[openvas-discuss] Session Management Proposal/Plugins

Janos Szatmary jszatmary at idealogica.com
Thu Dec 22 15:14:19 CET 2005 

Jan,

I see. If the consensus is that server session management is not worth while
then so be it. I just felt it would be an easy fix, and may be useful to
some. The only features I think it provides now are the ability to resume
aborted/failed/crashed scans, and the central storage of "sessions." Some
penetration testers may use different systems to run scans, and may not have
access to anything besides a Nessus server interface (thus the inability to
store in a database.)

John

-----Original Message-----
From: openvas-discuss-bounces at openvas.org
[mailto:openvas-discuss-bounces at openvas.org] On Behalf Of Jan-Oliver Wagner
Sent: Thursday, December 22, 2005 5:19 AM
To: openvas-discuss at openvas.org
Subject: Re: [openvas-discuss] Session Management Proposal/Plugins

Hi,

On Wed, Dec 21, 2005 at 05:16:40PM -0500, Janos Szatmary wrote:
> As an immediate improvement to the OpenVAS server, perhaps a modification
in session management would be in order. Currently, the session management
does not store the plugins and preferences that were selected when the
session started (correct me if I am wrong.) As a result, server based
session management is almost useless. 
> 
> I propose the addition of code to save the client provided preferences
(which would include the plugins list) and replay those preferences when the
session is restored. This would greatly improve the session management
function. It's a relatively minor initial change and I would like to
volunteer for the effort (to be completed sometime in the near future.) 

A year ago when we did the first improvements to Nessus GTK client, I
was troubled with the server side session management.
I came to the conclucsion that it is not a good idea to have server side
session management. Maybe it was invented because the client was not
capable of a real management. Well, the new NessusClient is ;-)

To be honest, I think the best idea it to remove the whole code for
server side session management to make the daemon lighter.
If you really desire a server side management, then better write another
daemon that acts as a client to the nessus daemon and as a server to
the simple client GUI (perhaps even web-based).
[ This is all about separated task-oriented components which I am a fan of!
]

Personally I prefer the richt client (I do not switch my working
environement a lot, so I have always all in place).

> With regards to plugins, I think there's a need to create a list of
plugins that are essential for OpenVAS that cannot be obtained from open
sources. I would be willing to try to rewrite some, especially web based
ones, once the list is complete and ordered. 

Have you seen my recent announcement to have a "OpenVAS DevCon 1" with
the main topic of creating the Free Software Plugin database?
It would be great if you could join!

Best

	Jan
-- 
Jan-Oliver Wagner: www.intevation.de/~jan  | GISpatcher: www.gispatcher.de
Kolab Konsortium : www.kolab-konsortium.de | Thuban    :
thuban.intevation.org
Intevation GmbH  : www.intevation.de       | Kolab     : www.kolab.org
FreeGIS          : www.freegis.org         | GAV       : www.grass-verein.de
_______________________________________________
openvas-discuss mailing list
openvas-discuss at openvas.org
http://www.openvas.org/mailman/listinfo.cgi/openvas-discuss

More information about the Openvas-discuss mailing list