Those of you watching the SVN commits and the OpenVAS website closely will
already have noticed it: Our newest OpenVAS module just had it's first
release.
The newest member of the OpenVAS family is called gsa-desktop and is a Qt
based OMP client with the ultimate goal of providing an alternative to the
Gtk based OpenVAS-Client while offering the full potential of OMP.
We invite you to try out gsa-desktop and are looking forward to your feedback.
Please keep in mind that gsa-desktop is still in an early stage and does not
yet cover all the functionality provided by OMP. Please read the INSTALL and
README files provided and feel free to ask on the OpenVAS mailing lists if
you have questions.
Thursday, July 29, 2010
OpenVAS Manager 1.0 released
Substantial Technology Adance: Vulnerability Management with OpenVAS Manager 1.0
OpenVAS Manager 1.0 represents almost 2 years of intensive work. The mission of
OpenVAS Manager is to offer powerful and comfortable vulnerability management on
top of the actual vulnerability scanner, OpenVAS Scanner 3.1.
The OpenVAS Manager is a layer between the OpenVAS Scanner and various client
applications. The upcoming clients cover web, desktop and command line
technology and will replace the classic OpenVAS Client.
Central features of OpenVAS Manager are:
* New XML-based protocol OMP (OpenVAS Management Protocol) which client tools
use to control scans, results, etc.
* SQL database where configurations, scan results etc. are stored. Thus, clients
do not need to keep local storage anymore.
* Full control of scan processes. This includes multiple concurrent scans as
well as stopping, pausing, resuming and not at least the scheduling of scans.
* Management of scan notes, false positives and result escalators (notification
on finished scans).
OpenVAS Manager is Free Software (Open Source), licensed under GNU General
Public License Version 2 or any later version.
The first compatible client application to be released will be the web client
GSA (Greenbone Security Assistant), approximately next week.
Beta- and alpha versions of various clients are already available for download.
The OpenVAS development team offers support for any efforts to create binary
packages for the various Linux distributions in order have this new server
readily available for users as soon as possible. Please use our openvas-distro
mailing list for this purpose.
OpenVAS Manager 1.0 represents almost 2 years of intensive work. The mission of
OpenVAS Manager is to offer powerful and comfortable vulnerability management on
top of the actual vulnerability scanner, OpenVAS Scanner 3.1.
The OpenVAS Manager is a layer between the OpenVAS Scanner and various client
applications. The upcoming clients cover web, desktop and command line
technology and will replace the classic OpenVAS Client.
Central features of OpenVAS Manager are:
* New XML-based protocol OMP (OpenVAS Management Protocol) which client tools
use to control scans, results, etc.
* SQL database where configurations, scan results etc. are stored. Thus, clients
do not need to keep local storage anymore.
* Full control of scan processes. This includes multiple concurrent scans as
well as stopping, pausing, resuming and not at least the scheduling of scans.
* Management of scan notes, false positives and result escalators (notification
on finished scans).
OpenVAS Manager is Free Software (Open Source), licensed under GNU General
Public License Version 2 or any later version.
The first compatible client application to be released will be the web client
GSA (Greenbone Security Assistant), approximately next week.
Beta- and alpha versions of various clients are already available for download.
The OpenVAS development team offers support for any efforts to create binary
packages for the various Linux distributions in order have this new server
readily available for users as soon as possible. Please use our openvas-distro
mailing list for this purpose.
OpenVAS libraries and scanner 3.1.0 release
OpenVAS libraries
The OpenVAS developers are happy to announce the release of openvas-libraries
3.1.0. This release adds a number of new features, for example support for
NTLMSSP, for LDAP authentication, for preference file uploads to memory, for
logging messages to syslog and for scanning virtual web hosts.
Many thanks to everyone who has contributed to this release:
Tim Brown, Geoff Galitz, Stephan Kleine, Goran Licina, Michael Meyer, Matthew
Mundell, Raimund Renkert, Preeti Subramanian, Jan-Oliver Wagner, Michael
Wiegand and Felix Wolfsteller.
Main changes compared to 3.0.5:
* Code cleanup: Code from openvas-administrator and openvas-manager which
could be more appropriately placed in openvas-libraries has been moved here.
* Initial support for LDAP authentication has been added.
* IPv6 support has been improved.
* Support for building parts of openvas-libraries on Windows has been added.
* Support for reading preference file uploads from memory instead of from disk
has been added.
* Support for NTLMSSP has been added.
* Authentication mechanism extended to support LDAP and ADS.
* An issue which caused SSH logins with RSA keys on remote systems to fail
under certain circumstances has been fixed.
* Support for logging to syslog has been added.
* Support for scanning virtual web hosts has been added.
The source tarball for this release is available for download from the OpenVAS
website at http://www.openvas.org/. Binary packages for major GNU/Linux
distributions by third parties are expected in the following weeks.
OpenVAS scanner
The OpenVAS developers are happy to announce the release of openvas-scanner
3.1.0. This release adds a number of new features, for example support for
soft pausing of scans, for retrieving the version of an installed NVT
collection, for automatically installing generated client certificates, for
storing uploaded preference files in memory, for dropping privileges for NASL
and NES NVTs and for scanning virtual web hosts. It also contains updated
feed synchronization scripts and removes legacy support for passwords stored
in plaintext (see OpenVAS change request #31,
http://www.openvas.org/openvas-cr-31.html).
Many thanks to everyone who has contributed to this release:
Geoff Galitz, Michael Meyer, Matthew Mundell, Jan-Oliver Wagner, Michael
Wiegand and Felix Wolfsteller.
Main changes compared to 3.0.2:
* Support for storing scanner passwords in plaintext has been removed.
* Support for dropping privileges in NASL and NES NVTs had been added.
* Support for scanning virtual web hosts has been added.
* The handling of NVTs with an invalid timestamp has been improved.
* A bug in the openvas-nvt-sync script which prevented synchronization via
http under certain circumstances has been fixed.
* Support for retrieving the version of the NVT collection has been added to
the openvas-nvt-sync and greenbone-nvt-sync scripts.
* Support for soft pausing of scans has been added.
* Support for automatically installing generated certificate file has been
added to the openvas-mkcert-client script.
* The obsolete C based NVT "ssl_cipher" has been removed from the
openvas-scanner module. It has been replaced by the NASL
implementation "secpod_ssl_ciphers.nasl".
* Support for storing an uploaded preference file in memory instead of on disk
has been added.
The source tarball for this release is available for download from the OpenVAS
website at http://www.openvas.org/. Binary packages for major GNU/Linux
distributions by third parties are expected in the following weeks.
The OpenVAS developers are happy to announce the release of openvas-libraries
3.1.0. This release adds a number of new features, for example support for
NTLMSSP, for LDAP authentication, for preference file uploads to memory, for
logging messages to syslog and for scanning virtual web hosts.
Many thanks to everyone who has contributed to this release:
Tim Brown, Geoff Galitz, Stephan Kleine, Goran Licina, Michael Meyer, Matthew
Mundell, Raimund Renkert, Preeti Subramanian, Jan-Oliver Wagner, Michael
Wiegand and Felix Wolfsteller.
Main changes compared to 3.0.5:
* Code cleanup: Code from openvas-administrator and openvas-manager which
could be more appropriately placed in openvas-libraries has been moved here.
* Initial support for LDAP authentication has been added.
* IPv6 support has been improved.
* Support for building parts of openvas-libraries on Windows has been added.
* Support for reading preference file uploads from memory instead of from disk
has been added.
* Support for NTLMSSP has been added.
* Authentication mechanism extended to support LDAP and ADS.
* An issue which caused SSH logins with RSA keys on remote systems to fail
under certain circumstances has been fixed.
* Support for logging to syslog has been added.
* Support for scanning virtual web hosts has been added.
The source tarball for this release is available for download from the OpenVAS
website at http://www.openvas.org/. Binary packages for major GNU/Linux
distributions by third parties are expected in the following weeks.
OpenVAS scanner
The OpenVAS developers are happy to announce the release of openvas-scanner
3.1.0. This release adds a number of new features, for example support for
soft pausing of scans, for retrieving the version of an installed NVT
collection, for automatically installing generated client certificates, for
storing uploaded preference files in memory, for dropping privileges for NASL
and NES NVTs and for scanning virtual web hosts. It also contains updated
feed synchronization scripts and removes legacy support for passwords stored
in plaintext (see OpenVAS change request #31,
http://www.openvas.org/openvas-cr-31.html).
Many thanks to everyone who has contributed to this release:
Geoff Galitz, Michael Meyer, Matthew Mundell, Jan-Oliver Wagner, Michael
Wiegand and Felix Wolfsteller.
Main changes compared to 3.0.2:
* Support for storing scanner passwords in plaintext has been removed.
* Support for dropping privileges in NASL and NES NVTs had been added.
* Support for scanning virtual web hosts has been added.
* The handling of NVTs with an invalid timestamp has been improved.
* A bug in the openvas-nvt-sync script which prevented synchronization via
http under certain circumstances has been fixed.
* Support for retrieving the version of the NVT collection has been added to
the openvas-nvt-sync and greenbone-nvt-sync scripts.
* Support for soft pausing of scans has been added.
* Support for automatically installing generated certificate file has been
added to the openvas-mkcert-client script.
* The obsolete C based NVT "ssl_cipher" has been removed from the
openvas-scanner module. It has been replaced by the NASL
implementation "secpod_ssl_ciphers.nasl".
* Support for storing an uploaded preference file in memory instead of on disk
has been added.
The source tarball for this release is available for download from the OpenVAS
website at http://www.openvas.org/. Binary packages for major GNU/Linux
distributions by third parties are expected in the following weeks.
Wednesday, June 30, 2010
New OpenVAS 3.1 Release Candidates(rc2) released
The OpenVAS developers are happy to announce the release of the second set of release candidates for the upcoming 3.1.0 release of both openvas-scanner and openvas-libraries.
Changes compared to the 3.0.x version include NTLMSSP support, improved IPv6 support, support for uploading preference file into memory and for soft pausing of scans. The latest set of release candidates adds support for LDAP and ADS authentication, scanning virtual web hosts, syslog logging and privilege dropping among other improvements and fixes. For more information please check the CHANGES file provided with each module.
Source tarballs for the two modules are available at
http://wald.intevation.org/frs/download.php/749/openvas-libraries-3.1.0.rc2.tar.gz
and
http://wald.intevation.org/frs/download.php/750/openvas-scanner-3.1.0.rc2.tar.gz
Binary packages for the major GNU/Linux distributions by third parties are expected in the following weeks.
Many thanks to everybody who has made this release possible.
Changes compared to the 3.0.x version include NTLMSSP support, improved IPv6 support, support for uploading preference file into memory and for soft pausing of scans. The latest set of release candidates adds support for LDAP and ADS authentication, scanning virtual web hosts, syslog logging and privilege dropping among other improvements and fixes. For more information please check the CHANGES file provided with each module.
Source tarballs for the two modules are available at
http://wald.intevation.org/frs/download.php/749/openvas-libraries-3.1.0.rc2.tar.gz
and
http://wald.intevation.org/frs/download.php/750/openvas-scanner-3.1.0.rc2.tar.gz
Binary packages for the major GNU/Linux distributions by third parties are expected in the following weeks.
Many thanks to everybody who has made this release possible.
Sunday, May 23, 2010
Building latest (stable) OpenVAS
In case you're tired of building latest versions of OpenVAS when each new (stable) release comes out, there is nice script on OpenVAS trunk which can help you in building OpenVAS (once you satisfy dependencies).
It is located in trunk/tools directory on Subversion, but if you don't like to use Subversion just to grab this script, you can look up build-openvas-3-x.sh script on the web or download latest version of build-openvas-3-x.sh directly.
How to proceed with the build? Very simple! Just say something like this:
There is also other options which you can pass as environment variable to the script, but you can look it up in the script source (there is some examples in the comment section). For the sake of completeness, here are few examples:
Have a pleasant scanning with the OpenVAS! :)
It is located in trunk/tools directory on Subversion, but if you don't like to use Subversion just to grab this script, you can look up build-openvas-3-x.sh script on the web or download latest version of build-openvas-3-x.sh directly.
How to proceed with the build? Very simple! Just say something like this:
SUDOCMD="sudo" sh build-openvas-3-x.shScript will automatically download latest version, build it and install it to /opt/openvas-current-date (for example: /opt/openvas-2010-05-23).
There is also other options which you can pass as environment variable to the script, but you can look it up in the script source (there is some examples in the comment section). For the sake of completeness, here are few examples:
SUDOCMD="sudo" sh build-openvas-3-x.sh
OVNOCLI="yes" sh build-openvas-3-x.sh
OPENVASPATH="/opt/openvas-3" sh build-openvas-3-x.sh
OVSKIPLATEST="yes" sh build-openvas-3-x.sh
OVSKIPRM="yes" sh build-openvas-3-x.sh
OVSKIPBUILD="yes" sh build-openvas-3-x.sh
OVSKIPRM="yes" OVSKIPBUILD="yes" sh build-openvas-3-x.sh
Have a pleasant scanning with the OpenVAS! :)
Friday, May 21, 2010
OpenVAS LiveCD/Virtual machine - version 1.0
Trying out OpenVAS can be as easy as starting a VM image or a Live-CD.
Two versions are available: OpenVAS Server providing just the scan engine framework to be used via a browser or OpenVAS Management Protocol (OMP) clients. And OpenVAS Desktop which adds a desktop to the server including the OMP clients and immediately offers a graphical user interface to OpenVAS after booting.
Please note that both, OpenVAS Server and OpenVAS Desktop, are for demonstration and are not recommended for regular production uses, particularly for more than a few hosts depending on local system resources. The OpenVAS scanner is resource intensive and may take a long time to start on slower systems, especially when run as a VM on laptops.
Login credentials are dynamically generated on firstboot of the appliance and are specified at the console.
Tested with: VirtualBox 3.x, VMWare Workstation 6.5 and XenServer 5.5.0.
For more information go to: http://openvas.org/vm.html
Two versions are available: OpenVAS Server providing just the scan engine framework to be used via a browser or OpenVAS Management Protocol (OMP) clients. And OpenVAS Desktop which adds a desktop to the server including the OMP clients and immediately offers a graphical user interface to OpenVAS after booting.
Please note that both, OpenVAS Server and OpenVAS Desktop, are for demonstration and are not recommended for regular production uses, particularly for more than a few hosts depending on local system resources. The OpenVAS scanner is resource intensive and may take a long time to start on slower systems, especially when run as a VM on laptops.
Login credentials are dynamically generated on firstboot of the appliance and are specified at the console.
Tested with: VirtualBox 3.x, VMWare Workstation 6.5 and XenServer 5.5.0.
For more information go to: http://openvas.org/vm.html
OpenVAS 3.1.0rc1 released
The OpenVAS developers are happy to announce the release of the first release
candidates for the upcoming 3.1.0 release of both openvas-scanner and
openvas-libraries.
Changes compared to the 3.0.x version include NTLMSSP support, improved IPv6
support, support for uploading preference file into memory and for soft
pausing of scans. For more information please check the CHANGES file provided
with each module.
Source tarballs for the two modules are available at
http://wald.intevation.org/frs/download.php/737/openvas-libraries-3.1.0.rc1.tar.gz
and
http://wald.intevation.org/frs/download.php/738/openvas-scanner-3.1.0.rc1.tar.gz
Binary packages for the major GNU/Linux distributions by third parties are
expected in the following weeks.
Many thanks to everybody who has made this release possible.
candidates for the upcoming 3.1.0 release of both openvas-scanner and
openvas-libraries.
Changes compared to the 3.0.x version include NTLMSSP support, improved IPv6
support, support for uploading preference file into memory and for soft
pausing of scans. For more information please check the CHANGES file provided
with each module.
Source tarballs for the two modules are available at
http://wald.intevation.org/frs/download.php/737/openvas-libraries-3.1.0.rc1.tar.gz
and
http://wald.intevation.org/frs/download.php/738/openvas-scanner-3.1.0.rc1.tar.gz
Binary packages for the major GNU/Linux distributions by third parties are
expected in the following weeks.
Many thanks to everybody who has made this release possible.
Subscribe to:
Posts (Atom)