Any scan runs on the local host and local network using the local host IP have
detected nothing!
What needs to be checked to correct the above?
Installed openvas-client as it was not installed as I thought previously
(original launch of sudo gsad opened it)
Check the default files for each openvas service and everything seems to be
fine, not sure why gsa should be running on 0.0.0.0 as listed below:
Step 7: Checking if OpenVAS services are up and running ...
OK: netstat found, extended checks of the OpenVAS services enabled.
OK: OpenVAS Scanner is running and listening only on the local
interface.
OK: OpenVAS Scanner is listening on port 9391, which is the default
port.
OK: OpenVAS Manager is running and listening on all interfaces.
OK: OpenVAS Manager is listening on port 9390, which is the default
port.
OK: OpenVAS Administrator is running and listening only on the local
interface.
OK: OpenVAS Administrator is listening on port 9393, which is the
default port.
WARNING: Greenbone Security Assistant is running and listening only on
the local interface. This means that you will not be able to access the
Greenbone Security Assistant from the outside using a web browser.
SUGGEST: Ensure that Greenbone Security Assistant listens on all
interfaces.
OK: Greenbone Security Assistant is listening on port 9392, which is
the default port.
Should anything be changed below?:
#
# The address the Greenbone Security Assistant will listen on.
#
GSA_ADDRESS=127.0.0.1
#
# The port the Greenbone Security Assistant will listen on.
#
GSA_PORT=9392
#After the recent update of the libmicrohttpd package, it's impossible to
access GSA via HTTPS protocol (https://localhost:9392)
#force the usage of HTTP protocol (http://localhost:9392)
HTTP_ONLY=1
#
# The file to use as private key for HTTPS
#
#GSA_SSL_PRIVATE_KEY=
#
# The file to use as certificate for HTTPS
#
#GSA_SSL_CERTIFICATE=
#
# Should HTTP get redirected to HTTPS
# If $GSA_REDIRECT_PORT is not set it will redirect port 80.
#
#GSA_REDIRECT=443
# Redirect HTTP from this port to $GSA_PORT
# For this being effective $GSA_REDIRECT has to be set to 1.
#
#GSA_REDIRECT_PORT=80
#
# The address the OpenVAS Administrator is listening on.
#
ADMINISTRATOR_ADDRESS=127.0.0.1
#
# The port the OpenVAS Administrator is listening on.
#
ADMINISTRATOR_PORT=9393
#
# The address the OpenVAS Manager is listening on.
#
MANAGER_ADDRESS=0.0.0.0
#
# The port the OpenVAS Manager is listening on.
#
MANAGER_PORT=9390
From: shast...@hotmail.com
To: openvas-discuss@wald.intevation.org
CC: mco...@bacardi.com
Subject: RE: [Openvas-discuss] Openvas-gsa port binding issue
Date: Fri, 23 Dec 2011 00:25:38 +0000
It is on Ubuntu. Apart from killing the processes which run (that already bind
the ports to the incorrect host), how can I preve
before starting openvas scanner/manager/client.
I added the 3 openvas services to /etc/rc.local already but I don't think that
script is executable so they should not run at bootup.
I have to run gsad now as this command 'sudo gsad --http-only listen=127.0.0.1
-p 9392".
It works in the browser after removing conflicting services. However I want it
to do this by default by just running 'sudo gsad' as happened after the first
install.
Plus the client should launch also and it does not now, not sure how to correct
this.
What is the best way to startup openvas? Like this:
Code:
test -e /var/lib/openvas/CA/cacert.pem || sudo openvas-mkcert -q
sudo openvas-nvt-sync
test -e /var/lib/openvas/users/om || sudo openvas-mkcert-client -n om -i
sudo /etc/init.d/openvas-manager stop
sudo /etc/init.d/openvas-scanner stop
sudo touch sudo touch /var/lib/openvas/mgr/tasks.db
sudo chmod 600 /var/lib/openvas/mgr/tasks.db
sudo openvassd
sudo openvasmd --migrate
sudo openvasmd --rebuild
sudo killall openvassd
sleep 15
sudo /etc/init.d/openvas-scanner start
sudo /etc/init.d/openvas-manager start
sudo /etc/init.d/openvas-administrator restart
test -e /var/lib/openvas/users/admin || sudo openvasad -c add_user -n admin -r
Admin (remove this also)
sudo gsad
(Remove the below?)
Add the components to startup by adding them to the rc.local file
Code:
sudo nano /etc/rc.local
Add
Code:
openvassd
openvasad
openvasmd
gsad
Subject: Re: [Openvas-discuss] Openvas-gsa port binding issue
From: mco...@bacardi.com
Date: Thu, 22 Dec 2011 18:16:08 -0500
To: shast...@hotmail.com
If you are running anything Debian based you have to change all the OpenVAS
scripts in /etc/default to the addressable IPs applicable to your network...
Other architectures I can't say.. If this doesn't help someone will be along
shortly I'm sure...
Cheers...
Matt
From: Shane Duignan [shast...@hotmail.com]
Sent: 12/22/2011 11:12 PM GMT
To: <openvas-discuss@wald.intevation.org>
Subject: [Openvas-discuss] Openvas-gsa port binding issue
openvas-check setup output (only issues are in step 7, everything else
configured fine):
Step 7: Checking if OpenVAS services are up and running ...
OK: netstat found, extended checks of the OpenVAS services enabled.
OK: OpenVAS Scanner is running and listening only on the local
interface.
OK: OpenVAS Scanner is listening on port 9391, which is the default
port.
WARNING: OpenVAS Manager is running and listening only on the local
interface. This means that you will not be able to access the OpenVAS
Manager from the outside using GSD or OpenVAS CLI.
SUGGEST: Ensure that OpenVAS Manager listens on all interfaces.
OK: OpenVAS Manager is listening on port 9390, which is the default
port.
OK: OpenVAS Administrator is running and listening only on the local
interface.
OK: OpenVAS Administrator is listening on port 9393, which is the
default port.
WARNING: Greenbone Security Assistant is listening on port 8080 9392
443, which is NOT the default port!
SUGGEST: Ensure Greenbone Security Assistant is listening on one of the
following ports: 80, 443, 9392.
[: 555: 8080: unexpected operator
further checks show:
netstat -an | grep '939'
tcp 0 0 127.0.0.1:9391 0.0.0.0:* LISTEN
tcp 0 0 0.0.0.0:9392 0.0.0.0:* LISTEN
tcp 0 0 127.0.0.1:9393 0.0.0.0:* LISTEN
tcp 0 0 127.0.0.1:9390 0.0.0.0:* LISTEN
tcp 539 0 127.0.0.1:9392 127.0.0.1:52908 CLOSE_WAIT
tail -f /var/log/openvas/gsad.log
gsad main:WARNING:2011-12-22 09h41.10 utc:3588: Binding to port 443 failed,
trying default port 9392 next.
So my question how to you get 'gsad' to run at the appropriate ports and end
existing services?
As the first time I installed, 'sudo gsad' launched the client window and I was
able to browse http://127.0.0.1:9392.
How can I get the client to launch also?
Plus how do you configure openvas-manager to run on the local and remote
connection?
Thanks in advance.
_______________________________________________
Openvas-discuss mailing list
Openvas-discuss@wald.intevation.org
http://lists.wald.intevation.org/mailman/listinfo/openvas-discuss
_______________________________________________
Openvas-discuss mailing list
Openvas-discuss@wald.intevation.org
http://lists.wald.intevation.org/mailman/listinfo/openvas-discuss
