[Openvas-discuss] ID/OID scheme for OpenVAS NASL scripts?
jan-oliver.wagner at intevation.de
Thu Jan 24 15:40:00 CET 2008
On Montag, 7. Januar 2008, Lmwangi wrote:
> On Jan 3, 2008 11:47 PM, Bernhard Herzog <bh at intevation.de> wrote:
> > On Thursday 03 January 2008 12:00, Jan-Oliver Wagner wrote:
> > Sounds good in principle. I wonder, though, whether there should be
> > additional intermediate levels of OIDs and a way to simply map the old
> > nessus
> > plugin ID to an OID during a transition phase:
> > ...25623.1 = OpenVAS.NASL
> > ...25623.1.1 = OpenVAS.NASL.legacy
> > ...256126.96.36.199 = OpenVAS.NASL.legacy.123 (old nessus ID 123 as OID)
> > ...25623.1.2 = OpenVAS.NASL.libraries
> > ...25623.1.3 = OpenVAS.NASL.DSA
> > ...25623.2 = OpenVAS.SomeOtherPluginSpace
> > ...
> > This would leave the OID space a little cleaner if we ever need OIDs for
> > other
> > purposes such as LDAP attributes.
> > Maybe we should create the ID based on the OID in the suggested manner
> with a few enhancements..:)
> Legacy : ...256188.8.131.52 = OpenVAS.NASL.legacy.123 (old nessus ID 123
> as OID)
> New IDs: ...256184.108.40.206 = OpenVAS.OSVDB.123 (OSVDB vulnerability 123)
> ...256220.127.116.11 = OpenVAS.CVE.123 (CVE vulnerability 123)
so far no use case comes to my mind where this would be needed,
but of course the good thing is we are open to add this whenever
> And also reserve an OID branch to SNMP (Appliances use)
The good thing about the OIDs is that we do not need to 'reserve' :-)
We just add when needed.
The only things we have to take care of is to have sufficient depth.
Dr. Jan-Oliver Wagner Intevation GmbH, Osnabrück
Amtsgericht Osnabrück, HR B 18998 http://www.intevation.de/
Geschäftsführer: Frank Koormann, Bernhard Reiter, Dr. Jan-Oliver Wagner
More information about the Openvas-discuss