From bchandra at secpod.com Wed Apr 1 07:47:55 2009 From: bchandra at secpod.com (Chandrashekhar B) Date: Wed, 1 Apr 2009 11:17:55 +0530 Subject: [Openvas-discuss] [Openvas-plugins] Conficker worm detection -OpenVAS plugins In-Reply-To: <200903312146.19680.timb@nth-dimension.org.uk> References: <200903312146.19680.timb@nth-dimension.org.uk> Message-ID: > *snip* >> to detect patch condition of MS08-067. The plugin 900055 requires SMB >> credentials and verifies if the required hotfix is installed through >> Windows Registry and verifying the updated file versions. The plugin 900056 >> is a Proof of Concept exploit that tries to crash the server service >> (safe_checks has to be disabled). This can work on anonymous login >> credentials if the target system allows anonymous login (Windows 2000 by >> default allows anonymous login). The plugin checks the RPC response status >> of an un-patched system. > This is all true but it doesn't really go far enough since it only looks for > the original vulnerability and not Conficker. I started working on a check > for Conficker last night and got someway before I noticed a glaring problem > but nothing which at this stage is complete. I've attached the plugin in > rough form here if anyone wants to take it up. We'll try and test this on Win2K and XP systems. I think slight modifications to the request to ntrPathCanonicalize. Unless the target system allows, is there a means to check the system anonymously? Other scanners seem to claim that detection is anonymous. I couldn't think of a way. I was looking at writing a NASL to directly check for Conficker infected systems through registry or files etc., but there looks to be too much of randomness in the worm's behavior. > The problems I've had so far > is the lack of support for non-clear text authentication in the OpenVAS SMB > implementation which is limiting my ability to test here, as I only have > 2003/Vista systems to play with. I've diverted to start working on that and > will be sending another email shortly to openvas-devel regarding this. The current smb_nt.inc only provides clear text based authentication. nasl_crypto was removed from the Nessus and I think re-introduced in a different form. Hence the proposal to integrate Samba to get NTLM based auth. However, introducing the crypto code would be very useful as it is very difficult to achieve the SMB packet crafting facility through SAMBA exposed API's. The only issue introducing crypto functionality would be to keep it updated as the changes in the OS comes in. Another difficulty is when the target OS enforces SMB signing and encryption, need to support this as well. Thanks, Chandra. www.secpod.com From marc.rennhard at zhaw.ch Wed Apr 1 08:08:40 2009 From: marc.rennhard at zhaw.ch (Marc Rennhard) Date: Wed, 01 Apr 2009 08:08:40 +0200 Subject: [Openvas-discuss] Setting Plugin Timeout not working? In-Reply-To: <200903312242.04367.timb@nth-dimension.org.uk> References: <49D220FE.5070400@zhaw.ch> <200903312242.04367.timb@nth-dimension.org.uk> Message-ID: <49D304E8.5000806@zhaw.ch> Hi Tim > How long does nikto run for, if you run it manually with the same options. It > may be my misunderstanding but the timeouts that are set on the plugin are > only for the plugin itself. In the case of the nikto plugin it launches > nikto as a separate process. The timeout has no control over the lifetime of > the nikto process itself (except *maybe* if nikto was to overrun the plugin > timeout?). I'm not totally familiar with the plugin scheduling though, so I > expect someone else to provide a better answer ;). Nikto itself requires about 15 minutes to finish scanning the target host and it is still running (and actually terminated) after the openvas timeout of 320 seconds is reached. So everything seems to be OK except that the plugin shouldn't be terminated. Cheers, Marc From jan-oliver.wagner at intevation.de Wed Apr 1 08:57:38 2009 From: jan-oliver.wagner at intevation.de (Jan-Oliver Wagner) Date: Wed, 1 Apr 2009 07:57:38 +0100 Subject: [Openvas-discuss] Setting Plugin Timeout not working? In-Reply-To: <49D220FE.5070400@zhaw.ch> References: <49D220FE.5070400@zhaw.ch> Message-ID: <200904010857.40474.jan-oliver.wagner@intevation.de> On Dienstag, 31. M?rz 2009, Marc Rennhard wrote: > I tried to set the Nikto plugin timeout to 30 minutes by specifying 3000 > via the "Set Plugin Timout" button in the Nikto plugin details. However, > this had no effect as the Nikto scan still timed out after 320 seconds > (default value specified in openvasd.conf) as can be seen in > openvasd.messages. > > I then changed the timeout setting in openvasd.conf from 320 to 3000 and > restarted openvasd, but interestingly, Nikto still timed out after 320 > seconds. > > What am I doing wrong? it is important to know which versions of the OpenVAS modules you are using. Best Jan -- Dr. Jan-Oliver Wagner | ++49-541-335083-0 | http://www.intevation.de/ Intevation GmbH, Neuer Graben 17, 49074 Osnabr?ck | AG Osnabr?ck, HR B 18998 Gesch?ftsf?hrer: Frank Koormann, Bernhard Reiter, Dr. Jan-Oliver Wagner From felix.wolfsteller at intevation.de Wed Apr 1 09:50:40 2009 From: felix.wolfsteller at intevation.de (Felix Wolfsteller) Date: Wed, 1 Apr 2009 09:50:40 +0200 Subject: [Openvas-discuss] Setting Plugin Timeout not working? Message-ID: <200904010950.40663.felix.wolfsteller@intevation.de> Hi Marc On Tuesday 31 March 2009 15:56:14 you wrote: > I tried to set the Nikto plugin timeout to 30 minutes by specifying 3000 > via the "Set Plugin Timout" button in the Nikto plugin details. However, > this had no effect as the Nikto scan still timed out after 320 seconds > (default value specified in openvasd.conf) as can be seen in > openvasd.messages. That is a known bug in the client and will be fixed with the next release (that is due very soon). Timeout-setting via client simply does not work. > I then changed the timeout setting in openvasd.conf from 320 to 3000 and > restarted openvasd, but interestingly, Nikto still timed out after 320 > seconds. That is weird. Did you restart the server? > What am I doing wrong? Nothing. -- felix -- Felix Wolfsteller | ++49-541-335 08 3451 | http://www.intevation.de/ PGP Key: 39DE0100 Intevation GmbH, Neuer Graben 17, 49074 Osnabr?ck | AG Osnabr?ck, HR B 18998 Gesch?ftsf?hrer: Frank Koormann, Bernhard Reiter, Dr. Jan-Oliver Wagner From bchandra at secpod.com Wed Apr 1 10:19:57 2009 From: bchandra at secpod.com (Chandrashekhar B) Date: Wed, 1 Apr 2009 13:49:57 +0530 Subject: [Openvas-discuss] Setting Plugin Timeout not working? In-Reply-To: <200904010950.40663.felix.wolfsteller@intevation.de> References: <200904010950.40663.felix.wolfsteller@intevation.de> Message-ID: <7FA214F721474BF198CCFB03EB9FC0F3@bchandra> On Tuesday 31 March 2009 15:56:14 you wrote: >> I tried to set the Nikto plugin timeout to 30 minutes by specifying 3000 >> via the "Set Plugin Timout" button in the Nikto plugin details. However, >> this had no effect as the Nikto scan still timed out after 320 seconds >> (default value specified in openvasd.conf) as can be seen in >> openvasd.messages. >That is a known bug in the client and will be fixed with the next release >(that is due very soon). Timeout-setting via client simply does not work. >> I then changed the timeout setting in openvasd.conf from 320 to 3000 and >> restarted openvasd, but interestingly, Nikto still timed out after 320 >> seconds. > That is weird. Did you restart the server? You may have to check plugins_timeout value in openvasrc and ensure that the same is being picked if you are running client in command line mode. >> What am I doing wrong? >Nothing. Chandra. From marc.rennhard at zhaw.ch Wed Apr 1 14:37:47 2009 From: marc.rennhard at zhaw.ch (Marc Rennhard) Date: Wed, 01 Apr 2009 14:37:47 +0200 Subject: [Openvas-discuss] Setting Plugin Timeout not working? In-Reply-To: <7FA214F721474BF198CCFB03EB9FC0F3@bchandra> References: <200904010950.40663.felix.wolfsteller@intevation.de> <7FA214F721474BF198CCFB03EB9FC0F3@bchandra> Message-ID: <49D3601B.40803@zhaw.ch> Dear all thanks for your replies. Using Chandra's hint worked for me. Cheers, Marc Chandrashekhar B wrote: > On Tuesday 31 March 2009 15:56:14 you wrote: >>> I tried to set the Nikto plugin timeout to 30 minutes by specifying 3000 >>> via the "Set Plugin Timout" button in the Nikto plugin details. However, >>> this had no effect as the Nikto scan still timed out after 320 seconds >>> (default value specified in openvasd.conf) as can be seen in >>> openvasd.messages. > >> That is a known bug in the client and will be fixed with the next release >> (that is due very soon). Timeout-setting via client simply does not work. > >>> I then changed the timeout setting in openvasd.conf from 320 to 3000 and >>> restarted openvasd, but interestingly, Nikto still timed out after 320 >>> seconds. > >> That is weird. Did you restart the server? > > You may have to check plugins_timeout value in openvasrc and ensure that the > same is being picked if you are running client in command line mode. > >>> What am I doing wrong? >> Nothing. > > > Chandra. > > _______________________________________________ > Openvas-discuss mailing list > Openvas-discuss at wald.intevation.org > http://lists.wald.intevation.org/mailman/listinfo/openvas-discuss -- Prof. Dr. Marc Rennhard, CISSP ZHAW Zuercher Hochschule f?r Angewandte Wissenschaften Institut fuer Angewandte Informationstechnologie InIT Schwerpunktleiter Information Security Technikumstrasse 9 / Postfach / CH-8401 Winterthur Buero TG 210 / Fon: +41 58 934-7245 / Fax: +41 58 935-7245 PGP-KeyID: 84AEB193, PGP encrypted mail welcome From timb at nth-dimension.org.uk Thu Apr 2 02:05:41 2009 From: timb at nth-dimension.org.uk (Tim Brown) Date: Thu, 2 Apr 2009 01:05:41 +0100 Subject: [Openvas-discuss] [Openvas-plugins] Conficker worm detection -OpenVAS plugins In-Reply-To: References: <200903312146.19680.timb@nth-dimension.org.uk> Message-ID: <200904020105.44488.timb@nth-dimension.org.uk> Chandra, Summarising my response to what you asked/stated yesterday on IRC (you'd already logged off for the day). The payload I submitted to you guys for MS08-067 is not the same as the one used by nmap for ms08-067, nmap actuaally uses a different payload developed later by one of my colleagues which is available from http://labs.portcullis.co.uk/. Moreover, neither are the same as the payload nmap uses for the Conficker check, since this validates whether Conficker's own custom patch for MS08-067 has been applied. Conficker's patch behaves differently from Microsoft's. The conficker NASL I sent round generates the nmap payload to test for Conficker but I was troubled by a) SMB authentication problems and b) as I note below I haven't had a chance to run it against a compromised system. We may be able to use my first payload to detect Conficker but for that... I/we need to run it against a Conficker infected box so that we see how it responds... I will ask around but as I have some good contacts in the AV / malware community. Indeed, we probably need to do that anyway so we can see how the SMB function in openvas decode the respond - smb_rev() in particular. Cheers, Tim -- Tim Brown From bchandra at secpod.com Thu Apr 2 06:56:49 2009 From: bchandra at secpod.com (Chandrashekhar B) Date: Thu, 2 Apr 2009 10:26:49 +0530 Subject: [Openvas-discuss] [Openvas-plugins] Conficker worm detection -OpenVAS plugins In-Reply-To: <200904020105.44488.timb@nth-dimension.org.uk> References: <200903312146.19680.timb@nth-dimension.org.uk> <200904020105.44488.timb@nth-dimension.org.uk> Message-ID: Hello Tim, -----Original Message----- From: Tim Brown [mailto:timb at nth-dimension.org.uk] Sent: Thursday, April 02, 2009 5:36 AM To: openvas-discuss at wald.intevation.org Cc: Chandrashekhar B; Openvas-plugins at wald.intevation.org Subject: Re: [Openvas-discuss] [Openvas-plugins] Conficker worm detection -OpenVAS plugins > The payload I submitted to you guys for MS08-067 is not the same as the one > used by nmap for ms08-067, nmap actuaally uses a different payload developed > later by one of my colleagues which is available from > http://labs.portcullis.co.uk/. I overlooked, just saw the reference in NMAP page to the above link and assumed so. > We may be able to use my first payload to detect Conficker but for that... > I/we need to run it against a Conficker infected box so that we see how it > responds... I will ask around but as I have some good contacts in the AV / > malware community. Indeed, we probably need to do that anyway so we can see > how the SMB function in openvas decode the respond - smb_rev() in > particular. That'll be useful. Thanks, Chandra. From santu at secpod.com Tue Apr 7 07:26:19 2009 From: santu at secpod.com (Antu Sanadi) Date: Tue, 07 Apr 2009 10:56:19 +0530 Subject: [Openvas-discuss] header intact Message-ID: <49DAE3FB.1070402@secpod.com> From jan-oliver.wagner at intevation.de Wed Apr 8 14:33:31 2009 From: jan-oliver.wagner at intevation.de (Jan-Oliver Wagner) Date: Wed, 8 Apr 2009 13:33:31 +0100 Subject: [Openvas-discuss] Preparing announcment for NVT#10000 Message-ID: <200904081433.33657.jan-oliver.wagner@intevation.de> Hi OpenVAS team, I drafted a announcment for the (upcoming) 10000th NVT. Any comments, suggestions? Best Jan OpenVAS now beyond 10000 Network Vulnerability Tests Passing the 10.000th Network Vulnerability Test (NVT) is a perfect occasion to report about the progress of the OpenVAS project[1]. In October 2008 the systematic development of new NVTs started with a base of around 5800 Tests. With the release of OpenVAS 2.0 in December 2008, the development was boosted and reached now an average of 10 code updates per day. The public OpenVAS NVT Feed Service delivers 3-10 new vulnerability tests every day. The significantly grown and globally distributed developer team will gather on the second OpenVAS developers conference[2] July 9-12 2009 in Germany. During the conference features and roadmap for OpenVAS 3.0 will be scheduled. The OpenVAS project is directly backed up and also supplemented with professional services[3] by a number of companies, namely Greenbone Networks, SecPod, Intevation and SecuritySpace. "Reaching the professional enterprise market is a good indicator that OpenVAS gained maturity very fast" says Tim Brown, founder of the OpenVAS project. While OpenVAS 3.0 will likely appear already in 2009, users of OpenVAS 1.0 should prepare to migrate as support for 1.0 will end during 2009. [1] www.openvas.org [2] www.openvas.org/openvas-devcon2.html [3] www.openvas.org/professional-services.html -- Dr. Jan-Oliver Wagner | ++49-541-335083-0 | http://www.intevation.de/ Intevation GmbH, Neuer Graben 17, 49074 Osnabr?ck | AG Osnabr?ck, HR B 18998 Gesch?ftsf?hrer: Frank Koormann, Bernhard Reiter, Dr. Jan-Oliver Wagner From bchandra at secpod.com Wed Apr 8 14:55:19 2009 From: bchandra at secpod.com (Chandrashekhar B) Date: Wed, 8 Apr 2009 18:25:19 +0530 Subject: [Openvas-discuss] Preparing announcment for NVT#10000 In-Reply-To: <200904081433.33657.jan-oliver.wagner@intevation.de> References: <200904081433.33657.jan-oliver.wagner@intevation.de> Message-ID: <3BBC1CC099CD4F4C8F14A538E5142D9A@bchandra> Looks good! We should also mention about the cleanup activity to eliminate most plugin warnings and missing dependencies. We should reach 10000 this week itself. Chandra. -----Original Message----- From: openvas-discuss-bounces at wald.intevation.org [mailto:openvas-discuss-bounces at wald.intevation.org] On Behalf Of Jan-Oliver Wagner Sent: Wednesday, April 08, 2009 6:04 PM To: openvas-discuss at wald.intevation.org Subject: [Openvas-discuss] Preparing announcment for NVT#10000 Hi OpenVAS team, I drafted a announcment for the (upcoming) 10000th NVT. Any comments, suggestions? Best Jan OpenVAS now beyond 10000 Network Vulnerability Tests Passing the 10.000th Network Vulnerability Test (NVT) is a perfect occasion to report about the progress of the OpenVAS project[1]. In October 2008 the systematic development of new NVTs started with a base of around 5800 Tests. With the release of OpenVAS 2.0 in December 2008, the development was boosted and reached now an average of 10 code updates per day. The public OpenVAS NVT Feed Service delivers 3-10 new vulnerability tests every day. The significantly grown and globally distributed developer team will gather on the second OpenVAS developers conference[2] July 9-12 2009 in Germany. During the conference features and roadmap for OpenVAS 3.0 will be scheduled. The OpenVAS project is directly backed up and also supplemented with professional services[3] by a number of companies, namely Greenbone Networks, SecPod, Intevation and SecuritySpace. "Reaching the professional enterprise market is a good indicator that OpenVAS gained maturity very fast" says Tim Brown, founder of the OpenVAS project. While OpenVAS 3.0 will likely appear already in 2009, users of OpenVAS 1.0 should prepare to migrate as support for 1.0 will end during 2009. [1] www.openvas.org [2] www.openvas.org/openvas-devcon2.html [3] www.openvas.org/professional-services.html -- Dr. Jan-Oliver Wagner | ++49-541-335083-0 | http://www.intevation.de/ Intevation GmbH, Neuer Graben 17, 49074 Osnabr?ck | AG Osnabr?ck, HR B 18998 Gesch?ftsf?hrer: Frank Koormann, Bernhard Reiter, Dr. Jan-Oliver Wagner _______________________________________________ Openvas-discuss mailing list Openvas-discuss at wald.intevation.org http://lists.wald.intevation.org/mailman/listinfo/openvas-discuss From matt at mundell.ukfsn.org Wed Apr 8 15:40:55 2009 From: matt at mundell.ukfsn.org (Matthew Mundell) Date: 08 Apr 2009 13:39:55 -0001 Subject: [Openvas-discuss] Preparing announcment for NVT#10000 In-Reply-To: Message of Wed, 8 Apr 2009 13:33:31 +0100. <200904081433.33657.jan-oliver.wagner@intevation.de> Message-ID: <20090408134012.8733DDEBB9@mail.ukfsn.org> > Hi OpenVAS team, > > I drafted a announcment for the (upcoming) 10000th NVT. > Any comments, suggestions? Just some grammar suggestions. > Best > > Jan > > > OpenVAS now beyond 10000 Network Vulnerability Tests > > Passing the 10.000th Network Vulnerability Test (NVT) is a perfect > occasion to report about the progress of the OpenVAS project[1]. > > In October 2008 the systematic development of new NVTs > started with a base of around 5800 Tests. With the release > of OpenVAS 2.0 in December 2008, the development was boosted > and reached now an average of 10 code updates per day. ..and has now reached... > The public OpenVAS NVT Feed Service delivers 3-10 new vulnerability > tests every day. > > The significantly grown and globally distributed developer team > will gather on the second OpenVAS developers conference[2] July 9-12 2009 ..gather at the... > in Germany. During the conference features and roadmap for OpenVAS 3.0 ..and a roadmap... > will be scheduled. > > The OpenVAS project is directly backed up and also supplemented with I think "backed up" should just be "backed", as in the phrase "directly backed by". "backed up" makes me think of backing up data. This is quite a long sentence. Maybe the it should be separated into two sentences? The OpenVAS project is backed by xxx. A number of companies also supplement the project with professional services, namely yyy. or something like The OpenVAS project is backed by a number of companies, which also supplement the project with professional services. These companies include xxx. > professional services[3] by a number of companies, namely Greenbone Networks, > SecPod, Intevation and SecuritySpace. > "Reaching the professional enterprise market is a good indicator that > OpenVAS gained maturity very fast" says Tim Brown, founder of the > OpenVAS project. > > While OpenVAS 3.0 will likely appear already in 2009, users of OpenVAS 1.0 I think "already" is out of place or the wrong choice of word. It could just read "will likely appear in 2009". Maybe I'm nitpicking. > should prepare to migrate as support for 1.0 will end during 2009. > > [1] www.openvas.org > [2] www.openvas.org/openvas-devcon2.html > [3] www.openvas.org/professional-services.html > > -- > Dr. Jan-Oliver Wagner | ++49-541-335083-0 | http://www.intevation.de/ > Intevation GmbH, Neuer Graben 17, 49074 Osnabrück | AG Osnabrück, HR B 18998 > Geschäftsführer: Frank Koormann, Bernhard Reiter, Dr. Jan-Oliver Wagner > _______________________________________________ > Openvas-discuss mailing list > Openvas-discuss at wald.intevation.org > http://lists.wald.intevation.org/mailman/listinfo/openvas-discuss From jan-oliver.wagner at intevation.de Thu Apr 9 09:05:22 2009 From: jan-oliver.wagner at intevation.de (Jan-Oliver Wagner) Date: Thu, 9 Apr 2009 08:05:22 +0100 Subject: [Openvas-discuss] Preparing announcment for NVT#10000 In-Reply-To: <20090408134012.8733DDEBB9@mail.ukfsn.org> References: <20090408134012.8733DDEBB9@mail.ukfsn.org> Message-ID: <200904090905.25664.jan-oliver.wagner@intevation.de> Hi Matt, On Mittwoch, 8. April 2009, Matthew Mundell wrote: > Just some grammar suggestions. thanks for the valuable suggestions! I considered them all for the text. Best Jan -- Dr. Jan-Oliver Wagner | ++49-541-335083-0 | http://www.intevation.de/ Intevation GmbH, Neuer Graben 17, 49074 Osnabr?ck | AG Osnabr?ck, HR B 18998 Gesch?ftsf?hrer: Frank Koormann, Bernhard Reiter, Dr. Jan-Oliver Wagner From akinstur at yahoo.com Mon Apr 13 00:07:34 2009 From: akinstur at yahoo.com (A S) Date: Sun, 12 Apr 2009 15:07:34 -0700 (PDT) Subject: [Openvas-discuss] Empty reports in Ubuntu 8.10 Message-ID: <41371.55890.qm@web62304.mail.re1.yahoo.com> Hello everyone, I'm new to OpenVAS. I'm trying to do a security check of a web server I'm setting up, but all of my reports are coming up empty. I've followed the compendium at openvas.org carefully (I think), so I'm not sure whether I'm doing something wrong or there's a bug. I installed version 2.0 from source under Ubuntu 8.10. The specific package versions are as follows: client 2.0.3, libnasl 2.0.1, libraries 2.0.1, plugins 1.0.6, server 2.0.1. All dependencies were satisfied during installation. I then generated a user and certificate using the provided scripts, and the user is authorized to test any target. I'm using it as follows: 1. Start openvasd from the command prompt by typing "sudo openvasd". It loads the plugins and then responds "All plugins loaded." 2. Start the client from the main menu. 3. Select ports to scan (default), concurrent tests (I've tried 1 and 4), and make sure the "automatically and silently load dependencies" boxes are checked. 4. Connect using my username and key password. 5. Check NVTs to perform from the Options window. 6. Use the assisant to select the target, and click execute. 7. Enter my password at the prompt. At this point the "connecting" window appears, then gives way to a small window with two progress bars, "Portscan" and "Checks." A quick glance at Wireshark indicates that OpenVAS *is* connecting to the target. But the Portscan and Checks bars stay at 0% for a minute or two, then checks goes to 100%, and the report window appears--but it's blank. The messages in openvasd.messages suggest that the scan was performed: user starts a new scan... user testing... finished testing... test complete. There's not much interesting in openvasd.dump, except a note that I haven't authenticated for local tests on the target (I'm not doing local tests) and warnings that a number of irrelevant script dependencies aren't satisfied. Am I doing something wrong, or is this a bug? Any feedback would be appreciated. Also, I'm happy to send more information or file a bug report if appropriate. Just let me know what you all need. Many thanks, Andrew -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.wald.intevation.org/pipermail/openvas-discuss/attachments/20090412/693be9e1/attachment.html From mcd at kanjisoft.com Mon Apr 13 01:51:19 2009 From: mcd at kanjisoft.com (mcd@kanjisoft.com) Date: Sun, 12 Apr 2009 17:51:19 -0600 (MDT) Subject: [Openvas-discuss] Question on IPv6 status Message-ID: <52681.24.91.169.167.1239580279.squirrel@box512.bluehost.com> Hello, I noticed on the that there was a proposal made earlier this year to modify OpenVAS for IPv6. Since IPv6 is showing signs of life, (e.g. Bit Torrent), it might be helpful to have this capability. Are there any plans to go ahead and implement this? From timb at nth-dimension.org.uk Mon Apr 13 02:06:36 2009 From: timb at nth-dimension.org.uk (Tim Brown) Date: Mon, 13 Apr 2009 01:06:36 +0100 Subject: [Openvas-discuss] Empty reports in Ubuntu 8.10 In-Reply-To: <41371.55890.qm@web62304.mail.re1.yahoo.com> References: <41371.55890.qm@web62304.mail.re1.yahoo.com> Message-ID: <200904130106.38086.timb@nth-dimension.org.uk> Hi Andrew, Definately sounds like something is amiss. Can't see anything obvious in your work flow, so I would suggest that you file a bug. You can find our tracker at http://bugs.openvas.org/. That way we can begin investigating the problem in a more structured fashion. Cheers, Tim -- Tim Brown From akinstur at yahoo.com Mon Apr 13 04:41:40 2009 From: akinstur at yahoo.com (A S) Date: Sun, 12 Apr 2009 19:41:40 -0700 (PDT) Subject: [Openvas-discuss] Empty reports in Ubuntu 8.10 In-Reply-To: <200904130106.38086.timb@nth-dimension.org.uk> Message-ID: <544741.522.qm@web62301.mail.re1.yahoo.com> Done. #954. Thanks, and let me know what else I can do. --Andrew --- On Sun, 4/12/09, Tim Brown wrote: From: Tim Brown Subject: Re: [Openvas-discuss] Empty reports in Ubuntu 8.10 To: openvas-discuss at wald.intevation.org, akinstur at yahoo.com Date: Sunday, April 12, 2009, 8:06 PM Hi Andrew, Definately sounds like something is amiss. Can't see anything obvious in your work flow, so I would suggest that you file a bug. You can find our tracker at http://bugs.openvas.org/. That way we can begin investigating the problem in a more structured fashion. Cheers, Tim -- Tim Brown -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.wald.intevation.org/pipermail/openvas-discuss/attachments/20090412/994934e9/attachment.htm From bchandra at secpod.com Mon Apr 13 13:08:27 2009 From: bchandra at secpod.com (Chandrashekhar B) Date: Mon, 13 Apr 2009 16:38:27 +0530 Subject: [Openvas-discuss] Empty reports in Ubuntu 8.10 In-Reply-To: <544741.522.qm@web62301.mail.re1.yahoo.com> References: <200904130106.38086.timb@nth-dimension.org.uk> <544741.522.qm@web62301.mail.re1.yahoo.com> Message-ID: <72395BEE942040D5B78E8D00BBABD512@bchandra> Hello Andrew, Set log_whole_attack = yes in openvasd.conf to get more information in openvasd.messages, it'll give details on each plugin that is launching. Also set silent_dependencies = no. Additionally, it would be good if you can monitor the KB items that are getting set, /usr/local/var/lib/openvas/users/OPENVAS_USER/kbs/TARGET_IP (/usr/local varies according to the installations) Please update the bug report with this information. Thanks, Chandra. ________________________________________ From: openvas-discuss-bounces at wald.intevation.org [mailto:openvas-discuss-bounces at wald.intevation.org] On Behalf Of A S Sent: Monday, April 13, 2009 8:12 AM To: openvas-discuss at wald.intevation.org; Tim Brown Subject: Re: [Openvas-discuss] Empty reports in Ubuntu 8.10 Done. #954. Thanks, and let me know what else I can do. --Andrew --- On Sun, 4/12/09, Tim Brown wrote: From: Tim Brown Subject: Re: [Openvas-discuss] Empty reports in Ubuntu 8.10 To: openvas-discuss at wald.intevation.org, akinstur at yahoo.com Date: Sunday, April 12, 2009, 8:06 PM Hi Andrew, Definately sounds like something is amiss. Can't see anything obvious in your work flow, so I would suggest that you file a bug. You can find our tracker at http://bugs.openvas.org/. That way we can begin investigating the problem in a more structured fashion. Cheers, Tim -- Tim Brown From jan-oliver.wagner at intevation.de Mon Apr 13 21:59:54 2009 From: jan-oliver.wagner at intevation.de (Jan-Oliver Wagner) Date: Mon, 13 Apr 2009 21:59:54 +0200 Subject: [Openvas-discuss] Question on IPv6 status In-Reply-To: <52681.24.91.169.167.1239580279.squirrel@box512.bluehost.com> References: <52681.24.91.169.167.1239580279.squirrel@box512.bluehost.com> Message-ID: <200904132159.55167.jan-oliver.wagner@intevation.de> Hello, On Monday 13 April 2009 01:51:19 mcd at kanjisoft.com wrote: > I noticed on the that there was a proposal made earlier this year to > modify OpenVAS for IPv6. Since IPv6 is showing signs of life, (e.g. Bit > Torrent), it might be helpful to have this capability. Are there any plans > to go ahead and implement this? The team is limited compared to the large number of ideas for extensions/improvements. So we have to conquer feature-land step by step. One of the next steps sould be IPv6 ;-) Best Jan -- Dr. Jan-Oliver Wagner | ++49-541-335 08 30 | http://www.intevation.de/ Intevation GmbH, Neuer Graben 17, 49074 Osnabr?ck | AG Osnabr?ck, HR B 18998 Gesch?ftsf?hrer: Frank Koormann, Bernhard Reiter, Dr. Jan-Oliver Wagner From hobbes at vaxer.net Mon Apr 13 22:26:50 2009 From: hobbes at vaxer.net (HObbES) Date: Mon, 13 Apr 2009 13:26:50 -0700 Subject: [Openvas-discuss] Local checks? Message-ID: <20090413202650.GA5826@maple.vaxer.net> Is OpenVas doing local checks? I can't find any docs on local checks in Nessus, and I'm trying to get more information on writing my own. Thanks, -Anne -- It is proverbial that from (\`--/') _ _______ .-r-. a hungry tiger and an >.~.\ `` ` `,`,`. ,'_'~`. affectionate woman there is (v_," ; `,-\ ; : ; \/,-~) \ no escape. -Ernest Bramah `--'_..),-/ ' ' '_.>-' )`.`.__.') hobbes at vaxer dot net ((,((,__..'~~~~~~((,__..' `-..-'fL From akinstur at yahoo.com Tue Apr 14 04:31:38 2009 From: akinstur at yahoo.com (A S) Date: Mon, 13 Apr 2009 19:31:38 -0700 (PDT) Subject: [Openvas-discuss] Empty reports in Ubuntu 8.10 In-Reply-To: <72395BEE942040D5B78E8D00BBABD512@bchandra> Message-ID: <875824.62295.qm@web62307.mail.re1.yahoo.com> I redid the test and posted the details to the bug. Thanks, and let me know what else is needed. I'm happy to redo it with different parameters or provide more information on my system if needed. --Andrew --- On Mon, 4/13/09, Chandrashekhar B wrote: From: Chandrashekhar B Subject: RE: [Openvas-discuss] Empty reports in Ubuntu 8.10 To: akinstur at yahoo.com, openvas-discuss at wald.intevation.org Date: Monday, April 13, 2009, 7:08 AM Hello Andrew, Set log_whole_attack = yes in openvasd.conf to get more information in openvasd.messages, it'll give details on each plugin that is launching. Also set silent_dependencies = no. Additionally, it would be good if you can monitor the KB items that are getting set, /usr/local/var/lib/openvas/users/OPENVAS_USER/kbs/TARGET_IP (/usr/local varies according to the installations) Please update the bug report with this information. Thanks, Chandra. ________________________________________ From: openvas-discuss-bounces at wald.intevation.org [mailto:openvas-discuss-bounces at wald.intevation.org] On Behalf Of A S Sent: Monday, April 13, 2009 8:12 AM To: openvas-discuss at wald.intevation.org; Tim Brown Subject: Re: [Openvas-discuss] Empty reports in Ubuntu 8.10 Done. #954. Thanks, and let me know what else I can do. --Andrew --- On Sun, 4/12/09, Tim Brown wrote: From: Tim Brown Subject: Re: [Openvas-discuss] Empty reports in Ubuntu 8.10 To: openvas-discuss at wald.intevation.org, akinstur at yahoo.com Date: Sunday, April 12, 2009, 8:06 PM Hi Andrew, Definately sounds like something is amiss. Can't see anything obvious in your work flow, so I would suggest that you file a bug. You can find our tracker at http://bugs.openvas.org/. That way we can begin investigating the problem in a more structured fashion. Cheers, Tim -- Tim Brown -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.wald.intevation.org/pipermail/openvas-discuss/attachments/20090413/464e664f/attachment.htm From michael.wiegand at intevation.de Tue Apr 14 08:30:44 2009 From: michael.wiegand at intevation.de (Michael Wiegand) Date: Tue, 14 Apr 2009 08:30:44 +0200 Subject: [Openvas-discuss] Local checks? In-Reply-To: <20090413202650.GA5826@maple.vaxer.net> References: <20090413202650.GA5826@maple.vaxer.net> Message-ID: <20090414063044.GA23452@intevation.de> * HObbES [13. Apr 2009]: > Is OpenVas doing local checks? I can't find any docs on local checks > in Nessus, and I'm trying to get more information on writing my own. There are quite a number of local security checks, primarily for Linux distributions and for Windows. They mostly work by using ssh (Linux) or smb (Windows) to retrieve information from the target. An existing account on the target is of course necessary for this. There is some information on LSCs on the website and in the compendium. A number of people are writting LSCs already, so the openvas-plugins list or IRC are a good place to ask. And if you have any suggestions as to how the documentation for LSCs could be improved ... well, you know what to do. :) Regards, Michael -- Michael Wiegand | OpenPGP: D7D049EC | Intevation GmbH - www.intevation.de Neuer Graben 17, 49074 Osnabr?ck, Germany | AG Osnabr?ck, HR B 18998 Gesch?ftsf?hrer: Frank Koormann, Bernhard Reiter, Dr. Jan-Oliver Wagner -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 198 bytes Desc: not available Url : http://lists.wald.intevation.org/pipermail/openvas-discuss/attachments/20090414/bba980cc/attachment.pgp From dk at alienvault.com Wed Apr 15 10:01:52 2009 From: dk at alienvault.com (Dominique Karg) Date: Wed, 15 Apr 2009 10:01:52 +0200 Subject: [Openvas-discuss] Any news on OpenVAS debian packages? Message-ID: <69D322FD-1F7E-4847-88B3-FF900AAFEC99@alienvault.com> Hey all, just wanted to bump this again since I'd really would love to replace Nessus with OpenVAS in the upcoming OSSIM release. Any news? Thanks in advance :-) Dominique From jan-oliver.wagner at intevation.de Wed Apr 15 14:53:55 2009 From: jan-oliver.wagner at intevation.de (Jan-Oliver Wagner) Date: Wed, 15 Apr 2009 14:53:55 +0200 Subject: [Openvas-discuss] Any news on OpenVAS debian packages? In-Reply-To: <69D322FD-1F7E-4847-88B3-FF900AAFEC99@alienvault.com> References: <69D322FD-1F7E-4847-88B3-FF900AAFEC99@alienvault.com> Message-ID: <200904151453.57872.jan-oliver.wagner@intevation.de> On Mittwoch, 15. April 2009, Dominique Karg wrote: > just wanted to bump this again since I'd really would love to replace > Nessus with OpenVAS in the upcoming OSSIM release. what is the timeline? Lenny, I guess? > Any news? Here at Intevation we prepared the OpenVAS-Client 2.0.2 for Etch and Lenny recently. Now we are working on 2.0.3, should be uploadable this week. Here at Greenbone we have Lenny packages for the server but they are heavily customized and not generally useful. Are you planning to take packages as they come or are you just seeking for source packages to rebuild for OSSIM? Best Jan -- Dr. Jan-Oliver Wagner | ++49-541-335083-0 | http://www.intevation.de/ Intevation GmbH, Neuer Graben 17, 49074 Osnabr?ck | AG Osnabr?ck, HR B 18998 Gesch?ftsf?hrer: Frank Koormann, Bernhard Reiter, Dr. Jan-Oliver Wagner From dk at alienvault.com Wed Apr 15 15:00:25 2009 From: dk at alienvault.com (Dominique Karg) Date: Wed, 15 Apr 2009 15:00:25 +0200 Subject: [Openvas-discuss] Any news on OpenVAS debian packages? In-Reply-To: <200904151453.57872.jan-oliver.wagner@intevation.de> References: <69D322FD-1F7E-4847-88B3-FF900AAFEC99@alienvault.com> <200904151453.57872.jan-oliver.wagner@intevation.de> Message-ID: <469884DF-08F2-44B0-A7BF-17CDB8208B32@alienvault.com> Hello Jan, Am 15.04.2009 um 14:53 schrieb Jan-Oliver Wagner: > On Mittwoch, 15. April 2009, Dominique Karg wrote: >> just wanted to bump this again since I'd really would love to replace >> Nessus with OpenVAS in the upcoming OSSIM release. > > what is the timeline? > Lenny, I guess? Should be in about three weeks if nothing serious breaks among testing. Yes, Lenny. > > >> Any news? > > Here at Intevation we prepared the OpenVAS-Client 2.0.2 for Etch and > Lenny > recently. Now we are working on 2.0.3, should be uploadable this week. > > Here at Greenbone we have Lenny packages for the server but they are > heavily > customized and not generally useful. > Are you planning to take packages as they come or are you just > seeking for > source packages to rebuild for OSSIM? I don't think we need to modify anything, so rebuilding isn't needed. Packages as they are are fine :-) Thanks a lot, Dominique > > > Best > > Jan > > -- > Dr. Jan-Oliver Wagner | ++49-541-335083-0 | http:// > www.intevation.de/ > Intevation GmbH, Neuer Graben 17, 49074 Osnabr?ck | AG Osnabr?ck, HR > B 18998 > Gesch?ftsf?hrer: Frank Koormann, Bernhard Reiter, Dr. Jan-Oliver > Wagner > _______________________________________________ > Openvas-discuss mailing list > Openvas-discuss at wald.intevation.org > http://lists.wald.intevation.org/mailman/listinfo/openvas-discuss From schaerf at users.sourceforge.net Wed Apr 15 16:24:44 2009 From: schaerf at users.sourceforge.net (Marco Schaerfke) Date: Wed, 15 Apr 2009 16:24:44 +0200 Subject: [Openvas-discuss] False positive security holes ? Message-ID: <49E5EE2C.3030105@users.sourceforge.net> Dear all, I have a problem to understand openvas messages. I would like to give an example. After a scan I found the following security hole on my PC: Overview: This host is running WinAsm Studio and is prone to Heap Overflow Vulnerability. CVSS Score: CVSS Base Score : 9.0 (AV:N/AC:L/Au:NR/C:P/I:P/A:C) CVSS Temporal Score : 8.1 Risk factor: Critical OpenVAS ID : 1.3.6.1.4.1.25623.1.0.900532 With the OpenVas link I found the NVT responsible for the security warnings: (openvas: trunk/openvas-plugins/scripts/secpod_winasm_studio_wap_bof_vuln.nasl) I am not a expert but I think that the code looks for the presence of the file WinAsm.exe winasmPath1 = progDir + "\WinAsm\WinAsm.exe"; winasmPath2 = progDir - "Program Files" + "\WinAsm\WinAsm.exe"; foreach path (make_list(winasmPath1, winasmPath2)) { share = ereg_replace(pattern:"([A-Z]):.*",replace:"\1$",string:path); file = ereg_replace(pattern:"[A-Z]:(.*)",replace:"\1",string:path); version = GetVer(file:file, share:share); if(version != NULL){ break; } if(version_is_less_equal(version:version, test_version:"5.1.5.0")){ security_hole(0); } I look with help of the explorer also for that file, but I am unable to find it. Could it be that the code above is wrong ? Thanks for help. Cheers Marco } From jan-oliver.wagner at intevation.de Wed Apr 15 17:04:29 2009 From: jan-oliver.wagner at intevation.de (Jan-Oliver Wagner) Date: Wed, 15 Apr 2009 17:04:29 +0200 Subject: [Openvas-discuss] False positive security holes ? In-Reply-To: <49E5EE2C.3030105@users.sourceforge.net> References: <49E5EE2C.3030105@users.sourceforge.net> Message-ID: <200904151704.32389.jan-oliver.wagner@intevation.de> On Mittwoch, 15. April 2009, Marco Schaerfke wrote: > if(version_is_less_equal(version:version, test_version:"5.1.5.0")){ > security_hole(0); > } > > > I look with help of the explorer also for that file, but I am unable to find it. Could it be that the code above is wrong ? perhaps "version" contains wrongly crafted strings that result in true. Some debug_messages should help to find out. Best Jan -- Dr. Jan-Oliver Wagner | ++49-541-335083-0 | http://www.intevation.de/ Intevation GmbH, Neuer Graben 17, 49074 Osnabr?ck | AG Osnabr?ck, HR B 18998 Gesch?ftsf?hrer: Frank Koormann, Bernhard Reiter, Dr. Jan-Oliver Wagner From bchandra at secpod.com Wed Apr 15 18:35:46 2009 From: bchandra at secpod.com (Chandrashekhar B) Date: Wed, 15 Apr 2009 22:05:46 +0530 Subject: [Openvas-discuss] False positive security holes ? In-Reply-To: <49E5EE2C.3030105@users.sourceforge.net> References: <49E5EE2C.3030105@users.sourceforge.net> Message-ID: Hello Marco, Thanks for reporting. There was a bug in the code which is fixed now. Please get the latest code from svn. Thanks, Chandra. -----Original Message----- From: openvas-discuss-bounces at wald.intevation.org [mailto:openvas-discuss-bounces at wald.intevation.org] On Behalf Of Marco Schaerfke Sent: Wednesday, April 15, 2009 7:55 PM To: openvas-discuss at wald.intevation.org Subject: [Openvas-discuss] False positive security holes ? Dear all, I have a problem to understand openvas messages. I would like to give an example. After a scan I found the following security hole on my PC: Overview: This host is running WinAsm Studio and is prone to Heap Overflow Vulnerability. CVSS Score: CVSS Base Score : 9.0 (AV:N/AC:L/Au:NR/C:P/I:P/A:C) CVSS Temporal Score : 8.1 Risk factor: Critical OpenVAS ID : 1.3.6.1.4.1.25623.1.0.900532 With the OpenVas link I found the NVT responsible for the security warnings: (openvas: trunk/openvas-plugins/scripts/secpod_winasm_studio_wap_bof_vuln.nasl) I am not a expert but I think that the code looks for the presence of the file WinAsm.exe winasmPath1 = progDir + "\WinAsm\WinAsm.exe"; winasmPath2 = progDir - "Program Files" + "\WinAsm\WinAsm.exe"; foreach path (make_list(winasmPath1, winasmPath2)) { share = ereg_replace(pattern:"([A-Z]):.*",replace:"\1$",string:path); file = ereg_replace(pattern:"[A-Z]:(.*)",replace:"\1",string:path); version = GetVer(file:file, share:share); if(version != NULL){ break; } if(version_is_less_equal(version:version, test_version:"5.1.5.0")){ security_hole(0); } I look with help of the explorer also for that file, but I am unable to find it. Could it be that the code above is wrong ? Thanks for help. Cheers Marco } _______________________________________________ Openvas-discuss mailing list Openvas-discuss at wald.intevation.org http://lists.wald.intevation.org/mailman/listinfo/openvas-discuss From wcopenhaver at utep.edu Wed Apr 15 19:59:27 2009 From: wcopenhaver at utep.edu (Copenhaver, Walter A) Date: Wed, 15 Apr 2009 11:59:27 -0600 Subject: [Openvas-discuss] Problem with remote host not using the good versions of the Nessus prorocol Message-ID: <0E62A7D945C2B0499CE043D97516E54F03C449A2@itdsrvmail00.utep.edu> Hello, I installed openvas-server and openvas-plugins on an Linux server (Archlinux). I can start, stop, and restart the daemon without any errors. I also installed the server certificate using the openvas-mkcert tool, and I added a user using the openvas-adduser tool. Everything seems to be working correctly on the server side. The problem is that when I try to connect to the server from a remote computer. I installed the client on the Windows XP computer. When I try to connect to the server via the client I go to file->connect and type in the IP, port, login, password and check the box for "Use SSL encryption" on the "Connect to OpenVAS Server" dialog. When I click "Ok" in this dialog I get another dialog asking me if I want to accept the server certificate or not. When I click "yes", to accept the certificate, I get the error "Remote host is not using the good version of the Nessus communication protocol (1.2) or is tcpwrapper". I notice that the port open on the server is 9390 instead of 1241, is this an issue? Can someone help me? Thank you for your time. -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.wald.intevation.org/pipermail/openvas-discuss/attachments/20090415/b18aff72/attachment.html From jan-oliver.wagner at intevation.de Thu Apr 16 00:52:28 2009 From: jan-oliver.wagner at intevation.de (Jan-Oliver Wagner) Date: Thu, 16 Apr 2009 00:52:28 +0200 Subject: [Openvas-discuss] Problem with remote host not using the good versions of the Nessus prorocol In-Reply-To: <0E62A7D945C2B0499CE043D97516E54F03C449A2@itdsrvmail00.utep.edu> References: <0E62A7D945C2B0499CE043D97516E54F03C449A2@itdsrvmail00.utep.edu> Message-ID: <200904160052.29005.jan-oliver.wagner@intevation.de> On Wednesday 15 April 2009 19:59:27 Copenhaver, Walter A wrote: > I installed openvas-server and openvas-plugins on an Linux server > (Archlinux). I can start, stop, and restart the daemon without any > errors. I also installed the server certificate using the > openvas-mkcert which versions of the modules openvas-libraries, openvas-libnasl, openvas- server, opernvas-plugins and openvas-client are you using? Best Jan -- Dr. Jan-Oliver Wagner | ++49-541-335 08 30 | http://www.intevation.de/ Intevation GmbH, Neuer Graben 17, 49074 Osnabr?ck | AG Osnabr?ck, HR B 18998 Gesch?ftsf?hrer: Frank Koormann, Bernhard Reiter, Dr. Jan-Oliver Wagner From michael.wiegand at intevation.de Thu Apr 16 08:08:56 2009 From: michael.wiegand at intevation.de (Michael Wiegand) Date: Thu, 16 Apr 2009 08:08:56 +0200 Subject: [Openvas-discuss] Problem with remote host not using the good versions of the Nessus prorocol In-Reply-To: <0E62A7D945C2B0499CE043D97516E54F03C449A2@itdsrvmail00.utep.edu> References: <0E62A7D945C2B0499CE043D97516E54F03C449A2@itdsrvmail00.utep.edu> Message-ID: <20090416060855.GA28067@intevation.de> * Copenhaver, Walter A [15. Apr 2009]: > I installed openvas-server and openvas-plugins on an Linux server > (Archlinux). I can start, stop, and restart the daemon without any > errors. I also installed the server certificate using the Archlinux is packaging the 2.0.x series server AFAICT, so I assume you are running one of these versions. > I installed the client on the Windows XP computer. When I try to Please note that there is no Windows client for the 2.0.x series yet. Clients from the 1.0.x series are generally not able to talk to 2.0.x series servers - it seems to me that this may be your issue. If you want to use the Windows client, please use a 1.0.x series server infrastructure or wait for a 2.0.x series Windows client which is already in progress and will be released as soon as some cross-compiling issues have been addressed. Hope that helped; if you have any questions, feel free contact me. Regards, Michael -- Michael Wiegand | OpenPGP: D7D049EC | Intevation GmbH - www.intevation.de Neuer Graben 17, 49074 Osnabr?ck, Germany | AG Osnabr?ck, HR B 18998 Gesch?ftsf?hrer: Frank Koormann, Bernhard Reiter, Dr. Jan-Oliver Wagner -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 198 bytes Desc: not available Url : http://lists.wald.intevation.org/pipermail/openvas-discuss/attachments/20090416/58026040/attachment.pgp From michael.wiegand at intevation.de Thu Apr 16 09:09:10 2009 From: michael.wiegand at intevation.de (Michael Wiegand) Date: Thu, 16 Apr 2009 09:09:10 +0200 Subject: [Openvas-discuss] Any news on OpenVAS debian packages? In-Reply-To: <469884DF-08F2-44B0-A7BF-17CDB8208B32@alienvault.com> References: <69D322FD-1F7E-4847-88B3-FF900AAFEC99@alienvault.com> <200904151453.57872.jan-oliver.wagner@intevation.de> <469884DF-08F2-44B0-A7BF-17CDB8208B32@alienvault.com> Message-ID: <20090416070910.GB28067@intevation.de> * Dominique Karg [15. Apr 2009]: > I don't think we need to modify anything, so rebuilding isn't needed. > Packages as they are are fine :-) I have uploaded packages for openvas-client 2.0.3 to apt.intevation.de. Let me know if they are okay with you, feel free to make suggestions. Regards, Michael -- Michael Wiegand | OpenPGP: D7D049EC | Intevation GmbH - www.intevation.de Neuer Graben 17, 49074 Osnabr?ck, Germany | AG Osnabr?ck, HR B 18998 Gesch?ftsf?hrer: Frank Koormann, Bernhard Reiter, Dr. Jan-Oliver Wagner -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 198 bytes Desc: not available Url : http://lists.wald.intevation.org/pipermail/openvas-discuss/attachments/20090416/d9a5a4d6/attachment.pgp From wcopenhaver at utep.edu Thu Apr 16 18:26:33 2009 From: wcopenhaver at utep.edu (Copenhaver, Walter A) Date: Thu, 16 Apr 2009 10:26:33 -0600 Subject: [Openvas-discuss] Problem with remote host not using the goodversions of the Nessus prorocol In-Reply-To: <200904160052.29005.jan-oliver.wagner@intevation.de> References: <0E62A7D945C2B0499CE043D97516E54F03C449A2@itdsrvmail00.utep.edu> <200904160052.29005.jan-oliver.wagner@intevation.de> Message-ID: <0E62A7D945C2B0499CE043D97516E54F03CDE24D@itdsrvmail00.utep.edu> openvas-libnasl 2.0.1-1 openvas-libraries 2.0.2-1 openvas-plugins 1.0.5-1 openvas-server 2.0.1-1 -----Original Message----- From: openvas-discuss-bounces at wald.intevation.org [mailto:openvas-discuss-bounces at wald.intevation.org] On Behalf Of Jan-Oliver Wagner Sent: Wednesday, April 15, 2009 4:52 PM To: openvas-discuss at wald.intevation.org Subject: Re: [Openvas-discuss] Problem with remote host not using the goodversions of the Nessus prorocol On Wednesday 15 April 2009 19:59:27 Copenhaver, Walter A wrote: > I installed openvas-server and openvas-plugins on an Linux server > (Archlinux). I can start, stop, and restart the daemon without any > errors. I also installed the server certificate using the > openvas-mkcert which versions of the modules openvas-libraries, openvas-libnasl, openvas- server, opernvas-plugins and openvas-client are you using? Best Jan -- Dr. Jan-Oliver Wagner | ++49-541-335 08 30 | http://www.intevation.de/ Intevation GmbH, Neuer Graben 17, 49074 Osnabr?ck | AG Osnabr?ck, HR B 18998 Gesch?ftsf?hrer: Frank Koormann, Bernhard Reiter, Dr. Jan-Oliver Wagner _______________________________________________ Openvas-discuss mailing list Openvas-discuss at wald.intevation.org http://lists.wald.intevation.org/mailman/listinfo/openvas-discuss From wcopenhaver at utep.edu Thu Apr 16 18:34:33 2009 From: wcopenhaver at utep.edu (Copenhaver, Walter A) Date: Thu, 16 Apr 2009 10:34:33 -0600 Subject: [Openvas-discuss] Problem with remote host not using the goodversions of the Nessus prorocol In-Reply-To: <20090416060855.GA28067@intevation.de> References: <0E62A7D945C2B0499CE043D97516E54F03C449A2@itdsrvmail00.utep.edu> <20090416060855.GA28067@intevation.de> Message-ID: <0E62A7D945C2B0499CE043D97516E54F03CDE25E@itdsrvmail00.utep.edu> I will install the 1.0.x server, I will let you know the results. -----Original Message----- From: Michael Wiegand [mailto:michael.wiegand at intevation.de] Sent: Thursday, April 16, 2009 12:09 AM To: Copenhaver, Walter A Cc: openvas-discuss at wald.intevation.org Subject: Re: [Openvas-discuss] Problem with remote host not using the goodversions of the Nessus prorocol * Copenhaver, Walter A [15. Apr 2009]: > I installed openvas-server and openvas-plugins on an Linux server > (Archlinux). I can start, stop, and restart the daemon without any > errors. I also installed the server certificate using the Archlinux is packaging the 2.0.x series server AFAICT, so I assume you are running one of these versions. > I installed the client on the Windows XP computer. When I try to Please note that there is no Windows client for the 2.0.x series yet. Clients from the 1.0.x series are generally not able to talk to 2.0.x series servers - it seems to me that this may be your issue. If you want to use the Windows client, please use a 1.0.x series server infrastructure or wait for a 2.0.x series Windows client which is already in progress and will be released as soon as some cross-compiling issues have been addressed. Hope that helped; if you have any questions, feel free contact me. Regards, Michael -- Michael Wiegand | OpenPGP: D7D049EC | Intevation GmbH - www.intevation.de Neuer Graben 17, 49074 Osnabr?ck, Germany | AG Osnabr?ck, HR B 18998 Gesch?ftsf?hrer: Frank Koormann, Bernhard Reiter, Dr. Jan-Oliver Wagner From dk at alienvault.com Thu Apr 16 20:24:08 2009 From: dk at alienvault.com (Dominique Karg) Date: Thu, 16 Apr 2009 20:24:08 +0200 Subject: [Openvas-discuss] Any news on OpenVAS debian packages? In-Reply-To: <20090416070910.GB28067@intevation.de> References: <69D322FD-1F7E-4847-88B3-FF900AAFEC99@alienvault.com> <200904151453.57872.jan-oliver.wagner@intevation.de> <469884DF-08F2-44B0-A7BF-17CDB8208B32@alienvault.com> <20090416070910.GB28067@intevation.de> Message-ID: Thanks a lot Michael, will test that tomorrow. Problem is I need all or nothing; most users will use the all-in-one installer for a test environment before doing a bigger deployment, and that requires client, server, libs and plugins. Any chance you could share those others too? Greetings, Dominique 2009/4/16 Michael Wiegand : > * Dominique Karg [15. Apr 2009]: >> I don't think we need to modify anything, so rebuilding isn't needed. >> Packages as they are are fine :-) > > I have uploaded packages for openvas-client 2.0.3 to apt.intevation.de. > Let me know if they are okay with you, feel free to make suggestions. > > Regards, > > Michael > > -- > Michael Wiegand | OpenPGP: D7D049EC | Intevation GmbH - www.intevation.de > Neuer Graben 17, 49074 Osnabr?ck, Germany ? | ? ?AG Osnabr?ck, HR B 18998 > Gesch?ftsf?hrer: Frank Koormann, ?Bernhard Reiter, ?Dr. Jan-Oliver Wagner > From wcopenhaver at utep.edu Thu Apr 16 23:06:39 2009 From: wcopenhaver at utep.edu (Copenhaver, Walter A) Date: Thu, 16 Apr 2009 15:06:39 -0600 Subject: [Openvas-discuss] Problem with remote host not using the goodversions of the Nessus prorocol In-Reply-To: <20090416060855.GA28067@intevation.de> References: <0E62A7D945C2B0499CE043D97516E54F03C449A2@itdsrvmail00.utep.edu> <20090416060855.GA28067@intevation.de> Message-ID: <0E62A7D945C2B0499CE043D97516E54F03CDE428@itdsrvmail00.utep.edu> Ok I downgraded to 1.0.2, here are the versions: openvas-libnasl 1.0.1-1 openvas-libraries 1.0.3-1 openvas-plugins 1.0.6-1 openvas-server 1.0.2-1 When I run the Windows XP client it successfully connects to the server, but when it start receiving the plugins it crashes (the window closes without any errors). This seems to happen when it gets to plugin 8000. I looked at the log on the server (/var/log/openvas/openvasd.messages) and the only entries here are like: [Thu Apr 16 15:01:20 2009][23982] successful login of wcopenhaver from xxx.xxx.xxx.xxx [Thu Apr 16 15:01:26 2009][23982] Communication closed by client Is there a log for the client? I looked at the windows logs and couldn't find anything related to the client. Thank you for your help -----Original Message----- From: Michael Wiegand [mailto:michael.wiegand at intevation.de] Sent: Thursday, April 16, 2009 12:09 AM To: Copenhaver, Walter A Cc: openvas-discuss at wald.intevation.org Subject: Re: [Openvas-discuss] Problem with remote host not using the goodversions of the Nessus prorocol * Copenhaver, Walter A [15. Apr 2009]: > I installed openvas-server and openvas-plugins on an Linux server > (Archlinux). I can start, stop, and restart the daemon without any > errors. I also installed the server certificate using the Archlinux is packaging the 2.0.x series server AFAICT, so I assume you are running one of these versions. > I installed the client on the Windows XP computer. When I try to Please note that there is no Windows client for the 2.0.x series yet. Clients from the 1.0.x series are generally not able to talk to 2.0.x series servers - it seems to me that this may be your issue. If you want to use the Windows client, please use a 1.0.x series server infrastructure or wait for a 2.0.x series Windows client which is already in progress and will be released as soon as some cross-compiling issues have been addressed. Hope that helped; if you have any questions, feel free contact me. Regards, Michael -- Michael Wiegand | OpenPGP: D7D049EC | Intevation GmbH - www.intevation.de Neuer Graben 17, 49074 Osnabr?ck, Germany | AG Osnabr?ck, HR B 18998 Gesch?ftsf?hrer: Frank Koormann, Bernhard Reiter, Dr. Jan-Oliver Wagner From michael.wiegand at intevation.de Fri Apr 17 08:13:35 2009 From: michael.wiegand at intevation.de (Michael Wiegand) Date: Fri, 17 Apr 2009 08:13:35 +0200 Subject: [Openvas-discuss] Any news on OpenVAS debian packages? In-Reply-To: References: <69D322FD-1F7E-4847-88B3-FF900AAFEC99@alienvault.com> <200904151453.57872.jan-oliver.wagner@intevation.de> <469884DF-08F2-44B0-A7BF-17CDB8208B32@alienvault.com> <20090416070910.GB28067@intevation.de> Message-ID: <20090417061334.GB12102@intevation.de> * Dominique Karg [16. Apr 2009]: > Thanks a lot Michael, will test that tomorrow. Problem is I need all > or nothing; most users will use the all-in-one installer for a test > environment before doing a bigger deployment, and that requires > client, server, libs and plugins. > > Any chance you could share those others too? Sure! I think I will have them ready early next week, maybe even today. I'll post an update once I'm done uploading. Regards, Michael -- Michael Wiegand | OpenPGP: D7D049EC | Intevation GmbH - www.intevation.de Neuer Graben 17, 49074 Osnabr?ck, Germany | AG Osnabr?ck, HR B 18998 Gesch?ftsf?hrer: Frank Koormann, Bernhard Reiter, Dr. Jan-Oliver Wagner -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 198 bytes Desc: not available Url : http://lists.wald.intevation.org/pipermail/openvas-discuss/attachments/20090417/e13c6cb5/attachment.pgp From michael.wiegand at intevation.de Fri Apr 17 08:20:24 2009 From: michael.wiegand at intevation.de (Michael Wiegand) Date: Fri, 17 Apr 2009 08:20:24 +0200 Subject: [Openvas-discuss] Problem with remote host not using the goodversions of the Nessus prorocol In-Reply-To: <0E62A7D945C2B0499CE043D97516E54F03CDE428@itdsrvmail00.utep.edu> References: <0E62A7D945C2B0499CE043D97516E54F03C449A2@itdsrvmail00.utep.edu> <20090416060855.GA28067@intevation.de> <0E62A7D945C2B0499CE043D97516E54F03CDE428@itdsrvmail00.utep.edu> Message-ID: <20090417062024.GC12102@intevation.de> * Copenhaver, Walter A [16. Apr 2009]: > Ok I downgraded to 1.0.2, here are the versions: > > openvas-libnasl 1.0.1-1 > openvas-libraries 1.0.3-1 > openvas-plugins 1.0.6-1 > openvas-server 1.0.2-1 > > When I run the Windows XP client it successfully connects to the > server, but when it start receiving the plugins it crashes (the window > closes without any errors). This seems to happen when it gets to > plugin 8000. I looked at the log on the server There was a bug in the openvas-plugins 1.0.6 release which may be responsible for this crash. Did you run openvas-nvt-sync after you installed the openvas-plugins module? Doing so will fix this specific bug. > Is there a log for the client? I looked at the windows logs and > couldn't find anything related to the client. The client will complain to stdout and stderr, not sure how that works on Windows. Keep in mind that the 1.0.x series modules of server and client are becoming more and more outdated, especially the Windows client. Since the 1.0.x series is more or less on its way out, I'd recommend using the Linux client or waiting for the 2.0.x series Windows client. Regards, Michael -- Michael Wiegand | OpenPGP: D7D049EC | Intevation GmbH - www.intevation.de Neuer Graben 17, 49074 Osnabr?ck, Germany | AG Osnabr?ck, HR B 18998 Gesch?ftsf?hrer: Frank Koormann, Bernhard Reiter, Dr. Jan-Oliver Wagner -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 198 bytes Desc: not available Url : http://lists.wald.intevation.org/pipermail/openvas-discuss/attachments/20090417/bc90bd43/attachment.pgp From michael.wiegand at intevation.de Fri Apr 17 11:05:50 2009 From: michael.wiegand at intevation.de (Michael Wiegand) Date: Fri, 17 Apr 2009 11:05:50 +0200 Subject: [Openvas-discuss] Any news on OpenVAS debian packages? In-Reply-To: References: <69D322FD-1F7E-4847-88B3-FF900AAFEC99@alienvault.com> <200904151453.57872.jan-oliver.wagner@intevation.de> <469884DF-08F2-44B0-A7BF-17CDB8208B32@alienvault.com> <20090416070910.GB28067@intevation.de> Message-ID: <20090417090550.GD12102@intevation.de> * Dominique Karg [16. Apr 2009]: > Thanks a lot Michael, will test that tomorrow. Problem is I need all > or nothing; most users will use the all-in-one installer for a test > environment before doing a bigger deployment, and that requires > client, server, libs and plugins. > > Any chance you could share those others too? All packages are now available from apt.intevation.de. I would appreciate feedback should you discover any issues with the packages. Regards, Michael -- Michael Wiegand | OpenPGP: D7D049EC | Intevation GmbH - www.intevation.de Neuer Graben 17, 49074 Osnabr?ck, Germany | AG Osnabr?ck, HR B 18998 Gesch?ftsf?hrer: Frank Koormann, Bernhard Reiter, Dr. Jan-Oliver Wagner -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 198 bytes Desc: not available Url : http://lists.wald.intevation.org/pipermail/openvas-discuss/attachments/20090417/1810c355/attachment.pgp From dk at alienvault.com Fri Apr 17 11:31:55 2009 From: dk at alienvault.com (Dominique Karg) Date: Fri, 17 Apr 2009 11:31:55 +0200 Subject: [Openvas-discuss] Any news on OpenVAS debian packages? In-Reply-To: <20090417090550.GD12102@intevation.de> References: <69D322FD-1F7E-4847-88B3-FF900AAFEC99@alienvault.com> <200904151453.57872.jan-oliver.wagner@intevation.de> <469884DF-08F2-44B0-A7BF-17CDB8208B32@alienvault.com> <20090416070910.GB28067@intevation.de> <20090417090550.GD12102@intevation.de> Message-ID: <8D46E1C6-3735-4454-9CCD-58509CB49EA0@alienvault.com> Thanks a ton. Got a small issue here. Main testing platform is 64bit right now, have you got those too? Otherwise I can rebuild them here, but would need to know the right entry into /etc/apt/sources.list in order to be able to "apt-source" it (have been trying some options pointing at http://apt.intevation.de/dists/lenny/openvas/source/ but no luck). Any suggestion? Greetings, Dominique Am 17.04.2009 um 11:05 schrieb Michael Wiegand: > * Dominique Karg [16. Apr 2009]: >> Thanks a lot Michael, will test that tomorrow. Problem is I need all >> or nothing; most users will use the all-in-one installer for a test >> environment before doing a bigger deployment, and that requires >> client, server, libs and plugins. >> >> Any chance you could share those others too? > > All packages are now available from apt.intevation.de. I would > appreciate feedback should you discover any issues with the packages. > > Regards, > > Michael > > > -- > Michael Wiegand | OpenPGP: D7D049EC | Intevation GmbH - www.intevation.de > Neuer Graben 17, 49074 Osnabr?ck, Germany | AG Osnabr?ck, HR B > 18998 > Gesch?ftsf?hrer: Frank Koormann, Bernhard Reiter, Dr. Jan-Oliver > Wagner From jonas at andradas.es Fri Apr 17 12:10:18 2009 From: jonas at andradas.es (Jonas Andradas) Date: Fri, 17 Apr 2009 12:10:18 +0200 Subject: [Openvas-discuss] Any news on OpenVAS debian packages? In-Reply-To: <8D46E1C6-3735-4454-9CCD-58509CB49EA0@alienvault.com> References: <69D322FD-1F7E-4847-88B3-FF900AAFEC99@alienvault.com> <200904151453.57872.jan-oliver.wagner@intevation.de> <469884DF-08F2-44B0-A7BF-17CDB8208B32@alienvault.com> <20090416070910.GB28067@intevation.de> <20090417090550.GD12102@intevation.de> <8D46E1C6-3735-4454-9CCD-58509CB49EA0@alienvault.com> Message-ID: Hello Dominique, On Fri, Apr 17, 2009 at 11:31 AM, Dominique Karg wrote: > Thanks a ton. > > Got a small issue here. Main testing platform is 64bit right now, have > you got those too? Otherwise I can rebuild them here, but would need > to know the right entry into /etc/apt/sources.list in order to be able > to "apt-source" it (have been trying some options pointing at > http://apt.intevation.de/dists/lenny/openvas/source/ > but no luck). > > Any suggestion? > You should have a line like: deb-src http://apt.intevation.de/ lenny openvas > > Greetings, > > Dominique > > Am 17.04.2009 um 11:05 schrieb Michael Wiegand: > > > * Dominique Karg [16. Apr 2009]: > >> Thanks a lot Michael, will test that tomorrow. Problem is I need all > >> or nothing; most users will use the all-in-one installer for a test > >> environment before doing a bigger deployment, and that requires > >> client, server, libs and plugins. > >> > >> Any chance you could share those others too? > > > > All packages are now available from apt.intevation.de. I would > > appreciate feedback should you discover any issues with the packages. > > > > Regards, > > > > Michael > > > > > > -- > > Michael Wiegand | OpenPGP: D7D049EC | Intevation GmbH - > www.intevation.de > > Neuer Graben 17, 49074 Osnabr?ck, Germany | AG Osnabr?ck, HR B > > 18998 > > Gesch?ftsf?hrer: Frank Koormann, Bernhard Reiter, Dr. Jan-Oliver > > Wagner > > _______________________________________________ > Openvas-discuss mailing list > Openvas-discuss at wald.intevation.org > http://lists.wald.intevation.org/mailman/listinfo/openvas-discuss > Best Regards, Jon?s Andradas. -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.wald.intevation.org/pipermail/openvas-discuss/attachments/20090417/74ce441a/attachment.html From michael.wiegand at intevation.de Fri Apr 17 12:12:38 2009 From: michael.wiegand at intevation.de (Michael Wiegand) Date: Fri, 17 Apr 2009 12:12:38 +0200 Subject: [Openvas-discuss] Any news on OpenVAS debian packages? In-Reply-To: <8D46E1C6-3735-4454-9CCD-58509CB49EA0@alienvault.com> References: <69D322FD-1F7E-4847-88B3-FF900AAFEC99@alienvault.com> <200904151453.57872.jan-oliver.wagner@intevation.de> <469884DF-08F2-44B0-A7BF-17CDB8208B32@alienvault.com> <20090416070910.GB28067@intevation.de> <20090417090550.GD12102@intevation.de> <8D46E1C6-3735-4454-9CCD-58509CB49EA0@alienvault.com> Message-ID: <20090417101238.GA7515@intevation.de> * Dominique Karg [17. Apr 2009]: > Thanks a ton. No problem at all. :) > Got a small issue here. Main testing platform is 64bit right now, have you > got those too? Otherwise I can rebuild them here, but would need to know > the right entry into /etc/apt/sources.list in order to be able to > "apt-source" it (have been trying some options pointing at > http://apt.intevation.de/dists/lenny/openvas/source/ but no luck). I'm currently building i386 only. Setting up an build environment would take some time. Even though I am planning to do that, you'll probably be better off building them yourself if you have everything set up already. The source URL you mentioned is correct, what error messages are you getting? Regards, Michael -- Michael Wiegand | OpenPGP: D7D049EC | Intevation GmbH - www.intevation.de Neuer Graben 17, 49074 Osnabr?ck, Germany | AG Osnabr?ck, HR B 18998 Gesch?ftsf?hrer: Frank Koormann, Bernhard Reiter, Dr. Jan-Oliver Wagner -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 198 bytes Desc: not available Url : http://lists.wald.intevation.org/pipermail/openvas-discuss/attachments/20090417/d19a6bcf/attachment.pgp From dk at alienvault.com Fri Apr 17 12:16:41 2009 From: dk at alienvault.com (Dominique Karg) Date: Fri, 17 Apr 2009 12:16:41 +0200 Subject: [Openvas-discuss] Any news on OpenVAS debian packages? In-Reply-To: <20090417101238.GA7515@intevation.de> References: <69D322FD-1F7E-4847-88B3-FF900AAFEC99@alienvault.com> <200904151453.57872.jan-oliver.wagner@intevation.de> <469884DF-08F2-44B0-A7BF-17CDB8208B32@alienvault.com> <20090416070910.GB28067@intevation.de> <20090417090550.GD12102@intevation.de> <8D46E1C6-3735-4454-9CCD-58509CB49EA0@alienvault.com> <20090417101238.GA7515@intevation.de> Message-ID: <4E918F4F-6112-4BCA-B2D8-D676CEF24E97@alienvault.com> Am 17.04.2009 um 12:12 schrieb Michael Wiegand: > I'm currently building i386 only. Setting up an build environment > would > take some time. Even though I am planning to do that, you'll > probably be > better off building them yourself if you have everything set up > already. > > The source URL you mentioned is correct, what error messages are you > getting? The URL was right but I always have issues determining what to put after deb-src URL XXX XXX XXX, but Jonas helped me. Indeed I've got the amd64 environment and will report back / send you the packages once I'm done. Greetings, Dominique From michael.wiegand at intevation.de Fri Apr 17 12:26:13 2009 From: michael.wiegand at intevation.de (Michael Wiegand) Date: Fri, 17 Apr 2009 12:26:13 +0200 Subject: [Openvas-discuss] Any news on OpenVAS debian packages? In-Reply-To: <4E918F4F-6112-4BCA-B2D8-D676CEF24E97@alienvault.com> References: <69D322FD-1F7E-4847-88B3-FF900AAFEC99@alienvault.com> <200904151453.57872.jan-oliver.wagner@intevation.de> <469884DF-08F2-44B0-A7BF-17CDB8208B32@alienvault.com> <20090416070910.GB28067@intevation.de> <20090417090550.GD12102@intevation.de> <8D46E1C6-3735-4454-9CCD-58509CB49EA0@alienvault.com> <20090417101238.GA7515@intevation.de> <4E918F4F-6112-4BCA-B2D8-D676CEF24E97@alienvault.com> Message-ID: <20090417102613.GB7515@intevation.de> * Dominique Karg [17. Apr 2009]: > The URL was right but I always have issues determining what to put after > deb-src URL XXX XXX XXX, but Jonas helped me. Yes, I've had trouble with that as well. Glad to see I'm not the only one. :) > Indeed I've got the amd64 environment and will report back / send you the > packages once I'm done. Great, I'm looking forward to that! Let me know if you need any assistance from my side. Regards, Michael -- Michael Wiegand | OpenPGP: D7D049EC | Intevation GmbH - www.intevation.de Neuer Graben 17, 49074 Osnabr?ck, Germany | AG Osnabr?ck, HR B 18998 Gesch?ftsf?hrer: Frank Koormann, Bernhard Reiter, Dr. Jan-Oliver Wagner -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 198 bytes Desc: not available Url : http://lists.wald.intevation.org/pipermail/openvas-discuss/attachments/20090417/827d8392/attachment.pgp From dk at alienvault.com Fri Apr 17 12:31:10 2009 From: dk at alienvault.com (Dominique Karg) Date: Fri, 17 Apr 2009 12:31:10 +0200 Subject: [Openvas-discuss] Any news on OpenVAS debian packages? In-Reply-To: <20090417102613.GB7515@intevation.de> References: <69D322FD-1F7E-4847-88B3-FF900AAFEC99@alienvault.com> <200904151453.57872.jan-oliver.wagner@intevation.de> <469884DF-08F2-44B0-A7BF-17CDB8208B32@alienvault.com> <20090416070910.GB28067@intevation.de> <20090417090550.GD12102@intevation.de> <8D46E1C6-3735-4454-9CCD-58509CB49EA0@alienvault.com> <20090417101238.GA7515@intevation.de> <4E918F4F-6112-4BCA-B2D8-D676CEF24E97@alienvault.com> <20090417102613.GB7515@intevation.de> Message-ID: Am 17.04.2009 um 12:26 schrieb Michael Wiegand: > * Dominique Karg [17. Apr 2009]: >> The URL was right but I always have issues determining what to put >> after >> deb-src URL XXX XXX XXX, but Jonas helped me. > > Yes, I've had trouble with that as well. Glad to see I'm not the only > one. :) > >> Indeed I've got the amd64 environment and will report back / send >> you the >> packages once I'm done. > > Great, I'm looking forward to that! Let me know if you need any > assistance from my side. Had some initial trouble but the environment is too dirty, I'm going to set up a new one. Attached is the error in case you had something like this before. -------------- next part -------------- An embedded and charset-unspecified text was scrubbed... Name: openvas-libnasl-2.0.1_compilation_error.txt Url: http://lists.wald.intevation.org/pipermail/openvas-discuss/attachments/20090417/0f031482/openvas-libnasl-2.0.1_compilation_error-0001.txt -------------- next part -------------- > Regards, > > Michael > > -- > Michael Wiegand | OpenPGP: D7D049EC | Intevation GmbH - www.intevation.de > Neuer Graben 17, 49074 Osnabr?ck, Germany | AG Osnabr?ck, HR B > 18998 > Gesch?ftsf?hrer: Frank Koormann, Bernhard Reiter, Dr. Jan-Oliver > Wagner From wcopenhaver at utep.edu Fri Apr 17 22:07:21 2009 From: wcopenhaver at utep.edu (Copenhaver, Walter A) Date: Fri, 17 Apr 2009 14:07:21 -0600 Subject: [Openvas-discuss] Problem with remote host not using thegoodversions of the Nessus prorocol In-Reply-To: <20090417062024.GC12102@intevation.de> References: <0E62A7D945C2B0499CE043D97516E54F03C449A2@itdsrvmail00.utep.edu> <20090416060855.GA28067@intevation.de> <0E62A7D945C2B0499CE043D97516E54F03CDE428@itdsrvmail00.utep.edu> <20090417062024.GC12102@intevation.de> Message-ID: <0E62A7D945C2B0499CE043D97516E54F03CDE7CD@itdsrvmail00.utep.edu> It is now working. Thank you for your help. -----Original Message----- From: Michael Wiegand [mailto:michael.wiegand at intevation.de] Sent: Friday, April 17, 2009 12:20 AM To: Copenhaver, Walter A Cc: openvas-discuss at wald.intevation.org Subject: Re: RE: [Openvas-discuss] Problem with remote host not using thegoodversions of the Nessus prorocol * Copenhaver, Walter A [16. Apr 2009]: > Ok I downgraded to 1.0.2, here are the versions: > > openvas-libnasl 1.0.1-1 > openvas-libraries 1.0.3-1 > openvas-plugins 1.0.6-1 > openvas-server 1.0.2-1 > > When I run the Windows XP client it successfully connects to the > server, but when it start receiving the plugins it crashes (the window > closes without any errors). This seems to happen when it gets to > plugin 8000. I looked at the log on the server There was a bug in the openvas-plugins 1.0.6 release which may be responsible for this crash. Did you run openvas-nvt-sync after you installed the openvas-plugins module? Doing so will fix this specific bug. > Is there a log for the client? I looked at the windows logs and > couldn't find anything related to the client. The client will complain to stdout and stderr, not sure how that works on Windows. Keep in mind that the 1.0.x series modules of server and client are becoming more and more outdated, especially the Windows client. Since the 1.0.x series is more or less on its way out, I'd recommend using the Linux client or waiting for the 2.0.x series Windows client. Regards, Michael -- Michael Wiegand | OpenPGP: D7D049EC | Intevation GmbH - www.intevation.de Neuer Graben 17, 49074 Osnabr?ck, Germany | AG Osnabr?ck, HR B 18998 Gesch?ftsf?hrer: Frank Koormann, Bernhard Reiter, Dr. Jan-Oliver Wagner From jan-oliver.wagner at intevation.de Wed Apr 22 09:19:37 2009 From: jan-oliver.wagner at intevation.de (Jan-Oliver Wagner) Date: Wed, 22 Apr 2009 09:19:37 +0200 Subject: [Openvas-discuss] OpenVAS DevCon: Invited Talk? Message-ID: <200904220919.40536.jan-oliver.wagner@intevation.de> Hello, how about inviting a talk for our OpenVAS Conference from a related project? Namely, I have nmap in mind. Since we plan to establish a far better integration with nmap, this might make sense. Opinions welcome. Best Jan -- Dr. Jan-Oliver Wagner | ++49-541-335083-0 | http://www.intevation.de/ Intevation GmbH, Neuer Graben 17, 49074 Osnabr?ck | AG Osnabr?ck, HR B 18998 Gesch?ftsf?hrer: Frank Koormann, Bernhard Reiter, Dr. Jan-Oliver Wagner From jonas at andradas.es Wed Apr 22 09:30:38 2009 From: jonas at andradas.es (Jonas Andradas) Date: Wed, 22 Apr 2009 09:30:38 +0200 Subject: [Openvas-discuss] OpenVAS DevCon: Invited Talk? In-Reply-To: <200904220919.40536.jan-oliver.wagner@intevation.de> References: <200904220919.40536.jan-oliver.wagner@intevation.de> Message-ID: Hello, On Wed, Apr 22, 2009 at 9:19 AM, Jan-Oliver Wagner < jan-oliver.wagner at intevation.de> wrote: > Hello, > > how about inviting a talk for our OpenVAS Conference from a related > project? > Namely, I have nmap in mind. Since we plan to establish a far > better integration with nmap, this might make sense. I totally agree with this idea. Let's hope that they can come :) > > > Opinions welcome. > > Best > > Jan > > -- > Dr. Jan-Oliver Wagner | ++49-541-335083-0 | http://www.intevation.de/ > Intevation GmbH, Neuer Graben 17, 49074 Osnabr?ck | AG Osnabr?ck, HR B > 18998 > Gesch?ftsf?hrer: Frank Koormann, Bernhard Reiter, Dr. Jan-Oliver Wagner > _______________________________________________ > Openvas-discuss mailing list > Openvas-discuss at wald.intevation.org > http://lists.wald.intevation.org/mailman/listinfo/openvas-discuss > Regards, Jon?s. -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.wald.intevation.org/pipermail/openvas-discuss/attachments/20090422/91a98cbc/attachment.htm From michael.wiegand at intevation.de Thu Apr 23 10:11:46 2009 From: michael.wiegand at intevation.de (Michael Wiegand) Date: Thu, 23 Apr 2009 10:11:46 +0200 Subject: [Openvas-discuss] Discontinuing openvas-plugins tarball? Message-ID: <20090423081146.GB11585@intevation.de> Hello, Jan and I have been thinking about discontinuing the release of openvas-plugins tarballs and distributing the plugins only through the existing Feed Services. The background is that using both the tarball and the openvas-nvt-sync script does under certain conditions lead to a race condition in the plugin cache which causes openvasd to use an outdated cached version of a plugin even though the plugin has changed in the feed. We have tried to compensate for this by making adjustments in the synchronization script, but this has the side effect of disproportionately increasing the time and bandwidth needed to synchronize with the feed. I would like your opinions regarding the following issues: - What would be the consequences of discontinuing the tarball release? There should not be installations which use only the tarball and never sync, should there? - What mechanisms should be available for users who cannot sync using rsync due to restrictions on firewall or proxy level? - Should openvasd force an initial sync during installation or just display a notice that a sync is need to use OpenVAS? - Any other issues you can think of. :) I'm looking forward to your opinions. Please do not hesitate to ask if my proposal does not make sense to you. I am crossposting this to openvas-discuss and openvas-plugins as well to reach all involved parties. Please keep crossposting to a minimum in your replies and try to reply in openvas-devel. Thank you! Regards, Michael -- Michael Wiegand | OpenPGP: D7D049EC | Intevation GmbH - www.intevation.de Neuer Graben 17, 49074 Osnabr?ck, Germany | AG Osnabr?ck, HR B 18998 Gesch?ftsf?hrer: Frank Koormann, Bernhard Reiter, Dr. Jan-Oliver Wagner -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 198 bytes Desc: not available Url : http://lists.wald.intevation.org/pipermail/openvas-discuss/attachments/20090423/b993e5f6/attachment.pgp From danielcabezas at hotmail.com Thu Apr 23 11:11:15 2009 From: danielcabezas at hotmail.com (Daniel Cabezas) Date: Thu, 23 Apr 2009 11:11:15 +0200 Subject: [Openvas-discuss] [Openvas-devel] Discontinuing openvas-plugins tarball? In-Reply-To: <20090423081146.GB11585@intevation.de> References: <20090423081146.GB11585@intevation.de> Message-ID: Greetings, (First of all, sorry if the email appears duplicated, I am having some issues with my browser). In my humble opinion, discontinuing openvas-plugins tarball would derive some problems. Think of unattended install scripts, offline installations, or security assessments where the technician doesn't have Internet connection because of a black-box job approach. But that's just my opinion. Regards, Daniel > Date: Thu, 23 Apr 2009 10:11:46 +0200 > From: michael.wiegand at intevation.de > To: openvas-devel at wald.intevation.org > CC: openvas-discuss at wald.intevation.org; openvas-plugins at wald.intevation.org > Subject: [Openvas-devel] Discontinuing openvas-plugins tarball? > > Hello, > > Jan and I have been thinking about discontinuing the release of > openvas-plugins tarballs and distributing the plugins only through the > existing Feed Services. > > The background is that using both the tarball and the openvas-nvt-sync > script does under certain conditions lead to a race condition in the > plugin cache which causes openvasd to use an outdated cached version of > a plugin even though the plugin has changed in the feed. We have tried > to compensate for this by making adjustments in the synchronization > script, but this has the side effect of disproportionately increasing > the time and bandwidth needed to synchronize with the feed. > > I would like your opinions regarding the following issues: > > - What would be the consequences of discontinuing the tarball release? > There should not be installations which use only the tarball and never > sync, should there? > > - What mechanisms should be available for users who cannot sync using > rsync due to restrictions on firewall or proxy level? > > - Should openvasd force an initial sync during installation or just > display a notice that a sync is need to use OpenVAS? > > - Any other issues you can think of. :) > > I'm looking forward to your opinions. Please do not hesitate to ask if > my proposal does not make sense to you. > > I am crossposting this to openvas-discuss and openvas-plugins as well to > reach all involved parties. Please keep crossposting to a minimum in > your replies and try to reply in openvas-devel. Thank you! > > Regards, > > Michael > > -- > Michael Wiegand | OpenPGP: D7D049EC | Intevation GmbH - www.intevation.de > Neuer Graben 17, 49074 Osnabr?ck, Germany | AG Osnabr?ck, HR B 18998 > Gesch?ftsf?hrer: Frank Koormann, Bernhard Reiter, Dr. Jan-Oliver Wagner _________________________________________________________________ El nuevo Windows Live te une a los que m?s quieres http://www.windowslive.es -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.wald.intevation.org/pipermail/openvas-discuss/attachments/20090423/26743b98/attachment.html From hans.ullrich at loop.de Thu Apr 23 11:16:58 2009 From: hans.ullrich at loop.de (Ullrich-IT-Consult) Date: Thu, 23 Apr 2009 11:16:58 +0200 Subject: [Openvas-discuss] Discontinuing openvas-plugins tarball? In-Reply-To: <20090423081146.GB11585@intevation.de> References: <20090423081146.GB11585@intevation.de> Message-ID: <200904231116.59560.kontakt@ullrich-it.de> Am Donnerstag 23 April 2009 schrieb Michael Wiegand: > Hello, > Hi Michael and Jan, > Jan and I have been thinking about discontinuing the release of > openvas-plugins tarballs and distributing the plugins only through the > existing Feed Services. > > The background is that using both the tarball and the openvas-nvt-sync > script does under certain conditions lead to a race condition in the > plugin cache which causes openvasd to use an outdated cached version of > a plugin even though the plugin has changed in the feed. We have tried > to compensate for this by making adjustments in the synchronization > script, but this has the side effect of disproportionately increasing > the time and bandwidth needed to synchronize with the feed. > > I would like your opinions regarding the following issues: > > - What would be the consequences of discontinuing the tarball release? > There should not be installations which use only the tarball and never > sync, should there? > I think, there were be no consquences at all. The only thing, that copmes in my mind, would be a possibility to transport the tarball to factories, which might have (for waht reasons ever) , no access to the internet. In this case it would be nice, to have a possibility to add new plugins or add plugins at all. > - What mechanisms should be available for users who cannot sync using > rsync due to restrictions on firewall or proxy level? > I think, most users should have access to the internet with http, and as far as I know, rsync offers an option, to use http (if I remember correctly). In other case, there comes the word "tunneling" in my mind. Maybe to invent an easy way for users, to tunnel through http??? > - Should openvasd force an initial sync during installation or just > display a notice that a sync is need to use OpenVAS? > I suggest, not to force an initial sync, as some users or security analysts might want to test new plugins before they break things at their customners. It might be, they want to keep old plugins during tests. IMO the suggestion is the better way, so the security analyst can decide for himself, if to upgrade or not. > - Any other issues you can think of. :) None at the moment. :) > > I'm looking forward to your opinions. Please do not hesitate to ask if > my proposal does not make sense to you. > > I am crossposting this to openvas-discuss and openvas-plugins as well to > reach all involved parties. Please keep crossposting to a minimum in > your replies and try to reply in openvas-devel. Thank you! > > Regards, > > Michael Best regards Hans-J. Ullrich -- Firma Ullrich-IT-Consult Inh.: Hans-J. Ullrich M?nstedter Weg 10 31246 Oberg www: http://www.ullrich-it.de www2: http://www.ccpeine.de IT-Spezialist f?r die Bereiche IT-Sicherheit, Linux und Unix, EDV-Schulungen und -Workshops -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.wald.intevation.org/pipermail/openvas-discuss/attachments/20090423/54d27f66/attachment.htm From d.jagdmann at dn-systems.de Thu Apr 23 23:41:41 2009 From: d.jagdmann at dn-systems.de (Dirk Jagdmann) Date: Thu, 23 Apr 2009 14:41:41 -0700 Subject: [Openvas-discuss] Discontinuing openvas-plugins tarball? In-Reply-To: <20090423081146.GB11585@intevation.de> References: <20090423081146.GB11585@intevation.de> Message-ID: <49F0E095.2070800@dn-systems.de> effectively you have a directory on some server containing all the plugin files. To be 100% comfortable with whatever internet restrictions an OpenVAS user might have you should simply make this feed directory available with rsync, ftp and http. If you use a Apache with it's directory-index feature somebody could use a recursive wget, curl or BSD fetch to retrieve all plugins. If you configure your HTTP server to set the correct HTTP headers derived from the plugin files timestamp tools like wget etc. are intelligent enough to skip downloading all those files if they are started in mirror-mode. To be super comfortable, you should supply a sample call for wget, curl and fetch in mirror mode, along with a sample call to rsync. -- Dirk Jagdmann : Coder Tel. +49-5121-28989-15 -- DN-Systems Enterprise Internet Solutions GmbH Hornemannstr. 11 31137 Hildesheim, Germany Tel. +49-5121-28989-0 Fax. +49-5121-28989-11 Handelsregister HRB-3213 Amtsgericht Hildesheim Gesch?ftsf?hrer: Lukas Grunwald From tim at funkydog.co.uk Thu Apr 23 22:11:27 2009 From: tim at funkydog.co.uk (Tim Mehmet) Date: Thu, 23 Apr 2009 21:11:27 +0100 Subject: [Openvas-discuss] Web based Reporter tool Message-ID: <1240517487.10188.16.camel@LADY> Hi, I have created a simple web based solution for presenting scans jobs. Its all done in PHP and it reads scan jobs exported into the xml format. I just wanted to share it with you guys, I dont know if anyone has anything similar or not. I created it to share nessus scans in an intranet server for various groups. Anyway, please check it out, feel free to comment, its completely free, I dont want anything at all, I just hope people find it useful, all scripts included in download. I have'nt tested it much other than on my systems so there may well be bugs or issues!. Demo here; http://www.hackerstorm.co.uk/openvas/openvas-index.php my website and download here: http://www.hackerstorm.com I'm not planning to take these scripts any further, though I am thinking of doing something with MySQL, something a bit more powerful than static files!. Has this been done already? Perhaps something with 'flash' DashBoards with various summaries, historical charts, grouping scan jobs into platforms, services, departments etc. In particular, I want to create a realtime chart for regular scans. I perform multiple scans some 4-8 times per day and create alerts when something is found on my private systems from internet scans. I do this with commercial tools already but I would like something opensource for sure. Would be happy for feedback on this also. Please note, I dont want to do anything for Nessus, it will be just OpenVas if I do. Regards Tim. http://www.hackerstorm.com From felix.wolfsteller at intevation.de Mon Apr 27 09:13:13 2009 From: felix.wolfsteller at intevation.de (Felix Wolfsteller) Date: Mon, 27 Apr 2009 09:13:13 +0200 Subject: [Openvas-discuss] Web based Reporter tool In-Reply-To: <1240517487.10188.16.camel@LADY> References: <1240517487.10188.16.camel@LADY> Message-ID: <200904270913.13903.felix.wolfsteller@intevation.de> Hi Tim On Thursday 23 April 2009 22:11:27 you wrote: > I'm not planning to take these scripts any further, though I am thinking > of doing something with MySQL, something a bit more powerful than static > files!. > > Has this been done already? > > Perhaps something with 'flash' DashBoards with various summaries, > historical charts, grouping scan jobs into platforms, services, > departments etc. In particular, I want to create a realtime chart for > regular scans. I perform multiple scans some 4-8 times per day and > create alerts when something is found on my private systems from > internet scans. I do this with commercial tools already but I would like > something opensource for sure. > > Would be happy for feedback on this also. Please note, I dont want to do > anything for Nessus, it will be just OpenVas if I do. I find it looks beautiful and very useful. Well done, I really enjoyed it. Some of the ideas you mentioned are discussed from time to time and the project will very likely develop in that direction. In principle there are two approaches: 1) Generate output from the client and further process it. 2) Work on the client(s) to make their output better. I think in general the development will drive in the direction of the latter option. That means, e.g. sql 'from the source' and not generated out of the xml report; protocol changes (are underway) to query useful information directly, etc. We have quite some good ideas, but we sure can need more. Please (feel free to) join the irc channel (http://openvas.org/online-chat.html), most developers hang out there during european day time. Good work. -- felix -- Felix Wolfsteller | ++49-541-335 08 3451 | http://www.intevation.de/ PGP Key: 39DE0100 Intevation GmbH, Neuer Graben 17, 49074 Osnabr?ck | AG Osnabr?ck, HR B 18998 Gesch?ftsf?hrer: Frank Koormann, Bernhard Reiter, Dr. Jan-Oliver Wagner From bchandra at secpod.com Mon Apr 27 14:12:06 2009 From: bchandra at secpod.com (Chandrashekhar B) Date: Mon, 27 Apr 2009 17:42:06 +0530 Subject: [Openvas-discuss] Workshop on OpenVAS - DevCon #2 Message-ID: <46BDA200C0904E1497255BFB1DAA7839@bchandra> Hello All, We are planning to conduct a one day workshop prior (July 8th 2009) to the OpenVAS Developer Conference #2 (July 9th - 12th). The following topics will be covered, 1. OpenVAS architecture 2. Installation of OpenVAS on Linux systems 3. OpenVAS scanning OpenVAS features Creation of policies and running the scan Credentiated and Credential less scanning The OpenVAS knowledge base Logs Scanning different network devices: Windows, Unix Reports 4. OpenVAS Administration 5. Writing NASL plugins 6. OpenVAS integrated tools Price: EURO 300 The money will be utilized to cover the travel costs for students and other private OpenVAS developers. If you are interested and willing to register, please send a mail to openvas-devcon at intevation.de at the earliest confirming your attendance. Any suggestions with respect to the topics covered are welcome. Thanks, Chandrashekhar B. www.secpod.com From wcopenhaver at utep.edu Mon Apr 27 16:12:39 2009 From: wcopenhaver at utep.edu (Copenhaver, Walter A) Date: Mon, 27 Apr 2009 08:12:39 -0600 Subject: [Openvas-discuss] Web based Reporter tool In-Reply-To: <1240517487.10188.16.camel@LADY> References: <1240517487.10188.16.camel@LADY> Message-ID: <0E62A7D945C2B0499CE043D97516E54F03D7E1DD@itdsrvmail00.utep.edu> This is really cool. I was thinking of doing something like this too. I will give it a try an let you know how it goes. Thank you. -----Original Message----- From: openvas-discuss-bounces at wald.intevation.org [mailto:openvas-discuss-bounces at wald.intevation.org] On Behalf Of Tim Mehmet Sent: Thursday, April 23, 2009 2:11 PM To: openvas-discuss at wald.intevation.org Subject: [Openvas-discuss] Web based Reporter tool Hi, I have created a simple web based solution for presenting scans jobs. Its all done in PHP and it reads scan jobs exported into the xml format. I just wanted to share it with you guys, I dont know if anyone has anything similar or not. I created it to share nessus scans in an intranet server for various groups. Anyway, please check it out, feel free to comment, its completely free, I dont want anything at all, I just hope people find it useful, all scripts included in download. I have'nt tested it much other than on my systems so there may well be bugs or issues!. Demo here; http://www.hackerstorm.co.uk/openvas/openvas-index.php my website and download here: http://www.hackerstorm.com I'm not planning to take these scripts any further, though I am thinking of doing something with MySQL, something a bit more powerful than static files!. Has this been done already? Perhaps something with 'flash' DashBoards with various summaries, historical charts, grouping scan jobs into platforms, services, departments etc. In particular, I want to create a realtime chart for regular scans. I perform multiple scans some 4-8 times per day and create alerts when something is found on my private systems from internet scans. I do this with commercial tools already but I would like something opensource for sure. Would be happy for feedback on this also. Please note, I dont want to do anything for Nessus, it will be just OpenVas if I do. Regards Tim. http://www.hackerstorm.com _______________________________________________ Openvas-discuss mailing list Openvas-discuss at wald.intevation.org http://lists.wald.intevation.org/mailman/listinfo/openvas-discuss From jan-oliver.wagner at intevation.de Tue Apr 28 09:08:13 2009 From: jan-oliver.wagner at intevation.de (Jan-Oliver Wagner) Date: Tue, 28 Apr 2009 09:08:13 +0200 Subject: [Openvas-discuss] Workshop on OpenVAS - DevCon #2 In-Reply-To: <46BDA200C0904E1497255BFB1DAA7839@bchandra> References: <46BDA200C0904E1497255BFB1DAA7839@bchandra> Message-ID: <200904280908.14031.jan-oliver.wagner@intevation.de> Hello Chandra, On Monday 27 April 2009 14:12:06 Chandrashekhar B wrote: > We are planning to conduct a one day workshop prior (July 8th 2009) to the > OpenVAS Developer Conference #2 (July 9th - 12th). thanks for the details. It all makes sense to me (price, topics etc). Anyone: Any concerns, proposals regarding this? Chandra: If no concerns are raised, can you extend the web page about devcon with the details? Once this is done, we should prepare a announcement for our announcement mailing list. We can use your email as a base. However, we should clarify, that it is possible to join the workshop only. The conference is towards developers, not users. Best Jan -- Dr. Jan-Oliver Wagner | ++49-541-335 08 30 | http://www.intevation.de/ Intevation GmbH, Neuer Graben 17, 49074 Osnabr?ck | AG Osnabr?ck, HR B 18998 Gesch?ftsf?hrer: Frank Koormann, Bernhard Reiter, Dr. Jan-Oliver Wagner From bchandra at secpod.com Tue Apr 28 13:00:46 2009 From: bchandra at secpod.com (Chandrashekhar B) Date: Tue, 28 Apr 2009 16:30:46 +0530 Subject: [Openvas-discuss] Workshop on OpenVAS - DevCon #2 In-Reply-To: <200904280908.14031.jan-oliver.wagner@intevation.de> References: <46BDA200C0904E1497255BFB1DAA7839@bchandra> <200904280908.14031.jan-oliver.wagner@intevation.de> Message-ID: Hello Jan, -----Original Message----- From: openvas-discuss-bounces at wald.intevation.org [mailto:openvas-discuss-bounces at wald.intevation.org] On Behalf Of Jan-Oliver Wagner Sent: Tuesday, April 28, 2009 12:38 PM To: openvas-discuss at wald.intevation.org Subject: Re: [Openvas-discuss] Workshop on OpenVAS - DevCon #2 > Hello Chandra, On Monday 27 April 2009 14:12:06 Chandrashekhar B wrote: >> We are planning to conduct a one day workshop prior (July 8th 2009) to the >> OpenVAS Developer Conference #2 (July 9th - 12th). > thanks for the details. > It all makes sense to me (price, topics etc). > Anyone: Any concerns, proposals regarding this? > Chandra: If no concerns are raised, can you extend the web page > about devcon with the details? I have updated the page. Chandra. From felix.wolfsteller at intevation.de Tue Apr 28 13:05:29 2009 From: felix.wolfsteller at intevation.de (Felix Wolfsteller) Date: Tue, 28 Apr 2009 13:05:29 +0200 Subject: [Openvas-discuss] Workshop on OpenVAS - DevCon #2 In-Reply-To: References: <46BDA200C0904E1497255BFB1DAA7839@bchandra> <200904280908.14031.jan-oliver.wagner@intevation.de> Message-ID: <200904281305.29203.felix.wolfsteller@intevation.de> Sorry, I forgot to respond. I had done it already but not uploaded the files. Btw I think you forgot to commit the changes (only made 'make online' i suppose). -- felix On Tuesday 28 April 2009 13:00:46 Chandrashekhar B wrote: > Hello Jan, > > -----Original Message----- > From: openvas-discuss-bounces at wald.intevation.org > [mailto:openvas-discuss-bounces at wald.intevation.org] On Behalf Of > Jan-Oliver Wagner > Sent: Tuesday, April 28, 2009 12:38 PM > To: openvas-discuss at wald.intevation.org > Subject: Re: [Openvas-discuss] Workshop on OpenVAS - DevCon #2 > > > Hello Chandra, > > On Monday 27 April 2009 14:12:06 Chandrashekhar B wrote: > >> We are planning to conduct a one day workshop prior (July 8th 2009) to > > the > > >> OpenVAS Developer Conference #2 (July 9th - 12th). > > > > thanks for the details. > > It all makes sense to me (price, topics etc). > > > > Anyone: Any concerns, proposals regarding this? > > Chandra: If no concerns are raised, can you extend the web page > > about devcon with the details? > > I have updated the page. > > Chandra. > > > _______________________________________________ > Openvas-discuss mailing list > Openvas-discuss at wald.intevation.org > http://lists.wald.intevation.org/mailman/listinfo/openvas-discuss -- Felix Wolfsteller | ++49-541-335 08 3451 | http://www.intevation.de/ PGP Key: 39DE0100 Intevation GmbH, Neuer Graben 17, 49074 Osnabr?ck | AG Osnabr?ck, HR B 18998 Gesch?ftsf?hrer: Frank Koormann, Bernhard Reiter, Dr. Jan-Oliver Wagner From bchandra at secpod.com Tue Apr 28 13:16:10 2009 From: bchandra at secpod.com (Chandrashekhar B) Date: Tue, 28 Apr 2009 16:46:10 +0530 Subject: [Openvas-discuss] Workshop on OpenVAS - DevCon #2 In-Reply-To: <200904281305.29203.felix.wolfsteller@intevation.de> References: <46BDA200C0904E1497255BFB1DAA7839@bchandra><200904280908.14031.jan-oliver.wagner@intevation.de> <200904281305.29203.felix.wolfsteller@intevation.de> Message-ID: Oh! Yes, did now. Thanks! Please update whatever else needs to be. Chandra. -----Original Message----- From: openvas-discuss-bounces at wald.intevation.org [mailto:openvas-discuss-bounces at wald.intevation.org] On Behalf Of Felix Wolfsteller Sent: Tuesday, April 28, 2009 4:35 PM To: openvas-discuss at wald.intevation.org Subject: Re: [Openvas-discuss] Workshop on OpenVAS - DevCon #2 Sorry, I forgot to respond. I had done it already but not uploaded the files. Btw I think you forgot to commit the changes (only made 'make online' i suppose). -- felix On Tuesday 28 April 2009 13:00:46 Chandrashekhar B wrote: > Hello Jan, > > -----Original Message----- > From: openvas-discuss-bounces at wald.intevation.org > [mailto:openvas-discuss-bounces at wald.intevation.org] On Behalf Of > Jan-Oliver Wagner > Sent: Tuesday, April 28, 2009 12:38 PM > To: openvas-discuss at wald.intevation.org > Subject: Re: [Openvas-discuss] Workshop on OpenVAS - DevCon #2 > > > Hello Chandra, > > On Monday 27 April 2009 14:12:06 Chandrashekhar B wrote: > >> We are planning to conduct a one day workshop prior (July 8th 2009) to > > the > > >> OpenVAS Developer Conference #2 (July 9th - 12th). > > > > thanks for the details. > > It all makes sense to me (price, topics etc). > > > > Anyone: Any concerns, proposals regarding this? > > Chandra: If no concerns are raised, can you extend the web page > > about devcon with the details? > > I have updated the page. > > Chandra. > > > _______________________________________________ > Openvas-discuss mailing list > Openvas-discuss at wald.intevation.org > http://lists.wald.intevation.org/mailman/listinfo/openvas-discuss -- Felix Wolfsteller | ++49-541-335 08 3451 | http://www.intevation.de/ PGP Key: 39DE0100 Intevation GmbH, Neuer Graben 17, 49074 Osnabr?ck | AG Osnabr?ck, HR B 18998 Gesch?ftsf?hrer: Frank Koormann, Bernhard Reiter, Dr. Jan-Oliver Wagner _______________________________________________ Openvas-discuss mailing list Openvas-discuss at wald.intevation.org http://lists.wald.intevation.org/mailman/listinfo/openvas-discuss From jan-oliver.wagner at intevation.de Tue Apr 28 16:28:09 2009 From: jan-oliver.wagner at intevation.de (Jan-Oliver Wagner) Date: Tue, 28 Apr 2009 16:28:09 +0200 Subject: [Openvas-discuss] OpenVAS DevCon: Invited Talk? In-Reply-To: References: <200904220919.40536.jan-oliver.wagner@intevation.de> Message-ID: <200904281628.11822.jan-oliver.wagner@intevation.de> On Mittwoch, 22. April 2009, Jonas Andradas wrote: > On Wed, Apr 22, 2009 at 9:19 AM, Jan-Oliver Wagner < > jan-oliver.wagner at intevation.de> wrote: > > how about inviting a talk for our OpenVAS Conference from a related > > project? > > Namely, I have nmap in mind. Since we plan to establish a far > > better integration with nmap, this might make sense. > > I totally agree with this idea. Let's hope that they can come :) thanks for supporting the idea. If no one objects, I will approach nmap project with this request ... Best Jan -- Dr. Jan-Oliver Wagner | ++49-541-335083-0 | http://www.intevation.de/ Intevation GmbH, Neuer Graben 17, 49074 Osnabr?ck | AG Osnabr?ck, HR B 18998 Gesch?ftsf?hrer: Frank Koormann, Bernhard Reiter, Dr. Jan-Oliver Wagner From dk at alienvault.com Tue Apr 28 16:44:11 2009 From: dk at alienvault.com (Dominique Karg) Date: Tue, 28 Apr 2009 16:44:11 +0200 Subject: [Openvas-discuss] Feedback on amd64 Debian / Lenny packages Message-ID: <503F8E7C-5B98-46C7-ADDA-005C49084D36@alienvault.com> Hello, I'm nearly done with OpenVAS <--> OSSIM integration and wanted to share my thoughts with you. Had to change a bunch of regexps and output formats among other things on the OSSIM side, but it's working right now. Speed increase is great, I also like the new openvas-client very much. Congrats on the great work :-) I had to make some changes to the packages for pfring enabled libpcap, since I'm not using the regular debian one. Then there's a small bug in the openvas-server package; it doesn't create the /var/cache/openvas directory (fixed it here). On the other hand, OpenVAS server startup takes ages, it might be interesting to add something like "loading plugin X out of Y. (Just a suggestion). Once I've got a new release with integration 100% polished I'll send you another short notice. Thanks for the support on this. Greetings, Dominique From felix.wolfsteller at intevation.de Wed Apr 29 07:24:29 2009 From: felix.wolfsteller at intevation.de (Felix Wolfsteller) Date: Wed, 29 Apr 2009 07:24:29 +0200 Subject: [Openvas-discuss] Feedback on amd64 Debian / Lenny packages In-Reply-To: <503F8E7C-5B98-46C7-ADDA-005C49084D36@alienvault.com> References: <503F8E7C-5B98-46C7-ADDA-005C49084D36@alienvault.com> Message-ID: <200904290724.29625.felix.wolfsteller@intevation.de> Hi Dominique On Tuesday 28 April 2009 16:44:11 Dominique Karg wrote: > I'm nearly done with OpenVAS <--> OSSIM integration and wanted to > share my thoughts with you. Had to change a bunch of regexps and > output formats among other things on the OSSIM side, but it's working > right now. That is great! > I had to make some changes to the packages for pfring enabled libpcap, > since I'm not using the regular debian one. Would be great if you send the patch or issue a bug (and attach the patch). > Then there's a small bug in the openvas-server package; it doesn't > create the /var/cache/openvas directory (fixed it here). On the other > hand, OpenVAS server startup takes ages, it might be interesting to > add something like "loading plugin X out of Y. (Just a suggestion). First startup should take ages especially when the signatures are checked. A progress message as you proposed is integrated already (since long), and should update every 50 loaded plugins or so and notify that its done with "All plugins loaded." (after which all output is dumped to openvasd.d and you should not see any more messages on stderr). So, if you start openvasd -d, you see nothing? Good news from your side, felix -- Felix Wolfsteller | ++49-541-335 08 3451 | http://www.intevation.de/ PGP Key: 39DE0100 Intevation GmbH, Neuer Graben 17, 49074 Osnabr?ck | AG Osnabr?ck, HR B 18998 Gesch?ftsf?hrer: Frank Koormann, Bernhard Reiter, Dr. Jan-Oliver Wagner From michael.wiegand at intevation.de Wed Apr 29 08:08:01 2009 From: michael.wiegand at intevation.de (Michael Wiegand) Date: Wed, 29 Apr 2009 08:08:01 +0200 Subject: [Openvas-discuss] Feedback on amd64 Debian / Lenny packages In-Reply-To: <503F8E7C-5B98-46C7-ADDA-005C49084D36@alienvault.com> References: <503F8E7C-5B98-46C7-ADDA-005C49084D36@alienvault.com> Message-ID: <20090429060801.GA13417@intevation.de> * Dominique Karg [28. Apr 2009]: > I'm nearly done with OpenVAS <--> OSSIM integration and wanted to > share my thoughts with you. Had to change a bunch of regexps and > output formats among other things on the OSSIM side, but it's working > right now. Sounds great! As Felix said, if you think your changes are useful for other users as well, we are looking forward to your patches! > Speed increase is great, I also like the new openvas-client very much. > Congrats on the great work :-) Thank you! :) > Then there's a small bug in the openvas-server package; it doesn't > create the /var/cache/openvas directory (fixed it here). Yes, I noticed that too, probably shortly after you downloaded the packages. ;) This is fixed in the most recent Debian packages and in the SVN repository. > On the other hand, OpenVAS server startup takes ages, it might be > interesting to add something like "loading plugin X out of Y. (Just a > suggestion). As Felix said, openvasd outputs messages just like this, but I think it is Debian SOP to pipe the output to /dev/null when starting up. Not sure how verbose you'd like to be in your init.d scripts. > Once I've got a new release with integration 100% polished I'll send > you another short notice. Please do. > Thanks for the support on this. Our pleasure. Regards, Michael -- Michael Wiegand | OpenPGP: D7D049EC | Intevation GmbH - www.intevation.de Neuer Graben 17, 49074 Osnabr?ck, Germany | AG Osnabr?ck, HR B 18998 Gesch?ftsf?hrer: Frank Koormann, Bernhard Reiter, Dr. Jan-Oliver Wagner -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 198 bytes Desc: not available Url : http://lists.wald.intevation.org/pipermail/openvas-discuss/attachments/20090429/4b785478/attachment.pgp From dk at alienvault.com Wed Apr 29 10:24:56 2009 From: dk at alienvault.com (Dominique Karg) Date: Wed, 29 Apr 2009 10:24:56 +0200 Subject: [Openvas-discuss] Feedback on amd64 Debian / Lenny packages In-Reply-To: <20090429060801.GA13417@intevation.de> References: <503F8E7C-5B98-46C7-ADDA-005C49084D36@alienvault.com> <20090429060801.GA13417@intevation.de> Message-ID: <6687AE4B-F55A-4C7B-A33A-F298771494B9@alienvault.com> Am 29.04.2009 um 08:08 schrieb Michael Wiegand: >> On the other hand, OpenVAS server startup takes ages, it might be >> interesting to add something like "loading plugin X out of Y. (Just a >> suggestion). > > As Felix said, openvasd outputs messages just like this, but I think > it > is Debian SOP to pipe the output to /dev/null when starting up. Not > sure > how verbose you'd like to be in your init.d scripts. You're completely right, my bad. Output is a bit ugly tho ;-) ossimpro22:~# openvasd -D Loading the plugins... 918 (out of 10558)byte_func.inc: Not able to open nor to locate it in include paths Loading the plugins... 1071 (out of 10558)sunrpc_func.inc: Not able to open nor to locate it in include paths Loading the plugins... 2193 (out of 10558)smb_func.inc: Not able to open nor to locate it in include paths Loading the plugins... 2244 (out of 10558)smb_func.inc: Not able to open nor to locate it in include paths Loading the plugins... 2295 (out of 10558)smb_func.inc: Not able to open nor to locate it in include paths Loading the plugins... 3927 (out of 10558)slad.inc: Not able to open nor to locate it in include paths Loading the plugins... 4182 (out of 10558)smb_func.inc: Not able to open nor to locate it in include paths Loading the plugins... 4284 (out of 10558)smb_func.inc: Not able to open nor to locate it in include paths Loading the plugins... 5151 (out of 10558)smb_func.inc: Not able to open nor to locate it in include paths Loading the plugins... 5253 (out of 10558)smb_func.inc: Not able to open nor to locate it in include paths Loading the plugins... 6579 (out of 10558)smb_func.inc: Not able to open nor to locate it in include paths Loading the plugins... 7497 (out of 10558)slad.inc: Not able to open nor to locate it in include paths [6449](/var/lib/openvas/plugins/slad_run.nasl) Undefined function 'init_add_preferences' Loading the plugins... 7548 (out of 10558)smb_file_funcs.inc: Not able to open nor to locate it in include paths Loading the plugins... 8721 (out of 10558)smb_func.inc: Not able to open nor to locate it in include paths Loading the plugins... 8874 (out of 10558)smb_func.inc: Not able to open nor to locate it in include paths Loading the plugins... 9639 (out of 10558)plugin_feed_info.inc: Not able to open nor to locate it in include paths All plugins loaded ossimpro22:~# From michael.wiegand at intevation.de Wed Apr 29 10:33:26 2009 From: michael.wiegand at intevation.de (Michael Wiegand) Date: Wed, 29 Apr 2009 10:33:26 +0200 Subject: [Openvas-discuss] Feedback on amd64 Debian / Lenny packages In-Reply-To: <6687AE4B-F55A-4C7B-A33A-F298771494B9@alienvault.com> References: <503F8E7C-5B98-46C7-ADDA-005C49084D36@alienvault.com> <20090429060801.GA13417@intevation.de> <6687AE4B-F55A-4C7B-A33A-F298771494B9@alienvault.com> Message-ID: <20090429083326.GA15363@intevation.de> * Dominique Karg [29. Apr 2009]: > > As Felix said, openvasd outputs messages just like this, but I think > > it is Debian SOP to pipe the output to /dev/null when starting up. > > Not sure how verbose you'd like to be in your init.d scripts. > > You're completely right, my bad. Output is a bit ugly tho ;-) The ugliness is caused by plugins including files which are not present in the feed because of licensing issus (smb_func.inc, smb_file_funcs.inc, byte_func.inc and sunrpc_func.inc) or because they are generated by third-party tools (slad.inc). The number of plugins dependent on these missing includes is very low (15 IIRC) and will decrease in the future. You may safely remove them from your installation. Regards, Michael -- Michael Wiegand | OpenPGP: D7D049EC | Intevation GmbH - www.intevation.de Neuer Graben 17, 49074 Osnabr?ck, Germany | AG Osnabr?ck, HR B 18998 Gesch?ftsf?hrer: Frank Koormann, Bernhard Reiter, Dr. Jan-Oliver Wagner -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 198 bytes Desc: not available Url : http://lists.wald.intevation.org/pipermail/openvas-discuss/attachments/20090429/caa25f2f/attachment.pgp From Jan-Oliver.Wagner at greenbone.net Wed Apr 29 15:01:06 2009 From: Jan-Oliver.Wagner at greenbone.net (Jan-Oliver Wagner) Date: Wed, 29 Apr 2009 15:01:06 +0200 Subject: [Openvas-discuss] OpenVAS Developer Conference: inviting nmap Message-ID: <200904291501.08287.Jan-Oliver.Wagner@greenbone.net> Dear nmap developers, the OpenVAS project (www.openvas.org) holds a developer's conference July 9-12 2009 in Osnabr?ck, Germany. http://www.openvas.org/openvas-devcon2.html It will be about 10-15 developers, including almost all major contributors. Main focus is planning structures for the growing community and planning the 3.0 release of OpenVAS. An important aspect for 3.0 to discuss is a much tighter combination with nmap. We like to integrate nmap's service detection, nse and a far better port scanning. Since we like to have a invited talk at the beginning of our conference, we would very much appreciate a nmap insider to give a talk about current state and future plans of nmap. Perhaps some ideas on a tighter coupling could already be exchanged and concepts worked out as well. In case it is interesting/doable for someone of the nmap team, please let us know. We have a user's workshop prior to the developer conference. The revenues are spend on helping students/private members to join us and to reimburse travel expenses of the invited talk. All the best Jan -- Dr. Jan-Oliver Wagner | ++49-541-335084-0 | http://www.greenbone.net/ Greenbone Networks GmbH, Neuer Graben 17, 49074 Osnabr?ck | AG Osnabr?ck, HR B 202460 Gesch?ftsf?hrer: Lukas Grunwald, Dr. Jan-Oliver Wagner