Hi, I'm using OpenVAS on a OpenVZ host.
So, i have : venet0 inet addr:127.0.0.1 venet0:0 inet addr:PUBLIC_IP I cannot set the PUBLIC_IP on the venet0 ! So the scanner is launching with : openvassd --listen=127.0.0.1 -S PUBLIC_IP But when I start the scan, I have a message : The remote host (ANOTHER_PUBLIC_IP) is dead And this is what tcpdump says : 21:48:25.248488 IP 127.0.0.1.49701 > ANOTHER_PUBLIC_IP.ftp: Flags [.], ack 4171032861, win 2048, length 0 21:48:25.248515 IP 127.0.0.1.49701 > ANOTHER_PUBLIC_IP.telnet: Flags [.], ack 4171032861, win 1024, length 0 21:48:25.248522 IP 127.0.0.1.49701 > ANOTHER_PUBLIC_IP.smtp: Flags [.], ack 4171032861, win 4096, length 0 21:48:25.248525 IP 127.0.0.1.49701 > ANOTHER_PUBLIC_IP.domain: Flags [.], ack 4171032861, win 1024, length 0 21:48:25.248528 IP 127.0.0.1.49701 > ANOTHER_PUBLIC_IP.http: Flags [.], ack 4171032861, win 2048, length 0 So, the IP source is ... localhost and not the PUBLIC_IP of the -S flag. What's the problem ? Thanks ... /tmp/openvas-check-setup.log : openvas-check-setup 2.2.3 Mode: desktop Date: Wed, 09 Oct 2013 22:07:17 +0400 Checking for old OpenVAS Scanner <= 2.0 ... openvas-check-setup: line 171: openvasd: command not found Checking presence of OpenVAS Scanner ... OpenVAS Scanner 3.4.0 Nessus origin: (C) 2004 Renaud Deraison <[email protected]> Most new code since OpenVAS: (C) 2013 Greenbone Networks GmbH License GPLv2: GNU GPL version 2 This is free software: you are free to change and redistribute it. There is NO WARRANTY, to the extent permitted by law. Checking OpenVAS Scanner version ... OK: OpenVAS Scanner is present in version 3.4.0. plugins_folder = /usr/local/var/lib/openvas/plugins cache_folder = /usr/local/var/cache/openvas include_folders = /usr/local/var/lib/openvas/plugins max_hosts = 30 max_checks = 10 be_nice = no logfile = /usr/local/var/log/openvas/openvassd.messages log_whole_attack = no log_plugins_name_at_load = no dumpfile = /usr/local/var/log/openvas/openvassd.dump rules = /usr/local/share/openvas/openvassd.rules cgi_path = /cgi-bin:/scripts port_range = default optimize_test = yes checks_read_timeout = 5 network_scan = no non_simult_ports = 139, 445 plugins_timeout = 320 safe_checks = yes auto_enable_dependencies = yes silent_dependencies = no use_mac_addr = no save_knowledge_base = no kb_restore = no only_test_hosts_whose_kb_we_dont_have = no only_test_hosts_whose_kb_we_have = no kb_dont_replay_scanners = no kb_dont_replay_info_gathering = no kb_dont_replay_attacks = no kb_dont_replay_denials = no kb_max_age = 864000 slice_network_addresses = no nasl_no_signature_check = yes drop_privileges = no unscanned_closed = yes vhosts = vhosts_ip = report_host_details = yes cert_file = /usr/local/var/lib/openvas/CA/servercert.pem key_file = /usr/local/var/lib/openvas/private/CA/serverkey.pem ca_file = /usr/local/var/lib/openvas/CA/cacert.pem reverse_lookup = no config_file = /usr/local/etc/openvas/openvassd.conf Checking OpenVAS Scanner CA cert ... OK: OpenVAS Scanner CA Certificate is present as /usr/local/var/lib/openvas/CA/cacert.pem. Checking NVT collection ... OK: NVT collection in /usr/local/var/lib/openvas/plugins contains 32645 NVTs. Checking status of signature checking in OpenVAS Scanner ... WARNING: Signature checking of NVTs is not enabled in OpenVAS Scanner. SUGGEST: Enable signature checking (see http://www.openvas.org/trusted-nvts.html). OK: The NVT cache in /usr/local/var/cache/openvas contains 32645 files for 32645 NVTs. Checking presence of OpenVAS Manager ... OpenVAS Manager 4.0.2 Manager DB revision 74 Copyright (C) 2010-2013 Greenbone Networks GmbH License GPLv2+: GNU GPL version 2 or later This is free software: you are free to change and redistribute it. There is NO WARRANTY, to the extent permitted by law. OK: OpenVAS Manager is present in version 4.0.2. Checking OpenVAS Manager client certificate ... OK: OpenVAS Manager client certificate is present as /usr/local/var/lib/openvas/CA/clientcert.pem. Checking OpenVAS Manager database ... OK: OpenVAS Manager database found in /usr/local/var/lib/openvas/mgr/tasks.db. Checking access rights of OpenVAS Manager database ... OK: Access rights for the OpenVAS Manager database are correct. Checking sqlite3 presence ... OK: sqlite3 found, extended checks of the OpenVAS Manager installation enabled. Checking OpenVAS Manager database revision ... OK: OpenVAS Manager database is at revision 74. Checking database revision expected by OpenVAS Manager ... OK: OpenVAS Manager expects database at revision 74. OK: Database schema is up to date. Checking OpenVAS Manager database (NVT data) ... OK: OpenVAS Manager database contains information about 32645 NVTs. Checking OpenVAS SCAP database ... OK: OpenVAS SCAP database found in /usr/local/var/lib/openvas/scap-data/scap.db. Checking OpenVAS CERT database ... OK: OpenVAS CERT database found in /usr/local/var/lib/openvas/cert-data/cert.db. Checking xsltproc presence ... OK: xsltproc found. Checking presence of OpenVAS Administrator ... OpenVAS Administrator 1.3.0 Copyright (C) 2013 Greenbone Networks GmbH License GPLv2+: GNU GPL version 2 or later This is free software: you are free to change and redistribute it. There is NO WARRANTY, to the extent permitted by law. OK: OpenVAS Administrator is present in version 1.3.0. Checking if users exist ... OK: At least one user exists. Checking if at least one admin user exists ... OK: At least one admin user exists. Checking status of password policy ... WARNING: Your password policy is empty. SUGGEST: Edit the /usr/local/etc/openvas/pwpolicy.conf file to set a password policy. Checking presence of Greenbone Security Assistant ... Greenbone Security Assistant 4.0.1 Copyright (C) 2010-2013 Greenbone Networks GmbH License GPLv2+: GNU GPL version 2 or later This is free software: you are free to change and redistribute it. There is NO WARRANTY, to the extent permitted by law. OK: Greenbone Security Assistant is present in version 4.0.1. Checking presence of OpenVAS CLI ... OMP Command Line Interface 1.2.0 Copyright (C) 2010-2013 Greenbone Networks GmbH License GPLv2+: GNU GPL version 2 or later This is free software: you are free to change and redistribute it. There is NO WARRANTY, to the extent permitted by law. OK: OpenVAS CLI version 1.2.0. Checking presence of Greenbone Security Desktop ... openvas-check-setup: line 585: gsd: command not found WARNING: No Greenbone Security Desktop (gsd) found or too old. SUGGEST: Please install Greenbone Security Desktop 1.2. SKIP: Skipping further check for Greenbone Security Desktop. Checking netstat presence ... OK: netstat found, extended checks of the OpenVAS services enabled. Active Internet connections (only servers) Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name tcp 0 0 127.0.0.1:9390 0.0.0.0:* LISTEN 503/openvasmd tcp 0 0 127.0.0.1:9391 0.0.0.0:* LISTEN 501/openvassd: wait tcp 0 0 0.0.0.0:9392 0.0.0.0:* LISTEN 507/gsad tcp 0 0 127.0.0.1:9393 0.0.0.0:* LISTEN 505/openvasad tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 425/sshd tcp 0 0 127.0.0.1:25 0.0.0.0:* LISTEN 455/sendmail: accep OK: OpenVAS Scanner is running and listening only on the local interface. OK: OpenVAS Scanner is listening on port 9391, which is the default port. WARNING: OpenVAS Manager is running and listening only on the local interface. This means that you will not be able to access the OpenVAS Manager from the outside using GSD or OpenVAS CLI. SUGGEST: Ensure that OpenVAS Manager listens on all interfaces. OK: OpenVAS Manager is listening on port 9390, which is the default port. OK: OpenVAS Administrator is running and listening only on the local interface. OK: OpenVAS Administrator is listening on port 9393, which is the default port. OK: Greenbone Security Assistant is running and listening on all interfaces. OK: Greenbone Security Assistant is listening on port 9392, which is the default port. Checking presence of nmap ... WARNING: Your version of nmap is not fully supported: 5.21 SUGGEST: You should install nmap 5.51. Checking presence of pdflatex ... WARNING: Could not find pdflatex binary, the PDF report format will not work. SUGGEST: Install pdflatex. Checking presence of ssh-keygen ... OK: ssh-keygen found, LSC credential generation for GNU/Linux targets is likely to work. Checking presence of rpm ... OK: rpm found, LSC credential package generation for RPM based targets is likely to work. Checking presence of alien ... WARNING: Could not find alien binary, LSC credential package generation for DEB based targets will not work. SUGGEST: Install alien. Checking presence of nsis ... WARNING: Could not find makensis binary, LSC credential package generation for Microsoft Windows targets will not work. SUGGEST: Install nsis. Checking for SELinux ... _______________________________________________ Openvas-discuss mailing list [email protected] https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss
