- [01:11:29]*mcmx (~sergio@196.40.59.226) has quit (Ping timeout: 480 seconds)
- [05:47:47]*chandra (~bchandra@122.167.83.197) entered the channel
- [05:55:12]*Chandan (~chandan@122.167.83.197) entered the channel
- [06:02:52]*mcmx (~sergio@201.200.208.230) entered the channel
- [06:07:57]*Chandan (~chandan@122.167.83.197) has quit (Ping timeout: 480 seconds)
- [06:25:06]*mcmx (~sergio@201.200.208.230) has quit (Quit: Zzzzzzz...)
- [07:46:56]*mwiegand (~michael@aktaia.intevation.org) entered the channel
- [07:47:53]mwiegandmorning
- [08:02:17]*Chandan (~chandan@122.167.83.197) entered the channel
- [08:06:02]kostgood morning!
- [08:15:23]mwiegandmorning kost!
- [08:18:12]mwiegandkost: nice feed collection :)
- [08:20:25]kostthanks mwiegand :)
- [08:21:02]kostand I see openvas-client is ready for beta1 :)
- [08:21:35]kostWhat would you say for copyright notice when it says "GPL, blah, blah..."? :)
- [08:22:02]mwiegandkost: yeah, I found some like that too
- [08:23:03]mwiegandI think we consider them to be GPL, but might want to talk to jan_oliver abouth that, he has given the issue some thought
- [08:23:21]chandrathe SMB ones shldn't be a prob
- [08:23:28]chandrawe have re-written most of them, we can make them work
- [08:23:45]kostI separated that in the separate directory
- [08:24:05]kostI did not separate those which say "GPL..." (they are in gpl/ dir)
- [08:25:13]mwiegandwell, there are three plugins with "# GPL, blah blah blah" already in our feed
- [08:26:11]mwiegandmwiegand is updating the compendium
- [08:27:23]chandrakost: the stillsecure set of plugins, we authored all of them previously for stillsecure :)
- [08:28:18]chandrathey aren't completely updated in that site and are depending on many other scripts that are missing in that set
- [08:28:27]kostchandra: I see, but there is also os2a plugins there!
- [08:28:58]chandrayes, as part of os2a actually, my team was working for os2a earlier
- [08:29:45]chandraalso, we had enhanced libnasl to a greater extent, the new set of libnasl API's are required
- [08:31:18]chandraso, they won't work directly
- [08:32:10]chandrawe are giving a thought to make those enhancements to libnasl for openvas
- [08:33:00]mwiegandchandra: what kind of enhancements did you make?
- [08:33:08]chandraintegrating samba features to extract better connectivity to windows system
- [08:33:11]kostare those enhancements under GPL?
- [08:33:31]chandraincluding ntlmv2, dcerpc etc
- [08:34:00]chandradeveloped as part of os2a, but stillsecure hasn't released them to public anywhere
- [08:35:04]chandracurrent libnasl cannot support windows vista, 2008 or even 2003 in its default config
- [08:35:16]chandraas signing and NTLMv2 based auth is enabled
- [08:35:41]chandraand smb_nt.inc as you know is a direct packet capture and replay
- [08:35:41]kostcan we get in contact with them to see if they are willing to publish it as GPL?
- [08:36:07]kostdo you have any contacts there? I asked David to give me, but waiting for his reply
- [08:36:21]chandrayes, I can get in touch
- [08:36:52]mwiegandhmm, any gentoo users in here?
- [08:36:53]chandratht was for nessus, we might need some tweak-ins for openvas
- [08:36:59]chandrawe can do that
- [08:37:10]kostI see.
- [08:37:56]kostWhat about more GPL scripts I found? Have you saw them chandra? Should we include it in our plugins? It would bod to get second opinion...
- [08:38:13]kosts/bod/be good/
- [08:39:03]chandratesting effort will be there for sure, many dependencies will be missing
- [08:39:20]chandraI think, we can walk through and make only the imp plugins work
- [08:39:51]chandravery old vulnerabilities checks, we can leave them
- [08:42:27]chandrasome of them are already there in the GPL set that Jan uploaded recently
- [08:42:39]kostplugins in gpl/ dir should work ( I checked dependencies)
- [08:43:28]kostregarding depend-misc and depend-smb, if that's too much effort, we can leave them.
- [08:44:04]chandraSMB shld work, as I said
- [08:44:39]chandrawe just have to replace those deps with the new ones we have written
- [09:55:15]*jan_oliver (~jan@aktaia.intevation.org) entered the channel
- [09:55:22]jan_olivergood morning!
- [09:56:24]jan_oliverkost: I am preparing an overview which old ID ranges are assigned to whom. I've see you using 8NNNN. If you agree I will assign this to you.
- [10:09:39]jan_oliverI drafted this page now: http://www.openvas.org/openvas-oids.html
- [10:29:06]kostjan_oliver: yes, It's okay. I'll also take contributions from other people and put it in 8NNNN as agreed.
- [10:29:55]kostas there is no need to assign to few nasl script contribution a whole tree.
- [10:30:16]kostbtw I think 10NNN is used by AlienVault, but they are also using OIDs
- [10:30:23]kost10NNNN
- [10:31:17]kostAlso, I would recommend to move 5NNNN and 6NNNN to 15NNNN and 16NNNN, as to be compatible with nessus.
- [10:31:37]kost(So, people can just copy nessus nasl (if it's gpl) and use it)
- [10:31:59]kostAlso 9NNNN is reserved for private use, as long as I remember
- [10:32:10]kost(from Nessus past)
- [10:39:29]mwiegandyes, it is
- [10:39:53]mwiegandalthough not all of 9NNNN, it is in the documentation somewhere
- [10:44:38]mwiegandhmm, FreeBSD is packaging both nessus and openvas, OpenBSD and NetBSD are only packaging nessus
- [10:45:12]mwiegandany other distributions I should include in the compendium?
- [10:45:56]jan_oliverkost: For a while I thiought it is good to remain compatible with Nessus, but meanwhile I think it will create more headache then benefits.
- [10:46:19]jan_oliverI really prefer to get Nessus out of my mind entirely and concentrate on OpenVAS exclusively.
- [10:46:43]jan_oliverThis opens also to improve NASL and use these improvements.
- [10:47:25]jan_oliverCompatibility with Nessus would bring only benefit if they would do further GPL developments, but this is apparently not the case.
- [10:48:54]jan_olivermwiegand: I have no contacts to the OpenBSD or NetBSD people. Maybe they sooner or later approach us? We do not have capacities ATM to support them.
- [10:49:16]mwiegandmwiegand nods
- [10:50:03]mwiegandjan_oliver: we need to make a decision regarding the sections about the binary packages in the compendium
- [10:50:21]jan_oliverAlso not sure how intensive the FreeBSD people are supporting OpenVAS in their dist.
- [10:50:31]mwiegandit doesn't make sense to write about them if we don't provide them
- [10:50:51]jan_olivermwiegand: I'd say have a section on *BSD and say that at the time of writing only FreeBSD packaged OpenVAS.
- [10:51:36]mwiegandjan_oliver: They are doing at least some patching, it seems: http://www.freshports.org/security/openvas-server/
- [10:51:57]mwiegandjan_oliver: Already done, the FreeBSD section is already in the compendium :)
- [10:53:34]mwiegandapart from the section regarding the binary packages, I'm done with updating the compendium
- [10:54:49]mwiegandwell, I'm still fixing things in the slad plugins chapter, the English is pretty incomprehensible in places
- [10:57:26]mwiegandI think there is no need for use to provide rpms if bitshuffler is building them, is there?
- [10:58:58]kostkost can test openvas on linux/alpha, another 64bit arch
- [10:59:18][machine]jan: you page looks nice, but it doesn't currently match allocated-oids.html
- [11:01:01][machine]that's not to say either is right.. just there is a difference... and alienvault are already using the OID branch I list
- [11:04:10][machine]also... regarding control script for openvasd, there is one already in the source (the Debian one)
- [11:04:46]mwiegandtrue
- [11:05:09]kost[machine]: not sure if debian one supports chkconfig
- [11:05:18]kostwhich is RPM specific stuff for runlevels...
- [11:16:21][machine]kost: in that case, i would add the redhat one to packaging/blah (for suse and redhat)
- [11:16:32][machine]debian use different directives
- [11:16:39][machine]and a different structure
- [11:29:38]jan_oliverkost: you do have an alpha. Cool.
- [11:32:11]jan_oliver[machine]: re allocated-oid.html: damn, this escaped my attention. We have to consolidate this asap.
- [11:34:52]jan_oliverI've compared the two OID schemes:
- [11:36:09]jan_oliverThe appraoch I drafted has a more clear way to differentiate with contributions and OpenVAS-consolidated NVTs.
- [11:37:54]jan_oliverOf course it is all debatable, but I'd really prefer to ask the AlienVault people to reassign to 1.3.6.1.4.1.25623.1.1.N (N needs to be discussed still) or even better to remain with a old ID range until we have 2.0 finalized.
- [11:38:32]jan_oliver[machine]: What do you think?
- [11:41:49]jan_oliver[machine]: re control daemon: I don't have a opinion which one to take as a basis.
- [11:42:53]jan_olivercan't there be a single daemon that works on various linux distributions?
- [11:43:23][machine]jan: doing so would mean that it probably wouldn't comply with what packagers need
- [11:43:50][machine]the gentoo one is massively different from the debian one is masively different from the redhat one
- [11:44:09]mwiegandjan_oliver: I have reworked the slad plugins chapter, but there are still three passages which are incomprehensible to me, maybe you can help me there
- [11:45:12][machine]here is the gentoo one
- [11:45:14][machine]http://sources.gentoo.org/viewcvs.py/gentoo-x86/net-analyzer/openvas-server/files/openvasd?rev=1.1&view=markup
- [11:46:16][machine]regarding impacket
- [11:46:30]mwiegandhow do other projects solve this? do they leave the startup scripts to the packagers?
- [11:47:12][machine]and christian's query.. i would be very happy to see competition money spent porting impacket
- [11:47:27][machine]mweig: that is certainly my experience
- [11:48:13][machine][machine] used to package stuff for solaris and wrote lots of init scripts for daemons i was packaging
- [11:48:30]mwiegandI don't know much about impacket, wouldn't that duplicate functionality already in NASL?
- [11:48:41][machine]mweig: well, some yes
- [11:48:46][machine]there is overlap
- [11:49:08][machine]if it was done, it would have to be done cleverly to avoid such overlap
- [11:49:29][machine]some of the guys here use impacket
- [11:49:34][machine]it has some nice stuff
- [11:49:52][machine]http://labs.portcullis.co.uk/application/polenum/ for example
- [11:49:55]mwieganddo you think should be integrated into NASL? Or run seperately?
- [11:50:12][machine]i'll ask the author of that tool i just posted
- [11:50:54]jan_oliver[machine]: what about the OIDs ?
- [11:52:39][machine]jan: makes sense
- [11:52:55][machine]ok, regarding impacket
- [11:53:15][machine]it has quirks and core aren't responsive
- [11:53:23][machine]for example, it doesn't do ntlmv2
- [11:54:03][machine]based on this, i think a port would be awesome
- [11:54:12][machine]either at the .c or the .nasl level
- [11:54:12]chandrarather than integrating an external tool, I prefer extending the functionality of libnasl with NTLMv2 etc
- [11:54:18][machine][machine] nods
- [11:54:22]chandrathat can be achieved through samba integration
- [11:55:03][machine]chandra: depends if samba on its own allows low enough access
- [11:55:09]chandrawe can have better set of registry, SMB and other DCERPC service API's
- [11:55:09][machine]iyswim
- [11:55:37]chandraas I said in the morning, we had done this for Nessus
- [11:55:45]chandraand am sure we can integrate for openvas as well
- [11:56:05][machine]you can do a lot with samba cli utils... (http://labs.portcullis.co.uk/application/enum4linux/) but not everything
- [11:57:51]chandra - Complete set of registry query API's
- [11:57:51]chandra - All SMB related file functions
- [11:57:51]chandra - Handles to important DCERPC services that include
- [11:57:51]chandra LSA - Local Security Authority
- [11:57:51]chandra SAM - Security Account Manager
- [11:57:52]chandra SVCCTL - Service control
- [11:57:52]chandra SRVSVC - Server Service
- [11:57:54]chandra And possibly others
- [11:58:04]chandrathese are some of the things we had done with samba integration
- [11:58:12][machine][machine] nods
- [11:58:29][machine]chandra: are you proposing at the .c level or the .nasl level?
- [11:58:36]chandra.c level
- [11:58:40]chandraextending libnasl
- [11:58:40][machine][machine] nods
- [11:59:08]chandraand with ntlmv2 and signing, we can easily support vista, 2008 and 2003 in its default config
- [12:00:56]chandraright, samba cli utils is limited, we need to get to the samba core
- [12:04:04]mwiegandextending libnasl sounds good to me
- [12:04:34]chandrapacket forgery is difficult I think but, if you aren't looking at signed messages, wouldn't smb_nt.inc way be sufficient ?
- [12:12:14]mwiegandchandra: you mean forging smb packets?
- [12:15:42]chandrayes, smb_nt.inc right now replays the captured raw packets for each query
- [12:15:51]chandrafor both SMB and DCERPC
- [12:22:56]chandraso, for forging, we can contibue to use the approach used in smb_nt.inc and we can integrate with samba to get better set of libnasl API's for windows
- [12:23:10]chandrasounds ok?
- [12:27:44]*mime (~mime@yian-ho01.nir.cronon.net) entered the channel
- [12:28:04]mwiegandhello mime
- [12:28:52]mimehello to all
- [12:34:38]jan_oliver[machine]: I just updated http://www.openvas.org/openvas-oids.html and added AlienVault's ID range which luckily is not in conflict with anything we had so far.
- [12:36:10]jan_oliver[machine]: Can you contact the AV guys and discuss the change? In short: For the time being it is not necessary to assign OID to run NASLs with OpenVAS. Conflictless old IDs do as well and we do not have a conflict and reserved ID range for AV.
- [12:36:17]jan_oliverhope this in convincing.
- [12:37:06]jan_oliverNext I like to remove http://www.openvas.org/allocated-oid.html asap to get rid of the contradictory information.
- [12:37:12][machine][machine] nods
- [12:37:16][machine]do it ;)
- [12:39:40]*mwiegand (~michael@aktaia.intevation.org) has quit (Quit: Leaving)
- [12:41:35]jan_oliverdone.
- [12:41:58]jan_oliveryou contact AV?
- [12:43:06]kostmaybe it's time that we see if can get ASV status?
- [12:43:09]kosthttps://www.pcisecuritystandards.org/qsa_asv/become_asv.shtml
- [12:48:08]kostnot the OSS project itself, but Intevation maybe
- [12:52:46][machine]kost: my company is a pci company ;)
- [12:52:58][machine]s/my/the comapny i work for
- [12:54:03]kostI see ;)
- [12:54:25]kostSo, you do it with openvas or with something else?
- [12:55:04][machine]we use qualys, nessus and openvas + manual testing ;)
- [12:55:45][machine]interestingly last time we did the certification they had a wireless admin point on the external network we were given to test
- [12:56:00][machine]none of the automated tools found it
- [12:57:33][machine]we're a traditional pen testing company with CHECK status.. but a lot of our clients want pci and it's a quick and easy service to offer
- [12:58:07][machine]CHECK == http://www.cesg.gov.uk/products_services/iacs/check/index.shtml
- [12:59:28][machine]anyway food
- [13:53:01]jan_oliverjan_oliver has to leave soon. We are moving the whole company to new offices today....
- [14:36:27]chandramime: ProFTP issue, have checked into SVN, may take a while before it gets to rsync
- [14:36:54]mimeok, thx
- [14:59:55]*mcmx (~sergio@196.40.59.226) entered the channel
- [15:06:42]mcmxmorning
- [15:25:18]*mime (~mime@yian-ho01.nir.cronon.net) has quit (Quit: Lost terminal)
- [15:28:37]mcmxhi jan_oliver how are you?
- [15:31:23][machine]he's moving office today \o/
- [15:31:49]mcmxyeah I read that in their website
- [15:42:43]*jan_oliver (~jan@aktaia.intevation.org) has quit (Ping timeout: 480 seconds)
- [16:00:08]*chandra (~bchandra@122.167.83.197) has left the channel ()
- [16:04:30]*Chandan (~chandan@122.167.83.197) has quit (Remote host closed the connection)
- [18:21:22][machine]hehe
- [18:21:32][machine][machine] dropped a grenade in spi-general