Any scan runs on the local host and local network using the local host IP have detected nothing!
What needs to be checked to correct the above? Installed openvas-client as it was not installed as I thought previously (original launch of sudo gsad opened it) Check the default files for each openvas service and everything seems to be fine, not sure why gsa should be running on 0.0.0.0 as listed below: Step 7: Checking if OpenVAS services are up and running ... OK: netstat found, extended checks of the OpenVAS services enabled. OK: OpenVAS Scanner is running and listening only on the local interface. OK: OpenVAS Scanner is listening on port 9391, which is the default port. OK: OpenVAS Manager is running and listening on all interfaces. OK: OpenVAS Manager is listening on port 9390, which is the default port. OK: OpenVAS Administrator is running and listening only on the local interface. OK: OpenVAS Administrator is listening on port 9393, which is the default port. WARNING: Greenbone Security Assistant is running and listening only on the local interface. This means that you will not be able to access the Greenbone Security Assistant from the outside using a web browser. SUGGEST: Ensure that Greenbone Security Assistant listens on all interfaces. OK: Greenbone Security Assistant is listening on port 9392, which is the default port. Should anything be changed below?: # # The address the Greenbone Security Assistant will listen on. # GSA_ADDRESS=127.0.0.1 # # The port the Greenbone Security Assistant will listen on. # GSA_PORT=9392 #After the recent update of the libmicrohttpd package, it's impossible to access GSA via HTTPS protocol (https://localhost:9392) #force the usage of HTTP protocol (http://localhost:9392) HTTP_ONLY=1 # # The file to use as private key for HTTPS # #GSA_SSL_PRIVATE_KEY= # # The file to use as certificate for HTTPS # #GSA_SSL_CERTIFICATE= # # Should HTTP get redirected to HTTPS # If $GSA_REDIRECT_PORT is not set it will redirect port 80. # #GSA_REDIRECT=443 # Redirect HTTP from this port to $GSA_PORT # For this being effective $GSA_REDIRECT has to be set to 1. # #GSA_REDIRECT_PORT=80 # # The address the OpenVAS Administrator is listening on. # ADMINISTRATOR_ADDRESS=127.0.0.1 # # The port the OpenVAS Administrator is listening on. # ADMINISTRATOR_PORT=9393 # # The address the OpenVAS Manager is listening on. # MANAGER_ADDRESS=0.0.0.0 # # The port the OpenVAS Manager is listening on. # MANAGER_PORT=9390 From: shast...@hotmail.com To: openvas-discuss@wald.intevation.org CC: mco...@bacardi.com Subject: RE: [Openvas-discuss] Openvas-gsa port binding issue Date: Fri, 23 Dec 2011 00:25:38 +0000 It is on Ubuntu. Apart from killing the processes which run (that already bind the ports to the incorrect host), how can I preve before starting openvas scanner/manager/client. I added the 3 openvas services to /etc/rc.local already but I don't think that script is executable so they should not run at bootup. I have to run gsad now as this command 'sudo gsad --http-only listen=127.0.0.1 -p 9392". It works in the browser after removing conflicting services. However I want it to do this by default by just running 'sudo gsad' as happened after the first install. Plus the client should launch also and it does not now, not sure how to correct this. What is the best way to startup openvas? Like this: Code: test -e /var/lib/openvas/CA/cacert.pem || sudo openvas-mkcert -q sudo openvas-nvt-sync test -e /var/lib/openvas/users/om || sudo openvas-mkcert-client -n om -i sudo /etc/init.d/openvas-manager stop sudo /etc/init.d/openvas-scanner stop sudo touch sudo touch /var/lib/openvas/mgr/tasks.db sudo chmod 600 /var/lib/openvas/mgr/tasks.db sudo openvassd sudo openvasmd --migrate sudo openvasmd --rebuild sudo killall openvassd sleep 15 sudo /etc/init.d/openvas-scanner start sudo /etc/init.d/openvas-manager start sudo /etc/init.d/openvas-administrator restart test -e /var/lib/openvas/users/admin || sudo openvasad -c add_user -n admin -r Admin (remove this also) sudo gsad (Remove the below?) Add the components to startup by adding them to the rc.local file Code: sudo nano /etc/rc.local Add Code: openvassd openvasad openvasmd gsad Subject: Re: [Openvas-discuss] Openvas-gsa port binding issue From: mco...@bacardi.com Date: Thu, 22 Dec 2011 18:16:08 -0500 To: shast...@hotmail.com If you are running anything Debian based you have to change all the OpenVAS scripts in /etc/default to the addressable IPs applicable to your network... Other architectures I can't say.. If this doesn't help someone will be along shortly I'm sure... Cheers... Matt From: Shane Duignan [shast...@hotmail.com] Sent: 12/22/2011 11:12 PM GMT To: <openvas-discuss@wald.intevation.org> Subject: [Openvas-discuss] Openvas-gsa port binding issue openvas-check setup output (only issues are in step 7, everything else configured fine): Step 7: Checking if OpenVAS services are up and running ... OK: netstat found, extended checks of the OpenVAS services enabled. OK: OpenVAS Scanner is running and listening only on the local interface. OK: OpenVAS Scanner is listening on port 9391, which is the default port. WARNING: OpenVAS Manager is running and listening only on the local interface. This means that you will not be able to access the OpenVAS Manager from the outside using GSD or OpenVAS CLI. SUGGEST: Ensure that OpenVAS Manager listens on all interfaces. OK: OpenVAS Manager is listening on port 9390, which is the default port. OK: OpenVAS Administrator is running and listening only on the local interface. OK: OpenVAS Administrator is listening on port 9393, which is the default port. WARNING: Greenbone Security Assistant is listening on port 8080 9392 443, which is NOT the default port! SUGGEST: Ensure Greenbone Security Assistant is listening on one of the following ports: 80, 443, 9392. [: 555: 8080: unexpected operator further checks show: netstat -an | grep '939' tcp 0 0 127.0.0.1:9391 0.0.0.0:* LISTEN tcp 0 0 0.0.0.0:9392 0.0.0.0:* LISTEN tcp 0 0 127.0.0.1:9393 0.0.0.0:* LISTEN tcp 0 0 127.0.0.1:9390 0.0.0.0:* LISTEN tcp 539 0 127.0.0.1:9392 127.0.0.1:52908 CLOSE_WAIT tail -f /var/log/openvas/gsad.log gsad main:WARNING:2011-12-22 09h41.10 utc:3588: Binding to port 443 failed, trying default port 9392 next. So my question how to you get 'gsad' to run at the appropriate ports and end existing services? As the first time I installed, 'sudo gsad' launched the client window and I was able to browse http://127.0.0.1:9392. How can I get the client to launch also? Plus how do you configure openvas-manager to run on the local and remote connection? Thanks in advance. _______________________________________________ Openvas-discuss mailing list Openvas-discuss@wald.intevation.org http://lists.wald.intevation.org/mailman/listinfo/openvas-discuss
_______________________________________________ Openvas-discuss mailing list Openvas-discuss@wald.intevation.org http://lists.wald.intevation.org/mailman/listinfo/openvas-discuss