|From:||Javier Fernández-Sanguino Peña <jfs-AT-computer.org>|
|To:||Debian Security <debian-security-AT-lists.debian.org>|
|Subject:||Nessus to be removed from Debian, please switch to OpenVAS|
|Date:||Sun, 2 Aug 2009 20:03:06 +0200|
Dear All, I've recently requested Debian Ftp maintainers  to remove from the archive Nessus and all its related packages (nessus-core, nessus-libraries, libnasl and nessus-plugins). The main reason for this is that upstream is more focused in maintaining it's non-free version of Nessus (labeled version '3') than the free version (the 2.2.x branch). Additionally, most of the plugins (i.e. security tests) are now non-free. I encourage people that are looking for an alternative to Nessus to switch to OpenVAS (Open Vulnerability Assessment Scanner) which is a Nessus fork (based on the 2.2.x branch) that is actively being maintained and is now available in Debian. No "smooth" transition will be provided from Nessus to OpenVAS, those that need to switch can, however, possibly reuse the certificates, scanner knowledgebase and custom NASL scripts used with Nessus with OpenVAS too. Both tools can even be installed side-by-side since the OpenVAS server uses a different port than the Nessus one. Installing OpenVAS is Debian easy. To get both the server and the client just run: aptitude install openvas-server openvas-client Currently the OpenvAS release in Debian's unstable  distribution (2.0.1) does not provide a way to easily download the plugins from the Internet. Packages for the next release (2.0.3) have been worked on at the Debconf and will be available really soon. With this release you can download the plugins running (as root) 'openvas-nvt-sync' as described in http://www.openvas.org/nvt-feeds.html If you need help on the migration from Nessus or what more information on the Debian OpenVAS packages please use OpenVAS' mailing list (in CC:) or the general user-oriented mailing lists (see http://www.openvas.org) Regards Javier  See the BTS: #534501, #534502, #534505, #534506  OpenVAS in the stable (lenny) release is somewhat dated (1.0.2 version) but backports are being made available too.
Copyright © 2009, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds