Hello everybody
I started to test my OpenVAS tool (2.x.x), installed on a Fedora C7 OS, and I tried to activate the Local Security Checks to analyze the features it offers. To do this I activated a public/private key connection, according the suggestions of the documentation. I followed all the steps in the same way. I built a scope with Fedora Local Security Checks plugins and others activated, to analyze localhost (the host where server and client are installed). I put the data suggested by documentation under "Credentials" section and I started the scope not as root but as a normal user. The output was a report which contains the following information: Security Issue and Fixes - Host localhost Localhost - ssh (22/tcp) Informational An ssh server is running on this port OID: something Informational It was possible to login using the SSH credentials supplied. Hence local security checks are enabled OID: something Informational Remote SSH version: version Remote SSH supported authentication: publickey, gssapi-with-mic, password After these, few information about the Operating system OpenVAS found. So, I thought the SSH publickey connection worked well! But, when I analyzed /var/log/secure, I found the following message: Apr 9 11:00:06 hostname sshd[8518]: Did not receive identification string from 127.0.0.1 Apr 9 11:00:09 hostname sshd[8529]: Accepted publickey for sshovas from 127.0.0.1 port 11262 ssh2 Apr 9 11:00:09 hostname sshd[8529]: pam_unix(sshd:session): session opened for user sshovas by (uid=0) Apr 9 11:00:12 hostname sshd[8570]: Invalid user openvas from 127.0.0.1 Apr 9 11:00:12 hostname sshd[8573]: input_userauth_request: invalid user openvas Apr 9 11:00:12 hostname sshd[8570]: pam_unix(sshd:auth): check pass; user unknown Apr 9 11:00:13 hostname sshd[8570]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh rus er= rhost=localhost.localdomain Apr 9 11:00:13 hostname sshd[8570]: pam_succeed_if(sshd:auth): error retrieving information about user openvas Apr 9 11:00:15 hostname sshd[8570]: Failed password for invalid user openvas from 127.0.0.1 port 11264 ssh2 Apr 9 11:00:15 hostname sshd[8573]: Connection closed by 127.0.0.1 Apr 9 11:13:51 hostname sshd[8529]: pam_unix(sshd:session): session closed for user sshovas And lastlog does not show sshovas connected. Is there anyone who can explain what happened and the meaning of these incongruous results? I do not think to miss something but all is possible. Thank you very much. Best regards Francesco Vincenti P.S. After other tests, i verified that the error sequence regarding user openvas in /var/log/secure appears also without executing Local Security Checks plugins. Francesco Vincenti Area Data Center Open Source, Quality and Security Aspasiel S.r.l. a company of ThyssenKrupp Acciai Speciali Terni S.p.A. con Unico Socio Loc.Pentima Bassa, 56 05100 Terni - Italia Tel.: +39 0744 203224 Fax : +39 0744 428855 mail: [email protected] <mailto:[email protected]> www.aspasiel.it -------------------------------------------------------- This e-mail and any attachments is a confidential correspondence intended only for use of the individual or entity named above. If you are not the intended recipient or the agent responsible for delivering the message to the intended recipient, you are hereby notified that any disclosure, distribution or copying of this communication is strictly prohibited. If you have received this communication in error, please notify the error at the following email address: [email protected] or at Aspasiel Helpdesk Team by phone (phone number +390744203555), and then delete this message from your system. P Please consider our environment and think before you print. Thank you! q --------------------------------------------------------
_______________________________________________ Openvas-discuss mailing list [email protected] http://lists.wald.intevation.org/mailman/listinfo/openvas-discuss
