From michael.wiegand at intevation.de Mon May 4 08:57:35 2009 From: michael.wiegand at intevation.de (Michael Wiegand) Date: Mon, 4 May 2009 08:57:35 +0200 Subject: [Openvas-devel] [Openvas-commits] r3223 - in trunk/openvas-plugins: . scripts In-Reply-To: <20090430215521.86255408AF@pyrosoma.intevation.org> References: <20090430215521.86255408AF@pyrosoma.intevation.org> Message-ID: <20090504065735.GD8829@intevation.de> * scm-commit at wald.intevation.org [30. Apr 2009]: > +include("revision-lib.inc"); The script you committed did not load because revision-lib.inc does not exist. I assume you mean revisions-lib.inc, I've corrected your script in the SVN repository. Please do try to test your plugins before you commit them and make sure they are in a working state. Regards, Michael -- Michael Wiegand | OpenPGP: D7D049EC | Intevation GmbH - www.intevation.de Neuer Graben 17, 49074 Osnabr?ck, Germany | AG Osnabr?ck, HR B 18998 Gesch?ftsf?hrer: Frank Koormann, Bernhard Reiter, Dr. Jan-Oliver Wagner -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 198 bytes Desc: not available Url : http://lists.wald.intevation.org/pipermail/openvas-devel/attachments/20090504/2422d32b/attachment.pgp From christian.edjenguele at owasp.org Mon May 4 09:09:52 2009 From: christian.edjenguele at owasp.org (Christian Edjenguele) Date: Mon, 4 May 2009 09:09:52 +0200 Subject: [Openvas-devel] [Openvas-commits] r3223 - in trunk/openvas-plugins: . scripts In-Reply-To: <20090504065735.GD8829@intevation.de> References: <20090430215521.86255408AF@pyrosoma.intevation.org> <20090504065735.GD8829@intevation.de> Message-ID: Ok thanks. On Mon, May 4, 2009 at 8:57 AM, Michael Wiegand < michael.wiegand at intevation.de> wrote: > * scm-commit at wald.intevation.org [30. Apr 2009]: > > +include("revision-lib.inc"); > > The script you committed did not load because revision-lib.inc does not > exist. I assume you mean revisions-lib.inc, I've corrected your script > in the SVN repository. > > Please do try to test your plugins before you commit them and make sure > they are in a working state. > > Regards, > > Michael > > -- > Michael Wiegand | OpenPGP: D7D049EC | Intevation GmbH - www.intevation.de > Neuer Graben 17, 49074 Osnabr?ck, Germany | AG Osnabr?ck, HR B 18998 > Gesch?ftsf?hrer: Frank Koormann, Bernhard Reiter, Dr. Jan-Oliver Wagner > > _______________________________________________ > Openvas-devel mailing list > Openvas-devel at wald.intevation.org > http://lists.wald.intevation.org/mailman/listinfo/openvas-devel > > -- -- Christian Eric Edjenguele IT Security Software Engineer / Enterprise Software Architect Mobile: +39 3408580513 PGP KeyID: B1654498 Primary Key Server: pgp.mit.edu -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.wald.intevation.org/pipermail/openvas-devel/attachments/20090504/a9500e55/attachment.html From felix.wolfsteller at intevation.de Mon May 4 09:17:11 2009 From: felix.wolfsteller at intevation.de (Felix Wolfsteller) Date: Mon, 4 May 2009 09:17:11 +0200 Subject: [Openvas-devel] CfV: CR #31 - Removing support for plaintext password storage In-Reply-To: <20090429135417.GC15363@intevation.de> References: <20090429135417.GC15363@intevation.de> Message-ID: <200905040917.11300.felix.wolfsteller@intevation.de> +1 -- felix On Wednesday 29 April 2009 15:54:17 Michael Wiegand wrote: > Hello, > > while refactoring the OpenVAS user creation for the > openvas-config-manager module, I noticed that the openvas-adduser script > shipped with openvas-server will under certain conditions store the > password of the new user as plaintext. > > You can read more details on this issue in the change request I've > prepared: > http://www.openvas.org/openvas-cr-31.html > > Removing this "feature" as described in the CR will take very little > effort and will not break compatibility with existing installations. > > Since I'd like to start working on this ASAP, I'd like to call for votes > regarding this CR. Please respond to this mail on openvas-devel and > indicate if you are in favor of this CR (+1), don't care (+-0) or are > against it (-1). Thank you! > > Regards, > > Michael -- Felix Wolfsteller | ++49-541-335 08 3451 | http://www.intevation.de/ PGP Key: 39DE0100 Intevation GmbH, Neuer Graben 17, 49074 Osnabr?ck | AG Osnabr?ck, HR B 18998 Gesch?ftsf?hrer: Frank Koormann, Bernhard Reiter, Dr. Jan-Oliver Wagner From michael.wiegand at intevation.de Mon May 4 09:35:44 2009 From: michael.wiegand at intevation.de (Michael Wiegand) Date: Mon, 4 May 2009 09:35:44 +0200 Subject: [Openvas-devel] CfV: CR #31 - Removing support for plaintext password storage In-Reply-To: <20090429135417.GC15363@intevation.de> References: <20090429135417.GC15363@intevation.de> Message-ID: <20090504073544.GF8829@intevation.de> * Michael Wiegand [29. Apr 2009]: > Since I'd like to start working on this ASAP, I'd like to call for votes > regarding this CR. Please respond to this mail on openvas-devel and > indicate if you are in favor of this CR (+1), don't care (+-0) or are > against it (-1). Thank you! As of now, the vote count has reached +7. I have closed the vote and updated the CR status accordingly. I will implement the first step of the CR soon, in any case before the next openvas-server release. The next server release will still be able to use the plaintext passwords, but will no longer create them and will complain if it finds plaintext passwords. The release after that will no longer support any plaintext password storage. Feel free to contact me if you have any questions or suggestions. Regards, Michael -- Michael Wiegand | OpenPGP: D7D049EC | Intevation GmbH - www.intevation.de Neuer Graben 17, 49074 Osnabr?ck, Germany | AG Osnabr?ck, HR B 18998 Gesch?ftsf?hrer: Frank Koormann, Bernhard Reiter, Dr. Jan-Oliver Wagner -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 198 bytes Desc: not available Url : http://lists.wald.intevation.org/pipermail/openvas-devel/attachments/20090504/4437c89e/attachment.pgp From jan-oliver.wagner at intevation.de Tue May 5 07:48:44 2009 From: jan-oliver.wagner at intevation.de (Jan-Oliver Wagner) Date: Tue, 5 May 2009 07:48:44 +0200 Subject: [Openvas-devel] Discontinuing openvas-plugins tarball? In-Reply-To: <20090423081146.GB11585@intevation.de> References: <20090423081146.GB11585@intevation.de> Message-ID: <200905050748.44501.jan-oliver.wagner@intevation.de> Hello, On Thursday 23 April 2009 10:11:46 Michael Wiegand wrote: > Jan and I have been thinking about discontinuing the release of > openvas-plugins tarballs and distributing the plugins only through the > existing Feed Services. >... from the feedback so far I do not see a real issue with the proposal. The workplan could be as follows: * have a final openvas-plugins release (add a test to configure environment that will stop in case of openvas-server >= 2.1.0 is installed, with the hint that from openvas-server >= 2.1.0 on openvas-plugins is not needed any more) * move the nvt sync script and the C-Plugins over to openvas-server * add a note to the documentation of openvas-server how to get the NASL NVTs (sync or tar ball). This should also be the recommendations to packagers. Packagers shoulds be made aware that 2.1 conflicts with presence of openvas-plugins. * Increase openvas-server version to 2.1.0 to indicate the change. Add a test for configure.in that sends an error about presence of installed openvas-plugins module (not execatly sure how to identify this precisely). * install a (semi)-automatic routine on our feed server that creates a tarball from the feed ("openvas-nvt-feed-snapshot-20090505.tar.gz") perhaps with a symbolic link "openvas-nvt-feed-snapshot-current.tar.gz". If no one objects, I propose to formulate this into a Change Request and go for a vote. Best Jan -- Dr. Jan-Oliver Wagner | ++49-541-335 08 30 | http://www.intevation.de/ Intevation GmbH, Neuer Graben 17, 49074 Osnabr?ck | AG Osnabr?ck, HR B 18998 Gesch?ftsf?hrer: Frank Koormann, Bernhard Reiter, Dr. Jan-Oliver Wagner From jan-oliver.wagner at intevation.de Tue May 5 08:46:42 2009 From: jan-oliver.wagner at intevation.de (Jan-Oliver Wagner) Date: Tue, 5 May 2009 08:46:42 +0200 Subject: [Openvas-devel] Hamonized Logging (CR #29) In-Reply-To: <1240925121.4024.31.camel@hyperion.penguinlabs.co.ke> References: <200904271144.01757.jan-oliver.wagner@intevation.de> <200904280903.32773.jan-oliver.wagner@intevation.de> <1240925121.4024.31.camel@hyperion.penguinlabs.co.ke> Message-ID: <200905050846.43543.jan-oliver.wagner@intevation.de> On Tuesday 28 April 2009 15:25:21 Laban Mwangi wrote: > On Tue, 2009-04-28 at 09:03 +0200, Jan-Oliver Wagner wrote: > > * we should hasve "log_domain" a configuration option in openvasd.conf > > rather than a compiletime option > > * We should us variables for g_log like "log_domain_nasl", > > "log_domain_otp", > > "log_domain_ssl", etc. In normal case all point to the same > > log_domain, but then it is easier to set a focus on a specific topic in > > the future. > > OK no problem :) > > We then have an openvasd logging configuration file that defines: > - log domain > - log prepend string > - log file > - log level threshold hm, I was more envisoning that with the log domain the other params are fixed. "log_domain_otp" has its own file, level and prepend string. By default all should go into the same file with the same level and its own prepend strings. > These parameters can be specified in gkeyfile groups. >... > What we can then do is handle the message routing within the logger_func > based on the message log domain. this sounds as the way to go. > > * IIUC, the logger func can take care of PID, timestamp etc. > > So, actually, we can cut down many fprintf's to only the message. > > You haven't done so in the patch. Was that intentionally or by > > accident? > > I hadn't done the actual implementation but the timestamp,pid etc can be > done there. In my next patch I'll include that. thanks! > > * The openvas_logger_func needs a very precise documentation, so that > > it is well understood what will happen. > > Ok will do... :) great! > > * We should not forget that the compendium needs to be extended with > > a section for developers on how to use logging and which log_domains > > should be used. > > OK will do this too excellent. Can you add the results of our discuss to the Change Request and then call for a vote? Best Jan -- Dr. Jan-Oliver Wagner | ++49-541-335 08 30 | http://www.intevation.de/ Intevation GmbH, Neuer Graben 17, 49074 Osnabr?ck | AG Osnabr?ck, HR B 18998 Gesch?ftsf?hrer: Frank Koormann, Bernhard Reiter, Dr. Jan-Oliver Wagner From michael.wiegand at intevation.de Wed May 6 12:22:33 2009 From: michael.wiegand at intevation.de (Michael Wiegand) Date: Wed, 6 May 2009 12:22:33 +0200 Subject: [Openvas-devel] Discontinuing openvas-plugins tarball? In-Reply-To: <200905050748.44501.jan-oliver.wagner@intevation.de> References: <20090423081146.GB11585@intevation.de> <200905050748.44501.jan-oliver.wagner@intevation.de> Message-ID: <20090506102233.GC18348@intevation.de> * Jan-Oliver Wagner [ 5. May 2009]: > * install a (semi)-automatic routine on our feed server that creates > a tarball from the feed ("openvas-nvt-feed-snapshot-20090505.tar.gz") > perhaps with a symbolic link "openvas-nvt-feed-snapshot-current.tar.gz". While we are at it, we could implement another idea which has been floating around for some time: * Provide an RSS feed listing new and changed plugins. This would allow sync-scripts as well as other tools to identify new plugins and enable them to retrieve only those instead of the whole tarball, thus reducing the server load. This should be pretty simple if we are working on the Feed update routine anyway. Regards, Michael -- Michael Wiegand | OpenPGP: D7D049EC | Intevation GmbH - www.intevation.de Neuer Graben 17, 49074 Osnabr?ck, Germany | AG Osnabr?ck, HR B 18998 Gesch?ftsf?hrer: Frank Koormann, Bernhard Reiter, Dr. Jan-Oliver Wagner -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 198 bytes Desc: not available Url : http://lists.wald.intevation.org/pipermail/openvas-devel/attachments/20090506/67b04468/attachment.pgp From mime at gmx.de Wed May 6 22:05:10 2009 From: mime at gmx.de (Michael Meyer) Date: Wed, 6 May 2009 22:05:10 +0200 Subject: [Openvas-devel] [Openvas-commits] r2979 - in trunk/openvas-plugins: . scripts In-Reply-To: <20090401202916.AB1F84079E@pyrosoma.intevation.org> References: <20090401202916.AB1F84079E@pyrosoma.intevation.org> Message-ID: <20090506200510.GB12236@m2.homelinux.org> Hello Christian, *** scm-commit at wald.intevation.org wrote: >Author: edjenguele [...] > Added: > trunk/openvas-plugins/scripts/remote-detect-WindowsSharepointServices.nasl [...] > + xPoweredBy = eregmatch(pattern:"X-Powered-By: ([a-zA-Z.]+)",string:response, icase:TRUE); Header of a running "Sun GlassFish Enterprise Server": ,---| | X-Powered-By: Servlet/2.5, JSF/1.2 | Server: Sun GlassFish Enterprise Server v2.1 | Content-Type: text/html;charset=UTF-8 | Transfer-Encoding: chunked | Date: Wed, 06 May 2009 19:32:26 GMT `---| Output in OpenVAS-Report: ,---| | Reported by NVT "Windows SharePoint Services detection" (1.3.6.1.4.1.25623.1.0.101018): | | \nX-Powered-By: Servlet `---| It seems that you need a more accurate regex for xPoweredBy. ;-) Micha From christian.edjenguele at owasp.org Wed May 6 22:13:30 2009 From: christian.edjenguele at owasp.org (Christian Eric Edjenguele) Date: Wed, 06 May 2009 22:13:30 +0200 Subject: [Openvas-devel] [Openvas-commits] r2979 - in trunk/openvas-plugins: . scripts In-Reply-To: <20090506200510.GB12236@m2.homelinux.org> References: <20090401202916.AB1F84079E@pyrosoma.intevation.org> <20090506200510.GB12236@m2.homelinux.org> Message-ID: <4A01EF6A.10602@owasp.org> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Michael Meyer wrote: > Hello Christian, > > *** scm-commit at wald.intevation.org wrote: >> Author: edjenguele > > [...] > >> Added: >> trunk/openvas-plugins/scripts/remote-detect-WindowsSharepointServices.nasl > > [...] > >> + xPoweredBy = eregmatch(pattern:"X-Powered-By: ([a-zA-Z.]+)",string:response, icase:TRUE); > > Header of a running "Sun GlassFish Enterprise Server": > > ,---| > | X-Powered-By: Servlet/2.5, JSF/1.2 > | Server: Sun GlassFish Enterprise Server v2.1 > | Content-Type: text/html;charset=UTF-8 > | Transfer-Encoding: chunked > | Date: Wed, 06 May 2009 19:32:26 GMT > `---| > > Output in OpenVAS-Report: > > ,---| > | Reported by NVT "Windows SharePoint Services detection" (1.3.6.1.4.1.25623.1.0.101018): > | > | \nX-Powered-By: Servlet > `---| > > It seems that you need a more accurate regex for xPoweredBy. ;-) > > Micha } if(xPoweredBy){ set_kb_item(name:"ASPX/enabled", value:TRUE); report += "\n" + xPoweredBy[0]; } if ( report ) { security_note(port:port, data:report); } hello, the regex for X-powered is correct, the the position of the "security_note" isn't. I'll commit the changes. - -- Christian Eric Edjenguele IT Security Software Engineer / IT Enterprise Software Architect Mobile (IT): +39 3408580513 PGP KeyID: 0xB1654498 Key Server: http://pgp.mit.edu - -----BEGIN PGP PUBLIC KEY BLOCK----- Version: GnuPG v1.4.9 (GNU/Linux) mQENBEmka7IBCAC5e8/9BlCZR/3XHMO4DWHYoewaODmQypHqPaCfKR+BLTAy8xLZ eVJ0wwNwaLheZeLPfBqu3r/lp58xJhgYHm9gzihfqPbmJh4Dibc/d2XL9UQ1eshs K0JkTlvZtdK5Zo5VmeOZCWlKEMXzlg6HjuYUV4qokqD3qIj6/rhubjtrjlw/XA8P 6pGOFhsDZFXbn+lj80XhRdkObMnmWU6wdgJvEPx1vxvhV9D1sJgZz6FVoXAfTOb3 EjYpluEKdDod46hhF45UJ4Avc8q4DaXxmci5Kdx9rzF2tbvB3Ua6O7l5RaMGNZR2 QtVY65xVxRfAYF+yE3n+YkFQxWGlqVIajry/ABEBAAG0WkNocmlzdGlhbiBFcmlj IEVESkVOR1VFTEUgKElUIFNlY3VyaXR5IFNvZnR3YXJlIEVuZ2luZWVyKSA8Y2hy aXN0aWFuLmVkamVuZ3VlbGVAb3dhc3Aub3JnPokBNgQTAQIAIAUCSaRrsgIbAwYL CQgHAwIEFQIIAwQWAgMBAh4BAheAAAoJENETScWxZUSYS9QH+gOpYUPkon/D/eNm RLCbTaqJhSV6jRH9t+pomm6FiYgphCxDW96OpzA9BieiFEPHhVXAFcHkEBMlk/u0 wILqDNfBoZk3oCq0+/+Zc7z0zRZfgMHwB4czpqhUCrINEjLO0rb2Jff6Hh0C5S9w 8l+x9IiOG9hHNO8ftVr1sNHGDTAWNNZ+pcCt5ROhqiiqnZsvowO1TcDMKEGD9NTW BN+jLFGZRY9/MQsUkWoXBQ8K5S9AP1EPPbSTX68VTj0vINLTk2/XfsJlV9Vd9b7G NkhbAdrvujbqLHDSE3ALpx8sWKg2vPCUAxJJY6S6danpw/XPGKkpcSNfqn4k8sCV e+9MJSu5Ag0ESaRthQEQALEj8eO2WCRqhOHakHhpvGQ4tFEIDS6Z3mnBaNaMc9VM i89LNYvJOgOSnWvIu8EF6Ah+PnhOayb9E3wvH+0nfOwzp6XhDor7h8WLQNL+qzk3 cPxkxdfNDaQdyJclstUqa0nIaPOJgbIRs12N6bCxhAeOKffIkrIdDqjxshTI3S3z fq7choduX8tNHoFzIIl6T+4Q0QXMT8xu5MeBHr+vxlgqNUTWOQn6Q/B6QnrVzWDA gEq4Id45vN4j18iXGqMy8/xWQg3kRHaU563zx8u+7cjV81feMDbQiC6p6nqQHsD4 U07JIVDqjbJESLdeqju6HsNzYKohi/gxhsgouPXdFTrfgkWCklAGwqT7QE0ZnL/t SVC0xpmCLneXAxWGGo27zJKVJ1/iMUgi/i4R+u2K4eQbsBXXYwh0gSxwYReTyr+C 51ugKkvYjTy+U2Fedq3lXEVtnRV02zpO/LlpJR446jRAapVH+ZF9tGMoIHg5hATZ KEzGw9x19/wQSRumTvV0HAQ0lqWW9/0n2VuwI/Sh7YHQ2j/DhyF0blFrooGyIxd2 x5+Xu1PWlYwlUbu7ZsOw1V9cqL5yv5m+w4mL+h8ytHJHHL2Cg8/3qp/QxLT7CnfX fOHAjNxGkS/QfoxEhuSwigPi/Yd51wHcaOLyUdGceOZ79ciQtPgvCFdyrDrfDhSr ABEBAAGJAR8EGAECAAkFAkmkbYUCGwwACgkQ0RNJxbFlRJhbLAgAsCBA7KmGkTmQ mjPNA7Iig8tA5S9fYavbKydNQNxPpL47GLf9V3la4P2/LPLa3rH31Bt+ScfSqAKC 5/geB5BKwmQqRomsQpjhmrpBenPjYrUYG2dEB/BOMvOyvr3dTpWtAg5CwYYnHTNy yJn7dc7whiE94ZxqFdt58K0H5/H449/VHuCJue+uzy0ldrTK8VVpK6uGgrJc5kre 2bpdGVbALpC+yeNMyXCqgGigg9gu1iHXSSGgbQfW+AhsFpiN37fPq8zDNU2C8sp3 4Y45EYRmRCZ+0a9WSRnYALRZFdvjysKfRjP3o4Ax/d4cSi6v2pT93yfoA2TQMkLF E1MQObpE5A== =7VGF - -----END PGP PUBLIC KEY BLOCK----- -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iQEcBAEBAgAGBQJKAe9fAAoJENETScWxZUSYWi8H/R8U5DNQb+rOMpUw0UZCZ5qJ ayIvnnJJo9ilrc0cT7ulq6owMoX9zU2wnP3WF62QIz8EngMiHcl4bomaa5guiXiz 5LAxBF48LrtdN2TNr8NUJhreT0woo+VKz2EFeWpW08fjFBd9oNzqbVbm+9oJCIU6 JpkUq6yG9IyEotCgYDkfBy7KAxrGGF8NTiLo8xcdd14Jslg4omMScA05BDrlTvyx 5a5/h/PXpEpZemM/v0ycTu0msS3bsASdITzR05Ej8EgSgXKBCSnhRjQuImJRgbEc 2gGAWuidk7t8/lYvPhWoIsZ96RrS0/4RbLW+psCo22bXyPxpvEdN4QLX+fzcQN4= =R8Qv -----END PGP SIGNATURE----- From labeneator at gmail.com Thu May 7 13:51:03 2009 From: labeneator at gmail.com (Lmwangi) Date: Thu, 7 May 2009 14:51:03 +0300 Subject: [Openvas-devel] Hamonized Logging (CR #29) In-Reply-To: <200905050846.43543.jan-oliver.wagner@intevation.de> References: <200904271144.01757.jan-oliver.wagner@intevation.de> <200904280903.32773.jan-oliver.wagner@intevation.de> <1240925121.4024.31.camel@hyperion.penguinlabs.co.ke> <200905050846.43543.jan-oliver.wagner@intevation.de> Message-ID: <1e6e35b60905070451r70206a49y581dc07fe707072d@mail.gmail.com> Hi Jan/All, Seeing this message today :( Must be the weather ... :) It's raining at last. Please see my responses inline On Tue, May 5, 2009 at 9:46 AM, Jan-Oliver Wagner wrote: > On Tuesday 28 April 2009 15:25:21 Laban Mwangi wrote: >> On Tue, 2009-04-28 at 09:03 +0200, Jan-Oliver Wagner wrote: >> > * we should hasve "log_domain" a configuration option in openvasd.conf >> > ? ?rather than a compiletime option >> > * We should us variables for g_log like "log_domain_nasl", >> > "log_domain_otp", >> > ? ?"log_domain_ssl", etc. In normal case all point to the same >> > log_domain, but then it is easier to set a focus on a specific topic in >> > the future. >> >> OK no problem :) >> >> We then have an openvasd logging configuration file that defines: >> ? - log domain >> ? - log prepend string >> ? - log file >> ? - log level threshold > > hm, I was more envisoning that with the log domain the other params > are fixed. "log_domain_otp" has its own file, level and prepend string. > By default all should go into the same file with the same level and its > own prepend strings. > Hmm. Still not getting you. Please see the attached patch for a sample implementation >> These parameters can be specified in gkeyfile groups. >>... > >> What we can then do is handle the message routing within the logger_func >> based on the message log domain. > Can you add the results of our discuss to the Change Request and then > call for a vote? I want to merge the feedback from the second patch with this mail before I enhance the CR. > Here's a list of the changed files. $svn status |grep -v ? M openvasd/openvasd.c M openvasd/Makefile M configure M configure.in M openvas.tmpl.in A openvas_logging.conf M Makefile Patch comments - Logic to copy openvas_logging.conf only if it does not exist (A test -f should work) - May need to move the functions added to openvasd.c to log.c and log.h - You may need to edit libnasl to call glib's logging messages - Ideas for the logging influenced by the midgard project Regards, Laban -------------- next part -------------- A non-text attachment was scrubbed... Name: logging_rev2.patch Type: text/x-patch Size: 24256 bytes Desc: not available Url : http://lists.wald.intevation.org/pipermail/openvas-devel/attachments/20090507/c61c852b/logging_rev2-0001.bin From geoff at galitz.org Mon May 11 09:04:41 2009 From: geoff at galitz.org (Geoff Galitz) Date: Mon, 11 May 2009 09:04:41 +0200 Subject: [Openvas-devel] Compendium Edits Message-ID: <48F42A70F3AB42F2B561485AF7166E0A@geoffPC> A courtesy note: As I get into more technical and/or detailed material in the English version of the Compendium, developers may wish to check the material from time to time to make sure any edits do not drop any ideas or content that you feel is needed. If for any reason you don't like an edit I made, just let me know. -geoff --------------------------------- Geoff Galitz Blankenheim NRW, Germany http://www.galitz.org/ http://german-way.com/blog/ -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.wald.intevation.org/pipermail/openvas-devel/attachments/20090511/716274f3/attachment.htm From michael.wiegand at intevation.de Mon May 11 10:14:53 2009 From: michael.wiegand at intevation.de (Michael Wiegand) Date: Mon, 11 May 2009 10:14:53 +0200 Subject: [Openvas-devel] CfV: CR #31 - Removing support for?plaintext password storage In-Reply-To: <200904301639.28940.jan-oliver.wagner@intevation.de> References: <20090429135417.GC15363@intevation.de> <200904301016.26448.jan-oliver.wagner@intevation.de> <20090430082801.GB13966@intevation.de> <200904301639.28940.jan-oliver.wagner@intevation.de> Message-ID: <20090511081453.GO4060@intevation.de> * Jan-Oliver Wagner [30. Apr 2009]: > On Donnerstag, 30. April 2009, Michael Wiegand wrote: > > I would be pretty easy for me to provide a script for conversion as > > well; since we "know" the plaintext password, we can use it to build the > > corresponding auth/hash file and (re)move the auth/password file. > > the password possibly leaked and should not be re-used. Agreed, the password should not be re-used. But right now, there is no way to change the password of an existing user. This means that the server administrator would have to delete the existing user, which deletes all rules and KBs for this user as well. Of course an admin could backup and restore the user data. But a conversion script - which would prompt for a new password, store it securely and delete the old one - would make that process a lot easier. Opinions? Regards, Michael -- Michael Wiegand | OpenPGP: D7D049EC | Intevation GmbH - www.intevation.de Neuer Graben 17, 49074 Osnabr?ck, Germany | AG Osnabr?ck, HR B 18998 Gesch?ftsf?hrer: Frank Koormann, Bernhard Reiter, Dr. Jan-Oliver Wagner -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 198 bytes Desc: not available Url : http://lists.wald.intevation.org/pipermail/openvas-devel/attachments/20090511/c39febd8/attachment.pgp From geoff at galitz.org Mon May 11 10:48:29 2009 From: geoff at galitz.org (Geoff Galitz) Date: Mon, 11 May 2009 10:48:29 +0200 Subject: [Openvas-devel] CfV: CR #31 - Removing support for?plaintextpassword storage In-Reply-To: <20090511081453.GO4060@intevation.de> References: <20090429135417.GC15363@intevation.de><200904301016.26448.jan-oliver.wagner@intevation.de><20090430082801.GB13966@intevation.de><200904301639.28940.jan-oliver.wagner@intevation.de> <20090511081453.GO4060@intevation.de> Message-ID: <0D1FB9FDC87F43C19A95B14BE5D980EF@geoffPC> > ... But a conversion script - which would prompt for a new password, > store it securely and delete the old one - would make that process > a lot easier. As someone who has played the part of Systems Administrator, Security Administrator and an IT Developer the above idea seems best to me. It should be relatively fast and easy to implement and provides reasonable confidence that the password is secure. Of course, the script should compare the new password to the old one to make sure it is not re-used. Such things do happen. --------------------------------- Geoff Galitz Blankenheim NRW, Germany http://www.galitz.org/ http://german-way.com/blog/ From jan-oliver.wagner at intevation.de Mon May 11 14:02:19 2009 From: jan-oliver.wagner at intevation.de (Jan-Oliver Wagner) Date: Mon, 11 May 2009 14:02:19 +0200 Subject: [Openvas-devel] Voting on Bug #779 with 300 Euro, now 400 In-Reply-To: <200904291411.43773.jan-oliver.wagner@intevation.de> References: <200904291411.43773.jan-oliver.wagner@intevation.de> Message-ID: <200905111402.22232.jan-oliver.wagner@intevation.de> Hello, I increase my vote to 400 Euro ;-) Best Jan On Mittwoch, 29. April 2009, Jan-Oliver Wagner wrote: > bug #779 (concurrent checks problem)[1] is something I want to have > resolved as soon as possible. We have invested quite some time > into analysing the problem and now need to urgently care for other > OpenVAS-realated things. > > So, in lack of time, I offer to pay 300 Euro for ultimately resolving the bug. > > Best > > Jan > > > [1] http://bugs.openvas.com/779 -- Dr. Jan-Oliver Wagner | ++49-541-335083-0 | http://www.intevation.de/ Intevation GmbH, Neuer Graben 17, 49074 Osnabr?ck | AG Osnabr?ck, HR B 18998 Gesch?ftsf?hrer: Frank Koormann, Bernhard Reiter, Dr. Jan-Oliver Wagner From jan-oliver.wagner at intevation.de Mon May 11 14:04:39 2009 From: jan-oliver.wagner at intevation.de (Jan-Oliver Wagner) Date: Mon, 11 May 2009 14:04:39 +0200 Subject: [Openvas-devel] =?iso-8859-1?q?CfV=3A_CR_=2331_-_Removing_support?= =?iso-8859-1?q?=09for=3Fplaintext_password_storage?= In-Reply-To: <20090511081453.GO4060@intevation.de> References: <20090429135417.GC15363@intevation.de> <200904301639.28940.jan-oliver.wagner@intevation.de> <20090511081453.GO4060@intevation.de> Message-ID: <200905111404.42180.jan-oliver.wagner@intevation.de> On Montag, 11. Mai 2009, Michael Wiegand wrote: > * Jan-Oliver Wagner [30. Apr 2009]: > > On Donnerstag, 30. April 2009, Michael Wiegand wrote: > > > I would be pretty easy for me to provide a script for conversion as > > > well; since we "know" the plaintext password, we can use it to build the > > > corresponding auth/hash file and (re)move the auth/password file. > > > > the password possibly leaked and should not be re-used. > > Agreed, the password should not be re-used. > > But right now, there is no way to change the password of an existing > user. This means that the server administrator would have to delete the > existing user, which deletes all rules and KBs for this user as well. > > Of course an admin could backup and restore the user data. But a > conversion script - which would prompt for a new password, store it > securely and delete the old one - would make that process a lot easier. > > Opinions? openvas-config-manager should get an option to set a new password for a existing user. -- Dr. Jan-Oliver Wagner | ++49-541-335083-0 | http://www.intevation.de/ Intevation GmbH, Neuer Graben 17, 49074 Osnabr?ck | AG Osnabr?ck, HR B 18998 Gesch?ftsf?hrer: Frank Koormann, Bernhard Reiter, Dr. Jan-Oliver Wagner From christian.edjenguele at owasp.org Mon May 11 14:18:25 2009 From: christian.edjenguele at owasp.org (Christian Eric Edjenguele) Date: Mon, 11 May 2009 14:18:25 +0200 Subject: [Openvas-devel] Voting on Bug #779 with 300 Euro, now 400 In-Reply-To: <200905111402.22232.jan-oliver.wagner@intevation.de> References: <200904291411.43773.jan-oliver.wagner@intevation.de> <200905111402.22232.jan-oliver.wagner@intevation.de> Message-ID: <4A081791.8020100@owasp.org> I've a question: do you consider a newly implemented routine/function or just a bug fix of the existing one ? Jan-Oliver Wagner wrote: > Hello, > > I increase my vote to 400 Euro ;-) > > Best > > Jan > > On Mittwoch, 29. April 2009, Jan-Oliver Wagner wrote: >> bug #779 (concurrent checks problem)[1] is something I want to have >> resolved as soon as possible. We have invested quite some time >> into analysing the problem and now need to urgently care for other >> OpenVAS-realated things. >> >> So, in lack of time, I offer to pay 300 Euro for ultimately resolving the bug. >> >> Best >> >> Jan >> >> >> [1] http://bugs.openvas.com/779 > -- Christian Eric Edjenguele IT Security Software Engineer / IT Enterprise Software Architect Mobile (IT): +39 3408580513 PGP KeyID: 0xB1654498 Key Server: http://pgp.mit.edu -----BEGIN PGP PUBLIC KEY BLOCK----- Version: GnuPG v1.4.9 (GNU/Linux) mQENBEmka7IBCAC5e8/9BlCZR/3XHMO4DWHYoewaODmQypHqPaCfKR+BLTAy8xLZ eVJ0wwNwaLheZeLPfBqu3r/lp58xJhgYHm9gzihfqPbmJh4Dibc/d2XL9UQ1eshs K0JkTlvZtdK5Zo5VmeOZCWlKEMXzlg6HjuYUV4qokqD3qIj6/rhubjtrjlw/XA8P 6pGOFhsDZFXbn+lj80XhRdkObMnmWU6wdgJvEPx1vxvhV9D1sJgZz6FVoXAfTOb3 EjYpluEKdDod46hhF45UJ4Avc8q4DaXxmci5Kdx9rzF2tbvB3Ua6O7l5RaMGNZR2 QtVY65xVxRfAYF+yE3n+YkFQxWGlqVIajry/ABEBAAG0WkNocmlzdGlhbiBFcmlj IEVESkVOR1VFTEUgKElUIFNlY3VyaXR5IFNvZnR3YXJlIEVuZ2luZWVyKSA8Y2hy aXN0aWFuLmVkamVuZ3VlbGVAb3dhc3Aub3JnPokBNgQTAQIAIAUCSaRrsgIbAwYL CQgHAwIEFQIIAwQWAgMBAh4BAheAAAoJENETScWxZUSYS9QH+gOpYUPkon/D/eNm RLCbTaqJhSV6jRH9t+pomm6FiYgphCxDW96OpzA9BieiFEPHhVXAFcHkEBMlk/u0 wILqDNfBoZk3oCq0+/+Zc7z0zRZfgMHwB4czpqhUCrINEjLO0rb2Jff6Hh0C5S9w 8l+x9IiOG9hHNO8ftVr1sNHGDTAWNNZ+pcCt5ROhqiiqnZsvowO1TcDMKEGD9NTW BN+jLFGZRY9/MQsUkWoXBQ8K5S9AP1EPPbSTX68VTj0vINLTk2/XfsJlV9Vd9b7G NkhbAdrvujbqLHDSE3ALpx8sWKg2vPCUAxJJY6S6danpw/XPGKkpcSNfqn4k8sCV e+9MJSu5Ag0ESaRthQEQALEj8eO2WCRqhOHakHhpvGQ4tFEIDS6Z3mnBaNaMc9VM i89LNYvJOgOSnWvIu8EF6Ah+PnhOayb9E3wvH+0nfOwzp6XhDor7h8WLQNL+qzk3 cPxkxdfNDaQdyJclstUqa0nIaPOJgbIRs12N6bCxhAeOKffIkrIdDqjxshTI3S3z fq7choduX8tNHoFzIIl6T+4Q0QXMT8xu5MeBHr+vxlgqNUTWOQn6Q/B6QnrVzWDA gEq4Id45vN4j18iXGqMy8/xWQg3kRHaU563zx8u+7cjV81feMDbQiC6p6nqQHsD4 U07JIVDqjbJESLdeqju6HsNzYKohi/gxhsgouPXdFTrfgkWCklAGwqT7QE0ZnL/t SVC0xpmCLneXAxWGGo27zJKVJ1/iMUgi/i4R+u2K4eQbsBXXYwh0gSxwYReTyr+C 51ugKkvYjTy+U2Fedq3lXEVtnRV02zpO/LlpJR446jRAapVH+ZF9tGMoIHg5hATZ KEzGw9x19/wQSRumTvV0HAQ0lqWW9/0n2VuwI/Sh7YHQ2j/DhyF0blFrooGyIxd2 x5+Xu1PWlYwlUbu7ZsOw1V9cqL5yv5m+w4mL+h8ytHJHHL2Cg8/3qp/QxLT7CnfX fOHAjNxGkS/QfoxEhuSwigPi/Yd51wHcaOLyUdGceOZ79ciQtPgvCFdyrDrfDhSr ABEBAAGJAR8EGAECAAkFAkmkbYUCGwwACgkQ0RNJxbFlRJhbLAgAsCBA7KmGkTmQ mjPNA7Iig8tA5S9fYavbKydNQNxPpL47GLf9V3la4P2/LPLa3rH31Bt+ScfSqAKC 5/geB5BKwmQqRomsQpjhmrpBenPjYrUYG2dEB/BOMvOyvr3dTpWtAg5CwYYnHTNy yJn7dc7whiE94ZxqFdt58K0H5/H449/VHuCJue+uzy0ldrTK8VVpK6uGgrJc5kre 2bpdGVbALpC+yeNMyXCqgGigg9gu1iHXSSGgbQfW+AhsFpiN37fPq8zDNU2C8sp3 4Y45EYRmRCZ+0a9WSRnYALRZFdvjysKfRjP3o4Ax/d4cSi6v2pT93yfoA2TQMkLF E1MQObpE5A== =7VGF -----END PGP PUBLIC KEY BLOCK----- From jan-oliver.wagner at intevation.de Mon May 11 15:13:34 2009 From: jan-oliver.wagner at intevation.de (Jan-Oliver Wagner) Date: Mon, 11 May 2009 15:13:34 +0200 Subject: [Openvas-devel] Voting on Bug #779 with 300 Euro, now 400 In-Reply-To: <4A081791.8020100@owasp.org> References: <200904291411.43773.jan-oliver.wagner@intevation.de> <200905111402.22232.jan-oliver.wagner@intevation.de> <4A081791.8020100@owasp.org> Message-ID: <200905111513.37133.jan-oliver.wagner@intevation.de> On Montag, 11. Mai 2009, Christian Eric Edjenguele wrote: > I've a question: do you consider a newly implemented routine/function > or just a bug fix of the existing one ? whatever solves the problem ;-) Best Jan -- Dr. Jan-Oliver Wagner | ++49-541-335083-0 | http://www.intevation.de/ Intevation GmbH, Neuer Graben 17, 49074 Osnabr?ck | AG Osnabr?ck, HR B 18998 Gesch?ftsf?hrer: Frank Koormann, Bernhard Reiter, Dr. Jan-Oliver Wagner From christian.edjenguele at owasp.org Mon May 11 15:19:08 2009 From: christian.edjenguele at owasp.org (Christian Eric Edjenguele) Date: Mon, 11 May 2009 15:19:08 +0200 Subject: [Openvas-devel] Voting on Bug #779 with 300 Euro, now 400 In-Reply-To: <200905111513.37133.jan-oliver.wagner@intevation.de> References: <200904291411.43773.jan-oliver.wagner@intevation.de> <200905111402.22232.jan-oliver.wagner@intevation.de> <4A081791.8020100@owasp.org> <200905111513.37133.jan-oliver.wagner@intevation.de> Message-ID: <4A0825CC.5060304@owasp.org> Jan-Oliver Wagner wrote: > On Montag, 11. Mai 2009, Christian Eric Edjenguele wrote: >> I've a question: do you consider a newly implemented routine/function >> or just a bug fix of the existing one ? > > whatever solves the problem ;-) > > Best > > Jan > all right, I'm going to deal with. -- Christian Eric Edjenguele IT Security Software Engineer / IT Enterprise Software Architect Mobile (IT): +39 3408580513 PGP KeyID: 0xB1654498 Key Server: http://pgp.mit.edu -----BEGIN PGP PUBLIC KEY BLOCK----- Version: GnuPG v1.4.9 (GNU/Linux) mQENBEmka7IBCAC5e8/9BlCZR/3XHMO4DWHYoewaODmQypHqPaCfKR+BLTAy8xLZ eVJ0wwNwaLheZeLPfBqu3r/lp58xJhgYHm9gzihfqPbmJh4Dibc/d2XL9UQ1eshs K0JkTlvZtdK5Zo5VmeOZCWlKEMXzlg6HjuYUV4qokqD3qIj6/rhubjtrjlw/XA8P 6pGOFhsDZFXbn+lj80XhRdkObMnmWU6wdgJvEPx1vxvhV9D1sJgZz6FVoXAfTOb3 EjYpluEKdDod46hhF45UJ4Avc8q4DaXxmci5Kdx9rzF2tbvB3Ua6O7l5RaMGNZR2 QtVY65xVxRfAYF+yE3n+YkFQxWGlqVIajry/ABEBAAG0WkNocmlzdGlhbiBFcmlj IEVESkVOR1VFTEUgKElUIFNlY3VyaXR5IFNvZnR3YXJlIEVuZ2luZWVyKSA8Y2hy aXN0aWFuLmVkamVuZ3VlbGVAb3dhc3Aub3JnPokBNgQTAQIAIAUCSaRrsgIbAwYL CQgHAwIEFQIIAwQWAgMBAh4BAheAAAoJENETScWxZUSYS9QH+gOpYUPkon/D/eNm RLCbTaqJhSV6jRH9t+pomm6FiYgphCxDW96OpzA9BieiFEPHhVXAFcHkEBMlk/u0 wILqDNfBoZk3oCq0+/+Zc7z0zRZfgMHwB4czpqhUCrINEjLO0rb2Jff6Hh0C5S9w 8l+x9IiOG9hHNO8ftVr1sNHGDTAWNNZ+pcCt5ROhqiiqnZsvowO1TcDMKEGD9NTW BN+jLFGZRY9/MQsUkWoXBQ8K5S9AP1EPPbSTX68VTj0vINLTk2/XfsJlV9Vd9b7G NkhbAdrvujbqLHDSE3ALpx8sWKg2vPCUAxJJY6S6danpw/XPGKkpcSNfqn4k8sCV e+9MJSu5Ag0ESaRthQEQALEj8eO2WCRqhOHakHhpvGQ4tFEIDS6Z3mnBaNaMc9VM i89LNYvJOgOSnWvIu8EF6Ah+PnhOayb9E3wvH+0nfOwzp6XhDor7h8WLQNL+qzk3 cPxkxdfNDaQdyJclstUqa0nIaPOJgbIRs12N6bCxhAeOKffIkrIdDqjxshTI3S3z fq7choduX8tNHoFzIIl6T+4Q0QXMT8xu5MeBHr+vxlgqNUTWOQn6Q/B6QnrVzWDA gEq4Id45vN4j18iXGqMy8/xWQg3kRHaU563zx8u+7cjV81feMDbQiC6p6nqQHsD4 U07JIVDqjbJESLdeqju6HsNzYKohi/gxhsgouPXdFTrfgkWCklAGwqT7QE0ZnL/t SVC0xpmCLneXAxWGGo27zJKVJ1/iMUgi/i4R+u2K4eQbsBXXYwh0gSxwYReTyr+C 51ugKkvYjTy+U2Fedq3lXEVtnRV02zpO/LlpJR446jRAapVH+ZF9tGMoIHg5hATZ KEzGw9x19/wQSRumTvV0HAQ0lqWW9/0n2VuwI/Sh7YHQ2j/DhyF0blFrooGyIxd2 x5+Xu1PWlYwlUbu7ZsOw1V9cqL5yv5m+w4mL+h8ytHJHHL2Cg8/3qp/QxLT7CnfX fOHAjNxGkS/QfoxEhuSwigPi/Yd51wHcaOLyUdGceOZ79ciQtPgvCFdyrDrfDhSr ABEBAAGJAR8EGAECAAkFAkmkbYUCGwwACgkQ0RNJxbFlRJhbLAgAsCBA7KmGkTmQ mjPNA7Iig8tA5S9fYavbKydNQNxPpL47GLf9V3la4P2/LPLa3rH31Bt+ScfSqAKC 5/geB5BKwmQqRomsQpjhmrpBenPjYrUYG2dEB/BOMvOyvr3dTpWtAg5CwYYnHTNy yJn7dc7whiE94ZxqFdt58K0H5/H449/VHuCJue+uzy0ldrTK8VVpK6uGgrJc5kre 2bpdGVbALpC+yeNMyXCqgGigg9gu1iHXSSGgbQfW+AhsFpiN37fPq8zDNU2C8sp3 4Y45EYRmRCZ+0a9WSRnYALRZFdvjysKfRjP3o4Ax/d4cSi6v2pT93yfoA2TQMkLF E1MQObpE5A== =7VGF -----END PGP PUBLIC KEY BLOCK----- From michael.wiegand at intevation.de Tue May 12 16:02:27 2009 From: michael.wiegand at intevation.de (Michael Wiegand) Date: Tue, 12 May 2009 16:02:27 +0200 Subject: [Openvas-devel] [Openvas-commits] r3330 - in trunk/openvas-plugins: . scripts In-Reply-To: <20090511182433.ACF271120D9@pyrosoma.intevation.org> References: <20090511182433.ACF271120D9@pyrosoma.intevation.org> Message-ID: <20090512140227.GI17397@intevation.de> * scm-commit at wald.intevation.org [11. May 2009]: > Author: reinke > Date: 2009-05-11 20:24:31 +0200 (Mon, 11 May 2009) > New Revision: 3330 > > Added: > trunk/openvas-plugins/scripts/deb_1790_1.nasl The following errors were reported during the openvasd launch: openvas-libraries/libopenvas/store.c: ../deb_1790_1.nasl has a too long description (3492) deb_1790_1.nasl failed to load Please do make sure the script loads correctly before committing it to the SVN repository. Thank you! Regards, Michael -- Michael Wiegand | OpenPGP: D7D049EC | Intevation GmbH - www.intevation.de Neuer Graben 17, 49074 Osnabr?ck, Germany | AG Osnabr?ck, HR B 18998 Gesch?ftsf?hrer: Frank Koormann, Bernhard Reiter, Dr. Jan-Oliver Wagner -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 198 bytes Desc: not available Url : http://lists.wald.intevation.org/pipermail/openvas-devel/attachments/20090512/99d78b9c/attachment.pgp From christian.edjenguele at owasp.org Tue May 12 19:28:12 2009 From: christian.edjenguele at owasp.org (Christian Eric Edjenguele) Date: Tue, 12 May 2009 19:28:12 +0200 Subject: [Openvas-devel] [Openvas-commits] r3330 - in trunk/openvas-plugins: . scripts In-Reply-To: <20090512140227.GI17397@intevation.de> References: <20090511182433.ACF271120D9@pyrosoma.intevation.org> <20090512140227.GI17397@intevation.de> Message-ID: <4A09B1AC.5020608@owasp.org> Michael Wiegand wrote: > * scm-commit at wald.intevation.org [11. May 2009]: >> Author: reinke >> Date: 2009-05-11 20:24:31 +0200 (Mon, 11 May 2009) >> New Revision: 3330 >> >> Added: >> trunk/openvas-plugins/scripts/deb_1790_1.nasl > > The following errors were reported during the openvasd launch: > openvas-libraries/libopenvas/store.c: ../deb_1790_1.nasl has a too long description (3492) > deb_1790_1.nasl failed to load Hi Michael, is it possibile to make this validation (of the description) form client-side maybe by the openvas-nasl interpreter ? The -D option doesn't seems to do such validation. > > Please do make sure the script loads correctly before committing it to > the SVN repository. Thank you! > > Regards, > > Michael > > > > ------------------------------------------------------------------------ > > _______________________________________________ > Openvas-devel mailing list > Openvas-devel at wald.intevation.org > http://lists.wald.intevation.org/mailman/listinfo/openvas-devel -- Christian Eric Edjenguele IT Security Software Engineer / IT Enterprise Software Architect Mobile (IT): +39 3408580513 PGP KeyID: 0xB1654498 Key Server: http://pgp.mit.edu -----BEGIN PGP PUBLIC KEY BLOCK----- Version: GnuPG v1.4.9 (GNU/Linux) mQENBEmka7IBCAC5e8/9BlCZR/3XHMO4DWHYoewaODmQypHqPaCfKR+BLTAy8xLZ eVJ0wwNwaLheZeLPfBqu3r/lp58xJhgYHm9gzihfqPbmJh4Dibc/d2XL9UQ1eshs K0JkTlvZtdK5Zo5VmeOZCWlKEMXzlg6HjuYUV4qokqD3qIj6/rhubjtrjlw/XA8P 6pGOFhsDZFXbn+lj80XhRdkObMnmWU6wdgJvEPx1vxvhV9D1sJgZz6FVoXAfTOb3 EjYpluEKdDod46hhF45UJ4Avc8q4DaXxmci5Kdx9rzF2tbvB3Ua6O7l5RaMGNZR2 QtVY65xVxRfAYF+yE3n+YkFQxWGlqVIajry/ABEBAAG0WkNocmlzdGlhbiBFcmlj IEVESkVOR1VFTEUgKElUIFNlY3VyaXR5IFNvZnR3YXJlIEVuZ2luZWVyKSA8Y2hy aXN0aWFuLmVkamVuZ3VlbGVAb3dhc3Aub3JnPokBNgQTAQIAIAUCSaRrsgIbAwYL CQgHAwIEFQIIAwQWAgMBAh4BAheAAAoJENETScWxZUSYS9QH+gOpYUPkon/D/eNm RLCbTaqJhSV6jRH9t+pomm6FiYgphCxDW96OpzA9BieiFEPHhVXAFcHkEBMlk/u0 wILqDNfBoZk3oCq0+/+Zc7z0zRZfgMHwB4czpqhUCrINEjLO0rb2Jff6Hh0C5S9w 8l+x9IiOG9hHNO8ftVr1sNHGDTAWNNZ+pcCt5ROhqiiqnZsvowO1TcDMKEGD9NTW BN+jLFGZRY9/MQsUkWoXBQ8K5S9AP1EPPbSTX68VTj0vINLTk2/XfsJlV9Vd9b7G NkhbAdrvujbqLHDSE3ALpx8sWKg2vPCUAxJJY6S6danpw/XPGKkpcSNfqn4k8sCV e+9MJSu5Ag0ESaRthQEQALEj8eO2WCRqhOHakHhpvGQ4tFEIDS6Z3mnBaNaMc9VM i89LNYvJOgOSnWvIu8EF6Ah+PnhOayb9E3wvH+0nfOwzp6XhDor7h8WLQNL+qzk3 cPxkxdfNDaQdyJclstUqa0nIaPOJgbIRs12N6bCxhAeOKffIkrIdDqjxshTI3S3z fq7choduX8tNHoFzIIl6T+4Q0QXMT8xu5MeBHr+vxlgqNUTWOQn6Q/B6QnrVzWDA gEq4Id45vN4j18iXGqMy8/xWQg3kRHaU563zx8u+7cjV81feMDbQiC6p6nqQHsD4 U07JIVDqjbJESLdeqju6HsNzYKohi/gxhsgouPXdFTrfgkWCklAGwqT7QE0ZnL/t SVC0xpmCLneXAxWGGo27zJKVJ1/iMUgi/i4R+u2K4eQbsBXXYwh0gSxwYReTyr+C 51ugKkvYjTy+U2Fedq3lXEVtnRV02zpO/LlpJR446jRAapVH+ZF9tGMoIHg5hATZ KEzGw9x19/wQSRumTvV0HAQ0lqWW9/0n2VuwI/Sh7YHQ2j/DhyF0blFrooGyIxd2 x5+Xu1PWlYwlUbu7ZsOw1V9cqL5yv5m+w4mL+h8ytHJHHL2Cg8/3qp/QxLT7CnfX fOHAjNxGkS/QfoxEhuSwigPi/Yd51wHcaOLyUdGceOZ79ciQtPgvCFdyrDrfDhSr ABEBAAGJAR8EGAECAAkFAkmkbYUCGwwACgkQ0RNJxbFlRJhbLAgAsCBA7KmGkTmQ mjPNA7Iig8tA5S9fYavbKydNQNxPpL47GLf9V3la4P2/LPLa3rH31Bt+ScfSqAKC 5/geB5BKwmQqRomsQpjhmrpBenPjYrUYG2dEB/BOMvOyvr3dTpWtAg5CwYYnHTNy yJn7dc7whiE94ZxqFdt58K0H5/H449/VHuCJue+uzy0ldrTK8VVpK6uGgrJc5kre 2bpdGVbALpC+yeNMyXCqgGigg9gu1iHXSSGgbQfW+AhsFpiN37fPq8zDNU2C8sp3 4Y45EYRmRCZ+0a9WSRnYALRZFdvjysKfRjP3o4Ax/d4cSi6v2pT93yfoA2TQMkLF E1MQObpE5A== =7VGF -----END PGP PUBLIC KEY BLOCK----- From christian.edjenguele at owasp.org Tue May 12 21:36:52 2009 From: christian.edjenguele at owasp.org (Christian Eric Edjenguele) Date: Tue, 12 May 2009 21:36:52 +0200 Subject: [Openvas-devel] [Openvas-commits] r3330 - in trunk/openvas-plugins: . scripts In-Reply-To: <4A09C386.20505@securityspace.com> References: <20090511182433.ACF271120D9@pyrosoma.intevation.org> <20090512140227.GI17397@intevation.de> <4A09B1AC.5020608@owasp.org> <4A09C386.20505@securityspace.com> Message-ID: <4A09CFD4.5050505@owasp.org> I wasn't talk about the testing, but about PARSING the script. I think it make sense to add the description feature to the interpreter. Thomas Reinke wrote: > Notwithstanding the fact that we missed this error in our logs > as part of quality testing, we do not use the command line > interpreter for testing, nor do we recommend anyone else use > it for TESTING. For quick prototyping, fine. But not for > final development and testing. Scripts are run from the > daemon in a production environment, and they ought to be tested > from the daemon as well. > > Testing from the command line interpreter just doesn't make > sense: > > 1) The command line interpreter does not have a KB (afaik) > 2) The command line interpreter does not run scripts in > the proper environment. > 3) Later on, it will not reference includes in necessarily > the same way the interpreter will. > > Please, PLEASE test scripts from the daemon. It's the only > way you will really know if your script does what it is supposed > to do. > > Thomas > > Christian Eric Edjenguele wrote: >> Michael Wiegand wrote: >>> * scm-commit at wald.intevation.org [11. May 2009]: >>>> Author: reinke >>>> Date: 2009-05-11 20:24:31 +0200 (Mon, 11 May 2009) >>>> New Revision: 3330 >>>> >>>> Added: >>>> trunk/openvas-plugins/scripts/deb_1790_1.nasl >>> >>> The following errors were reported during the openvasd launch: >>> openvas-libraries/libopenvas/store.c: ../deb_1790_1.nasl has a too >>> long description (3492) >>> deb_1790_1.nasl failed to load >> >> Hi Michael, is it possibile to make this validation (of the >> description) form client-side maybe by the openvas-nasl interpreter ? >> The -D option doesn't seems to do such validation. >> >>> >>> Please do make sure the script loads correctly before committing it to >>> the SVN repository. Thank you! >>> >>> Regards, >>> >>> Michael >>> >>> >>> >>> ------------------------------------------------------------------------ >>> >>> _______________________________________________ >>> Openvas-devel mailing list >>> Openvas-devel at wald.intevation.org >>> http://lists.wald.intevation.org/mailman/listinfo/openvas-devel >> >> > -- Christian Eric Edjenguele IT Security Software Engineer / IT Enterprise Software Architect Mobile (IT): +39 3408580513 PGP KeyID: 0xB1654498 Key Server: http://pgp.mit.edu -----BEGIN PGP PUBLIC KEY BLOCK----- Version: GnuPG v1.4.9 (GNU/Linux) mQENBEmka7IBCAC5e8/9BlCZR/3XHMO4DWHYoewaODmQypHqPaCfKR+BLTAy8xLZ eVJ0wwNwaLheZeLPfBqu3r/lp58xJhgYHm9gzihfqPbmJh4Dibc/d2XL9UQ1eshs K0JkTlvZtdK5Zo5VmeOZCWlKEMXzlg6HjuYUV4qokqD3qIj6/rhubjtrjlw/XA8P 6pGOFhsDZFXbn+lj80XhRdkObMnmWU6wdgJvEPx1vxvhV9D1sJgZz6FVoXAfTOb3 EjYpluEKdDod46hhF45UJ4Avc8q4DaXxmci5Kdx9rzF2tbvB3Ua6O7l5RaMGNZR2 QtVY65xVxRfAYF+yE3n+YkFQxWGlqVIajry/ABEBAAG0WkNocmlzdGlhbiBFcmlj IEVESkVOR1VFTEUgKElUIFNlY3VyaXR5IFNvZnR3YXJlIEVuZ2luZWVyKSA8Y2hy aXN0aWFuLmVkamVuZ3VlbGVAb3dhc3Aub3JnPokBNgQTAQIAIAUCSaRrsgIbAwYL CQgHAwIEFQIIAwQWAgMBAh4BAheAAAoJENETScWxZUSYS9QH+gOpYUPkon/D/eNm RLCbTaqJhSV6jRH9t+pomm6FiYgphCxDW96OpzA9BieiFEPHhVXAFcHkEBMlk/u0 wILqDNfBoZk3oCq0+/+Zc7z0zRZfgMHwB4czpqhUCrINEjLO0rb2Jff6Hh0C5S9w 8l+x9IiOG9hHNO8ftVr1sNHGDTAWNNZ+pcCt5ROhqiiqnZsvowO1TcDMKEGD9NTW BN+jLFGZRY9/MQsUkWoXBQ8K5S9AP1EPPbSTX68VTj0vINLTk2/XfsJlV9Vd9b7G NkhbAdrvujbqLHDSE3ALpx8sWKg2vPCUAxJJY6S6danpw/XPGKkpcSNfqn4k8sCV e+9MJSu5Ag0ESaRthQEQALEj8eO2WCRqhOHakHhpvGQ4tFEIDS6Z3mnBaNaMc9VM i89LNYvJOgOSnWvIu8EF6Ah+PnhOayb9E3wvH+0nfOwzp6XhDor7h8WLQNL+qzk3 cPxkxdfNDaQdyJclstUqa0nIaPOJgbIRs12N6bCxhAeOKffIkrIdDqjxshTI3S3z fq7choduX8tNHoFzIIl6T+4Q0QXMT8xu5MeBHr+vxlgqNUTWOQn6Q/B6QnrVzWDA gEq4Id45vN4j18iXGqMy8/xWQg3kRHaU563zx8u+7cjV81feMDbQiC6p6nqQHsD4 U07JIVDqjbJESLdeqju6HsNzYKohi/gxhsgouPXdFTrfgkWCklAGwqT7QE0ZnL/t SVC0xpmCLneXAxWGGo27zJKVJ1/iMUgi/i4R+u2K4eQbsBXXYwh0gSxwYReTyr+C 51ugKkvYjTy+U2Fedq3lXEVtnRV02zpO/LlpJR446jRAapVH+ZF9tGMoIHg5hATZ KEzGw9x19/wQSRumTvV0HAQ0lqWW9/0n2VuwI/Sh7YHQ2j/DhyF0blFrooGyIxd2 x5+Xu1PWlYwlUbu7ZsOw1V9cqL5yv5m+w4mL+h8ytHJHHL2Cg8/3qp/QxLT7CnfX fOHAjNxGkS/QfoxEhuSwigPi/Yd51wHcaOLyUdGceOZ79ciQtPgvCFdyrDrfDhSr ABEBAAGJAR8EGAECAAkFAkmkbYUCGwwACgkQ0RNJxbFlRJhbLAgAsCBA7KmGkTmQ mjPNA7Iig8tA5S9fYavbKydNQNxPpL47GLf9V3la4P2/LPLa3rH31Bt+ScfSqAKC 5/geB5BKwmQqRomsQpjhmrpBenPjYrUYG2dEB/BOMvOyvr3dTpWtAg5CwYYnHTNy yJn7dc7whiE94ZxqFdt58K0H5/H449/VHuCJue+uzy0ldrTK8VVpK6uGgrJc5kre 2bpdGVbALpC+yeNMyXCqgGigg9gu1iHXSSGgbQfW+AhsFpiN37fPq8zDNU2C8sp3 4Y45EYRmRCZ+0a9WSRnYALRZFdvjysKfRjP3o4Ax/d4cSi6v2pT93yfoA2TQMkLF E1MQObpE5A== =7VGF -----END PGP PUBLIC KEY BLOCK----- From reinke at securityspace.com Tue May 12 20:44:22 2009 From: reinke at securityspace.com (Thomas Reinke) Date: Tue, 12 May 2009 14:44:22 -0400 Subject: [Openvas-devel] [Openvas-commits] r3330 - in trunk/openvas-plugins: . scripts In-Reply-To: <4A09B1AC.5020608@owasp.org> References: <20090511182433.ACF271120D9@pyrosoma.intevation.org> <20090512140227.GI17397@intevation.de> <4A09B1AC.5020608@owasp.org> Message-ID: <4A09C386.20505@securityspace.com> Notwithstanding the fact that we missed this error in our logs as part of quality testing, we do not use the command line interpreter for testing, nor do we recommend anyone else use it for TESTING. For quick prototyping, fine. But not for final development and testing. Scripts are run from the daemon in a production environment, and they ought to be tested from the daemon as well. Testing from the command line interpreter just doesn't make sense: 1) The command line interpreter does not have a KB (afaik) 2) The command line interpreter does not run scripts in the proper environment. 3) Later on, it will not reference includes in necessarily the same way the interpreter will. Please, PLEASE test scripts from the daemon. It's the only way you will really know if your script does what it is supposed to do. Thomas Christian Eric Edjenguele wrote: > Michael Wiegand wrote: >> * scm-commit at wald.intevation.org [11. May 2009]: >>> Author: reinke >>> Date: 2009-05-11 20:24:31 +0200 (Mon, 11 May 2009) >>> New Revision: 3330 >>> >>> Added: >>> trunk/openvas-plugins/scripts/deb_1790_1.nasl >> >> The following errors were reported during the openvasd launch: >> openvas-libraries/libopenvas/store.c: ../deb_1790_1.nasl has a too >> long description (3492) >> deb_1790_1.nasl failed to load > > Hi Michael, is it possibile to make this validation (of the description) > form client-side maybe by the openvas-nasl interpreter ? The -D option > doesn't seems to do such validation. > >> >> Please do make sure the script loads correctly before committing it to >> the SVN repository. Thank you! >> >> Regards, >> >> Michael >> >> >> >> ------------------------------------------------------------------------ >> >> _______________________________________________ >> Openvas-devel mailing list >> Openvas-devel at wald.intevation.org >> http://lists.wald.intevation.org/mailman/listinfo/openvas-devel > > From jan-oliver.wagner at intevation.de Wed May 13 08:01:36 2009 From: jan-oliver.wagner at intevation.de (Jan-Oliver Wagner) Date: Wed, 13 May 2009 08:01:36 +0200 Subject: [Openvas-devel] [Openvas-commits] r3330 - in trunk/openvas-plugins: . scripts In-Reply-To: <4A09B1AC.5020608@owasp.org> References: <20090511182433.ACF271120D9@pyrosoma.intevation.org> <20090512140227.GI17397@intevation.de> <4A09B1AC.5020608@owasp.org> Message-ID: <200905130801.36647.jan-oliver.wagner@intevation.de> On Tuesday 12 May 2009 19:28:12 Christian Eric Edjenguele wrote: > Hi Michael, is it possibile to make this validation (of the description) > form client-side maybe by the openvas-nasl interpreter ? The -D option > doesn't seems to do such validation. BTW: in mid-term I like to remove the limitation. I am working already on a patch to do so. -- Dr. Jan-Oliver Wagner | ++49-541-335 08 30 | http://www.intevation.de/ Intevation GmbH, Neuer Graben 17, 49074 Osnabr?ck | AG Osnabr?ck, HR B 18998 Gesch?ftsf?hrer: Frank Koormann, Bernhard Reiter, Dr. Jan-Oliver Wagner From michael.wiegand at intevation.de Wed May 13 09:41:10 2009 From: michael.wiegand at intevation.de (Michael Wiegand) Date: Wed, 13 May 2009 09:41:10 +0200 Subject: [Openvas-devel] Discontinuing openvas-plugins tarball? In-Reply-To: <20090423081146.GB11585@intevation.de> References: <20090423081146.GB11585@intevation.de> Message-ID: <20090513074110.GF20025@intevation.de> Hello, first of all, a big thank you to everyone who has taken part in this discussion. Thanks a lot for your great ideas! I have tried to condense the discussion into a Change Request. Please take a look at the CR at http://www.openvas.org/openvas-cr-32.html and let me know if I missed or misunderstood anything. If there a no more issues with the CR, I'd like to start voting on this CR. Please reply to this mail on the list and indicate if you are in favor of this Change Request (+1), don't care (+/-0) or are against it (-1). Thank you! Feel free to contact me if you have any questions or suggestions. Regards, Michael -- Michael Wiegand | OpenPGP: D7D049EC | Intevation GmbH - www.intevation.de Neuer Graben 17, 49074 Osnabr?ck, Germany | AG Osnabr?ck, HR B 18998 Gesch?ftsf?hrer: Frank Koormann, Bernhard Reiter, Dr. Jan-Oliver Wagner -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 198 bytes Desc: not available Url : http://lists.wald.intevation.org/pipermail/openvas-devel/attachments/20090513/d1aaf567/attachment.pgp From felix.wolfsteller at intevation.de Wed May 13 09:45:05 2009 From: felix.wolfsteller at intevation.de (Felix Wolfsteller) Date: Wed, 13 May 2009 09:45:05 +0200 Subject: [Openvas-devel] Discontinuing openvas-plugins tarball? In-Reply-To: <20090513074110.GF20025@intevation.de> References: <20090423081146.GB11585@intevation.de> <20090513074110.GF20025@intevation.de> Message-ID: <200905130945.05988.felix.wolfsteller@intevation.de> +1 On Wednesday 13 May 2009 09:41:10 Michael Wiegand wrote: > Hello, > > first of all, a big thank you to everyone who has taken part in this > discussion. Thanks a lot for your great ideas! > > I have tried to condense the discussion into a Change Request. Please > take a look at the CR at http://www.openvas.org/openvas-cr-32.html and > let me know if I missed or misunderstood anything. > > If there a no more issues with the CR, I'd like to start voting on this > CR. Please reply to this mail on the list and indicate if you are in > favor of this Change Request (+1), don't care (+/-0) or are against it > (-1). Thank you! > > Feel free to contact me if you have any questions or suggestions. > > Regards, > > Michael -- Felix Wolfsteller | ++49-541-335 08 3451 | http://www.intevation.de/ PGP Key: 39DE0100 Intevation GmbH, Neuer Graben 17, 49074 Osnabr?ck | AG Osnabr?ck, HR B 18998 Gesch?ftsf?hrer: Frank Koormann, Bernhard Reiter, Dr. Jan-Oliver Wagner From felix.wolfsteller at intevation.de Wed May 13 09:50:30 2009 From: felix.wolfsteller at intevation.de (Felix Wolfsteller) Date: Wed, 13 May 2009 09:50:30 +0200 Subject: [Openvas-devel] DevCon2: Schedule updated Message-ID: <200905130950.31063.felix.wolfsteller@intevation.de> We have updated the schedule for the second OpenVAS Developer Conference! If you feel that an important topic is missing, raise your voice. Find the updated schedule at http://openvas.org/openvas-devcon2.html . See you there -- felix -- Felix Wolfsteller | ++49-541-335 08 3451 | http://www.intevation.de/ PGP Key: 39DE0100 Intevation GmbH, Neuer Graben 17, 49074 Osnabr?ck | AG Osnabr?ck, HR B 18998 Gesch?ftsf?hrer: Frank Koormann, Bernhard Reiter, Dr. Jan-Oliver Wagner From jan-oliver.wagner at intevation.de Wed May 13 10:13:52 2009 From: jan-oliver.wagner at intevation.de (Jan-Oliver Wagner) Date: Wed, 13 May 2009 10:13:52 +0200 Subject: [Openvas-devel] Discontinuing openvas-plugins tarball? In-Reply-To: <20090513074110.GF20025@intevation.de> References: <20090423081146.GB11585@intevation.de> <20090513074110.GF20025@intevation.de> Message-ID: <200905131013.52692.jan-oliver.wagner@intevation.de> +1 -- Dr. Jan-Oliver Wagner | ++49-541-335 08 30 | http://www.intevation.de/ Intevation GmbH, Neuer Graben 17, 49074 Osnabr?ck | AG Osnabr?ck, HR B 18998 Gesch?ftsf?hrer: Frank Koormann, Bernhard Reiter, Dr. Jan-Oliver Wagner From geoff at galitz.org Wed May 13 10:16:07 2009 From: geoff at galitz.org (Geoff Galitz) Date: Wed, 13 May 2009 10:16:07 +0200 Subject: [Openvas-devel] secure feed services Message-ID: <18323E08D956465B919E65A576D5F5BD@geoffPC> Has any thought been given to (or code developed for) using either: - rsync over ssh for feed services? - svn export functions over ssh for feed services? - other encryption technologies for feed services? My main concern is that if unencrypted services such as plain old HTTP/FTP/rsync are used for feeds, then sniffers placed in strategic points in the Internet or even compromised boxes in a local DMZ would be able to identify an OpenVAS deployment. In principle it seems this kind of information should be kept secure (knowledge of deployed services within a network). Also, as a practical matter, for the unfortunate day when a security vulnerability hits an OpenVAS component (or third party component) we don't want the bad guys to know. -geoff --------------------------------- Geoff Galitz Blankenheim NRW, Germany http://www.galitz.org/ http://german-way.com/blog/ -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.wald.intevation.org/pipermail/openvas-devel/attachments/20090513/5b7d6516/attachment.htm From bchandra at secpod.com Wed May 13 10:39:38 2009 From: bchandra at secpod.com (Chandrashekhar B) Date: Wed, 13 May 2009 14:09:38 +0530 Subject: [Openvas-devel] [Openvas-plugins] Discontinuing openvas-pluginstarball? In-Reply-To: <20090513074110.GF20025@intevation.de> References: <20090423081146.GB11585@intevation.de> <20090513074110.GF20025@intevation.de> Message-ID: +1 Chandra. -----Original Message----- From: openvas-plugins-bounces at wald.intevation.org [mailto:openvas-plugins-bounces at wald.intevation.org] On Behalf Of Michael Wiegand Sent: Wednesday, May 13, 2009 1:11 PM To: openvas-devel at wald.intevation.org; OpenVAS Discussion List; OpenVAS Plugins List Subject: Re: [Openvas-plugins] [Openvas-devel] Discontinuing openvas-pluginstarball? Hello, first of all, a big thank you to everyone who has taken part in this discussion. Thanks a lot for your great ideas! I have tried to condense the discussion into a Change Request. Please take a look at the CR at http://www.openvas.org/openvas-cr-32.html and let me know if I missed or misunderstood anything. If there a no more issues with the CR, I'd like to start voting on this CR. Please reply to this mail on the list and indicate if you are in favor of this Change Request (+1), don't care (+/-0) or are against it (-1). Thank you! Feel free to contact me if you have any questions or suggestions. Regards, Michael -- Michael Wiegand | OpenPGP: D7D049EC | Intevation GmbH - www.intevation.de Neuer Graben 17, 49074 Osnabr?ck, Germany | AG Osnabr?ck, HR B 18998 Gesch?ftsf?hrer: Frank Koormann, Bernhard Reiter, Dr. Jan-Oliver Wagner From waja at cyconet.org Wed May 13 10:40:25 2009 From: waja at cyconet.org (Jan Wagner) Date: Wed, 13 May 2009 10:40:25 +0200 Subject: [Openvas-devel] [Openvas-plugins] Discontinuing openvas-plugins tarball? In-Reply-To: <20090513074110.GF20025@intevation.de> References: <20090423081146.GB11585@intevation.de> <20090513074110.GF20025@intevation.de> Message-ID: <200905131040.30385.waja@cyconet.org> openvas-cr-32++^H+1 On Wednesday 13 May 2009, Michael Wiegand wrote: > I have tried to condense the discussion into a Change Request. Please > take a look at the CR at http://www.openvas.org/openvas-cr-32.html and > let me know if I missed or misunderstood anything. With kind regards, Jan. -- Never write mail to , you have been warned! -----BEGIN GEEK CODE BLOCK----- Version: 3.1 GIT d-- s+: a- C+++ UL++++ P+ L+++ E- W+++ N+++ o++ K++ w--- O M V- PS PE Y++ PGP++ t-- 5 X R tv- b+ DI- D++ G++ e++ h-- r+++ y+++ ------END GEEK CODE BLOCK------ -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 189 bytes Desc: This is a digitally signed message part. Url : http://lists.wald.intevation.org/pipermail/openvas-devel/attachments/20090513/7fc09c33/attachment.pgp From mime at gmx.de Wed May 13 11:01:42 2009 From: mime at gmx.de (Michael Meyer) Date: Wed, 13 May 2009 11:01:42 +0200 Subject: [Openvas-devel] Discontinuing openvas-plugins tarball? In-Reply-To: <20090513074110.GF20025@intevation.de> References: <20090423081146.GB11585@intevation.de> <20090513074110.GF20025@intevation.de> Message-ID: <20090513090142.GA2946@m2.homelinux.org> *** Michael Wiegand wrote: > If there a no more issues with the CR, I'd like to start voting on this > CR. Please reply to this mail on the list and indicate if you are in > favor of this Change Request (+1), don't care (+/-0) or are against it > (-1). Thank you! +1 Micha From michael.wiegand at intevation.de Wed May 13 11:36:35 2009 From: michael.wiegand at intevation.de (Michael Wiegand) Date: Wed, 13 May 2009 11:36:35 +0200 Subject: [Openvas-devel] secure feed services In-Reply-To: <18323E08D956465B919E65A576D5F5BD@geoffPC> References: <18323E08D956465B919E65A576D5F5BD@geoffPC> Message-ID: <20090513093635.GG20025@intevation.de> * Geoff Galitz [13. May 2009]: > Has any thought been given to (or code developed for) using either: > - rsync over ssh for feed services? > - svn export functions over ssh for feed services? > - other encryption technologies for feed services? > > My main concern is that if unencrypted services such as plain old > HTTP/FTP/rsync are used for feeds, then sniffers placed in strategic points > in the Internet or even compromised boxes in a local DMZ would be able to > identify an OpenVAS deployment. An interesting idea, and a good time to suggest it. As you may have noticed, I just put Change Request #32 online, which will very likely result in changes to the synchronization script to offer additional synchronization methods. We could implement encrypted synchronization if it is wanted and needed. > In principle it seems this kind of information should be kept secure > (knowledge of deployed services within a network). Also, as a practical > matter, for the unfortunate day when a security vulnerability hits an > OpenVAS component (or third party component) we don't want the bad guys to > know. True. But on the other hand, if I had placed sniffers in strategic points, I would simply look for connections to the few well known feed services. Any file transfer, encrypted or not, from something like rsync.openvas.org would probably be enough to raise my interest. I think your idea is worthwhile, I just don't see a real benefit in the situation you describe. Or am I missing something? Regards, Michael -- Michael Wiegand | OpenPGP: D7D049EC | Intevation GmbH - www.intevation.de Neuer Graben 17, 49074 Osnabr?ck, Germany | AG Osnabr?ck, HR B 18998 Gesch?ftsf?hrer: Frank Koormann, Bernhard Reiter, Dr. Jan-Oliver Wagner -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 198 bytes Desc: not available Url : http://lists.wald.intevation.org/pipermail/openvas-devel/attachments/20090513/a0e20257/attachment.pgp From geoff at galitz.org Wed May 13 10:01:46 2009 From: geoff at galitz.org (Geoff Galitz) Date: Wed, 13 May 2009 10:01:46 +0200 Subject: [Openvas-devel] [Openvas-discuss] Discontinuing openvas-pluginstarball? In-Reply-To: <20090513074110.GF20025@intevation.de> References: <20090423081146.GB11585@intevation.de> <20090513074110.GF20025@intevation.de> Message-ID: <20B16ECBB2C348BEAACC23CB8296A63E@geoffPC> +1 --------------------------------- Geoff Galitz Blankenheim NRW, Germany http://www.galitz.org/ http://german-way.com/blog/ From d.jagdmann at dn-systems.de Wed May 13 19:07:41 2009 From: d.jagdmann at dn-systems.de (Dirk Jagdmann) Date: Wed, 13 May 2009 10:07:41 -0700 Subject: [Openvas-devel] [Openvas-discuss] Discontinuing openvas-plugins tarball? In-Reply-To: <20090513074110.GF20025@intevation.de> References: <20090423081146.GB11585@intevation.de> <20090513074110.GF20025@intevation.de> Message-ID: <4A0AFE5D.1050306@dn-systems.de> +1 -- Dirk Jagdmann : Coder Tel. +49-5121-28989-15 -- DN-Systems Enterprise Internet Solutions GmbH Hornemannstr. 11 31137 Hildesheim, Germany Tel. +49-5121-28989-0 Fax. +49-5121-28989-11 Handelsregister HRB-3213 Amtsgericht Hildesheim Gesch?ftsf?hrer: Lukas Grunwald From christian.edjenguele at owasp.org Wed May 13 19:08:10 2009 From: christian.edjenguele at owasp.org (Christian Eric Edjenguele) Date: Wed, 13 May 2009 19:08:10 +0200 Subject: [Openvas-devel] [Openvas-discuss] Discontinuing openvas-pluginstarball? In-Reply-To: <20B16ECBB2C348BEAACC23CB8296A63E@geoffPC> References: <20090423081146.GB11585@intevation.de> <20090513074110.GF20025@intevation.de> <20B16ECBB2C348BEAACC23CB8296A63E@geoffPC> Message-ID: <4A0AFE7A.8000803@owasp.org> +1 -- Christian Eric Edjenguele IT Security Software Engineer / IT Enterprise Software Architect Mobile (IT): +39 3408580513 PGP KeyID: 0xB1654498 Key Server: http://pgp.mit.edu -----BEGIN PGP PUBLIC KEY BLOCK----- Version: GnuPG v1.4.9 (GNU/Linux) mQENBEmka7IBCAC5e8/9BlCZR/3XHMO4DWHYoewaODmQypHqPaCfKR+BLTAy8xLZ eVJ0wwNwaLheZeLPfBqu3r/lp58xJhgYHm9gzihfqPbmJh4Dibc/d2XL9UQ1eshs K0JkTlvZtdK5Zo5VmeOZCWlKEMXzlg6HjuYUV4qokqD3qIj6/rhubjtrjlw/XA8P 6pGOFhsDZFXbn+lj80XhRdkObMnmWU6wdgJvEPx1vxvhV9D1sJgZz6FVoXAfTOb3 EjYpluEKdDod46hhF45UJ4Avc8q4DaXxmci5Kdx9rzF2tbvB3Ua6O7l5RaMGNZR2 QtVY65xVxRfAYF+yE3n+YkFQxWGlqVIajry/ABEBAAG0WkNocmlzdGlhbiBFcmlj IEVESkVOR1VFTEUgKElUIFNlY3VyaXR5IFNvZnR3YXJlIEVuZ2luZWVyKSA8Y2hy aXN0aWFuLmVkamVuZ3VlbGVAb3dhc3Aub3JnPokBNgQTAQIAIAUCSaRrsgIbAwYL CQgHAwIEFQIIAwQWAgMBAh4BAheAAAoJENETScWxZUSYS9QH+gOpYUPkon/D/eNm RLCbTaqJhSV6jRH9t+pomm6FiYgphCxDW96OpzA9BieiFEPHhVXAFcHkEBMlk/u0 wILqDNfBoZk3oCq0+/+Zc7z0zRZfgMHwB4czpqhUCrINEjLO0rb2Jff6Hh0C5S9w 8l+x9IiOG9hHNO8ftVr1sNHGDTAWNNZ+pcCt5ROhqiiqnZsvowO1TcDMKEGD9NTW BN+jLFGZRY9/MQsUkWoXBQ8K5S9AP1EPPbSTX68VTj0vINLTk2/XfsJlV9Vd9b7G NkhbAdrvujbqLHDSE3ALpx8sWKg2vPCUAxJJY6S6danpw/XPGKkpcSNfqn4k8sCV e+9MJSu5Ag0ESaRthQEQALEj8eO2WCRqhOHakHhpvGQ4tFEIDS6Z3mnBaNaMc9VM i89LNYvJOgOSnWvIu8EF6Ah+PnhOayb9E3wvH+0nfOwzp6XhDor7h8WLQNL+qzk3 cPxkxdfNDaQdyJclstUqa0nIaPOJgbIRs12N6bCxhAeOKffIkrIdDqjxshTI3S3z fq7choduX8tNHoFzIIl6T+4Q0QXMT8xu5MeBHr+vxlgqNUTWOQn6Q/B6QnrVzWDA gEq4Id45vN4j18iXGqMy8/xWQg3kRHaU563zx8u+7cjV81feMDbQiC6p6nqQHsD4 U07JIVDqjbJESLdeqju6HsNzYKohi/gxhsgouPXdFTrfgkWCklAGwqT7QE0ZnL/t SVC0xpmCLneXAxWGGo27zJKVJ1/iMUgi/i4R+u2K4eQbsBXXYwh0gSxwYReTyr+C 51ugKkvYjTy+U2Fedq3lXEVtnRV02zpO/LlpJR446jRAapVH+ZF9tGMoIHg5hATZ KEzGw9x19/wQSRumTvV0HAQ0lqWW9/0n2VuwI/Sh7YHQ2j/DhyF0blFrooGyIxd2 x5+Xu1PWlYwlUbu7ZsOw1V9cqL5yv5m+w4mL+h8ytHJHHL2Cg8/3qp/QxLT7CnfX fOHAjNxGkS/QfoxEhuSwigPi/Yd51wHcaOLyUdGceOZ79ciQtPgvCFdyrDrfDhSr ABEBAAGJAR8EGAECAAkFAkmkbYUCGwwACgkQ0RNJxbFlRJhbLAgAsCBA7KmGkTmQ mjPNA7Iig8tA5S9fYavbKydNQNxPpL47GLf9V3la4P2/LPLa3rH31Bt+ScfSqAKC 5/geB5BKwmQqRomsQpjhmrpBenPjYrUYG2dEB/BOMvOyvr3dTpWtAg5CwYYnHTNy yJn7dc7whiE94ZxqFdt58K0H5/H449/VHuCJue+uzy0ldrTK8VVpK6uGgrJc5kre 2bpdGVbALpC+yeNMyXCqgGigg9gu1iHXSSGgbQfW+AhsFpiN37fPq8zDNU2C8sp3 4Y45EYRmRCZ+0a9WSRnYALRZFdvjysKfRjP3o4Ax/d4cSi6v2pT93yfoA2TQMkLF E1MQObpE5A== =7VGF -----END PGP PUBLIC KEY BLOCK----- From labeneator at gmail.com Thu May 14 11:00:23 2009 From: labeneator at gmail.com (Lmwangi) Date: Thu, 14 May 2009 12:00:23 +0300 Subject: [Openvas-devel] Voting on CR #29 Message-ID: <1e6e35b60905140200h12e49061pb9b44ace617cedd5@mail.gmail.com> Hi I'd like to call for a vote on CR #29. Use of Glib Logging in OpenVAS. You may review the CR http://www.openvas.org/openvas-cr-29.html +1 from me Regards, Laban From mmundell at intevation.de Thu May 14 12:39:22 2009 From: mmundell at intevation.de (Matthew Mundell) Date: 14 May 2009 10:38:22 -0001 Subject: [Openvas-devel] Voting on CR #29 In-Reply-To: Message of Thu, 14 May 2009 12:00:23 +0300. <1e6e35b60905140200h12e49061pb9b44ace617cedd5@mail.gmail.com> Message-ID: <20090514103801.DAB92DEBD2@mail.ukfsn.org> > I'd like to call for a vote on CR #29. Use of Glib Logging in OpenVAS. > You may review the CR http://www.openvas.org/openvas-cr-29.html I'd like to use the same logging system in the manager. Any ideas on how the two modules could work together? Maybe some of the code in the referenced patches could go in openvas-libraries, like load_log_configuration, free_log_configuration and openvas_log_func. Do you have an example of the resulting log output? -- Intevation GmbH, Neuer Graben 17, 49074 Osnabr?ck | AG Osnabr?ck, HR B 18998 Gesch?ftsf?hrer: Frank Koormann, Bernhard Reiter, Dr. Jan-Oliver Wagner From labeneator at gmail.com Thu May 14 16:32:22 2009 From: labeneator at gmail.com (Lmwangi) Date: Thu, 14 May 2009 17:32:22 +0300 Subject: [Openvas-devel] Voting on CR #29 In-Reply-To: <20090514103801.DAB92DEBD2@mail.ukfsn.org> References: <1e6e35b60905140200h12e49061pb9b44ace617cedd5@mail.gmail.com> <20090514103801.DAB92DEBD2@mail.ukfsn.org> Message-ID: <1e6e35b60905140732j7cc7135cl25873e0e457d2fec@mail.gmail.com> Hi Mathew, On Thu, May 14, 2009 at 1:39 PM, Matthew Mundell wrote: >> ?I'd like to call for a vote on CR #29. ?Use of Glib Logging in OpenVAS. >> You may review the CR http://www.openvas.org/openvas-cr-29.html > > I'd like to use the same logging system in the manager. > Just clone the patch applied to openvasd. > Any ideas on how the two modules could work together? ?Maybe some of the > code in the referenced patches could go in openvas-libraries, like > load_log_configuration, free_log_configuration and openvas_log_func. > Hmm, I think you can move load_log_configuration, free_log_configuration but then leave openvas_log_func in openvasd. For your case, I think we can clone openvas_log_func into openvasm_log_func. > Do you have an example of the resulting log output? Here's a snippet (openvasd:28600): libnasl-DEBUG: /opt/openvas//lib/openvas/plugins/jolt2.nasl: Executing script (openvasd:28603): libnasl-DEBUG: /opt/openvas//lib/openvas/plugins/line_overflow.nasl: Executing script (openvasd:28603): libnasl-DEBUG: misc_func.inc: Executing script (openvasd:28604): libnasl-DEBUG: /opt/openvas//lib/openvas/plugins/check_ports.nasl: Executing script (openvasd:28604): libnasl-DEBUG: Opening a tcp socket bufsize -1 (openvasd:28604): libnasl-DEBUG: Opening a tcp socket bufsize -1 (openvasd:28604): libnasl-DEBUG: Opening a tcp socket bufsize -1 (openvasd:28605): libnasl-DEBUG: /opt/openvas//lib/openvas/plugins/scan_info.nasl: Executing script (openvasd:28605): libnasl-DEBUG: plugin_feed_info.inc: Executing script > -- > Intevation GmbH, Neuer Graben 17, 49074 Osnabr?ck | AG Osnabr?ck, HR B 18998 > Gesch?ftsf?hrer: Frank Koormann, Bernhard Reiter, Dr. Jan-Oliver Wagner > From mmundell at intevation.de Fri May 15 09:41:10 2009 From: mmundell at intevation.de (Matthew Mundell) Date: 15 May 2009 07:40:10 -0001 Subject: [Openvas-devel] Voting on CR #29 In-Reply-To: Message of Thu, 14 May 2009 17:32:22 +0300. <1e6e35b60905140732j7cc7135cl25873e0e457d2fec@mail.gmail.com> Message-ID: <20090515073945.F2918DEBEC@mail.ukfsn.org> > > Any ideas on how the two modules could work together?  Maybe some of the > > code in the referenced patches could go in openvas-libraries, like > > load_log_configuration, free_log_configuration and openvas_log_func. > > > Hmm, I think you can move load_log_configuration, > free_log_configuration but then leave > openvas_log_func in openvasd. For your case, I think we can clone > openvas_log_func into openvasm_log_func. I'd like to duplicate as little as possible, what would be the reason for keeping openvas_log_func in openvasd.c? > > Do you have an example of the resulting log output? > Here's a snippet > (openvasd:28600): libnasl-DEBUG: > /opt/openvas//lib/openvas/plugins/jolt2.nasl: Executing script > > (openvasd:28603): libnasl-DEBUG: > /opt/openvas//lib/openvas/plugins/line_overflow.nasl: Executing script > > (openvasd:28603): libnasl-DEBUG: misc_func.inc: Executing script Thanks. It would be nice to have a clean log format, maybe like Thu Oct 30 20:29:36 2008 openvasd 28600 libnasl-DEBUG /opt/openvas//lib/openvas/plugins/jolt2.nasl: Executing script Thu Oct 30 20:29:37 2008 openvasd 28603 libnasl-DEBUG /opt/openvas//lib/openvas/plugins/line_overflow.nasl: Executing script Thu Oct 30 20:29:38 2008 openvasd 28603 libnasl-DEBUG misc_func.inc: Executing script or with brackets like in openvasd.messages [Thu Oct 30 20:29:36 2008][23052] openvasd 2.0.0.beta2.SVN started [Thu Oct 30 20:50:54 2008][23052] connection from 127.0.0.1 [Thu Oct 30 20:51:26 2008][23156] Client requested protocol < OTP/1.0 > . [Thu Oct 30 20:51:26 2008][23156] successful login of mattm from 127.0.0.1 Anyway, these are implementation details, +1 on the CR. -- Intevation GmbH, Neuer Graben 17, 49074 Osnabrück | AG Osnabrück, HR B 18998 Geschäftsführer: Frank Koormann, Bernhard Reiter, Dr. Jan-Oliver Wagner From jc at lacunae.org Wed May 13 11:08:23 2009 From: jc at lacunae.org (Jonathan Care) Date: Wed, 13 May 2009 10:08:23 +0100 Subject: [Openvas-devel] [Openvas-discuss] Discontinuing openvas-plugins tarball? In-Reply-To: <20090513090142.GA2946@m2.homelinux.org> References: <20090423081146.GB11585@intevation.de> <20090513074110.GF20025@intevation.de> <20090513090142.GA2946@m2.homelinux.org> Message-ID: <29b38bfb0905130208w50ece509r278108b5992d9713@mail.gmail.com> +1 On 5/13/09, Michael Meyer wrote: > *** Michael Wiegand wrote: >> If there a no more issues with the CR, I'd like to start voting on this >> CR. Please reply to this mail on the list and indicate if you are in >> favor of this Change Request (+1), don't care (+/-0) or are against it >> (-1). Thank you! > > +1 > > Micha > _______________________________________________ > Openvas-discuss mailing list > Openvas-discuss at wald.intevation.org > http://lists.wald.intevation.org/mailman/listinfo/openvas-discuss > -- Sent from my mobile device From openvas-bugs at wald.intevation.org Wed May 13 13:09:11 2009 From: openvas-bugs at wald.intevation.org (openvas-bugs@wald.intevation.org) Date: Wed, 13 May 2009 13:09:11 +0200 (CEST) Subject: [Openvas-devel] =?utf-8?q?=5Bopenvas-Bugs=5D=5B990=5D_Portbunny_i?= =?utf-8?q?s_not_found_under_the_scanners_on_OpenVAS_Client?= Message-ID: <20090513110911.638421120C1@pyrosoma.intevation.org> Bugs item #990, was opened at 2009-05-13 13:09 Status: Open Priority: 3 Submitted By: Markus Schr?der (msgbeep) Assigned to: Nobody (None) Summary: Portbunny is not found under the scanners on OpenVAS Client Architecture: None Resolution: Accepted As Bug Severity: normal Version: v2.0.3 Component: openvas-server Operating System: other Product: OpenVAS Hardware: None URL: Initial Comment: Issue is important for me, because I have to scan a host with all possible scanners ( acting as port scanner ). In my case I installed OpenVAS and some packages found for CentOS on http://www.atomicorp.com/channels/atomic/centos/ Portbunny Version 1.1.1 was installed after OpenVAS was running first time. Felix helped me to figure out what is the problem. I delete all caches to rebuild them. Every check brought more sickness to me to see portbunny is not a part of possible scanners. Every help to fix that are welcome. Chears Markus Schr?der ---------------------------------------------------------------------- You can respond by visiting: http://wald.intevation.org/tracker/?func=detail&atid=220&aid=990&group_id=29 From Merlon at gmx.de Thu May 14 10:19:30 2009 From: Merlon at gmx.de (Merlon@gmx.de) Date: Thu, 14 May 2009 10:19:30 +0200 Subject: [Openvas-devel] geoff's reminder Message-ID: <20090514081930.15260@gmx.net> This is only a message that reminds geoff (chat nick) to add some things at the compendium (cache location and waht happen when cache removed, or something like this, why a .desc path is needed inside the plugins folder ... ) -- Neu: GMX FreeDSL Komplettanschluss mit DSL 6.000 Flatrate + Telefonanschluss f?r nur 17,95 Euro/mtl.!* http://dslspecial.gmx.de/freedsl-surfflat/?ac=OM.AD.PD003K11308T4569a From openvas-bugs at wald.intevation.org Thu May 14 13:22:49 2009 From: openvas-bugs at wald.intevation.org (openvas-bugs@wald.intevation.org) Date: Thu, 14 May 2009 13:22:49 +0200 (CEST) Subject: [Openvas-devel] =?utf-8?q?=5Bopenvas-Bugs=5D=5B1001=5D_Client_sen?= =?utf-8?q?ds_plugin_preferences_independent_of_plugin_set=2E?= Message-ID: <20090514112249.A0D5E1120BE@pyrosoma.intevation.org> Bugs item #1001, was opened at 2009-05-14 11:22 Status: Open Priority: 3 Submitted By: Felix Wolfsteller (felix) Assigned to: Nobody (None) Summary: Client sends plugin preferences independent of plugin set. Architecture: None Resolution: None Severity: normal Version: None Component: openvas-client Operating System: All Product: OpenVAS Hardware: None URL: Initial Comment: Currently the client sends preferences for NVTs even if they are neither enabled nor required as a dependency. This can be confirmed by disabling all nvts and scanners and watching the traffic (or e.g. printf in nessus/auth.c (network_printf) ). ---------------------------------------------------------------------- You can respond by visiting: http://wald.intevation.org/tracker/?func=detail&atid=220&aid=1001&group_id=29 From michael.wiegand at intevation.de Mon May 18 10:06:39 2009 From: michael.wiegand at intevation.de (Michael Wiegand) Date: Mon, 18 May 2009 10:06:39 +0200 Subject: [Openvas-devel] Voting on CR #29 In-Reply-To: <1e6e35b60905140200h12e49061pb9b44ace617cedd5@mail.gmail.com> References: <1e6e35b60905140200h12e49061pb9b44ace617cedd5@mail.gmail.com> Message-ID: <20090518080639.GT20784@intevation.de> * Laban Mwangi [14. May 2009]: > Hi > I'd like to call for a vote on CR #29. Use of Glib Logging in OpenVAS. > You may review the CR http://www.openvas.org/openvas-cr-29.html +1 from me as well. As Matthew suggested, the logging code should be implemented in openvas-libraries to make it available for all modules. Regards, Michael -- Michael Wiegand | OpenPGP: D7D049EC | Intevation GmbH - www.intevation.de Neuer Graben 17, 49074 Osnabr?ck, Germany | AG Osnabr?ck, HR B 18998 Gesch?ftsf?hrer: Frank Koormann, Bernhard Reiter, Dr. Jan-Oliver Wagner -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 198 bytes Desc: not available Url : http://lists.wald.intevation.org/pipermail/openvas-devel/attachments/20090518/24a1976a/attachment.pgp From felix.wolfsteller at intevation.de Mon May 18 10:17:04 2009 From: felix.wolfsteller at intevation.de (Felix Wolfsteller) Date: Mon, 18 May 2009 10:17:04 +0200 Subject: [Openvas-devel] Voting on CR #29 In-Reply-To: <1e6e35b60905140200h12e49061pb9b44ace617cedd5@mail.gmail.com> References: <1e6e35b60905140200h12e49061pb9b44ace617cedd5@mail.gmail.com> Message-ID: <200905181017.04584.felix.wolfsteller@intevation.de> +1 -- felix On Thursday 14 May 2009 11:00:23 Lmwangi wrote: > Hi > I'd like to call for a vote on CR #29. Use of Glib Logging in OpenVAS. > You may review the CR http://www.openvas.org/openvas-cr-29.html > > +1 from me > > Regards, > Laban > _______________________________________________ > Openvas-devel mailing list > Openvas-devel at wald.intevation.org > http://lists.wald.intevation.org/mailman/listinfo/openvas-devel -- Felix Wolfsteller | ++49-541-335 08 3451 | http://www.intevation.de/ PGP Key: 39DE0100 Intevation GmbH, Neuer Graben 17, 49074 Osnabr?ck | AG Osnabr?ck, HR B 18998 Gesch?ftsf?hrer: Frank Koormann, Bernhard Reiter, Dr. Jan-Oliver Wagner From c_edjenguele at yahoo.it Mon May 18 12:32:28 2009 From: c_edjenguele at yahoo.it (Christian Eric EDJENGUELE) Date: Mon, 18 May 2009 10:32:28 +0000 (GMT) Subject: [Openvas-devel] Voting on CR #29 In-Reply-To: <20090518080639.GT20784@intevation.de> References: <1e6e35b60905140200h12e49061pb9b44ace617cedd5@mail.gmail.com> <20090518080639.GT20784@intevation.de> Message-ID: <53166.26027.qm@web28603.mail.ukl.yahoo.com> +1 --- Christian Eric Edjenguele IT Security Software Developer & Researcher / Business Developer / Enterprise Software Architect mobile (IT): +39 3408580513 ----- Messaggio originale ----- > Da: Michael Wiegand > A: openvas-devel at wald.intevation.org > Inviato: Luned? 18 maggio 2009, 10:06:39 > Oggetto: Re: [Openvas-devel] Voting on CR #29 > > * Laban Mwangi [14. May 2009]: > > Hi > > I'd like to call for a vote on CR #29. Use of Glib Logging in OpenVAS. > > You may review the CR http://www.openvas.org/openvas-cr-29.html > > +1 from me as well. > > As Matthew suggested, the logging code should be implemented in > openvas-libraries to make it available for all modules. > > Regards, > > Michael > > -- > Michael Wiegand | OpenPGP: D7D049EC | Intevation GmbH - www.intevation.de > Neuer Graben 17, 49074 Osnabr?ck, Germany | AG Osnabr?ck, HR B 18998 > Gesch?ftsf?hrer: Frank Koormann, Bernhard Reiter, Dr. Jan-Oliver Wagner From geoff at galitz.org Tue May 19 10:06:12 2009 From: geoff at galitz.org (Geoff Galitz) Date: Tue, 19 May 2009 10:06:12 +0200 Subject: [Openvas-devel] secure feed services In-Reply-To: <20090513093635.GG20025@intevation.de> References: <18323E08D956465B919E65A576D5F5BD@geoffPC> <20090513093635.GG20025@intevation.de> Message-ID: <1E1A9190C70D4A62985DCA3A35CB28A5@geoffPC> I've been thinking about this and I admit that your logic is correct. But here are some more thoughts: - Some networks specifically ban all unencrypted network traffic unless exempted by the network security group. One of my old employers, University of California at Berkeley, does this. - If authentication data will ever be integrated into the nasl feed datastream (that is, login to get access to the nasl feed) then some form of encryption is certainly needed. - Provide encryption services for the data feeds to raise the level of customer/user confidence in OpenVAS. I've been contemplating providing some custom nasl scripts for my current customers, so I do have a vested interest in keeping datafeeds private. Lastly, I'd argue encrypting data feeds is "best practice." The scenario you mention (evil people tracking connections to feed servers) is certainly possible, and we should assume people are already doing that. Adding encryption to these connections to keep the contents of these datastreams private is part of the idea of "Defense in Depth" where applying many and numerous barriers to increase the time and resources needed for evil hackers to gather the needed information to penetrate a target network is a valid defense. http://en.wikipedia.org/wiki/Defense_in_Depth_(computing) I can try to make the time to come up with a simple proof of concept, and if it is solid enough offer it as a patch. -geoff --------------------------------- Geoff Galitz Blankenheim NRW, Germany http://www.galitz.org/ http://german-way.com/blog/ > -----Original Message----- > From: openvas-devel-bounces at wald.intevation.org [mailto:openvas-devel- > bounces at wald.intevation.org] On Behalf Of Michael Wiegand > Sent: Mittwoch, 13. Mai 2009 11:37 > To: openvas-devel at wald.intevation.org > Subject: Re: [Openvas-devel] secure feed services > > * Geoff Galitz [13. May 2009]: > > Has any thought been given to (or code developed for) using either: > > - rsync over ssh for feed services? > > - svn export functions over ssh for feed services? > > - other encryption technologies for feed services? > > > > My main concern is that if unencrypted services such as plain old > > HTTP/FTP/rsync are used for feeds, then sniffers placed in strategic > points > > in the Internet or even compromised boxes in a local DMZ would be able > to > > identify an OpenVAS deployment. > > An interesting idea, and a good time to suggest it. As you may have > noticed, I just put Change Request #32 online, which will very likely > result in changes to the synchronization script to offer additional > synchronization methods. We could implement encrypted synchronization if > it is wanted and needed. > > > In principle it seems this kind of information should be kept secure > > (knowledge of deployed services within a network). Also, as a practical > > matter, for the unfortunate day when a security vulnerability hits an > > OpenVAS component (or third party component) we don't want the bad guys > to > > know. > > True. But on the other hand, if I had placed sniffers in strategic > points, I would simply look for connections to the few well known feed > services. Any file transfer, encrypted or not, from something like > rsync.openvas.org would probably be enough to raise my interest. > > I think your idea is worthwhile, I just don't see a real benefit in the > situation you describe. Or am I missing something? > > Regards, > > Michael > > -- > Michael Wiegand | OpenPGP: D7D049EC | Intevation GmbH - www.intevation.de > Neuer Graben 17, 49074 Osnabr?ck, Germany | AG Osnabr?ck, HR B 18998 > Gesch?ftsf?hrer: Frank Koormann, Bernhard Reiter, Dr. Jan-Oliver Wagner From jan-oliver.wagner at intevation.de Tue May 19 11:05:48 2009 From: jan-oliver.wagner at intevation.de (Jan-Oliver Wagner) Date: Tue, 19 May 2009 11:05:48 +0200 Subject: [Openvas-devel] Voting on Bug #779 with 300 Euro, now 500 In-Reply-To: <200905111402.22232.jan-oliver.wagner@intevation.de> References: <200904291411.43773.jan-oliver.wagner@intevation.de> <200905111402.22232.jan-oliver.wagner@intevation.de> Message-ID: <200905191105.50788.jan-oliver.wagner@intevation.de> Hello, I increase my vote to 500 Euro. Whoever solves this first, should receive the money. Best Jan On Montag, 11. Mai 2009, Jan-Oliver Wagner wrote: > Hello, > > I increase my vote to 400 Euro ;-) > > Best > > Jan > > On Mittwoch, 29. April 2009, Jan-Oliver Wagner wrote: > > bug #779 (concurrent checks problem)[1] is something I want to have > > resolved as soon as possible. We have invested quite some time > > into analysing the problem and now need to urgently care for other > > OpenVAS-realated things. > > > > So, in lack of time, I offer to pay 300 Euro for ultimately resolving the bug. > > > > Best > > > > Jan > > > > > > [1] http://bugs.openvas.com/779 -- Dr. Jan-Oliver Wagner | ++49-541-335083-0 | http://www.intevation.de/ Intevation GmbH, Neuer Graben 17, 49074 Osnabr?ck | AG Osnabr?ck, HR B 18998 Gesch?ftsf?hrer: Frank Koormann, Bernhard Reiter, Dr. Jan-Oliver Wagner From geoff at galitz.org Tue May 19 11:16:52 2009 From: geoff at galitz.org (Geoff Galitz) Date: Tue, 19 May 2009 11:16:52 +0200 Subject: [Openvas-devel] Voting on Bug #779 with 300 Euro, now 500 In-Reply-To: <200905191105.50788.jan-oliver.wagner@intevation.de> References: <200904291411.43773.jan-oliver.wagner@intevation.de><200905111402.22232.jan-oliver.wagner@intevation.de> <200905191105.50788.jan-oliver.wagner@intevation.de> Message-ID: Who is working on this now? -geoff --------------------------------- Geoff Galitz Blankenheim NRW, Germany http://www.galitz.org/ http://german-way.com/blog/ > -----Original Message----- > From: openvas-devel-bounces at wald.intevation.org [mailto:openvas-devel- > bounces at wald.intevation.org] On Behalf Of Jan-Oliver Wagner > Sent: Dienstag, 19. Mai 2009 11:06 > To: openvas-devel at wald.intevation.org > Subject: Re: [Openvas-devel] Voting on Bug #779 with 300 Euro, now 500 > > Hello, > > I increase my vote to 500 Euro. > > Whoever solves this first, should receive the money. > > Best > > Jan > > On Montag, 11. Mai 2009, Jan-Oliver Wagner wrote: > > Hello, > > > > I increase my vote to 400 Euro ;-) > > > > Best > > > > Jan > > > > On Mittwoch, 29. April 2009, Jan-Oliver Wagner wrote: > > > bug #779 (concurrent checks problem)[1] is something I want to have > > > resolved as soon as possible. We have invested quite some time > > > into analysing the problem and now need to urgently care for other > > > OpenVAS-realated things. > > > > > > So, in lack of time, I offer to pay 300 Euro for ultimately resolving > the bug. > > > > > > Best > > > > > > Jan > > > > > > > > > [1] http://bugs.openvas.com/779 > > -- > Dr. Jan-Oliver Wagner | ++49-541-335083-0 | http://www.intevation.de/ > Intevation GmbH, Neuer Graben 17, 49074 Osnabr?ck | AG Osnabr?ck, HR B > 18998 > Gesch?ftsf?hrer: Frank Koormann, Bernhard Reiter, Dr. Jan-Oliver Wagner > _______________________________________________ > Openvas-devel mailing list > Openvas-devel at wald.intevation.org > http://lists.wald.intevation.org/mailman/listinfo/openvas-devel From marco.bonetti at slackware.it Tue May 19 12:13:51 2009 From: marco.bonetti at slackware.it (Marco Bonetti) Date: Tue, 19 May 2009 12:13:51 +0200 (CEST) Subject: [Openvas-devel] Voting on CR #32 Message-ID: <44585.88.149.157.90.1242728031.squirrel@webmail.slackware.it> Sorry for replying out of thread: mwiegand just throw me into the list. However, as the slackware package mantainer for openvas I like the cr: it will save me some headaches on troubleshooting ;-) So, it's a +1 for me. ciao -- Marco Bonetti BT3 EeePC enhancing module: http://sid77.slackware.it/bt3/ Slackintosh Linux Project Developer: http://workaround.ch/ Linux-live for powerpc: http://workaround.ch/pub/rsync/mb/linux-live/ My GnuPG key id: 0x86A91047 From jan-oliver.wagner at intevation.de Tue May 19 17:17:07 2009 From: jan-oliver.wagner at intevation.de (Jan-Oliver Wagner) Date: Tue, 19 May 2009 17:17:07 +0200 Subject: [Openvas-devel] secure feed services In-Reply-To: <1E1A9190C70D4A62985DCA3A35CB28A5@geoffPC> References: <18323E08D956465B919E65A576D5F5BD@geoffPC> <20090513093635.GG20025@intevation.de> <1E1A9190C70D4A62985DCA3A35CB28A5@geoffPC> Message-ID: <200905191717.10253.jan-oliver.wagner@intevation.de> Hello Geoff, On Dienstag, 19. Mai 2009, Geoff Galitz wrote: > I've been thinking about this and I admit that your logic is correct. But > here are some more thoughts: > > - Some networks specifically ban all unencrypted network traffic unless > exempted by the network security group. One of my old employers, University > of California at Berkeley, does this. > > - If authentication data will ever be integrated into the nasl feed > datastream (that is, login to get access to the nasl feed) then some form of > encryption is certainly needed. > > - Provide encryption services for the data feeds to raise the level of > customer/user confidence in OpenVAS. note that the (subscription fee based) Greenbone Security Feed does use encryption. Professional users have an option already ;-) > I've been contemplating providing some custom nasl scripts for my current > customers, so I do have a vested interest in keeping datafeeds private. the OpenVAS concepts (in contrast to old Nessus) for feed management and NASL signatures do allow to be flexible and should serve you needs. > I can try to make the time to come up with a simple proof of concept, and if > it is solid enough offer it as a patch. Please don't underestimate the work load for maintaining a secured Feed Service. We already spend quite some time into the maintenanc of the OpenVAS NVT Feed. The more complex it gets, the less reliable it might become. Anonymous HTTPS is a doable approach IMHO. Open question: Who is going to provide the trustworthy SSL certificate? Best Jan -- Dr. Jan-Oliver Wagner | ++49-541-335083-0 | http://www.intevation.de/ Intevation GmbH, Neuer Graben 17, 49074 Osnabr?ck | AG Osnabr?ck, HR B 18998 Gesch?ftsf?hrer: Frank Koormann, Bernhard Reiter, Dr. Jan-Oliver Wagner From openvas-bugs at wald.intevation.org Tue May 19 15:05:48 2009 From: openvas-bugs at wald.intevation.org (openvas-bugs@wald.intevation.org) Date: Tue, 19 May 2009 15:05:48 +0200 (CEST) Subject: [Openvas-devel] =?utf-8?q?=5Bopenvas-Bugs=5D=5B1008=5D_Function_g?= =?utf-8?q?et=5Fip=5Felement=28=29_returning_flipped_bytes_for_ip?= =?utf-8?q?=5Fid_element?= Message-ID: <20090519130548.C0BA01120CC@pyrosoma.intevation.org> Bugs item #1008, was opened at 2009-05-19 15:05 Status: Open Priority: 3 Submitted By: Goran Licina (glicina) Assigned to: Nobody (None) Summary: Function get_ip_element() returning flipped bytes for ip_id element Architecture: 32 Bit Resolution: None Severity: None Version: v2.0.1 Component: None Operating System: Linux Product: OpenVAS Hardware: PC URL: Initial Comment: NASL function get_ip_element() returned wrong results when extracting IP_ID value from received ICMP packet. Example: get_ip_element(element : "ip_id", ip : ret); Perhaps, if IP_ID value of received packet was 0xAABB (as seen by packet sniffers tcpdump and tshark), function returned value 0xBBAA (flipped bytes). Workaround is using symmetric number for IP_ID (0xBABA). ---------------------------------------------------------------------- You can respond by visiting: http://wald.intevation.org/tracker/?func=detail&atid=220&aid=1008&group_id=29 From christian.edjenguele at owasp.org Tue May 19 20:13:14 2009 From: christian.edjenguele at owasp.org (Christian Eric Edjenguele) Date: Tue, 19 May 2009 20:13:14 +0200 Subject: [Openvas-devel] Voting on Bug #779 with 300 Euro, now 500 In-Reply-To: References: <200904291411.43773.jan-oliver.wagner@intevation.de><200905111402.22232.jan-oliver.wagner@intevation.de> <200905191105.50788.jan-oliver.wagner@intevation.de> Message-ID: <4A12F6BA.2080503@owasp.org> I'm working on Geoff Galitz wrote: > > Who is working on this now? > > -geoff > > --------------------------------- > Geoff Galitz > Blankenheim NRW, Germany > http://www.galitz.org/ > http://german-way.com/blog/ > > >> -----Original Message----- >> From: openvas-devel-bounces at wald.intevation.org [mailto:openvas-devel- >> bounces at wald.intevation.org] On Behalf Of Jan-Oliver Wagner >> Sent: Dienstag, 19. Mai 2009 11:06 >> To: openvas-devel at wald.intevation.org >> Subject: Re: [Openvas-devel] Voting on Bug #779 with 300 Euro, now 500 >> >> Hello, >> >> I increase my vote to 500 Euro. >> >> Whoever solves this first, should receive the money. >> >> Best >> >> Jan >> >> On Montag, 11. Mai 2009, Jan-Oliver Wagner wrote: >>> Hello, >>> >>> I increase my vote to 400 Euro ;-) >>> >>> Best >>> >>> Jan >>> >>> On Mittwoch, 29. April 2009, Jan-Oliver Wagner wrote: >>>> bug #779 (concurrent checks problem)[1] is something I want to have >>>> resolved as soon as possible. We have invested quite some time >>>> into analysing the problem and now need to urgently care for other >>>> OpenVAS-realated things. >>>> >>>> So, in lack of time, I offer to pay 300 Euro for ultimately resolving >> the bug. >>>> Best >>>> >>>> Jan >>>> >>>> >>>> [1] http://bugs.openvas.com/779 >> -- >> Dr. Jan-Oliver Wagner | ++49-541-335083-0 | http://www.intevation.de/ >> Intevation GmbH, Neuer Graben 17, 49074 Osnabr?ck | AG Osnabr?ck, HR B >> 18998 >> Gesch?ftsf?hrer: Frank Koormann, Bernhard Reiter, Dr. Jan-Oliver Wagner >> _______________________________________________ >> Openvas-devel mailing list >> Openvas-devel at wald.intevation.org >> http://lists.wald.intevation.org/mailman/listinfo/openvas-devel > > _______________________________________________ > Openvas-devel mailing list > Openvas-devel at wald.intevation.org > http://lists.wald.intevation.org/mailman/listinfo/openvas-devel -- Christian Eric Edjenguele IT Security Software Engineer / IT Enterprise Software Architect Mobile (IT): +39 3408580513 PGP KeyID: 0xB1654498 Key Server: http://pgp.mit.edu -----BEGIN PGP PUBLIC KEY BLOCK----- Version: GnuPG v1.4.9 (GNU/Linux) mQENBEmka7IBCAC5e8/9BlCZR/3XHMO4DWHYoewaODmQypHqPaCfKR+BLTAy8xLZ eVJ0wwNwaLheZeLPfBqu3r/lp58xJhgYHm9gzihfqPbmJh4Dibc/d2XL9UQ1eshs K0JkTlvZtdK5Zo5VmeOZCWlKEMXzlg6HjuYUV4qokqD3qIj6/rhubjtrjlw/XA8P 6pGOFhsDZFXbn+lj80XhRdkObMnmWU6wdgJvEPx1vxvhV9D1sJgZz6FVoXAfTOb3 EjYpluEKdDod46hhF45UJ4Avc8q4DaXxmci5Kdx9rzF2tbvB3Ua6O7l5RaMGNZR2 QtVY65xVxRfAYF+yE3n+YkFQxWGlqVIajry/ABEBAAG0WkNocmlzdGlhbiBFcmlj IEVESkVOR1VFTEUgKElUIFNlY3VyaXR5IFNvZnR3YXJlIEVuZ2luZWVyKSA8Y2hy aXN0aWFuLmVkamVuZ3VlbGVAb3dhc3Aub3JnPokBNgQTAQIAIAUCSaRrsgIbAwYL CQgHAwIEFQIIAwQWAgMBAh4BAheAAAoJENETScWxZUSYS9QH+gOpYUPkon/D/eNm RLCbTaqJhSV6jRH9t+pomm6FiYgphCxDW96OpzA9BieiFEPHhVXAFcHkEBMlk/u0 wILqDNfBoZk3oCq0+/+Zc7z0zRZfgMHwB4czpqhUCrINEjLO0rb2Jff6Hh0C5S9w 8l+x9IiOG9hHNO8ftVr1sNHGDTAWNNZ+pcCt5ROhqiiqnZsvowO1TcDMKEGD9NTW BN+jLFGZRY9/MQsUkWoXBQ8K5S9AP1EPPbSTX68VTj0vINLTk2/XfsJlV9Vd9b7G NkhbAdrvujbqLHDSE3ALpx8sWKg2vPCUAxJJY6S6danpw/XPGKkpcSNfqn4k8sCV e+9MJSu5Ag0ESaRthQEQALEj8eO2WCRqhOHakHhpvGQ4tFEIDS6Z3mnBaNaMc9VM i89LNYvJOgOSnWvIu8EF6Ah+PnhOayb9E3wvH+0nfOwzp6XhDor7h8WLQNL+qzk3 cPxkxdfNDaQdyJclstUqa0nIaPOJgbIRs12N6bCxhAeOKffIkrIdDqjxshTI3S3z fq7choduX8tNHoFzIIl6T+4Q0QXMT8xu5MeBHr+vxlgqNUTWOQn6Q/B6QnrVzWDA gEq4Id45vN4j18iXGqMy8/xWQg3kRHaU563zx8u+7cjV81feMDbQiC6p6nqQHsD4 U07JIVDqjbJESLdeqju6HsNzYKohi/gxhsgouPXdFTrfgkWCklAGwqT7QE0ZnL/t SVC0xpmCLneXAxWGGo27zJKVJ1/iMUgi/i4R+u2K4eQbsBXXYwh0gSxwYReTyr+C 51ugKkvYjTy+U2Fedq3lXEVtnRV02zpO/LlpJR446jRAapVH+ZF9tGMoIHg5hATZ KEzGw9x19/wQSRumTvV0HAQ0lqWW9/0n2VuwI/Sh7YHQ2j/DhyF0blFrooGyIxd2 x5+Xu1PWlYwlUbu7ZsOw1V9cqL5yv5m+w4mL+h8ytHJHHL2Cg8/3qp/QxLT7CnfX fOHAjNxGkS/QfoxEhuSwigPi/Yd51wHcaOLyUdGceOZ79ciQtPgvCFdyrDrfDhSr ABEBAAGJAR8EGAECAAkFAkmkbYUCGwwACgkQ0RNJxbFlRJhbLAgAsCBA7KmGkTmQ mjPNA7Iig8tA5S9fYavbKydNQNxPpL47GLf9V3la4P2/LPLa3rH31Bt+ScfSqAKC 5/geB5BKwmQqRomsQpjhmrpBenPjYrUYG2dEB/BOMvOyvr3dTpWtAg5CwYYnHTNy yJn7dc7whiE94ZxqFdt58K0H5/H449/VHuCJue+uzy0ldrTK8VVpK6uGgrJc5kre 2bpdGVbALpC+yeNMyXCqgGigg9gu1iHXSSGgbQfW+AhsFpiN37fPq8zDNU2C8sp3 4Y45EYRmRCZ+0a9WSRnYALRZFdvjysKfRjP3o4Ax/d4cSi6v2pT93yfoA2TQMkLF E1MQObpE5A== =7VGF -----END PGP PUBLIC KEY BLOCK----- From lists at securityspace.com Tue May 19 21:01:35 2009 From: lists at securityspace.com (Thomas Reinke) Date: Tue, 19 May 2009 15:01:35 -0400 Subject: [Openvas-devel] false positives - local security checks - revisited. Message-ID: <4A13020F.6080707@securityspace.com> Has anyone tried running a full test, with credentialed SSH access, against a fully patched system such as Debian or RedHat with a reasonable user environment? I ask, because not so long ago we ran one using our set of plugins, which are supplemented with OpenVAS tests, which specifically _exclude_ linux based tests that look for versions of packages by running the binaries. Despite our policy of not including these tests, we found that we missed excluding a few, and that as a result, we'd get false positives, because of the backporting that gets done. (e.g. You're running version 3.6-1 which is vulnerable, upgrade to 3.7, except that 3.6-1 IS the distro's update that includes the 3.7 security patch). I can only imaging at this point what a full OpenVAS test would do w.r.t false positives. While I personally am not a 'real' customer, I suspect that having a slew of alerts being triggered, all false, might become a bit annoying. Anyone else gotten any feedback on this? I've said before, I'm not a fan of trying to home in on the small window of time between a vulnerability being made public, and the distro patch being available. That being said, I'm even LESS of a fan if, once the distro's update is available, that the test starts spewing false positives. FWIW, I highly recommend that for distros we wish to officially support, that we adopt a mechanism to not trip these types of alerts. Thomas From Merlon at gmx.net Wed May 20 12:12:13 2009 From: Merlon at gmx.net (Merlon@gmx.net) Date: Wed, 20 May 2009 12:12:13 +0200 Subject: [Openvas-devel] Voting CR 31: OpenVAS-Server: Remove support for plaintext password storage Message-ID: <20090520101213.115690@gmx.net> +1 Markus Schr?der -- Neu: GMX FreeDSL Komplettanschluss mit DSL 6.000 Flatrate + Telefonanschluss f?r nur 17,95 Euro/mtl.!* http://dslspecial.gmx.de/freedsl-aktionspreis/?ac=OM.AD.PD003K11308T4569a From felix.wolfsteller at intevation.de Wed May 20 14:26:45 2009 From: felix.wolfsteller at intevation.de (Felix Wolfsteller) Date: Wed, 20 May 2009 14:26:45 +0200 Subject: [Openvas-devel] false positives - local security checks - revisited. In-Reply-To: <4A13020F.6080707@securityspace.com> References: <4A13020F.6080707@securityspace.com> Message-ID: <200905201426.45514.felix.wolfsteller@intevation.de> I remember that (you and Chandra ?) had a short discussion about it a couple of months ago. I agree that a unified simple solution should be searched. I would propose that if no CR emerged till the DevCon we discuss it there - in the hope that a solution should be found rather fast this issue would be merged into existing topics (see a schedule at http://openvas.org/openvas-devcon2.html ). Eventually splitting the issue into "Handy Version Management" and "LSCs for 'officially' supported distros" could do the job. The appropriate topics at the DevCon would be Topic 1.4: 'Harmonization' strategies for NASL code and Topic 3.2: NVT coverage extension and NVT retirement. -- felix On Tuesday 19 May 2009 21:01:35 Thomas Reinke wrote: > Has anyone tried running a full test, with credentialed SSH access, > against a fully patched system such as Debian or RedHat with a > reasonable user environment? > > I ask, because not so long ago we ran one using our set of > plugins, which are supplemented with OpenVAS tests, which > specifically _exclude_ linux based tests that look for > versions of packages by running the binaries. > > Despite our policy of not including these tests, we found > that we missed excluding a few, and that as a result, we'd > get false positives, because of the backporting that gets > done. (e.g. You're running version 3.6-1 which is vulnerable, > upgrade to 3.7, except that 3.6-1 IS the distro's update > that includes the 3.7 security patch). I can only imaging > at this point what a full OpenVAS test would do w.r.t > false positives. > > While I personally am not a 'real' customer, I suspect > that having a slew of alerts being triggered, all false, > might become a bit annoying. Anyone else gotten any > feedback on this? > > > I've said before, I'm not a fan of trying to home in on > the small window of time between a vulnerability being > made public, and the distro patch being available. That > being said, I'm even LESS of a fan if, once the distro's > update is available, that the test starts spewing false > positives. > > FWIW, I highly recommend that for distros we > wish to officially support, that we adopt a mechanism > to not trip these types of alerts. > > > Thomas > > > > > > _______________________________________________ > Openvas-devel mailing list > Openvas-devel at wald.intevation.org > http://lists.wald.intevation.org/mailman/listinfo/openvas-devel -- Felix Wolfsteller | ++49-541-335 08 3451 | http://www.intevation.de/ PGP Key: 39DE0100 Intevation GmbH, Neuer Graben 17, 49074 Osnabr?ck | AG Osnabr?ck, HR B 18998 Gesch?ftsf?hrer: Frank Koormann, Bernhard Reiter, Dr. Jan-Oliver Wagner From michael.wiegand at intevation.de Mon May 25 15:40:32 2009 From: michael.wiegand at intevation.de (Michael Wiegand) Date: Mon, 25 May 2009 15:40:32 +0200 Subject: [Openvas-devel] [Openvas-commits] r3460 - in trunk/openvas-plugins: . scripts In-Reply-To: <20090524092238.9E169F2020@pyrosoma.intevation.org> References: <20090524092238.9E169F2020@pyrosoma.intevation.org> Message-ID: <20090525134032.GA10074@intevation.de> * scm-commit at wald.intevation.org [24. May 2009]: > Author: mime > Date: 2009-05-24 11:22:37 +0200 (Sun, 24 May 2009) > New Revision: 3460 > > Added: > trunk/openvas-plugins/scripts/nsd_version.nasl > > Added: trunk/openvas-plugins/scripts/nsd_version.nasl > =================================================================== > --- trunk/openvas-plugins/scripts/nsd_version.nasl 2009-05-22 14:53:52 UTC (rev 3459) > +++ trunk/openvas-plugins/scripts/nsd_version.nasl 2009-05-24 09:22:37 UTC (rev 3460) > @@ -0,0 +1,150 @@ > + > +if (description) > +{ > + script_id(100082); Please note that the ID 100082 has already been assigned to ldap_detect.nasl. Please use a different, unique ID from your ID block. Thank you! Regards, Michael -- Michael Wiegand | OpenPGP: D7D049EC | Intevation GmbH - www.intevation.de Neuer Graben 17, 49074 Osnabr?ck, Germany | AG Osnabr?ck, HR B 18998 Gesch?ftsf?hrer: Frank Koormann, Bernhard Reiter, Dr. Jan-Oliver Wagner -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 198 bytes Desc: not available Url : http://lists.wald.intevation.org/pipermail/openvas-devel/attachments/20090525/432515f3/attachment.pgp From michael.wiegand at intevation.de Mon May 25 16:21:43 2009 From: michael.wiegand at intevation.de (Michael Wiegand) Date: Mon, 25 May 2009 16:21:43 +0200 Subject: [Openvas-devel] Planning final openvas-plugins release Message-ID: <20090525142143.GB10074@intevation.de> Hello, In Change Request #32 (http://www.openvas.org/openvas-cr-32.html) we decided to discontinue the release of openvas-plugins tarball after a final release. In order to make progress with the CR, I would like to do the release soon, preferably this week. If there are no objections I will schedule the release for Thursday, May 28. Plugin developers: Please keep an extra eye on the plugin quality and make sure your plugins work as intended before adding them to the SVN. I would like to do some QA before the release, so if you are planning on adding or modifying plugins on Wednesday or Thursday, please do coordinate your commits with me so we can make the last openvas-plugins release the best ever. :) If you have any question or suggestions, feel free to contact me. Regards, Michael -- Michael Wiegand | OpenPGP: D7D049EC | Intevation GmbH - www.intevation.de Neuer Graben 17, 49074 Osnabr?ck, Germany | AG Osnabr?ck, HR B 18998 Gesch?ftsf?hrer: Frank Koormann, Bernhard Reiter, Dr. Jan-Oliver Wagner -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 198 bytes Desc: not available Url : http://lists.wald.intevation.org/pipermail/openvas-devel/attachments/20090525/981c0833/attachment.pgp From jan-oliver.wagner at intevation.de Tue May 26 19:53:52 2009 From: jan-oliver.wagner at intevation.de (Jan-Oliver Wagner) Date: Tue, 26 May 2009 19:53:52 +0200 Subject: [Openvas-devel] Voting on Bug #779 with 300 Euro, now 600 In-Reply-To: <200905191105.50788.jan-oliver.wagner@intevation.de> References: <200904291411.43773.jan-oliver.wagner@intevation.de> <200905111402.22232.jan-oliver.wagner@intevation.de> <200905191105.50788.jan-oliver.wagner@intevation.de> Message-ID: <200905261953.53101.jan-oliver.wagner@intevation.de> Hello, I increase my vote to 600 Euro. Again: The individual or team that solves the bug _first_, will receive the money. Please note that no one should simply "take" the bug, stopping others from working on it, and thus delaying the solution. Teaming up might make sense though ;-) Best Jan On Tuesday 19 May 2009 11:05:48 Jan-Oliver Wagner wrote: > Hello, > > I increase my vote to 500 Euro. > > Whoever solves this first, should receive the money. > > Best > > Jan > > On Montag, 11. Mai 2009, Jan-Oliver Wagner wrote: > > Hello, > > > > I increase my vote to 400 Euro ;-) > > > > Best > > > > Jan > > > > On Mittwoch, 29. April 2009, Jan-Oliver Wagner wrote: > > > bug #779 (concurrent checks problem)[1] is something I want to have > > > resolved as soon as possible. We have invested quite some time > > > into analysing the problem and now need to urgently care for other > > > OpenVAS-realated things. > > > > > > So, in lack of time, I offer to pay 300 Euro for ultimately resolving > > > the bug. > > > > > > Best > > > > > > Jan > > > > > > > > > [1] http://bugs.openvas.com/779 -- Dr. Jan-Oliver Wagner | ++49-541-335 08 30 | http://www.intevation.de/ Intevation GmbH, Neuer Graben 17, 49074 Osnabr?ck | AG Osnabr?ck, HR B 18998 Gesch?ftsf?hrer: Frank Koormann, Bernhard Reiter, Dr. Jan-Oliver Wagner From Jan-Oliver.Wagner at greenbone.net Wed May 27 14:16:04 2009 From: Jan-Oliver.Wagner at greenbone.net (Jan-Oliver Wagner) Date: Wed, 27 May 2009 14:16:04 +0200 Subject: [Openvas-devel] [Openvas-commits] r3491 - in trunk/openvas-libraries: . libopenvas In-Reply-To: <20090527113304.C0F41D6308@pyrosoma.intevation.org> References: <20090527113304.C0F41D6308@pyrosoma.intevation.org> Message-ID: <200905271416.07923.Jan-Oliver.Wagner@greenbone.net> Hello Laban, On Mittwoch, 27. Mai 2009, scm-commit at wald.intevation.org wrote: > Author: lmwangi > Date: 2009-05-27 13:33:03 +0200 (Wed, 27 May 2009) > New Revision: 3491 > > Added: > trunk/openvas-libraries/libopenvas/openvas_logging.c > trunk/openvas-libraries/libopenvas/openvas_logging.h > Modified: > trunk/openvas-libraries/ChangeLog > trunk/openvas-libraries/MANIFEST > trunk/openvas-libraries/Makefile > trunk/openvas-libraries/libopenvas/Makefile > trunk/openvas-libraries/openvas-libraries.tmpl.in > Log: > Adding logging to openvas-libraries. Ref: CR 29 while it looks like general agreement on this feature, the process should be to call for a vote for the CR, wait for feedback, update the CR and then do the commits. Best Jan -- Dr. Jan-Oliver Wagner | ++49-541-335084-0 | http://www.greenbone.net/ Greenbone Networks GmbH, Neuer Graben 17, 49074 Osnabr?ck | AG Osnabr?ck, HR B 202460 Gesch?ftsf?hrer: Lukas Grunwald, Dr. Jan-Oliver Wagner From michael.wiegand at intevation.de Thu May 28 15:15:53 2009 From: michael.wiegand at intevation.de (Michael Wiegand) Date: Thu, 28 May 2009 15:15:53 +0200 Subject: [Openvas-devel] Planning openvas-server 2.0.2 release Message-ID: <20090528131552.GJ26666@intevation.de> Hello, I would like to schedule the release of openvas-server 2.0.2 for Wednesday, June 3rd. There have been quite a number of bugfixes and changes in openvas-server to justify a new release IMHO. The changes include: - silent_dependencies now defaults to "no" - Improved ovaldi support - Support for per-host password based local checks - Improved searching for dependencies - Warnings when a nasl script could not be cached - Obsolete user plugins directory is no longer created - Debian packaging has been updated - openvas-adduser will no longer allow plaintext password files If you want to help with the release, I would very much appreciate feedback on the changes mentioned above. If you spot bugs or would like to commit your changes before the release, please let me know. Regards, Michael -- Michael Wiegand | OpenPGP: D7D049EC | Intevation GmbH - www.intevation.de Neuer Graben 17, 49074 Osnabr?ck, Germany | AG Osnabr?ck, HR B 18998 Gesch?ftsf?hrer: Frank Koormann, Bernhard Reiter, Dr. Jan-Oliver Wagner -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 198 bytes Desc: not available Url : http://lists.wald.intevation.org/pipermail/openvas-devel/attachments/20090528/d42c0c3f/attachment.pgp From michael.wiegand at intevation.de Thu May 28 15:27:59 2009 From: michael.wiegand at intevation.de (Michael Wiegand) Date: Thu, 28 May 2009 15:27:59 +0200 Subject: [Openvas-devel] Planning openvas-client 2.0.4 release Message-ID: <20090528132759.GK26666@intevation.de> Hello, I would like to schedule the release of openvas-client 2.0.4 for Friday, June 5th. There have been quite a number of bugfixes and changes in openvas-client to justify a new release IMHO. The changes include: - A buildcheck target has been added to the Makefile to (hopefully) improve release quality - Message display now uses timestamps - The progress bar in the scan monitor has been repaired :) - Improved LSC Credentials Manager If you want to help with the release, I would very much appreciate feedback on the changes mentioned above. If you spot bugs or would like to commit your changes before the release, please let me know. Regards, Michael -- Michael Wiegand | OpenPGP: D7D049EC | Intevation GmbH - www.intevation.de Neuer Graben 17, 49074 Osnabr?ck, Germany | AG Osnabr?ck, HR B 18998 Gesch?ftsf?hrer: Frank Koormann, Bernhard Reiter, Dr. Jan-Oliver Wagner -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 198 bytes Desc: not available Url : http://lists.wald.intevation.org/pipermail/openvas-devel/attachments/20090528/bca1ac8e/attachment.pgp From Jan-Oliver.Wagner at greenbone.net Thu May 28 17:05:37 2009 From: Jan-Oliver.Wagner at greenbone.net (Jan-Oliver Wagner) Date: Thu, 28 May 2009 17:05:37 +0200 Subject: [Openvas-devel] Planning openvas-client 2.0.4 release In-Reply-To: <20090528132759.GK26666@intevation.de> References: <20090528132759.GK26666@intevation.de> Message-ID: <200905281705.46302.Jan-Oliver.Wagner@greenbone.net> On Donnerstag, 28. Mai 2009, Michael Wiegand wrote: > If you want to help with the release, I would very much appreciate > feedback on the changes mentioned above. If you spot bugs or would like > to commit your changes before the release, please let me know. Not to forget: Translators welcome! :-) Best Jan -- Dr. Jan-Oliver Wagner | ++49-541-335084-0 | http://www.greenbone.net/ Greenbone Networks GmbH, Neuer Graben 17, 49074 Osnabr?ck | AG Osnabr?ck, HR B 202460 Gesch?ftsf?hrer: Lukas Grunwald, Dr. Jan-Oliver Wagner From Jan-Oliver.Wagner at greenbone.net Thu May 28 20:12:35 2009 From: Jan-Oliver.Wagner at greenbone.net (Jan-Oliver Wagner) Date: Thu, 28 May 2009 20:12:35 +0200 Subject: [Openvas-devel] Planning openvas-server 2.0.2 release In-Reply-To: <20090528131552.GJ26666@intevation.de> References: <20090528131552.GJ26666@intevation.de> Message-ID: <200905282012.35414.Jan-Oliver.Wagner@greenbone.net> On Thursday 28 May 2009 15:15:53 Michael Wiegand wrote: > I would like to schedule the release of openvas-server 2.0.2 for > Wednesday, June 3rd. the idea is to then branch 2-0 and open trunk for 2.1-series. The 2.1 openvas-server should cover the Feed Sync script and the C-Plugin (as long as they are needed) in order to have no need of the openvas-plugins module anymore. Also I could imagine to have 2.1 drop the broken-by-design I18N support we inherited from Nessus. There is quite some work on cleaning the NVTs at the moment :-) Best Jan -- Dr. Jan-Oliver Wagner | ++49-541-335084-0 | http://www.greenbone.net/ Greenbone Networks GmbH, Neuer Graben 17, 49074 Osnabr?ck AG Osnabr?ck, HR B 202460 | Gesch?ftsf?hrer: Lukas Grunwald, Dr. Jan-Oliver Wagner From jan-oliver.wagner at intevation.de Thu May 28 20:15:50 2009 From: jan-oliver.wagner at intevation.de (Jan-Oliver Wagner) Date: Thu, 28 May 2009 20:15:50 +0200 Subject: [Openvas-devel] Planning openvas-client 2.0.4 release In-Reply-To: <20090528132759.GK26666@intevation.de> References: <20090528132759.GK26666@intevation.de> Message-ID: <200905282015.50938.jan-oliver.wagner@intevation.de> On Thursday 28 May 2009 15:27:59 Michael Wiegand wrote: > I would like to schedule the release of openvas-client 2.0.4 for > Friday, June 5th. the idea is to then branch 2-0 and open trunk for 2.1-series. Important changes for 2.1 series would be * create dependency to openvas-libraries * and thus remove all the copies of source code files * replace OpenSSL by GNU/TLS * and thus finally get to a cross-compiled Windows-Version. * add support for OMP * and thus allow to use the new openvas-manager. Best Jan -- Dr. Jan-Oliver Wagner | ++49-541-335 08 30 | http://www.intevation.de/ Intevation GmbH, Neuer Graben 17, 49074 Osnabr?ck | AG Osnabr?ck, HR B 18998 Gesch?ftsf?hrer: Frank Koormann, Bernhard Reiter, Dr. Jan-Oliver Wagner From bogus@does.not.exist.com Fri May 8 15:46:10 2009 From: bogus@does.not.exist.com () Date: Fri, 08 May 2009 13:46:10 -0000 Subject: No subject Message-ID: g_option_context_set_summary g_option_context_set_description may be useful, to improve the help message.