Those of you watching the SVN commits and the OpenVAS website closely will
already have noticed it: Our newest OpenVAS module just had it's first
release.
The newest member of the OpenVAS family is called gsa-desktop and is a Qt
based OMP client with the ultimate goal of providing an alternative to the
Gtk based OpenVAS-Client while offering the full potential of OMP.
We invite you to try out gsa-desktop and are looking forward to your feedback.
Please keep in mind that gsa-desktop is still in an early stage and does not
yet cover all the functionality provided by OMP. Please read the INSTALL and
README files provided and feel free to ask on the OpenVAS mailing lists if
you have questions.
Thursday, July 29, 2010
OpenVAS Manager 1.0 released
Substantial Technology Adance: Vulnerability Management with OpenVAS Manager 1.0
OpenVAS Manager 1.0 represents almost 2 years of intensive work. The mission of
OpenVAS Manager is to offer powerful and comfortable vulnerability management on
top of the actual vulnerability scanner, OpenVAS Scanner 3.1.
The OpenVAS Manager is a layer between the OpenVAS Scanner and various client
applications. The upcoming clients cover web, desktop and command line
technology and will replace the classic OpenVAS Client.
Central features of OpenVAS Manager are:
* New XML-based protocol OMP (OpenVAS Management Protocol) which client tools
use to control scans, results, etc.
* SQL database where configurations, scan results etc. are stored. Thus, clients
do not need to keep local storage anymore.
* Full control of scan processes. This includes multiple concurrent scans as
well as stopping, pausing, resuming and not at least the scheduling of scans.
* Management of scan notes, false positives and result escalators (notification
on finished scans).
OpenVAS Manager is Free Software (Open Source), licensed under GNU General
Public License Version 2 or any later version.
The first compatible client application to be released will be the web client
GSA (Greenbone Security Assistant), approximately next week.
Beta- and alpha versions of various clients are already available for download.
The OpenVAS development team offers support for any efforts to create binary
packages for the various Linux distributions in order have this new server
readily available for users as soon as possible. Please use our openvas-distro
mailing list for this purpose.
OpenVAS Manager 1.0 represents almost 2 years of intensive work. The mission of
OpenVAS Manager is to offer powerful and comfortable vulnerability management on
top of the actual vulnerability scanner, OpenVAS Scanner 3.1.
The OpenVAS Manager is a layer between the OpenVAS Scanner and various client
applications. The upcoming clients cover web, desktop and command line
technology and will replace the classic OpenVAS Client.
Central features of OpenVAS Manager are:
* New XML-based protocol OMP (OpenVAS Management Protocol) which client tools
use to control scans, results, etc.
* SQL database where configurations, scan results etc. are stored. Thus, clients
do not need to keep local storage anymore.
* Full control of scan processes. This includes multiple concurrent scans as
well as stopping, pausing, resuming and not at least the scheduling of scans.
* Management of scan notes, false positives and result escalators (notification
on finished scans).
OpenVAS Manager is Free Software (Open Source), licensed under GNU General
Public License Version 2 or any later version.
The first compatible client application to be released will be the web client
GSA (Greenbone Security Assistant), approximately next week.
Beta- and alpha versions of various clients are already available for download.
The OpenVAS development team offers support for any efforts to create binary
packages for the various Linux distributions in order have this new server
readily available for users as soon as possible. Please use our openvas-distro
mailing list for this purpose.
OpenVAS libraries and scanner 3.1.0 release
OpenVAS libraries
The OpenVAS developers are happy to announce the release of openvas-libraries
3.1.0. This release adds a number of new features, for example support for
NTLMSSP, for LDAP authentication, for preference file uploads to memory, for
logging messages to syslog and for scanning virtual web hosts.
Many thanks to everyone who has contributed to this release:
Tim Brown, Geoff Galitz, Stephan Kleine, Goran Licina, Michael Meyer, Matthew
Mundell, Raimund Renkert, Preeti Subramanian, Jan-Oliver Wagner, Michael
Wiegand and Felix Wolfsteller.
Main changes compared to 3.0.5:
* Code cleanup: Code from openvas-administrator and openvas-manager which
could be more appropriately placed in openvas-libraries has been moved here.
* Initial support for LDAP authentication has been added.
* IPv6 support has been improved.
* Support for building parts of openvas-libraries on Windows has been added.
* Support for reading preference file uploads from memory instead of from disk
has been added.
* Support for NTLMSSP has been added.
* Authentication mechanism extended to support LDAP and ADS.
* An issue which caused SSH logins with RSA keys on remote systems to fail
under certain circumstances has been fixed.
* Support for logging to syslog has been added.
* Support for scanning virtual web hosts has been added.
The source tarball for this release is available for download from the OpenVAS
website at http://www.openvas.org/. Binary packages for major GNU/Linux
distributions by third parties are expected in the following weeks.
OpenVAS scanner
The OpenVAS developers are happy to announce the release of openvas-scanner
3.1.0. This release adds a number of new features, for example support for
soft pausing of scans, for retrieving the version of an installed NVT
collection, for automatically installing generated client certificates, for
storing uploaded preference files in memory, for dropping privileges for NASL
and NES NVTs and for scanning virtual web hosts. It also contains updated
feed synchronization scripts and removes legacy support for passwords stored
in plaintext (see OpenVAS change request #31,
http://www.openvas.org/openvas-cr-31.html).
Many thanks to everyone who has contributed to this release:
Geoff Galitz, Michael Meyer, Matthew Mundell, Jan-Oliver Wagner, Michael
Wiegand and Felix Wolfsteller.
Main changes compared to 3.0.2:
* Support for storing scanner passwords in plaintext has been removed.
* Support for dropping privileges in NASL and NES NVTs had been added.
* Support for scanning virtual web hosts has been added.
* The handling of NVTs with an invalid timestamp has been improved.
* A bug in the openvas-nvt-sync script which prevented synchronization via
http under certain circumstances has been fixed.
* Support for retrieving the version of the NVT collection has been added to
the openvas-nvt-sync and greenbone-nvt-sync scripts.
* Support for soft pausing of scans has been added.
* Support for automatically installing generated certificate file has been
added to the openvas-mkcert-client script.
* The obsolete C based NVT "ssl_cipher" has been removed from the
openvas-scanner module. It has been replaced by the NASL
implementation "secpod_ssl_ciphers.nasl".
* Support for storing an uploaded preference file in memory instead of on disk
has been added.
The source tarball for this release is available for download from the OpenVAS
website at http://www.openvas.org/. Binary packages for major GNU/Linux
distributions by third parties are expected in the following weeks.
The OpenVAS developers are happy to announce the release of openvas-libraries
3.1.0. This release adds a number of new features, for example support for
NTLMSSP, for LDAP authentication, for preference file uploads to memory, for
logging messages to syslog and for scanning virtual web hosts.
Many thanks to everyone who has contributed to this release:
Tim Brown, Geoff Galitz, Stephan Kleine, Goran Licina, Michael Meyer, Matthew
Mundell, Raimund Renkert, Preeti Subramanian, Jan-Oliver Wagner, Michael
Wiegand and Felix Wolfsteller.
Main changes compared to 3.0.5:
* Code cleanup: Code from openvas-administrator and openvas-manager which
could be more appropriately placed in openvas-libraries has been moved here.
* Initial support for LDAP authentication has been added.
* IPv6 support has been improved.
* Support for building parts of openvas-libraries on Windows has been added.
* Support for reading preference file uploads from memory instead of from disk
has been added.
* Support for NTLMSSP has been added.
* Authentication mechanism extended to support LDAP and ADS.
* An issue which caused SSH logins with RSA keys on remote systems to fail
under certain circumstances has been fixed.
* Support for logging to syslog has been added.
* Support for scanning virtual web hosts has been added.
The source tarball for this release is available for download from the OpenVAS
website at http://www.openvas.org/. Binary packages for major GNU/Linux
distributions by third parties are expected in the following weeks.
OpenVAS scanner
The OpenVAS developers are happy to announce the release of openvas-scanner
3.1.0. This release adds a number of new features, for example support for
soft pausing of scans, for retrieving the version of an installed NVT
collection, for automatically installing generated client certificates, for
storing uploaded preference files in memory, for dropping privileges for NASL
and NES NVTs and for scanning virtual web hosts. It also contains updated
feed synchronization scripts and removes legacy support for passwords stored
in plaintext (see OpenVAS change request #31,
http://www.openvas.org/openvas-cr-31.html).
Many thanks to everyone who has contributed to this release:
Geoff Galitz, Michael Meyer, Matthew Mundell, Jan-Oliver Wagner, Michael
Wiegand and Felix Wolfsteller.
Main changes compared to 3.0.2:
* Support for storing scanner passwords in plaintext has been removed.
* Support for dropping privileges in NASL and NES NVTs had been added.
* Support for scanning virtual web hosts has been added.
* The handling of NVTs with an invalid timestamp has been improved.
* A bug in the openvas-nvt-sync script which prevented synchronization via
http under certain circumstances has been fixed.
* Support for retrieving the version of the NVT collection has been added to
the openvas-nvt-sync and greenbone-nvt-sync scripts.
* Support for soft pausing of scans has been added.
* Support for automatically installing generated certificate file has been
added to the openvas-mkcert-client script.
* The obsolete C based NVT "ssl_cipher" has been removed from the
openvas-scanner module. It has been replaced by the NASL
implementation "secpod_ssl_ciphers.nasl".
* Support for storing an uploaded preference file in memory instead of on disk
has been added.
The source tarball for this release is available for download from the OpenVAS
website at http://www.openvas.org/. Binary packages for major GNU/Linux
distributions by third parties are expected in the following weeks.
Subscribe to:
Posts (Atom)