I´ve found something weird: ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ oink:~# openvas-adduser Using /var/tmp as a temporary file holder.
Add a new openvasd user --------------------------------- Login : teste8 Authentication (pass/cert) [pass] : Login password : Login password (again) : User rules --------------- openvasd has a rules system which allows you to restrict the hosts that teste8 has the right to test. For instance, you may want him to be able to scan his own host only. Please see the openvas-adduser(8) man page for the rules syntax. Enter the rules for this user, and hit ctrl-D once you are done: (the user can have an empty rules set) Login : teste8 Password : *********** Rules : Is that ok? (y/n) [y] y *user added.* ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ oink:~# openvas-rmuser Login to remove : teste8 *user does not exist* oink:~# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ oink:~# openvas-adduser Using /var/tmp as a temporary file holder. Add a new openvasd user --------------------------------- Login : teste8 *This login already exists. Choose another one.* Login : oink:~# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Whats wrong??? On Tue, Aug 19, 2008 at 11:15 AM, Patrick Hornung <[EMAIL PROTECTED]>wrote: > Another thing I'd try is selecting the first option below the password > section, which I believe is using a certificate to connect even though you > chose password-based authentication. (I don't have a client available to > see right now, sorry). I found using a certificate allowed me to connect > with the GUI. Besides that, I've always been able to connect with the > command-line OpenVAS-Client command without using a certificate. The work I > do with openvas is usually from the command line, so I have slightly > different experience with the GUI, but that's what worked for me. > > > On Tue, Aug 19, 2008 at 10:09 AM, Saulo Medeiros de Araújo < > [EMAIL PROTECTED]> wrote: > >> I got the same error message with a blank ruleset. >> >> I agree with you. I think this issue is not a rules problem. >> >> Anyway, im still looking for a solution. >> >> >> On Tue, Aug 19, 2008 at 11:05 AM, Patrick Hornung <[EMAIL PROTECTED]>wrote: >> >>> Can't speak for anyone else, but I've had success by not specifying any >>> rules. Based on the error, my suspicion is more likely a login problem than >>> a rules-based problem. Does it work if you try it with a blank ruleset? >>> >>> >>> On Tue, Aug 19, 2008 at 9:58 AM, Saulo Medeiros de Araújo < >>> [EMAIL PROTECTED]> wrote: >>> >>>> I've set those rules: >>>> >>>> Enter the rules for this user, and hit ctrl-D once you are done: >>>> (the user can have an empty rules set) >>>> accept client_ip >>>> accept 10.0.0.0/16 >>>> default deny >>>> >>>> But im still getting the error message... >>>> >>>> >>>> >>>> On Tue, Aug 19, 2008 at 10:52 AM, Augusto Ferronato < >>>> [EMAIL PROTECTED]> wrote: >>>> >>>>> you need set the rules >>>>> >>>>> #man openvas-adduser >>>>> >>>>> RULES >>>>> Each user has his own set of rules. Rules are here to >>>>> restrict the rights of the users. For instance, you can add user âjoeâ >>>>> that he can only test the host â192.168.1.1âbobâ >>>>> >>>>> Each rule fits on one line. A user can have an unlimited amount >>>>> of rules (and can even have no rule at all). >>>>> >>>>> The syntax is: >>>>> accept|deny ip/mask >>>>> and >>>>> default accept|deny >>>>> >>>>> Where mask is the CIDR netmask of the rule. >>>>> >>>>> The default statement must be the last rule and defines the >>>>> policy of the user. >>>>> >>>>> The following rule set will allow the user to test >>>>> 192.168.1.0/24, 192.168.3.0/24 and 172.22.0.0/16, but nothing else: >>>>> accept 192.168.1.0/24 >>>>> accept 192.168.3.0/24 >>>>> accept 172.22.0.0/16 >>>>> default deny >>>>> >>>>> The following rule set will allow the user to test whatever he >>>>> wants, except the network 192.168.1.0/24: >>>>> deny 192.168.1.0/24 >>>>> default accept >>>>> >>>>> The keyword client_ip has been defined, and is replaced at run >>>>> time by the IP address of the openvasd user. For instance, if you >>>>> want your users to be able to only be able to scan the system >>>>> they come from, then you want them to have the following ruleset: >>>>> accept client_ip >>>>> default deny >>>>> >>>>> Best Regards, >>>>> >>>>> On Tue, Aug 19, 2008 at 10:44 AM, Saulo Medeiros de Araújo < >>>>> [EMAIL PROTECTED]> wrote: >>>>> >>>>>> Im having a problem to access the openvas-client with the users >>>>>> created with openvas-adduser. >>>>>> * >>>>>> oink:~# openvas-adduser >>>>>> Using /var/tmp as a temporary file holder. >>>>>> >>>>>> Add a new openvasd user >>>>>> --------------------------------- >>>>>> >>>>>> >>>>>> Login : teste3 >>>>>> Authentication (pass/cert) [pass] : >>>>>> Login password : >>>>>> Login password (again) : >>>>>> >>>>>> User rules >>>>>> --------------- >>>>>> openvasd has a rules system which allows you to restrict the hosts >>>>>> that teste3 has the right to test. >>>>>> For instance, you may want him to be able to scan his own host only. >>>>>> >>>>>> Please see the openvas-adduser(8) man page for the rules syntax. >>>>>> >>>>>> Enter the rules for this user, and hit ctrl-D once you are done: >>>>>> (the user can have an empty rules set) >>>>>> default accept >>>>>> >>>>>> >>>>>> Login : teste3 >>>>>> Password : *********** >>>>>> >>>>>> Rules : >>>>>> default accept >>>>>> >>>>>> >>>>>> Is that ok? (y/n) [y] y >>>>>> user added.* >>>>>> >>>>>> In the openvas-client i got this error message when i use the user >>>>>> teste3: >>>>>> >>>>>> *Error: Login failed* >>>>>> >>>>>> Any help?? >>>>>> >>>>>> _______________________________________________ >>>>>> Openvas-discuss mailing list >>>>>> [email protected] >>>>>> http://lists.wald.intevation.org/mailman/listinfo/openvas-discuss >>>>>> >>>>>> >>>>> >>>>> >>>>> -- >>>>> ------------------------------ >>>>> "Segurança da Informação se faz com tecnologia, processos e pessoas, e >>>>> a formação destas exige mais que uma seqüência de treinamentos. Porque >>>>> você >>>>> treina macacos. Pessoas,você educa." >>>>> >>>>> FreeBSD: The Freedom to Perform! >>>>> http://www.spreadbsd.org/aff/40/1 >>>>> >>>> >>>> >>>> >>>> _______________________________________________ >>>> Openvas-discuss mailing list >>>> [email protected] >>>> http://lists.wald.intevation.org/mailman/listinfo/openvas-discuss >>>> >>>> >>> >>> _______________________________________________ >>> Openvas-discuss mailing list >>> [email protected] >>> http://lists.wald.intevation.org/mailman/listinfo/openvas-discuss >>> >>> >> >> >> >> _______________________________________________ >> Openvas-discuss mailing list >> [email protected] >> http://lists.wald.intevation.org/mailman/listinfo/openvas-discuss >> >> > > _______________________________________________ > Openvas-discuss mailing list > [email protected] > http://lists.wald.intevation.org/mailman/listinfo/openvas-discuss > >
_______________________________________________ Openvas-discuss mailing list [email protected] http://lists.wald.intevation.org/mailman/listinfo/openvas-discuss
