List of vulnerability tests

Dear all,

I have a list of security policies that need to be implemented. These are for example:

• standard passwords shall not be used and must be replaced.
• standard admin accounts like root and admin shall be deactivated
• authentication credentials shall be protected against replay-attacks
• etc.

I would like to check, whether these individual policies are covered (i.e. can be checked) using OpenVAS.

What would be a good way to do this? Is there a list (excel, html, CVS) of VTs that are currently part of OpenVAS, which I can use.

Do you know of a more efficient way to get this done?

Thanks!

Hi an.schall.
The GSM can indeed be used for compliance scans as well. You should find all VTs you’ll need for this in the eponymous VT family “Compliance”.

If you prefer a preconfigured scan config, I suggest the “IT-Grundschutz” scan config. It’s usage and source is described in the manual at
https://docs.greenbone.net/GSM-Manual/gos-4/en/compliance.html#it-grundschutz

It’s an official compliance standard of the German Federal Office for IT Security, BSI. It should cover all security policy tests you probably want to implement.