It would be so nice if google translator may have give something usable ....
anyway, here is my proposal,
please any german reader can have a look ...
I made sentence by reading the policy BSI-TR-03116-4 document, studying
the plugin code and extracting key word from google translate
*diff -u policy_BSI-TR-03116-4.nasl policy_BSI-TR-03116-4.nasl.new*
--- policy_BSI-TR-03116-4.nasl 2016-03-25 13:47:55.164000000 +0000
+++ policy_BSI-TR-03116-4.nasl.new 2016-03-25 13:47:42.992000000 +0000
@@ -45,7 +45,7 @@
}
enable_ssl_suported_cipher = get_kb_item("SSL/SupportedCiphers/Enabled");
if(enable_ssl_suported_cipher == 'no'){
- report = "Damit dieser Test durchgef�hrt werden kann, muss bei den
'Vorgaben f�r Network\nVulnerability Tests', im Test 'SSL Cipher Settings',
der Punkt 'List SSL Supported\nCiphers' auf 'yes' umgestellt werden.";
+ report = "To run this test, it is mandatory to set plugins preference
'List SSL Supported Ciphers' to 'yes'";
set_kb_item(name:"policy/BSI-TR-03116-4_err", value:report);
exit(0);
}
@@ -83,7 +83,7 @@
set_kb_item(name:"policy/BSI-TR-03116-4/" + sslPort + "/ok",
value:ok_ciph);
}
else {
- report = "Keiner der unter Punkt 2.1.2 geforderten Ciphers wurde auf dem
System unter Port " + sslPort + " gefunden.";
+ report = "None of the Ciphers Suite list in Chapter 2.1.2 of
BSI-TR-03116-4 are available on Port" + sslPort;
set_kb_item(name:"policy/BSI-TR-03116-4/" + sslPort + "/fail",
value:report);
}
exit(0);
*diff -u policy_BSI-TR-03116-4_ok.nasl policy_BSI-TR-03116-4_ok.nasl.new*
--- policy_BSI-TR-03116-4_ok.nasl 2016-03-25 14:00:43.012000000 +0000
+++ policy_BSI-TR-03116-4_ok.nasl.new 2016-03-25 14:00:00.104000000 +0000
@@ -52,7 +52,7 @@
result = get_kb_item("policy/BSI-TR-03116-4/" + sslPort + "/ok");
if (result) {
- report = "Mindestens einer der unter Punkt 2.1.2 geforderten Ciphers
wurde auf Port " + sslPort + " gefunden:\n" + result;
+ report = "One or more Ciphers Suite list in Chapter 2.1.2 of
BSI-TR-03116-4 were detected on Port " + sslPort + ":\n" + result;
log_message(data:report, port:sslPort);
}
*diff -u policy_BSI-TR-03116-4_violation.nasl
policy_BSI-TR-03116-4_violation.nasl.new*
--- policy_BSI-TR-03116-4_violation.nasl 2016-03-25
13:13:40.780000000 +0000
+++ policy_BSI-TR-03116-4_violation.nasl.new 2016-03-25
14:23:25.348000000 +0000
@@ -40,19 +40,19 @@
script_dependencies("policy_BSI-TR-03116-4.nasl");
script_family("Policy");
script_tag(name:"summary", value:"List negative results from Policy for
BSI-TR-03116-4 Test");
- script_tag(name: "insight", value: "Mindestens zu unterstützenden Cipher
Suites:
-
+ script_tag(name: "insight", value: "
+ Allowed cipher-suites according to BSI TR-03116-4 2.1.2
+ SHA-1 and non-PFS cipher suites are removed.
+
TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256,
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256,
TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256.
-
- Sofern anwendungsbezogen Cipher Suites eingesetzt werden, bei denen
zus�tzlich
- zur Authentisierung des Servers via Zertifikaten vorab ausgetauschte
Daten
- (Pre-Shared-Key; PSK) in die Authentisierung und Schl�sseleinigung
einflie�en,
- muss mindestens die folgende Cipher Suite unterst�tzt werden:
-
+
+ If cipher suites are used with certificate authentication and key
agreement methods
+ using Pre-Shared Key (PSK), the following cipher suite is accept:
TLS_RSA_PSK_WITH_AES_128_CBC_SHA256
+
");
script_tag(name:"qod_type", value:"remote_app");
exit(0);
and if ok, can it be commit into the feed, please ?
Sebastien Aucouturier , Chief R&D Officer and Senior Technologist,
On Fri, Mar 25, 2016 at 12:56 PM, Eero Volotinen <[email protected]>
wrote:
> They contains only some strings with geman language? Use google translator?
>
> --
> Eero
>
> 2016-03-25 11:57 GMT+02:00 Sebastien Aucouturier <[email protected]>:
>
>> Please, Anyone to help translating policy/BSI-TR-03116-4 plugins ?
>>
>> BR.
>>
>>
>> On Tue, Mar 22, 2016 at 9:55 AM, Sebastien Aucouturier <[email protected]>
>> wrote:
>>
>>> The langage use in this plugins is not english, can we have it translate
>>> ?
>>>
>>>
>>>
>> _______________________________________________
>> Openvas-plugins mailing list
>> [email protected]
>> https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-plugins
>>
>
>
_______________________________________________
Openvas-plugins mailing list
[email protected]
https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-plugins
