Hello,
Use http-only for gsad.
What I've done on my Centos and it is working:
vi /etc/init.d/gsad
and add http-only
"start() { echo -n $"Starting greenbone-security-assistant: "
daemon $EXEC $PARAMS --http-only --timeout 50"
On Tue, Apr 16, 2013 at 12:10 PM, Manel Gimeno Zaragozá <
[email protected]> wrote:
> Hello,
>
> I'm new using openvas and I've made an installation in the following
> machine:
>
> SO: CentOS release 6.2 (Final)
> CPU: Intel(R) Xeon(TM) CPU 3.40GHz
> Num cores: 4
> RAM MEM: 7788MB
>
> # rpm -qa | grep openvas
> openvas-libraries-5.0.4-5.el6.art.x86_64
> openvas-scanner-3.3.1-4.el6.art.x86_64
> openvas-administrator-1.2.1-2.el6.art.x86_64
> openvas-1.0-7.el6.art.noarch
> openvas-cli-1.1.5-3.el6.art.x86_64
> openvas-manager-3.0.5-8.el6.art.x86_64
>
> I've followed the installation guide from http://www.openvas.org and
> after the installation I've runned openvas-check-setup, and almos
> everything seems all right:
>
> # ./openvas-check-setup --v5
> openvas-check-setup 2.2.1
> Test completeness and readiness of OpenVAS-5
>
> Please report us any non-detected problems and
> help us to improve this check routine:
> http://lists.wald.intevation.org/mailman/listinfo/openvas-discuss
>
> Send us the log-file (/tmp/openvas-check-setup.log) to help analyze the
> problem.
>
> Use the parameter --server to skip checks for client tools
> like GSD and OpenVAS-CLI.
>
> Step 1: Checking OpenVAS Scanner ...
> OK: OpenVAS Scanner is present in version 3.3.1.
> OK: OpenVAS Scanner CA Certificate is present as
> /var/lib/openvas/CA/cacert.pem.
> OK: NVT collection in /var/lib/openvas/plugins contains 30428 NVTs.
> WARNING: Signature checking of NVTs is not enabled in OpenVAS
> Scanner.
> SUGGEST: Enable signature checking (see
> http://www.openvas.org/trusted-nvts.html).
> Step 2: Checking OpenVAS Manager ...
> OK: OpenVAS Manager is present in version 3.0.5.
> OK: OpenVAS Manager client certificate is present as
> /var/lib/openvas/CA/clientcert.pem.
> OK: OpenVAS Manager database found in
> /var/lib/openvas/mgr/tasks.db.
> OK: Access rights for the OpenVAS Manager database are correct.
> OK: OpenVAS SCAP database found in
> /var/lib/openvas/scap-data/scap.db.
> OK: sqlite3 found, extended checks of the OpenVAS Manager
> installation enabled.
> OK: OpenVAS Manager database is at revision 56.
> OK: OpenVAS Manager expects database at revision 56.
> OK: Database schema is up to date.
> OK: OpenVAS Manager database contains information about 30428 NVTs.
> OK: xsltproc found.
> Step 3: Checking OpenVAS Administrator ...
> OK: OpenVAS Administrator is present in version 1.2.1.
> OK: At least one user exists.
> OK: At least one admin user exists.
> Step 4: Checking Greenbone Security Assistant (GSA) ...
> OK: Greenbone Security Assistant is present in version 3.0.3.
> Step 5: Checking OpenVAS CLI ...
> OK: OpenVAS CLI version 1.1.5.
> Step 6: Checking Greenbone Security Desktop (GSD) ...
> OK: Greenbone Security Desktop is present in Version 1.2.2.
> Step 7: Checking if OpenVAS services are up and running ...
> OK: netstat found, extended checks of the OpenVAS services enabled.
> OK: OpenVAS Scanner is running and listening on all interfaces.
> OK: OpenVAS Scanner is listening on port 9391, which is the
> default port.
> OK: OpenVAS Manager is running and listening on all interfaces.
> OK: OpenVAS Manager is listening on port 9390, which is the
> default port.
> OK: OpenVAS Administrator is running and listening only on the
> local interface.
> OK: OpenVAS Administrator is listening on port 9393, which is the
> default port.
> OK: Greenbone Security Assistant is running and listening on all
> interfaces.
> OK: Greenbone Security Assistant is listening on port 9392, which
> is the default port.
> Step 8: Checking nmap installation ...
> WARNING: Your version of nmap is not fully supported: 5.21
> SUGGEST: You should install nmap 5.51.
> Step 9: Checking presence of optional tools ...
> OK: pdflatex found.
> OK: PDF generation successful. The PDF report format is likely to
> work.
> OK: ssh-keygen found, LSC credential generation for GNU/Linux
> targets is likely to work.
> OK: rpm found, LSC credential package generation for RPM based
> targets is likely to work.
> WARNING: Could not find alien binary, LSC credential package
> generation for DEB based targets will not work.
> SUGGEST: Install alien.
> OK: nsis found, LSC credential package generation for Microsoft
> Windows targets is likely to work.
>
> It seems like your OpenVAS-5 installation is OK.
>
> I think these warning are not important, please correct me if I'm wrong.
>
> anyway, the problem is when I try to login to https://192.168.1.1:9392/the
> process "gsad" starts to consume 100% of the CPU and the login page
> starts to shows after more than 10 minutes. The same happens when I login,
> it takes more than 10 minutes to show the management web page.
>
> I've read about it in this post
> http://lists.wald.intevation.org/pipermail/openvas-discuss/2011-November/003613.html.
> I've installed /usr/lib64/libmicrohttpd.so.10.16.1. Anyway the version in
> the post is not available from the source.
>
> Could please someone help me on this? the application is no usable as
> everytime the session expired I have to wait more than 10 minutes to login
> again, and the CPU ussage is also too high. I've have seen gsad ussing 400%
> of CPU.
>
> am i doing something wrong?
>
> Thanks & Regards.
>
> Manel
>
> _______________________________________________
> Openvas-discuss mailing list
> [email protected]
> https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss
>
_______________________________________________
Openvas-discuss mailing list
[email protected]
https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss
