[Openvas-devel] Get rid of old services concept
Jan-Oliver.Wagner at greenbone.net
Sun Sep 6 11:06:18 CEST 2009
I looked at the code/concept we inherited from Nessus
regarding services handling (modules openvas-libraries/misc/services*).
To me it looks like multiple broken concept.
What I understand so far is:
* /etc/services is used through the standard glibc API
* in openvas-server there is a openvas-services file
that may work as an alternative to the system wide
* nmap knows even more about services.
(I might be wrong here, so please comment, discuss)
* My guess is that the nessus authors believed
the system wide file is not always enough up-to-date.
With their own file they unlink dependency to OS version
and introduce dependency link to Scanner version.
This leads to the problem that in several cases, people
may use even older services data because they use
an old scanner on a new OS.
They might also have had the intention to make
the scanner run on Windows eventually.
* It is questionalbel whether it makes sense at all
to maintain services database on out own at all.
In case we would do it, the only sensible way
is to distribute it over the feed so it is always
* What we might really want is to share effords
with the nmap people. Distributuing the newes
data via the feed remains still an option here.
What to do?
IMHO, we should drop the whole services code
stuff and use the glibc API using a thin layer
that allows us to go for a nmap database
distributed via feed.
You opinions welcome!
Dr. Jan-Oliver Wagner | ++49-541-335084-0 | http://www.greenbone.net/
Greenbone Networks GmbH, Neuer Graben 17, 49074 Osnabrück
AG Osnabrück, HR B 202460 | Geschäftsführer: Lukas Grunwald, Dr. Jan-Oliver Wagner
More information about the Openvas-devel