Run OpenVAS scans via OSP instead of OTP #422
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This new scanner type uses OpenVAS scan configs and connects to an OSP scanner (ospd-openvas).
OSP expects boolean preferences to be 1 or 0 instead of "yes" or "no" and only the selected value for selection preferences.
|
Do we really need an extra scanner type? Isn't it just an OSP scanner? |
Without this OSP tasks had to wait until the end of the scan before fetching any results, which could take a long time for scanners like the OpenVAS one and tasks with many target hosts.
timopollmeier
force-pushed
the
openvas-via-osp
branch
from
355faed
to
17d1f3c
Compare
This parses results with the "general/Host_Details" port as host details as it is done in OTP. This should eventually be handled by the "Host Detail" result type once there is a well-defined way to handle the source info in OSP.
The credentials for OSP scans are adjusted for the change in gvm-libs to use the new method of storing the authentication data like username and password.
This allows using SSH private key authentication in OSPd-OpenVAS scans.
The osp_scanner_connect function will no longer try to get the port, ca_pub, key_pub and key_priv from the scanner as they are not needed and getting the private key could fail if the scanner has no credential.
OSP results with "HOST_START" and "HOST_END" as NVT id will be used to set the start and end time of a host.
The parse_osp_report() function will now get the hostname attribute from OSP results and make_osp_result() will store it in the results table.
mattmundell
requested changes
May 30, 2019
src/manage_sql.c
Outdated
| g_warning ("%s: Failed to add report detail for host '%s': %s", | ||
| __FUNCTION__, | ||
| host, | ||
| desc); | ||
| } | ||
| else if (host && nvt_id && desc && (strcmp (nvt_id, "HOST_START") == 0)) |
There was a problem hiding this comment.
This is a strange feature of OSP.
There was a problem hiding this comment.
I also think it would be a good idea to change this. How would you handle the host start and end times in OSP?
My suggestion would be to add a new host detail result type to OSP and use "host_start" and "host_end" as the names.
I'm not sure if we should do it in this PR already.
The OSP-OpenVAS scanner type is removed again in favor of running all OpenVAS scans via OSP instead of OTP.
The process running the function may not have global_current_report set, so the current report has to be fetched from the task.
timopollmeier
changed the title
The osp_start_scan_ext function has been changed to have most options passed in as a new struct type (osp_start_scan_opts_t).
The osp_scanner_connect function will now log a warning message containing the hostname or socket path.
timopollmeier
force-pushed
the
openvas-via-osp
branch
from
c69e4bb
to
70de168
Compare
The variables start_time and end_time in the parse_osp_report function and rc in the handle_osp_scan function were not initialized.
mattmundell
approved these changes
Jun 7, 2019
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This new scanner type uses OpenVAS scan configs and connects to an OSP
scanner (ospd-openvas).