For reference, I compiled nmap 6.01 from source, installed it under /usr/local (not as a package, as Ubuntu 12.04 uses nmap 5.51), and openvas works fine. check-openvas-setup does complain about the version mismatch.
Alan On 8/8/12, Whit Blauvelt <[email protected]> wrote: > On Tue, Aug 07, 2012 at 08:08:50PM -0700, Mark LaCore wrote: >> I like to use nmap SVN, but I found OpenVAS 5 likes nmap 5.50. Run >> openvas-check-setup and it might tell you about that. You will probably >> have to >> find the source tarball and compile it because your package manager >> probably >> doesn't have it. > > Should nmap 6.01 be good? That's what Ubuntu 12.04's at. If 5.50 is good, > and SVN is good, barring a regression in between.... > >> Another thing I found with nmap, is that the default scan timeout is too >> short >> if you're scanning a full range of ports on a remote host. Make a new >> scan >> policy and adjust the default timeout to something like 2 hours if that >> makes >> sense. Also, make sure nmap is enabled as a Port Scanner in your policy. >> It >> might not be on as default, I don't remember. > > There are so many nmap-related options in the policy I'll need to squint > farther at them. I've been assuming, since OpenVAS basically doesn't do > much > without it, that the default is to use it. Maybe not. > >> To troubleshoot further, open a couple terminal windows, and tail -f >> /var/log/ >> openvas/*.messages and /var/log/openvas/*.dump. Run a scan and maybe >> something >> helpful will show up. > > I've looked in the logs, as well as at the processes spawned. Nothing > obviously wrong except for the lack of any nmap invocation. My uncertainty > is whether OpenVAS actively looks for nmap, doesn't find it (despite it > being on the system), and so silently runs without it - whether the > problem's on that level - or whether the "Full and fast" default scan > considers "Full" to not even require nmap's services - even if nothing much > is accomplished without them - in which case it's a configuration problem. > > If it's a configuration problem, the various installation guides could be > much improved with an instruction for fixing that, IMHO. I appreciate > complexly configurable stuff, but the instrument needs to be reasonably > well > tuned at first before a person can learn to play it. > > Thanks again, > Whit > _______________________________________________ > Openvas-discuss mailing list > [email protected] > http://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss > _______________________________________________ Openvas-discuss mailing list [email protected] http://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss
