Under GVM-11, I noticed the OpenVAS type scanner is only available with gvmd command line, but not under GSAD, where only GMP and OSP scanner types are available. Is this a typo or is there real differences between the OpenVAS / GMP type (and be extension, with OSP type)
Thanks brick. At this time of writing, is there any scanner available for OSP ? And why is there this limitation to run only one OpenVAS scanner per installation ? From what I’ve seen GVM only provide ospd-openvas as scanner. There don’t seem to be any OSP scanners available and GMP master / slave setup doesn’t seem to work (from my experience, but perhaps there is a way to make it work ?)
osp-openvas is a osp scanner but it counts as the mentioned openvas scanner. You can only use one ospd-openvas. The old openvas scanner (version 7 and before) aren’t usable anymore with GVM 11 because we removed the old communication protocol OTP
We have several other osp scanners besides ospd-openvas of different quality. See
From what I see in the repository, other scanners are very specific (IKE, nmap, debscan… ) none of them seems to be wide as ospd-openvas. Is there any reason why ospd-openvas can only been used once per installation ? There wasn’t such limitation with gvm-9.
Well, typical case of slaves / master architecture where you have several remote sites you want to be scanned by a local scanner, but centrally managed. Or if you want to distribute load… Very typical scenarios actually.
And obviously where the appliance model don’t fit…
Sorry but i can´t see any logical reason besides ideologically why the appliance model does not fit. For instance a small Sensor benefit a lot from the light weight OSPd connection. Normally you build one central manager (gvmd) with a huge database, and connect all the satellites as OSPd scanner.
It’s called AVL. For Approved Vendors List. In big companies such as the one I’m working for, you can’t purchase hardware from a company UNLESS the vendor is part of the AVL. And in the AVL, you find big companies such Microsoft, Cisco, Intel… The idea behind that is a cost control model setup by the governance to reduce investment costs by working only with a limited number of vendors, understanding that if a technology makes sense from a market perspective, it would be available from those vendors. If not, then it means the technology is not mature enough and shouldn’t be bought whatsoever… As I said it’s for hardware only. It doesn’t apply for software, where the rules are less restrictive.
Note that I am the first to regret this, but that’s how it is. That’s the reason why I contacted greenbone to see if it would be possible to buy consulting services / support without investing in the appliances, but unfortunately your commercial model doesn’t allow it. So I’m stuck trying to navigate between this to setup a global infrastructure around Greenbone since I like the flexibility of Open Source.
But to be clear; the easiest and less risky choice for me would be simply to get rid of Greenbone and buy Qualys appliances instead.
There are trade-offs to be made between pressing the orange until the last drop, and then some, and quality engineering and behaving humanely, e.g. with love.
At times when big airliners drop from the Sky and stay grounded indefinitely (no defined date yet …), maybe people understand the limitations of the first choice and be open due to the clubs they swung hitting themselves over, having gained some time recovering to understand the virtues of the second.
As I find it important to understand this world of bigger and bigger looting hordes, and what to do about it, I highly appreciate the insights you give us from the trenches you see.
Thus Open Source is not just about flexibility, it’s about freedom, another fundamental necessity of any human being. I’m happy to see people understand these kind of things
Well you should know big companies are allergic to risk, and thus to innovation. They don’t invest in innovation, they buy it once the market is ready for it. That’s a big difference.
It’s a logic of capitalistic companies owned by shareholders who see rapid return over investment. Nothing I can do about this at my level, but to try again and again to bring the values of open source in this world and have them create some space for it…
Having said that, greenbone doesn’t really help in this situation either. Your reluctance to document master / slave architecture and the support model you provide makes my life harder in the end. You certainly have your reasons, so I’m not questioning this policy. That’s just how it is
Regarding the virutal machines setup, we looked into that as well but given the scope of the perimeter we’re talking about, it just won’t work.
And i guess Qualys as US Vendor is on your List ??? Does not make any sense to me. Even Cisco and Intel are co-branding OEM products so this whole argument seems to me broken. It´s more a procurement excuse. (No one has been fired for buying IBM).
The “big company” argument does not count either you can say you can find big companies like NASA or the German Government is using our appliances ,-)
We can´t profession support any self build solutions. We have processes to be able to support a installation. One is the we only support our Greenbone OS and not any other 3rd Party OS due to the complexity of a big software solution and requirement for performance and security to the kernel and OS.
We are starting soon our GSMP Services, this might help you as well. So please contact firstname.lastname@example.org and we are happy to help you out.
Qualys is on the list, so is IBM. But not greenbone… And again that doesn’t have to make sense for you. It’s just how it is. Procurement is part of the reason but not only. My company simply refuse to take the risks to invest in hardwares from a company which could go bankrupt in 6 months. That’s the logic. Cisco, IBM & Microsoft are considered less risky, and thus reliable partners for the long term.
Also NASA and the German government are not shareholding companies… Again I’m not advocating this situation; I’m only explaining it to you. Perhaps understanding how it works can help you grow.
Can you elaborate a little about the GSMP services you’ll provide sson ? That could interest me indeed.
Is this supposed to mean:
“not … any … at all”, or rather
“not … any … at all for free”, or more like
“not … any … at all, unless we’ll work out a special arrangement on a case by case base”, or
“not … any … at all, unless you pay for developer hours / consulting” ?
That’d be quite a difference, and if you don’t mean the first option, you’ll probably want to clarify the scope of your cited phrase, so it’ll not drive away potential customers unnecessarily.
Everything that it outside our mainline is a nightmare to support, so we need a solutions that can easy be part of our mainline, like the GMSP Services … perfect for small (1-10 IP) customer with a pay as you go billing, as well for very big solution provider operating their own GMSP instance.
More information on GMSP will follow this month on our main website.
This makes sense because going away from streamlining makes everybody lose the benefits of automation.
Also, you actually do somewhat support GSE, e.g. via this forum, which helps to make appear – in due time – people who can build kind of “half- or jointly-coordinated integrations”, e.g. with competent people on both sides, which might be much more fun and economical to work with / support.