English | Deutsch
Home »

OpenVAS Change Request #15: OpenVAS Server: Remove features for detached scans

Status: Voted +4. Done. Implemented with SVN revision 1118.

Purpose

To reduce and cleanup code base of OpenVAS Server.

To remove a broken design.

References

OpenVAS Change Request #12: Replace NTP with OTP: The present Change Request would add to #12, because additional changes to OTP are proposed.

Rationale

"Detached Scans" is a feature inherited from Nessus that offers to have the server manage scans without permanent connection to the client and to have server-side storage of results. It seems that no client supported this feature fully, at least the (half-implemented) support was removed/deprecated from the client already in the Nessus times.

The present version of OpenVAS Server appears to not write any results of a detached scan nor does it deliver any session IDs when asked. So, at least the current implementation is at least buggy anyway.

In fact, this idea of detached scans is regarded a broken design. The actual scan server should not care about caching results and implementing a complex protocol to manage things stored on server side.

This is rather to be implemented by a tier of its own as a manangement layer e.g. as a web application or even a more low level service. After all it should be a code base of its own and would act as a OpenVAS client running with less system rights (no root rights required). However, this change request is not about implementing the management unit, but about getting this feature out of the actual server.

Effects

Any client implementations that indeed uses this feature will not work anymore (none known so far).

The OpenVAS server itself will not allow for continous scans anymore.

The command line version of OpenVAS-Client will not anymore offer the respective commands line option for detached scans.

The changes will reduce the number of commands of the client-server protocol and need to be considered for the upcoming OTP 1.0 protocol.

Design and Implementation

This change would be integrated into the upcoming OTP 1.0 protocol and remove the commands DETACHED_SESSIONS_LIST and DETACHED_STOP and the preferences detached_scan, continuous_scan, delay_between_scan_loops, and detached_scan_email_address.

It does make sense to have this change only be applied to new major release series openvas-server 1.1.

Apart from the protocol changes, there are also many code cleanups to do (removal of the handling for detached scans) in both server and client, but not yet listed here in detail.

History