Porting openvas to the Mac (OS X)
jsimmons at goblin.punk.net
Thu Jun 4 11:21:04 PDT 2009
There's an interesting problem in getting openvas (specifically
openvas-server) to run on the Mac.
Background: bpf (Berkeley Packet Filter) is a pseudo-device (it's pretending
to be a hardware device) residing in /dev. It's basically a way to access the
datastream flowing through the ethernet card without actually accessing the
ethernet card (usually at /dev/eth0 or similar) itself. Having multiple bpf's
makes programs that are doing multiple things with the ethernet data stream,
such as packet filters and network scanners, simpler to write and more
efficient to run.
A message when compiling openvas says that the program would like 100 bpf's.
The Mac has 4. The message threatens dire consequences, such as missed scans,
for limited bpf's.
The assigned weapon in *nix systems for creating bpf's (or any other device
node) is the program mknod. Running this program 96 times with the proper
options (preferably via shell script ;-) successfully gives my MacBook 100
bpf's. But they don't persist - unlike other *nix systems I've used, they're
gone after a reboot. So I either have to run that script on boot, or before
launching openvas-server (it shouldn't affect the client).
There are obvious implications for a mac port of openvas-server.
Jeff Simmons jsimmons at goblin.punk.net
Simmons Consulting - Network Engineering, Administration, Security
"You guys, I don't hear any noise. Are you sure you're doing it right?"
-- My Life With The Thrill Kill Kult
More information about the macports-users