Mailinglist Archive: opensuse-security (32 mails)

< Previous Next >
[opensuse-security] OpenVAS likes to create security test environments for SUSE products
  • From: "Jan-Oliver Wagner" <jan-oliver.wagner@xxxxxxxxxxxxx>
  • Date: Fri, 9 Jan 2009 23:13:53 +0100
  • Message-id: <200901092313.57499.jan-oliver.wagner@xxxxxxxxxxxxx>
Hi,

the network security scanner OpenVAS [1] has progressed a lot since I mentioned
it here on this list first time.
Seem like it even made it into SUSE [2].

Now we are working on a automatic generator for security checks for SUSE
based on the SUSE security announcements, like this one [3].
The generator creates so-called NVTs (Network Vulerability Tests) for the
language NASL and also for OVAL.

This works well for the openSUSE distributions because [3] contains
the RPM IDs to check for.

It is not so easy for products like SLES where you have to follow a couple
of links before you see the packages. This is not so simple to automize.

Do you see any chance to make life easier here?

Also, we are lacking identifier strings for all of the different products.
We usually look into /etc/SuSE-release to find out. Is there a list
somewhere with _all_ identifiers?

Best regards

Jan


[1] http://www.openvas.org
[2] http://download.opensuse.org/repositories/security:/openvas:/
[3] http://www.novell.com/linux/security/advisories/2008_55_mozilla.html

--
Dr. Jan-Oliver Wagner | ++49-541-335 08 30 | http://www.intevation.de/
Intevation GmbH, Neuer Graben 17, 49074 Osnabrück | AG Osnabrück, HR B 18998
Geschäftsführer: Frank Koormann, Bernhard Reiter, Dr. Jan-Oliver Wagner
--
To unsubscribe, e-mail: opensuse-security+unsubscribe@xxxxxxxxxxxx
For additional commands, e-mail: opensuse-security+help@xxxxxxxxxxxx

< Previous Next >
List Navigation
Follow Ups