Funny, turns out I had already made that change in the current version I was using (I copied and pasted from a local copy that was out of sync). However, the trust is fixed now. Not entirely sure what I did, but I'm guessing it may have had to do with changing the 'global' parameter to 0, and removing some additional info I tried to shoehorn into the XML?
Now to figure out (tomorrow) why it generated an empty PDF. Thanks for all your help! On Wed, Feb 19, 2014 at 7:48 PM, Ryan Schulze <r...@dopefish.de> wrote: > > Another thing I just though of that may or may not apply to you: check if > the certificate used to sign the report is trusted on the openvas server > (gpg --homedir=/etc/openvas/gnupg/ --check-sigs ; gpg > --homedir=/etc/openvas/gnupg/ --lsign KEY_ID ). Depends on where you are > signing the report and which key you are using for that. > > > and the content of create_report_import.sh from my last email since I > foolishly added it as an attachment and not inline > ---- > #!/bin/bash > > > > #------------------------------------------------------------------------------- > # Some basic information about the report > > #------------------------------------------------------------------------------- > NAME='HTML Plus' > EXTENSION='html' > CONTENT_TYPE='text/html' > > SUMMARY='Extended HTML' > DESCRIPTION="Generate a nice HTML output better suited for stand-alone > viewing on wide monitors, uses some javascript and adds host information" > > # Files to include, add everything required to generate the report > FILELIST="generate extended-html.xsl fetch_ip_info.sh" > > # this is the file you will want to import into OpenVAS > IMPORTFILE="extended-html.xml" > > gpgopts='--homedir=/etc/openvas/gnupg' > > #------------------------------------------------------------------------------- > # base64 and xml voodoo happens here > > #------------------------------------------------------------------------------- > > UUID=$(uuid) > { > # OpenVAS 4: > # echo -n > "${UUID}${NAME}${EXTENSION}${CONTENT_TYPE}${SUMMARY}${DESCRIPTION}0" > # OpenVAS 5: > echo -n "${UUID}${EXTENSION}${CONTENT_TYPE}0" > for FILE in $(ls -1 ${FILELIST}) > do > echo -n "${FILE}$(base64 -w 0 ${FILE})" > done > echo > } > ${UUID} > gpg ${gpgopts} --detach-sign --armor ${UUID} > > { > echo -n '<get_report_formats_response status="200" > status_text="OK"><report_format > id="'$UUID'"><name>'$NAME'</name><extension>'$EXTENSION'</extension><content_type>'$CONTENT_TYPE'</content_type><summary>'$SUMMARY'</summary><description>'$DESCRIPTION'</description><global>0</global>' > for FILE in $(ls -1 ${FILELIST}) > do > echo -n "<file name=\"${FILE}\">$(base64 -w 0 ${FILE})</file>" > done > echo -n '<signature>' > cat ${UUID}.asc > echo -n '</signature>' > echo '</report_format></get_report_formats_response>' > } > ${IMPORTFILE} > gpg ${gpgopts} --verify ${UUID}.asc ${UUID} > rm ${UUID} ${UUID}.asc > > > > > > On 2/19/2014 6:35 PM, Ryan Schulze wrote: > > Hi Greg, > > I believe the beginning of your ${UUID} file is incorrect for the current > version of OpenVAS. > > ${UUID}${NAME}${EXTENSION}${CONTENT_TYPE}${SUMMARY}${DESCRIPTION}0 seems > to still be the format used with OpenVAS 4, as of OpenVAS 5 it was changed > to ${UUID}${EXTENSION}${CONTENT_TYPE}0 > > I attached the create_report_import.sh we use for one of our custom > reports, heope that helps you out. I remember having fun digging through > the debugging and temp files when that changed ;-) > > Regards, > Ryan > > --- > > > On 2/19/2014 3:28 PM, Greg Etling wrote: > > I'm about at the end of my knowledge and am sure I'm missing something > right in front of my face while trying to set up a new report format. > > I have set up keys on our Openvas server (as per > http://www.openvas.org/trusted-nvts.html) created a new report format, > grabbed the create_report_import from SVN and modified as seen below, ran > it and uploaded the results as a new report, activated it with omp and > everything seems fine, except openvas refuses to trust the report... > > I'm thinking its somewhere in the signing process that I am going wrong, > because gpg will verify (gpg --homedir=/etc/openvas/gnupg > --verify ${UUID}.asc ${UUID}) as created...but that signing procedure seems > off to me, I'm just not sure how. > > --- > NAME="PDF Detailed Report" > UUID=`uuid` > EXTENSION=pdf > CONTENT_TYPE="application/pdf" > SUMMARY="Customized PDF report to replace default" > DESCRIPTION="Customized scan PDF report." > # Names must be in alphabetical order. > FNAME1=generate > FILE1=`base64 -w 0 generate` > FNAME2=latex.xsl > FILE2=`base64 -w 0 latex.xsl` > > echo > ${UUID}${NAME}${EXTENSION}${CONTENT_TYPE}${SUMMARY}${DESCRIPTION}0${FNAME1}${FILE1}${FNAME2}${FILE2} > > ${UUID} > gpg --homedir=/etc/openvas/gnupg --detach-sign --armor ${UUID} > rm ${UUID} > > echo -n '<get_report_formats_response status="200" > status_text="OK"><report_format > id="'$UUID'"><name>'$NAME'</name><extension>'$EXTENSION'</extension><content_type>'$CONTENT_TYPE'</content_type><summary>'$SUMMARY'</summary><description>'$DESCRIPTION'</description><file > name="'$FNAME1'">'$FILE1'</file><file > name="'$FNAME2'">'$FILE2'</file><signature>' > custom_detail_pdf.xml > > cat ${UUID}.asc >> custom_detail_pdf.xml > > echo '</signature></report_format></get_report_formats_response>' >> > custom_detail_pdf.xml > --- > > I'm grateful for any and all input that might help. Thanks, > Greg > > -- > Greg Etling > getl...@stern.nyu.edu > Systems Administrator > Stern IT Enterprise Operations > NYU Stern School of Business > > > _______________________________________________ > Openvas-discuss mailing > listOpenvas-discuss@wald.intevation.orghttps://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss > > > > > _______________________________________________ > Openvas-discuss mailing > listOpenvas-discuss@wald.intevation.orghttps://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss > > > -- Greg Etling getl...@stern.nyu.edu <getl...@stern.nyu.edu>Systems Administrator Stern IT Enterprise Operations NYU Stern School of Business
_______________________________________________ Openvas-discuss mailing list Openvas-discuss@wald.intevation.org https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss