On Monday 12 April 2010 10:43:47 Vincenti Francesco wrote: > Hello dr. Wagner > > Thanks for your answers. > I apologize but I need more clarifications about your questions and > comments. Later on my answers and doubts according your sequence: > 1- Yes, I enabled dependencies at runtime. > > 2- About your second question, I meant the scanner was running as normal > user. But your question made me doubtful: I never worried about users on > the target machine both for scanning without LSC enabled, when I do not > need an user (I believed), and using LSC, for which on purpose I created > user sshovas without password. Is it all correct?
openvas-scanner should run as privileged user (root). > 4- I did not understand at all your last comment: > This observation is OK. > The actual LSCs only do checks on the KB without connecting a target > system. Its the other scripts that do active connection to the target > system and retrieve package dabase etc. > > Especially when you say that LSCs do not connect to the target system but > check the KB. For which reason I built the publickey authentication? And do > I need to enable the KB feature to activate LSCs? Is related to the first question about ~"dependencies at runtime". A script that all LSCs depend on gathers information about the system. Therefore it needs the key or password. The thousands of LSC scripts will only use the results (KB) of that script. Some exceptions might exist, but thats how it works in general. -- felix > > > > -------------------------------------------------------- > > This e-mail and any attachments is a confidential correspondence intended > only for use of the individual or entity named above. If you are not the > intended recipient or the agent responsible for delivering the message to > the intended recipient, you are hereby notified that any disclosure, > distribution or copying of this communication is strictly prohibited. If > you have received this communication in error, please notify the error at > the following email address: [email protected] or at Aspasiel Helpdesk > Team by phone (phone number +390744203555), and then delete this message > from your system. P Please consider our environment and think before you > print. Thank you! q > > -------------------------------------------------------- > > > > Da: [email protected] > [mailto:[email protected]] Per conto di > [email protected] Inviato: venerdì 9 aprile 2010 > 17.57 > A: [email protected] > Oggetto: Openvas-discuss Digest, Vol 39, Issue 10 > > Send Openvas-discuss mailing list submissions to > [email protected] > > To subscribe or unsubscribe via the World Wide Web, visit > http://lists.wald.intevation.org/mailman/listinfo/openvas-discuss > or, via email, send a message with subject or body 'help' to > [email protected] > > You can reach the person managing the list at > [email protected] > > When replying, please edit your Subject line so it is more specific > than "Re: Contents of Openvas-discuss digest..." > > > Today's Topics: > > 1. About LSC (Vincenti Francesco) > 2. Re: About LSC (Jan-Oliver Wagner) > > > ---------------------------------------------------------------------- > > Message: 1 > Date: Fri, 9 Apr 2010 16:16:37 +0200 > From: "Vincenti Francesco" <[email protected]> > Subject: [Openvas-discuss] About LSC > To: <[email protected]> > Message-ID: > <[email protected]> > Content-Type: text/plain; charset="us-ascii" > > Hello everybody > > > > I started to test my OpenVAS tool (2.x.x), installed on a Fedora C7 OS, > and I tried to activate the Local Security Checks to analyze the > features it offers. > > To do this I activated a public/private key connection, according the > suggestions of the documentation. I followed all the steps in the same > way. > > > > I built a scope with Fedora Local Security Checks plugins and others > activated, to analyze localhost (the host where server and client are > installed). > > I put the data suggested by documentation under "Credentials" section > and I started the scope not as root but as a normal user. > > The output was a report which contains the following information: > > Security Issue and Fixes - Host localhost > > > > Localhost - ssh (22/tcp) > > > > Informational > > > > An ssh server is running on this port > > OID: something > > > > Informational > > > > It was possible to login using the SSH credentials supplied. > > Hence local security checks are enabled > > OID: something > > > > Informational > > > > Remote SSH version: version > > > > Remote SSH supported authentication: publickey, gssapi-with-mic, > password > > > > After these, few information about the Operating system OpenVAS found. > > > > So, I thought the SSH publickey connection worked well! > > > > But, when I analyzed /var/log/secure, I found the following message: > > > > Apr 9 11:00:06 hostname sshd[8518]: Did not receive identification > string from 127.0.0.1 > > Apr 9 11:00:09 hostname sshd[8529]: Accepted publickey for sshovas from > 127.0.0.1 port 11262 ssh2 > > Apr 9 11:00:09 hostname sshd[8529]: pam_unix(sshd:session): session > opened for user sshovas by (uid=0) > > Apr 9 11:00:12 hostname sshd[8570]: Invalid user openvas from 127.0.0.1 > > Apr 9 11:00:12 hostname sshd[8573]: input_userauth_request: invalid > user openvas > > Apr 9 11:00:12 hostname sshd[8570]: pam_unix(sshd:auth): check pass; > user unknown > > Apr 9 11:00:13 hostname sshd[8570]: pam_unix(sshd:auth): authentication > failure; logname= uid=0 euid=0 tty=ssh rus > > er= rhost=localhost.localdomain > > Apr 9 11:00:13 hostname sshd[8570]: pam_succeed_if(sshd:auth): error > retrieving information about user openvas > > Apr 9 11:00:15 hostname sshd[8570]: Failed password for invalid user > openvas from 127.0.0.1 port 11264 ssh2 > > Apr 9 11:00:15 hostname sshd[8573]: Connection closed by 127.0.0.1 > > Apr 9 11:13:51 hostname sshd[8529]: pam_unix(sshd:session): session > closed for user sshovas > > > > And lastlog does not show sshovas connected. > > > > Is there anyone who can explain what happened and the meaning of these > incongruous results? > > I do not think to miss something but all is possible. > > > > Thank you very much. > > > > Best regards > > > > Francesco Vincenti > > > > > > P.S. > > After other tests, i verified that the error sequence regarding user > openvas in /var/log/secure appears also without executing Local Security > Checks plugins. > > > > > > > -------------------------------------------------------- > > This e-mail and any attachments is a confidential correspondence intended > only for use of the individual or entity named above. If you are not the > intended recipient or the agent responsible for delivering the message to > the intended recipient, you are hereby notified that any disclosure, > distribution or copying of this communication is strictly prohibited. If > you have received this communication in error, please notify the error at > the following email address: [email protected] or at Aspasiel Helpdesk > Team by phone (phone number +390744203555), and then delete this message > from your system. P Please consider our environment and think before you > print. Thank you! q > -------------------------------------------------------- > -------------- next part -------------- > An HTML attachment was scrubbed... > URL: > http://lists.wald.intevation.org/pipermail/openvas-discuss/attachments/2010 >0409/2cedbb7a/attachment-0001.htm > > ------------------------------ > > Message: 2 > Date: Fri, 9 Apr 2010 17:56:19 +0200 > From: "Jan-Oliver Wagner" <[email protected]> > Subject: Re: [Openvas-discuss] About LSC > To: [email protected] > Message-ID: <[email protected]> > Content-Type: text/plain; charset="utf-8" > > Hello Francesco, > > On Friday 09 April 2010 16:16:37 Vincenti Francesco wrote: > > I started to test my OpenVAS tool (2.x.x), installed on a Fedora C7 OS, > > and I tried to activate the Local Security Checks to analyze the > > features it offers. > > I recommend to switch to OpenVAS 3.0 in general. > However, the LSCs should work for both 2.0 and 3.0. > > > I built a scope with Fedora Local Security Checks plugins and others > > activated, to analyze localhost (the host where server and client are > > installed). > > Have you enable dependencies at runtime? > > > I put the data suggested by documentation under "Credentials" section > > and I started the scope not as root but as a normal user. > > You mean the scanner is running as normal user? > Or do you mean the remote user on the target system? > However, LSCs sould work nicely even via less privileged users. > > > So, I thought the SSH publickey connection worked well! > > yes, looks OK. > > > But, when I analyzed /var/log/secure, I found the following message: > > > > > > > > Apr 9 11:00:06 hostname sshd[8518]: Did not receive identification > > string from 127.0.0.1 > > > > Apr 9 11:00:09 hostname sshd[8529]: Accepted publickey for sshovas from > > 127.0.0.1 port 11262 ssh2 > > > > Apr 9 11:00:09 hostname sshd[8529]: pam_unix(sshd:session): session > > opened for user sshovas by (uid=0) > > > > Apr 9 11:00:12 hostname sshd[8570]: Invalid user openvas from 127.0.0.1 > > > > Apr 9 11:00:12 hostname sshd[8573]: input_userauth_request: invalid > > user openvas > > Can you check you did not mix users "sshovas" and "openvas" in some way? > > > After other tests, i verified that the error sequence regarding user > > openvas in /var/log/secure appears also without executing Local Security > > Checks plugins. > > This observation is OK. > The actual LSCs only do checks on the KB without connecting a target > system. Its the other scripts that do active connection to the target > system and retrieve package dabase etc. > > All the best > > Jan -- Felix Wolfsteller | ++49 541 335083-783 | http://www.intevation.de/ PGP Key: 39DE0100 Intevation GmbH, Neuer Graben 17, 49074 Osnabrück | AG Osnabrück, HR B 18998 Geschäftsführer: Frank Koormann, Bernhard Reiter, Dr. Jan-Oliver Wagner _______________________________________________ Openvas-discuss mailing list [email protected] http://lists.wald.intevation.org/mailman/listinfo/openvas-discuss
