Greenbone uses, extends and improves the Open Vulnerability Assessment System (OpenVAS) as a base technology of the Greenbone Security Solutions.
Interfaces to Greenbone Security Solutions
Three interfaces to the Greenbone Security Solutions are available.
- Web interface (Vulnerability Management Made Easy):
The Greenbone Security Assistant is
a web client. It works without any active content and
therefore works flawless even in environments with
restrictive web content filters. It impressively
demonstrates how to offer a comfortable user interface
and full feature set even without active content.
- Desktop Interface (Vulnerability Management Control Center):
The Greenbone Security Desktop
offers the full integration of an application running
on your PC. It is available for Windows, Mac OS X and
Linux operating systems.
Apart from a fast user interface it offers to
organize your threat management control center.
- CLI interface (Vulnerability Management Batch Process Integration): For automating batch processes a command line tool is available for Windows, Mac OS X and various Linux/Unix versions. It is possible to build your own complete remote control system with the CLI tool.
The internal architecture follows the approach of task-oriented components. In other words, instead of an all-in-one-tool, each task is designed as a service. For example, the OpenVAS Manager is a client of the OpenVAS Scanner service. At the same time the OpenVAS Manager is a service for the Greenbone Security Desktop or the Greenbone Security Assistant.
- Small, focussed components can be implemented and operated transparently and securely. Each components uses only the system privileges that it needs to operate properly.
- Each of the service components offers a well-defined communication protocol.
The Scanner very efficiently executes the actual Network Vulnerability Tests (NVTs) which are updated daily via the Feed. This core of the scan engine is controlled by the OpenVAS Manager.
The Manager is the central service that consolidates plain vulnerability scanning into a full vulnerability management system. It controls one or more Scanners as well as other Managers when in master-slave mode. Furthermore, the Manager controls the internal central SQL database where all scan results and configurations are stored.
Various client tools can use the Manager via the XML based stateless OpenVAS Management Protocol (OMP). All intelligence such as sorting or filtering is done by the Manager. This way it is ensured that the user gets a consistent view of the results, no matter which client tool is used.
The OpenVAS Manager was designed and implemented by the Greenbone development team, who continue to improve it.
Greenbone Security Assistant (GSA)
The Greenbone Security Assistant is a lean web service designed with security in mind. It implements the full functionality offered by OpenVAS Manager.
Design and implementation of Greenbone Security Assistant comes from the Greenbone development team.
Greenbone Security Desktop (GSD)
The Greenbone Security Desktop (GSD) is standard application running on Windows, Mac OS X and Linux systems. It uses the Nokia Qt framework to integrate into the desktop environment.
The Greenbone Security Desktop was designed and implemented by the Greenbone development team, who continue to improve it.
This module primarily contains the command line tool "omp". It allows a user to build batch processes to control the OpenVAS Manger. See also OMP remote controlled.
The "omp" command line tool was designed and implemented by the Greenbone development team, who continue to improve it.
The most important task of the OpenVAS Administrator is the management of users and the Feed. This service uses a communication protocol that is similar to OMP, called OpenVAS Administration Protocol (OAP). The functionality of OAP is only accessible to users that have the role "Admin".
The OpenVAS Administrator was designed and implemented by the Greenbone development team, who continue to improve it.
The modules described above share a common basis that is aggregated in the OpenVAS Libraries.
Source Code Architecture
The structure of the source code supports the component-oriented and security-aware tool architecture:
- avoid redundant source code: any code used by more than one component is part of one of the five libraries.
- avoid dependencies on non-common third-party code: rely only on widely used and proven core libraries.