forked from greenbone/gvmd
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathCHANGES
2511 lines (1982 loc) · 107 KB
/
CHANGES
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598
599
600
601
602
603
604
605
606
607
608
609
610
611
612
613
614
615
616
617
618
619
620
621
622
623
624
625
626
627
628
629
630
631
632
633
634
635
636
637
638
639
640
641
642
643
644
645
646
647
648
649
650
651
652
653
654
655
656
657
658
659
660
661
662
663
664
665
666
667
668
669
670
671
672
673
674
675
676
677
678
679
680
681
682
683
684
685
686
687
688
689
690
691
692
693
694
695
696
697
698
699
700
701
702
703
704
705
706
707
708
709
710
711
712
713
714
715
716
717
718
719
720
721
722
723
724
725
726
727
728
729
730
731
732
733
734
735
736
737
738
739
740
741
742
743
744
745
746
747
748
749
750
751
752
753
754
755
756
757
758
759
760
761
762
763
764
765
766
767
768
769
770
771
772
773
774
775
776
777
778
779
780
781
782
783
784
785
786
787
788
789
790
791
792
793
794
795
796
797
798
799
800
801
802
803
804
805
806
807
808
809
810
811
812
813
814
815
816
817
818
819
820
821
822
823
824
825
826
827
828
829
830
831
832
833
834
835
836
837
838
839
840
841
842
843
844
845
846
847
848
849
850
851
852
853
854
855
856
857
858
859
860
861
862
863
864
865
866
867
868
869
870
871
872
873
874
875
876
877
878
879
880
881
882
883
884
885
886
887
888
889
890
891
892
893
894
895
896
897
898
899
900
901
902
903
904
905
906
907
908
909
910
911
912
913
914
915
916
917
918
919
920
921
922
923
924
925
926
927
928
929
930
931
932
933
934
935
936
937
938
939
940
941
942
943
944
945
946
947
948
949
950
951
952
953
954
955
956
957
958
959
960
961
962
963
964
965
966
967
968
969
970
971
972
973
974
975
976
977
978
979
980
981
982
983
984
985
986
987
988
989
990
991
992
993
994
995
996
997
998
999
1000
SUMMARY OF RELEASE CHANGES FOR GREENBONE VULNERABILITY MANAGER
==============================================================
For detailed code changes, please visit
/~https://github.com/greenbone/gvmd/commits/master
or get the entire source code repository and view log history:
$ git clone /~https://github.com/greenbone/gvmd.git
$ cd gvmd && git log
gvmd 8.0+beta3 (work in progress)
Main changes compared to gvm 8.0+beta2:
* The new alert method "Alemba vFire" has been added.
* GMP CREATE_ASSET, its GMP doc and usage by GSA are now more consistent.
gvmd 8.0+beta2 (2018-12-05)
This is the second beta release of the gvmd module 8.0 for the Greenbone
Vulnerability Management (GVM) framework.
It was renamed from gvm to gvmd (Greenbone Vulnerability Manager daemon).
Apart from the new name, the module covers a number of significant advances
and clean-ups compared to the previous version.
Many thanks to everyone who has contributed to this release:
Hani Benhabiles, Christian Fischer, Matthew Mundell, Timo Pollmeier,
Bjoern Ricks, Jan-Oliver Wagner and Michael Wiegand.
Main changes compared to gvm 8.0+beta1:
* Classic report format HTML has been removed from predefined report formats.
* External tool openvasmr has been renamed to gvmcg.
* Size of result description and diff text in GMP has been limited.
* Support for creating filters for vulnerabilities has been added.
* .deb and .rpm LSC package generation has been improved.
* SNMP and ESXi Authorization in the scan config have been hidden.
* Support for using configurable GPG and S/MIME encryption keys for Email Alerts
has been added.
* Script copyright and script version have been removed.
* Vhosts handling has been improved.
* User tags can now refer to multiple resources for easier bulk tagging.
* Elements host_start and host_end have been removed
from the report element of response from get_reports.
* The task status "Internal Error" has been replaced by "Interrupted", which
can also occur in case of errors that previously set tasks to "Stopped".
* "OpenVAS Classic" has been removed from the list of predefined severity
classification schemes.
* A results trashcan table has been added for performance reasons.
* The prognostic type has been removed from GET_REPORTS and from the
report element.
* An issue related to credential creation and modification has been addressed.
* Several improvements and fixes related to reports have been done.
* Documentation has been updated.
* Several memory management aspects have been improved.
* Various code cleanups and improvements.
gvm 8.0+beta1 (2018-04-30)
This is the first beta release of the gvm module 8.0 for the Greenbone
Vulnerability Management (GVM) framework.
It was renamed from openvas-manager to gvm (greenbone vulnerability manager).
Apart from the new name, the module covers a number of significant advances
and clean-ups compared to the previous version 7.0.
Many thanks to everyone who has contributed to this release:
Hani Benhabiles, Antony Falegkos, Christian Fischer, Matthew Mundell, Juan
Nicola, Timo Pollmeier, Jan-Oliver Wagner and Michael Wiegand.
Main changes compared to the 7.0 series:
* The central service component "OpenVAS-Manager" has been renamed to
"Greenbone Vulnerability Manager". Subsequently, the central binary has been
renamed from "openvasmd" to "gvmd". Also any other occurence of "OpenVAS
Manager" or related terms has been renamed accordingly, including the API from
"OMP" to "GMP".
* The new GMP command GET_VULNS allows for a view on found vulnerabilities with
quantities on results and hosts, across all reports.
* The required minimum version of new dependency GVM Libraries is 1.0 and
the dependency to the openvas-libraries module has been removed. Therefore
many include directives have been adapted to the new source code.
* The gmvd proctitle is set for each process to indicate what the process
is doing.
* The elements host_start and host_end has been removed from report element,
which eliminate redundant information since there are already available in the
host element.
* iCal standard (RFC2445) support has been introduced for "schedule" objects.
* The gvm daemon automatically detects new SCAP and CERT data as well as when new
NVTs are available from the OpenVAS Scanner and will load/update the database
accordingly. Therefore the --rebuild, --update and --progress options have
been removed.
* Transition from global objects to ownerless-predefined objects: The possibility
to configure users, groups or roles to have arbitrary
permissions over pre-defined objects has been added.
For example, a role could be configured with only one specific Scan Config,
Scanner or Port List to use. The default permissions, however, do not change.
* The update of SCAP and CERT data has been changed from external scripts
into internal routines of gvmd. This makes the process faster
and consumes less resources.
* Documentation has been updated.
* Several memory management aspects have been improved.
* Various code cleanups and improvements.
* The CMake building process was improved.
* The minimum required version of GLib has been raised to 2.42.
* The minimum required version of CMake has been raised to 3.0.
openvas-manager 7.0.0 (2016-11-09)
This is the first release of the openvas-manager 7.0 module for the Open
Vulnerability Assessment System release 9 (OpenVAS-9). The OpenVAS Manager is
the central management service between the actual security scanners and the
user clients.
OpenVAS Manager 7.0 introduces an explicit asset management and the built-in
CVE scanner. It also replaces the 'Slaves' type by the new Scanner type
'OMP Slave'. Please see the comprehensive list below for more details.
Please make sure to read the INSTALL file for important installation and
migration information, even and especially if you have used OpenVAS Manager
before.
Many thanks to everyone who has contributed to this release:
Benoît Allard, Hani Benhabiles, Sven Haardiek, Matthew Mundell, Timo Pollmeier,
Jan-Oliver Wagner and Michael Wiegand.
Main changes compared to the 6.0 series:
* Added asset management for hosts and operating systems.
* Added internal CVE Scanner.
* Added SecInfo alerts.
* The type 'Slaves' was replaced by the 'Scanner' type 'OMP Slave'.
* The OMP protocol version is now OMP 7.0.
* Added support for communicating via Unix domain sockets with OTP scanners
and with clients.
* GET_REPORTS now uses regular powerfilter.
* Authentication configuration (for example LDAP) is now handled within
the database and not in a separate file ('auth.conf') anymore.
* Several new OMP commands and some changes/renaming to existing commands.
Please refer to the OMP documentation for details about new and changed
commands.
* Consolidation of credentials into the the type Credentials.
* New Alerts 'SCP' and TCP upload.
* Improved OSP support, permissions management, QoD handling, built-in
report formats, alerts.
* Merging openvas-scapdata-sync into greenbone-scapdata-sync.
* Merging openvas-certdata-sync into greenbone-certdata-sync.
* Minimum required version GnuTLS raised to 3.2.15.
* Minimum required version GLib raised to 2.32.
* Minimum required version CMake raised to 2.8.
Main changes since 6.1+beta3:
* The concept of slaves has been replaced by OMP slaves.
* The OMP protocol version is now OMP 7.
* Support for grouping data by two columns has been added.
* Support for the new 'SNMP' alert method has been added.
* A new "Max Rows Per Page" setting has been introduced which defaults to 1000,
please see the INSTALL file for details.
* The handling of Internal Errors has been made more consistent.
* A support scripts for gathering statistics on the SQLite3 back-end has been
added.
* Credentials are now consistently handled as credential objects.
* Support for sorting by multiple fields in OMP command GET_AGGREGATES has been
added.
* The process title of processes handling scans will now contain the report
UUID.
* Resuming of scheduled slave scans has been improved.
* Internal use of logging has been made more consistent.
* Support for migrating data from an SQLite3 database to a PostgreSQL database
has been improved.
* Handling of slave scans has been improved.
* The handling of report format plugins has been improved.
* The LDAP CA certificate is now stored in the internal database instead as a
separate file on disk.
* The predefined target 'Localhost' has been removed.
* Users are now allowed to access feed descriptions.
* Support for including the result of one report format in the result of another
report format has been added.
* The 'Anonymous_XML' report format now strips even more potentially sensitive
information.
* Support for custom predefined report formats has been improved.
* Support for communicating via Unix domain sockets has been added and now is
the default for communication with OTP scanners and with clients.
* NVTs in the ACT_SETTINGS family are no longer automatically enabled.
* Log messages have been improved to include the resource name wherever
possible.
* The 'openvas-manage-certs' support script has been moved here from OpenVAS
Scanner.
* The minimum required version of the GnuTLS library has been raised to 3.2.15
in order to enforce the presence of newer (more secure) TLS and ciphers.
* The minimum required version of the OpenVAS libraries has been raised to
9.0.0.
* The minimum required version of the GLib library has been raised to 2.32 in
order to allow the use of newer API elements.
* The minimum required version of the CMake build framework has been raised to
2.8.
* Numerous code cleanups.
* The build process has been improved.
* Code documentation has been updated.
* Support for PostgreSQL has been improved.
openvas-manager 6.1+beta3 (2016-04-14)
This is the third beta version of the upcoming 6.1 release of the
OpenVAS Manager. It will be part of the upcoming OpenVAS-9 release.
This module is the central management service between
security scanners and user clients.
This release adds various alerts, consolidates credentials and
applies the standard powerfilter now also for the report results
to name just a few of the improvements.
Many thanks to everyone who has contributed to this release:
Benoît Allard, Hani Benhabiles, Sven Haardiek, Matthew Mundell,
Timo Pollmeier, Jan-Oliver Wagner and Michael Wiegand.
Main changes since 6.1+beta2:
* Consolidation of credentials: Introduce various types of credentials and
use these reseources whenever a credential is required. Also the migration
will handle this properly.
* Add task preference for auto deleting reports.
* Add credential type "client certificate".
* Add SNMP credential type.
* Make login information of slaves a credentials resource.
* Add SNMP credentials to targets.
* Add new alert conditions "Filter count at least" and "Filter count changed".
* Add alert method "Send", for sending the report to a TCP listener.
* Add new alert method 'SCP'.
* Add alert event "New NVTs arrived".
* Add event type "Updated NVTs arrived".
* Add support for SecInfo type in SecInfo alerts.
* Add SYNC_CONFIG OMP command.
* Introduce Scan Configs for OSP scanners.
* Make GET_REPORTS command use the normal powerfilter and remove some
redundant command attributes and now unused functions.
* Prevent concurrent NVT cache updates from being initiated via SIGHUP.
* Add "ISM Control Description" parameter to "Verinice ISM" report format.
* Ensure sequences for automatically assigning primary key ids in
PostgreSQL are consistent with table contents on startup.
* Remove any special handling of a tag "risk_factor".
* When using SQLite, ensure that all three databases are in WAL mode.
* Merging openvas-certdata-sync into greenbone-certdata-sync
in order to maintain only a single sync script instead
of two mostly identical ones.
* Merging openvas-scapdata-sync into greenbone-scapdata-sync
in order to maintain only a single sync script instead
of two mostly identical ones.
* Add --check-alerts, which runs any SecInfo alerts that are due.
* Various database performance improvements.
* Various code improvements.
openvas-manager 6.1+beta2 (2015-10-21)
This is the second beta version of the upcoming 6.1 release of the
OpenVAS Manager. It is the central management service between the actual
security scanners and various user clients.
This release adds explicit asset management for hosts and operating
systems, first OSP 1.1 features, started consolidation of Credentials -
to name just a few of the many improvements.
Many thanks to everyone who has contributed to this release:
Benoît Allard, Hani Benhabiles, Sven Haardiek, Matthew Mundell,
Timo Pollmeier, Jan-Oliver Wagner and Michael Wiegand.
Main changes since 6.1+beta1:
* Add asset management for hosts and operating systems via new OMP
commands CREATE_ASSET, GET_ASSETS, MODIFY_ASSET and DELETE_ASSET.
* Make it possible to import OSP scan configs.
* Allow specifying multiple data columns via elements in the OMP command
GET_AGGREGATES and change the response to list statistics grouped for
each data_column.
* Add new alert method "Start Task".
* Replace the LSC_CREDENTIAL type with CREDENTIAL type.
* Handle free-form text in Postgres sorting of hosts, instead of
requiring IPs.
* Add new OMP command MOVE_TASK to move a task to a new slave, even
when it is running.
* Add support for some of the upcoming OSP 1.1 features.
* Extend CREATE_GROUP with option to create "super on self" permission
for the group, so that all member resources are shared.
* Updated the HTML report format plugin with slightly lighter design and
better performance.
* Add "subject" and "message" method data for email alerts, so that the
user can set these fields. Also add various variables for the message
via various variables.
* Add options to have a user inherit resources from a user being
deleted.
* Add new setting "Default Severity".
* Record in each report in the db whether the task was started by the
scheduler. Use this info to prevent the scheduler from stopping
manually started tasks.
* For slave tasks, add the host details of finished hosts, even if the
task is still running.
* Add a "word_counts" mode to the GET_AGGREGATES OMP command.
* If NVT cannot be found for dynamic severity without overrides, use
static severity instead.
* Add host and result counts to task iterators and add "text columns"
option to get_aggregates.
* Allow dot (.) in username.
* Give up when doing the nvti cache update check and the database is
busy, because this is done in the main omp service loop, so it could
delay the service of OMP clients.
* Add params ignore_pagination and schedules_only for OMP GET_TASKS.
* Improved certificate checks.
* Simplify project version setting. Use SVN version at build time in
binary instead of SVN version at configuration time.
* Various code improvements.
openvas-manager 6.1+beta1 (2015-07-17)
This is the first beta version of the upcoming 6.1 release of the OpenVAS
Manager. It is the central management service between the actual security
scanners and various user clients.
This release moves authentication configuration from file based function to the
Manager database. It also adds support for CVE scanning and contains a number of
other improvements.
Please make sure to read the INSTALL file for important installation and
migration information, even and especially if you have used OpenVAS Manager
before.
Many thanks to everyone who has contributed to this release:
Benoît Allard, Hani Benhabiles, Sven Haardiek, Matthew Mundell, Timo Pollmeier and Michael Wiegand.
Main changes since 6.0 series:
* The required minimum version of OpenVAS Libraries has been raised to 8.1.0.
* Authentication checks are now handled locally instead of file based OpenVAS
Libraries functions.
* Permission management has been improved.
* OSP support has been improved.
* Support for CVE scanning has been added.
* Handling of QoD information has been improved.
* PostgreSQL support has been improved.
* Internal improvements.
* The built-in LaTeX report format has been improved.
* Support for running cppcheck from the build environment has been added.
* A number of issues discovered through static code analysis have been
addressed.
* Documentation has been updated.
openvas-manager 6.0.1 (2015-04-01)
This is the first maintenance release of the openvas-manager 6.0 module for
the Open Vulnerability Assessment System release 8 (OpenVAS-8).
This release addresses various improvements and bug fixes of which
none is particularly outstanding, but not all just minor either.
Many thanks to everyone who contributed to this release:
Matthew Mundell, Timo Pollmeier and Michael Wiegand.
Main changes compared to 6.0.0:
* Treat missing filter keywords owner and permission as if they had the
value "any". The old default behavior can be reproduced by using the
keywords with an empty value.
* Task severity: Consider based on QoD default (70%) instead of 0%.
This way the task severity matches the results severity when using
defaults.
* Allow the user to create a permission if the user has "modify" access
to the subject. This allows users to create permissions on roles owned
by other users, for example.
* Bugfix to enable autoamtic update of CERT-Bund.
* Bugfix to re-add the cvss base vector of NVTs.
* Bugfixes/improvements about object managment for objects
with dependencies dependencies (for example: target has
credentials).
* Always set trust as "yes" for predefined report formats.
* Bugfix: Quote timezones as these can have multiple words.
* Bugfix: Get results severity based on user, not based on owner.
* Improved package config and build routine.
* Various minor bugfixes.
openvas-manager 6.0.0 (2015-03-17)
This is the first release of the openvas-manager 6.0 module for the Open
Vulnerability Assessment System release 8 (OpenVAS-8). The OpenVAS Manager is
the central management service between the actual security scanner and various
user clients.
OpenVAS Manager 6.0 introduces a large number of new and improved features, for
example scanner management, the alternative use of PostgreSQL as database back
end and Quality of Detection (QoD) information. It also introduces the new roles
"Guest", "Monitor" and "Super Admin". Please see the comprehensive list below
for more details.
Please make sure to read the INSTALL file for important installation and
migration information, even and especially if you have used OpenVAS Manager
before.
Many thanks to everyone who has contributed to this release:
Benoît Allard, Michal Ambroz, Hani Benhabiles, Henri Doreau, Michael Meyer,
Matthew Mundell, Timo Pollmeier, Jan-Oliver Wagner and Michael Wiegand.
Main changes compared to the 5.0 series:
* OpenVAS Manager now supports the alternative use of PostgreSQL as database
back end instead of SQLite3.
* Support for Scanner Management has been added. This includes the configuration
part for scanners accompanied with a new set of OMP commands (create_scanner,
get_scanners, modify_scanner, delete_scanner and verity_scanner). Next, it
covers the extensions of tasks with the selected scanner type and the
extension of Scan Configurations to reflect different scanner types.
* Support for the new SecInfo subtype CERT-Bund Advisory (CERT_BUND_ADV) has
been added.
* Support for QoD (Quality of Detection) information has been added.
* Support for mixing objects owned by different users has been extended.
* Support for a "Guest" role has been added.
* Support for a "Monitor" role has been added.
* Support for a "Super Admin" role has been added.
* Support for associating ESXi credentials with targets has been added.
* The new OMP command "GET_AGGREGATES" has been added in order to deliver data
tables for use in diagrams.
* Support for task charts has been added.
* Support for filtering NVTs based on their script_tags has been added.
* A new "Modify Task" wizard has been added.
* Support for displaying solution type information has been added.
* Support for internal database optimization has been added.
* Support for ownership of users, roles, groups and permissions has been
introduced.
* Support for the changing of user names has been added.
* Support for Once-off schedules has been added.
* Support for limiting the number of times a task runs with a periodic schedule
has been added.
* Support for splitting the CPE dictionary has been added to the SCAP data
synchronization script.
* The "xml_split" helper script for splitting SCAP data is now installed by
default.
* Report powerfilters now support the "timezone" keyword.
* The OMP version is now included in reports.
* Tasks on slaves are now stopped when the controlling master is terminated.
* Alterable task now stay alterable even when their last report has been
removed.
* Solution type information is now included in report formats.
* OpenVAS Manager will no longer abort if previous attempts to the rebuild or
update the database have failed.
* The results table and the OMP results objects have been extended.
* The "Anonymous XML" report format has been added.
* Support for displaying host authentication results has been added to the
LaTeX, PDF and HTML reports.
* The GET_INFO command can now be used for NVTs as well.
* Support for "openvasrc" files has been removed from OMP.
* For SSH credentials, the certificate is now extracted from private key when
needed.
* Preemptive Scanner connecting has been removed. Manager now only connects on
NVT cache update or task starting, resuming and stopping. This improves
response time.
* Support for the task pausing feature has been removed. This includes the
removal of OMP commands "pause_task" and "resume_paused_task".
* Support for the target locators feature has been removed. This includes the
removal of the OMP command "get_target_locators".
* The "--slisten" and "--sport" command line options have been removed as they
are now part of the scanner properties.
* An issue which caused individual NVT timeout values to not be transferred
to slaves has been fixed.
* The "--list-users" command line option has been renamed to "--get-users".
* The "--role" command line option now applies to "--get-users" as well.
* The "get_results" OMP command now behaves more consistent with other get_...
OMP commands.
* The task name is now included in more report formats.
* The value of the NVT tag "affected" is now included in more report formats.
* The performance has been improved in a number of places.
* The strategy of SQL retries in high-load situation has been improved.
* The handling of user groups when dropping privileges has been improved.
* The manager will now retry starting of scheduled tasks when the start OMP fails.
* Sorting of numerical values has been improved.
* Library checks during package configuration have been improved and are now
more comprehensive and consistent.
* Signal handling has been improved.
* The OMP protocol documentation has been updated.
* Code cleanups.
Main changes compared to 6.0+beta6:
* Solution type information is now included in report formats.
* An issue with empty scan end times has been fixed.
* Performance of report result counting has been improved.
* A check which resulted in scheduled tasks not starting at all if they could
not start within a short interval has been removed.
* Signal handling has been improved.
* Support for splitting the CPE dictionary has been added to the SCAP data
synchronization script.
* OpenVAS Manager will no longer abort if previous attempts to the rebuild or
update the database have failed.
* The "Anonymous XML" report format has been added.
* The OMP protocol documentation has been updated.
* The GET_INFO command can now be used for NVTs as well.
* Result in report results counting and caching functions now use a default
minimum QoD of 70 for consistency.
* Support for displaying host authentication results has been added to the
LaTeX, PDF and HTML reports.
* Support for CERT-Bund advisories has been improved.
* An issues which caused a segmentation fault when rebuilding the database of 32
bit installations under certain circumstances has been fixed.
* The "xml_split" helper script for splitting SCAP data is now installed by
default.
* Support for mixing of the current user's targets and tasks, with other
people's targets and tasks has been added.
* Support for mixing of the current user's configs and tasks, with other
people's configs and tasks has been added.
* Support for mixing of the current user's scanners and tasks, with other
people's scanners and tasks has been added.
* Support for mixing of the current user's port lists and targets, with other
people's port lists and targets has been added.
* Support for mixing of the current user's credentials and targets, with other
people's credentials and targets has been added.
* Support for mixing of the current user's report formats and alerts, with other
people's report formats and alerts has been added.
* Support for mixing of the current user's filters and alerts, with other
people's filters and alerts has been added.
* Code cleanups.
openvas-manager 6.0+beta6 (2015-02-11)
This is the sixth beta version of the upcoming 6.0 release of the OpenVAS
Manager. It is the central management service between the actual security
scanners and various user clients.
This release improves support for OSP scanner and introduces support for
Quality of Detection (QoD) information. It also adds support for once-off
schedules, for limiting the number of times a task runs with a periodic
schedule and for more resource mixing between users. It also contains a number
of bug fixes and various other improvements.
Many thanks to everyone who has contributed to this release:
Hani Benhabiles, Matthew Mundell, Timo Pollmeier and Michael Wiegand.
Main changes since 6.0+beta5:
* Support for OSP host details has been added.
* Support for modifying an existing scanner has been added.
* Support for Once-off schedules has been added.
* Support for limiting the number of times a task runs with a periodic schedule
has been added.
* Enable mixing of the current user's alerts, schedules and tasks, with other
people's alerts, schedules and tasks, when permissions allow it.
* Support for Quality of Detection (QoD) information has been introduced.
* A segmentation fault which occurred when deleting users using the
"--delete-user" parameter has been fixed.
* An issue which caused individual NVT timeout values to not be transferred
to slaves has been fixed.
* An issue with NVT counting in scan configs has been fixed.
* Incorrect column name in the SCAP database have been fixed.
* An issue with result counting when using certain filters has been fixed.
* An issue which prevented the Super Admin from cloning certain objects has been
fixed.
* An issue with running scheduled tasks with durations has been fixed.
* Tasks on slaves are now stopped when the controlling master is terminated.
* Alterable task now stay alterable even when their last report has been
removed.
* The default value for the "autofp" setting used for alerts has been changed
to 0 for consistency with other views.
* Report lists now ensure that a apply_overrides value is set.
* Sorting of numerical values has been improved.
* Handling of missing report format plugins for alerts has been made more
consistent.
* Library checks during package configuration have been improved and are now
more comprehensive and consistent.
* OSP support has been improved.
* PostgreSQL support has been improved.
* The OMP documentation has been updated.
* Documentation of database optimization has been improved.
* Code cleanups.
openvas-manager 6.0+beta5 (2015-01-12)
This is the fifth beta version of the upcoming 6.0 release of the OpenVAS
Manager. It is the central management service between the actual security
scanners and various user clients.
This release improves support for the "Super Admin" permission, introduce
ownership for users, roles and groups, allow sharing of sensors and task
between users, adds a `--optimize` command line option, start work on
consolidation of the different RESUME_* OMP commands as well as fixes various
smaller issues.
Many thanks to everyone who has contributed to this release:
Timo Pollmeier, Jan-Oliver Wagner, Matthew Mundell, Michael Wiegand and Hani
Benhabiles.
Main changes since 6.0+beta4:
* Add settings for default resource selections on the "New Task" and "New
Target" pages in GSA and get settings in Advanced Task Wizard.
* LaTeX report format improvement
* Retry starting of scheduled tasks when the start OMP fails.
* Add new "Modify Task" wizard.
* Add RESOURCE/TYPE to CREATE_PERMISSION, so that Super permissions can be
created on Roles, Groups and Users.
* Add RESOURCE/TYPE to MODIFY_PERMISSION, so that editing of Super
permissions works.
* Allow severity to be null in CERT-Bund and DFN-CERT Advisories, CPEs and OVAL
definitions if no severity is available from CVEs.
* Performance improvement for GET_REPORTS.
* Add solution_type column to NVTs.
* Enable mixing of the current user's slaves and tasks, with other people's
slaves and tasks, when permissions allow it.
* Add command line option --optimize, with arguments "analyze" and "vacuum".
* Add indices for NVTs, CVEs and CPEs and change init_aggregate_iterator to use
them. Remove unused features from init_aggregate_iterator for simplicity.
* Make --role apply to --get-users too.
* Introduce ownership of users, roles and groups.
* Major rewrite of the RESUME_* OMP commands.
* Introduce ownership of permissions.
* Account for Super permissions in asset reports.
* Add NEW_NAME to OMP MODIFY_USER, to allow changing of user names.
openvas-manager 6.0+beta4 (2014-11-21)
This is the fourth beta version of the upcoming 6.0 release of the OpenVAS
Manager. It is the central management service between the actual security
scanners and various user clients.
This release establishes support for PostgreSQL as an alternative database
backend. It also adds support for a "Super Admin" role and contains a number of
smaller improvements.
Many thanks to everyone who has contributed to this release:
Benoît Allard, Michal Ambroz, Hani Benhabiles, Henri Doreau, Michael Meyer,
Matthew Mundell, Timo Pollmeier, Jan-Oliver Wagner and Michael Wiegand.
Main changes since 6.0+beta3:
* OpenVAS Manager now supports the alternative use of PostgreSQL as database
backend instead of SQLite3.
* Support for a "Super Admin" role has been added.
* Performance for iterating over host details has been improved.
* The handling of SIGABRT signals has been improved, ensuring an appropriate
exit code if such a signal occurs.
* The handling of task end times has been improved.
* The strategy of SQL retries in high-load situation has been improved.
* Support for filtering NVTs based on their script_tags has been added.
* Logging has been improved.
* The handling of user groups when dropping privileges has been improved.
* Timezone usage has been improved.
* The build process has been adjusted for changes in OpenVAS Libraries.
* The OMP version is now included in reports.
* Code cleanups.
openvas-manager 6.0+beta3 (2014-10-14)
This is the third beta version of the upcoming 6.0 release of the OpenVAS
Manager. It is the central management service between the actual security
scanners and various user clients.
This release continues the efforts towards PostgreSQL support and support of
multiple scanners. It also introduces support for a "Monitor" role and for the
"timezone" keyword in report powerfilters and harmonizes the handling of the
creation time for the different SecInfo object types. A workaround for an issue
with SQLite versions before 3.8.3 is included as is support for task charts.
Many thanks to everyone who has contributed to this release:
Hani Benhabiles, Matthew Mundell, Timo Pollmeier and Michael Wiegand.
Main changes since 6.0+beta2:
* Further steps towards alternative use of PostgreSQL as database backend
instead of SQLite3. The PostgreSQL support does not yet cover all of the
OpenVAS Manager functionalities.
* Further steps for Scanner Management.
* Support for task charts has been added.
* Report powerfilters now support the "timezone" keyword.
* Handling of different SecInfo object creation times has been harmonized.
* Support for a "Monitor" role has been added.
* A workaround for an issue with concurrent SQLite processes when using SQLite
versions older than 3.8.3 has been added.
* PostgreSQL support has been added to the various support scripts.
* Code cleanups.
openvas-manager 6.0+beta2 (2014-09-23)
This is the second beta version of the upcoming 6.0 release of the OpenVAS
Manager. It is the central management service between the actual security
scanners and various user clients.
This release continues the efforts towards PostgreSQL support and support of
multiple scanners. It also introduces support for a "Guest" role and for
associating ESXi credentials with targets, along with a number of smaller
improvements and code cleanup.
Many thanks to everyone who has contributed to this release:
Hani Benhabiles, Matthew Mundell, Timo Pollmeier, Jan-Oliver Wagner and Michael
Wiegand.
Main changes since 6.0+beta1 series:
* Further steps towards alternative use of PostgreSQL as database backend
instead of SQLite3. The PostgreSQL support does not yet cover all of the
OpenVAS Manager functionalities.
* Further steps for Scanner Management.
* Support for a "Guest" role has been added.
* Support for associating ESXi credentials with targets has been added.
* The get_results command now behaves more consistent with other get_... OMP
commands.
* The task name is now included in more report formats.
* The value of the NVT tag "affected" is now included in more report formats.
* GPLv2+ licence notices now contain the exact wording suggested by the Free
Software Foundation.
* Code cleanups.
openvas-manager 6.0+beta1 (2014-08-23)
This is the first beta version of the upcoming 6.0 release of the OpenVAS
Manager. It is the central management service between the actual security
scanners and various user clients.
This release introduces first steps towards multi-scanner support, adds support
for SecInfo type "CERT-Bund" and extends the results object. Apart from this
the alternative support for PostgreSQL works to some extend but is not
complete yet.
Please make sure to read the INSTALL file for important installation and
migration information, even and especially if you have used OpenVAS Manager
before.
Many thanks to everyone who has contributed to this release:
Hani Benhabiles, Matthew Mundell, Timo Pollmeier, Michael Wiegand
Main changes since 5.0 series:
* Added first steps for Scanner Management. This includes the configration part
for scanners accompanied with a new set of OMP commands (create_scanner,
get_scanners, modify_scanner, delete_scanner and verity_scanner). Next,
it covers the extensions of tasks with the selected scanner type and the
extension of Scan Configurations to reflect different scanner types.
* First steps towards alternative use of PostgreSQL as database backend instead
of SQLite3. The PostgreSQL support does not yet cover all of the OpenVAS Manager
functionalities.
* Added new SecInfo subtype CERT-Bund Advisory (CERT_BUND_ADV).
* Added new OMP command GET_AGGREGATES in order to deliver data tables for
use in diagrams.
* Extended results table and OMP results objects.
* Removed openvasrc file support from OMP.
* For SSH credentials, the public part is now extracted from private key
when needed.
* Removed preemptive Scanner connecting. Connect only on NVT cache update
or task starting, resuming and stopping. This improves response time.
* Removed task pausing feature. This includes the removal of OMP commands
pause_task and resume_paused_task.
* Removed target locators feature. This includes the removal of the
OMP command get_target_locators.
* First steps towards a QoD (Quality of Detection) concept as an attribute
of the results.
* Rebuild CERT database as version 6 to apply fix for problems with CVEs
in older DFN-CERT advisories.
* Increased limit of max number of hosts specified in user Host Access
Control to 16,777,216.
* Removed --slisten and --sport options.
* Renamed --list-users to --get-users.
* Added --get-scanners.
* Added --create-scanner with --scanner-host, --scanner-port and
--scanner-type options.
* Added --delete-scanner option.
* Added --verify-scanner option.
* Added --scanner-ca-pub, --scanner-key-pub and --scanner-key-priv
command-line arguments.
* Added options --max-email-attachment-size and --max-email-include-size.
* Various minor improvements.
* Code cleanups.
openvas-manager 5.0.0 (2014-04-23)
This is the first release of the openvas-manager 5.0 module for the Open
Vulnerability Assessment System release 7 (OpenVAS-7). The OpenVAS Manager is
the central management service between the actual security scanner and various
user clients.
OpenVAS Manager 5.0 introduces a large number of new and improved features, for example
the entire user management is now done in OpenVAS Manager, tagging of objects,
"Severity" concept to replace "Threat" concept, Alive-Test property of Targets,
a number of new command line parameter, extended access control with groups, roles
and permissions. For a complete list of changes, please refer to the list below.
The whole functionality is available via the extended protocol OMP 5.0.
Please make sure to read the INSTALL file for important installation and
migration information, even and especially if you have used OpenVAS Manager
before.
Many thanks to everyone who has contributed to this release:
Benoît Allard, Hani Benhabiles, Henri Doreau, Rodolfo Gouveia, Andre Heinecke,
Werner Koch, Matthew Mundell, Timo Pollmeier, Stefan Schwarz, Stefan Sperling,
Jan-Oliver Wagner and Michael Wiegand.
Main changes since 4.0.x:
* User management has been consolidated in OpenVAS Manager. It was moved
from OpenVAS Scanner and OpenVAS Administrator into OpenVAS Manager.
* New: Groups, Roles and Permissions.
* New: Tags.
* New: Default scan configurations "Discovery", "Host Discovery" and
"System Discovery".
* New: Support for searching in the complete SecInfo data.
* New: Support for regular expression searching in the powerfilter.
* New: New "Severity" concept to replace "Threat" concept.
* Removed: OTP port forwarding.
* Removed: Support for obsolete scanner preferences.
* Improved: Support for the new host management offered by Scanner has been added.
* Improved: Schedule handling during long running operations.
* Changed: Simplified host access conrol replaces old rules-based concept.
* New: Support for Alterable Tasks.
* New: Support for Source Interface access control has been added.
* New: Alive Test property to Targets, which can override the scan config
settings.
* Remove NVTs 810002 "CPE Inventory" and 810003 "Host Summary" from predefined
configs.
* Orphaned results are now removed from the database when starting.
* The speed of retrieving a task details overview has been improved.
* Database rebuild performance has been improved.
* Performance with large databases has been improved.
* Updated: Verinice ISM report format plugin.
* Updated: The NBE report format plugin.
* New: Predefined report format CSV Hosts.
* New: Predefined report format CSV Results.
* New: Report format plugin for exporting TLS mapping results into a CSV file.
* New: User setting for preferred interface language.
* Logging has been improved and made more consistent.
* OpenVAS Manager will now attempt to reduce database fragmentation.
* Use UTF-8 for OTP.
* Report scanner loading progress to client/GSA.
* New: Support for user defined OVAL repositories in private subdirectories.
* The scripts for SCAP and CERT data synchronization have been improved.
* Handling of NVT risk factors has been removed as this is handled via CVSS scores now.
* The handling of the obsolete "subnet" element in the results has been
removed.
* NVT descriptions are no longer stored separately in the database and thus no
longer duplicate information already present in the NVT tags.
* The credential encryption keyring is now placed in var/lib/openvas/gnupg
instead of etc/openvas/gnupg.
* Support for changing a user password on the command line has been added.
* New option --max-ips-per-target.
* New option --delete-user.
* New option --create-user.
* Add option --role, which allows to set the role with --create-user.
* The --migrate option now also migrates SCAP and CERT databases.
* New option "--list-users".
* Made --migrate succeed when the database has not yet been initialised.
* Add --gnutls-priorities option.
* Add --dh-params command-line option.
* The command line parameter "--disable-scheduling" has been added.
* The required minimum GnuTLS version has increased to 2.8.
* The required minimum OpenVAS Libraries version has increased to 7.0.0.
* Signature verification now uses the "gpgv" command.
* Make --rebuild and --update wait for scanner when scanner is busy
loading NVTs. This matches the behaviour when rebuild is called via
SIGHUP.
* Startup speed has been improved.
* Add a utility to split huge xml files in a memory efficient way
* The handling of missing, inaccessible or corrupt database files has been
improved.
* Moved some functions to openvas-libraries.
* Large number of small fixes and speed improvements.
* Code cleanup.
And additionally changes compared to 5.0+beta13:
* Added HELP permission check.
* New: Role "Info".
* Clean up of OMP and OMP documentation.
openvas-manager 5.0+beta13 (2014-04-10)
This is the thirteenth beta version of the upcoming 5.0 release of the OpenVAS
Manager. It is the central management service between the actual security
scanner and its various user clients.
This release further improves role management and adds the MODIFY_ROLE OMP
command. It also features an improved startup speed and an updated OMP
documentation as well as improvements to the alive test and wizard
functionalities.
Many thanks to everyone who contributed to this release:
Matthew Mundell, Timo Pollmeier and Michael Wiegand.
Main changes since 5.0+beta12:
* The OMP command MODIFY_ROLE has been added.
* Role management has been improved.
* The OMP documentation has been updated.
* The handling of unavailable commands in the quick_task wizard has been
improved.
* The command line parameter "--disable-scheduling" has been added.
* Startup speed has been improved.
* The alive test "TCP Service Ping" has been renamed to "TCP-ACK Service Ping".
* The alive test "TCP-SYN Service Ping" has been added.
openvas-manager 5.0+beta12 (2014-03-28)
This is the twelfth beta version of the upcoming 5.0 release of the OpenVAS
Manager. it is the central management service between the actual security
scanner and its various user clients.
This release add an OMP DELETE_ROLE commands and a --dh-params command-line
option to specify Diffie-Hellman ciphers parameters.
Many thanks to everyone who contributed to this release:
Hani Benhabiles, Matthew Mundell, Timo Pollmeier and Jan-Oliver Wagner
Main changes since 5.0+beta11:
* Add OMP DELETE_ROLE.
* Add --dh-params command-line option.
* code cleanup
openvas-manager 5.0+beta11 (2014-03-26)
This is the eleventh beta version of the upcoming 5.0 release of the OpenVAS
Manager. it is the central management service between the actual security
scanner and its various user clients.
This release adds a --gnutls-priorities option to specify the cipher priority
as well as adds a CREATE_ROLE OMP command and solve a number of small issues.
Many thanks to everyone who contributed to this release:
Hani Benhabiles, Matthew Mundell, Timo Pollmeier and Jan-Oliver Wagner
Main changes since 5.0+beta10:
* Get tags for resources by ROWID instead of UUID. Make iterator functions for
active and orphan fields return int.
* Rename "attach_id" to "resource_uuid", "attach_type" to "resource_type" add
resource rowid "resource" and "resource_location" to tags tables. Hence
increase database version to 117. Add database migration from version 116 to
117.
* Change tag OMP elements accordingly and make them more consistent with the
resource in permissions overall. Allow tags to be attached to resources in
trash. Rename "orphaned" in tags to "orphan".
* Add OMP CREATE_ROLE.
* Remove NVTs 810002 "CPE Inventory" and 810003 "Host Summary" from predefined
configs. Hence increase database version to 116. Add database migration
from version 115 to 116.
* Drop sign_key_ids column from nvts table. Hence increase database version to
115. Add database migration from version 114 to 115.
* Add alive test "Consider Alive".
* Add --gnutls-priorities option to Manager.
* Report scanner loading progress to client/GSA.
* Added regex-based parameter validation and support of alternative run modes,
e.g. an init mode to get resource lists to display in the client, to wizards.
* Switch the type check on the filters associated with alerts from "report" to
"result". Alerts were migrated from "report" to "result" in db version 92.
* Code cleanup.
openvas-manager 5.0+beta10 (2014-03-18)
This is the tenth beta version of the upcoming 5.0 release of the OpenVAS
Manager. it is the central management service between the actual security
scanner and its various user clients.
This release Correct the behavior of the manager when called with --rebuild,
--update or --migrate in order to produce a more consistent experience, as
well as solve a number of small issues.
Many thanks to everyone who has contributed to this release:
Hani Benhabiles, Matthew Mundell and Jan-Oliver Wagner.
Main changes since 5.0+beta9:
* Remove handling of CERTIFICATES otp command.
* Make --rebuild and --update wait for scanner when scanner is busy
loading NVTs. This matches the behaviour when rebuild is called via
SIGHUP.
* Add scan-time record of slave and source interface to reports.
* Remove handling of PLUGINS_DEPENDENCIES OTP command and get_dependencies
OMP command.
* Make --migrate succeed when the database has not yet been initialised.
* Code cleanup.
openvas-manager 5.0+beta9 (2014-03-12)
This is the ninth beta version of the upcoming 5.0 release of the OpenVAS
Manager. It is the central management service between the actual security
scanner and its various user clients.
This release introduces the new "System Discovery" config, improves handling of
the OpenVAS Scanner connection and fixes two issues related to UTF-8 encoded
text in overrides and notes and to result counts.
Many thanks to everyone who has contributed to this release:
Hani Benhabiles, Matthew Mundell and Michael Wiegand.
Main changes since 5.0+beta8:
* A new predefined "System Discovery" config has been added.
* The handling of the connection to the OpenVAS Scanner has been improved.
* An issue which caused a segmentation fault due to incorrect truncation of
UTF-8 encoded text in overrides and notes has been fixed.
* An issue which caused incorrect result counts has been fixed.
openvas-manager 5.0+beta8 (2014-03-06)
This is the eighth beta version of the upcoming 5.0 release of the OpenVAS
Manager. It is the central management service between the actual security
scanner and its various user clients.
This release adjusts the built-in Report Format Plugins (RFPs) to expect NVT
information to be in the new style. It also removes sections of unused code,
improves Host Discovery handling and fixes a password generation issue.