[Openvas-plugins] Openvas-plugins] openvas-plugins Debian Package

chandan schandan at secpod.com
Tue Apr 21 17:31:40 CEST 2009 

There is an alternative inc, secpod_reg.inc as a replacement to
smb_hotfixes.inc. We will address the below plugins by adding
secpod_reg.inc.

smb_nt_ms04-026.nasl
smb_nt_ms02-051.nasl
smb_nt_ms02-025.nasl
smb_nt_ms02-016.nasl
smb_nt_ms02-018.nasl

The rest of the plugins can be invalidated.

Thanks!!
Chandan S


Message: 1
Date: Tue, 21 Apr 2009 08:45:04 +0200
From: Michael Wiegand <michael.wiegand at intevation.de>
Subject: [Openvas-plugins] openvas-plugins Debian Package
To: Jan Wagner <waja at cyconet.org>
Cc: OpenVAS Debian Distribution List
	<openvas-distro-deb at wald.intevation.org>,	OpenVAS Plugins List
	<openvas-plugins at wald.intevation.org>
Message-ID: <20090421064503.GA18319 at intevation.de>
Content-Type: text/plain; charset="iso-8859-15"

* Jan Wagner [20. Apr 2009]:

>> > > What do I need to do to make the buildds love openvas-server again?
>>     
> >
> > I did all the needed steps.  :) 
>   

Thank you!  :) 

>>> > > > and openvas-plugins aren't in Debian et al.
>>>       
>> > >
>> > > What would be your suggestion for getting it into Debian? Strip out all
>> > > offending plugins or strip all non-C plugins?
>>     
> > 
> > Hmm .... I would suggest to drop all non-dfsg plugins and then let the users
> > decide, if/what/when they update the plugins from your feed. I guess there is
> > fancy script, which can do that.  :) 
>   

Using Javier's audit script, there are only two non-free plugins
remaining. Is this a complete list or are there other scripts Debian
might object to?

The two scripts are:
apache_username.nasl
smb_hotfixes.inc

Both are (C) Tenable without any licensing information.

apache_username.nasl is somewhat old (CVE-2001-1013) but should be
trivial to rewrite from scratch if needed. It was included in the Nessus
GPL Feed, so I will adjust the license to GPL if there are no
objections.

smb_hotfixes.inc is included by eight other plugins:

smb_nt_ms04-026.nasl
smb_nt_ms02-051.nasl
smb_nt_ms02-025.nasl
smb_nt_ms02-016.nasl
spybot_detection.nasl
patchlink_detection.nasl
smb_virii.nasl
smb_suspicious_files.nasl

At least the last four are currently broken anyway, since they include
the nonexistant smb_func.inc as well.

AFAICT, smb_hotfixes.inc was not part of the Nessus GPL Feed, can anyone
clarify where it came from? I'm not sure if the functionality provided
by smb_hotfixes.inc is really needed and how much work this would be.
I'm crossposting this to openvas-plugins in hope of some answers.

I would not mind removing smb_hotfixes.inc and dependent plugins from
the Debian package if the damage is (as it seems) minimal.

Regards,

Michael

-- Michael Wiegand | OpenPGP: D7D049EC | Intevation GmbH -
www.intevation.de Neuer Graben 17, 49074 Osnabr?ck, Germany | AG
Osnabr?ck, HR B 18998 Gesch?ftsf?hrer: Frank Koormann, Bernhard Reiter,
Dr. Jan-Oliver Wagner -------------- next part -------------- A non-text
attachment was scrubbed... Name: not available Type:
application/pgp-signature Size: 198 bytes Desc: not available Url :
http://lists.wald.intevation.org/pipermail/openvas-plugins/attachments/20090421/48ae51f1/attachment-0001.pgp
------------------------------ Message: 2 Date: Tue, 21 Apr 2009
08:55:46 +0200 From: Jan Wagner <waja at cyconet.org> Subject: Re:
[Openvas-plugins] openvas-plugins Debian Package To: OpenVAS Debian
Distribution List <openvas-distro-deb at wald.intevation.org> Cc: OpenVAS
Plugins List <openvas-plugins at wald.intevation.org> Message-ID:
<200904210855.50031.waja at cyconet.org> Content-Type: text/plain;
charset="iso-8859-15" Hi Michael, On Tuesday 21 April 2009, Michael
Wiegand wrote:

> > * Jan Wagner [20. Apr 2009]:
>   
>>> > > > What do I need to do to make the buildds love openvas-server again?
>>>       
>> > >
>> > > I did all the needed steps.  :) 
>>     
> >
> > Thank you!  :) 
>   

your're welcome.  :) 

>> > > Hmm .... I would suggest to drop all non-dfsg plugins and then let the
>> > > users decide, if/what/when they update the plugins from your feed. I
>> > > guess there is fancy script, which can do that.  :) 
>>     
> >
> > Using Javier's audit script, there are only two non-free plugins
> > remaining. Is this a complete list or are there other scripts Debian
> > might object to?
>   

There are guidelines, which have all software needs to be conform to, called 
DFSG[1].

With kind regards, Jan.
[1] http://www.debian.org/social_contract#guidelines
-- Never write mail to <waja at spamfalle.info>, you have been warned!
-----BEGIN GEEK CODE BLOCK----- Version: 3.1 GIT d-- s+: a- C+++ UL++++
P+ L+++ E- W+++ N+++ o++ K++ w--- O M V- PS PE Y++ PGP++ t-- 5 X R tv-
b+ DI- D++ G++ e++ h-- r+++ y+++ ------END GEEK CODE BLOCK------
-------------- next part -------------- A non-text attachment was
scrubbed... Name: not available Type: application/pgp-signature Size:
189 bytes Desc: This is a digitally signed message part. Url :
http://lists.wald.intevation.org/pipermail/openvas-plugins/attachments/20090421/78769717/attachment-0001.pgp
------------------------------



openvas-plugins-request at wald.intevation.org wrote:
> Send Openvas-plugins mailing list submissions to
> 	openvas-plugins at wald.intevation.org
>
> To subscribe or unsubscribe via the World Wide Web, visit
> 	http://lists.wald.intevation.org/mailman/listinfo/openvas-plugins
> or, via email, send a message with subject or body 'help' to
> 	openvas-plugins-request at wald.intevation.org
>
> You can reach the person managing the list at
> 	openvas-plugins-owner at wald.intevation.org
>
> When replying, please edit your Subject line so it is more specific
> than "Re: Contents of Openvas-plugins digest..."
>
>
> Today's Topics:
>
>    1. openvas-plugins Debian Package (Michael Wiegand)
>    2. Re: openvas-plugins Debian Package (Jan Wagner)
>    3. Re: html page truncated with nasl request (Michael Meyer)
>
>
> ----------------------------------------------------------------------
>
> Message: 1
> Date: Tue, 21 Apr 2009 08:45:04 +0200
> From: Michael Wiegand <michael.wiegand at intevation.de>
> Subject: [Openvas-plugins] openvas-plugins Debian Package
> To: Jan Wagner <waja at cyconet.org>
> Cc: OpenVAS Debian Distribution List
> 	<openvas-distro-deb at wald.intevation.org>,	OpenVAS Plugins List
> 	<openvas-plugins at wald.intevation.org>
> Message-ID: <20090421064503.GA18319 at intevation.de>
> Content-Type: text/plain; charset="iso-8859-15"
>
> * Jan Wagner [20. Apr 2009]:
>   
>>> What do I need to do to make the buildds love openvas-server again?
>>>       
>> I did all the needed steps. :)
>>     
>
> Thank you! :)
>
>   
>>>> and openvas-plugins aren't in Debian et al.
>>>>         
>>> What would be your suggestion for getting it into Debian? Strip out all
>>> offending plugins or strip all non-C plugins?
>>>       
>> Hmm .... I would suggest to drop all non-dfsg plugins and then let the users
>> decide, if/what/when they update the plugins from your feed. I guess there is
>> fancy script, which can do that. :)
>>     
>
> Using Javier's audit script, there are only two non-free plugins
> remaining. Is this a complete list or are there other scripts Debian
> might object to?
>
> The two scripts are:
> apache_username.nasl
> smb_hotfixes.inc
>
> Both are (C) Tenable without any licensing information.
>
> apache_username.nasl is somewhat old (CVE-2001-1013) but should be
> trivial to rewrite from scratch if needed. It was included in the Nessus
> GPL Feed, so I will adjust the license to GPL if there are no
> objections.
>
> smb_hotfixes.inc is included by eight other plugins:
>
> smb_nt_ms04-026.nasl
> smb_nt_ms02-051.nasl
> smb_nt_ms02-025.nasl
> smb_nt_ms02-016.nasl
> spybot_detection.nasl
> patchlink_detection.nasl
> smb_virii.nasl
> smb_suspicious_files.nasl
>
> At least the last four are currently broken anyway, since they include
> the nonexistant smb_func.inc as well.
>
> AFAICT, smb_hotfixes.inc was not part of the Nessus GPL Feed, can anyone
> clarify where it came from? I'm not sure if the functionality provided
> by smb_hotfixes.inc is really needed and how much work this would be.
> I'm crossposting this to openvas-plugins in hope of some answers.
>
> I would not mind removing smb_hotfixes.inc and dependent plugins from
> the Debian package if the damage is (as it seems) minimal.
>
> Regards,
>
> Michael
>
>

More information about the Openvas-plugins mailing list