[Openvas-discuss] openvas openvassd

Matthew Mundell matthew.mundell at greenbone.net
Sat Aug 6 09:54:57 CEST 2011


> What does the openvassd command really do? i feel like it loads up modules
> already downloaded from openvas-nvt-sync. If it is only loading modules why
> does it take so long and it there anyway I can bypass loading up modules? I
> realize when i delete the openvas cache folder, it begins to load those
> modules again when i execute the command: "openvassd". So it only taking
> modules and copying them to the cache folder?

It's doing signature checks on each of the NVTs (the openvas-nvt-sync
"modules"), as far as I can tell.  It calls gpg on each of the 20000, which
is slow for some reason.

There's a scanner option nasl_no_signature_check, but even with this "yes",
openvassd still calls gpg to extract the signatures.  In my tree I applied
the patch below to work around this, but it might slightly modify the
scanner behaviour (it prevents reading in the signatures, even if the NVTs
have signatures).

--- nasl_plugins.c	(revision 11366)
+++ nasl_plugins.c	(working copy)
@@ -113,17 +113,21 @@ nasl_plugin_add (char *folder, char *name, struct
   plugin_args = store_load_plugin (name, preferences);
   if (plugin_args == NULL)
     {
-      char *sign_fprs = nasl_extract_signature_fprs (fullname);
-      // If server accepts signed plugins only, discard if signature file missing.
-      if (preferences_nasl_no_signature_check (preferences) == 0
-          && sign_fprs == NULL)
+      char *sign_fprs;
+
+      if (preferences_nasl_no_signature_check (preferences) == 1)
         {
-          printf ("%s: nvt is not signed and thus ignored\n", fullname);
-          return NULL;
+          sign_fprs = "";
         }
-      else if (sign_fprs == NULL)
+      else
         {
-          sign_fprs = "";
+          sign_fprs = nasl_extract_signature_fprs (fullname);
+          if (sign_fprs == NULL)
+            {
+              // Server requires signed plugins, sig file missing, discard.
+              printf ("%s: nvt is not signed and thus ignored\n", fullname);
+              return NULL;
+            }
         }

       plugin_args = emalloc (sizeof (struct arglist));

--- oval_plugins.c	(revision 11366)
+++ oval_plugins.c	(working copy)
@@ -388,17 +388,21 @@ oval_plugin_add (char *folder, char *name, struct
   if (args == NULL)
     {
       gchar *nvt_filename;
-      char *sign_fprs = nasl_extract_signature_fprs (fullname);
-      // If server accepts signed plugins only, discard if signature file missing.
-      if (preferences_nasl_no_signature_check (preferences) == 0
-          && sign_fprs == NULL)
+      char *sign_fprs;
+
+      if (preferences_nasl_no_signature_check (preferences) == 1)
         {
-          printf ("%s: nvt is not signed and thus ignored\n", fullname);
-          return NULL;
+          sign_fprs = "";
         }
-      else if (sign_fprs == NULL)
+      else
         {
-          sign_fprs = "";
+          sign_fprs = nasl_extract_signature_fprs (fullname);
+          if (sign_fprs == NULL)
+            {
+              // Server requires signed plugins, sig file missing, discard.
+              printf ("%s: nvt is not signed and thus ignored\n", fullname);
+              return NULL;
+            }
         }

       parser.start_element = start_element;

--
Greenbone Networks GmbH
Neuer Graben 17, 49074 Osnabrueck, Germany | AG Osnabrueck, HR B 202460
Executive Directors: Lukas Grunwald, Dr. Jan-Oliver Wagner



More information about the Openvas-discuss mailing list