Hello, If it didn't set SMB/WindowsVersion KB, it means it is not able to read the following registry key, SOFTWARE\Microsoft\Windows NT\CurrentVersion It should have been straight forward, not sure if this is related to registry permissions. But, if you are using admin credentials, it should have for sure worked. Have you enabled "Reuse knowledge base..." in the KB section? If so, please disable and try again. Thanks, Chandra.
_____ From: Dan OConnor [mailto:[email protected]] Sent: Sunday, March 07, 2010 2:22 AM To: Chandrashekhar B Cc: [email protected] Subject: Re: [Openvas-discuss] OpenVAS does not appear to be running pluginscorrectly Dependencies is enabled at runtime. >From what I can tell the SMB registry is set, SMB/registry_access=1 I dont see the other items exactly listed. I do see the credentials I provided and a note saying it was able to login. On Sat, Mar 6, 2010 at 1:14 AM, Chandrashekhar B <[email protected]> wrote: Hello Dan, Have you enabled "Dependencies: Enable at runtime" option in the Plugins section of OpenVAS-Client. "SMB/WindowsVersion" KB item is set by smb_reg_service_pack.nasl, ensure that this is running as well. For debugging further, you can enable "KB Saving" feature in Client and check the KB's that are being set in, /usr/local/var/lib/openvas/users/USER_NAME/kbs/HOST_IP These KB items must be set, SMB/login SMB/registry_access SMB/WindowsVersion Thanks, Chandra. _____ From: Dan OConnor [mailto:[email protected]] Sent: Saturday, March 06, 2010 12:23 PM To: Chandrashekhar B Cc: [email protected] Subject: Re: [Openvas-discuss] OpenVAS does not appear to be running pluginscorrectly Thanks Chandra, The SMB login is successful and I also tested it with smbclient just to make sure. There is not a whole lot of settings to change on the target machine, it's a standalone XP that is part of a workgroup. I can see the ms08-067 nasl running against the host, which should trigger an alert but I never get any thing in the report. It really looks like the only thing that is working is the port scans. On Sat, Mar 6, 2010 at 12:29 AM, Chandrashekhar B <[email protected]> wrote: Hello Dan, There were others who had faced similar issue, am going to describe little in detail. It seems that the login hasn't been successful, the KB item SMB/WindowsVersion is set only if the login is successful. To verify if the login is successful, look for this security_note in the report, "It was possible to log into the remote host using user defined login/password combinations" If you see, "It was not...", login isn't successful. You can verify your credentials once again and also check if access to port 139,445 is there. The login can also be cross-verified through "smbclient" tool. If all this is fine, 1. In "Local Security Settings -> Security Options -> Network access: Sharing and security model for local accounts" should be "Classic - local users authenticate themselves" 2. Make sure that you aren't enforcing NTLM, Signing or Encryption, OpenVAS doesn't support these. In openvas-libraries 3.0.3, we introduced NTLM based auth, that can be used for NTLM based authentication but not for signing and encryption. Hope this helps. Thanks, Chandra. _____ From: [email protected] [mailto:[email protected]] On Behalf Of Dan OConnor Sent: Saturday, March 06, 2010 11:15 AM To: [email protected] Subject: [Openvas-discuss] OpenVAS does not appear to be running pluginscorrectly Hi All, I have been trying for the last couple of days to get openvas to spit out some alerts from plugins. My first attempt was a Ubuntu desktop machine (9.04) I installed openvas from apt-get, I also added my own openvas-nvt-sync since it's missing from the packages. It loads up ok, says that all of the plugins are enabled. Then I point it at a Windows XP SP2 machine, really it's patched up to SP2 so there should be more then a few things triggered on it. The firewall is off on the machine, and I have the Admin login provided for openvas. The scan does return results, a few open ports, that it was able to get netbios information and it reports that ssh is open,(but it's not). There is errors in the openvasd.messages file that say that the key SMB/WindowsVersion is missing, I am assuming my problems might have something to do with that, but I have no idea how to resolve that or really my larger issue. Any help is appreciated.
_______________________________________________ Openvas-discuss mailing list [email protected] http://lists.wald.intevation.org/mailman/listinfo/openvas-discuss
