From michael.wiegand at intevation.de Mon Sep 1 09:16:32 2008 From: michael.wiegand at intevation.de (Michael Wiegand) Date: Mon, 1 Sep 2008 09:16:32 +0200 Subject: [Openvas-discuss] OpenVAS-Client returns segmentation Fault In-Reply-To: References: Message-ID: <200809010916.32333.michael.wiegand@intevation.de> > I am using OpenVAS-Client 1.0.3 under Fedora 8 and I get 'Segmentation > fault' when I try to execute it on the terminal under batch mode. I'm sorry to hear that. There are some bugs in 1.0.3 which could lead to a segmentation fault, but I would have to know more about the circumstances of the crash to help you with that. It is very likely that the bug you are experiencing is fixed in the latest Version of OpenVAS-Client (1.0.4). Could you test your setup with 1.0.4 and let us know if this solves your issue? Thank you! Regards, Michael -- Michael Wiegand OpenPGP key: D7D049EC Intevation GmbH, Osnabr?ck http://www.intevation.de/ Amtsgericht Osnabr?ck, HR B 18998 Gesch?ftsf?hrer: Frank Koormann, Bernhard Reiter, Dr. Jan-Oliver Wagner From jan-oliver.wagner at intevation.de Mon Sep 1 16:31:53 2008 From: jan-oliver.wagner at intevation.de (Jan-Oliver Wagner) Date: Mon, 1 Sep 2008 16:31:53 +0200 Subject: [Openvas-discuss] Next Tier for the OpenVAS feed: join with OSSIM/AlienVault In-Reply-To: <200808291606.17809.jan-oliver.wagner@intevation.de> References: <200808221538.53802.jan-oliver.wagner@intevation.de> <200808291606.17809.jan-oliver.wagner@intevation.de> Message-ID: <200809011631.55914.jan-oliver.wagner@intevation.de> On Freitag, 29. August 2008, Jan-Oliver Wagner wrote: > On Freitag, 22. August 2008, Jan-Oliver Wagner wrote: > > IMHO, there is no reason why OpenVAS NVT feed shouldn't be changed/extended > > in its contents/mission in order to suffice the needs of the OSSIM users. > > Basically this would mean to simply add any available .nasl script that is committed > > to openvas-plugins (all the SecPod scripts arrived in openvas-plugins trunk > > already today - thanks to Chandra). > > The mission of the OpenVAS NVT Feed would then be changed to something like > > "Newest NVTs from Developer Team's Repository". > > > > There are some smaller issues that would need to be discussed (like > > clever structuring of families, OIDs and so on). > > In fact I do not see any major blocker why we shouldn't start this right away. > > Quite the opposite - (even slightly) diverging ?feed contents, would cause > > a lot of headache over time when trying to understand/discuss with other some > > scanning ?results. > > > > Opinions welcome. > > if no concerns are expressed, I will do this change as proposed. > Of course we'd need to announce this prior to the change on openvas-announce. here is my draft on this: OpenVAS NVT Feed Change: Extended to Serve Maximum Available Dear OpenVAS users, the OpenVAS team plans to extend the current OpenVAS Feed quite drastically compared to the current coverage [1]. Anyone who configured a OpenVAS Server to use the OpenVAS NVT Feed should read this announcement carefully. Currently, the OpenVAS Feed is limited to 100% supported families. In fact this is just the Debian Local Security Checks. Thanks to various contributors, the base of NVTs has grown a lot and is continously improved. Occasional updates of the module "openvas-plugins" are not sufficient anymore to be reasonably up-to-date. Therefore, the OpenVAS Team will accordingly change the policy of the OpenVAS NVT Feed on Wednesday, September 10th 2008 There is no change required on your installation. After the change of the feed, your next synchronisation will retrieve a lot of more new NASL and INC files than before. Also, for each NASL and INC file, a signature file will be transfered. This means, that now all of the NVTs managed in the OpenVAS source code repository are accompanied with a signature for transfer integrity, not just the Debian Local Security Check NVTs. In case you have configured OpenVAS server to only execute signed NVTs, with the feed change any NVT which is available in the OpenVAS source code repository will be executed. Reminder: The applied signatures only guarantees an unmodified transfer from the OpenVAS Feed service to your OpenVAS Server installation. The signature does not express a quality measure of any kind! Please send your comments or questions to the OpenVAS discussion mailing list[2]. Best regards Jan-Oliver Wagner [1] http://www.openvas.org/openvas-nvt-feed.html [2] http://lists.wald.intevation.org/mailman/listinfo/openvas-discuss -- Dr. Jan-Oliver Wagner Intevation GmbH, Osnabr?ck Amtsgericht Osnabr?ck, HR B 18998 http://www.intevation.de/ Gesch?ftsf?hrer: Frank Koormann, Bernhard Reiter, Dr. Jan-Oliver Wagner From phornung at gmail.com Tue Sep 2 02:55:59 2008 From: phornung at gmail.com (Patrick Hornung) Date: Mon, 1 Sep 2008 20:55:59 -0400 Subject: [Openvas-discuss] OpenVAS VMware appliance - very basic version In-Reply-To: <200808312101.11710.jan-oliver.wagner@intevation.de> References: <9587e64c0808271930v4b2f195dt3aac6e4472660c58@mail.gmail.com> <9587e64c0808302008q18255937nc9b07cbe5a095eb9@mail.gmail.com> <200808312101.11710.jan-oliver.wagner@intevation.de> Message-ID: <9587e64c0809011755s38760a0fga42b37ed0e1afeb7@mail.gmail.com> Got it! I had to add the following to the end of the nessus/cflags file: -I/usr/include/glib-2.0 -I/usr/lib/glib-2.0/include That makes the file (as a whole) like this: echo "-Wall -I. -I/root/openvas-client-1.0.4/include -DNESSUS_DOCDIR=\"//usr/local/share/doc/openvas-manual\" -I/usr/include/openssl -DHAVE_CONFIG_H -DHAVE_GNU_GETTEXT -DLOCALEDIR=\"/usr/local/share/locale\" -DPACKAGE=\"OpenVAS-Client\" -I. -I/root/openvas-client-1.0.4/include -I../src/gui -Igdchart0.94b -Igdchart0.94b/gd1.3 -I/usr/include/glib-2.0 -I/usr/lib/glib-2.0/include" It applies to installing on Debian Etch. On Sun, Aug 31, 2008 at 3:01 PM, Jan-Oliver Wagner < jan-oliver.wagner at intevation.de> wrote: > On Sunday 31 August 2008 05:08, Patrick Hornung wrote: > > osva:~/openvas-client-1.0.4# pkg-config --cflags glib-2.0 > > -I/usr/include/glib-2.0 -I/usr/lib/glib-2.0/include > > > > Seems awfully reproducible in Debian Etch, but something is certainly not > > right. Any ideas? > > is glib.h in one of the above directories? > > Next, config.log created during configure of OpenVAS-Client might > contain some helpful information. > > Best > > Jan > -- > Dr. Jan-Oliver Wagner Intevation GmbH > Amtsgericht Osnabr?ck, HR B 18998 http://www.intevation.de/ > Gesch?ftsf?hrer: Frank Koormann, Bernhard Reiter, Dr. Jan-Oliver Wagner > _______________________________________________ > Openvas-discuss mailing list > Openvas-discuss at wald.intevation.org > http://lists.wald.intevation.org/mailman/listinfo/openvas-discuss > -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.wald.intevation.org/pipermail/openvas-discuss/attachments/20080901/defb511c/attachment.htm From phornung at gmail.com Thu Sep 4 05:46:22 2008 From: phornung at gmail.com (Patrick Hornung) Date: Wed, 3 Sep 2008 23:46:22 -0400 Subject: [Openvas-discuss] OpenVAS VMware appliance - version 1.0 released Message-ID: <9587e64c0809032046q1cf4cb75se4635e5bfee2ae48@mail.gmail.com> Ok, now I have a new release of this virtual machine without some of the headaches of the former. Since it's completely automatic and working, I'm calling it OpenVAS Virtual Machine 1.0! (Let me know if this is a problem - I'll gladly rename it if necessary) - The virtual machine boots and displays IP information for the user to connect with. No need to ever login to linux! (Also means it's more user-friendly to non-linux people) - Automatically updates itself based on the openvas-nvt-sync every boot How to use: 1. Download the zip file below. 2. Extract the file. 3. Open the virtual machine using VMware Player or Server. 4. When asked whether to create a new identifier or keep the old one, choose to keep the old one. Alternatively, it may ask if you copied or moved the virtual machine, choose moved. 5. Once the virtual machine boots, it will be accessible via DHCP and display its IP information on the console. 6. Connect using your OpenVAS client to the IP address shown above, on port 1241, with username 'openvas' and password 'openvas'. 7. Scan your network as necessary. If anyone finds any problems or bugs, I'll do my best to support them. http://sourceforge.net/project/showfiles.php?group_id=238477&package_id=290162&release_id=623989 Cheers! P.S. I'm still working on my appliance with a web-based frontend. I should have it released by Monday. P.P.S If anyone's a wizard with Live CDs and would like to point me in the right direction on making an OpenVAS LiveCD, let me know. That'll be my next focus. On Mon, Sep 1, 2008 at 8:55 PM, Patrick Hornung wrote: > Got it! > > I had to add the following to the end of the nessus/cflags file: > -I/usr/include/glib-2.0 -I/usr/lib/glib-2.0/include > > That makes the file (as a whole) like this: > echo "-Wall -I. -I/root/openvas-client-1.0.4/include > -DNESSUS_DOCDIR=\"//usr/local/share/doc/openvas-manual\" > -I/usr/include/openssl -DHAVE_CONFIG_H -DHAVE_GNU_GETTEXT > -DLOCALEDIR=\"/usr/local/share/locale\" -DPACKAGE=\"OpenVAS-Client\" -I. > -I/root/openvas-client-1.0.4/include -I../src/gui -Igdchart0.94b > -Igdchart0.94b/gd1.3 -I/usr/include/glib-2.0 -I/usr/lib/glib-2.0/include" > > It applies to installing on Debian Etch. > > On Sun, Aug 31, 2008 at 3:01 PM, Jan-Oliver Wagner < > jan-oliver.wagner at intevation.de> wrote: > >> On Sunday 31 August 2008 05:08, Patrick Hornung wrote: >> > osva:~/openvas-client-1.0.4# pkg-config --cflags glib-2.0 >> > -I/usr/include/glib-2.0 -I/usr/lib/glib-2.0/include >> > >> > Seems awfully reproducible in Debian Etch, but something is certainly >> not >> > right. Any ideas? >> >> is glib.h in one of the above directories? >> >> Next, config.log created during configure of OpenVAS-Client might >> contain some helpful information. >> >> Best >> >> Jan >> -- >> Dr. Jan-Oliver Wagner Intevation GmbH >> Amtsgericht Osnabr?ck, HR B 18998 http://www.intevation.de/ >> Gesch?ftsf?hrer: Frank Koormann, Bernhard Reiter, Dr. Jan-Oliver Wagner >> _______________________________________________ >> Openvas-discuss mailing list >> Openvas-discuss at wald.intevation.org >> http://lists.wald.intevation.org/mailman/listinfo/openvas-discuss >> > > -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.wald.intevation.org/pipermail/openvas-discuss/attachments/20080903/decc5aba/attachment.htm From jan-oliver.wagner at intevation.de Thu Sep 4 11:08:18 2008 From: jan-oliver.wagner at intevation.de (Jan-Oliver Wagner) Date: Thu, 4 Sep 2008 11:08:18 +0200 Subject: [Openvas-discuss] OpenVAS VMware appliance - version 1.0 released In-Reply-To: <9587e64c0809032046q1cf4cb75se4635e5bfee2ae48@mail.gmail.com> References: <9587e64c0809032046q1cf4cb75se4635e5bfee2ae48@mail.gmail.com> Message-ID: <200809041108.20206.jan-oliver.wagner@intevation.de> On Donnerstag, 4. September 2008, Patrick Hornung wrote: > P.S. I'm still working on my appliance with a web-based frontend. ?I should > have it released by Monday. Is there any relationsship or overlap with OSSIM? Best Jan -- Dr. Jan-Oliver Wagner Intevation GmbH, Osnabr?ck Amtsgericht Osnabr?ck, HR B 18998 http://www.intevation.de/ Gesch?ftsf?hrer: Frank Koormann, Bernhard Reiter, Dr. Jan-Oliver Wagner From kost at linux.hr Thu Sep 4 12:03:51 2008 From: kost at linux.hr (Vlatko Kosturjak) Date: Thu, 04 Sep 2008 12:03:51 +0200 Subject: [Openvas-discuss] OpenVAS VMware appliance - version 1.0 released In-Reply-To: <9587e64c0809032046q1cf4cb75se4635e5bfee2ae48@mail.gmail.com> References: <9587e64c0809032046q1cf4cb75se4635e5bfee2ae48@mail.gmail.com> Message-ID: <48BFB287.9000805@linux.hr> Hello Patrick! I have few ideas in order to extend your vmware image. I would suggest you to install following aditional sofware in order for openvas to be fully utilized with all available scripts (if not already installed): - integrated tools mentioned on http://www.openvas.org/integrated-tools.html (mainly: nmap, SLAD, nikto) - and also integrated tools which use some of NASL scripts: hydra, sort, smbclient, snmpwalk, ike-scan, pnscan, amap, portbunny, ldapsearch Anyway, maybe it's time to update mentioned web page: http://www.openvas.org/integrated-tools.html Patrick Hornung wrote: > Ok, now I have a new release of this virtual machine without some of the > headaches of the former. Since it's completely automatic and working, > I'm calling it OpenVAS Virtual Machine 1.0! > (Let me know if this is a problem - I'll gladly rename it if necessary) > > * The virtual machine boots and displays IP information for the user > to connect with. No need to ever login to linux! (Also means > it's more user-friendly to non-linux people) > * Automatically updates itself based on the openvas-nvt-sync every boot > > How to use: > > 1. Download the zip file below. > 2. Extract the file. > 3. Open the virtual machine using VMware Player or Server. > 4. When asked whether to create a new identifier or keep the old one, > choose to keep the old one. Alternatively, it may ask if you > copied or moved the virtual machine, choose moved. > 5. Once the virtual machine boots, it will be accessible via DHCP and > display its IP information on the console. > 6. Connect using your OpenVAS client to the IP address shown above, > on port 1241, with username 'openvas' and password 'openvas'. > 7. Scan your network as necessary. > > If anyone finds any problems or bugs, I'll do my best to support them. > http://sourceforge.net/project/showfiles.php?group_id=238477&package_id=290162&release_id=623989 > > > Cheers! > > P.S. I'm still working on my appliance with a web-based frontend. I > should have it released by Monday. > P.P.S If anyone's a wizard with Live CDs and would like to point me in > the right direction on making an OpenVAS LiveCD, let me know. That'll > be my next focus. > > On Mon, Sep 1, 2008 at 8:55 PM, Patrick Hornung > wrote: > > Got it! > > I had to add the following to the end of the nessus/cflags file: > > -I/usr/include/glib-2.0 -I/usr/lib/glib-2.0/include > > That makes the file (as a whole) like this: > echo "-Wall -I. -I/root/openvas-client-1.0.4/include > -DNESSUS_DOCDIR=\"//usr/local/share/doc/openvas-manual\" > -I/usr/include/openssl -DHAVE_CONFIG_H -DHAVE_GNU_GETTEXT > -DLOCALEDIR=\"/usr/local/share/locale\" -DPACKAGE=\"OpenVAS-Client\" > -I. -I/root/openvas-client-1.0.4/include -I../src/gui > -Igdchart0.94b -Igdchart0.94b/gd1.3 -I/usr/include/glib-2.0 > -I/usr/lib/glib-2.0/include" > > It applies to installing on Debian Etch. > > On Sun, Aug 31, 2008 at 3:01 PM, Jan-Oliver Wagner > > wrote: > > On Sunday 31 August 2008 05:08, Patrick Hornung wrote: > > osva:~/openvas-client-1.0.4# pkg-config --cflags glib-2.0 > > -I/usr/include/glib-2.0 -I/usr/lib/glib-2.0/include > > > > Seems awfully reproducible in Debian Etch, but something is > certainly not > > right. Any ideas? > > is glib.h in one of the above directories? > > Next, config.log created during configure of OpenVAS-Client might > contain some helpful information. > > Best > > Jan > -- > Dr. Jan-Oliver Wagner > Intevation GmbH > Amtsgericht Osnabr?ck, HR B 18998 > http://www.intevation.de/ > Gesch?ftsf?hrer: Frank Koormann, Bernhard Reiter, Dr. Jan-Oliver > Wagner > _______________________________________________ > Openvas-discuss mailing list > Openvas-discuss at wald.intevation.org > > http://lists.wald.intevation.org/mailman/listinfo/openvas-discuss > > > > > ------------------------------------------------------------------------ > > _______________________________________________ > Openvas-discuss mailing list > Openvas-discuss at wald.intevation.org > http://lists.wald.intevation.org/mailman/listinfo/openvas-discuss From kost at linux.hr Thu Sep 4 12:05:31 2008 From: kost at linux.hr (Vlatko Kosturjak) Date: Thu, 04 Sep 2008 12:05:31 +0200 Subject: [Openvas-discuss] OpenVAS VMware appliance - version 1.0 released In-Reply-To: <200809041108.20206.jan-oliver.wagner@intevation.de> References: <9587e64c0809032046q1cf4cb75se4635e5bfee2ae48@mail.gmail.com> <200809041108.20206.jan-oliver.wagner@intevation.de> Message-ID: <48BFB2EB.3060705@linux.hr> I would say there is overlap with nessus/openvas only. OSSIM is lot more than vuln scan appliance image, they have network monitoring like cacti, and smokeping. They have also nagios and lot of other software for system management. Jan-Oliver Wagner wrote: > On Donnerstag, 4. September 2008, Patrick Hornung wrote: >> P.S. I'm still working on my appliance with a web-based frontend. I should >> have it released by Monday. > > Is there any relationsship or overlap with OSSIM? > > Best > > Jan > From c_edjenguele at yahoo.it Thu Sep 4 13:13:09 2008 From: c_edjenguele at yahoo.it (Christian Eric EDJENGUELE) Date: Thu, 4 Sep 2008 11:13:09 +0000 (GMT) Subject: [Openvas-discuss] OpenVAS VMware appliance - version 1.0 Message-ID: <705532.46129.qm@web26007.mail.ukl.yahoo.com> Great, this vm?is very useful, especially to test scripts on windows machine. ?=== Christian Eric Edjenguele IT Security Software Developer & Researcher tel. +39 3408580513 View my linkedin profile: http://www.linkedin.com/in/edjenguele My blog: http://www.edjenguele.blogspot.com --- Management, Developers, Security Professionals ? can only result in one thing?? better security. http://www.owasp.org/index.php/OWASP_NYC_AppSec_2008_Conference Sept 22nd-25th 2008 ----- Messaggio originale ----- Da: "openvas-discuss-request at wald.intevation.org" A: openvas-discuss at wald.intevation.org Inviato: Gioved? 4 settembre 2008, 12:00:05 Oggetto: Openvas-discuss Digest, Vol 20, Issue 3 Send Openvas-discuss mailing list submissions to ??? openvas-discuss at wald.intevation.org To subscribe or unsubscribe via the World Wide Web, visit ??? http://lists.wald.intevation.org/mailman/listinfo/openvas-discuss or, via email, send a message with subject or body 'help' to ??? openvas-discuss-request at wald.intevation.org You can reach the person managing the list at ??? openvas-discuss-owner at wald.intevation.org When replying, please edit your Subject line so it is more specific than "Re: Contents of Openvas-discuss digest..." Today's Topics: ? 1. Re: OpenVAS VMware appliance - version 1.0??? released ? ? ? (Patrick Hornung) ? 2. Re: OpenVAS VMware appliance - version 1.0??? released ? ? ? (Jan-Oliver Wagner) ---------------------------------------------------------------------- Message: 1 Date: Wed, 3 Sep 2008 23:46:22 -0400 From: "Patrick Hornung" Subject: Re: [Openvas-discuss] OpenVAS VMware appliance - version 1.0 ??? released To: openvas-discuss at wald.intevation.org Message-ID: ??? <9587e64c0809032046q1cf4cb75se4635e5bfee2ae48 at mail.gmail.com> Content-Type: text/plain; charset="iso-8859-1" Ok, now I have a new release of this virtual machine without some of the headaches of the former.? Since it's completely automatic and working, I'm calling it OpenVAS Virtual Machine 1.0! (Let me know if this is a problem -? I'll gladly rename it if necessary) ? - The virtual machine boots and displays IP information for the user to ? connect with.? No need to ever login to linux!? (Also means it's more ? user-friendly to non-linux people) ? - Automatically updates itself based on the openvas-nvt-sync every boot How to use: ? 1. Download the zip file below. ? 2. Extract the file. ? 3. Open the virtual machine using VMware Player or Server. ? 4. When asked whether to create a new identifier or keep the old one, ? choose to keep the old one.? Alternatively, it may ask if you copied or ? moved the virtual machine, choose moved. ? 5. Once the virtual machine boots, it will be accessible via DHCP and ? display its IP information on the console. ? 6. Connect using your OpenVAS client to the IP address shown above, on ? port 1241, with username 'openvas' and password 'openvas'. ? 7. Scan your network as necessary. If anyone finds any problems or bugs, I'll do my best to support them. http://sourceforge.net/project/showfiles.php?group_id=238477&package_id=290162&release_id=623989 Cheers! P.S. I'm still working on my appliance with a web-based frontend.? I should have it released by Monday. P.P.S If anyone's a wizard with Live CDs and would like to point me in the right direction on making an OpenVAS LiveCD, let me know.? That'll be my next focus. On Mon, Sep 1, 2008 at 8:55 PM, Patrick Hornung wrote: > Got it! > > I had to add the following to the end of the nessus/cflags file: > -I/usr/include/glib-2.0 -I/usr/lib/glib-2.0/include > > That makes the file (as a whole) like this: > echo "-Wall -I. -I/root/openvas-client-1.0.4/include > -DNESSUS_DOCDIR=\"//usr/local/share/doc/openvas-manual\" > -I/usr/include/openssl -DHAVE_CONFIG_H? -DHAVE_GNU_GETTEXT > -DLOCALEDIR=\"/usr/local/share/locale\" -DPACKAGE=\"OpenVAS-Client\" -I. > -I/root/openvas-client-1.0.4/include? ? -I../src/gui -Igdchart0.94b > -Igdchart0.94b/gd1.3 -I/usr/include/glib-2.0 -I/usr/lib/glib-2.0/include" > > It applies to installing on Debian Etch. > > On Sun, Aug 31, 2008 at 3:01 PM, Jan-Oliver Wagner < > jan-oliver.wagner at intevation.de> wrote: > >> On Sunday 31 August 2008 05:08, Patrick Hornung wrote: >> > osva:~/openvas-client-1.0.4# pkg-config --cflags glib-2.0 >> > -I/usr/include/glib-2.0 -I/usr/lib/glib-2.0/include >> > >> > Seems awfully reproducible in Debian Etch, but something is certainly >> not >> > right.? Any ideas? >> >> is glib.h in one of the above directories? >> >> Next, config.log created during configure of OpenVAS-Client might >> contain some helpful information. >> >> Best >> >>? ? ? ? Jan >> -- >> Dr. Jan-Oliver Wagner? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? Intevation GmbH >> Amtsgericht Osnabr?ck, HR B 18998? ? ? ? ? ? http://www.intevation.de/ >> Gesch?ftsf?hrer: Frank Koormann, Bernhard Reiter, Dr. Jan-Oliver Wagner >> _______________________________________________ >> Openvas-discuss mailing list >> Openvas-discuss at wald.intevation.org >> http://lists.wald.intevation.org/mailman/listinfo/openvas-discuss >> > > -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.wald.intevation.org/pipermail/openvas-discuss/attachments/20080903/decc5aba/attachment.html ------------------------------ Message: 2 Date: Thu, 4 Sep 2008 11:08:18 +0200 From: "Jan-Oliver Wagner" Subject: Re: [Openvas-discuss] OpenVAS VMware appliance - version 1.0 ??? released To: openvas-discuss at wald.intevation.org Message-ID: <200809041108.20206.jan-oliver.wagner at intevation.de> Content-Type: text/plain;? charset="iso-8859-1" On Donnerstag, 4. September 2008, Patrick Hornung wrote: > P.S. I'm still working on my appliance with a web-based frontend. ?I should > have it released by Monday. Is there any relationsship or overlap with OSSIM? Best ??? Jan -- Dr. Jan-Oliver Wagner? ? ? ? ? ? ? ? ? ? ? ? Intevation GmbH, Osnabr?ck Amtsgericht Osnabr?ck, HR B 18998? ? ? ? ? ? http://www.intevation.de/ Gesch?ftsf?hrer: Frank Koormann, Bernhard Reiter, Dr. Jan-Oliver Wagner ------------------------------ _______________________________________________ Openvas-discuss mailing list Openvas-discuss at wald.intevation.org http://lists.wald.intevation.org/mailman/listinfo/openvas-discuss End of Openvas-discuss Digest, Vol 20, Issue 3 ********************************************** __________________________________________________ Do You Yahoo!? Poco spazio e tanto spam? Yahoo! Mail ti protegge dallo spam e ti da tanto spazio gratuito per i tuoi file e i messaggi http://mail.yahoo.it From phornung at gmail.com Thu Sep 4 14:09:56 2008 From: phornung at gmail.com (Patrick Hornung) Date: Thu, 4 Sep 2008 08:09:56 -0400 Subject: [Openvas-discuss] OpenVAS VMware appliance - version 1.0 released In-Reply-To: <200809041108.20206.jan-oliver.wagner@intevation.de> References: <9587e64c0809032046q1cf4cb75se4635e5bfee2ae48@mail.gmail.com> <200809041108.20206.jan-oliver.wagner@intevation.de> Message-ID: <9587e64c0809040509h4362f6afm9bcacbe316f47eac@mail.gmail.com> I know of OSSIM, but since it contains Nessus, I don't see it as a viable product right now. As I understand it, Nessus is unable to be used in a commercial environment without paying license fees for their feed. Of course, the minute they switch to an OpenVAS implementation, mine is no longer very relevant... Hopefully the virtual machine is effective for users that want a quick and dirty security scan without going through all the challenges I went through when starting out with OpenVAS. On Thu, Sep 4, 2008 at 5:08 AM, Jan-Oliver Wagner < jan-oliver.wagner at intevation.de> wrote: > On Donnerstag, 4. September 2008, Patrick Hornung wrote: > > P.S. I'm still working on my appliance with a web-based frontend. I > should > > have it released by Monday. > > Is there any relationsship or overlap with OSSIM? > > Best > > Jan > > -- > Dr. Jan-Oliver Wagner Intevation GmbH, Osnabr?ck > Amtsgericht Osnabr?ck, HR B 18998 http://www.intevation.de/ > Gesch?ftsf?hrer: Frank Koormann, Bernhard Reiter, Dr. Jan-Oliver Wagner > _______________________________________________ > Openvas-discuss mailing list > Openvas-discuss at wald.intevation.org > http://lists.wald.intevation.org/mailman/listinfo/openvas-discuss > -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.wald.intevation.org/pipermail/openvas-discuss/attachments/20080904/069a2763/attachment.htm From phornung at gmail.com Thu Sep 4 14:11:04 2008 From: phornung at gmail.com (Patrick Hornung) Date: Thu, 4 Sep 2008 08:11:04 -0400 Subject: [Openvas-discuss] OpenVAS VMware appliance - version 1.0 released In-Reply-To: <48BFB287.9000805@linux.hr> References: <9587e64c0809032046q1cf4cb75se4635e5bfee2ae48@mail.gmail.com> <48BFB287.9000805@linux.hr> Message-ID: <9587e64c0809040511j54232dib9ab9186f7f8eafa@mail.gmail.com> Excellent suggestion - I'll add those tools and upload another virtual machine this weekend. On Thu, Sep 4, 2008 at 6:03 AM, Vlatko Kosturjak wrote: > Hello Patrick! > > I have few ideas in order to extend your vmware image. I would suggest > you to install following aditional sofware in order for openvas to be > fully utilized with all available scripts (if not already installed): > - integrated tools mentioned on > http://www.openvas.org/integrated-tools.html (mainly: nmap, SLAD, nikto) > - and also integrated tools which use some of NASL scripts: hydra, sort, > smbclient, snmpwalk, ike-scan, pnscan, amap, portbunny, ldapsearch > > Anyway, maybe it's time to update mentioned web page: > http://www.openvas.org/integrated-tools.html > > Patrick Hornung wrote: > > Ok, now I have a new release of this virtual machine without some of the > > headaches of the former. Since it's completely automatic and working, > > I'm calling it OpenVAS Virtual Machine 1.0! > > (Let me know if this is a problem - I'll gladly rename it if necessary) > > > > * The virtual machine boots and displays IP information for the user > > to connect with. No need to ever login to linux! (Also means > > it's more user-friendly to non-linux people) > > * Automatically updates itself based on the openvas-nvt-sync every > boot > > > > How to use: > > > > 1. Download the zip file below. > > 2. Extract the file. > > 3. Open the virtual machine using VMware Player or Server. > > 4. When asked whether to create a new identifier or keep the old one, > > choose to keep the old one. Alternatively, it may ask if you > > copied or moved the virtual machine, choose moved. > > 5. Once the virtual machine boots, it will be accessible via DHCP and > > display its IP information on the console. > > 6. Connect using your OpenVAS client to the IP address shown above, > > on port 1241, with username 'openvas' and password 'openvas'. > > 7. Scan your network as necessary. > > > > If anyone finds any problems or bugs, I'll do my best to support them. > > > http://sourceforge.net/project/showfiles.php?group_id=238477&package_id=290162&release_id=623989 > > < > http://sourceforge.net/project/showfiles.php?group_id=238477&package_id=290162&release_id=623989 > > > > > > Cheers! > > > > P.S. I'm still working on my appliance with a web-based frontend. I > > should have it released by Monday. > > P.P.S If anyone's a wizard with Live CDs and would like to point me in > > the right direction on making an OpenVAS LiveCD, let me know. That'll > > be my next focus. > > > > On Mon, Sep 1, 2008 at 8:55 PM, Patrick Hornung > > wrote: > > > > Got it! > > > > I had to add the following to the end of the nessus/cflags file: > > > > -I/usr/include/glib-2.0 -I/usr/lib/glib-2.0/include > > > > That makes the file (as a whole) like this: > > echo "-Wall -I. -I/root/openvas-client-1.0.4/include > > -DNESSUS_DOCDIR=\"//usr/local/share/doc/openvas-manual\" > > -I/usr/include/openssl -DHAVE_CONFIG_H -DHAVE_GNU_GETTEXT > > -DLOCALEDIR=\"/usr/local/share/locale\" -DPACKAGE=\"OpenVAS-Client\" > > -I. -I/root/openvas-client-1.0.4/include -I../src/gui > > -Igdchart0.94b -Igdchart0.94b/gd1.3 -I/usr/include/glib-2.0 > > -I/usr/lib/glib-2.0/include" > > > > It applies to installing on Debian Etch. > > > > On Sun, Aug 31, 2008 at 3:01 PM, Jan-Oliver Wagner > > > > wrote: > > > > On Sunday 31 August 2008 05:08, Patrick Hornung wrote: > > > osva:~/openvas-client-1.0.4# pkg-config --cflags glib-2.0 > > > -I/usr/include/glib-2.0 -I/usr/lib/glib-2.0/include > > > > > > Seems awfully reproducible in Debian Etch, but something is > > certainly not > > > right. Any ideas? > > > > is glib.h in one of the above directories? > > > > Next, config.log created during configure of OpenVAS-Client might > > contain some helpful information. > > > > Best > > > > Jan > > -- > > Dr. Jan-Oliver Wagner > > Intevation GmbH > > Amtsgericht Osnabr?ck, HR B 18998 > > http://www.intevation.de/ > > Gesch?ftsf?hrer: Frank Koormann, Bernhard Reiter, Dr. Jan-Oliver > > Wagner > > _______________________________________________ > > Openvas-discuss mailing list > > Openvas-discuss at wald.intevation.org > > > > > http://lists.wald.intevation.org/mailman/listinfo/openvas-discuss > > > > > > > > > > ------------------------------------------------------------------------ > > > > _______________________________________________ > > Openvas-discuss mailing list > > Openvas-discuss at wald.intevation.org > > http://lists.wald.intevation.org/mailman/listinfo/openvas-discuss > -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.wald.intevation.org/pipermail/openvas-discuss/attachments/20080904/a4e87a76/attachment.html From kost at linux.hr Thu Sep 4 14:26:15 2008 From: kost at linux.hr (Vlatko Kosturjak) Date: Thu, 04 Sep 2008 14:26:15 +0200 Subject: [Openvas-discuss] OpenVAS VMware appliance - version 1.0 released In-Reply-To: <9587e64c0809040511j54232dib9ab9186f7f8eafa@mail.gmail.com> References: <9587e64c0809032046q1cf4cb75se4635e5bfee2ae48@mail.gmail.com> <48BFB287.9000805@linux.hr> <9587e64c0809040511j54232dib9ab9186f7f8eafa@mail.gmail.com> Message-ID: <48BFD3E7.8010500@linux.hr> Well, I have few more ideas before the weekend, another one is that you integrate also AlienVault Feed, so user can synchronize their feed for OpenVAS too: http://www.alienvault.com/free_nessus_feed.php Patrick Hornung wrote: > Excellent suggestion - I'll add those tools and upload another virtual > machine this weekend. > > On Thu, Sep 4, 2008 at 6:03 AM, Vlatko Kosturjak > wrote: > > Hello Patrick! > > I have few ideas in order to extend your vmware image. I would suggest > you to install following aditional sofware in order for openvas to be > fully utilized with all available scripts (if not already installed): > - integrated tools mentioned on > http://www.openvas.org/integrated-tools.html (mainly: nmap, SLAD, nikto) > - and also integrated tools which use some of NASL scripts: hydra, sort, > smbclient, snmpwalk, ike-scan, pnscan, amap, portbunny, ldapsearch > > Anyway, maybe it's time to update mentioned web page: > http://www.openvas.org/integrated-tools.html > > Patrick Hornung wrote: > > Ok, now I have a new release of this virtual machine without some > of the > > headaches of the former. Since it's completely automatic and working, > > I'm calling it OpenVAS Virtual Machine 1.0! > > (Let me know if this is a problem - I'll gladly rename it if > necessary) > > > > * The virtual machine boots and displays IP information for > the user > > to connect with. No need to ever login to linux! (Also means > > it's more user-friendly to non-linux people) > > * Automatically updates itself based on the openvas-nvt-sync > every boot > > > > How to use: > > > > 1. Download the zip file below. > > 2. Extract the file. > > 3. Open the virtual machine using VMware Player or Server. > > 4. When asked whether to create a new identifier or keep the > old one, > > choose to keep the old one. Alternatively, it may ask if you > > copied or moved the virtual machine, choose moved. > > 5. Once the virtual machine boots, it will be accessible via > DHCP and > > display its IP information on the console. > > 6. Connect using your OpenVAS client to the IP address shown above, > > on port 1241, with username 'openvas' and password 'openvas'. > > 7. Scan your network as necessary. > > > > If anyone finds any problems or bugs, I'll do my best to support them. > > > http://sourceforge.net/project/showfiles.php?group_id=238477&package_id=290162&release_id=623989 > > > > > > > > > Cheers! > > > > P.S. I'm still working on my appliance with a web-based frontend. I > > should have it released by Monday. > > P.P.S If anyone's a wizard with Live CDs and would like to point me in > > the right direction on making an OpenVAS LiveCD, let me know. That'll > > be my next focus. > > > > On Mon, Sep 1, 2008 at 8:55 PM, Patrick Hornung > > > >> wrote: > > > > Got it! > > > > I had to add the following to the end of the nessus/cflags file: > > > > -I/usr/include/glib-2.0 -I/usr/lib/glib-2.0/include > > > > That makes the file (as a whole) like this: > > echo "-Wall -I. -I/root/openvas-client-1.0.4/include > > -DNESSUS_DOCDIR=\"//usr/local/share/doc/openvas-manual\" > > -I/usr/include/openssl -DHAVE_CONFIG_H -DHAVE_GNU_GETTEXT > > -DLOCALEDIR=\"/usr/local/share/locale\" > -DPACKAGE=\"OpenVAS-Client\" > > -I. -I/root/openvas-client-1.0.4/include -I../src/gui > > -Igdchart0.94b -Igdchart0.94b/gd1.3 -I/usr/include/glib-2.0 > > -I/usr/lib/glib-2.0/include" > > > > It applies to installing on Debian Etch. > > > > On Sun, Aug 31, 2008 at 3:01 PM, Jan-Oliver Wagner > > > > >> wrote: > > > > On Sunday 31 August 2008 05:08, Patrick Hornung wrote: > > > osva:~/openvas-client-1.0.4# pkg-config --cflags glib-2.0 > > > -I/usr/include/glib-2.0 -I/usr/lib/glib-2.0/include > > > > > > Seems awfully reproducible in Debian Etch, but something is > > certainly not > > > right. Any ideas? > > > > is glib.h in one of the above directories? > > > > Next, config.log created during configure of > OpenVAS-Client might > > contain some helpful information. > > > > Best > > > > Jan > > -- > > Dr. Jan-Oliver Wagner > > Intevation GmbH > > Amtsgericht Osnabr?ck, HR B 18998 > > http://www.intevation.de/ > > Gesch?ftsf?hrer: Frank Koormann, Bernhard Reiter, Dr. > Jan-Oliver > > Wagner > > _______________________________________________ > > Openvas-discuss mailing list > > Openvas-discuss at wald.intevation.org > > > > > > > http://lists.wald.intevation.org/mailman/listinfo/openvas-discuss > > > > > > > > > > > ------------------------------------------------------------------------ > > > > _______________________________________________ > > Openvas-discuss mailing list > > Openvas-discuss at wald.intevation.org > > > http://lists.wald.intevation.org/mailman/listinfo/openvas-discuss > > > > ------------------------------------------------------------------------ > > _______________________________________________ > Openvas-discuss mailing list > Openvas-discuss at wald.intevation.org > http://lists.wald.intevation.org/mailman/listinfo/openvas-discuss From jan-oliver.wagner at intevation.de Thu Sep 4 14:29:19 2008 From: jan-oliver.wagner at intevation.de (Jan-Oliver Wagner) Date: Thu, 4 Sep 2008 14:29:19 +0200 Subject: [Openvas-discuss] =?iso-8859-1?q?OpenVAS_VMware_appliance_-_versi?= =?iso-8859-1?q?on_1=2E0=09released?= In-Reply-To: <48BFB287.9000805@linux.hr> References: <9587e64c0809032046q1cf4cb75se4635e5bfee2ae48@mail.gmail.com> <48BFB287.9000805@linux.hr> Message-ID: <200809041429.21384.jan-oliver.wagner@intevation.de> On Donnerstag, 4. September 2008, Vlatko Kosturjak wrote: > Anyway, maybe it's time to update mentioned web page: > http://www.openvas.org/integrated-tools.html indeed. Anyone likes to take action? Best Jan -- Dr. Jan-Oliver Wagner Intevation GmbH, Osnabr?ck Amtsgericht Osnabr?ck, HR B 18998 http://www.intevation.de/ Gesch?ftsf?hrer: Frank Koormann, Bernhard Reiter, Dr. Jan-Oliver Wagner From kost at linux.hr Thu Sep 4 14:30:42 2008 From: kost at linux.hr (Vlatko Kosturjak) Date: Thu, 04 Sep 2008 14:30:42 +0200 Subject: [Openvas-discuss] OpenVAS VMware appliance - version 1.0 released In-Reply-To: <200809041429.21384.jan-oliver.wagner@intevation.de> References: <9587e64c0809032046q1cf4cb75se4635e5bfee2ae48@mail.gmail.com> <48BFB287.9000805@linux.hr> <200809041429.21384.jan-oliver.wagner@intevation.de> Message-ID: <48BFD4F2.204@linux.hr> Jan-Oliver Wagner wrote: > On Donnerstag, 4. September 2008, Vlatko Kosturjak wrote: >> Anyway, maybe it's time to update mentioned web page: >> http://www.openvas.org/integrated-tools.html > > indeed. Anyone likes to take action? I can do that. Not sure If I have permissions/access. Kost From timb at nth-dimension.org.uk Thu Sep 4 14:51:31 2008 From: timb at nth-dimension.org.uk (Tim Brown) Date: Thu, 4 Sep 2008 13:51:31 +0100 Subject: [Openvas-discuss] OpenVAS VMware appliance - version 1.0 released In-Reply-To: <48BFD4F2.204@linux.hr> References: <9587e64c0809032046q1cf4cb75se4635e5bfee2ae48@mail.gmail.com> <200809041429.21384.jan-oliver.wagner@intevation.de> <48BFD4F2.204@linux.hr> Message-ID: <200809041351.31883.timb@nth-dimension.org.uk> On Thursday 04 September 2008 13:30:42 Vlatko Kosturjak wrote: > Jan-Oliver Wagner wrote: > > On Donnerstag, 4. September 2008, Vlatko Kosturjak wrote: > >> Anyway, maybe it's time to update mentioned web page: > >> http://www.openvas.org/integrated-tools.html > > > > indeed. Anyone likes to take action? > > I can do that. Not sure If I have permissions/access. Anyone with SVN commit access can do it. Files are in trunk/doc/website. Once you made you changes to integrated-tools.htm4 or what have you, make && make online will regenerate the HTML and upload it to the right place. Cheers, Tim -- Tim Brown From kost at linux.hr Thu Sep 4 15:10:35 2008 From: kost at linux.hr (Vlatko Kosturjak) Date: Thu, 04 Sep 2008 15:10:35 +0200 Subject: [Openvas-discuss] OpenVAS VMware appliance - version 1.0 released In-Reply-To: <9587e64c0809032046q1cf4cb75se4635e5bfee2ae48@mail.gmail.com> References: <9587e64c0809032046q1cf4cb75se4635e5bfee2ae48@mail.gmail.com> Message-ID: <48BFDE4B.8080808@linux.hr> > 6. Connect using your OpenVAS client to the IP address shown above, > on port 1241, with username 'openvas' and password 'openvas'. Doesn't this look like vulnerability? on what interfaces have you put openvasd/vmware to listen? if it's listening on every interface that means someone on the (testing) network can own your vmware machine (as it have access to your client which has access to root priv on openvas server!!). Kost From phornung at gmail.com Thu Sep 4 15:43:19 2008 From: phornung at gmail.com (Patrick Hornung) Date: Thu, 4 Sep 2008 09:43:19 -0400 Subject: [Openvas-discuss] OpenVAS VMware appliance - version 1.0 released In-Reply-To: <48BFDE4B.8080808@linux.hr> References: <9587e64c0809032046q1cf4cb75se4635e5bfee2ae48@mail.gmail.com> <48BFDE4B.8080808@linux.hr> Message-ID: <9587e64c0809040643y30156477pea58395e5dca7134@mail.gmail.com> It certainly is a vulnerability that I've provided a common username and password for the root login and the openvas login, but it was done for ease of use by less knowledgeable administrators or users on a test environment. If the user of the virtual machine changes the passwords and restricts the ports on their own, I'd contend that it's just as secure as any other openvas implementation. On the other hand, an administrator such as yourself that is concerned about having an openvas server attacked on your network would probably prefer to build it from source themself. This wasn't made for that administrator, this was made to make it easier for administrators to casually try to see why openvas is so great. In the end, I had to provide the initial login and password. All virtual machines are provided in similar ways. VMware isn't a vulnerability, because it doesn't advertise any services. It simply runs as a virtual machine. How the administrator chooses to handle their VMware implementation is their own choice. On Thu, Sep 4, 2008 at 9:10 AM, Vlatko Kosturjak wrote: > > 6. Connect using your OpenVAS client to the IP address shown above, > > on port 1241, with username 'openvas' and password 'openvas'. > > Doesn't this look like vulnerability? on what interfaces have you put > openvasd/vmware to listen? if it's listening on every interface that > means someone on the (testing) network can own your vmware machine (as > it have access to your client which has access to root priv on openvas > server!!). > > Kost > _______________________________________________ > Openvas-discuss mailing list > Openvas-discuss at wald.intevation.org > http://lists.wald.intevation.org/mailman/listinfo/openvas-discuss > -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.wald.intevation.org/pipermail/openvas-discuss/attachments/20080904/db8b7345/attachment.htm From kost at linux.hr Thu Sep 4 15:51:15 2008 From: kost at linux.hr (Vlatko Kosturjak) Date: Thu, 04 Sep 2008 15:51:15 +0200 Subject: [Openvas-discuss] OpenVAS VMware appliance - version 1.0 released In-Reply-To: <9587e64c0809040643y30156477pea58395e5dca7134@mail.gmail.com> References: <9587e64c0809032046q1cf4cb75se4635e5bfee2ae48@mail.gmail.com> <48BFDE4B.8080808@linux.hr> <9587e64c0809040643y30156477pea58395e5dca7134@mail.gmail.com> Message-ID: <48BFE7D3.2010709@linux.hr> I would suggest following quick fix for your vmware image (put somewhere on the end of the startup scripts): rm -rf /var/lib/openvas/users/* openvas-adduser With this, user will addd username and password himself... Patrick Hornung wrote: > It certainly is a vulnerability that I've provided a common username and > password for the root login and the openvas login, but it was done for > ease of use by less knowledgeable administrators or users on a test > environment. If the user of the virtual machine changes the passwords > and restricts the ports on their own, I'd contend that it's just as > secure as any other openvas implementation. On the other hand, an > administrator such as yourself that is concerned about having an openvas > server attacked on your network would probably prefer to build it from > source themself. This wasn't made for that administrator, this was made > to make it easier for administrators to casually try to see why openvas > is so great. In the end, I had to provide the initial login and > password. All virtual machines are provided in similar ways. > > VMware isn't a vulnerability, because it doesn't advertise any > services. It simply runs as a virtual machine. How the administrator > chooses to handle their VMware implementation is their own choice. > > On Thu, Sep 4, 2008 at 9:10 AM, Vlatko Kosturjak > wrote: > > > 6. Connect using your OpenVAS client to the IP address shown above, > > on port 1241, with username 'openvas' and password 'openvas'. > > Doesn't this look like vulnerability? on what interfaces have you put > openvasd/vmware to listen? if it's listening on every interface that > means someone on the (testing) network can own your vmware machine (as > it have access to your client which has access to root priv on openvas > server!!). > > Kost > _______________________________________________ > Openvas-discuss mailing list > Openvas-discuss at wald.intevation.org > > http://lists.wald.intevation.org/mailman/listinfo/openvas-discuss > > > > ------------------------------------------------------------------------ > > _______________________________________________ > Openvas-discuss mailing list > Openvas-discuss at wald.intevation.org > http://lists.wald.intevation.org/mailman/listinfo/openvas-discuss From kost at linux.hr Thu Sep 4 16:07:31 2008 From: kost at linux.hr (Vlatko Kosturjak) Date: Thu, 04 Sep 2008 16:07:31 +0200 Subject: [Openvas-discuss] OpenVAS VMware appliance - version 1.0 released In-Reply-To: <48BFE7D3.2010709@linux.hr> References: <9587e64c0809032046q1cf4cb75se4635e5bfee2ae48@mail.gmail.com> <48BFDE4B.8080808@linux.hr> <9587e64c0809040643y30156477pea58395e5dca7134@mail.gmail.com> <48BFE7D3.2010709@linux.hr> Message-ID: <48BFEBA3.5080507@linux.hr> Long term fix would be to do: - edit openvas-mkcert to automatically generate new cert on startup without questions asked (there's variables inside) - add to the startup scripts (just before openvasd is started) o openvas-mkcert o openvas-adduser and then just before you ship VM image and finished with testings: - rm -rf /var/lib/openvas/users/* - rm -rf $OPENVAS/com/openvas/CA* (change $OPENVAS with prefix where you installed your openvas, usr/local?) If everyones have same user and password you risk of being compromised. If using same certificate, you risk in being sniffed (traffic between openvas client and server) as there's no point in having SSL then (between openvas client and server). this is lower risk, but it's better to be non-vulnerable at all. Vlatko Kosturjak wrote: > I would suggest following quick fix for your vmware image (put somewhere > on the end of the startup scripts): > > rm -rf /var/lib/openvas/users/* > openvas-adduser > > With this, user will addd username and password himself... > > Patrick Hornung wrote: >> It certainly is a vulnerability that I've provided a common username and >> password for the root login and the openvas login, but it was done for >> ease of use by less knowledgeable administrators or users on a test >> environment. If the user of the virtual machine changes the passwords >> and restricts the ports on their own, I'd contend that it's just as >> secure as any other openvas implementation. On the other hand, an >> administrator such as yourself that is concerned about having an openvas >> server attacked on your network would probably prefer to build it from >> source themself. This wasn't made for that administrator, this was made >> to make it easier for administrators to casually try to see why openvas >> is so great. In the end, I had to provide the initial login and >> password. All virtual machines are provided in similar ways. >> >> VMware isn't a vulnerability, because it doesn't advertise any >> services. It simply runs as a virtual machine. How the administrator >> chooses to handle their VMware implementation is their own choice. >> >> On Thu, Sep 4, 2008 at 9:10 AM, Vlatko Kosturjak > > wrote: >> >> > 6. Connect using your OpenVAS client to the IP address shown above, >> > on port 1241, with username 'openvas' and password 'openvas'. >> >> Doesn't this look like vulnerability? on what interfaces have you put >> openvasd/vmware to listen? if it's listening on every interface that >> means someone on the (testing) network can own your vmware machine (as >> it have access to your client which has access to root priv on openvas >> server!!). >> >> Kost >> _______________________________________________ >> Openvas-discuss mailing list >> Openvas-discuss at wald.intevation.org >> >> http://lists.wald.intevation.org/mailman/listinfo/openvas-discuss >> >> >> >> ------------------------------------------------------------------------ >> >> _______________________________________________ >> Openvas-discuss mailing list >> Openvas-discuss at wald.intevation.org >> http://lists.wald.intevation.org/mailman/listinfo/openvas-discuss > _______________________________________________ > Openvas-discuss mailing list > Openvas-discuss at wald.intevation.org > http://lists.wald.intevation.org/mailman/listinfo/openvas-discuss From phornung at gmail.com Thu Sep 4 16:52:31 2008 From: phornung at gmail.com (Patrick Hornung) Date: Thu, 4 Sep 2008 10:52:31 -0400 Subject: [Openvas-discuss] OpenVAS VMware appliance - version 1.0 released In-Reply-To: <48BFEBA3.5080507@linux.hr> References: <9587e64c0809032046q1cf4cb75se4635e5bfee2ae48@mail.gmail.com> <48BFDE4B.8080808@linux.hr> <9587e64c0809040643y30156477pea58395e5dca7134@mail.gmail.com> <48BFE7D3.2010709@linux.hr> <48BFEBA3.5080507@linux.hr> Message-ID: <9587e64c0809040752i66c30098j7da8a76d575fb70@mail.gmail.com> I like the idea of rebuilding the cert for each installation. That is something I'll definitely do in the next version. As for the user issue, I'm trying to avoid the need for users to login to the virtual machine at all, but perhaps I could make two versions - one for people who don't want to be bothered with logging in and can accept a less secure system (for testing, as an example), and one for people who will be forced to login and make a new user (for production use). Of course, even with the current version any user can simply recreate their cert and user on their own, but making it necessary ensures that everyone is following good security techniques. Thanks for the input! On Thu, Sep 4, 2008 at 10:07 AM, Vlatko Kosturjak wrote: > Long term fix would be to do: > - edit openvas-mkcert to automatically generate new cert on startup > without questions asked (there's variables inside) > - add to the startup scripts (just before openvasd is started) > o openvas-mkcert > o openvas-adduser > and then just before you ship VM image and finished with testings: > - rm -rf /var/lib/openvas/users/* > - rm -rf $OPENVAS/com/openvas/CA* > (change $OPENVAS with prefix where you installed your openvas, usr/local?) > > If everyones have same user and password you risk of being compromised. > If using same certificate, you risk in being sniffed (traffic between > openvas client and server) as there's no point in having SSL then > (between openvas client and server). this is lower risk, but it's better > to be non-vulnerable at all. > > Vlatko Kosturjak wrote: > > I would suggest following quick fix for your vmware image (put somewhere > > on the end of the startup scripts): > > > > rm -rf /var/lib/openvas/users/* > > openvas-adduser > > > > With this, user will addd username and password himself... > > > > Patrick Hornung wrote: > >> It certainly is a vulnerability that I've provided a common username and > >> password for the root login and the openvas login, but it was done for > >> ease of use by less knowledgeable administrators or users on a test > >> environment. If the user of the virtual machine changes the passwords > >> and restricts the ports on their own, I'd contend that it's just as > >> secure as any other openvas implementation. On the other hand, an > >> administrator such as yourself that is concerned about having an openvas > >> server attacked on your network would probably prefer to build it from > >> source themself. This wasn't made for that administrator, this was made > >> to make it easier for administrators to casually try to see why openvas > >> is so great. In the end, I had to provide the initial login and > >> password. All virtual machines are provided in similar ways. > >> > >> VMware isn't a vulnerability, because it doesn't advertise any > >> services. It simply runs as a virtual machine. How the administrator > >> chooses to handle their VMware implementation is their own choice. > >> > >> On Thu, Sep 4, 2008 at 9:10 AM, Vlatko Kosturjak >> > wrote: > >> > >> > 6. Connect using your OpenVAS client to the IP address shown > above, > >> > on port 1241, with username 'openvas' and password > 'openvas'. > >> > >> Doesn't this look like vulnerability? on what interfaces have you > put > >> openvasd/vmware to listen? if it's listening on every interface that > >> means someone on the (testing) network can own your vmware machine > (as > >> it have access to your client which has access to root priv on > openvas > >> server!!). > >> > >> Kost > >> _______________________________________________ > >> Openvas-discuss mailing list > >> Openvas-discuss at wald.intevation.org > >> > >> http://lists.wald.intevation.org/mailman/listinfo/openvas-discuss > >> > >> > >> > >> ------------------------------------------------------------------------ > >> > >> _______________________________________________ > >> Openvas-discuss mailing list > >> Openvas-discuss at wald.intevation.org > >> http://lists.wald.intevation.org/mailman/listinfo/openvas-discuss > > _______________________________________________ > > Openvas-discuss mailing list > > Openvas-discuss at wald.intevation.org > > http://lists.wald.intevation.org/mailman/listinfo/openvas-discuss > _______________________________________________ > Openvas-discuss mailing list > Openvas-discuss at wald.intevation.org > http://lists.wald.intevation.org/mailman/listinfo/openvas-discuss > -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.wald.intevation.org/pipermail/openvas-discuss/attachments/20080904/b2f0668d/attachment.html From michael.wiegand at intevation.de Wed Sep 10 10:43:08 2008 From: michael.wiegand at intevation.de (Michael Wiegand) Date: Wed, 10 Sep 2008 10:43:08 +0200 Subject: [Openvas-discuss] OpenVAS NVT Feed Extended In-Reply-To: <200809031046.22003.jan-oliver.wagner@intevation.de> References: <200809031046.22003.jan-oliver.wagner@intevation.de> Message-ID: <200809101043.08591.michael.wiegand@intevation.de> Hello, I have just finished extending the feed to encompass all NASL scripts in openvas-plugins as announced by Jan-Oliver a week ago. I have tested the changes locally and everything seems to be working fine; however, I would appreciate any feedback regarding the feed update, please report any bugs you encounter to openvas-devel. So please use the 'openvas-nvt-sync' mechanism to update your local plugin repository with the plugin feed and share your experiences. Thank you! Regards, Michael Am Mittwoch, 3. September 2008 10:46:19 schrieb Jan-Oliver Wagner: > Dear OpenVAS users, > > the OpenVAS team plans to extend the current OpenVAS Feed > quite drastically compared to the current coverage [1]. > Anyone who configured a OpenVAS Server to use the OpenVAS > NVT Feed should read this announcement carefully. > > Currently, the OpenVAS Feed is limited to 100% supported families. > In fact this is just the Debian Local Security Checks. > > Thanks to various contributors, the base of NVTs has grown a lot > and is continously improved. Occasional updates of the module > "openvas-plugins" are not sufficient anymore to be reasonably > up-to-date. > > Therefore, the OpenVAS Team will accordingly change the policy > of the OpenVAS NVT Feed on > > Wednesday, September 10th 2008 > > There is no change required on your installation. > After the change of the feed, your next synchronisation > will retrieve a lot of more new NASL and INC files than before. > > Also, for each NASL and INC file, a signature file will be transfered. > This means, that now all of the NVTs managed in the OpenVAS > source code repository are accompanied with a signature for > transfer integrity, not just the Debian Local Security Check NVTs. > > In case you have configured OpenVAS server to only execute signed > NVTs, with the feed change any NVT which is available in the > OpenVAS source code repository will be executed. > > Reminder: The applied signatures only guarantees an unmodified > transfer from the OpenVAS Feed service to your OpenVAS Server > installation. The signature does not express a quality measure of > any kind! > > Please send your comments or questions to the OpenVAS discussion > mailing list[2]. > > Best regards > > Jan-Oliver Wagner > > [1] http://www.openvas.org/openvas-nvt-feed.html > [2] http://lists.wald.intevation.org/mailman/listinfo/openvas-discuss -- Michael Wiegand OpenPGP key: D7D049EC Intevation GmbH, Osnabr?ck http://www.intevation.de/ Amtsgericht Osnabr?ck, HR B 18998 Gesch?ftsf?hrer: Frank Koormann, Bernhard Reiter, Dr. Jan-Oliver Wagner From c_edjenguele at yahoo.it Thu Sep 18 18:47:28 2008 From: c_edjenguele at yahoo.it (Christian Eric EDJENGUELE) Date: Thu, 18 Sep 2008 16:47:28 +0000 (GMT) Subject: [Openvas-discuss] OpenVAS Os FingerPrint enhancements through XML parsing Message-ID: <345696.68062.qm@web26005.mail.ukl.yahoo.com> Hello all, I think it should be very insteresting to perform openvas os fingerprint mechanism, by integrating an xml parser like sax (simple api for xml), to enhance plugins development. I've used this technique and it's very productive. so I've developed a routine to make thinks more easy, here the explainations: purpose: Enhance plugin development and openvas?OS fingerprint mechanism Rationale: Programming language: python Modules? used(all these are standars, so no installation need!): sax, sys, socket, os, re Advantages: 1) software information are stored in xml format, that makes informations more portable 2) only one script to parses all banner: http, ssh, telnet, pop3, smtp, etc... 3) no need to write new script to detect a new software, only add the banner in the xml file, I've already done with http.xml, ssh.xml, telnet.xml, pop3.xml, and more ... 4) Well documented 5) fast ? Design and Implementation Note:?see the link bellow for?attached zip archive with 3 files (only for testing purposes) 1) smtp.xml: file to be parsed for os fingerprint 2) bannerparser.py: python routine to parsing the banner passed to it as parameter 3) remote-smtp-detect.py: python script example to remotly fingerprint os through smtp banner, also print the banner, you can also find in the code an ip address to test.? in the code just change SRC_DIR = 'E:\\projects\\openvas\\contest' variable to the path in with all the 3 file are. syntax (assuming that python is in your PATH): python remote-smtp-detect.py 140.105.60.207? 25 or: python remote-smtp-detect.py?w.x.y.z? 465 ssl test it, and let me know, I think it will be more useful. the unique difficulty could be integrating sax in openvas or implement a nasl interface to sax. http://lists.wald.intevation.org/pipermail/openvas-plugins/2008-September/000110.html === Christian Eric Edjenguele IT Security Software Developer & Researcher tel. +39 3408580513 View my linkedin profile: http://www.linkedin.com/in/edjenguele My blog: http://www.edjenguele.blogspot.com --- Management, Developers, Security Professionals ? can only result in one thing?? better security. http://www.owasp.org/index.php/OWASP_NYC_AppSec_2008_Conference Sept 22nd-25th 2008 __________________________________________________ Do You Yahoo!? Poco spazio e tanto spam? Yahoo! Mail ti protegge dallo spam e ti da tanto spazio gratuito per i tuoi file e i messaggi http://mail.yahoo.it From Katrin.Oertel-Richter at fujitsu-siemens.com Fri Sep 19 11:27:34 2008 From: Katrin.Oertel-Richter at fujitsu-siemens.com (Oertel-Richter, Katrin) Date: Fri, 19 Sep 2008 11:27:34 +0200 Subject: [Openvas-discuss] Updating plugins using openvas-nvt-sync is impossible Message-ID: <5A9F931056A66A4C86F842409A3A28480112052109F5@ABGEX70E.FSC.NET> Hi all, I installed the following rpm-packages on an openSuSE 10.2 system, following the instructions on your WEB site. rpm -i openvas-libraries-1.0.1-1.suse102.openvas.i586.rpm rpm -i openvas-libnasl-1.0.0-1.suse102.openvas.i586.rpm rpm -i openvas-server-1.0.0-1.suse102.openvas.i586.rpm rpm -i openvas-plugins-1.0.0-1.suse102.openvas.i586.rpm openvas-mkcert and openvas-adduser were ok. But then I had problems with openvas-nvt-sync, please see error messages below: # openvas-nvt-sync OpenVAS NVT Sync $ Configured NVT Feed: rsync://rsync.openvas.org:/nvt-feed Synchronized into: /usr/lib/openvas/plugins Searching for required system tools ... Synchonizing NVTs via RSYNC ... rsync: failed to connect to rsync.openvas.org: Connection refused (111) rsync error: error in socket IO (code 10) at clientserver.c(107) [receiver=2.6.8] Error: rsync failed. Your NVT collection might be broken now. # Did I miss any necessary step or is it possible that there is something wrong with the rsync server? Thanks in advance for your help . Regards, Katrin Oertel-Richter IP SSC VAL QA ST S Fujitsu Siemens Computers GmbH Otto-Hahn-Ring 6 81739 M?nchen Germany Telefon: ++49 89 636 49265 Telefax: ++49 89 636 42642 Mobile: ++49 162 2948 674 Email: mailto:katrin.oertel-richter at fujitsu-siemens.com Internet: http://www.fujitsu-siemens.com Firmenangaben: http://www.fujitsu-siemens.com/imprint.html -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.wald.intevation.org/pipermail/openvas-discuss/attachments/20080919/5a490930/attachment.htm From jan-oliver.wagner at intevation.de Fri Sep 19 16:30:49 2008 From: jan-oliver.wagner at intevation.de (Jan-Oliver Wagner) Date: Fri, 19 Sep 2008 16:30:49 +0200 Subject: [Openvas-discuss] Updating plugins using openvas-nvt-sync is impossible In-Reply-To: <5A9F931056A66A4C86F842409A3A28480112052109F5@ABGEX70E.FSC.NET> References: <5A9F931056A66A4C86F842409A3A28480112052109F5@ABGEX70E.FSC.NET> Message-ID: <200809191630.51284.jan-oliver.wagner@intevation.de> Hello, On Freitag, 19. September 2008, Oertel-Richter, Katrin wrote: > But then I had problems with openvas-nvt-sync, please see error messages below: > > # openvas-nvt-sync > OpenVAS NVT Sync $ > > Configured NVT Feed: rsync://rsync.openvas.org:/nvt-feed > Synchronized into: /usr/lib/openvas/plugins > > Searching for required system tools ... > Synchonizing NVTs via RSYNC ... > rsync: failed to connect to rsync.openvas.org: Connection refused (111) > rsync error: error in socket IO (code 10) at clientserver.c(107) [receiver=2.6.8] > Error: rsync failed. Your NVT collection might be broken now. > # > > > Did I miss any necessary step or is it possible that there is something wrong with the rsync server? I checked the logs: Various different IPs have successfully synced the NVT feed over the day. So, I tend to say the problem is on your side. Maybe a strict firewall? Best Jan -- Dr. Jan-Oliver Wagner Intevation GmbH, Osnabr?ck Amtsgericht Osnabr?ck, HR B 18998 http://www.intevation.de/ Gesch?ftsf?hrer: Frank Koormann, Bernhard Reiter, Dr. Jan-Oliver Wagner From timb at nth-dimension.org.uk Fri Sep 19 17:27:18 2008 From: timb at nth-dimension.org.uk (Tim Brown) Date: Fri, 19 Sep 2008 16:27:18 +0100 Subject: [Openvas-discuss] Updating plugins using openvas-nvt-sync is impossible In-Reply-To: <5A9F931056A66A4C86F842409A3A28480112052109F5@ABGEX70E.FSC.NET> References: <5A9F931056A66A4C86F842409A3A28480112052109F5@ABGEX70E.FSC.NET> Message-ID: <200809191627.19197.timb@nth-dimension.org.uk> On Friday 19 September 2008 10:27:34 Oertel-Richter, Katrin wrote: > # openvas-nvt-sync > OpenVAS NVT Sync $ > > Configured NVT Feed: rsync://rsync.openvas.org:/nvt-feed > Synchronized into: /usr/lib/openvas/plugins > > Searching for required system tools ... > Synchonizing NVTs via RSYNC ... > rsync: failed to connect to rsync.openvas.org: Connection refused (111) > rsync error: error in socket IO (code 10) at clientserver.c(107) > [receiver=2.6.8] Error: rsync failed. Your NVT collection might be broken > now. > # Hi Katrin, We've successfully tested the update mechanism here on Gentoo and Debian and indeed a number of my colleagues did updates earlier today. Manually checking the rsync server: $ telnet rsync.openvas.org rsync Trying 212.95.126.13... Connected to doto.intevation.de. Escape character is '^]'. @RSYNCD: 26 rsync server - Intevation GmbH, Germany All transactions are logged. Mail problems to admin at intevation.de. Please look at /ftp/mirrors.txt for a list of download mirrors. Please look at /kolab/RSYNC.txt before mirroring the kolab tree. It appears to be up and available. I would suggest running the update script again and if it does not work repeat the manual process as shown above. This will eliminate any network level issues that may be responsible for your problems. Tim -- Tim Brown From nisudoj at yahoo.com Thu Sep 25 01:40:48 2008 From: nisudoj at yahoo.com (NISU DOJ) Date: Wed, 24 Sep 2008 16:40:48 -0700 (PDT) Subject: [Openvas-discuss] UTLS error In-Reply-To: <200809101043.08591.michael.wiegand@intevation.de> Message-ID: <630157.5193.qm@web53611.mail.re2.yahoo.com> I have installed all the latest files including the beta on openSuse 11 Before I was only able to do port scans on the locahost, now I ca run checks I still get the following when scanning loca\host--but dont think its a big deal [433] gnutls_handshake: A TLS packet with unexpected length was received. [455] gnutls_handshake: A record packet with illegal version was received. [458] gnutls_handshake: Function was interrupted. --- On Wed, 9/10/08, Michael Wiegand wrote: From: Michael Wiegand Subject: [Openvas-discuss] OpenVAS NVT Feed Extended To: openvas-discuss at wald.intevation.org Date: Wednesday, September 10, 2008, 1:43 AM Hello, I have just finished extending the feed to encompass all NASL scripts in openvas-plugins as announced by Jan-Oliver a week ago. I have tested the changes locally and everything seems to be working fine; however, I would appreciate any feedback regarding the feed update, please report any bugs you encounter to openvas-devel. So please use the 'openvas-nvt-sync' mechanism to update your local plugin repository with the plugin feed and share your experiences. Thank you! Regards, Michael Am Mittwoch, 3. September 2008 10:46:19 schrieb Jan-Oliver Wagner: > Dear OpenVAS users, > > the OpenVAS team plans to extend the current OpenVAS Feed > quite drastically compared to the current coverage [1]. > Anyone who configured a OpenVAS Server to use the OpenVAS > NVT Feed should read this announcement carefully. > > Currently, the OpenVAS Feed is limited to 100% supported families. > In fact this is just the Debian Local Security Checks. > > Thanks to various contributors, the base of NVTs has grown a lot > and is continously improved. Occasional updates of the module > "openvas-plugins" are not sufficient anymore to be reasonably > up-to-date. > > Therefore, the OpenVAS Team will accordingly change the policy > of the OpenVAS NVT Feed on > > Wednesday, September 10th 2008 > > There is no change required on your installation. > After the change of the feed, your next synchronisation > will retrieve a lot of more new NASL and INC files than before. > > Also, for each NASL and INC file, a signature file will be transfered. > This means, that now all of the NVTs managed in the OpenVAS > source code repository are accompanied with a signature for > transfer integrity, not just the Debian Local Security Check NVTs. > > In case you have configured OpenVAS server to only execute signed > NVTs, with the feed change any NVT which is available in the > OpenVAS source code repository will be executed. > > Reminder: The applied signatures only guarantees an unmodified > transfer from the OpenVAS Feed service to your OpenVAS Server > installation. The signature does not express a quality measure of > any kind! > > Please send your comments or questions to the OpenVAS discussion > mailing list[2]. > > Best regards > > Jan-Oliver Wagner > > [1] http://www.openvas.org/openvas-nvt-feed.html > [2] http://lists.wald.intevation.org/mailman/listinfo/openvas-discuss -- Michael Wiegand OpenPGP key: D7D049EC Intevation GmbH, Osnabr?ck http://www.intevation.de/ Amtsgericht Osnabr?ck, HR B 18998 Gesch?ftsf?hrer: Frank Koormann, Bernhard Reiter, Dr. Jan-Oliver Wagner _______________________________________________ Openvas-discuss mailing list Openvas-discuss at wald.intevation.org http://lists.wald.intevation.org/mailman/listinfo/openvas-discuss -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.wald.intevation.org/pipermail/openvas-discuss/attachments/20080924/0ebcc20b/attachment.html From jan-oliver.wagner at intevation.de Fri Sep 26 12:51:55 2008 From: jan-oliver.wagner at intevation.de (Jan-Oliver Wagner) Date: Fri, 26 Sep 2008 12:51:55 +0200 Subject: [Openvas-discuss] OpenVAS Os FingerPrint enhancements through XML parsing In-Reply-To: <345696.68062.qm@web26005.mail.ukl.yahoo.com> References: <345696.68062.qm@web26005.mail.ukl.yahoo.com> Message-ID: <200809261251.57638.jan-oliver.wagner@intevation.de> On Donnerstag, 18. September 2008, Christian Eric EDJENGUELE wrote: > I think it should be very insteresting to perform openvas os fingerprint mechanism, > by integrating an xml parser like sax (simple api for xml), to enhance plugins development. > I've used this technique and it's very productive. > so I've developed a routine to make thinks more easy, here the explainations: FYI: I've send an an answer on this email on openvas-plugins: http://lists.wald.intevation.org/pipermail/openvas-plugins/2008-September/000129.html Best Jan -- Dr. Jan-Oliver Wagner Intevation GmbH, Osnabr?ck Amtsgericht Osnabr?ck, HR B 18998 http://www.intevation.de/ Gesch?ftsf?hrer: Frank Koormann, Bernhard Reiter, Dr. Jan-Oliver Wagner