From Jan-Oliver.Wagner at greenbone.net Tue Dec 15 13:25:16 2009 From: Jan-Oliver.Wagner at greenbone.net (Jan-Oliver Wagner) Date: Tue, 15 Dec 2009 13:25:16 +0100 Subject: [Openvas-discuss] Towards 3.0.0 final Message-ID: <200912151325.20200.Jan-Oliver.Wagner@greenbone.net> Hello, The rc1-series is out and we have some 200 primary downloads of the source code packages. It is also integrated in the OpenSUSE Build Service. So far nothing criticial was reported. Tim and others fixed a number of small issues like FD leackage. The primary source code downloads of the betas and the rc seem to say we have around 200 early adopters/testers. I assume we don't get more with doing a rc2 and delaying the whole process. Currently I do see no reason why not to release 3.0.0 on Dec. 18th. (Remind: 2.0 was also released on Dec. 18th ;-) Anyone volunteers to write the announcement? (perhaps derived from the CHANGES) Best Jan -- Dr. Jan-Oliver Wagner | ++49-541-335084-0 | http://www.greenbone.net/ Greenbone Networks GmbH, Neuer Graben 17, 49074 Osnabr?ck | AG Osnabr?ck, HR B 202460 Gesch?ftsf?hrer: Lukas Grunwald, Dr. Jan-Oliver Wagner From Jan-Oliver.Wagner at greenbone.net Thu Dec 17 16:32:27 2009 From: Jan-Oliver.Wagner at greenbone.net (Jan-Oliver Wagner) Date: Thu, 17 Dec 2009 16:32:27 +0100 Subject: [Openvas-discuss] Towards 3.0.0 final (proposal for announcement) In-Reply-To: <200912151325.20200.Jan-Oliver.Wagner@greenbone.net> References: <200912151325.20200.Jan-Oliver.Wagner@greenbone.net> Message-ID: <200912171632.29712.Jan-Oliver.Wagner@greenbone.net> On Dienstag, 15. Dezember 2009, Jan-Oliver Wagner wrote: > Anyone volunteers to write the announcement? > (perhaps derived from the CHANGES) I crafted a first version, see below. Good enough? Complete? Best Jan Network Security Scanner OpenVAS 3.0.0 Released On December 18th, 2008, the OpenVAS[1] developer team released OpenVAS 3.0.0 which introduces new features and a new architecture in order to form the basis for leveraging the vulnerability scanner into a vulnerability management solution. The GPL-licensed Open Vulnerability Assessment System (OpenVAS) has become _the_ Open Source Security Scanner. It is complemented with the largest open collection of security tests, the daily updated OpenVAS NVT Feed with over 15.000 Network Vulnerability Tests (NVTs). Exactly 1 year after version 2.0.0 was released, the new 3.0 generation introduces: * A new internal architecture * Get rid of various limitations for NVT Meta Information * IPv6 Support * WMI clients support * Supports upcoming optional extensions: * OpenVAS Manager for storing and organizing scans on a central server in a SQL database * OpenVAS Administrator for User-, Feed- an Settings-Management * Greenbone Security Assistent for a Vulnerability Management Interface Compatibility: The new OpenVAS Scanner remains compatible with the OpenVAS NVT Feed as well as with the Greenbone Security Feed. Also, it is possible to use the new OpenVAS Scanner with the OpenVAS-Client 2.0. OpenVAS Client 3.0 can connect to both concurrently, OpenVAS Scanner 3.0 and OpenVAS Server 2.0 and even connect to OpenVAS Manager via the new OpenVAS Management Protocol (OMP). New Architecture: OpenVAS 3.0 introduces a new architecture where openvas-libraries now includes openvas-libnasl as well as redundant code from openvas-client. The module openvas-server is renamed to openvas-scanner and includes any platform-dependent elements of openvas-plugins. As a result of this, the total number of source code lines decreased, though new features are added. Also, for running just the core scanner only 2 modules are required (instead of 4 as it is the case for OpenVAS 2.0). Maintenance: Version 3.0 will be maintained by the OpenVAS team for at least 2 years and the maintenance of Version 2.0 will continue for at least one year. Version 1.0 is being retired in January 2010. Downloads: All download links for OpenVAS 3.0.0 and additional information can be found on the OpenVAS website[1]. OpenVAS 3.0.0 is initially relased as a source code release; packages for various distributions are expected to follow. The OpenVAS team would like to thank everybody who has contributed to this release. We have worked hard to bring you a reliable network security scanner. If you have any questions or suggestions, please feel free to use the public mailing list and our online chat. Please use the OpenVAS bug tracker[2] to report bugs. The OpenVAS developers would like to wish all users a recreative holiday season and a a happy new year. [1] http://www.openvas.org [2] http://bugs.openvas.org -- Dr. Jan-Oliver Wagner | ++49-541-335084-0 | http://www.greenbone.net/ Greenbone Networks GmbH, Neuer Graben 17, 49074 Osnabr?ck | AG Osnabr?ck, HR B 202460 Gesch?ftsf?hrer: Lukas Grunwald, Dr. Jan-Oliver Wagner From fidel61 at gmail.com Fri Dec 18 20:36:33 2009 From: fidel61 at gmail.com (Fidel Castro) Date: Fri, 18 Dec 2009 17:36:33 -0200 Subject: [Openvas-discuss] OpenVas port 5988 tcp Message-ID: <567507540912181136i35e0fd53q25ff4410194c048d@mail.gmail.com> Hello, I performed a scan in a particular machine on my network and Openvas is reporting several false positives on port 5988 tcp. The service runs on port is the Sun Management Service. The Openvas is reporting the vulnerabilities: *AnalogX SimpleServer:WWW DoS **LabView web server DoS * *Oracle9iAS too long URL **Sambar web server DOS **Xeneo Web Server 2.2.9.0 DoS **Netware Perl CGI overflow **admin.cgi overflow **Oracle webcache admin interface DoS **Linksys WRT54G DoS etc... * I dont have Oracle or linksys on this machine... How can I do to report this false positives? Can i disable the scan in this port? Someone went through a similar situation? thanks Daniel -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.wald.intevation.org/pipermail/openvas-discuss/attachments/20091218/24555d8a/attachment.html From michael.meyer at intevation.de Fri Dec 18 21:26:41 2009 From: michael.meyer at intevation.de (Michael Meyer) Date: Fri, 18 Dec 2009 21:26:41 +0100 Subject: [Openvas-discuss] OpenVas port 5988 tcp In-Reply-To: <567507540912181136i35e0fd53q25ff4410194c048d@mail.gmail.com> References: <567507540912181136i35e0fd53q25ff4410194c048d@mail.gmail.com> Message-ID: <20091218202641.GA16477@komma-nix.de> Hello Daniel, *** Fidel Castro wrote: > I performed a scan in a particular machine on my network and Openvas is > reporting several false positives on port 5988 tcp. > > The service runs on port is the Sun Management Service. > > The Openvas is reporting the vulnerabilities: > > *AnalogX SimpleServer:WWW > > [...] I will try to fix that in a few days. Thanks for reporting. Micha -- Michael Meyer OpenPGP Key: 76E050B9 http://www.intevation.de Intevation GmbH, Neuer Graben 17, 49074 Osnabr?ck; AG Osnabr?ck, HR B 18998 Gesch?ftsf?hrer: Frank Koormann, Bernhard Reiter, Dr. Jan-Oliver Wagner From geez4 at runbox.com Sat Dec 19 15:34:03 2009 From: geez4 at runbox.com (Gary Kopp) Date: Sat, 19 Dec 2009 07:34:03 -0700 Subject: [Openvas-discuss] 3.0 Client & gnutls Message-ID: I'm new to openvas. I'm starting with v3.0, building from source. My scanner and client platform is CentOS 5. This platform has a preinstalled gnutls package, version 1.4.1. The openvas client wants gnutls >= 2.4.2. I can't remove version 1.4.1 due to other package dependencies. I downloaded, built, and installed gnutls 2.8.5 (and 2.4.2 on a separate machine, just to be sure), but I can't get the openvas client configure to recognize its presence, and there seems to be no configure parameter controlling the search location of the gnutls library. I've tried to configure the client on both 32-bit and 64-bit CentOS 5 platforms. The library and scanner _did_ install on a CentOS 5 64-bit machine. I'm just having a problem with the client. Gnutls installed into /usr/local/lib, which I've added to ldconfig. The old version is in /usr/lib. I'm probably missing something obvious due to a probable misunderstanding of Linux library management. Can anyone give me any clues? --Gary From geoff at galitz.org Sun Dec 20 17:58:24 2009 From: geoff at galitz.org (Geoff Galitz) Date: Sun, 20 Dec 2009 17:58:24 +0100 Subject: [Openvas-discuss] 3.0 Client & gnutls In-Reply-To: References: Message-ID: <8DA7A5BE96EF409A8D8FEC1F50125C82@geoffPC> > on > both 32-bit and 64-bit CentOS 5 platforms. The library and scanner _did_ > install on a CentOS 5 64-bit machine. I'm just having a problem with the > client. Gnutls installed into /usr/local/lib, which I've added to > ldconfig. > The old version is in /usr/lib. Did you run "ldconfig" after making changes to the ld.so.conf files to reflect the new library? I'd actually try running with LD_LIBRARY_PATH set to /usr/local/lib to make sure the right libraries are loaded in the right order: export LD_LIBRARY_PATH=/usr/local/lib You can also use the "ldd" program to see exactly what shared libraries are being loaded by the program: ldd /usr/local/bin/openvas-client (or wherever it is). Changes you make via the libtool suite and LD_LIRBARY_PATH environmental variable will show up when you run "ldd." -geoff --------------------------------- Geoff Galitz Blankenheim NRW, Germany http://www.galitz.org/ http://german-way.com/blog/ From geez4 at runbox.com Sun Dec 20 23:40:27 2009 From: geez4 at runbox.com (Gary Kopp) Date: Sun, 20 Dec 2009 15:40:27 -0700 Subject: [Openvas-discuss] 3.0 Client & gnutls In-Reply-To: <8DA7A5BE96EF409A8D8FEC1F50125C82@geoffPC> References: <8DA7A5BE96EF409A8D8FEC1F50125C82@geoffPC> Message-ID: Thanks for the pointers, Geoff. It turns out it had nothing to do with run-time library searching and everything to do with my lack of experience with autoconf. I had to export PKG_CONFIG_PATH pointing to /usr/local/lib/pkgconfig before running configure, and then everything went fine. --Gary -----Original Message----- From: Geoff Galitz [mailto:geoff at galitz.org] Sent: Sunday, December 20, 2009 9:58 AM To: 'Gary Kopp'; openvas-discuss at wald.intevation.org Subject: RE: [Openvas-discuss] 3.0 Client & gnutls > on > both 32-bit and 64-bit CentOS 5 platforms. The library and scanner > _did_ install on a CentOS 5 64-bit machine. I'm just having a problem > with the client. Gnutls installed into /usr/local/lib, which I've > added to ldconfig. > The old version is in /usr/lib. Did you run "ldconfig" after making changes to the ld.so.conf files to reflect the new library? I'd actually try running with LD_LIBRARY_PATH set to /usr/local/lib to make sure the right libraries are loaded in the right order: export LD_LIBRARY_PATH=/usr/local/lib You can also use the "ldd" program to see exactly what shared libraries are being loaded by the program: ldd /usr/local/bin/openvas-client (or wherever it is). Changes you make via the libtool suite and LD_LIRBARY_PATH environmental variable will show up when you run "ldd." -geoff --------------------------------- Geoff Galitz Blankenheim NRW, Germany http://www.galitz.org/ http://german-way.com/blog/ From felix.wolfsteller at intevation.de Mon Dec 21 09:30:55 2009 From: felix.wolfsteller at intevation.de (Felix Wolfsteller) Date: Mon, 21 Dec 2009 09:30:55 +0100 Subject: [Openvas-discuss] OpenVas port 5988 tcp In-Reply-To: <567507540912181136i35e0fd53q25ff4410194c048d@mail.gmail.com> References: <567507540912181136i35e0fd53q25ff4410194c048d@mail.gmail.com> Message-ID: <200912210930.55873.felix.wolfsteller@intevation.de> Hi Daniel On Friday 18 December 2009 20:36:33 Fidel Castro wrote: > Hello, > I dont have Oracle or linksys on this machine... > > How can I do to report this false positives? Can i disable the scan in this > port? > Someone went through a similar situation? > Daniel In (newer) Gtk-Clients there is the possibility to override the reported severities. However, reporting false positives on the mailinglists list is important and appreciated a lot. Thanks -- felix -- Felix Wolfsteller | ++49 541 335083-783 | http://www.intevation.de/ PGP Key: 39DE0100 Intevation GmbH, Neuer Graben 17, 49074 Osnabr?ck | AG Osnabr?ck, HR B 18998 Gesch?ftsf?hrer: Frank Koormann, Bernhard Reiter, Dr. Jan-Oliver Wagner From felix.wolfsteller at intevation.de Mon Dec 21 09:35:00 2009 From: felix.wolfsteller at intevation.de (Felix Wolfsteller) Date: Mon, 21 Dec 2009 09:35:00 +0100 Subject: [Openvas-discuss] 3.0 Client & gnutls In-Reply-To: References: <8DA7A5BE96EF409A8D8FEC1F50125C82@geoffPC> Message-ID: <200912210935.00585.felix.wolfsteller@intevation.de> Thanks for reporting, Gary. I will adjust the error message when gnutls is not found (in the correct version) to give a hint about the possible need to adjust PKG_CONFIG_PATH. -- felix On Sunday 20 December 2009 23:40:27 Gary Kopp wrote: > Thanks for the pointers, Geoff. It turns out it had nothing to do with > run-time library searching and everything to do with my lack of experience > with autoconf. I had to export PKG_CONFIG_PATH pointing to > /usr/local/lib/pkgconfig before running configure, and then everything went > fine. > > --Gary > > -----Original Message----- > From: Geoff Galitz [mailto:geoff at galitz.org] > Sent: Sunday, December 20, 2009 9:58 AM > To: 'Gary Kopp'; openvas-discuss at wald.intevation.org > Subject: RE: [Openvas-discuss] 3.0 Client & gnutls > > > on > > both 32-bit and 64-bit CentOS 5 platforms. The library and scanner > > _did_ install on a CentOS 5 64-bit machine. I'm just having a problem > > with the client. Gnutls installed into /usr/local/lib, which I've > > added to ldconfig. > > The old version is in /usr/lib. > > Did you run "ldconfig" after making changes to the ld.so.conf files to > reflect the new library? > > I'd actually try running with LD_LIBRARY_PATH set to /usr/local/lib to make > sure the right libraries are loaded in the right order: > > export LD_LIBRARY_PATH=/usr/local/lib > > You can also use the "ldd" program to see exactly what shared libraries are > being loaded by the program: > > ldd /usr/local/bin/openvas-client (or wherever it is). > > > Changes you make via the libtool suite and LD_LIRBARY_PATH environmental > variable will show up when you run "ldd." > > -geoff > > > > --------------------------------- > Geoff Galitz > Blankenheim NRW, Germany > http://www.galitz.org/ > http://german-way.com/blog/ > > > > _______________________________________________ > Openvas-discuss mailing list > Openvas-discuss at wald.intevation.org > http://lists.wald.intevation.org/mailman/listinfo/openvas-discuss -- Felix Wolfsteller | ++49 541 335083-783 | http://www.intevation.de/ PGP Key: 39DE0100 Intevation GmbH, Neuer Graben 17, 49074 Osnabr?ck | AG Osnabr?ck, HR B 18998 Gesch?ftsf?hrer: Frank Koormann, Bernhard Reiter, Dr. Jan-Oliver Wagner From michael.meyer at intevation.de Mon Dec 21 15:03:23 2009 From: michael.meyer at intevation.de (Michael Meyer) Date: Mon, 21 Dec 2009 15:03:23 +0100 Subject: [Openvas-discuss] OpenVas port 5988 tcp In-Reply-To: <567507540912181136i35e0fd53q25ff4410194c048d@mail.gmail.com> References: <567507540912181136i35e0fd53q25ff4410194c048d@mail.gmail.com> Message-ID: <20091221140323.GA5995@komma-nix.de> Hello Daniel, *** Fidel Castro wrote: > I performed a scan in a particular machine on my network and Openvas is > reporting several false positives on port 5988 tcp. all plugins should be fixed. Please do a 'openvas-nvt-sync' and rescan. If a plugin still gives a false positive, please let me know. Micha -- Michael Meyer OpenPGP Key: 76E050B9 http://www.intevation.de Intevation GmbH, Neuer Graben 17, 49074 Osnabr?ck; AG Osnabr?ck, HR B 18998 Gesch?ftsf?hrer: Frank Koormann, Bernhard Reiter, Dr. Jan-Oliver Wagner