3/0557.html Kost From bchandra at secpod.com Mon Aug 10 11:51:00 2009 From: bchandra at secpod.com (Chandrashekhar B) Date: Mon, 10 Aug 2009 15:21:00 +0530 Subject: [Openvas-devel] Removal of C plugins In-Reply-To: <4A7FC92F.6080503@linux.hr> References: <4A7FC92F.6080503@linux.hr> Message-ID: <3305ECD2A8BB41A9B4F6ED7CB02169DF@bchandra> Hello, >* ssl_ciphers - SSL implementation missing, basic SSLv2 implementation >in ssl_funcs.inc, but for this we need SSLv2 and SSLv3 implementation. >Should we implement SSL in NASL or use openssl/gnutls and export useful >f() to NASL? I think preference should be to export useful functions from external libraries. >Also here's something that was discovered during C plugins replacement >development: >- openvas NASL is missing layer 2 functions (in order to implement >3com_hub fully in NASL, it is required to have layer 2 functions) >- openvas NASL is missing network info functions (what mac addres, what >subnet, what interface packet will go through, ...). It could be done >using pread and parsing output from ifconfig/route/, but it seems clumsy >and not portable. Some of these functions are already there in openvas-libraries, need to expose them through libnasl. Thanks, Chandra. From timb at openvas.org Mon Aug 10 12:05:20 2009 From: timb at openvas.org (Tim Brown) Date: Mon, 10 Aug 2009 11:05:20 +0100 Subject: [Openvas-devel] Removal of C plugins Message-ID: <200908101105.24121.timb@openvas.org> On Monday 10 August 2009 10:51:00 Chandrashekhar B wrote: > Hello, > > >* ssl_ciphers - SSL implementation missing, basic SSLv2 implementation > >in ssl_funcs.inc, but for this we need SSLv2 and SSLv3 implementation. > >Should we implement SSL in NASL or use openssl/gnutls and export useful > >f() to NASL? > > I think preference should be to export useful functions from external > libraries. The problem will be that not all ciphers supported by any one library, GNU TLS particularly is notorious for only exposing "secure" cipher suites. A friend of mine did some work on testing SSL via raw packets (not dependant on using libraries), I will ask him for his opinion/source code. > >Also here's something that was discovered during C plugins replacement > >development: > >- openvas NASL is missing layer 2 functions (in order to implement > >3com_hub fully in NASL, it is required to have layer 2 functions) > >- openvas NASL is missing network info functions (what mac addres, what > >subnet, what interface packet will go through, ...). It could be done > >using pread and parsing output from ifconfig/route/, but it seems clumsy > >and not portable. Agreed. Tim -- Tim Brown From Jan-Oliver.Wagner at greenbone.net Mon Aug 10 13:15:46 2009 From: Jan-Oliver.Wagner at greenbone.net (Jan-Oliver Wagner) Date: Mon, 10 Aug 2009 13:15:46 +0200 Subject: [Openvas-devel] OpenVAS Release Live Cycle In-Reply-To: <200908051100.24973.Jan-Oliver.Wagner@greenbone.net> References: <200908051100.24973.Jan-Oliver.Wagner@greenbone.net> Message-ID: <200908101315.46552.Jan-Oliver.Wagner@greenbone.net> Hi, On Wednesday 05 August 2009 11:00:24 Jan-Oliver Wagner wrote: > I crafted a first version of the the procdure for retirement > as part of the release life cycle description as discussed > at the DevCon2. > > It is not linked yet: > http://www.openvas.org/release-life-cycle.html > > Please comment, improve. > > I'd like to try out the procedure with OpenVAS 1.0 starting end > of september. I'd like to test it first with openvas-plugins <= 1.0.2 which is something long due already. If no one objects to the procedure I will next week start the procedure for openvas-plugins <= 1.0.2 and while doing so improve the web page. All the best Jan -- Dr. Jan-Oliver Wagner | ++49-541-335084-0 | http://www.greenbone.net/ Greenbone Networks GmbH, Neuer Graben 17, 49074 Osnabr?ck AG Osnabr?ck, HR B 202460 | Gesch?ftsf?hrer: Lukas Grunwald, Dr. Jan-Oliver Wagner From felix.wolfsteller at intevation.de Mon Aug 10 13:34:36 2009 From: felix.wolfsteller at intevation.de (Felix Wolfsteller) Date: Mon, 10 Aug 2009 13:34:36 +0200 Subject: [Openvas-devel] OpenVAS Release Live Cycle In-Reply-To: <200908101315.46552.Jan-Oliver.Wagner@greenbone.net> References: <200908051100.24973.Jan-Oliver.Wagner@greenbone.net> <200908101315.46552.Jan-Oliver.Wagner@greenbone.net> Message-ID: <200908101334.36580.felix.wolfsteller@intevation.de> On Monday 10 August 2009 13:15:46 Jan-Oliver Wagner wrote: > Hi, > > On Wednesday 05 August 2009 11:00:24 Jan-Oliver Wagner wrote: > > I crafted a first version of the the procdure for retirement > > as part of the release life cycle description as discussed > > at the DevCon2. > > > > It is not linked yet: > > http://www.openvas.org/release-life-cycle.html > > > > Please comment, improve. > > > > I'd like to try out the procedure with OpenVAS 1.0 starting end > > of september. > > I'd like to test it first with openvas-plugins <= 1.0.2 > which is something long due already. Why not with a higher version? Why not even with the latest version, as we recommend to use the feed anyway? The only reason i can see are the c- plugins which will be distributed with the server module in mid-near future and replaced by nasl equivalents in the near(?) future. -- felix -- Felix Wolfsteller | ++49-541-335 08 3451 | http://www.intevation.de/ PGP Key: 39DE0100 Intevation GmbH, Neuer Graben 17, 49074 Osnabr?ck | AG Osnabr?ck, HR B 18998 Gesch?ftsf?hrer: Frank Koormann, Bernhard Reiter, Dr. Jan-Oliver Wagner From hanno at hboeck.de Mon Aug 10 15:57:51 2009 From: hanno at hboeck.de (Hanno =?utf-8?q?B=C3=B6ck?=) Date: Mon, 10 Aug 2009 15:57:51 +0200 Subject: [Openvas-devel] openvas relay check bogus? Message-ID: <200908101557.51673.hanno@hboeck.de> Hi, I get the warning below on some of my servers. Do I get something wrong here or is this test totally bogus? Obviously, my server accepts mails to it's own host. It's not relaying them anywhere. If the test wants to check for open relays (which is a good idea), it should try to deliver a mail to another host (or some bogus host like hsajdkahsda.com). If that is accepted, then there's a problem. Accepting mail for it's own host is the purpose of an smtp server. I assume the intention is to send to nobody at example.com, though the check seems to get something wrong here. ----------- Reported by NVT "Mail relaying (thorough test)" (1.3.6.1.4.1.25623.1.0.11852): The remote SMTP server is insufficiently protected against relaying This means that spammers might be able to use your mail server to send their mails to the world. OpenVAS was able to relay mails by sending those sequences: MAIL FROM: RCPT TO: Risk factor : Medium Solution : upgrade your software or improve the configuration so that your SMTP server cannot be used as a relay any more. -- Hanno B?ck Blog: http://www.hboeck.de/ GPG: 3DBD3B20 Jabber/Mail: hanno at hboeck.de http://schokokeks.org - professional webhosting -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 198 bytes Desc: This is a digitally signed message part. Url : http://lists.wald.intevation.org/pipermail/openvas-devel/attachments/20090810/31cb0bd0/attachment.pgp From hanno at hboeck.de Mon Aug 10 16:01:10 2009 From: hanno at hboeck.de (Hanno =?utf-8?q?B=C3=B6ck?=) Date: Mon, 10 Aug 2009 16:01:10 +0200 Subject: [Openvas-devel] apian directory traversal check Message-ID: <200908101601.10857.hanno@hboeck.de> Just got this warning and looking at the code, the only thing this check does is calling the URL http://[host]/css/includer.php?files=includer.php and if that contains the String "Zend", it throws a warning. Just hit on that cause the host had a webpage that was delivering it's start page on any unknown URL and contained an article about Zend. ---------------- Reported by NVT "Afian 'includer.php' Directory Traversal Vulnerability" (1.3.6.1.4.1.25623.1.0.100009): Overview: Afian is prone to a directory-traversal vulnerability because it fails to sufficiently sanitize user-supplied input data. Exploiting the issue may allow an attacker to obtain sensitive information that could aid in further attacks. Risk factor : Medium BID : 33943 -- Hanno B?ck Blog: http://www.hboeck.de/ GPG: 3DBD3B20 Jabber/Mail: hanno at hboeck.de http://schokokeks.org - professional webhosting -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 198 bytes Desc: This is a digitally signed message part. Url : http://lists.wald.intevation.org/pipermail/openvas-devel/attachments/20090810/be9c2acb/attachment.pgp From lists at securityspace.com Mon Aug 10 16:22:12 2009 From: lists at securityspace.com (Thomas Reinke) Date: Mon, 10 Aug 2009 10:22:12 -0400 Subject: [Openvas-devel] Removal of C plugins In-Reply-To: <4A7FC92F.6080503@linux.hr> References: <4A7FC92F.6080503@linux.hr> Message-ID: <4A802D14.4000001@securityspace.com> > * ssl_ciphers - SSL implementation missing, basic SSLv2 implementation > in ssl_funcs.inc, but for this we need SSLv2 and SSLv3 implementation. > Should we implement SSL in NASL or use openssl/gnutls and export useful > f() to NASL? We should export useful information back to NASL via functions. We really do not want to be implementing SSL in NASL. In this case, perhaps a single function "get_ssl_ciphers(PROT, port)" might be an API that does all the work that the plugin used to do, but in the context of an API that can be invoked from a NASL script, rather than structured as a C plugin. Thomas From mime at gmx.de Mon Aug 10 17:05:42 2009 From: mime at gmx.de (Michael Meyer) Date: Mon, 10 Aug 2009 17:05:42 +0200 Subject: [Openvas-devel] apian directory traversal check In-Reply-To: <200908101601.10857.hanno@hboeck.de> References: <200908101601.10857.hanno@hboeck.de> Message-ID: <20090810150542.GA3817@komma-nix.de> Hello Hanno, *** Hanno B?ck wrote: > Just got this warning and looking at the code, the only thing this check does > is calling the URL > http://[host]/css/includer.php?files=includer.php > and if that contains the String "Zend", it throws a warning. Thanks for pointing out. Fixed version is available via SVN in a few minutes. It should be available via the OpenVAS-Feed tomorow. Micha From mime at gmx.de Mon Aug 10 22:36:48 2009 From: mime at gmx.de (Michael Meyer) Date: Mon, 10 Aug 2009 22:36:48 +0200 Subject: [Openvas-devel] openvas relay check bogus? In-Reply-To: <200908101557.51673.hanno@hboeck.de> References: <200908101557.51673.hanno@hboeck.de> Message-ID: <20090810203648.GA4167@komma-nix.de> Hello Hanno, *** Hanno B?ck wrote: > I get the warning below on some of my servers. Which MTA(s) are you running on these servers? Qmail? > Do I get something wrong here or is this test totally bogus? At first glance i can't see a problem in smtp_relay2.nasl. > Obviously, my server accepts mails to it's own host. It's not > relaying them anywhere. > > If the test wants to check for open relays (which is a good idea), it should > try to deliver a mail to another host (or some bogus host like > hsajdkahsda.com). If that is accepted, then there's a problem. Accepting mail > for it's own host is the purpose of an smtp server. > > I assume the intention is to send to nobody at example.com, though the check > seems to get something wrong here. > > ----------- > Reported by NVT "Mail relaying (thorough test)" (1.3.6.1.4.1.25623.1.0.11852): [...] > OpenVAS was able to relay mails by sending those sequences: > MAIL FROM: > RCPT TO: ,---[ http://www.remote.org/jochen/mail/info/address.html ] | The percent hack | | The so called percent hack is another form of source route. Here an address | lookes like this: | | peter%hotmail.com%mail.mit.edu at donald.mit.edu | | The mail is sent to the host donald.mit.edu, which will strip off the domain | and change the rightmost percent sign (%) into an At sign (@), which will | result in the following address: | | peter%hotmail.com at mail.mit.edu | | So it sends the mail on to mail.mit.edu and so on. This use of the percent sign | is deprecated because of the associated risk of spam relaying. (See above.) | | Note that there is no official document, that makes the percent sign special. | It is strictly up to the receiving host, whether it will interpret the percent | sign in this special way. `---| Please do the following Test: ,---| | telnet MTA 25 | HELO domain.tld | MAIL FROM: | RCPT TO: | DATA | From: | To: | Subject: test | | test | . | QUIT `---| What's the status code the server(s) responds atfter the "RCPT" command? 250/251? ,---[ smtp_relay2.nasl ] | rt = strcat('RCPT TO: <', to_l[i], '>\r\n'); | send(socket: soc, data: rt); | l = smtp_recv_line(socket: soc); | if (l =~ '^2[0-9][0-9]') | { `---| What's the status code the server(s) responds atfter the "QUIT" command? What you see in the MTA(s) Logfile(s)? Micha From hanno at hboeck.de Mon Aug 10 23:28:32 2009 From: hanno at hboeck.de (Hanno =?utf-8?q?B=C3=B6ck?=) Date: Mon, 10 Aug 2009 23:28:32 +0200 Subject: [Openvas-devel] openvas relay check bogus? In-Reply-To: <20090810203648.GA4167@komma-nix.de> References: <200908101557.51673.hanno@hboeck.de> <20090810203648.GA4167@komma-nix.de> Message-ID: <200908102328.32706.hanno@hboeck.de> It's a courier host. Am Montag 10 August 2009 schrieb Michael Meyer: > | telnet MTA 25 > | HELO domain.tld > | MAIL FROM: > | RCPT TO: > | DATA > | From: > | To: > | Subject: test > | > | test > | . > | QUIT On that I get 517-Domain does not exist: domain.tld if I replace it with the hosts domain I get 517 SPF fail usrportage.de: Address does not pass the Sender Policy Framework I don't fully understand that smtp stuff, I'll talk back with my colleague that is maintaining the SMTP host tomorrow. -- Hanno B?ck Blog: http://www.hboeck.de/ GPG: 3DBD3B20 Jabber/Mail: hanno at hboeck.de http://schokokeks.org - professional webhosting -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 198 bytes Desc: This is a digitally signed message part. Url : http://lists.wald.intevation.org/pipermail/openvas-devel/attachments/20090810/ef8426f4/attachment.pgp From openvas-bugs at wald.intevation.org Sat Aug 8 14:44:39 2009 From: openvas-bugs at wald.intevation.org (openvas-bugs@wald.intevation.org) Date: Sat, 8 Aug 2009 14:44:39 +0200 (CEST) Subject: [Openvas-devel] =?utf-8?q?=5Bopenvas-Bugs=5D=5B1079=5D_openvasd_f?= =?utf-8?q?ails_to_start_with_gpgme_1=2E2=2E0?= Message-ID: <20090808124439.6721C852FE1D@pyrosoma.intevation.org> Bugs item #1079, was opened at 2009-08-08 14:44 Status: Open Priority: 3 Submitted By: Hanno Boeck (hannob) Assigned to: Nobody (None) Summary: openvasd fails to start with gpgme 1.2.0 Architecture: None Resolution: None Severity: None Version: None Component: openvas-libnasl Operating System: None Product: None Hardware: None URL: Initial Comment: I'm using all the latest releases of openvas-* on Gentoo Linux. When starting openvasd, I get a segfault. Reading strace-Output, it seems to have something to do with gpgme. After downgrading gpgme to 1.1.8, it works. Interesting, when just using the plugins delivered with latest openvas-plugins-release, it works, though if I sync the plugins, the segfault appears. output: libertalia ~ # openvasd store_init(): called with NULL Loading the plugins... 1275 (out of 12655)[24213]() gpgme_new failed: User defined source 1/Not operational Segmentation fault some strace output: stat("/usr/lib64/openvas/plugins/glsa_200903_33.nasl", {st_mode=S_IFREG|0444, st_size=3643, ...}) = 0 stat("/usr/lib64/openvas/plugins/.desc/glsa_200903_33.nasl.desc", {st_mode=S_IFREG|0644, st_size=12080, ...}) = 0 stat("/usr/lib64/openvas/plugins/glsa_200903_33.nasl.asc", {st_mode=S_IFREG|0644, st_size=189, ...}) = 0 open("/usr/lib64/openvas/plugins/.desc/glsa_200903_33.nasl.desc", O_RDONLY) = 4 fstat(4, {st_mode=S_IFREG|0644, st_size=12080, ...}) = 0 mmap(NULL, 12080, PROT_READ, MAP_SHARED, 4, 0) = 0x7f97bd6cc000 munmap(0x7f97bd6cc000, 12080) = 0 close(4) = 0 stat("/usr/lib64/openvas/plugins/gb_mandriva_MDKA_2007_109.nasl", {st_mode=S_IFREG|0444, st_size=3597, ...}) = 0 stat("/usr/lib64/openvas/plugins/.desc/gb_mandriva_MDKA_2007_109.nasl.desc", {st_mode=S_IFREG|0644, st_size=12080, ...}) = 0 stat("/usr/lib64/openvas/plugins/gb_mandriva_MDKA_2007_109.nasl.asc", {st_mode=S_IFREG|0644, st_size=189, ...}) = 0 open("/usr/lib64/openvas/plugins/.desc/gb_mandriva_MDKA_2007_109.nasl.desc", O_RDONLY) = 4 fstat(4, {st_mode=S_IFREG|0644, st_size=12080, ...}) = 0 mmap(NULL, 12080, PROT_READ, MAP_SHARED, 4, 0) = 0x7f97bd6cc000 munmap(0x7f97bd6cc000, 12080) = 0 close(4) = 0 stat("/usr/lib64/openvas/plugins/W32.Sasser.Worm.nasl", {st_mode=S_IFREG|0444, st_size=1673, ...}) = 0 stat("/usr/lib64/openvas/plugins/.desc/W32.Sasser.Worm.nasl.desc", 0x7fff45db0920) = -1 ENOENT (No such file or directory) pipe([4, 6]) = 0 fcntl(4, F_SETFD, FD_CLOEXEC) = 0 clone(child_stack=0, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x7f97bd6927c0) = 24234 wait4(24234, [{WIFEXITED(s) && WEXITSTATUS(s) == 0}], 0, NULL) = 24234 --- SIGCHLD (Child exited) @ 0 (0) --- close(6) = 0 read(4, "gpg (GnuPG) 2.0.11\nlibgcrypt 1.4."..., 79) = 79 close(4) = 0 pipe([4, 6]) = 0 fcntl(4, F_SETFD, FD_CLOEXEC) = 0 clone(child_stack=0, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x7f97bd6927c0) = 24236 --- SIGCHLD (Child exited) @ 0 (0) --- wait4(24236, [{WIFEXITED(s) && WEXITSTATUS(s) == 0}], 0, NULL) = 24236 close(6) = 0 read(4, "gpgsm (GnuPG) 2.0.11\nlibgcrypt 1."..., 79) = 79 close(4) = 0 pipe([4, 6]) = 0 fcntl(4, F_SETFD, FD_CLOEXEC) = 0 clone(child_stack=0, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x7f97bd6927c0) = 24238 --- SIGCHLD (Child exited) @ 0 (0) --- wait4(24238, [{WIFEXITED(s) && WEXITSTATUS(s) == 0}], 0, NULL) = 24238 close(6) = 0 read(4, "gpgconf (GnuPG) 2.0.11\nCopyright "..., 79) = 79 close(4) = 0 pipe([4, 6]) = 0 fcntl(4, F_SETFD, FD_CLOEXEC) = 0 clone(child_stack=0, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x7f97bd6927c0) = 24240 --- SIGCHLD (Child exited) @ 0 (0) --- wait4(24240, [{WIFEXITED(s) && WEXITSTATUS(s) == 0}], 0, NULL) = 24240 close(6) = 0 read(4, "sysconfdir:/etc/gnupg\nbindir:/usr"..., 1023) = 240 read(4, ""..., 1023) = 0 close(4) = 0 getpid() = 24232 write(2, "[24232]() gpgme_new failed: User "..., 66[24232]() gpgme_new failed: User defined source 1/Not operational ) = 66 stat("/usr/lib64/openvas/plugins/W32.Sasser.Worm.nasl", {st_mode=S_IFREG|0444, st_size=1673, ...}) = 0 open("/usr/lib64/openvas/plugins/W32.Sasser.Worm.nasl", O_RDONLY) = 4 fstat(4, {st_mode=S_IFREG|0444, st_size=1673, ...}) = 0 mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f97bd6ce000 lseek(4, 0, SEEK_SET) = 0 read(4, "\nexit(0); # moved into smb_virii."..., 4096) = 1673 close(4) = 0 munmap(0x7f97bd6ce000, 4096) = 0 stat("/usr/lib64/openvas/plugins/W32.Sasser.Worm.nasl.asc", {st_mode=S_IFREG|0644, st_size=189, ...}) = 0 open("/usr/lib64/openvas/plugins/W32.Sasser.Worm.nasl.asc", O_RDONLY) = 4 fstat(4, {st_mode=S_IFREG|0644, st_size=189, ...}) = 0 mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f97bd6ce000 lseek(4, 0, SEEK_SET) = 0 read(4, "-----BEGIN PGP SIGNATURE-----\nVer"..., 4096) = 189 close(4) = 0 munmap(0x7f97bd6ce000, 4096) = 0 --- SIGSEGV (Segmentation fault) @ 0 (0) --- +++ killed by SIGSEGV +++ ---------------------------------------------------------------------- You can respond by visiting: http://wald.intevation.org/tracker/?func=detail&atid=220&aid=1079&group_id=29 From timb at machine.org.uk Mon Aug 10 12:04:30 2009 From: timb at machine.org.uk (Tim Brown) Date: Mon, 10 Aug 2009 11:04:30 +0100 Subject: [Openvas-devel] Removal of C plugins In-Reply-To: <3305ECD2A8BB41A9B4F6ED7CB02169DF@bchandra> References: <4A7FC92F.6080503@linux.hr> <3305ECD2A8BB41A9B4F6ED7CB02169DF@bchandra> Message-ID: <200908101104.35710.timb@machine.org.uk> On Monday 10 August 2009 10:51:00 Chandrashekhar B wrote: > Hello, > > >* ssl_ciphers - SSL implementation missing, basic SSLv2 implementation > >in ssl_funcs.inc, but for this we need SSLv2 and SSLv3 implementation. > >Should we implement SSL in NASL or use openssl/gnutls and export useful > >f() to NASL? > > I think preference should be to export useful functions from external > libraries. The problem will be that not all ciphers supported by any one library, GNU TLS particularly is notorious for only exposing "secure" cipher suites. A friend of mine did some work on testing SSL via raw packets (not dependant on using libraries), I will ask him for his opinion/source code. > >Also here's something that was discovered during C plugins replacement > >development: > >- openvas NASL is missing layer 2 functions (in order to implement > >3com_hub fully in NASL, it is required to have layer 2 functions) > >- openvas NASL is missing network info functions (what mac addres, what > >subnet, what interface packet will go through, ...). It could be done > >using pread and parsing output from ifconfig/route/, but it seems clumsy > >and not portable. Agreed. Tim -- Tim Brown From openvas-bugs at wald.intevation.org Mon Aug 10 23:13:20 2009 From: openvas-bugs at wald.intevation.org (openvas-bugs@wald.intevation.org) Date: Mon, 10 Aug 2009 23:13:20 +0200 (CEST) Subject: [Openvas-devel] =?utf-8?q?=5Bopenvas-Bugs=5D=5B1083=5D_nmap=2Enas?= =?utf-8?q?l_sets_ping=5Ffailed_to_yes_when_host_is_dead=2C_but_tes?= =?utf-8?q?t_is_not_stopped_by_attack=2Ec?= Message-ID: <20090810211320.1FE46852F991@pyrosoma.intevation.org> Bugs item #1083, was opened at 2009-08-10 16:13 Status: Open Priority: 3 Submitted By: Brian Dreyer (bmd524) Assigned to: Nobody (None) Summary: nmap.nasl sets ping_failed to yes when host is dead, but test is not stopped by attack.c Architecture: 32 Bit Resolution: None Severity: normal Version: v2.0.3 Component: openvas-server Operating System: Linux Product: OpenVAS Hardware: All URL: Initial Comment: When testing networks using the nmap port scanner, dead hosts never complete even though nmap returns that the host is dead. This is what mime (from openvas chat) found in the code: nmap.nasl when host is dead -> 'set_kb_item(name: "Host/ping_failed", value: "yes");' attack.c -> /* Stop the test if the host is 'dead' */ if(kb_item_get_int(kb, "Host/dead") > 0 || kb_item_get_int(kb, "Host/ping_failed") > 0 ) is "yes" > 0 in this statement? Another option given by felix_ (from openvas chat) would be to set the Host/dead value in the nmap.nasl to accomplish the same goal. Either way, if the host is dead, the test should not continue. ---------------------------------------------------------------------- You can respond by visiting: http://wald.intevation.org/tracker/?func=detail&atid=220&aid=1083&group_id=29 From Jan-Oliver.Wagner at greenbone.net Tue Aug 11 08:39:51 2009 From: Jan-Oliver.Wagner at greenbone.net (Jan-Oliver Wagner) Date: Tue, 11 Aug 2009 08:39:51 +0200 Subject: [Openvas-devel] OpenVAS Release Live Cycle In-Reply-To: <200908101334.36580.felix.wolfsteller@intevation.de> References: <200908051100.24973.Jan-Oliver.Wagner@greenbone.net> <200908101315.46552.Jan-Oliver.Wagner@greenbone.net> <200908101334.36580.felix.wolfsteller@intevation.de> Message-ID: <200908110839.53045.Jan-Oliver.Wagner@greenbone.net> On Montag, 10. August 2009, Felix Wolfsteller wrote: > On Monday 10 August 2009 13:15:46 Jan-Oliver Wagner wrote: > > On Wednesday 05 August 2009 11:00:24 Jan-Oliver Wagner wrote: > > > I crafted a first version of the the procdure for retirement > > > as part of the release life cycle description as discussed > > > at the DevCon2. > > > > > > It is not linked yet: > > > http://www.openvas.org/release-life-cycle.html > > > > > > Please comment, improve. > > > > > > I'd like to try out the procedure with OpenVAS 1.0 starting end > > > of september. > > > > I'd like to test it first with openvas-plugins <= 1.0.2 > > which is something long due already. > > Why not with a higher version? > Why not even with the latest version, as we recommend to use the feed anyway? 1.0.2 -> 1.0.3 was the only real serious bug fix. It might make sense to retire <= 1.0.3. Any later version could not be retired right now according to the time constraints specified in the retirement procedure. However, staying conservative with retirements should be a base rule. > The only reason i can see are the c- plugins which will be distributed with > the server module in mid-near future and replaced by nasl equivalents in the > near(?) future. Indeed. As long as 2.0 is supported, openvas-plugins is mandatory. Best Jan -- Dr. Jan-Oliver Wagner | ++49-541-335084-0 | http://www.greenbone.net/ Greenbone Networks GmbH, Neuer Graben 17, 49074 Osnabr?ck | AG Osnabr?ck, HR B 202460 Gesch?ftsf?hrer: Lukas Grunwald, Dr. Jan-Oliver Wagner From mime at gmx.de Tue Aug 11 12:53:21 2009 From: mime at gmx.de (Michael Meyer) Date: Tue, 11 Aug 2009 12:53:21 +0200 Subject: [Openvas-devel] openvas relay check bogus? In-Reply-To: <200908102328.32706.hanno@hboeck.de> References: <200908101557.51673.hanno@hboeck.de> <20090810203648.GA4167@komma-nix.de> <200908102328.32706.hanno@hboeck.de> Message-ID: <20090811105321.GA2926@komma-nix.de> Hello Hanno, *** Hanno B?ck wrote: > It's a courier host. > > Am Montag 10 August 2009 schrieb Michael Meyer: > > | telnet MTA 25 > > | HELO domain.tld > > | MAIL FROM: > > | RCPT TO: > > | DATA > > | From: > > | To: > > | Subject: test > > | > > | test > > | . > > | QUIT > > On that I get > 517-Domain does not exist: domain.tld > > if I replace it with the hosts domain I get > 517 SPF fail usrportage.de: Address does not pass the Sender Policy Framework Hmm... ,---| | mime at kira:~ % telnet usrportage.de 25 | Trying 78.46.69.2... | Connected to usrportage.de. | Escape character is '^]'. | 220 milch.schokokeks.org ESMTP | helo localhost | 250 milch.schokokeks.org Ok. | MAIL FROM: | 250 Ok. | RCPT TO: | 250 Ok. | DATA | 354 Ok. | FROM: | To: | Subject: test | | test | . | 250 Ok. 000000004A813915.000053F2 | quit | 221 Bye. | Connection closed by foreign host `---| Somebody should have a look in the logs to see what happend with the Mail with ID "000000004A813915.000053F2". Because this Mail was accepted, this host was recognized as an open relay, even if the mail was discarded internal. The Script could not detect that. ;-) The mail never arrived here, so i think it was truly discarded internal. ,---| | mime at kira:~ % telnet ben.ebiz-webhosting.de 25 | Trying 213.203.248.138... | Connected to ben.ebiz-webhosting.de. | Escape character is '^]'. | 220 ben.ebiz-webhosting.de ESMTP ben.ebiz-webhosting.de | helo localhost | 250 ben.ebiz-webhosting.de | MAIL FROM: | 250 2.1.0 Ok | RCPT TO: | 554 5.7.1 : Recipient address rejected: Relay access denied `---| ,---| | mime at kira:~ % telnet usrportage.de 25 | Trying 78.46.69.2... | Connected to usrportage.de. | Escape character is '^]'. | 220 milch.schokokeks.org ESMTP | helo localhost | 250 milch.schokokeks.org Ok. | MAIL FROM: | 250 Ok. | RCPT TO: | 513 Relaying denied. `---| You see the difference? ;-) Micha From waja at cyconet.org Wed Aug 12 13:36:48 2009 From: waja at cyconet.org (Jan Wagner) Date: Wed, 12 Aug 2009 13:36:48 +0200 Subject: [Openvas-devel] installing openvas for lenny from backports.org Message-ID: <200908121336.52635.waja@cyconet.org> Hi, actually on the website is described how to install OpenVAS on Lenny. That should be exchanged with an instruction how to install it from backports.org since actual packages apears there. Here are my proposed instructions: * Get backports Source included: # echo "deb http://www.backports.org/debian lenny-backports main contrib non- free" >> /etc/apt/sources.list # aptitude update # echo "Package: *" >> /etc/apt/preferences # echo "Pin: release a=lenny-backports" >> /etc/apt/preferences # echo "Pin-Priority: 200" >> /etc/apt/preferences For details see http://backports.org/dokuwiki/doku.php?id=instructions * Install OpenVAS: # aptitude -t lenny-backports install openvas-client and / or # aptitude -t lenny-backports install openvas-server With kind regards, Jan. -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 189 bytes Desc: This is a digitally signed message part. Url : http://lists.wald.intevation.org/pipermail/openvas-devel/attachments/20090812/7e4ede4c/attachment.pgp From hanno at hboeck.de Wed Aug 12 15:58:00 2009 From: hanno at hboeck.de (Hanno =?utf-8?q?B=C3=B6ck?=) Date: Wed, 12 Aug 2009 15:58:00 +0200 Subject: [Openvas-devel] openvas relay check bogus? In-Reply-To: <20090811105321.GA2926@komma-nix.de> References: <200908101557.51673.hanno@hboeck.de> <200908102328.32706.hanno@hboeck.de> <20090811105321.GA2926@komma-nix.de> Message-ID: <200908121558.00485.hanno@hboeck.de> Am Dienstag 11 August 2009 schrieb Michael Meyer: > | mime at kira:~ % telnet usrportage.de 25 > | Trying 78.46.69.2... > | Connected to usrportage.de. > | Escape character is '^]'. > | 220 milch.schokokeks.org ESMTP > | helo localhost > | 250 milch.schokokeks.org Ok. > | MAIL FROM: > | 250 Ok. > | RCPT TO: > | 250 Ok. > | DATA > | 354 Ok. > | FROM: > | To: > | Subject: test > | > | test > | . > | 250 Ok. 000000004A813915.000053F2 > | quit > | 221 Bye. > | Connection closed by foreign host > > `---| > > Somebody should have a look in the logs to see what happend with > the Mail with ID "000000004A813915.000053F2". Because this Mail was > accepted, this host was recognized as an open relay, even if the mail > was discarded internal. The Script could not detect that. ;-) > The mail never arrived here, so i think it was truly discarded > internal. In fact the mail was delivered, as the domain contains a catchall. Is there any reason mime%gmx.de at usrportage.de should be delivered to gmx? I see this as a completely valid mail adress on usrportage.de. -- Hanno B?ck Blog: http://www.hboeck.de/ GPG: 3DBD3B20 Jabber/Mail: hanno at hboeck.de http://schokokeks.org - professional webhosting -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 198 bytes Desc: This is a digitally signed message part. Url : http://lists.wald.intevation.org/pipermail/openvas-devel/attachments/20090812/548f1491/attachment.pgp From mime at gmx.de Wed Aug 12 16:48:35 2009 From: mime at gmx.de (Michael Meyer) Date: Wed, 12 Aug 2009 16:48:35 +0200 Subject: [Openvas-devel] openvas relay check bogus? In-Reply-To: <200908121558.00485.hanno@hboeck.de> References: <200908101557.51673.hanno@hboeck.de> <200908102328.32706.hanno@hboeck.de> <20090811105321.GA2926@komma-nix.de> <200908121558.00485.hanno@hboeck.de> Message-ID: <20090812144835.GA21145@komma-nix.de> *** Hanno B?ck wrote: > Am Dienstag 11 August 2009 schrieb Michael Meyer: > > Somebody should have a look in the logs to see what happend with > > the Mail with ID "000000004A813915.000053F2". Because this Mail was > > accepted, this host was recognized as an open relay, even if the mail > > was discarded internal. The Script could not detect that. ;-) > > The mail never arrived here, so i think it was truly discarded > > internal. > > In fact the mail was delivered, as the domain contains a catchall. > Is there any reason mime%gmx.de at usrportage.de should be delivered to gmx? I > see this as a completely valid mail adress on usrportage.de. As I wrote: http://www.remote.org/jochen/mail/info/address.html#percenthack "The so called percent hack is another form of source route." http://www.linuxquestions.org/questions/linux-software-2/percenthack-590943/ http://www.webhostingtalk.com/showthread.php?p=6240078 http://www.issociate.de/board/goto/1205434/Percent_Hack.html http://web.nps.navy.mil/~miller/percent-hack.html http://www.spamsoap.com/smtp-open-relay-test/ Micha From mime at gmx.de Wed Aug 12 16:59:30 2009 From: mime at gmx.de (Michael Meyer) Date: Wed, 12 Aug 2009 16:59:30 +0200 Subject: [Openvas-devel] [Openvas-commits] r4418 - in trunk/openvas-plugins: . scripts In-Reply-To: <20090811053620.99F0685D9187@pyrosoma.intevation.org> References: <20090811053620.99F0685D9187@pyrosoma.intevation.org> Message-ID: <20090812145930.GB21145@komma-nix.de> *** scm-commit at wald.intevation.org wrote: > Added: trunk/openvas-plugins/scripts/gb_django_detect_lin.nasl > +# > +# Authors: > +# Nikita MR [...] > +include("version_func.inc"); > + > +sock = ssh_login_or_reuse_connection(); It is no longer enough just to include "version_func.inc", if you need functions from "ssh_func.inc", because "version_func.inc" do not include "ssh_func.inc" anymore. You must include "ssh_func.inc" within a NVT if needed. Micha From hanno at hboeck.de Wed Aug 12 17:27:54 2009 From: hanno at hboeck.de (Hanno =?utf-8?q?B=C3=B6ck?=) Date: Wed, 12 Aug 2009 17:27:54 +0200 Subject: [Openvas-devel] openvas relay check bogus? In-Reply-To: <20090812144835.GA21145@komma-nix.de> References: <200908101557.51673.hanno@hboeck.de> <200908121558.00485.hanno@hboeck.de> <20090812144835.GA21145@komma-nix.de> Message-ID: <200908121727.54703.hanno@hboeck.de> Am Mittwoch 12 August 2009 schrieb Michael Meyer: > As I wrote: > > http://www.remote.org/jochen/mail/info/address.html#percenthack > "The so called percent hack is another form of source route." Okay, thanks for the information. Though I read there: "So it sends the mail on to mail.mit.edu and so on. This use of the percent sign is deprecated because of the associated risk of spam relaying. (See above.) Note that there is no official document, that makes the percent sign special. It is strictly up to the receiving host, whether it will interpret the percent sign in this special way." Conclusion: a) it's not official b) it's deprecated So what the openvas-test does is assuming a delivery that doesn't happen. The way openvas works it can't check. If we wanna keep that check, we should at least put some more information into the warning. -- Hanno B?ck Blog: http://www.hboeck.de/ GPG: 3DBD3B20 Jabber/Mail: hanno at hboeck.de http://schokokeks.org - professional webhosting -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 198 bytes Desc: This is a digitally signed message part. Url : http://lists.wald.intevation.org/pipermail/openvas-devel/attachments/20090812/f8c98c25/attachment.pgp From mime at gmx.de Wed Aug 12 18:02:03 2009 From: mime at gmx.de (Michael Meyer) Date: Wed, 12 Aug 2009 18:02:03 +0200 Subject: [Openvas-devel] openvas relay check bogus? In-Reply-To: <200908121727.54703.hanno@hboeck.de> References: <200908101557.51673.hanno@hboeck.de> <200908121558.00485.hanno@hboeck.de> <20090812144835.GA21145@komma-nix.de> <200908121727.54703.hanno@hboeck.de> Message-ID: <20090812160203.GA21765@komma-nix.de> *** Hanno B?ck wrote: > Am Mittwoch 12 August 2009 schrieb Michael Meyer: > > As I wrote: > > > > http://www.remote.org/jochen/mail/info/address.html#percenthack > > "The so called percent hack is another form of source route." > > Okay, thanks for the information. Though I read there: > "So it sends the mail on to mail.mit.edu and so on. This use of the percent > sign is deprecated because of the associated risk of spam relaying. (See > above.) > > Note that there is no official document, that makes the percent sign special. > It is strictly up to the receiving host, whether it will interpret the percent > sign in this special way." > > Conclusion: > a) it's not official > b) it's deprecated c) AFAIK many MTAs (sendmail,exim,qmail,...) support the "percent hack". > So what the openvas-test does is assuming a delivery that doesn't happen. The > way openvas works it can't check. If we wanna keep that check, we should at > least put some more information into the warning. I dont't know if we *realy* need this check. I'm not a "specialist" for MTAs. I have seen that some "Open-Relay-Tests" on the internet do checks for the "percent hack" too. I agree that we need to put some more information into the warning if we keep this check. Hm... http://homepages.tesco.net/J.deBoynePollard/FGA/smtp-erroneous-open-relay-tests.html Micha From michael.wiegand at intevation.de Thu Aug 13 17:21:32 2009 From: michael.wiegand at intevation.de (Michael Wiegand) Date: Thu, 13 Aug 2009 17:21:32 +0200 Subject: [Openvas-devel] [Openvas-commits] r4469 - in trunk/openvas-plugins: . scripts In-Reply-To: <20090812175455.155AF852FC0A@pyrosoma.intevation.org> References: <20090812175455.155AF852FC0A@pyrosoma.intevation.org> Message-ID: <20090813152131.GD26609@intevation.de> * scm-commit at wald.intevation.org [12. Aug 2009]: > Author: chandra > Date: 2009-08-12 19:54:51 +0200 (Wed, 12 Aug 2009) > New Revision: 4469 > > Added: > trunk/openvas-plugins/scripts/gb_sun_java_sys_web_proxy_server_dos_vuln_lin.nasl Error in gb_sun_java_sys_web_proxy_server_dos_vuln_lin.nasl: [13084](gb_sun_java_sys_web_proxy_server_dos_vuln_lin.nasl) Undefined function 'ssh_login_or_reuse_connection' Regards, Michael -- Michael Wiegand | OpenPGP: D7D049EC | Intevation GmbH - www.intevation.de Neuer Graben 17, 49074 Osnabr?ck, Germany | AG Osnabr?ck, HR B 18998 Gesch?ftsf?hrer: Frank Koormann, Bernhard Reiter, Dr. Jan-Oliver Wagner -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 198 bytes Desc: not available Url : http://lists.wald.intevation.org/pipermail/openvas-devel/attachments/20090813/31509c99/attachment.pgp From Jan-Oliver.Wagner at greenbone.net Mon Aug 17 08:57:39 2009 From: Jan-Oliver.Wagner at greenbone.net (Jan-Oliver Wagner) Date: Mon, 17 Aug 2009 08:57:39 +0200 Subject: [Openvas-devel] Team and Tasks Message-ID: <200908170857.39902.Jan-Oliver.Wagner@greenbone.net> Hi, please review http://www.openvas.org/team_tasks.html and let me know which tasks are covered by whom already and should be on the list. Geoff: I added you for FAQ. You've spend a some time on it, so this is orth mentioning :-) Tim: I added you for freshmeat. Stephan: Can I add you for the SUSE build service activity? If yes, what is the best name and link for this task? Best Jan -- Dr. Jan-Oliver Wagner | ++49-541-335084-0 | http://www.greenbone.net/ Greenbone Networks GmbH, Neuer Graben 17, 49074 Osnabr?ck AG Osnabr?ck, HR B 202460 | Gesch?ftsf?hrer: Lukas Grunwald, Dr. Jan-Oliver Wagner From Jan-Oliver.Wagner at greenbone.net Mon Aug 17 10:21:12 2009 From: Jan-Oliver.Wagner at greenbone.net (Jan-Oliver Wagner) Date: Mon, 17 Aug 2009 10:21:12 +0200 Subject: [Openvas-devel] OpenVAS Release Live Cycle In-Reply-To: <200908051100.24973.Jan-Oliver.Wagner@greenbone.net> References: <200908051100.24973.Jan-Oliver.Wagner@greenbone.net> Message-ID: <200908171021.12418.Jan-Oliver.Wagner@greenbone.net> On Wednesday 05 August 2009 11:00:24 Jan-Oliver Wagner wrote: > I crafted a first version of the the procdure for retirement > as part of the release life cycle description as discussed > at the DevCon2. > > It is not linked yet: > http://www.openvas.org/release-life-cycle.html I've updated it with a overview table and started the retirement procedure for openvas-plugins <= 1.0.3 Best Jan -- Dr. Jan-Oliver Wagner | ++49-541-335084-0 | http://www.greenbone.net/ Greenbone Networks GmbH, Neuer Graben 17, 49074 Osnabr?ck AG Osnabr?ck, HR B 202460 | Gesch?ftsf?hrer: Lukas Grunwald, Dr. Jan-Oliver Wagner From openvas-bugs at wald.intevation.org Wed Aug 19 08:43:29 2009 From: openvas-bugs at wald.intevation.org (openvas-bugs@wald.intevation.org) Date: Wed, 19 Aug 2009 08:43:29 +0200 (CEST) Subject: [Openvas-devel] =?utf-8?q?=5Bopenvas-Bugs=5D=5B1095=5D_Signal_han?= =?utf-8?q?dling_does_not_work_proper?= Message-ID: <20090819064329.BD999852FD69@pyrosoma.intevation.org> Bugs item #1095, was opened at 2009-08-19 08:43 Status: Open Priority: 3 Submitted By: Markus Schr?der (msgbeep) Assigned to: Nobody (None) Summary: Signal handling does not work proper Architecture: None Resolution: Accepted As Bug Severity: normal Version: v2.0.2 Component: openvas-server Operating System: other Product: OpenVAS Hardware: None URL: Initial Comment: On openvas-nvt-sync script on line 104 is a command i used in a script. Kill -1 does not work correct on version 2.0.2 like on 2.0.1 (or below?). Solving it by using /etc/init.d/openvad restart instead kill -1. Markus ---------------------------------------------------------------------- You can respond by visiting: http://wald.intevation.org/tracker/?func=detail&atid=220&aid=1095&group_id=29 From felix.wolfsteller at intevation.de Wed Aug 19 12:16:33 2009 From: felix.wolfsteller at intevation.de (Felix Wolfsteller) Date: Wed, 19 Aug 2009 12:16:33 +0200 Subject: [Openvas-devel] installing openvas for lenny from backports.org In-Reply-To: <200908121336.52635.waja@cyconet.org> References: <200908121336.52635.waja@cyconet.org> Message-ID: <200908191216.33313.felix.wolfsteller@intevation.de> On Wednesday 12 August 2009 13:36:48 Jan Wagner wrote: > actually on the website is described how to install OpenVAS on Lenny. That > should be exchanged with an instruction how to install it from > backports.org since actual packages apears there. Here are my proposed > instructions: > > * Get backports Source included: > > # echo "deb http://www.backports.org/debian lenny-backports main contrib > non- free" >> /etc/apt/sources.list > # aptitude update > # echo "Package: *" >> /etc/apt/preferences > # echo "Pin: release a=lenny-backports" >> /etc/apt/preferences > # echo "Pin-Priority: 200" >> /etc/apt/preferences > > For details see http://backports.org/dokuwiki/doku.php?id=instructions > > * Install OpenVAS: > > # aptitude -t lenny-backports install openvas-client > > and / or > > # aptitude -t lenny-backports install openvas-server > > With kind regards, Jan. Thanks for your suggestions, I incorporated them in http://openvas.org/openvas-client.html and http://openvas.org/openvas-server.html and removed instructions on how to install the 1.x series in Lenny (I kept the sid part, though). -- Felix -- Felix Wolfsteller | ++49-541-335 08 3451 | http://www.intevation.de/ PGP Key: 39DE0100 Intevation GmbH, Neuer Graben 17, 49074 Osnabr?ck | AG Osnabr?ck, HR B 18998 Gesch?ftsf?hrer: Frank Koormann, Bernhard Reiter, Dr. Jan-Oliver Wagner From timb at openvas.org Wed Aug 19 13:30:19 2009 From: timb at openvas.org (Tim Brown) Date: Wed, 19 Aug 2009 12:30:19 +0100 Subject: [Openvas-devel] Change to web site "make online" Makefile Message-ID: <200908191230.20865.timb@openvas.org> All, On Debian unstable and Ubuntu, the version of rsync installed is incompatible with the version of rsync which is installed on the wald server as part of the "make online" process. It can be resolved by the following patch. The question is whether we should commit this change and whether it will break other users. Index: Makefile =================================================================== --- Makefile (revision 4596) +++ Makefile (working copy) @@ -54,7 +54,7 @@ online: all echo "Going to put current contents online for openvas.wald.intevation.org ..." - rsync -urvP --exclude='.svn' $(ADD_INST_TYPES) $(TARGETS) $(ADD_INST_DIRS) \ + rsync --protocol=29 -urvP --exclude='.svn' $(ADD_INST_TYPES) $(TARGETS) $(ADD_INST_DIRS) \ $(USER)@wald.intevation.org:/openvas/htdocs/ install: all Tim -- Tim Brown From d.jagdmann at dn-systems.de Wed Aug 19 19:44:53 2009 From: d.jagdmann at dn-systems.de (Dirk Jagdmann) Date: Wed, 19 Aug 2009 10:44:53 -0700 Subject: [Openvas-devel] Change to web site "make online" Makefile In-Reply-To: <200908191230.20865.timb@openvas.org> References: <200908191230.20865.timb@openvas.org> Message-ID: <4A8C3A15.70406@dn-systems.de> > the "make online" process. It can be resolved by the following patch. The > question is whether we should commit this change and whether it will break > other users. Or update the wald server rsync? -- Dirk Jagdmann : Coder Tel. +49-5121-28989-15 -- DN-Systems Enterprise Internet Solutions GmbH Hornemannstr. 11 31137 Hildesheim, Germany Tel. +49-5121-28989-0 Fax. +49-5121-28989-11 Handelsregister HRB-3213 Amtsgericht Hildesheim Gesch?ftsf?hrer: Lukas Grunwald From felix.wolfsteller at intevation.de Thu Aug 20 11:39:41 2009 From: felix.wolfsteller at intevation.de (Felix Wolfsteller) Date: Thu, 20 Aug 2009 11:39:41 +0200 Subject: [Openvas-devel] [Openvas-commits] r4634 - in trunk/openvas-server: . openvasd In-Reply-To: <20090820092033.186A885C7305@pyrosoma.intevation.org> References: <20090820092033.186A885C7305@pyrosoma.intevation.org> Message-ID: <200908201139.41172.felix.wolfsteller@intevation.de> I have seen that in places just the formatting was improved - much appreciated, but please respect the GNU Coding Style (http://openvas.org/compendium/source-code-style-guide.html). Don't get me wrong, looks fine and tidy compared to what there was, but it would be great if we would have a consistent formatting of the code in the (near) future. Thanks, -- Felix PS: What i was missing: * space before opening bracket * block indentation * return type in own line On Thursday 20 August 2009 11:20:33 scm-commit at wald.intevation.org wrote: > Author: jan > Date: 2009-08-20 11:20:32 +0200 (Thu, 20 Aug 2009) > New Revision: 4634 > > Modified: > trunk/openvas-server/ChangeLog > trunk/openvas-server/openvasd/attack.c > trunk/openvas-server/openvasd/rules.c > trunk/openvas-server/openvasd/rules.h > Log: > Initializing implementation for IPv6 support. > This corresponds to Change Request #27, > http://www.openvas.org/openvas-cr-27.html > Most work done by Srinivasa NL . > > * openvasd/rules.h: Added type "inaddrs_t" as union to hold > either IPv6 or IPv4 address. > (struct openvas_rules): Adapted to above and added family. > Adpated protos according to new type. > > * openvasd/rules.c (rules_validateandgetipaddr, rules_ipv6addrmask): New. > (rules_init_aux): Mostly rewritten to support IPv6 addresses. > (rules_dup_aux, rules_dup): Removed. These functions are never used. > (rules_set_client_ip): API changed (family added). Now supports IPv6. > (rules_add): Added support of IPv6. > (rules_dump): Added support of IPv6. > (get_host_rules): Removed recursion decision. Added support of IPv6. > > * openvasd/attack.c (attack_network): Adapt to new API for considerung > also IPv6 addesses when checking for access rules. > > > > Modified: trunk/openvas-server/ChangeLog > =================================================================== > --- trunk/openvas-server/ChangeLog 2009-08-20 09:02:13 UTC (rev 4633) > +++ trunk/openvas-server/ChangeLog 2009-08-20 09:20:32 UTC (rev 4634) > @@ -1,3 +1,30 @@ > +2009-08-20 Jan-Oliver Wagner > + > + Initializing implementation for IPv6 support. > + This corresponds to Change Request #27, > + http://www.openvas.org/openvas-cr-27.html > + Most work done by Srinivasa NL . > + > + * openvasd/rules.h: Added type "inaddrs_t" as union to hold > + either IPv6 or IPv4 address. > + (struct openvas_rules): Adapted to above and added family. > + Adpated protos according to new type. > + > + * openvasd/rules.c (rules_validateandgetipaddr, rules_ipv6addrmask): New. > + (rules_init_aux): Mostly rewritten to support IPv6 addresses. > + (rules_dup_aux, rules_dup): Removed. These functions are never used. > + (rules_set_client_ip): API changed (family added). Now supports IPv6. > + (rules_add): Added support of IPv6. > + (rules_dump): Added support of IPv6. > + (get_host_rules): Removed recursion decision. Added support of IPv6. > + > + * openvasd/attack.c (attack_network): Adapt to new API for considerung > + also IPv6 addesses when checking for access rules. > + > +2009-08-10 Vlatko Kosturjak > + > + * cnvts/3com_hub/Makefile, cnvts/3com_hub/3com_hub.c: > + > 2009-08-19 Tim Brown > > * openvas-adduser.in, openvas-rmuser.in: Fixed bashism. > > Modified: trunk/openvas-server/openvasd/attack.c > =================================================================== > --- trunk/openvas-server/openvasd/attack.c 2009-08-20 09:02:13 UTC (rev > 4633) +++ trunk/openvas-server/openvasd/attack.c 2009-08-20 09:20:32 UTC > (rev 4634) @@ -721,6 +721,7 @@ > hargwalk * hw; > char * key; > struct timeval then, now; > + inaddrs_t addrs; > > gettimeofday(&then, NULL); > > @@ -861,8 +862,11 @@ > } > > host_pending = 0 ; > + > + addrs.ip.s_addr = host_ip.s_addr; > + > /* Do we have the right to test this host ? */ > - if(CAN_TEST(get_host_rules(rules, host_ip,32)) == 0) > + if(CAN_TEST(get_host_rules(rules, addrs)) == 0) > { > log_write("user %s : rejected attempt to scan %s", > attack_user_name(globals), hostname); > > Modified: trunk/openvas-server/openvasd/rules.c > =================================================================== > --- trunk/openvas-server/openvasd/rules.c 2009-08-20 09:02:13 UTC (rev > 4633) +++ trunk/openvas-server/openvasd/rules.c 2009-08-20 09:20:32 UTC > (rev 4634) @@ -35,6 +35,86 @@ > #include "rules.h" > #include "log.h" > > +static int rules_validateandgetipaddr(char *ip, int family, struct > sockaddr *sa, int numeric) +{ > + struct addrinfo hints; > + struct addrinfo *ai; > + int retval; > + > + memset(&hints, 0, sizeof(hints)); > + switch(family) > + { > + case AF_INET: > + hints.ai_family = AF_INET; > + break; > + case AF_INET6: > + hints.ai_family = AF_INET6; > + break; > + default: > + return -1; > + } > + if(numeric) > + hints.ai_flags = AI_NUMERICHOST; > + > + retval = getaddrinfo(ip, NULL, &hints, &ai); > + if(!retval) > + { > + if(family == AF_INET) > + { > + memcpy(sa, ai->ai_addr, sizeof(struct sockaddr_in)); > + } > + else > + { > + memcpy(sa, &((struct sockaddr_in6 *)(ai->ai_addr))->sin6_addr, > sizeof(struct sockaddr_in6)); + } > + freeaddrinfo(ai); > + return 0; > + } > + return -1; > +} > + > +static void rules_ipv6addrmask(struct in6_addr *in6addr, int mask) > +{ > + int wordmask; > + int word; > + uint32_t *ptr; > + uint32_t addr; > + > + word = mask / 32; > + wordmask = mask % 32; > + ptr = (uint32_t *)in6addr; > + switch(word) > + { > + case 0: > + ptr[1] = ptr[2] = ptr[3] = 0; > + addr = ptr[0]; > + addr = ntohl(addr) >> (32 - wordmask); > + addr = htonl(addr << (32 - wordmask)); > + ptr[0] = addr; > + break; > + case 1: > + ptr[2] = ptr[3] = 0; > + addr = ptr[1]; > + addr = ntohl(addr) >> (32 - wordmask); > + addr = htonl(addr << (32 - wordmask)); > + ptr[1] = addr; > + break; > + case 2: > + ptr[3] = 0; > + addr = ptr[2]; > + addr = ntohl(addr) >> (32 - wordmask); > + addr = htonl(addr << (32 - wordmask)); > + ptr[2] = addr; > + break; > + case 3: > + addr = ptr[3]; > + addr = ntohl(addr) >> (32 - wordmask); > + addr = htonl(addr << (32 - wordmask)); > + ptr[3] = addr; > + break; > + } > +} > + > /** > * @brief Returns the name of the rules file. > * > @@ -74,99 +154,137 @@ > } > > > -int rules_init_aux(rules,file, buffer, len,def) > - struct openvas_rules * rules; > - FILE * file; > - char * buffer; > - int len; > - int def; > +int rules_init_aux(struct openvas_rules * rules, FILE * file, > + char * buffer, int len, int def) > { > - buffer[0] = buffer[len - 1 ] = '\0'; > - > - if(!(fgets(buffer, len - 1, file))){ > - rules->next = NULL; > - return def; > - } > - else { > - char *t = buffer; > - char *v; > - int t_len; > - if(t[strlen(t)-1]=='\n')t[strlen(t)-1]='\0'; > - while((t[0]==' ')||(t[0]=='\t'))t++; > - if((t[0]=='#')||t[0] == '\0')return rules_init_aux(rules,file, buffer, > len,def); - v = strchr(t, ' '); > - if( v == NULL ){ > - printf("Parse error in the rules file : %s\n", > - buffer); > - return rules_init_aux(rules, file, buffer, len, def); > - } > - else > - { > - if(!strncmp(t, "accept", 6)) > - rules->rule = RULES_ACCEPT; > - else if(!strncmp(t, "default", 7)){ > - if(!strncmp(t+8, "accept", 6))def = RULES_ACCEPT; > - else def = RULES_REJECT; > - return rules_init_aux(rules, file, buffer, len, def); > - } > - else if((!strncmp(t, "reject", 6))|| > - (!strncmp(t, "deny", 4)))rules->rule = RULES_REJECT; > - else { > - printf("Parse error in the rules file : %s\n", > - buffer); > - return rules_init_aux(rules, file, buffer, len,def); > - } > - t = v+sizeof(char); > - v = strchr(t, '/'); > - if(v)v[0]='\0'; > - if(t[0]=='!'){ > - rules->not = 1; > - t++; > - } > - else rules->not = 0; > - t_len = strlen(t); > - while(t[t_len-1]==' ') > - { > - t[t_len-1]='\0'; > - t_len --; > - } > - if(!(inet_aton(t,&rules->ip))) > - { > - if(strcmp(t, "client_ip")) > - { > - printf("Parse error in the rules file : '%s' is not a valid IP\n", > - t); > - return rules_init_aux(rules, file, buffer, len,def); > - } > - else > - { > - rules->ip.s_addr = -1; > - rules->client_ip = 1; > - } > - } > - else rules->client_ip = 0; > - > - if(v)rules->mask = atoi(v+sizeof(char)); > - else rules->mask = 32; > - if(rules->mask < 0 || rules->mask > 32) > - { > - printf("Error in the rules file. %s is not a valid cidr netmask\n", > - v+sizeof(char)); > - EXIT(1); > + struct sockaddr_in saddr; > + struct sockaddr_in6 s6addr; > > - } > - if(rules->mask > 0) > - { > - rules->ip.s_addr = ntohl(rules->ip.s_addr) >> (32 - rules->mask); > - rules->ip.s_addr = htonl(rules->ip.s_addr << (32 - rules->mask)); > - } > - else rules->ip.s_addr = 0; > - rules->next = emalloc(sizeof(*rules)); > - } > - } > - return rules_init_aux(rules->next, file, buffer, len, def); > + while(1) > + { > + buffer[0] = buffer[len - 1 ] = '\0'; > + if(!(fgets(buffer, len - 1, file))) > + { > + rules->next = NULL; > + return def; > + } > + else > + { > + char *t = buffer; > + char *v; > + int t_len; > + if(t[strlen(t)-1]=='\n')t[strlen(t)-1]='\0'; > + while((t[0]==' ')||(t[0]=='\t'))t++; > + if((t[0]=='#')||t[0] == '\0') > + continue; > + v = strchr(t, ' '); > + if( v == NULL ){ > + printf("Parse error in the rules file : %s\n", > + buffer); > + continue; > + } > + else > + { > + if(!strncmp(t, "accept", 6)) > + rules->rule = RULES_ACCEPT; > + else if(!strncmp(t, "default", 7)){ > + if(!strncmp(t+8, "accept", 6))def = RULES_ACCEPT; > + else def = RULES_REJECT; > + continue; > + } > + else if((!strncmp(t, "reject", 6))|| > + (!strncmp(t, "deny", 4)))rules->rule = RULES_REJECT; > + else { > + printf("Parse error in the rules file : %s\n", > + buffer); > + continue; > + } > + t = v+sizeof(char); > + v = strchr(t, '/'); > + if(v)v[0]='\0'; > + if(t[0]=='!'){ > + rules->not = 1; > + t++; > + } > + else rules->not = 0; > + t_len = strlen(t); > + while(t[t_len-1]==' ') > + { > + t[t_len-1]='\0'; > + t_len --; > + } > + > + if(!rules_validateandgetipaddr(t, AF_INET, (struct sockaddr > *)&saddr ,1)) + { > + rules->inaddrs.ip.s_addr = saddr.sin_addr.s_addr; > + rules->family = AF_INET; > + rules->client_ip = 0; > + } > + else if(!rules_validateandgetipaddr(t, AF_INET6, (struct sockaddr > *)&s6addr ,1)) + { > + memcpy(&rules->inaddrs.ip6, &s6addr, sizeof(struct > sockaddr_in6)); + rules->family = AF_INET6; > + rules->client_ip = 0; > + } > + else > + { > + if(strcmp(t, "client_ip")) > + { > + printf("Parse error in the rules file : '%s' is not a valid > IP\n", + t); > + continue; > + } > + else > + { > + rules->client_ip = 1; > + } > + } > + > + if(v) > + rules->mask = atoi(v+sizeof(char)); > + else > + rules->mask = rules->family == AF_INET ? 32 : 128; > + > + if(rules->family == AF_INET) > + { > + if(rules->mask < 0 || rules->mask > 32) > + { > + printf("Error in the rules file. %s is not a valid cidr > netmask\n", + v+sizeof(char)); > + EXIT(1); > + } > + if(rules->mask > 0) > + { > + rules->inaddrs.ip.s_addr = ntohl(rules->inaddrs.ip.s_addr) >> > (32 - rules->mask); + rules->inaddrs.ip.s_addr = > htonl(rules->inaddrs.ip.s_addr << (32 - rules->mask)); > ; + > } > + else > + rules->inaddrs.ip.s_addr = 0; > + } > + else > + { > + if(rules->mask < 0 || rules->mask > 128) > + { > + printf("Error in the rules file. %s is not a valid cidr > netmask\n", + v+sizeof(char)); > + EXIT(1); > + } > + if(rules->mask > 0) > + rules_ipv6addrmask(&rules->inaddrs.ip6, rules->mask); > + else > + { > + rules->inaddrs.ip6.s6_addr32[0] = 0; > + rules->inaddrs.ip6.s6_addr32[1] = 0; > + rules->inaddrs.ip6.s6_addr32[2] = 0; > + rules->inaddrs.ip6.s6_addr32[3] = 0; > + } > + } > + rules->next = emalloc(sizeof(*rules)); > + rules = rules->next; > + } > + } > + } > } > - > > void > rules_init(rules, preferences) > @@ -194,32 +312,6 @@ > } > > struct openvas_rules * > -rules_dup_aux(s, r) > - struct openvas_rules * s, *r; > -{ > - printf("rules_dup called - does not work\n"); > - if(!s->next)return r; > - else > - { > - r->ip.s_addr = s->ip.s_addr; > - r->mask = s->mask; > - r->rule = s->rule; > - r->not = s->not; > - r->def = s->def; > - r->next = emalloc(sizeof(*r)); > - return rules_dup_aux(s->next,r->next); > - } > -} > -struct openvas_rules * > -rules_dup(struct openvas_rules *s) > -{ > - struct openvas_rules * r = emalloc(sizeof(*r)); > - return rules_dup_aux(s, r); > -} > - > - > - > -struct openvas_rules * > rules_cat(struct openvas_rules * a, > struct openvas_rules * b) > { > @@ -239,17 +331,25 @@ > } > > > -void rules_set_client_ip(struct openvas_rules * r, struct in_addr client) > +void rules_set_client_ip(struct openvas_rules * r, inaddrs_t *addrs, int > family) { > - if(!r) > - return; > - else > + while(r) > { > - if(r->client_ip) > - r->ip = client; > - rules_set_client_ip(r->next, client); > + if(r->client_ip) > + { > + if(family == AF_INET) > + { > + r->inaddrs.ip.s_addr = addrs->ip.s_addr; > + } > + else > + { > + memcpy(&r->inaddrs.ip6,&addrs->ip6,sizeof(struct in6_addr)); > + } > + } > + r = r->next; > } > } > + > void rules_set_def(struct openvas_rules * r, int def) > { > if(!r)return; > @@ -291,7 +391,13 @@ > { > if(!username) > { > - accept_rules->ip.s_addr = t->ip.s_addr; > + if(t->family == AF_INET) > + accept_rules->inaddrs.ip.s_addr = t->inaddrs.ip.s_addr; > + else > + { > + memcpy(&accept_rules->inaddrs.ip6, &t->inaddrs.ip6, sizeof(struct > in6_addr)); + } > + accept_rules->family = t->family; > accept_rules->client_ip = t->client_ip; > accept_rules->mask = t->mask; > accept_rules->rule = t->rule; > @@ -302,12 +408,18 @@ > else > { > log_write("user %s : attempted to gain more rights by adding accept > %s/%d", - username, inet_ntoa(t->ip), t->mask); > + username, inet_ntoa(t->inaddrs.ip), t->mask); > } > } > else > { > - reject_rules->ip.s_addr = t->ip.s_addr; > + if(t->family == AF_INET) > + reject_rules->inaddrs.ip.s_addr = t->inaddrs.ip.s_addr; > + else > + { > + memcpy(&reject_rules->inaddrs.ip6, &t->inaddrs.ip6, sizeof(struct > in6_addr)); + } > + reject_rules->family = t->family; > reject_rules->client_ip = t->client_ip; > reject_rules->mask = t->mask; > reject_rules->rule = t->rule; > @@ -327,7 +439,7 @@ > > rules_set_def(*rules, def); > > -#ifdef DEBUG_RULES > +#ifdef DEBUG_RULES > printf("After rules_cat : \n"); > rules_dump(*rules); > #endif > @@ -337,49 +449,106 @@ > void > rules_dump(struct openvas_rules * rules) > { > - if(!rules->next)return; > - printf("%d %c%s/%d (def %d)\n", rules->rule, rules->not?'!':' ', > inet_ntoa(rules->ip), rules->mask, - rules->def); > - rules_dump(rules->next); > + struct openvas_rules *r; > + char buf[INET6_ADDRSTRLEN]; > + r = rules; > + while(r) > + { > + if(r->family == AF_INET) > + printf("%d %c%s/%d (def %d)\n", r->rule, r->not?'!':' ', > inet_ntop(r->family, &r->inaddrs.ip, buf,sizeof(buf)), r->mask, + > r->def); > + else > + printf("%d %c%s/%d (def %d)\n", r->rule, r->not?'!':' ', > inet_ntop(r->family, &r->inaddrs.ip6, buf,sizeof(buf)), r->mask, + > r->def); > + r = r->next; > + } > } > #endif > > int > -get_host_rules (struct openvas_rules * rules, struct in_addr addr, > - int netmask) > +get_host_rules (struct openvas_rules * rules, inaddrs_t addr) > { > - struct in_addr backup; > + struct in_addr tstaddr; > + struct in6_addr tstaddr6; > > + tstaddr.s_addr = 0; > + > if (!rules) > - { > - fprintf(stderr, "???? no rules - this is likely to be a bug\n"); > - fprintf(stderr, "Please report at bugs.openvas.org\n"); > - return RULES_ACCEPT; > - } > - if (!rules->next) > - return rules->def; > + { > + fprintf(stderr, "???? no rules - this is likely to be a bug\n"); > + fprintf(stderr, "Please report at bugs.openvas.org\n"); > + return RULES_ACCEPT; > + } > > - backup.s_addr = addr.s_addr; > - if (rules->mask > 0) > + while(rules) > + { > + if (!rules->next) > + return rules->def; > + > + if(rules->family == AF_INET) > { > - addr.s_addr = ntohl(addr.s_addr) >> (32 - rules->mask); > - addr.s_addr = htonl(addr.s_addr << (32 - rules->mask)); > - } > - else addr.s_addr = 0; > + tstaddr.s_addr = addr.ip.s_addr; > + if (rules->mask > 0) > + { > + tstaddr.s_addr = ntohl(tstaddr.s_addr) >> (32 - rules->mask); > + tstaddr.s_addr = htonl(tstaddr.s_addr << (32 - rules->mask)); > + } > + else tstaddr.s_addr = 0; > > - if(rules->not) > - { > - if (addr.s_addr != rules->ip.s_addr) > - return(rules->rule); > + if(rules->not) > + { > + if (tstaddr.s_addr != rules->inaddrs.ip.s_addr) > + return(rules->rule); > + } > + else > + { > + if (tstaddr.s_addr == rules->inaddrs.ip.s_addr) > + { > + return(rules->rule); > + } > + } > } > - else > + else > { > - if (addr.s_addr == rules->ip.s_addr) > + /* Check whether ipv6 address can be scanned */ > + memcpy(&tstaddr6, &addr.ip6, sizeof(struct in6_addr)); > + if (rules->mask > 0) > + rules_ipv6addrmask(&tstaddr6, rules->mask); > + else > + { > + tstaddr6.s6_addr32[0] = 0; > + tstaddr6.s6_addr32[1] = 0; > + tstaddr6.s6_addr32[2] = 0; > + tstaddr6.s6_addr32[3] = 0; > + } > + if(rules->not) > + { > + /* If not equal return rules->rule*/ > + if( tstaddr6.s6_addr32[0] != rules->inaddrs.ip6.s6_addr32[0] || \ > + tstaddr6.s6_addr32[1] != rules->inaddrs.ip6.s6_addr32[1] || \ > + tstaddr6.s6_addr32[2] != rules->inaddrs.ip6.s6_addr32[2] || \ > + tstaddr6.s6_addr32[3] != rules->inaddrs.ip6.s6_addr32[3] \ > + ) > + return(rules->rule); > + } > + else > + { > + /* If equal return rules->rule*/ > + if( tstaddr6.s6_addr32[0] == rules->inaddrs.ip6.s6_addr32[0] && \ > + tstaddr6.s6_addr32[1] == rules->inaddrs.ip6.s6_addr32[1] && \ > + tstaddr6.s6_addr32[2] == rules->inaddrs.ip6.s6_addr32[2] && \ > + tstaddr6.s6_addr32[3] == rules->inaddrs.ip6.s6_addr32[3] \ > + ) > + if (tstaddr.s_addr == rules->inaddrs.ip.s_addr) > { > return(rules->rule); > } > + } > } > - return get_host_rules (rules->next, backup, netmask); > + rules = rules->next; > + } > + fprintf(stderr, "Rules check ended: May be bug? Please report\n"); > + return RULES_ACCEPT; > } > > void > @@ -392,4 +561,3 @@ > rules = next; > } > } > - > > Modified: trunk/openvas-server/openvasd/rules.h > =================================================================== > --- trunk/openvas-server/openvasd/rules.h 2009-08-20 09:02:13 UTC (rev > 4633) +++ trunk/openvas-server/openvasd/rules.h 2009-08-20 09:20:32 UTC > (rev 4634) @@ -34,9 +34,16 @@ > /** > * Representation of a chain of rules. > */ > +typedef union inaddrs > +{ > + struct in_addr ip; > + struct in6_addr ip6; > +} inaddrs_t; > + > struct openvas_rules > { > - struct in_addr ip; > + inaddrs_t inaddrs; > + int family; > int client_ip; /**< If set to 1, then 'ip' will be replaced by the > client ip when appropriate. */ > int mask; > @@ -55,7 +62,7 @@ > struct openvas_rules * rules_parse(char * , struct openvas_rules *, int); > struct openvas_rules * rules_dup(struct openvas_rules *); > void rules_set_def(struct openvas_rules *, int); > -void rules_set_client_ip(struct openvas_rules *, struct in_addr); > -int get_host_rules(struct openvas_rules *, struct in_addr, int); > +void rules_set_client_ip(struct openvas_rules *, inaddrs_t *, int family); > +int get_host_rules(struct openvas_rules *, inaddrs_t inaddrs); > > #endif > > _______________________________________________ > Openvas-commits mailing list > Openvas-commits at wald.intevation.org > http://lists.wald.intevation.org/mailman/listinfo/openvas-commits -- Felix Wolfsteller | ++49-541-335 08 3451 | http://www.intevation.de/ PGP Key: 39DE0100 Intevation GmbH, Neuer Graben 17, 49074 Osnabr?ck | AG Osnabr?ck, HR B 18998 Gesch?ftsf?hrer: Frank Koormann, Bernhard Reiter, Dr. Jan-Oliver Wagner From michael.wiegand at intevation.de Thu Aug 20 11:54:40 2009 From: michael.wiegand at intevation.de (Michael Wiegand) Date: Thu, 20 Aug 2009 11:54:40 +0200 Subject: [Openvas-devel] Change to web site "make online" Makefile In-Reply-To: <4A8C3A15.70406@dn-systems.de> References: <200908191230.20865.timb@openvas.org> <4A8C3A15.70406@dn-systems.de> Message-ID: <20090820095440.GB14312@intevation.de> * Dirk Jagdmann [19. Aug 2009]: > > the "make online" process. It can be resolved by the following patch. The > > question is whether we should commit this change and whether it will break > > other users. > > Or update the wald server rsync? I think changing the Makefile would be a lot easier. But you are of course welcome to file a bug report on wald in the Site Admin project (http://wald.intevation.org/tracker/?atid=162&group_id=1&func=browse) and recommend an rsync update. Regards, Michael -- Michael Wiegand | OpenPGP: D7D049EC | Intevation GmbH - www.intevation.de Neuer Graben 17, 49074 Osnabr?ck, Germany | AG Osnabr?ck, HR B 18998 Gesch?ftsf?hrer: Frank Koormann, Bernhard Reiter, Dr. Jan-Oliver Wagner -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 198 bytes Desc: not available Url : http://lists.wald.intevation.org/pipermail/openvas-devel/attachments/20090820/467760b1/attachment.pgp From mmundell at intevation.de Thu Aug 20 11:55:38 2009 From: mmundell at intevation.de (Matthew Mundell) Date: 20 Aug 2009 09:54:38 -0001 Subject: [Openvas-devel] [Openvas-commits] r4634 - in trunk/openvas-server: . openvasd In-Reply-To: Message of Thu, 20 Aug 2009 11:39:41 +0200. <200908201139.41172.felix.wolfsteller@intevation.de> Message-ID: <20090820095539.AB49DDEC82@mail.ukfsn.org> > I have seen that in places just the formatting was improved - much > appreciated, but > > please respect the GNU Coding Style > (http://openvas.org/compendium/source-code-style-guide.html). > > Don't get me wrong, looks fine and tidy compared to what there was, but it > would be great if we would have a consistent formatting of the code in the > (near) future. The same for the recent commits to openvas-libnasl. > New Revision: 4548 > > Added: > trunk/openvas-libnasl/nasl/nasl_wmi.c > trunk/openvas-libnasl/nasl/nasl_wmi.h > trunk/openvas-libnasl/nasl/openvas_wmi_interface.h > trunk/openvas-libnasl/nasl/wmi_interface_stub.c ... Please can we especially make an effort for new files. A command like indent --no-tabs -l 80 nasl_wmi.c will do the trick. -- Intevation GmbH, Neuer Graben 17, 49074 Osnabr?ck | AG Osnabr?ck, HR B 18998 Gesch?ftsf?hrer: Frank Koormann, Bernhard Reiter, Dr. Jan-Oliver Wagner From mmundell at intevation.de Thu Aug 20 12:02:06 2009 From: mmundell at intevation.de (Matthew Mundell) Date: 20 Aug 2009 10:01:06 -0001 Subject: [Openvas-devel] [Openvas-commits] r4631 - in trunk/openvas-libraries: . hg In-Reply-To: Message of Thu, 20 Aug 2009 10:46:54 +0200 (CEST). <20090820084654.A47C985D919F@pyrosoma.intevation.org> Message-ID: <20090820100208.6A9F2DEC74@mail.ukfsn.org> > Author: felix > Date: 2009-08-20 10:46:54 +0200 (Thu, 20 Aug 2009) > New Revision: 4631 > > Modified: > trunk/openvas-libraries/TODO > trunk/openvas-libraries/hg/Makefile > trunk/openvas-libraries/hg/test.c > Log: > As part of CR #38 (http://www.openvas.org/openvas-cr-38.html), renamed > libopenvas_hg to libopenvashg. So we decided on libopenvasmodule style naming? I had presumed a dash in the name, as in libopenvas_module. From Jan-Oliver.Wagner at greenbone.net Thu Aug 20 14:02:07 2009 From: Jan-Oliver.Wagner at greenbone.net (Jan-Oliver Wagner) Date: Thu, 20 Aug 2009 14:02:07 +0200 Subject: [Openvas-devel] [Openvas-commits] r4631 - in trunk/openvas-libraries: . hg In-Reply-To: <20090820100208.6A9F2DEC74@mail.ukfsn.org> References: <20090820100208.6A9F2DEC74@mail.ukfsn.org> Message-ID: <200908201402.09138.Jan-Oliver.Wagner@greenbone.net> On Donnerstag, 20. August 2009, Matthew Mundell wrote: > > Author: felix > > Date: 2009-08-20 10:46:54 +0200 (Thu, 20 Aug 2009) > > New Revision: 4631 > > > > Modified: > > trunk/openvas-libraries/TODO > > trunk/openvas-libraries/hg/Makefile > > trunk/openvas-libraries/hg/test.c > > Log: > > As part of CR #38 (http://www.openvas.org/openvas-cr-38.html), renamed > > libopenvas_hg to libopenvashg. > > So we decided on libopenvasmodule style naming? I had presumed a dash in > the name, as in libopenvas_module. I though that we decided to go without "_" nor "-". But rereading the CR, I can't find this. Is there a common standard/recommendation to follow? On my sytem I can find many with "_" and many without. Best Jan -- Dr. Jan-Oliver Wagner | ++49-541-335084-0 | http://www.greenbone.net/ Greenbone Networks GmbH, Neuer Graben 17, 49074 Osnabr?ck | AG Osnabr?ck, HR B 202460 Gesch?ftsf?hrer: Lukas Grunwald, Dr. Jan-Oliver Wagner From timb at openvas.org Thu Aug 20 14:15:08 2009 From: timb at openvas.org (Tim Brown) Date: Thu, 20 Aug 2009 13:15:08 +0100 Subject: [Openvas-devel] [Openvas-commits] r4631 - in trunk/openvas-libraries: . hg In-Reply-To: <200908201402.09138.Jan-Oliver.Wagner@greenbone.net> References: <20090820100208.6A9F2DEC74@mail.ukfsn.org> <200908201402.09138.Jan-Oliver.Wagner@greenbone.net> Message-ID: <200908201315.09850.timb@openvas.org> On Thursday 20 August 2009 13:02:07 Jan-Oliver Wagner wrote: > I though that we decided to go without "_" nor "-". But rereading the CR, > I can't find this. > > Is there a common standard/recommendation to follow? > > On my sytem I can find many with "_" and many without. > > Best > > Jan - is usually used for versioning, no? OTOH makes little difference to me... Tim -- Tim Brown From mmundell at intevation.de Thu Aug 20 14:16:36 2009 From: mmundell at intevation.de (Matthew Mundell) Date: 20 Aug 2009 12:15:36 -0001 Subject: [Openvas-devel] [Openvas-commits] r4631 - in trunk/openvas-libraries: . hg In-Reply-To: Message of Thu, 20 Aug 2009 14:02:07 +0200. <200908201402.09138.Jan-Oliver.Wagner@greenbone.net> Message-ID: <20090820121638.AC0B9DEC9F@mail.ukfsn.org> > On Donnerstag, 20. August 2009, Matthew Mundell wrote: > > > Author: felix > > > Date: 2009-08-20 10:46:54 +0200 (Thu, 20 Aug 2009) > > > New Revision: 4631 > > > > > > Modified: > > > trunk/openvas-libraries/TODO > > > trunk/openvas-libraries/hg/Makefile > > > trunk/openvas-libraries/hg/test.c > > > Log: > > > As part of CR #38 (http://www.openvas.org/openvas-cr-38.html), renamed > > > libopenvas_hg to libopenvashg. > > > > So we decided on libopenvasmodule style naming? I had presumed a dash in > > the name, as in libopenvas_module. > > I though that we decided to go without "_" nor "-". But rereading the CR, > I can't find this. I think it was up in the air. I thought _ was easier to read, so I used it in converting openvas-libraries/base to cmake. Anyway, I can change it. > Is there a common standard/recommendation to follow? > > On my sytem I can find many with "_" and many without. ..and others with '-' and others with mixedCase... From timb at openvas.org Fri Aug 21 00:43:03 2009 From: timb at openvas.org (Tim Brown) Date: Thu, 20 Aug 2009 23:43:03 +0100 Subject: [Openvas-devel] Hardening OpenVAS's crypto implementation Message-ID: <200908202343.06433.timb@openvas.org> All, I've been having a look at how OpenVAS currently does crypto (primarily around the client/server SSL and plugin validation) and it strikes me that we have a significant over reliance on MD5 both for validating certificates and for validating plugins. For those of you that may not be aware MD5 is subject to significant collision attacks[1] that make it unsuitable for such purposes. Changing how we validate plugins may require changes to the protocol and should therefore be formalised in a change request, however in the mean time, I would like to change how certificates are handled as soon as can reasonably be done and am interested in your opinions on this. Tim [1] http://www.win.tue.nl/hashclash/rogue-ca/ -- Tim Brown From bchandra at secpod.com Thu Aug 20 12:40:05 2009 From: bchandra at secpod.com (Chandrashekhar B) Date: Thu, 20 Aug 2009 16:10:05 +0530 Subject: [Openvas-devel] openvasd -S option Message-ID: Hello, As per the 'openvasd --help', '-S' says 'Send packets with a source IP...'. Whatever IP we supply to this, the packets originating from the server are always with the actual server IP and not what is supplied. The code seems to have some logic to set the Source IP to 'ANY' but never works. The question is: what is the purpose behind this? And is it useful? If not really used, may be time to remove the unwanted code. We are working on the IPv6 support, could clean up this code. Any concerns or feedback is appreciated. Thanks, Chandra. From felix.wolfsteller at intevation.de Fri Aug 21 11:33:14 2009 From: felix.wolfsteller at intevation.de (Felix Wolfsteller) Date: Fri, 21 Aug 2009 11:33:14 +0200 Subject: [Openvas-devel] CR #37: Make openvas-client depend on openvas-libraries - Call for vote Message-ID: <200908211133.14862.felix.wolfsteller@intevation.de> Hi all I'd like to call for votes for Change Request #37 - "Make openvas-client depend on openvas-libraries" (http://openvas.org/openvas-cr-37.html). It walks along nicely with Change Request #38 - "Reorganize openvas-libraries" (http://openvas.org/openvas-cr-38.html). I mistakenly started working on it a bit (committed one patch already) and than found out that we actually did not yet had an agreement. This should not hinder you to share objections if you have some. I decided to vote +1. Happy voting, -- felix -- Felix Wolfsteller | ++49-541-335 08 3451 | http://www.intevation.de/ PGP Key: 39DE0100 Intevation GmbH, Neuer Graben 17, 49074 Osnabr?ck | AG Osnabr?ck, HR B 18998 Gesch?ftsf?hrer: Frank Koormann, Bernhard Reiter, Dr. Jan-Oliver Wagner From michael.wiegand at intevation.de Fri Aug 21 11:43:36 2009 From: michael.wiegand at intevation.de (Michael Wiegand) Date: Fri, 21 Aug 2009 11:43:36 +0200 Subject: [Openvas-devel] CR #37: Make openvas-client depend on openvas-libraries - Call for vote In-Reply-To: <200908211133.14862.felix.wolfsteller@intevation.de> References: <200908211133.14862.felix.wolfsteller@intevation.de> Message-ID: <20090821094335.GE15310@intevation.de> * Felix Wolfsteller [21. Aug 2009]: > Hi all > I'd like to call for votes for Change Request #37 - "Make openvas-client > depend on openvas-libraries" (http://openvas.org/openvas-cr-37.html). +1. Regards, Michael -- Michael Wiegand | OpenPGP: D7D049EC | Intevation GmbH - www.intevation.de Neuer Graben 17, 49074 Osnabr?ck, Germany | AG Osnabr?ck, HR B 18998 Gesch?ftsf?hrer: Frank Koormann, Bernhard Reiter, Dr. Jan-Oliver Wagner -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 198 bytes Desc: not available Url : http://lists.wald.intevation.org/pipermail/openvas-devel/attachments/20090821/c9c7f1ea/attachment.pgp From mmundell at intevation.de Fri Aug 21 11:52:05 2009 From: mmundell at intevation.de (Matthew Mundell) Date: 21 Aug 2009 09:51:05 -0001 Subject: [Openvas-devel] CR #37: Make openvas-client depend on openvas-libraries - Call for vote In-Reply-To: Message of Fri, 21 Aug 2009 11:33:14 +0200. <200908211133.14862.felix.wolfsteller@intevation.de> Message-ID: <20090821095207.2B583DECFD@mail.ukfsn.org> +1 -- Intevation GmbH, Neuer Graben 17, 49074 Osnabr?ck | AG Osnabr?ck, HR B 18998 Gesch?ftsf?hrer: Frank Koormann, Bernhard Reiter, Dr. Jan-Oliver Wagner From Jan-Oliver.Wagner at greenbone.net Fri Aug 21 16:46:39 2009 From: Jan-Oliver.Wagner at greenbone.net (Jan-Oliver Wagner) Date: Fri, 21 Aug 2009 16:46:39 +0200 Subject: [Openvas-devel] CR #37: Make openvas-client depend on openvas-libraries - Call for vote In-Reply-To: <200908211133.14862.felix.wolfsteller@intevation.de> References: <200908211133.14862.felix.wolfsteller@intevation.de> Message-ID: <200908211646.40541.Jan-Oliver.Wagner@greenbone.net> On Freitag, 21. August 2009, Felix Wolfsteller wrote: > I'd like to call for votes for Change Request #37 - "Make openvas-client > depend on openvas-libraries" (http://openvas.org/openvas-cr-37.html). > > It walks along nicely with Change Request #38 - "Reorganize openvas-libraries" > (http://openvas.org/openvas-cr-38.html). > > I mistakenly started working on it a bit (committed one patch already) and > than found out that we actually did not yet had an agreement. +1 This is a long-standing wish and IIRC on DevCon2 it was generally agreed to go this step. Best Jan -- Dr. Jan-Oliver Wagner | ++49-541-335084-0 | http://www.greenbone.net/ Greenbone Networks GmbH, Neuer Graben 17, 49074 Osnabr?ck | AG Osnabr?ck, HR B 202460 Gesch?ftsf?hrer: Lukas Grunwald, Dr. Jan-Oliver Wagner From bitdealer at gmail.com Sun Aug 23 13:14:51 2009 From: bitdealer at gmail.com (Stephan Kleine) Date: Sun, 23 Aug 2009 13:14:51 +0200 Subject: [Openvas-devel] Review request: patch for -Werror=format-security in openvas-client Message-ID: Hi. Thanks to Tim fixing the PRINT macro I poked it a bit more and came up with the attached patch which makes -client compile on Mandriva 2009.1. Please review it, let me know if it is ok and apply to trunk if it is. Thanks, Stephan -------------- next part -------------- A non-text attachment was scrubbed... Name: openvas-client-format-security-2.0.5.patch Type: text/x-patch Size: 1845 bytes Desc: not available Url : http://lists.wald.intevation.org/pipermail/openvas-devel/attachments/20090823/142a11a3/openvas-client-format-security-2.0.5.bin From bitdealer at gmail.com Sun Aug 23 17:32:37 2009 From: bitdealer at gmail.com (Stephan Kleine) Date: Sun, 23 Aug 2009 17:32:37 +0200 Subject: [Openvas-devel] Review request: patch for -Werror=format-security in openvas-libraries Message-ID: The attached patch fixes compilation of openvas-libraries with -Werror=format-security. Please review and apply to trunk if acceptable. Also let me know the outcome. Thanks a lot in advance. Stephan -------------- next part -------------- A non-text attachment was scrubbed... Name: openvas-libraries-format-security-2.0.4.patch Type: text/x-patch Size: 430 bytes Desc: not available Url : http://lists.wald.intevation.org/pipermail/openvas-devel/attachments/20090823/c99695bb/openvas-libraries-format-security-2.0.4.bin From openvas-bugs at wald.intevation.org Sun Aug 23 00:00:52 2009 From: openvas-bugs at wald.intevation.org (openvas-bugs@wald.intevation.org) Date: Sun, 23 Aug 2009 00:00:52 +0200 (CEST) Subject: [Openvas-devel] =?utf-8?q?=5Bopenvas-Bugs=5D=5B1100=5D_openvas-li?= =?utf-8?q?bnasl=3A_gcrypt=2Eh_not_found?= Message-ID: <20090822220052.888B985C72EB@pyrosoma.intevation.org> Bugs item #1100, was opened at 2009-08-22 16:00 Status: Open Priority: 3 Submitted By: Ryan Schmidt (ryandesign) Assigned to: Nobody (None) Summary: openvas-libnasl: gcrypt.h not found Architecture: None Resolution: None Severity: blocker Version: v2.0.2 Component: openvas-libnasl Operating System: MacOS X Product: OpenVAS Hardware: Macintosh URL: Initial Comment: openvas-libnasl 2.0.2 fails to configure on my Mac OS X 10.4.11 Intel system with this message: checking gcrypt.h usability... no checking gcrypt.h presence... no checking for gcrypt.h... no configure: error: "gcrypt.h not found" There was no problem with openvas-libnasl 2.0.1 which did not include any checks for gcrypt. openvas-libraries 2.0.4 built just fine and its configure output says: checking gcrypt.h usability... yes checking gcrypt.h presence... yes checking for gcrypt.h... yes gcrypt.h is located in the expected place: $ locate gcrypt.h /mp/include/gcrypt.h /mp/var/macports/software/libgcrypt/1.4.4_0/mp/include/gcrypt.h (/mp is my prefix) ---------------------------------------------------------------------- You can respond by visiting: http://wald.intevation.org/tracker/?func=detail&atid=220&aid=1100&group_id=29 From timb at openvas.org Sun Aug 23 22:02:53 2009 From: timb at openvas.org (Tim Brown) Date: Sun, 23 Aug 2009 21:02:53 +0100 Subject: [Openvas-devel] Review request: patch for -Werror=format-security in openvas-libraries In-Reply-To: References: Message-ID: <200908232102.56012.timb@openvas.org> On Sunday 23 August 2009 16:32:37 Stephan Kleine wrote: > The attached patch fixes compilation of openvas-libraries with > -Werror=format-security. > > Please review and apply to trunk if acceptable. Also let me know the > outcome. > > Thanks a lot in advance. > Stephan Committed. Tim -- Tim Brown From timb at machine.org.uk Sun Aug 23 22:10:09 2009 From: timb at machine.org.uk (Tim Brown) Date: Sun, 23 Aug 2009 21:10:09 +0100 Subject: [Openvas-devel] Review request: patch for -Werror=format-security in openvas-client In-Reply-To: References: Message-ID: <200908232110.12237.timb@machine.org.uk> On Sunday 23 August 2009 12:14:51 Stephan Kleine wrote: > Hi. > > Thanks to Tim fixing the PRINT macro I poked it a bit more and came up > with the attached patch which makes -client compile on Mandriva > 2009.1. > > Please review it, let me know if it is ok and apply to trunk if it is. > > Thanks, > Stephan Committed. Tim -- Tim Brown From bchandra at secpod.com Mon Aug 24 14:51:27 2009 From: bchandra at secpod.com (Chandrashekhar B) Date: Mon, 24 Aug 2009 18:21:27 +0530 Subject: [Openvas-devel] CR #37: Make openvas-client depend onopenvas-libraries - Call for vote In-Reply-To: <200908211133.14862.felix.wolfsteller@intevation.de> References: <200908211133.14862.felix.wolfsteller@intevation.de> Message-ID: <9D130764DBFF44E794BDDDC75D35448D@bchandra> +1 -----Original Message----- From: openvas-devel-bounces at wald.intevation.org [mailto:openvas-devel-bounces at wald.intevation.org] On Behalf Of Felix Wolfsteller Sent: Friday, August 21, 2009 3:03 PM To: openvas-devel at wald.intevation.org Subject: [Openvas-devel] CR #37: Make openvas-client depend onopenvas-libraries - Call for vote Hi all I'd like to call for votes for Change Request #37 - "Make openvas-client depend on openvas-libraries" (http://openvas.org/openvas-cr-37.html). It walks along nicely with Change Request #38 - "Reorganize openvas-libraries" (http://openvas.org/openvas-cr-38.html). I mistakenly started working on it a bit (committed one patch already) and than found out that we actually did not yet had an agreement. This should not hinder you to share objections if you have some. I decided to vote +1. Happy voting, -- felix -- Felix Wolfsteller | ++49-541-335 08 3451 | http://www.intevation.de/ PGP Key: 39DE0100 Intevation GmbH, Neuer Graben 17, 49074 Osnabr?ck | AG Osnabr?ck, HR B 18998 Gesch?ftsf?hrer: Frank Koormann, Bernhard Reiter, Dr. Jan-Oliver Wagner _______________________________________________ Openvas-devel mailing list Openvas-devel at wald.intevation.org http://lists.wald.intevation.org/mailman/listinfo/openvas-devel From Jan-Oliver.Wagner at greenbone.net Tue Aug 25 12:30:45 2009 From: Jan-Oliver.Wagner at greenbone.net (Jan-Oliver Wagner) Date: Tue, 25 Aug 2009 12:30:45 +0200 Subject: [Openvas-devel] Hardening OpenVAS's crypto implementation In-Reply-To: <200908202343.06433.timb@openvas.org> References: <200908202343.06433.timb@openvas.org> Message-ID: <200908251230.45977.Jan-Oliver.Wagner@greenbone.net> On Freitag, 21. August 2009, Tim Brown wrote: > I've been having a look at how OpenVAS currently does crypto (primarily around > the client/server SSL and plugin validation) and it strikes me that we have a > significant over reliance on MD5 both for validating certificates and for > validating plugins. For those of you that may not be aware MD5 is subject to > significant collision attacks[1] that make it unsuitable for such purposes. > > Changing how we validate plugins may require changes to the protocol and > should therefore be formalised in a change request, however in the mean time, > I would like to change how certificates are handled as soon as can reasonably > be done and am interested in your opinions on this. can you detail the proposed changes for the meantime a bit more? Best Jan -- Dr. Jan-Oliver Wagner | ++49-541-335084-0 | http://www.greenbone.net/ Greenbone Networks GmbH, Neuer Graben 17, 49074 Osnabr?ck | AG Osnabr?ck, HR B 202460 Gesch?ftsf?hrer: Lukas Grunwald, Dr. Jan-Oliver Wagner From openvas-bugs at wald.intevation.org Tue Aug 25 12:07:02 2009 From: openvas-bugs at wald.intevation.org (openvas-bugs@wald.intevation.org) Date: Tue, 25 Aug 2009 12:07:02 +0200 (CEST) Subject: [Openvas-devel] =?utf-8?q?=5Bopenvas-Bugs=5D=5B1101=5D_openvas-na?= =?utf-8?q?sl_doesnt_correctly_read_files_from_given_relative_path?= Message-ID: <20090825100702.78D4C865F473@pyrosoma.intevation.org> Bugs item #1101, was opened at 2009-08-25 10:07 Status: Open Priority: 3 Submitted By: Felix Wolfsteller (felix) Assigned to: Nobody (None) Summary: openvas-nasl doesnt correctly read files from given relative path Architecture: None Resolution: None Severity: enhancement Version: None Component: openvas-libnasl Operating System: None Product: OpenVAS Hardware: None URL: Initial Comment: Given an argument with relative path (at least if it starts with '..'), openvas-nasl fails with: $ openvas-nasl -p ../otherfolder/nvt.nasl ../otherfolder/nvt.nasl/: Not able to open nor to locate it in include paths If i give an absolute path it works fine. ---------------------------------------------------------------------- You can respond by visiting: http://wald.intevation.org/tracker/?func=detail&atid=220&aid=1101&group_id=29 From bitdealer at gmail.com Tue Aug 25 19:18:30 2009 From: bitdealer at gmail.com (Stephan Kleine) Date: Tue, 25 Aug 2009 19:18:30 +0200 Subject: [Openvas-devel] Review request: patch for -Werror=format-security in openvas-server Message-ID: Hi guys. The attached patch fixes openvas-server compilation with -Werror=format-security. Please review it and apply to trunk if acceptable. Also let me know the outcome. If it is fine I'm pretty happy to say that it now also builds for Mandriva 2009.1. Only issues I have is that I have to run aclocal & autoconf for -libraries, -libnasl and -plugins cause it fails with /home/abuild/rpmbuild/BUILD/openvas-plugins-1.0.7/libtool: line 466: CDPATH: command not found /home/abuild/rpmbuild/BUILD/openvas-plugins-1.0.7/libtool: line 1144: func_opt_split: command not found libtool: Version mismatch error. This is libtool 2.2.6, but the libtool: definition of this LT_INIT comes from an older release. libtool: You should recreate aclocal.m4 with macros from libtool 2.2.6 libtool: and run autoconf again. make[1]: *** [synscan.nes] Error 63 It would be great if you could fix that by updating your autoconf stuff. FWIW: Regarding the hardening: Mandriva 2009.1 uses "-z -Wl,relro" so that's somehow tested now as well. Regards, Stephan -------------- next part -------------- A non-text attachment was scrubbed... Name: openvas-server-format-security-2.0.3.patch Type: text/x-patch Size: 664 bytes Desc: not available Url : http://lists.wald.intevation.org/pipermail/openvas-devel/attachments/20090825/87ca008d/openvas-server-format-security-2.0.3.bin From timb at openvas.org Tue Aug 25 22:12:53 2009 From: timb at openvas.org (Tim Brown) Date: Tue, 25 Aug 2009 21:12:53 +0100 Subject: [Openvas-devel] Review request: patch for -Werror=format-security in openvas-server In-Reply-To: References: Message-ID: <200908252112.56697.timb@openvas.org> On Tuesday 25 August 2009 18:18:30 Stephan Kleine wrote: > Hi guys. > > The attached patch fixes openvas-server compilation with > -Werror=format-security. > > Please review it and apply to trunk if acceptable. Also let me know the > outcome. > > If it is fine I'm pretty happy to say that it now also builds for > Mandriva 2009.1. Only issues I have is that I have to run aclocal & > autoconf for -libraries, -libnasl and -plugins cause it fails with > > > /home/abuild/rpmbuild/BUILD/openvas-plugins-1.0.7/libtool: line 466: > CDPATH: command not found > /home/abuild/rpmbuild/BUILD/openvas-plugins-1.0.7/libtool: line 1144: > func_opt_split: command not found > libtool: Version mismatch error. This is libtool 2.2.6, but the > libtool: definition of this LT_INIT comes from an older release. > libtool: You should recreate aclocal.m4 with macros from libtool 2.2.6 > libtool: and run autoconf again. > make[1]: *** [synscan.nes] Error 63 > > > It would be great if you could fix that by updating your autoconf stuff. > > FWIW: Regarding the hardening: Mandriva 2009.1 uses "-z -Wl,relro" so > that's somehow tested now as well. > > Regards, > Stephan Committed. Thanks Stephan. -- Tim Brown From geoff at galitz.org Wed Aug 26 09:50:41 2009 From: geoff at galitz.org (Geoff Galitz) Date: Wed, 26 Aug 2009 09:50:41 +0200 Subject: [Openvas-devel] CR #37: Make openvas-client dependonopenvas-libraries - Call for vote In-Reply-To: <9D130764DBFF44E794BDDDC75D35448D@bchandra> References: <200908211133.14862.felix.wolfsteller@intevation.de> <9D130764DBFF44E794BDDDC75D35448D@bchandra> Message-ID: <948EEB18147A4525A8BFED8F3F915DAA@geoffPC> +1 I'm a little hesitant as I tend to disfavor increasing dependencies whenever possible... but the benefits outweigh the penalty in this case. OpenVAS-Libraries is lightweight and installs easily, mitigating the overhead involved. Are the duplications in code really necessary? Were they put in place before standardized libraries were available for these functions? -geoff --------------------------------- Geoff Galitz Blankenheim NRW, Germany http://www.galitz.org/ http://german-way.com/blog/ > -----Original Message----- > From: openvas-devel-bounces at wald.intevation.org [mailto:openvas-devel- > bounces at wald.intevation.org] On Behalf Of Chandrashekhar B > Sent: Montag, 24. August 2009 14:51 > To: 'Felix Wolfsteller'; openvas-devel at wald.intevation.org > Subject: Re: [Openvas-devel] CR #37: Make openvas-client dependonopenvas- > libraries - Call for vote > > +1 > > -----Original Message----- > From: openvas-devel-bounces at wald.intevation.org > [mailto:openvas-devel-bounces at wald.intevation.org] On Behalf Of Felix > Wolfsteller > Sent: Friday, August 21, 2009 3:03 PM > To: openvas-devel at wald.intevation.org > Subject: [Openvas-devel] CR #37: Make openvas-client depend > onopenvas-libraries - Call for vote > > Hi all > I'd like to call for votes for Change Request #37 - "Make openvas-client > depend on openvas-libraries" (http://openvas.org/openvas-cr-37.html). > > It walks along nicely with Change Request #38 - "Reorganize > openvas-libraries" > (http://openvas.org/openvas-cr-38.html). > > I mistakenly started working on it a bit (committed one patch already) and > than found out that we actually did not yet had an agreement. > > This should not hinder you to share objections if you have some. > I decided to vote +1. > > Happy voting, > -- felix > > > -- > Felix Wolfsteller | ++49-541-335 08 3451 | http://www.intevation.de/ > PGP Key: 39DE0100 > Intevation GmbH, Neuer Graben 17, 49074 Osnabr?ck | AG Osnabr?ck, HR B > 18998 > Gesch?ftsf?hrer: Frank Koormann, Bernhard Reiter, Dr. Jan-Oliver Wagner > _______________________________________________ > Openvas-devel mailing list > Openvas-devel at wald.intevation.org > http://lists.wald.intevation.org/mailman/listinfo/openvas-devel > > _______________________________________________ > Openvas-devel mailing list > Openvas-devel at wald.intevation.org > http://lists.wald.intevation.org/mailman/listinfo/openvas-devel From felix.wolfsteller at intevation.de Wed Aug 26 10:29:45 2009 From: felix.wolfsteller at intevation.de (Felix Wolfsteller) Date: Wed, 26 Aug 2009 10:29:45 +0200 Subject: [Openvas-devel] CR #37: Make openvas-client dependonopenvas-libraries - Call for vote In-Reply-To: <948EEB18147A4525A8BFED8F3F915DAA@geoffPC> References: <200908211133.14862.felix.wolfsteller@intevation.de> <9D130764DBFF44E794BDDDC75D35448D@bchandra> <948EEB18147A4525A8BFED8F3F915DAA@geoffPC> Message-ID: <200908261029.45253.felix.wolfsteller@intevation.de> Hi Geoff On Wednesday 26 August 2009 09:50:41 Geoff Galitz wrote: > +1 > Are the duplications in code really necessary? Were they put in place > before standardized libraries were available for these functions? I do not know the history, but from plainly looking at the code to me it seems that there once was a dependency that has been cut, and developement diverged a little bit afterwards. Anyway, much better now :) -- felix > -geoff > > --------------------------------- > Geoff Galitz > Blankenheim NRW, Germany > http://www.galitz.org/ > http://german-way.com/blog/ > > > -----Original Message----- > > From: openvas-devel-bounces at wald.intevation.org [mailto:openvas-devel- > > bounces at wald.intevation.org] On Behalf Of Chandrashekhar B > > Sent: Montag, 24. August 2009 14:51 > > To: 'Felix Wolfsteller'; openvas-devel at wald.intevation.org > > Subject: Re: [Openvas-devel] CR #37: Make openvas-client dependonopenvas- > > libraries - Call for vote > > > > +1 > > > > -----Original Message----- > > From: openvas-devel-bounces at wald.intevation.org > > [mailto:openvas-devel-bounces at wald.intevation.org] On Behalf Of Felix > > Wolfsteller > > Sent: Friday, August 21, 2009 3:03 PM > > To: openvas-devel at wald.intevation.org > > Subject: [Openvas-devel] CR #37: Make openvas-client depend > > onopenvas-libraries - Call for vote > > > > Hi all > > I'd like to call for votes for Change Request #37 - "Make openvas-client > > depend on openvas-libraries" (http://openvas.org/openvas-cr-37.html). > > > > It walks along nicely with Change Request #38 - "Reorganize > > openvas-libraries" > > (http://openvas.org/openvas-cr-38.html). > > > > I mistakenly started working on it a bit (committed one patch already) > > and than found out that we actually did not yet had an agreement. > > > > This should not hinder you to share objections if you have some. > > I decided to vote +1. > > > > Happy voting, > > -- felix > > > > > > -- > > Felix Wolfsteller | ++49-541-335 08 3451 | http://www.intevation.de/ > > PGP Key: 39DE0100 > > Intevation GmbH, Neuer Graben 17, 49074 Osnabr?ck | AG Osnabr?ck, HR B > > 18998 > > Gesch?ftsf?hrer: Frank Koormann, Bernhard Reiter, Dr. Jan-Oliver Wagner > > _______________________________________________ > > Openvas-devel mailing list > > Openvas-devel at wald.intevation.org > > http://lists.wald.intevation.org/mailman/listinfo/openvas-devel > > > > _______________________________________________ > > Openvas-devel mailing list > > Openvas-devel at wald.intevation.org > > http://lists.wald.intevation.org/mailman/listinfo/openvas-devel > > _______________________________________________ > Openvas-devel mailing list > Openvas-devel at wald.intevation.org > http://lists.wald.intevation.org/mailman/listinfo/openvas-devel -- Felix Wolfsteller | ++49-541-335 08 3451 | http://www.intevation.de/ PGP Key: 39DE0100 Intevation GmbH, Neuer Graben 17, 49074 Osnabr?ck | AG Osnabr?ck, HR B 18998 Gesch?ftsf?hrer: Frank Koormann, Bernhard Reiter, Dr. Jan-Oliver Wagner From felix.wolfsteller at intevation.de Fri Aug 28 11:35:16 2009 From: felix.wolfsteller at intevation.de (Felix Wolfsteller) Date: Fri, 28 Aug 2009 11:35:16 +0200 Subject: [Openvas-devel] Attention, possible trunk breaking actions during CR #38 implementation Message-ID: <200908281135.16248.felix.wolfsteller@intevation.de> Hi all While implementing the changes of CR #38 (http://www.openvas.org/openvas-cr-38.html), i cannot guarantee that trunk will always compile and link proper. I will attempt to resolve libnasl (goes into openvas-libraries/nasl) and switch to CMake next. At points, a autoconf && ./configure of all involved modules might help, at others it might not. Enjoy, Felix -- Felix Wolfsteller | ++49-541-335 08 3451 | http://www.intevation.de/ PGP Key: 39DE0100 Intevation GmbH, Neuer Graben 17, 49074 Osnabr?ck | AG Osnabr?ck, HR B 18998 Gesch?ftsf?hrer: Frank Koormann, Bernhard Reiter, Dr. Jan-Oliver Wagner From geoff at galitz.org Sat Aug 29 18:00:52 2009 From: geoff at galitz.org (Geoff Galitz) Date: Sat, 29 Aug 2009 18:00:52 +0200 Subject: [Openvas-devel] Customer OpenVAS deployment Message-ID: <488E54C6464D4BF181196B5CBF962387@geoffPC> Just an FYI... I deployed the first customer version of my OpenVAS virtual appliance last week. So far so good. It is built on a SUSE Enterprise Linux JeOS base. I also added fping for simple host discovery. I know other folks have done this kind of thing, but I figure the data would be helpful. I'd be happy to share notes if anyone wishes. -geoff --------------------------------- Geoff Galitz Blankenheim NRW, Germany http://www.galitz.org/ http://german-way.com/blog/ -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.wald.intevation.org/pipermail/openvas-devel/attachments/20090829/56e602bd/attachment.htm From openvas-bugs at wald.intevation.org Thu Aug 27 15:58:42 2009 From: openvas-bugs at wald.intevation.org (openvas-bugs@wald.intevation.org) Date: Thu, 27 Aug 2009 15:58:42 +0200 (CEST) Subject: [Openvas-devel] =?utf-8?q?=5Bopenvas-Bugs=5D=5B1106=5D_Missing_ma?= =?utf-8?q?npage_for_openvas-nvt-sync?= Message-ID: <20090827135842.374FD852BE23@pyrosoma.intevation.org> Bugs item #1106, was opened at 2009-08-27 13:58 Status: Open Priority: 3 Submitted By: Jan Wagner (waja) Assigned to: Nobody (None) Summary: Missing manpage for openvas-nvt-sync Architecture: None Resolution: None Severity: normal Version: None Component: openvas-server Operating System: None Product: OpenVAS Hardware: None URL: Initial Comment: Building latest package from trunk I recognized that openvas-nvt-sync is lacking a manpage: W: openvas-server: binary-without-manpage usr/sbin/openvas-nvt-sync Do you plan to provide one or not? (Even if there are no arguments) With kind regards, Jan. ---------------------------------------------------------------------- You can respond by visiting: http://wald.intevation.org/tracker/?func=detail&atid=220&aid=1106&group_id=29