forked from greenbone/openvas-scanner
-
Notifications
You must be signed in to change notification settings - Fork 0
/
CHANGES
3758 lines (2671 loc) · 138 KB
/
CHANGES
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598
599
600
601
602
603
604
605
606
607
608
609
610
611
612
613
614
615
616
617
618
619
620
621
622
623
624
625
626
627
628
629
630
631
632
633
634
635
636
637
638
639
640
641
642
643
644
645
646
647
648
649
650
651
652
653
654
655
656
657
658
659
660
661
662
663
664
665
666
667
668
669
670
671
672
673
674
675
676
677
678
679
680
681
682
683
684
685
686
687
688
689
690
691
692
693
694
695
696
697
698
699
700
701
702
703
704
705
706
707
708
709
710
711
712
713
714
715
716
717
718
719
720
721
722
723
724
725
726
727
728
729
730
731
732
733
734
735
736
737
738
739
740
741
742
743
744
745
746
747
748
749
750
751
752
753
754
755
756
757
758
759
760
761
762
763
764
765
766
767
768
769
770
771
772
773
774
775
776
777
778
779
780
781
782
783
784
785
786
787
788
789
790
791
792
793
794
795
796
797
798
799
800
801
802
803
804
805
806
807
808
809
810
811
812
813
814
815
816
817
818
819
820
821
822
823
824
825
826
827
828
829
830
831
832
833
834
835
836
837
838
839
840
841
842
843
844
845
846
847
848
849
850
851
852
853
854
855
856
857
858
859
860
861
862
863
864
865
866
867
868
869
870
871
872
873
874
875
876
877
878
879
880
881
882
883
884
885
886
887
888
889
890
891
892
893
894
895
896
897
898
899
900
901
902
903
904
905
906
907
908
909
910
911
912
913
914
915
916
917
918
919
920
921
922
923
924
925
926
927
928
929
930
931
932
933
934
935
936
937
938
939
940
941
942
943
944
945
946
947
948
949
950
951
952
953
954
955
956
957
958
959
960
961
962
963
964
965
966
967
968
969
970
971
972
973
974
975
976
977
978
979
980
981
982
983
984
985
986
987
988
989
990
991
992
993
994
995
996
997
998
999
1000
SUMMARY OF RELEASE CHANGES FOR OPENVAS-SCANNER
==============================================
For detailed code changes, please visit
https://github.com/greenbone/openvas-scanner/commits/master
or get the entire source code repository and view log history:
$ git clone https://github.com/greenbone/openvas-scanner.git
$ cd openvas-scanner && git log
openvas-scanner 6.0.0 (unreleased)
Main changes compared to openvas-scanner 6.0+beta2:
* Function to get the currently running script filename has been added.
* Debugging nasl mechanism has been improved, replacing preprocessor directives
with g_debug facility.
* An issue related to the log facility and greenbone-nvt-sync has been fixed.
* OpenVAS reload has been improved.
* Code related to redis queries was improved.
* An issue which caused nasl-lint to fail in case of unneeded nested functions
has been addressed.
* An issue which caused returning erroneous values by
get_plugin_preference() has been addressed.
* Issues reported by static code analysis have been addressed.
* Issues in building process have been addressed.
* Several code improvements and clean-ups have been done.
* Documentation has been improved.
openvas-scanner 6.0+beta2 (2018-12-04)
This is the second beta release of the openvas-scanner module 6.0 for the
Greenbone Vulnerability Management (GVM) framework.
The module covers a number of significant advances and clean-ups.
Many thanks to everyone who has contributed to this release:
Hani Benhabiles, Christian Fischer, Matt Mundell, Juan Jose Nicola,
Bjoern Ricks, Jan-Oliver Wagner and Michael Wiegand.
Main changes compared to openvas-scanner 6.0+beta1:
* A new command line option 'scan-start' with a scan ID has been added. This
add support for non-OTP clients.
* Handling of vhosts and multiple domain names has been improved.
* Setting 'kb_location' has been renamed to 'db_address'.
* Cleanup of plugin child processes has been improved.
* Routines for tcp and udp required ports checks have been improved.
* An issue caused by password quotation has been addressed.
* Script version has been removed.
* Script copyright has been removed.
* An issue which caused a hanging scan process has been addressed.
* An issue related to WMI_HANDLE which caused a segmentation fault has
been addressed.
* NASL get_host_names() API has been added.
* Several code style improvements have been done.
* Several performance improvements have been done.
* The plugin scheduler has been improved.
* Define MAXPATHLEN for specific downstream architectures.
* An issue which caused parameter pollution in certain NASL functions
has been addressed.
* NASL function resolve_host_name() has been added.
* Unused preference use_mac_addr has been removed.
* Issues in building process have been addressed.
* Defaults to expand_vhosts if no preference was given is set to `yes`.
* NASL function get_ssl_compression() has been removed.
* Compatibility mode in GnuTLS priority string has been enabled.
* GnuTLS RC4 + COMPAT in set_gnutls_protocol() have been enabled.
* Several issues reported by Coverity have been addressed.
* Documentation has been improved.
openvas-scanner 6.0+beta1 (2018-04-18)
This is the first beta release of the openvas-scanner module 6.0 for the
Greenbone Vulnerability Management (GVM) framework.
This version inherits all elements of the former openvas-libraries that were
used by OpenVAS Scanner only.
Apart from this, the module covers a number of significant advances
and clean-ups.
Many thanks to everyone who has contributed to this release:
Hani Benhabiles, Christian Fischer, Juan Jose Nicola, Bjoern Ricks,
Jan-Oliver Wagner and Michael Wiegand.
Main changes compared to 5.1:
* The required minimum version of new dependency GVM Libraries is 1.0.
* Many files which are only used for openvas-scaner have been moved to this
module from openvas-libraries. Therefore many include directives have been
adapted to the new source code. The dependency to module openvas-libraries
was removed.
* OTP has been changed regarding the NVT category: It is now sent as integer
instead of as a string.
* Plugin scheduler has been improved.
* NASL cryptography support has been updated.
* The use of winexe has been replaced with using wmiexec.py.
* Support for bigger numbers has been added to nasl_int function.
* The logging method has been completely re-arranged to follow the standard
logging methodology like all other GVM modules. Apart from unification,
essentially the scanner log now has timestamps.
* openvassd.dump does not exist anymore: The log information are now handled
via central logging with respective log domain.
* Log location has been moved to /var/log/gvm/.
* Support for using GLIB based logging has been added and logging messages
have been reviewed and improved.
* It is now possible to configure the logging via /etc/openvas/openvassd_log.conf
* openvas-nasl-lint has been improved.
* Handling of vhost has been improved.
* The scanner inter-process communication has been simplified.
* The use of struct arglist has been reduced, among others global struct for scans
has been changed to struct global_scan. Other uses of arglist we transformed
into redis-based data handling.
* Handling of non_simultaneous_ports_list has been improved.
* Handling of the plugin preferences and their communication to the client have
been improved.
* Host/dead and Host/ping_failed are checked before attempting to launch the
plugin.
* Greenbone NVT sync process has been improved: The scanner detects now on its own
when the feed was updated and automatically loads new and changed NVTs.
* Location of access key is now configurable.
* The NASL command script_id has been removed.
* The NASL command script_summary has been removed.
* Command line option --gnupg-home has been removed.
* openvas_popen has been replaced with GLib routine.
* Error handling has been improved.
* Documentation has been updated.
* Several memory management aspects have been improved.
* Various code cleanups and improvements, partly derived from static code analysis.
* The CMake building process was improved.
* Compilation issue with gcc 7 due to a switch fallthrough has been addressed.
* Minimum required version of glib has been raised to 2.42.
* Minimum required version of cmake has been raised to 3.0.
* Minimum required version of libssh has been raised to 0.6.0.
openvas-scanner 5.1.0 (2016-11-09)
This is the first release of the openvas-scanner 5.1 module for the Open
Vulnerability Assessment System 9 (OpenVAS-9). Compared to the previous
major release the scanner now serves via a unix file socket instead
of a tcp socket which simplifies the setup, handling and code-base.
Also, the feed synchronisations were consolidated into a single method.
And in general the scanner becomes lighter, faster and more robust.
Many thanks to everyone who has contributed to this release:
Benoît Allard, Hani Benhabiles, Henri Doreau, Sven Haardiek, Matthew Mundell,
Timo Pollmeier, Jan-Oliver Wagner and Michael Wiegand.
Main changes compared to the 5.0 series:
* Replaced OTP TLS certificate-authorized TCP socket service by
a unix file socket based service.
* Moved the TLS certificate management script to module openvas-manager.
* Merged the two feed sync scripts into a single one that can handle
both, the Community Feed and the Greenbone Security Feed.
* New command line options --unix-socket, --listen-mode,
--listen-group, --listen-owner and --gnupg-home.
* Removed command line options --listen, --port, --gnutls-priorities and
--dh-params.
* The nvt summary isn't send anymore as it is not used anymore.
* Send a "Host dead" host detail when the host is dead.
* Dropped scanner preferences cert_file, key_file and ca_file.
* Add scanner preferences timeout_retry and scanner_plugins_timeout.
* Reduced memory consumption and improved performance
* Numerous build and code improvements
* Increased dependency for glib from 2.16 to 2.32.
* Increased dependency for openvas-libraries from 8.0 to 9.0.0.
Main changes compared to 5.0beta3:
* Replaced OTP TLS certificate-authorized TCP socket service by
a unix file socket service.
* New command line options --unix-socket, --listen-mode,
--listen-group, --listen-owner and --gnupg-home.
* Removed command line options --listen, --port, --gnutls-priorities and
--dh-params.
* Extended greenbone-nvt-sync with some functionalities of openvas-nvt-sync to
cover both, GSF feed and Community Feed. openvas-nvt-sync removed.
* Moved the openvas-manage-certs script to module openvas-manager.
* Dropped scanner preferences cert_file, key_file and ca_file.
* Send a "Host dead" host detail when the host is dead.
* Improved the cmake buildsystem.
* Fixed some memory leaks.
* Some improvements to the logging functionality.
* The nvt summary isn't send anymore as it is not used anymore.
* Increased dependency for glib from 2.16 to 2.32.
* Various code improvements.
openvas-scanner 5.1+beta3 (2016-04-14)
This is the third beta release of the openvas-scanner 5.1 module for
the Open Vulnerability Assessment System (OpenVAS). It will be part of
the upcoming "OpenVAS-9".
This release addresses numerous minor bug fixes, code improvements and
build improvements.
Many thanks to everyone who has contributed to this release:
Hani Benhabiles, Sven Haardiek, Timo Pollmeier and Michael Wiegand.
Main changes compared to 5.0beta2:
* Add scanner preferences timeout_retry and scanner_plugins_timeout.
* Various minor bug fixes and code improvements as well as build
improvements.
openvas-scanner 5.1+beta2 (2015-10-21)
This is the second beta release of the openvas-scanner 5.1 module for
the Open Vulnerability Assessment System (OpenVAS). It will be part of
the upcoming "OpenVAS-9".
Main new feature of this release is the switch from openssl based
certificate management scripts to a GNUTLS (certtool) based one.
Many thanks to everyone who has contributed to this release:
Hani Benhabiles, Sven Haardiek, Jan-Oliver Wagner and Michael Wiegand.
Main changes compared to 5.0beta1:
* Install "openvas-mkcert-client" FHS compliant.
* Improve openvas-manage-certs script. The script is now able to set up
a certificate infrastructure for an OpenVAS installation, create
additional certificates, verify the installation and perform other
certificate related tasks while being highly configurable at run time
through environment variables or a configuration file.
* Retire openvas-mkcert and openvas-mkcert-client now that their
replacement openvas-manage-certs is ready for use. This also means
that openssl is not required anymore, instead gnutls (certtool) is now
also used for the certificate management scripts.
* Improved support for IPv6.
* Simplify project version setting. Use SVN version at build time in
binary instead of SVN version at configuration time. Make SVN revision
retrieval work with SVN >= 1.7.
* Apply -Wextra for builds.
openvas-scanner 5.1+beta1 (2015-07-17)
This is the first beta release of the openvas-scanner 5.1 module for the Open
Vulnerability Assessment System (OpenVAS). It will be part of the upcoming
"OpenVAS-9".
Main new features of 5.1 compared to 5.0 include reduced memory usage and
improved performance.
Many thanks to everyone who has contributed to this release:
Benoît Allard, Hani Benhabiles, Sven Haardiek, Jan-Oliver Wagner and Michael
Wiegand.
Main changes compared to 5.0.x:
* The required minimum version of OpenVAS Libraries has been raised to 8.1.0.
* Internal improvements to match changes in OpenVAS Libraries.
* Memory usage has been reduced by improved cache usage.
* A number of issues discovered through static code analysis have been
addressed.
* Documentation has been updated.
openvas-scanner 5.0.1 (2015-04-01)
This is the first maintenance release of the openvas-scanner 5.0 module for
the Open Vulnerability Assessment System release 8 (OpenVAS-8).
This release basically applies some minor improvements
about signal handling and stopping a scan.
Many thanks to everyone who contributed to this release:
Hani Benhabiles
Main changes compared to 5.0.0:
* Dropped the useless otp setting "ntp_keep_communication_alive".
Clients don't need to send this anymore.
* Improved signal handling of the scanner daemon.
* Fixes for stopping scans properly.
* Various code cleanups.
openvas-scanner 5.0.0 (2015-03-16)
This is the first release of the openvas-scanner 5.0 module for the Open
Vulnerability Assessment System release 8 (OpenVAS-8). Compared to the previous
major release it now uses a Redis based back end for the internal knowledge
base. It removes support for the scan pausing feature and considerably reduces
memory consumption and provides a number of other improvements.
Many thanks to everyone who contributed to this release:
Benoit Allard, Hani Benhabiles, Henri Doreau, Matthew Mundell, Jan-Oliver Wagner
and Michael Wiegand.
Main changes compared to the 4.0 series:
* OpenVAS Scanner now uses the Redis based knowledge base (KB) back end. This
makes it mandatory to run a Redis server for scanning.
* Support for the scan pausing feature has been removed.
* The commands STOP_ATTACK and OPENVASSD_VERSION have been removed from OTP.
* The scanner will no longer set the obsolete "src" element for the NVTi cache.
* The default key size for certificates produces by the "mkcert" tools has been
changed from 1024 to 4096 bits, the scripts now use SHA-256 instead of SHA-1
as the message digest algorithm.
* The scanner will no longer implicitly launch NVTs from the ACT_SETTINGS
category when scanning.
* When commanded to stop a scan the scanner will now switch to ACT_END instead
of immediately bailing out.
* Memory consumption has been considerably reduced.
* Internal memory management now uses the appropriate glib functions instead of
the custom implementation provided by openvas-libraries used previously.
* The OID of the affected NVT is now reported if an NVT terminates early.
* The scanner now logs a backtrace when a process segfaults.
* The communication of the host scanning status with the client has been
improved to allow for more accurate progress information.
* Library checks during package configuration have been improved and are now
more comprehensive and consistent.
* Handling of linker and compiler flags during package configuration has been
improved and simplified.
* Support for migration of unsigned files to the "private/" subdirectory has
been removed as it was obsolete since the retirement of OpenVAS-5.
* Signal handling has been improved.
* Comprehensive code cleanups.
Main changes compared to 5.0+beta6:
* An issue which caused openvassd process to fail to terminate when a scan was
requested to stop has been fixed.
* Support for migration of unsigned files to the "private/" subdirectory has
been removed as it was obsolete since the retirement of OpenVAS-5.
* Signal handling has been improved.
* Various code cleanups and improvements.
openvas-scanner 5.0+beta6 (2015-02-11)
This is the sixth beta release of the openvas-scanner 5.0 module for the Open
Vulnerability Assessment System (OpenVAS). It will be part of the upcoming
"OpenVAS-8".
This release contains a number of small improvements and cleanups.
Many thanks to everyone who has contributed to this release:
Hani Benhabiles and Michael Wiegand.
Main changes compared to 5.0+beta5:
* The communication of the host scanning status with the client has been
improved to allow for more accurate progress information.
* Library checks during package configuration have been improved and are now
more comprehensive and consistent.
* Handling of linker and compiler flags during package configuration has been
improved and simplified.
openvas-scanner 5.0+beta5 (2015-01-12)
This is the fifth beta release of the openvas-scanner 5.0 module for the Open
Vulnerability Assessment System (OpenVAS). It will be part of the upcoming
"OpenVAS-8".
This release contains a number of small improvements and cleanups.
Many thanks to everyone who has contributed to this release:
Hani Benhabiles, Jan-Oliver Wagner and Michael Wiegand.
Main changes compared to 5.0+beta4:
* The NVT file name is now used correctly when enabling dependencies.
* The preference "kb_location" has been added to the list of "scanner only"
preferences.
* The scanner will no longer set the obsolete "src" element for the NVTi cache.
* The greenbone-nvt-sync script is now generated by the build process.
* Version information has been updated and improved.
* Superfluous includes and redundant linking commands have been removed.
* Various code cleanups and improvements.
openvas-scanner 5.0+beta4 (2014-11-20)
This is the fourth beta release of the openvas-scanner 5.0 module for the Open
Vulnerability Assessment System (OpenVAS). It will be part of the upcoming
"OpenVAS-8".
This release considerably improves memory management.
Many thanks to everyone who has contributed to this release:
Hani Benhabiles, Henri Doreau and Jan-Oliver Wagner.
Main changes compared to 5.0+beta3:
* Upon stop signal, the scanner will switch to ACT_END instead
of immediately bailing out.
* Considerable reduction of memory consumption.
* Various code cleanups and improvements.
* Increase buffer size for preferences to allow for upto 69K NVTs.
* Log backtrace when a process segfaults.
* Refactored preferences module.
openvas-scanner 5.0+beta3 (2014-10-14)
This is the third beta release of the openvas-scanner 5.0 module for the Open
Vulnerability Assessment System (OpenVAS). It will be part of the upcoming
"OpenVAS-8".
This release further improves memory management and fixes memory leaks. It also
contains adjustments for changes in the NVTi cache API and produces more useful
information when an NVT terminates early.
Many thanks to everyone who has contributed to this release:
Hani Benhabiles and Jan-Oliver Wagner.
Main changes compared to 5.0+beta2:
* Memory management has been improved and memory leaks have been fixed.
* Adjustments for NVTi cache API changes.
* If an NVT terminates early, the OID of the affected NVT is reported.
* Adjustments for further changes in OpenVAS Libraries.
openvas-scanner 5.0+beta2 (2014-09-22)
This is the second beta release of the openvas-scanner 5.0 module for the Open
Vulnerability Assessment System (OpenVAS). It will be part of the upcoming
"OpenVAS-8".
This release contains further comprehensive code-cleanups, especially regarding
internal calls for memory management. It also removes an exception for NVTs from
the ACT_SETTINGS category regarding implicit launches during a scan and makes
the location of the redis socket configurable.
Many thanks to everyone who has contributed to this release:
Hani Benhabiles, Henri Doreau, Jan-Oliver Wagner and Michael Wiegand.
Main changes compared to 5.0+beta1:
* The scanner will no longer implicitly launch NVTs from the ACT_SETTINGS
category when scanning.
* Internal memory management now uses the appropriate glib functions instead of
the custom implementation provided by openvas-libraries used previously.
* The location of the redis socket is now configurable.
* Further comprehensive code-cleanups.
openvas-scanner 5.0+beta1 (2014-08-21)
This is the first beta release of the openvas-scanner 5.0 module for the Open
Vulnerability Assessment System (OpenVAS). It will be part of the upcoming
"OpenVAS-8".
Main new feature of 5.0 compared to 4.0 is the switch to redis-based
Knowledge Base (KB), making it mandatory to run a redis-server.
Many thanks to everyone who has contributed to this release:
Hani Benhabiles, Henri Doreau, Matthew Mundell, Jan-Oliver Wagner and
Michael Wiegand.
Main changes compared to 4.0.x:
* Switch to the redis-based kowledge base (KB) backend.
This makes it mandatory to run a redis server for scanning.
* Default key size for certificates of "mkcert" tools changed
from 1024 to 4069 bits and use SHA-256 instead of SHA-1.
* Removed scan pausing feature.
* Removed commands STOP_ATTACK and OPENVASSD_VERSION from OTP.
* openvas-manage-certs.sh as initial version to eventually replace
openvas-mkcert and openvas-mkcert-client.
* Various minor improvements.
* Comprehensive code-cleanups.
openvas-scanner 4.0.1 (2014-04-23)
This is the first maintenance release of the openvas-scanner 4.0 module for
the Open Vulnerability Assessment System release 7 (OpenVAS-7).
This release removes the last beta identifier from the OTP protocol, as well
as fixes some minor issues.
Many thanks to everyone who contributed to this release:
Hani Benhabiles, Jan-Oliver Wagner
Main changes compared to 4.0.0:
* Remove "beta" from OTP identifier.
* Remove superflous linking.
openvas-scanner 4.0.0 (2014-04-10)
This is the first release of the openvas-scanner 4.0 module for the Open
Vulnerability Assessment System release 7 (OpenVAS-7). Compared
to the previous major release it has a reduced OTP protocol, does
not manage users anymore and has a improved daemon handling.
Further changes are a entirely new target host module that allows advanced
specification of target ranges and new is the interface selection for scans.
Many thanks to everyone who has contributed to the 4.0.0 release:
Benoît Allard, Hani Benhabiles, Henri Doreau, Michael Meyer, Matthew Mundell,
Timo Pollmeier, Jan-Oliver Wagner and Michael Wiegand.
Main changes compared to 3.4.x:
* Speedup cache building process.
* Add --gnutls-priorities option.
* An ETA for the plugins reload is now included in the proctitle.
* The scanner now loads the NVTs in the background after starting instead of
waiting for the NVTs to load before backgrounding.
Attention: This changes the default behaviour of invoking the scanner.
* Drop command line option "-q". Instead scanner is now quiet by default.
Attention: This changes the default behaviour of invoking the scanner.
* New command line option "--progress" will show progress of start-up.
* New handling of SIGHUP: The NVT cache will be updated and configuration
be reloaded. This is only done for the main process, not for child processes.
* OTP version 2.0 replaces OTP 1.0 and 1.1.
* OTP command "PLUGINS_DEPENDENCIES" has been removed.
* OTP command "CERTIFICATES" has been removed.
* The handling of MD5 checksums and the SEND_PLUGINS_MD5 command has been
removed from OTP.
* The OTP command PLUGINS_MD5 has been renamed to NVT_INFO.
* Support for sending the feed version via OTP has been added.
* Report current and total number of loading plugins to clients when scanner is still loading.
* Don't early drops out of OTP upon non-critical problems.
* Removed server_info preferences from OTP as they have not much use for
the client.
* OpenVAS Scanner no longer sends NVT descriptions separately since the
corresponding information is now contained in the script_tags.
* Remove slice_network_addresses and ntp_opt_show_end scanner preferences.
* Add hosts_ordering, exclude_hosts, reverse_lookup_only, reverse_lookup_unify
scanner preferences.
* The port range option "default" has been removed.
* The scanner preference "silent_dependencies" has been removed.
* Improved port range validation.
* Prevent NVT circular depedencies in recursion.
* Removed support for OVAL plugins. It was never used as part of the feed
and it makes more sense to issue a specialised oval scanner.
* The host permissions concept has been reworked, resulting in the removal of
the outdated rules system.
* Handling of interface permissions has been introduced.
* Usage of post_alarm instead of post_error and post_note.
* Integrate openvas_hosts interface. Remove usage of HG submodule.
* Support for Knowledge Base saving outside of network scans has been removed.
* User handling has been removed as it is now handled by OpenVAS Manager.
* Support for determining if a NVT feed is current and only synchronizing it
when it is not has been added.
* The required minimum GnuTLS version has increased to 2.8.
* The required minimum OpenVAS Libraries version has increased to 7.0.0.
* The I18n support for outdated scripts has been removed.
* A number of outdated and unmaintained documentation files have been removed.
* Addressed code quality issues.
* Code cleanups.
openvas-scanner 4.0+beta9 (2014-03-26)
This is the ninth beta release of the openvas-scanner 4.0 module for the Open
Vulnerability Assessment System (OpenVAS). It will be part of the upcoming
"OpenVAS-7".
This release speedup the cache building process as well as adds a
--gnutls-priorities option to specify the cipher priority.
Many thanks to everyone who contributed to this release:
Hani Benhabiles, Jan-Oliver Wagner
Main changes since 4.0+beta8:
* Speedup cache building process.
* Add --gnutls-priorities option.
* Report current and total number of loading plugins to clients when scanner is still loading.
openvas-scanner 4.0+beta8 (2014-03-18)
This is the eighth beta release of the openvas-scanner 4.0 module for the Open
Vulnerability Assessment System (OpenVAS). It will be part of the upcoming
"OpenVAS-7".
Starting with this release, OpenVAS Scanner will support only the OTP 2.0
protocol. The OTP 1.0 and 1.1 protocols have been consolidated into OTP 2.0,
thus allowing now unnecessary complexities to be removed from the code. This
release also removes the obsolete OTP command "PLUGINS_DEPENDENCIES" and
improves the loading process.
Many thanks to everyone who has contributed to this release:
Hani Benhabiles, Jan-Oliver Wagner and Michael Wiegand.
Main changes compared to 4.0+beta7:
* OpenVAS Scanner will only support OTP version 2.0 from now on.
* The OTP command "PLUGINS_DEPENDENCIES" has been removed.
* The loading process has been improved.
* A number of outdated and unmaintained documentation files have been removed.
openvas-scanner 4.0+beta7 (2014-03-12)
This is the seventh beta release of the openvas-scanner 4.0 module for the Open
Vulnerability Assessment System (OpenVAS). It will be part of the upcoming
"OpenVAS-7".
This release removes the OTP command "CERTIFICATES". The command was used by the
old GTK client to retrieve the signing keys for NVT feed content. The core idea
at that time was to have feed content with mixed author signing keys. This
turned out to not get into practice. The release also adds an estimate of the
time remaining for the NVT reload to the process title and addresses a number of
code quality issue.
Many thanks to everyone who has contributed to this release:
Benoît Allard, Hani Benhabiles, Jan-Oliver Wagner and Michael Wiegand.
Main changes compared to 4.0+beta6:
* The OTP command "CERTIFICATES" has been removed.
* An ETA for the plugins reload is now included in the proctitle.
* Addressed code quality issues.
openvas-scanner 4.0+beta6 (2014-03-05)
This is the sixth beta release of the openvas-scanner 4.0 module for the Open
Vulnerability Assessment System (OpenVAS). It will be part of the upcoming
"OpenVAS-7".
This release addresses code quality issues and changes the launch behaviour of
OpenVAS Scanner to backgrounding before the initial loading of the NVTs instead
of wait for the NVTs to load before going into the background.
Many thanks to everyone who has contributed to this release:
Hani Benhabiles, Henri Doreau and Michael Wiegand.
Main changes compared to 4.0+beta5:
* Addressed code quality issues.
* The scanner now loads the NVTs in the background after starting instead of
waiting for the NVTs to load before backgrounding.
Attention: This changes the default behaviour of invoking the scanner.
openvas-scanner 4.0+beta5 (2014-02-16)
This is the fifth beta release of the openvas-scanner 4.0 module for the Open
Vulnerability Assessment System (OpenVAS). It will be part of the upcoming
"OpenVAS-7".
Main changes since last beta release address some fixes and code cleanups.
Many thanks to everyone who has contributed to this release:
Hani Benhabiles, Henri Doreau, Michael Meyer, Matthew Mundell,
Michael Wiegand and Jan-Oliver Wagner.
Main changes compared to 4.0+beta4:
* Don't early drops out of OTP upon non-critical problems.
* Improved port range validation.
* Prevent NVT circular depedencies in recursion.
* Code cleanups.
openvas-scanner 4.0+beta4 (2014-01-10)
This is the fourth beta release of the openvas-scanner 4.0 module for the Open
Vulnerability Assessment System (OpenVAS). It will be part of the upcoming
"OpenVAS-7".
Main changes since last beta release include:
New handling of SIGHUP and replacement of "-q" by "--progress",
which changes the default behaviour.
Many thanks to everyone who has contributed to this release:
Hani Benhabiles, Henri Doreau, Matthew Mundell and Jan-Oliver Wagner.
Main changes compared to 4.0+beta3:
* Drop command line option "-q". Instead scanner is now quiet by default.
Attention: This changes the default behaviour of invoking the scanner.
* New command line option "--progress" will show progress of start-up.
* New handling of SIGHUP: The NVT cache will be updated and configuration
be reloaded. This is only done for the main process, not for child processes.
* Removed server_info preferences from OTP as they have not much use for
the client.
* Removed support for OVAL plugins. It was never used as part of the feed
and it makes more sense to issue a specialised oval scanner.
* Code cleanups.
openvas-scanner 4.0+beta3 (2013-11-21)
This is the third beta release of the openvas-scanner 4.0 module for the Open
Vulnerability Assessment System (OpenVAS). It will be part of the upcoming
"OpenVAS-7".
Main changes since last beta release include:
A reworked host permissions concept, resulting in the removal of the outdated
rules system; improve handling of interface permissions and host related
preferences as well as a change in sending NVT descriptions.
Many thanks to everyone who has contributed to this release:
Hani Benhabiles, Jan-Oliver Wagner and Michael Wiegand.
Main changes compared to 4.0+beta2:
* The host permissions concept has been reworked, resulting in the removal of
the outdated rules system.
* Handling of host related preferences has been improved.
* Handling of interface permissions has been reworked.
* OpenVAS Scanner no longer sends NVT descriptions separately since the
corresponding information is now contained in the script_tags.
* Code cleanups.
openvas-scanner 4.0+beta2 (2013-09-26)
This is the second beta release of the openvas-scanner 4.0 module for the Open
Vulnerability Assessment System (OpenVAS). It will be part of the upcoming
"OpenVAS-7".
Main changes since last beta release include:
Integration of openvas_hosts interface, replacing the usage of HG submodule.
Support of new scanning preferences and removal of other ones and various code
cleanups and improvements.
Many thanks to everyone who has contributed to this release:
Hani Benhabiles, Jan-Oliver Wagner, Matthew Mundell and Michael Wiegand.
Main changes compared to 4.0+beta1:
* Usage of post_alarm instead of post_error and post_note.
* Big number of code cleanups.
* Integrate openvas_hosts interface. Remove usage of HG submodule.
* Remove slice_network_addresses and ntp_opt_show_end scanner preferences.
* Add hosts_ordering, exclude_hosts, reverse_lookup_only, reverse_lookup_unify
scanner preferences.
openvas-scanner 4.0+beta1 (2013-06-21)
This is the first beta release of the openvas-scanner 4.0 module for the Open
Vulnerability Assessment System (OpenVAS). It will be part of the upcoming
"OpenVAS-7".
Main new features and other changes of 4.0 compared to 3.4 include:
Functionality such as user and rules management has been moved to OpenVAS
Manger and removed from OpenVAS Scanner. As a result, other now superfluous
functionality has been removed as well, along with a number of legacy features
conflicting with the updated behavior of OpenVAS Scanner. The OTP version
number has been increased to reflect the resulting protocol changes.
Please note: The changes described above mean that OpenVAS Scanner >= 4.0 will
no longer work with the old Gtk based OpenVAS-Client application. Please use
OpenVAS Manager and an OMP based client instead.
Many thanks to everyone who has contributed to this release:
Hani Benhabiles, Matthew Mundell, Timo Pollmeier, Jan-Oliver Wagner and Michael
Wiegand.
Main changes compared to 3.4.x:
* The handling of MD5 checksums and the SEND_PLUGINS_MD5 command has been
removed from OTP.
* The OTP command PLUGINS_MD5 has been renamed to NVT_INFO.
* Protocol version has been changed to OTP 2.x.
* The port range option "default" has been removed.
* Support for Knowledge Base saving outside of network scans has been removed.
* Support for sending the feed version via OTP has been added.
* The required minimum GnuTLS version has increased to 2.8.
* The required minimum OpenVAS Libraries version has increased to 7.0.0.
* The I18n support for outdated scripts has been removed.
* User handling has been removed as it is now handled by OpenVAS Manager.
* The scanner preference "silent_dependencies" has been removed.
* Support for determining if a NVT feed is current and only synchronizing it
when it is not has been added.
openvas-scanner 3.4+beta2 (2013-02-20)
This is the second beta release of the openvas-scanner 3.4 module for the Open
Vulnerability Assessment System (OpenVAS). It will be part of the upcoming
"OpenVAS-6".
Main changes since last beta release are the behaviour change of the Feed
Synchronization routine and the more flexible handling of script tags.
Many thanks to everyone who has contributed to this release:
Hani Benhabiles, Werner Koch, Matthew Mundell, Timo Pollmeier,
Jan-Oliver Wagner, Michael Wiegand.
Main changes compared to 3.4+beta1:
* Changed behaviour of NVT sync script "openvas-nvt-sync":
It will now delete scripts not part of the when using rsync,
except for the directory "private/".
A Migration option "--migrate-to-private" of the sync-script will
move private scripts into the "private/" directory.
The Feed Sync will stop with an error until the "private/" is created.
As soon as this directory is created, the synchronisation will ultimately
delete all files in the local feed directory that are not part of the
regular Feed.
* Newline in script tags are now escaped.
* The size of tags is not limited anymore.
* Internal use of NVTI references by OID to allow using the NVTI
cache properly. This significantly lowers the memory consumption
per Scanner process.
* Improve bug tracking by directing diagnostics to the log file.
* Memleak fixes and other small bugfixes.
* Various code and build cleanups.
openvas-scanner 3.4+beta1 (2012-10-26)
This is the first beta release of the openvas-scanner 3.4 module for the Open
Vulnerability Assessment System (OpenVAS). It will be part of the upcoming
"OpenVAS-6".
Main new feature and other changes of 3.4 compared to 3.3 include:
A collection internal and other small improvements, introducing
OTP 1.1 as optional protocol.
Many thanks to everyone who has contributed to this release:
Michael Meyer, Matthew Mundell, Thomas Reinke, Jan-Oliver Wagner
and Michael Wiegand.
Main changes compared to 3.3.x:
* Minimum requirements for openvas-libraries: Increased from 5.0 to 6.0.
* Removed built-in logfile rotation. It is not a good idea to try
to circumvent system environment technology for logrotate.
* New optional OTP version 1.1 which is like 1.0 but sends less info
to the client initially.
* New: command line switch "--only-cache" to just build the cache and exit.
* Changed: The magic that NVTs of category ACT_SETTINGS were always enabled
even when user disabled them has been removed. OTP clients now have
to take care to enable as needed.
* Internal code cleanups for NVTI cache handling.
* Fixed a bug when NVT lacks family specification.
* Removed deprecated code.
* Closed a number of memory leaks.
openvas-scanner 3.3.1 (2012-04-24)
This is the first maintenance release of the openvas-scanner 3.3 module for the Open
Vulnerability Assessment System release 5 (OpenVAS-5).
This release contains fixes for the CMake build infrastructure and an updated
greenbone-nvt-sync script. It also raises the glib and gnutls dependencies to
the minimum of what OpenVAS Libraries requires (currently glib 2.16 and gnutls
2.2).
Many thanks to everyone who has contributed to the 3.3.1 release:
Lukas Grunwald, Jan-Oliver Wagner and Michael Wiegand.
Main changes compared to 3.3.0:
* The CMake infrastructure has been cleaned up to ensure that compilation with
modern gccs works.
* The greenbone-nvt-sync script has been updated.
* OpenVAS Scanner now requires at least glib 2.16 and gnutls 2.2, matching the
requirements of OpenVAS Libraries.
openvas-scanner 3.3.0 (2012-03-25)
This is the first release of the openvas-scanner 3.3 module for the Open
Vulnerability Assessment System release 5 (OpenVAS-5). Compared
to the previous major release it covers a set of various improvements.
Many thanks to everyone who has contributed to the 3.3.0 release:
Henri Doreau, Stephan Kleine, Matthew Mundell, Jan-Oliver Wagner and Michael
Wiegand.
Main changes compared to 3.2.x:
* New: scanner preference "reverse_lookup", defaulting to "no" (the previous
behaviour)
* Changed: For network wide scanning, mandatory keys are ignored.
* Changed: Don't start the second scan phase when network scan is enabled and
user requests "stop" during the first phase.
* New: Send an ERRMSG to the client when terminating a process.
* Changed: Do not force execution of ACT_INIT category.
* Fixed: A number of potential resource leaks.
* Fixed: A number of compiler warnings when compiling with gcc 4.6.
* Fixed: Usage of the mktemp template in openvas-nvt-sync.
* Removed: Support for shared sockets.
* New: The scanner options "network_scan" and "report_host_details" have been
added to the default scanner options.
* The greenbone-nvt-sync script has been updated.
* OpenVAS Scanner now uses UTC internally.
* The optional use of the external tool "ovaldi" has been made more secure.
* NVT management code has been updated to reflect the updated openvas-libraries
API.
* Further improvements to the build system.
openvas-scanner 3.3+rc1 (2012-03-11)
This is the first release candidate of the openvas-scanner 3.3 module for the Open
Vulnerability Assessment System (OpenVAS). It will be part of the upcoming
"OpenVAS-5".
This release fixes some minor issues detecting during beta testing.
Many thanks to everyone who has contributed to this release:
Henri Dorea, Matthew Mundell and Michael Wiegand.
Main changes compared to 3.3+beta2:
* New scanner preference "reverse_lookup", defaulting to "no" (the previous
behaviour)
* For network wide scanning, mandatory keys are ignored.
* Don't start the second scan phase when network scan is enabled and
user requests "stop" during the first phase.
* Send an ERRMSG to the client when terminating a process.
* Furter improvements to the build system.
openvas-scanner 3.3+beta2 (2011-10-10)
This is the second beta release of the openvas-scanner 3.3 module for the Open
Vulnerability Assessment System (OpenVAS). It will be part of the upcoming
"OpenVAS 5".
This release tightens security when using the external tool "ovaldi", enforces
the internal use of the UTC timezone and features an updated greenbone-nvt-sync
script.
NOTE: Due to the changes in 5.0+beta2, it is strongly recommended to delete the
contents of the OpenVAS Scanner cache directory to remove obsolete files and to
force the Scanner to rebuild the cache.
ATTENTION: The OpenVAS Scanner now enforces the internal use of the UTC
timezone. If the Scanner has been in use with an OpenVAS Manager, it is strongly
recommended to update to OpenVAS Manager >= 5.0+beta5 and to migrate the Manager
database before using this Scanner version to ensure data consistency.
Many thanks to everyone who has contributed to this release:
Matthew Mundell, Jan-Oliver Wagner and Michael Wiegand.
Main changes compared to 3.3+beta1:
* NVT management code has been updated to reflect the updated openvas-libraries
API.
* The optional use of the external tool "ovaldi" has been made more secure.
* OpenVAS Scanner now uses UTC internally.
* The greenbone-nvt-sync script has been updated.
openvas-scanner 3.3+beta1 (2011-06-21)
This is the first beta release of the openvas-scanner 3.3 module for the Open
Vulnerability Assessment System (OpenVAS). It will be part of the upcoming
"OpenVAS 5".
It contains the result of a continuous code audit and fixes a number of
potential resource leaks and compiler warnings. It also removes the forced
execution of NVTs in the ACT_INIT category and removes support for shared
sockets in accordance with the OpenVAS Change Request #53.
Many thanks to everyone who has contributed to this release:
Henri Doreau, Stephan Kleine, Matthew Mundell, Jan-Oliver Wagner and Michael
Wiegand.
Main changes compared to 3.2.3:
* Changed: Do not force execution of ACT_INIT category.
* Fixed: A number of potential resource leaks.
* Fixed: A number of compiler warnings when compiling with gcc 4.6.
* Fixed: Usage of the mktemp template in openvas-nvt-sync.
* Removed: Support for shared sockets.
* New: The scanner options "network_scan" and "report_host_details" have been
added to the default scanner options.
openvas-scanner 3.2.3 (2011-04-11)
This is the third maintenance release of the openvas-scanner 3.2 module for the
Open Vulnerability Assessment System release 4 (OpenVAS-4).
This release features a number of minor improvements to the build process and to
the synchronization scripts. It also close three potential resource leaks
discovered by Henri Doreau.
Many thanks to everyone who has contributed to this release:
Henri Doreau and Michael Wiegand.
Main changes compared to 3.2.2:
* Fixed: Three potential resource leaks.
* Fixed: Generation of code documentation.
* Updated: Feed synchronization scripts.
* Changed: The openvas-nvt-sync script will now perform the initial feed
synchronization via HTTP instead of rsync.
* Changed: The openvas-nvt-sync script will now default to synchronize into the
NVT directory used by the OpenVAS Scanner instead of the one defined at
compile time.
openvas-scanner 3.2.2 (2011-02-21)
This is the second maintenance release of the openvas-scanner 3.2 module for the
Open Vulnerability Assessment System release 4 (OpenVAS-4).
It features improvements to the synchronization scripts and a minor code
cleanup. All synchronization scripts are now free of bashisms, meaning they no
longer depend on the GNU Bourne-Again shell to run and should be compatible with
most shells.
Many thanks to everyone who has contributed to this release:
Michael Wiegand.
Main changes compared to 3.2.1:
* The last bashism has been removed from the openvas-nvt-sync synchronization
script.
* The greenbone-nvt-sync script now logs additional information during
synchronization.
* An unimplemented and superfluous function declaration has been removed.
openvas-scanner 3.2.1 (2011-02-16)
This is the first maintenance release of the openvas-scanner 3.2 module for the
Open Vulnerability Assessment System release 4 (OpenVAS-4).
It features minor improvements to documentation, build environment and
synchronization scripts and sets a default value for the "Consider unscanned
ports closed" preference; this means that the scanner will now mark unscanned
ports as closed by default unless instructed otherwise by a client.
Many thanks to everyone who has contributed to this release:
Michael Wiegand.