Sussen is a tool that checks for vulnerabilities and configuration issues on computer systems. It is based on the Open Vulnerability and Assessment Language.
The Sussen project is comprised of three main components:
The interpreter takes a set of OVAL definitions and starts to collect characteristics and configuration information about the target system. These are non-destructive probes and are not running any exploit code. After the data collection is complete it analyzes each OVAL definition and sees if the conditions were met on the target system. When the analysis is complete the results are presented to the user.
You can use the definitions included with Sussen, download some from the OVAL repository, obtain them from a vendor, create your own. It could be any or all of the above.
The latest release of Sussen is 0.90 which was released on July 16, 2007. Sussen is licensed under the terms of the GNU General Public License (GPL).
| Name | Description | MD5 |
|---|---|---|
| sussen-0.90.tar.gz | Source Code | 5df7c3720a486678a763c8f67d6074a1 |
| sussen_0.90-1_i386.deb | Ubuntu 6.06 Package | c38c49996924b02697120dbd12a2ba6b |
| sussen_0.90-feisty-1_i386.deb | Ubuntu 7.04 Package | a9f70f3bd18e26a9e4a1c5f965b5067e |
| sussen-0.90-1.i386.rpm | Fedora 7 Package | fc8255f19bae730cd8ba4da7e92a466b |
| sussen-0.90.msi | Windows Installer Package | 79c38863bf3151e03f66a597f0dc7d32 |
| Gentoo Ebuild | n/a | n/a |
$ tar zxvf sussen-x.y.z.tar.gz
$ cd sussen-x.y.z
$ ./configure
$ make
$ make install
Sussen is written in C# using Mono and Gtk#. The source code is available from the Git repository in the module sussen.
$ mkdir sussen
$ cd sussen
$ git clone git://www.lbtechservices.com/sussen
$ cd trunk
$ ./autogen.sh
$ ./configure
$ make
For the windows branch:
c:\> svn co http://dev.mmgsecurity.com/src/sussen/branches/sussen-win
From Visual Studio, File->Open->Project/solution and select the file sussen.sln
If you find a bug in Sussen, please submit a bug report.
0.90
* editor: Disabled editor; will continue development in 1.1/1.2 branch
* oval: Added initial support for OVAL 5.3
* oval: API documentation updated
* misc: Change license to GPL v3
* www: Various improvements to web console
* xml: Updated Ubuntu definitions for USNs 425-1 to 483-1
* xml: Updated Windows definitions from oval.mitre.org
0.35
* editor: Fixed crash if definitions were selected and list was empty
* misc: Improved i18n support in agent,applet and editor
* misc: Updated build to use po/LINGUAS
* oval: Added support for OVAL 5.1 and 5.2
* oval: Fixed error in handling of check attribute on tests
* oval: Fixed regression in handling of definitions on wrong platform
* xml: Updated Ubuntu definitions for USNs 413-1 to 424-1
* xml: Updated Windows definitions from oval.mitre.org
0.34
* agent: Fixed crash when loading app.config in Mono 1.1.13.x
* applet: Save results to desktop if explict path not specified
* applet: Run as tray icon by default
* oval: Fixed incorrect behavior in variable handling
* oval: Increased debug information available
* oval: Make sure all tested objects are recorded in system characteristics
* oval: Record variable values in system characteristics
* oval: Fixed error in behaviors handling for FileEffectiveRightsTest (Windows)
* xml: Updated Ubuntu definitions for USNs 390-1 to 412-1
* xml: Updated Windows definitions from oval.mitre.org
0.33
* oval: Improved DataCollector handling of collected objects
* oval: Include variable values in system characteristics
* oval: Fixed logic error in FileEffectiveRightsTest (Windows)
* oval: Rewrote SidTest (Windows)
* oval: XML comments in the definition file caused an error
* oval: Fixed incorrect test names in LocalVariable.GetObjectValue() method
* oval: Return 'not applicable' if definition family doesn't match platform
* www: Updated webservice API arguments to be consistent across methods
* www: Interoperability fixes for web service
* xml: Updated Ubuntu definitions for USNs 364-1 to 390-1
* xml: Added definition test suite
0.32
* agent: Updated agent to work with new web service interface
* oval: Make sure to get full file version in File test (Windows)
* oval: Merged missing extend_definition patch from trunk (Windows)
* oval: Fixed logic error in VersionType comparison operators
* oval: results_to_html.xsl uses color coded rows again
* oval: Updated monodoc documentation for oval libraries
* www: Implemented start of proposed OVAL:SOA interface
* www: Web service works under Linux / mod_mono / MySQL
* www: Database schema updated
0.31
* applet: Fixed uneven widget layout
* applet: Removed D-Bus remote control from applet until mono binding issue resolved
* editor: Implemented 'new', 'save' and 'save as' operations
* editor: Definitions can be executed
* editor: Remember window positions
* editor: Started port to Windows.Forms
* misc: Build applet/editor interfaces using Stetic instead of Glade
* oval: Make object and state information in tests queryable
* oval: Fixed handling of extend_definitions in criteria
* oval: Updated results_to_html.xsl
0.30
* editor: Start of editor rewrite
* oval: Minor API modifications to support editor rewrite
* oval: Make sure xsl stylesheet exists before transforming results
* misc: Fixed 'make distcheck' related errors
* misc: Build with/without web console (--enable-web[=yes/no])
* www: Start porting ASP.NET code to run under Linux/mod_mono
* www: Updated database schema
0.29
* agent: Set default filename when specifying --output-type; Don't force user to also specify --output
* applet: Use thread instead of background worker; improves performance (windows)
* applet: Add ".html" to temp results file so shell knows how to open it (windows)
* oval: Improved test accuracy
* oval: Don't ignore criteria negate operation
* oval: Verify that file exists in Unix file test
* oval: Make sure interface support code fails gracefully; fixes segfaults
* oval: File crawlers will generate not found item if search fails
* oval: Fixed logging output
0.28
* agent: Updated webservices code to match minor API changes
* agent: Removed --family and --log command line options
* applet: Ported to Windows.Forms
* oval: Query rpm signature keyid in RpmInfo test
* oval: Don't record duplicate items in InetListeningServers and Inetd tests
* oval: Make sure to xml files get saved to correct location after download
* oval: Updated Ubuntu definitions
* oval: Added 83 units tests (mostly torture/validation)
* www: Added start of ASP.NET web console
0.27
* agent: Don't crash if no definitions are specified
* oval: Added definitions for Ubuntu 6.06 LTS and Fedora Core 5
* oval: Check datatypes for all test entity objects
* oval: Improved accuracy when checking versions and evr_strings
* oval: Added 12 units tests
* oval: Collect network interface information (windows)
* oval: Create Native class for P/Invoke methods (windows)
* oval: Implemented access token, audit event policy, interface,
group, port, process and volume tests (windows)
0.26
* agent: Added support for remote repositories
* applet: Use same remote repository code as agent
* misc: Build with/without GNOME components (--enable-gnome[=yes/no])
* misc: Code cleanup
* oval: Don't record items that where not found in system characteristics
* oval: Write messages as oval-sc:message in system characteristics
* oval: Include directives in results document
* oval: Fixed formatting errors in results_to_html.xsl
* oval: Implemented lockout policy, password policy and user tests (windows)
* oval: Minor documentation updates
0.25
* applet: Show entry to get filename if no definitions can be found
* misc: Switch to gmcs compiler (C# 2.0)
* misc: Install XML files into pkgdatadir (eg. /usr/share/sussen)
* misc: Code cleanup
* oval: Added support for object sets
* oval: Record all collected items from DataCollector
* oval: Added better error descriptions to test suite
* oval: Compare full file path in FileCrawler
* oval: Fixed logic error in TestAnalyzer.CompareData ()
* oval: Fixed bug in support code that missed last byte of MAC address
0.24
* agent: Minor changes to command line syntax
* misc: Added OVAL definitions for RHEL v3 and v4
* misc: Install xml files into sysconfdir (e.g /etc/sussen)
* oval: Added variable support to tests
* oval: Verify IDs for tests, objects, states, definitions and variables
* oval: Implemented DpkgInfo and Inetd tests
* oval: Updated tests to support all options defined in schema(s)
* oval: Added support for LocalVariables
* oval: Added man page for library with information on OVAL
0.23
* agent: Show --debug messages on console
* applet: Added support for DBus activation
* applet: Fix crash after canceling of a scan [#56]
* applet: Save system characteristics to temporary file
* oval: Increased performance in data collection and analysis
* oval: Added support for behaviors in File, FileMD5, TextFileContent, and XmlFileContent tests
* oval: Implemented variable test
* oval: Added start of support for variables
* oval: Make sure resources get released in Uname, InetListeningServers, and Process tests
* oval: Documentation updated
0.22
* agent: Added option to collect data only (--collect)
* agent/editor: Added debug mode (--debug)
* editor: Basic functionality working (New, Save, Execute)
* editor: Added .desktop file
* oval: Added new methods to Interpreter class (CreateTest, RunTest, AnalyzeDefinition)
* oval: Implemented RunLevelTest functionality
* oval: Query hosts' network interfaces in SystemInfoTest
* oval: Add more logging points in code
* oval: Fixed logging code
* oval: Enable code for validating OVAL XML files
0.21
* agent/applet: Default to HTML output
* applet: Simplified applet UI [#53]
* applet: Show results using browser after scan
* oval: Update results_to_html.xsl to support OVAL v5 results
* oval: Close stderr in get_rpm_info to ignore Debian warnings [#52]
* oval: Don't pass back null pointers in get_rpm_info; fail gracefully
* oval: Handle multiple criteria elements in a definition
* oval: Fixed logic error in UnameTest.Write ()
* oval: Added some converted OVAL v5 linux definitions from oval.mitre.org
0.20
* agent: Added --family option to configure agent for specified OS family
* editor: Minor improvments; build by default
* oval: Added support for running tests from multiple families in DataCollector
* oval: InterfaceTest can now query network interfaces
* oval: Mark all TestData as serializable for TestData.Clone()
* oval: Implemented CompareVersionItems in TestAnalyzer
* oval: Improved error handling
* oval: Added 15 new unit tests
* oval: Minor documentation updates
0.19
* editor: Updated user interface
* oval: Added start of Sussen.Oval.Independent tests
* oval: Insert message in object when error detected
* oval: Implemented Apache version test
* oval: Fixed incorrect results when there is no state in a test
* oval: Set test flags properly
* oval: Removed duplicate objects from test data
* oval: Added new unit tests
0.18
* agent/applet: Use new interpreter API
* agent/applet: Updated man pages to reflect configuration changes
* oval: Added start of support OVAL v5 schemas
* oval: Test suite updated (enable with --enable-unit-tests)
* oval: Documentation updates
* oval: Code cleanups
0.17
* agent: Store agent id in 'sussen-agent.id' instead of app.config
* applet: Use GConf for configuration data
* oval: Minor API changes; documentation updated
* www: Verify agent ID before inserting scan results into database
* www: Can now search by OVAL ID
* www: Vulnerabilties viewable by host, platform, or product
* www: DB schema changed
0.16
* Web interface can search results by specific issue (i.e. CVE-200X-YYYY)
* Use PEAR DB packages for web interface
* Minor build system fixes
0.15
* Simplified applet interface
* Improved error handling in agent and applet
* Interpreter log file is now optional
* DataAnalyzer.Save() can save to HTML or XML; Updated applet/agent
* Changed agent command line options to improve usability
0.14
* Improved OVAL interpreter
* Various bugfixes
* Code cleanup
0.1 - 0.13
* Experimental releases; now deprecated