Funny, turns out I had already made that change in the current version I
was using (I copied and pasted from a local copy that was out of sync).
However, the trust is fixed now. Not entirely sure what I did, but I'm
guessing it may have had to do with changing the 'global' parameter to 0,
and removing some additional info I tried to shoehorn into the XML?
Now to figure out (tomorrow) why it generated an empty PDF.
Thanks for all your help!
On Wed, Feb 19, 2014 at 7:48 PM, Ryan Schulze <r...@dopefish.de> wrote:
>
> Another thing I just though of that may or may not apply to you: check if
> the certificate used to sign the report is trusted on the openvas server
> (gpg --homedir=/etc/openvas/gnupg/ --check-sigs ; gpg
> --homedir=/etc/openvas/gnupg/ --lsign KEY_ID ). Depends on where you are
> signing the report and which key you are using for that.
>
>
> and the content of create_report_import.sh from my last email since I
> foolishly added it as an attachment and not inline
> ----
> #!/bin/bash
>
>
>
> #-------------------------------------------------------------------------------
> # Some basic information about the report
>
> #-------------------------------------------------------------------------------
> NAME='HTML Plus'
> EXTENSION='html'
> CONTENT_TYPE='text/html'
>
> SUMMARY='Extended HTML'
> DESCRIPTION="Generate a nice HTML output better suited for stand-alone
> viewing on wide monitors, uses some javascript and adds host information"
>
> # Files to include, add everything required to generate the report
> FILELIST="generate extended-html.xsl fetch_ip_info.sh"
>
> # this is the file you will want to import into OpenVAS
> IMPORTFILE="extended-html.xml"
>
> gpgopts='--homedir=/etc/openvas/gnupg'
>
> #-------------------------------------------------------------------------------
> # base64 and xml voodoo happens here
>
> #-------------------------------------------------------------------------------
>
> UUID=$(uuid)
> {
> # OpenVAS 4:
> # echo -n
> "${UUID}${NAME}${EXTENSION}${CONTENT_TYPE}${SUMMARY}${DESCRIPTION}0"
> # OpenVAS 5:
> echo -n "${UUID}${EXTENSION}${CONTENT_TYPE}0"
> for FILE in $(ls -1 ${FILELIST})
> do
> echo -n "${FILE}$(base64 -w 0 ${FILE})"
> done
> echo
> } > ${UUID}
> gpg ${gpgopts} --detach-sign --armor ${UUID}
>
> {
> echo -n '<get_report_formats_response status="200"
> status_text="OK"><report_format
> id="'$UUID'"><name>'$NAME'</name><extension>'$EXTENSION'</extension><content_type>'$CONTENT_TYPE'</content_type><summary>'$SUMMARY'</summary><description>'$DESCRIPTION'</description><global>0</global>'
> for FILE in $(ls -1 ${FILELIST})
> do
> echo -n "<file name=\"${FILE}\">$(base64 -w 0 ${FILE})</file>"
> done
> echo -n '<signature>'
> cat ${UUID}.asc
> echo -n '</signature>'
> echo '</report_format></get_report_formats_response>'
> } > ${IMPORTFILE}
> gpg ${gpgopts} --verify ${UUID}.asc ${UUID}
> rm ${UUID} ${UUID}.asc
>
>
>
>
>
> On 2/19/2014 6:35 PM, Ryan Schulze wrote:
>
> Hi Greg,
>
> I believe the beginning of your ${UUID} file is incorrect for the current
> version of OpenVAS.
>
> ${UUID}${NAME}${EXTENSION}${CONTENT_TYPE}${SUMMARY}${DESCRIPTION}0 seems
> to still be the format used with OpenVAS 4, as of OpenVAS 5 it was changed
> to ${UUID}${EXTENSION}${CONTENT_TYPE}0
>
> I attached the create_report_import.sh we use for one of our custom
> reports, heope that helps you out. I remember having fun digging through
> the debugging and temp files when that changed ;-)
>
> Regards,
> Ryan
>
> ---
>
>
> On 2/19/2014 3:28 PM, Greg Etling wrote:
>
> I'm about at the end of my knowledge and am sure I'm missing something
> right in front of my face while trying to set up a new report format.
>
> I have set up keys on our Openvas server (as per
> http://www.openvas.org/trusted-nvts.html) created a new report format,
> grabbed the create_report_import from SVN and modified as seen below, ran
> it and uploaded the results as a new report, activated it with omp and
> everything seems fine, except openvas refuses to trust the report...
>
> I'm thinking its somewhere in the signing process that I am going wrong,
> because gpg will verify (gpg --homedir=/etc/openvas/gnupg
> --verify ${UUID}.asc ${UUID}) as created...but that signing procedure seems
> off to me, I'm just not sure how.
>
> ---
> NAME="PDF Detailed Report"
> UUID=`uuid`
> EXTENSION=pdf
> CONTENT_TYPE="application/pdf"
> SUMMARY="Customized PDF report to replace default"
> DESCRIPTION="Customized scan PDF report."
> # Names must be in alphabetical order.
> FNAME1=generate
> FILE1=`base64 -w 0 generate`
> FNAME2=latex.xsl
> FILE2=`base64 -w 0 latex.xsl`
>
> echo
> ${UUID}${NAME}${EXTENSION}${CONTENT_TYPE}${SUMMARY}${DESCRIPTION}0${FNAME1}${FILE1}${FNAME2}${FILE2}
> > ${UUID}
> gpg --homedir=/etc/openvas/gnupg --detach-sign --armor ${UUID}
> rm ${UUID}
>
> echo -n '<get_report_formats_response status="200"
> status_text="OK"><report_format
> id="'$UUID'"><name>'$NAME'</name><extension>'$EXTENSION'</extension><content_type>'$CONTENT_TYPE'</content_type><summary>'$SUMMARY'</summary><description>'$DESCRIPTION'</description><file
> name="'$FNAME1'">'$FILE1'</file><file
> name="'$FNAME2'">'$FILE2'</file><signature>' > custom_detail_pdf.xml
>
> cat ${UUID}.asc >> custom_detail_pdf.xml
>
> echo '</signature></report_format></get_report_formats_response>' >>
> custom_detail_pdf.xml
> ---
>
> I'm grateful for any and all input that might help. Thanks,
> Greg
>
> --
> Greg Etling
> getl...@stern.nyu.edu
> Systems Administrator
> Stern IT Enterprise Operations
> NYU Stern School of Business
>
>
> _______________________________________________
> Openvas-discuss mailing
> listOpenvas-discuss@wald.intevation.orghttps://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss
>
>
>
>
> _______________________________________________
> Openvas-discuss mailing
> listOpenvas-discuss@wald.intevation.orghttps://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss
>
>
>
--
Greg Etling
getl...@stern.nyu.edu
<getl...@stern.nyu.edu>Systems Administrator
Stern IT Enterprise Operations
NYU Stern School of Business
_______________________________________________
Openvas-discuss mailing list
Openvas-discuss@wald.intevation.org
https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss
