On Tue, Aug 07, 2012 at 08:08:50PM -0700, Mark LaCore wrote: > I like to use nmap SVN, but I found OpenVAS 5 likes nmap 5.50. Run > openvas-check-setup and it might tell you about that. You will probably have > to > find the source tarball and compile it because your package manager probably > doesn't have it.
Should nmap 6.01 be good? That's what Ubuntu 12.04's at. If 5.50 is good, and SVN is good, barring a regression in between.... > Another thing I found with nmap, is that the default scan timeout is too short > if you're scanning a full range of ports on a remote host. Make a new scan > policy and adjust the default timeout to something like 2 hours if that makes > sense. Also, make sure nmap is enabled as a Port Scanner in your policy. It > might not be on as default, I don't remember. There are so many nmap-related options in the policy I'll need to squint farther at them. I've been assuming, since OpenVAS basically doesn't do much without it, that the default is to use it. Maybe not. > To troubleshoot further, open a couple terminal windows, and tail -f /var/log/ > openvas/*.messages and /var/log/openvas/*.dump. Run a scan and maybe something > helpful will show up. I've looked in the logs, as well as at the processes spawned. Nothing obviously wrong except for the lack of any nmap invocation. My uncertainty is whether OpenVAS actively looks for nmap, doesn't find it (despite it being on the system), and so silently runs without it - whether the problem's on that level - or whether the "Full and fast" default scan considers "Full" to not even require nmap's services - even if nothing much is accomplished without them - in which case it's a configuration problem. If it's a configuration problem, the various installation guides could be much improved with an instruction for fixing that, IMHO. I appreciate complexly configurable stuff, but the instrument needs to be reasonably well tuned at first before a person can learn to play it. Thanks again, Whit _______________________________________________ Openvas-discuss mailing list [email protected] http://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss
