- [00:13:01]*jan_oliver (~jan@aktaia.intevation.org) has left the channel (Kopete 0.12.7 : http://kopete.kde.org)
- [00:14:05]*atomicturtle1 (~sshinn@c-68-32-171-147.hsd1.va.comcast.net) has quit (Quit: Leaving.)
- [00:14:33]*atomicturtle (~sshinn@c-68-32-171-147.hsd1.va.comcast.net) entered the channel
- [00:36:53]*elvishkp (~maughana@166.57.46.163) has quit (Quit: Leaving.)
- [02:57:29]*atomicturtle1 (~sshinn@c-68-32-171-147.hsd1.va.comcast.net) entered the channel
- [02:57:29]*atomicturtle (~sshinn@c-68-32-171-147.hsd1.va.comcast.net) has quit (Read error: Connection reset by peer)
- [03:17:15]*PT (~ptavares@pool-96-226-232-239.dllstx.fios.verizon.net) has quit (Ping timeout: 480 seconds)
- [05:09:22]*PT (~ptavares@pool-96-226-230-65.dllstx.fios.verizon.net) entered the channel
- [05:51:33]*PT (~ptavares@pool-96-226-230-65.dllstx.fios.verizon.net) has quit (joule.oftc.net resistance.oftc.net)
- [05:51:33]*atomicturtle1 (~sshinn@c-68-32-171-147.hsd1.va.comcast.net) has quit (joule.oftc.net resistance.oftc.net)
- [05:57:01]*atomicturtle (~sshinn@c-68-32-171-147.hsd1.va.comcast.net) entered the channel
- [05:59:12]*PT (~ptavares@pool-96-226-230-65.dllstx.fios.verizon.net) entered the channel
- [05:59:12]*atomicturtle1 (~sshinn@c-68-32-171-147.hsd1.va.comcast.net) entered the channel
- [05:59:16]*atomicturtle1 (~sshinn@c-68-32-171-147.hsd1.va.comcast.net) has quit (Read error: Connection reset by peer)
- [07:19:50]*bchandra (~bchandra@122.166.98.27) entered the channel
- [07:27:17]*lmwangi (~lmwangi@196.1.0.36) entered the channel
- [07:58:38]*mwiegand (~michael@aktaia.intevation.org) entered the channel
- [07:59:09]mwiegandmorning
- [08:52:18]*felix (~fwolfste@aktaia.intevation.org) entered the channel
- [08:52:26]felixmorning
- [08:57:32]*atomicturtle1 (~sshinn@c-68-32-171-147.hsd1.va.comcast.net) entered the channel
- [08:57:32]*atomicturtle (~sshinn@c-68-32-171-147.hsd1.va.comcast.net) has quit (Read error: Connection reset by peer)
- [09:22:44]*chrix (~Chrix@host163-47-dynamic.55-79-r.retail.telecomitalia.it) entered the channel
- [09:23:37]*chrix (~Chrix@host163-47-dynamic.55-79-r.retail.telecomitalia.it) has left the channel ()
- [09:24:12]sid77morning all
- [09:25:08]*jan_oliver (~jan@aktaia.intevation.org) entered the channel
- [09:39:08]mwiegandmorning sid77
- [09:55:10]msg|beepmorning
- [09:55:29]msg|beepwhat is the issue to wait for syncing the gui client and the server ?
- [09:55:57]msg|beepthe connection proccess takes now more then 3 mins
- [09:56:17]felixmsg|beep: more nvts?
- [09:56:40]msg|beepfelix: for me to understanding one question
- [09:57:19]msg|beepthe client caches the nvts all the time during any connect to the server and then checked which one are new ?
- [09:57:45]msg|beeppeak 85% memory usage of server
- [09:58:56]felixmsg|beep: mhm. might have to do with the broken nvts (when you start the server he tells you about some nvts with problems, maybe its solved if you remove these)
- [09:59:32]felixmsg|beep: usually amap.nasl, pnmscan etc
- [09:59:37]msg|beepsounds like the client gets a full init of the server again
- [09:59:48]felixmsg|beep: Could you try that?
- [10:00:14]msg|beepfelix: by this i have to remove those nasl's from the include folder ?
- [10:01:55]msg|beepa good mechanism for client init would be, ask the server if he knows he has new scripts last start, so hand ids to client he can check if they in the client cache or not, and update the cache if so, otherwise init done
- [10:02:37]felixmsg|beep: I think the current approach is a bit better, but quite similar.
- [10:02:49]felixmsg|beep: yes, remove the nasl from plugins/include folder
- [10:02:49]msg|beepok but it takes a lot of time here
- [10:03:23]msg|beepfelix: before i remove them i need to know which one, so i have to restart the server manually to get them
- [10:03:42]msg|beepfelix: or you have a list of them
- [10:04:36]felixmsg|beep: no, but the server complains about each when you start it (openvasd), afair it were 5 or 6 of them.
- [10:04:54]msg|beepok do so now
- [10:06:23]*chrix (~Chrix@host163-47-dynamic.55-79-r.retail.telecomitalia.it) entered the channel
- [10:06:25]msg|beepamap is not in the list
- [10:06:30]*chrix (~Chrix@host163-47-dynamic.55-79-r.retail.telecomitalia.it) has left the channel ()
- [10:07:01]msg|beepi only get a list of invisible scripts to the server
- [10:07:38]msg|beepfelix: btw restarting server the client should get a connection abort
- [10:08:00]msg|beepfelix: But the client does nothing say to me
- [10:11:43]msg|beepfelix: does openvasd now have a general timeout for a portscan ?
- [10:13:27]msg|beepor it seams to the issue that kaspersky is not full deactivated
- [10:18:33]msg|beepfelix: definitely when openvasd runs against kaspersky firewall there is no timeout that stops the proccess
- [10:20:53]msg|beepwhen openvas tcp scanner runs it sends more data then the syn scan
- [10:23:18]msg|beepanything changed in the syn scan routine ?
- [10:23:36]msg|beepsyn portscan is totally speedless
- [10:33:15]msg|beepfelix: is there any update of ovaldi package requiered ?
- [10:33:44]msg|beepseams i have to update the server too
- [10:37:41]felixmsg|beep: the list of invisible scripts to the client is what you want
- [10:38:42]felixmsg|beep: as long as the clients stay connected, the serving processes stay alive. there is no connection abort.
- [10:39:54]msg|beepfelix: how the client stay connected when there is a server restart ?
- [10:40:18]*mattm (~mattm@aktaia.intevation.org) entered the channel
- [10:40:45]felixmsg|beep: openvasd forks, client stays connected to fork. if parent dies, fork survives
- [10:41:19]mwiegandmsg|beep: It stays connected to the child of the old parent
- [10:41:26]msg|beepfelix: restarted server get back the forked serving and manage it ?
- [10:41:42]msg|beepok was only a question
- [10:42:45]felixmsg|beep: So what happens when you delete the proplematic nvts? make sure to restart the client as well and open a new scope and new task, please
- [10:43:11]*sven (~swurth@vpn.astaro.de) entered the channel
- [10:43:13]msg|beepwhy do i all new ?
- [10:43:23]felixhi sven
- [10:43:34]svengood morning
- [10:43:40]msg|beepa fast init should be with existing scopes and exsiting tasks in it
- [10:43:49]msg|beep+ too
- [10:44:57]felixmsg|beep: because of the way it works atm. (a bit technical, no time to explain now. the compendium mentions a bit about the initialization process in the otp section).
- [10:46:45]msg|beepfelix: only the nasl or with asc together ?
- [10:49:18]*chrix (~Chrix@host163-47-dynamic.55-79-r.retail.telecomitalia.it) entered the channel
- [10:49:25]*chrix (~Chrix@host163-47-dynamic.55-79-r.retail.telecomitalia.it) has left the channel ()
- [10:53:24]msg|beepfelix: all removed and waiting now
- [11:09:37][machine]moin
- [11:09:50]felixhi [machine]
- [11:09:59][machine]so the openvas.* domains will be transferred to spi next week
- [11:10:18][machine]and spi have a registrar who sponsors all their domains
- [11:10:21]felixmsg|beep: And then disconnect and connect again. would be interesting if thats much faster. If so, please file a bug report
- [11:10:27][machine]so it will cost nothing :)
- [11:15:51]felix[machine]: cool.
- [11:18:20]felix2600 lines of code removed in client, more coming
- [11:25:26]msg|beepfelix: how quick should that reconnect be ?
- [11:30:03]msg|beepfelix: 3-4 mins by reconnect the scope
- [11:40:37]felixmsg|beep: mhh thats bad
- [11:41:33]felixmsg|beep: And at restart the server did not complain about "invisible" nvts anymore?
- [11:51:09]felixbchandra: Is there anything similar to function pointers in nasl?
- [11:55:11]msg|beepfelix: i removed so he does not tell
- [11:57:45]*atomicturtle (~sshinn@c-68-32-171-147.hsd1.va.comcast.net) entered the channel
- [11:57:46]*atomicturtle1 (~sshinn@c-68-32-171-147.hsd1.va.comcast.net) has quit (Read error: Connection reset by peer)
- [11:59:32]felixmsg|beep: thats bad. i think it behaves different with my client. one has to investigate the initialization process, then (the otp elements where plugin md5 sums are sent and info requested).
- [12:00:58]msg|beepfelix: how quick is a client connect by existing scope and how quick by new ?
- [12:01:15]msg|beepfelix: i mean when you do it with your client
- [12:03:18]felixmsg|beep: dont know, no time right now, sry
- [12:03:51]msg|beepbut its faster then my time
- [12:16:35]*Schumie (~Steve@81-29-64-254.servers.dedipower.net) entered the channel
- [12:49:15]felixkost: Do you want to help that guy: http://forums.remote-exploit.org/backtrack-4-software-related-issues/25917-openvas-server-problem.html ? We should include the exact 'error message' (its just a warning) in the FAQ, also
- [13:23:37]*felix (~fwolfste@aktaia.intevation.org) has left the channel (Kopete 0.12.3 : http://kopete.kde.org)
- [13:30:00]bchandrafelix: nothing exists like function pointers
- [13:41:17]msg|beepfelix: one question
- [13:41:34]msg|beepoh mwiegand are u there ?
- [14:00:15][machine]mime/jan_oliver: i think alot of the question about how much information to display comes down to who is using OpenVAS
- [14:01:09][machine]a blackbox user wants "vuln, not vuln", a pentester probably wants "everything you've learnt about the target"
- [14:01:45][machine]one interesting thing might be to expose the kb more
- [14:02:47][machine][machine] would love to be able to see the kb
- [14:15:54]mwiegandmsg|beep: felix left, I'm still here
- [14:16:40]mwiegand[machine]: Something like "get results as NBE", "get results as KB"?
- [14:33:14][machine]mwiegand: well we import the nbe into our reporting engine.. but the data gathered along the way can be pretty useful also
- [14:36:36][machine]mwiegand: one of our competitors made a similar point on twitter.com/7two to Tenable
- [14:45:37]bchandra[machine]: KB is useful but, that's there in the server when you enable KB saving. do we need that to be exported like reports? I am not sure.
- [14:48:49]mwiegandI think "everything you've learnt about the target" could be achieved by using the log_message and debug_message functions properly.
- [14:49:40]*mattm (~mattm@aktaia.intevation.org) has quit (Ping timeout: 480 seconds)
- [14:49:59]mwiegandA blackbox user would only look at the security_* message, a pentester could just drop all filters and browse through all
- [14:55:21][machine]chandra: i know the option exists, but it's not exactly obvious how to extract the KB
- [14:56:12][machine]mwiegand: yes, i agree
- [15:11:58][machine]chandra: security_note is also used for infomation disclosures more generally
- [15:12:35][machine](in comment on your last email)
- [15:12:43][machine]tbh
- [15:13:12][machine]i think the whole way vulns are classified in nessus/openvas sucks
- [15:13:21][machine][machine] would prefer
- [15:13:25][machine]security_high
- [15:13:31][machine]security_medium
- [15:13:36][machine]security_low
- [15:13:41][machine]security_info
- [15:14:24][machine]or even some kind of bit field
- [15:15:08][machine]so you could express the severity, impact and liklihood of a given issue
- [15:15:48][machine]perhaps something that mapped on to CVSS 2
- [15:16:18]bchandra[machine]: yes, CVSS score would indicate the severity
- [15:16:53][machine]cvss expresses all 3
- [15:17:10]bchandra[machine]: I don't think plugins should report vulns using security_note()
- [15:17:34][machine]chandra: there are different levels of vuln though
- [15:17:53][machine]leaking a version is a lot less serious then allowing remote root
- [15:17:59]bchandra[machine]: yes, cvss score will indicate the different levels
- [15:18:53][machine]if security_hole had a way to pass a rating for the vuln, i would agree
- [15:19:12][machine]but people are using security_note to say "this is a problem, but it's not a big problem"
- [15:19:47][machine]and in fact the client guid reflects this use... only security_hole issues are in red
- [15:21:32][machine]if you could say security_hole($severity, $impact, $liklihood, "message"); and the client would reflect this inhow it orders/colours the various issues then yes, security_hole would make sense
- [15:22:59]bchandraif we use script_tag to include cvss score, client could just use that to indicate with different colors depending on the severity range, instead of extending security_hole
- [15:24:59][machine]chandra: sure.. but you still need to tackle the fact that at the moment security_note is used by plugins to return less serious vulns
- [15:25:13][machine]s/you/we
- [15:27:00]bchandraI think if plugins are using security_note to report less serious vuln, we should audit them and move to security_warning
- [15:27:19]bchandraand security_note should be used only for discovery kind of info
- [15:28:43][machine]chandra: i'm not convinced... this changes entirely how it works currently
- [15:30:47][machine]essentially.. security_hole == red (stuff that allows the system to be compromised), security_warning == orange (stuff that allows a particular app to be compromised), security_note == yellow (info disclosure) - thats broadly how it works now..
- [15:31:51][machine]whilst i would like more granularity, moving them to security_warnng is a bit like rearranging the deckchairs on the titanic
- [15:34:06]bchandraok, what is the suggestion?
- [15:35:51][machine]stick as we are (and find a way to expose the kb data) or... completely reconsider how to report and draft a cr to detail what we decide
- [15:36:19]*atomicturtle (~sshinn@c-68-32-171-147.hsd1.va.comcast.net) has quit (Read error: Operation timed out)
- [15:37:32][machine]btw, for me, script_tag is not the correct place to expose cvss... it's not arbitrary data imo
- [15:40:07]mwiegand[machine]: Sounds to me like we already completely reconsider how to report. Might be a good time to write down the current state and get some sort of consensus.
- [15:40:45][machine]mwiegand: well, i can draft something...
- [15:41:15]bchandraI agree, CR would be good.
- [15:41:17]mwiegand[machine]: good, so I won't have to volunteer you. ;)
- [15:41:34]mwiegand[machine]: joking aside, that would be most welcome.
- [15:42:22]mwiegandI think jan_oliver has a few ideas there as well -- as do other folks around here
- [15:42:26][machine]heh :)
- [15:42:45]bchandracvss, log, debug, severity all can be covered in one place
- [15:42:50][machine]mwiegand: i mostly disagree with jan on this though :)
- [15:44:21][machine]like i said initially, a lot of this comes down to the fact that there are at least two distinct use cases
- [15:48:11]mwiegand[machine]: Yes, but I think consistent and proper use of the different message types use would allow for both use cases easily.
- [15:49:42]mwiegandIn my view, it is mainly up to the NASL writers to report in an appropriate manner, they know most about the issue they are checking for
- [15:50:41][machine]mwiegand: i agree but if we're going to change it, better granularity would be nice, and many other things also... which by the time you're finished is "a completely new system" :)
- [16:03:21]mwiegandI'm looking forward to your draft. :)
- [16:12:24]*mwiegand (~michael@aktaia.intevation.org) has quit (Quit: leaving)
- [16:15:49]*elvishkp (~maughana@166.57.46.163) entered the channel
- [16:21:25]*lmwangi (~lmwangi@196.1.0.36) has quit (Ping timeout: 480 seconds)
- [16:23:05]*Schumie (~Steve@81-29-64-254.servers.dedipower.net) has quit (Quit: Leaving)
- [16:35:24]*atomicturtle (~sshinn@wsip-70-184-242-83.dc.dc.cox.net) entered the channel
- [17:00:15]*bchandra (~bchandra@122.166.98.27) has quit (Ping timeout: 480 seconds)
- [17:16:42]*jan_oliver (~jan@aktaia.intevation.org) has left the channel (Kopete 0.12.7 : http://kopete.kde.org)
- [18:24:14]*PT (~ptavares@pool-96-226-230-65.dllstx.fios.verizon.net) has quit (joule.oftc.net synthon.oftc.net)
- [18:24:14]*[machine] (~timb@kelowna.ca.nth-dimension.org.uk) has quit (joule.oftc.net synthon.oftc.net)
- [18:24:14]*elvishkp (~maughana@166.57.46.163) has quit (joule.oftc.net synthon.oftc.net)
- [18:24:52]*elvishkp (~maughana@166.57.46.163) entered the channel
- [18:24:52]*PT (~ptavares@pool-96-226-230-65.dllstx.fios.verizon.net) entered the channel
- [18:24:52]*[machine] (~timb@kelowna.ca.nth-dimension.org.uk) entered the channel
- [18:26:47]*atomicturtle (~sshinn@wsip-70-184-242-83.dc.dc.cox.net) has quit (reticulum.oftc.net charm.oftc.net)
- [18:26:54]*atomicturtle (~sshinn@wsip-70-184-242-83.dc.dc.cox.net) entered the channel
- [19:10:57]elvishkpwho does the ubuntu packaging?
- [19:12:40]elvishkpI guess I can look it up on the web page to. I'm just doing some testing using apt
- [19:29:42][machine]elvish: it's essentially those of us that do debian
- [19:30:22][machine]openvas-distro-deb@wald.intedvation.org
- [19:30:36][machine]or even intevation
- [19:30:40][machine]-d :)
- [19:40:12]elvishkpthe 2.0 version seems to be working fine, except for the sync script, which I know everyone has been harping on
- [19:40:25]elvishkpin Jaunty
- [20:07:05][machine]heh
- [20:07:17][machine][machine] is working on a replacement for syncing anyway
- [20:07:38][machine][machine] not a fan of a) requiring rsync b) nogt signing nasl
- [20:08:57]elvishkplol
- [20:17:12]elvishkpugg, I'm having problems connecting with the client
- [20:17:19]elvishkpa windows v 1.03 client
- [20:17:30]elvishkpand a Linux v -- let me check version on linux
- [20:17:40]elvishkpbut it keeps giving me an error about the TCP client
- [20:20:53]elvishkpsorry, that was stupid
- [20:20:57]elvishkpI meant the SSL client
- [20:21:25]elvishkpI tried switching to cert based auth, I get the same error. I tried switching to another server, I'm still getting the error
- [20:21:38]elvishkpI built 1 server from source, and the other I used the apt repositories
- [20:22:55]elvishkpbah linux client is 1.04
- [20:23:01]elvishkplet me try and get a new client
- [20:27:21][machine]unless you have good reason, i stronly recommend a 2.x client
- [20:27:43][machine]the 1.x client is not entirely happy talking to the 2.x server
- [20:34:04]elvishkpyeah, that's what I'm trying now
- [20:34:12]elvishkpgetting thru the 2. dependency tree :)
- [20:34:57]elvishkpis there an additional dependency? I've addded the following:
- [20:35:22]elvishkplibglib-dev, bison, libgpgme11-dev,libgcrypt11-dev,libgnutls-dev,libpcap-dev
- [20:35:37]elvishkpbut I'm still getting glibc 2.6.0 missing.
- [20:43:03]elvishkpif I have to guess, I'm going to speculate it's an X lib somewhere
- [20:48:46]elvishkpclose, gtk-dev
- [20:49:09]mimeelvishkp: http://www.mail-archive.com/openvas-discuss@wald.intevation.org/msg00671.html
- [20:49:43]elvishkpyeah, I had libglib2 installed
- [20:50:34]elvishkpthat stopping poing glib >= 2.6.0 is where it stops on a lot of the different dependencies.
- [21:25:16]*usr1 (~usr1@wsip-98-191-75-242.dc.dc.cox.net) entered the channel
- [21:26:04]usr1to do windows local security checks, do i have to install samba server and client or just the samba client?
- [21:26:14][machine]client only
- [21:26:30][machine]usr1: with debian smbclient should be enough i think
- [21:28:27]usr1thank you. the openvas document compendium said to install SAMBA so I was mislead.
- [21:31:00]*usr1 (~usr1@wsip-98-191-75-242.dc.dc.cox.net) has quit (Quit: http://irc2go.com/)
- [21:39:29]*felix (~felix@BAG5503.bag.pppool.de) entered the channel
- [21:40:56]felixelvishkp: There are also some ubuntu packages generated by the opensuse build service. Unfortunately I always forget the url
- [21:41:49]elvishkpyeah, I think I got it now. I'm mostly just testing, installing, using etc etc
- [21:42:33]felixelvishkp: You do not try trunk, do you?
- [21:42:57]elvishkpI've tried trunk also, but I went back to the packages
- [21:43:20]elvishkpbut I get it working, then I start over
- [21:43:27]felixelvishkp: usually, trunk is quite usuable. Today I had some issues with it, though.
- [21:43:46]felixelvishkp: 'useable' that should have been
- [21:43:55]elvishkpfelix: that makes more sense, earlier days went well
- [21:44:40]felix*grrr* I NEVER find the opensuse thing.
- [21:52:11]felixhttp://software.opensuse.org/search
- [21:52:19]felixgives 505 atm, though
- [21:52:23]elvishkpI'm still having trouble connecting with the newest client and the packaged ubuntu openvas-server
- [21:52:28]elvishkpthey are on the same box now
- [21:52:37]elvishkpbut when I try to actually run a scan, I get an SSL error
- [21:52:41]felixelvishkp: both 2.0.x?
- [21:52:47]elvishkpfelix: yes
- [21:52:59]felixelvishkp: did you create the certificate etc?
- [21:55:37]elvishkpfelix: I just did user, I guess I can create the client certs
- [21:58:23]felixelvishkp: no, openvas-mkcert
- [21:58:50]felix(creates server cert)
- [22:19:13]elvishkpelvishkp: I had already created the server cert
- [22:27:25]felixelvishkp: Did you restart the server?
- [22:28:43]felixelvishkp: usual steps: 1) install 2) openvas-mkcert 3) openvas-adduser (is it "adduser"?) 4) openvasd 5) openvas-client
- [22:30:05]felixelvishkp: maybe you chose the wrong paranoia settings in client. If you havent done anything serious with the client you can 'clean' its data by removing (default:) rm -rf ~/.openvas . stop client before and restart after
- [22:30:26]felixgood night, good luc
- [22:30:33]*felix (~felix@BAG5503.bag.pppool.de) has quit (Remote host closed the connection)
- [23:27:55]*atomicturtle (~sshinn@wsip-70-184-242-83.dc.dc.cox.net) has quit (Ping timeout: 480 seconds)