Integrating OVAL (ovaldi) into OpenVAS

Hello,

the OpenVAS project (www.openvas.org) discusses the
idea of integrating ovaldi into the OpenVAS network vulnerability
scanner:

 OpenVAS Change Request #13: Integrating the OVAL interpreter ovaldi into OpenVAS Server
 http://www.openvas.org/openvas-cr-13.html

One driving idea is to enable ovaldi to test various systems without being installed
there (through the OpenVAS Knowldge Base (KB) as a new backend).

We are in hope to only need to apply few changes to ovaldi for establishing this
(OpenVAS-KB probe factory and more generic reporting of results).

It looks like RedHat SAs are a good candidate to proof the concept, but if
you suggest other platforms covered well with OVALs, please let me know.

Currently we are in the process of discussing this idea and collect opinions,
suggestions and any other hint.
Perhaps the OVAL community has a opinion on this idea? :-)

Best regards

        Jan

--
Dr. Jan-Oliver Wagner                        Intevation GmbH, Osnabrück
Amtsgericht Osnabrück, HR B 18998             http://www.intevation.de/
Geschäftsführer: Frank Koormann, Bernhard Reiter, Dr. Jan-Oliver Wagner

To unsubscribe, send an email message to LISTSERV@... with
SIGNOFF OVAL-DEVELOPER-LIST
in the BODY of the message.  If you have difficulties, write to OVAL-DEVELOPER-LIST-request@....

Jan,

I am not familiar with OpenVAS. Based on a couple of your comments and
the change request on the OpenVAS site it looks like you have taken the
time to understand the OVAL Interpreter and how it could fit into
OpenVAS. Leveraging the OVAL Interpreter within OpenVAS seems to make a
lot of sense. I suspect it would be fairly straight forward to do.

Regarding Red Hat as a starting point for a proof of concept. I think
that would be a good start, you should also talk to the Debian team. I
believe they are doing some similar work with OVAL and the OVAL
Interpreter.

If you have specific questions about OVAL or the OVAL Interpreter let
us know and we are happy to help.

Jon

============================================
Jonathan O. Baker
The MITRE Corporation
Email: bakerj@...


but
>if
>you suggest other platforms covered well with OVALs, please let me
know. Osnabrück
>Amtsgericht Osnabrück, HR B 18998
http://www.intevation.de/
>Geschäftsführer: Frank Koormann, Bernhard Reiter, Dr. Jan-Oliver
Wagner
>
>To unsubscribe, send an email message to LISTSERV@... with
>SIGNOFF OVAL-DEVELOPER-LIST
>in the BODY of the message.  If you have difficulties, write to OVAL-
>DEVELOPER-LIST-request@....

To unsubscribe, send an email message to LISTSERV@... with
SIGNOFF OVAL-DEVELOPER-LIST
in the BODY of the message.  If you have difficulties, write to OVAL-DEVELOPER-LIST-request@....

Jon,

On Donnerstag, 17. Juli 2008, Baker, Jon wrote:
> I am not familiar with OpenVAS. Based on a couple of your comments and
> the change request on the OpenVAS site it looks like you have taken the
> time to understand the OVAL Interpreter and how it could fit into
> OpenVAS.

yes, we invested a couple of days in reading the ovaldi code and do
some experiments.

> Leveraging the OVAL Interpreter within OpenVAS seems to make a
> lot of sense. I suspect it would be fairly straight forward to do.

Indeed.
 
> Regarding Red Hat as a starting point for a proof of concept. I think
> that would be a good start, you should also talk to the Debian team. I
> believe they are doing some similar work with OVAL and the OVAL
> Interpreter.

Debian offers the DSAs as OVAL, but only summarized.
Also, Debian appears not to be advertizing the OVAL support. Its hard
to find it on security.debian.org.
Redhat seems to have OVAL fully integrated into their processes.
 
> If you have specific questions about OVAL or the OVAL Interpreter let
> us know and we are happy to help.

We'll come back once we are on it.
Ideally, it would be great if our patches would go upsteam into ovaldi.
I guess we should publish them here for a start.
Or is ovaldi a closed shop? (There seems to be no public source code
repository).

Best

        Jan

--
Dr. Jan-Oliver Wagner                        Intevation GmbH, Osnabrück
Amtsgericht Osnabrück, HR B 18998             http://www.intevation.de/
Geschäftsführer: Frank Koormann, Bernhard Reiter, Dr. Jan-Oliver Wagner

To unsubscribe, send an email message to LISTSERV@... with
SIGNOFF OVAL-DEVELOPER-LIST
in the BODY of the message.  If you have difficulties, write to OVAL-DEVELOPER-LIST-request@....

Jan,

and think
>> that would be a good start, you should also talk to the Debian team.
I
>> believe they are doing some similar work with OVAL and the OVAL
>> Interpreter.
>
>Debian offers the DSAs as OVAL, but only summarized.
>Also, Debian appears not to be advertizing the OVAL support. Its hard
>to find it on security.debian.org.
>Redhat seems to have OVAL fully integrated into their processes.
>

Debian is not yet as far along as Red Hat in  terms of publishing OVAL
Definitions. I expect Debian to continue to progress in this area.

>> If you have specific questions about OVAL or the OVAL Interpreter
let
>> us know and we are happy to help.
>
>We'll come back once we are on it.
>Ideally, it would be great if our patches would go upsteam into
ovaldi.
>I guess we should publish them here for a start.
>Or is ovaldi a closed shop? (There seems to be no public source code
>repository).
>

The OVAL Interpreter has a sourceforge.net project. Please see:

https://sourceforge.net/projects/ovaldi

We would be happy to incorporate any patches you develop. If you have a
patch for a bug you found please submit a bug report and attaché the
patch file as a proposed fix. We will review the patch an apply it. If
you are looking to contribute new features please submit a feature
request describing the new capability and again we will review the
request and respond to it.

We are very happy to receive any fixes to the interpreter.

Thanks,

Jon

============================================
Jonathan O. Baker
The MITRE Corporation
Email: bakerj@...

To unsubscribe, send an email message to LISTSERV@... with
SIGNOFF OVAL-DEVELOPER-LIST
in the BODY of the message.  If you have difficulties, write to OVAL-DEVELOPER-LIST-request@....

On Mittwoch, 30. Juli 2008, Baker, Jon wrote:
> The OVAL Interpreter has a sourceforge.net project. Please see:
>
> https://sourceforge.net/projects/ovaldi

I've seen that before and thought there was no code in the repository
because this pages stats "0 commits".
But now I learned  there is code and there do happen commits :-)

> We would be happy to incorporate any patches you develop. If you have a
> patch for a bug you found please submit a bug report and attaché the
> patch file as a proposed fix. We will review the patch an apply it. If
> you are looking to contribute new features please submit a feature
> request describing the new capability and again we will review the
> request and respond to it.

very good. We will do.
 
> We are very happy to receive any fixes to the interpreter.

:-)

Best

        Jan

--
Dr. Jan-Oliver Wagner                        Intevation GmbH, Osnabrück
Amtsgericht Osnabrück, HR B 18998             http://www.intevation.de/
Geschäftsführer: Frank Koormann, Bernhard Reiter, Dr. Jan-Oliver Wagner

To unsubscribe, send an email message to LISTSERV@... with
SIGNOFF OVAL-DEVELOPER-LIST
in the BODY of the message.  If you have difficulties, write to OVAL-DEVELOPER-LIST-request@....

I looked into this. Sourceforge.net is in the middle of a major
infrastructure migration and upgrade. SVN repository statistics are not
currently available. Once the transition is completed SVN statistics
will begin to work again.


Jon

To unsubscribe, send an email message to LISTSERV@... with
SIGNOFF OVAL-DEVELOPER-LIST
in the BODY of the message.  If you have difficulties, write to OVAL-DEVELOPER-LIST-request@....