Loren Bandiera’s weblog

I tagged Sussen v0.11 in the code repository today. We are looking to do a release on Tuesday, May 24, 2005. This is the first release is almost 6 months and we want people to know the project is still going. Having said that it is still in an early stage of development and should be considered experimental.

Since the last release we have stopped trying to re-write a bunch of our own security tests. Instead we are going to focus on running existing tests (NASLs/OVAL). Sussen can currently run OVAL some tests on Windows and RedHat based systems.

The NASL interpreter can parse/lex all the current NASLs. What’s needed is code to be written to execute actions, such as opening a TCP socket or making an HTTP request.

The previous release only ran on Linux/Mono but now we have support for Windows/.NET. Our release on Tuesday will have a Windows installer, the server and agent run as services, and we log to the event viewer. Just the kind of things you’d expect any normal Windows program to do.

The road to 1.0 continues. If you want to help out, come join us.

Oh yeah and here is a screenshot of the current sussen-client. The interface right now is pretty basic and it will be changing in the future. If you’ve seen LAT you’ll see some resemblances

Wrote the start of the sussen-client using Windows.Forms. The interfaces between Windows.Forms and Gtk# are pretty similar so it wasn’t very difficult. I’ll post some screenshots later on. Right now I’m just doing some more debugging.

I’m having some issues with the basic port scanner I wrote. It executes pretty slow under Windows and I’m having issues passing objects between threads. Under Linux/Mono there are no issues, it just works. Very strange.

Spent a lot of time today debugging under Windows trying to track down some bugs in my OVAL parsing code. It wasn’t for nothing and I’m pleased to say I’ve got the agent and server mostly working. I was able to run a Linux/Mono client and do an assessment on Windows box using OVAL definitions. I just need to do some more code cleanup.

Picked up a copy of Team America - World Police on DVD today. Probably won’t get a chance to watch it until the weekend though.

Noticed details and pictures of the Sony PlayStation 3 are starting to appear. I wonder what the price of this and the XBox 360 are going to be? Reading the specs of both systems tells me it likely won’t be cheap.

Working on the OVAL tests for Windows again today. I’ve written code for the file and registry tests.

I have a problem with the file test at the moment. In the OVAL definitions each file_test has two components for the file path. The first one is reference to a registry key and the second is a relative path.

The data looks something like this:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot
\system32\msjet40.dll

The problem I have is that there doesn’t seem to be a way in C# to query the registry with that whole string. Instead you have to do something like this:

using Microsoft.Win32;

RegistryKey hiveKey = Registry.LocalMachine;
RegistryKey rk = hiveKey.OpenSubKey
   (@"SOFTWARE\Microsoft\Windows NT\CurrentVersion");

if (rk == null)
{
   // key doesn't exist
}
else
{
   try
   {
      Console.WriteLine ("VALUE: {0}",
         (string)rk.GetValue("SystemRoot"));
   }
   catch (Exception e)
   {
      Console.WriteLine ("ERROR: {0}", e.Message);
   }
}

Looks like I’ll be having more fun with string parsing trying to break the OVAL registry string into something I can work with

Oddly enough, in OVAL registry_tests they break out data in separate fields (hive, key, name) which leads itself to the .NET API.

The other tests I need to write are for ActiveDirectory and the IIS Metabase. That means I need to start learning more about System.DirectoryServices.

I did manage to merge a lot of code from the trunk into the sussen-win branch yesterday. I also created the necessary Visual Studio project/solution files to build the solution. The code all builds without issue.

I had to spend some time this morning working on the installer. I was having a bug where the services wouldn’t get registered. Turns out I was just missing a couple of custom actions. Once I added those, the installer worked as you’d expect.

The next step is to start writing the Sussen.Oval.Windows assembly so that the sussen-agent can run OVAL tests. I’m working on that right now.

I’ve been waiting a long time for this, Thundercats:Season 1 Vol 1 . I’m so getting that. Would be nicer if it was coming sooner than August but what can you do.