On 11/04/14 13:56, ni...@openbsd.org wrote: > On 09/30/14 23:43, Peter Ezetta wrote: >> On Sep 30, 2014, at 9:40 AM, Nigel Taylor <njtay...@asterisk.demon.co.uk >> <mailto:njtay...@asterisk.demon.co.uk>> wrote: >> >>> On 09/30/14 15:47, Stuart Henderson wrote: >>>> OK to remove this from ports? It went closed-source in 2005 and I don't >>>> see much benefit in keeping a 9-year-old vulnerability scanner in ports. >>>> >>>> If anyone is upset by this, feel free to submit an OpenVAS port >>>> instead :) >>>> >>>> >>> OpenVAS is in OpenBSD-wip plus other supporting ports. >>> >>> If I have time available I might have another look at a more recent >>> version of OpenVAS. >>> >>> Last worked on end of 2012. Needed patching to get working. >> >> I am pretty new to porting, but I would be interested in working with >> someone to test and patch a new OpenVAS port. I don’t know how much use >> I would be, but if help is needed, I’m happy to jump in and give it a >> go. I would just need a bit of direction to get started, and probably >> an evening to re-read the porter’s handbook. >> >> Regards, >> * >> * >> *Peter H. Ezetta* | Network Engineer >> 18200 Cascade Ave. S. Seattle, WA 98188 >> 1.877.THE.EVIR | p 206.878.2459 | c 206.892.8494 | f 206.878.3082 >> >> ------------------------------------------------------------------------ >> >> Confidentiality Notice: This e-mail may contain proprietary information >> some of which may be legally privileged. It is for the intended >> recipient(s) only. If you believe that it has been sent to you in error, >> please notify the sender by reply e-mail and delete the message. Any >> disclosure, copying, distribution or use of this information by someone >> other than the intended recipient(s) is prohibited and may be unlawful. > > I started OpenVAS updates to v7, it's all been placed in openbsd-wip... > > The first port is www/libmicrohttpd, this library is used in providing a > web interface for OpenVAS. Built / Tested on amd64. Can be found here... > > https://github.com/jasperla/openbsd-wip/tree/master/www/libmicrohttpd > > > OpenVAS v7 can be found here... > https://github.com/jasperla/openbsd-wip/tree/master/security/openvas > > OpenVAS, just released newer versions, they are in openbsd-wip > > libraries 7.0.5 > Scanner 4.0.4 > Manager 5.0.5 > cli 1.3.1 > gsa 5.0.4 > > I had no chance to test yet, doubt I will see any improvements. > > > Being able to build OpenVAS is still a long way from being ready to > submit as a port. That why work stopped, OpenVAS uses gnutls, I see the > same error as here, > > https://wald.intevation.org/tracker/?func=detail&atid=220&aid=6572&group_id=29 > > The issue has been reported before a number of times. Towards the end of > 2012 was when OpenBSD ports went from gnutls 2.x to 3.x, gnutls 3.x > breaks OpenVAS on OpenBSD. It's not just OpenBSD that hits the problem. > > Can use scripts to download plugins is about all that works. > > > > > . >
Some improvments...., openvas-check-setup now runs as below still more work needed, openvasmd --rebuild worked fixing the NVT issue, getting past the gnutls issue. openbsd-wip contains the latest updates, some permission issues missing directories, before it runs. More testing is required. openvas-check-setup 2.2.6 (Modified for OpenBSD) Test completeness and readiness of OpenVAS-7 (add '--v4', '--v5', '--v6' or '--v8' if you want to check for another OpenVAS version) Please report us any non-detected problems and help us to improve this check routine: http://lists.wald.intevation.org/mailman/listinfo/openvas-discuss Send us the log-file (/tmp/openvas-check-setup.log) to help analyze the problem. Use the parameter --server to skip checks for client tools like GSD and OpenVAS-CLI. Step 1: Checking OpenVAS Scanner ... OK: OpenVAS Scanner is present in version 4.0.4. OK: OpenVAS Scanner CA Certificate is present as /var/openvas/CA/cacert.pem. OK: NVT collection in /var/openvas/plugins contains 36919 NVTs. OK: Signature checking of NVTs is enabled in OpenVAS Scanner. OK: The NVT cache in /var/cache/openvas contains 36919 files for 36919 NVTs. Step 2: Checking OpenVAS Manager ... OK: OpenVAS Manager is present in version 5.0.5. OK: OpenVAS Manager client certificate is present as /var/openvas/CA/clientcert.pem. OK: OpenVAS Manager database found in /var/openvas/mgr/tasks.db. OK: Access rights for the OpenVAS Manager database are correct. OK: sqlite3 found, extended checks of the OpenVAS Manager installation enabled. OK: OpenVAS Manager database is at revision 123. OK: OpenVAS Manager expects database at revision 123. OK: Database schema is up to date. OK: OpenVAS Manager database contains information about 36919 NVTs. OK: OpenVAS SCAP database found in /var/openvas/scap-data/scap.db. OK: OpenVAS CERT database found in /var/openvas/cert-data/cert.db. OK: xsltproc found. Step 3: Checking user configuration ... WARNING: Your password policy is empty. SUGGEST: Edit the /etc/openvas/pwpolicy.conf file to set a password policy. Step 4: Checking Greenbone Security Assistant (GSA) ... OK: Greenbone Security Assistant is present in version 5.0.4. Step 5: Checking OpenVAS CLI ... OK: OpenVAS CLI version 1.3.1. Step 6: Checking Greenbone Security Desktop (GSD) ... SKIP: Skipping check for Greenbone Security Desktop. Step 7: Checking if OpenVAS services are up and running ... OK: netstat found, extended checks of the OpenVAS services enabled. OK: OpenVAS Scanner is running and listening only on the local interface. OK: OpenVAS Scanner is listening on port 9391, which is the default port. OK: OpenVAS Manager is running and listening only on the local interface. OK: OpenVAS Manager is listening on port 9390, which is the default port. OK: Greenbone Security Assistant is running and listening only on the local interface. OK: Greenbone Security Assistant is listening on port 8443, which is the default port. Step 8: Checking nmap installation ... WARNING: Your version of nmap is not fully supported: 6.47 SUGGEST: You should install nmap 5.51. Step 9: Checking presence of optional tools ... OK: pdflatex found. OK: PDF generation successful. The PDF report format is likely to work. OK: ssh-keygen found, LSC credential generation for GNU/Linux targets is likely to work. WARNING: Could not find rpm binary, LSC credential package generation for RPM and DEB based targets will not work. SUGGEST: Install rpm. WARNING: Could not find makensis binary, LSC credential package generation for Microsoft Windows targets will not work. SUGGEST: Install nsis. It seems like your OpenVAS-7 installation is OK. If you think it is not OK, please report your observation and help us to improve this check routine: http://lists.wald.intevation.org/mailman/listinfo/openvas-discuss Please attach the log-file (/tmp/openvas-check-setup.log) to help us analyze the problem.
