[Oval-devel] Sussen project found
Javier Fernández-Sanguino Peña
jfs at computer.org
Tue Jul 17 19:46:55 UTC 2007
On Wed, Jul 18, 2007 at 12:22:57AM +0500, Pavel Vinogradov wrote:
> During my investigation about OVAL textfilecontent_test i go to ask
> some question in google.
> And it points me to one very interesting project - sussen
> (http://dev.mmgsecurity.com/projects/sussen/). This project written on
> C# an based om Gnome desktop, but it functionality very similar to our
> project. And also i found many similar code piece.
Woa, quite interesting. When I last heard of sussen it was a Nessus clone
written in Gnome ('sussen' is Nessus written backwards). I do agree that it
is a piece of code very similar to what we had to develop.
> And it seems that it project write it own OVAl interpreter in C#
> with Debian support. I think this fact may change out future plans on
> writing client/server parts. Comment? Suggestions?
I've browsed the source:
- the project has an OVAL interpreter using C# (although the DPKGinfo test
does not use apt's library but parse /var/lib/dpkg/status directly) so it's
actually a rewrite of the reference interpreter.
- there is a www interface which uses a SQL backend, but it's writen in .NET.
- there is an agent but I haven't checked which communication mechanism it
uses
- I believe the server is implement in the WWW interface (which I don't like
very much)
- there doesn't seem to be any mechanism (on the server side) to
automatically update the OVAL definitions
- they have OVAL definitions for Ubuntu although I don't see how they
generate them
I think there's a lot that we could share or reuse. However I dislike having
a server tied to the WWW UI. I think it should be a separate entity.
Why don't you subscribe to their devel mailing list? I'll do that now.
Javier
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: Digital signature
Url : http://lists.alioth.debian.org/pipermail/oval-devel/attachments/20070717/55af7327/attachment.pgp
More information about the Oval-devel
mailing list