Hi,
I am trying to write a documentation on how to install and run OpenVAS 8
on Ubuntu 15.04.
Here what I did until now:
1- compiled library, client,manager, cli and GSA according to
instructions on INSTALL files and installed redis-server.
2- Generated relevant certificates and keys with openvas-mkcert
3- Added OpenVAS key (48DB4530) to trusted keys.
gpg --homedir=/usr/local/etc/openvas/gnupg --lsign-key 48DB4530
4- Added nasl_no_signature_check = no line to openvassd.conf file.
5- Updated NVT with openvas-nvt-sync.
6- Changed default redis.conf with the one OpenVAS provided and started
redis-server
cp /usr/local/share/doc/openvas-scanner/example_redis_2_6.conf
/etc/redis/redis.conf
redis-server /etc/redis/redis.conf
7- Generated client certificate and key with openvas-mkcert-client -n -i
8- Created a user with admin role.
9- Started openvassd
When I run openvasmd --rebuild command, it fails with
lib serv:WARNING:2015-05-17 13h11.49 utc:9362: Failed to shake hands
with peer: The TLS connection was non-properly terminated.
It seems that this warning is related to gnutls version according to
this[1] and this[2]. A user siad[3] that the problem had disappeared
when he/she started to use gnutls 3.3.10-1 on Arch Linux.
On Ubuntu 15.04, libgnutls version is 3.3.8
LC_ALL=C apt-cache policy libgnutls-dev
libgnutls-dev:
Installed: 3.3.8-3ubuntu3
Candidate: 3.3.8-3ubuntu3
Version table:
*** 3.3.8-3ubuntu3 0
500 http://archive.ubuntu.com/ubuntu/ vivid/main amd64 Packages
100 /var/lib/dpkg/status
So, should I compile a newer (3.3.10) or an older (2.12) version of
libgnutls-dev or is there another way to solve this problem?
[1]
http://lists.wald.intevation.org/pipermail/openvas-discuss/2014-June/006309.html
[2]
https://wald.intevation.org/tracker/?func=detail&atid=220&aid=6572&group_id=29
[3] https://bugs.archlinux.org/task/42554
Output of openvas-check-setup
./openvas-check-setup
openvas-check-setup 2.3.0
Test completeness and readiness of OpenVAS-8
(add '--v6' or '--v7' or '--9'
if you want to check for another OpenVAS version)
Please report us any non-detected problems and
help us to improve this check routine:
http://lists.wald.intevation.org/mailman/listinfo/openvas-discuss
Send us the log-file (/tmp/openvas-check-setup.log) to help analyze
the problem.
Use the parameter --server to skip checks for client tools
like GSD and OpenVAS-CLI.
Step 1: Checking OpenVAS Scanner ...
OK: OpenVAS Scanner is present in version 5.0.2.
OK: OpenVAS Scanner CA Certificate is present as
/usr/local/var/lib/openvas/CA/cacert.pem.
OK: NVT collection in /usr/local/var/lib/openvas/plugins
contains 38966 NVTs.
OK: Signature checking of NVTs is enabled in OpenVAS Scanner.
OK: The NVT cache in /usr/local/var/cache/openvas contains 38966
files for 38966 NVTs.
OK: redis-server is present in version v=2.8.19.
OK: scanner (kb_location setting) is configured properly using
the redis-server socket: /tmp/redis.sock
OK: redis-server is running and listening on socket:
/tmp/redis.sock.
OK: redis-server configuration is OK and redis-server is running.
Step 2: Checking OpenVAS Manager ...
OK: OpenVAS Manager is present in version 6.0.2.
OK: OpenVAS Manager client certificate is present as
/usr/local/var/lib/openvas/CA/clientcert.pem.
OK: OpenVAS Manager database found in
/usr/local/var/lib/openvas/mgr/tasks.db.
OK: Access rights for the OpenVAS Manager database are correct.
OK: At least one user exists.
OK: sqlite3 found, extended checks of the OpenVAS Manager
installation enabled.
OK: OpenVAS Manager database is at revision 146.
OK: OpenVAS Manager expects database at revision 146.
OK: Database schema is up to date.
ERROR: The number of NVTs in the OpenVAS Manager database is too
low.
FIX: Make sure OpenVAS Scanner is running with an up-to-date NVT
collection and run 'openvasmd --rebuild'.
WARNING: OpenVAS Scanner is NOT running!
SUGGEST: Start OpenVAS Scanner (openvassd).
ERROR: Your OpenVAS-8 installation is not yet complete!
Please follow the instructions marked with FIX above and run this
script again.
If you think this result is wrong, please report your observation
and help us to improve this check routine:
http://lists.wald.intevation.org/mailman/listinfo/openvas-discuss
Please attach the log-file (/tmp/openvas-check-setup.log) to help us
analyze the problem.
Contentss of openvas-check-setup.log:
openvas-check-setup 2.3.0
Mode: desktop
Date: Sun, 17 May 2015 16:07:13 +0300
Checking for old OpenVAS Scanner <= 2.0 ...
./openvas-check-setup: 163: ./openvas-check-setup: openvasd: not found
Checking presence of OpenVAS Scanner ...
OpenVAS Scanner 5.0.2
Most new code since 2005: (C) 2015 Greenbone Networks GmbH
Nessus origin: (C) 2004 Renaud Deraison <[email protected]>
License GPLv2: GNU GPL version 2
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.
Checking OpenVAS Scanner version ...
OK: OpenVAS Scanner is present in version 5.0.2.
plugins_folder = /usr/local/var/lib/openvas/plugins
cache_folder = /usr/local/var/cache/openvas
include_folders = /usr/local/var/lib/openvas/plugins
max_hosts = 30
max_checks = 10
be_nice = no
logfile = /usr/local/var/log/openvas/openvassd.messages
log_whole_attack = no
log_plugins_name_at_load = no
dumpfile = /usr/local/var/log/openvas/openvassd.dump
cgi_path = /cgi-bin:/scripts
optimize_test = yes
checks_read_timeout = 5
network_scan = no
non_simult_ports = 139, 445
plugins_timeout = 320
safe_checks = yes
auto_enable_dependencies = yes
use_mac_addr = no
nasl_no_signature_check = no
drop_privileges = no
unscanned_closed = yes
unscanned_closed_udp = yes
vhosts =
vhosts_ip =
report_host_details = yes
cert_file = /usr/local/var/lib/openvas/CA/servercert.pem
key_file = /usr/local/var/lib/openvas/private/CA/serverkey.pem
ca_file = /usr/local/var/lib/openvas/CA/cacert.pem
kb_location = /tmp/redis.sock
config_file = /usr/local/etc/openvas/openvassd.conf
Checking OpenVAS Scanner CA cert ...
OK: OpenVAS Scanner CA Certificate is present as
/usr/local/var/lib/openvas/CA/cacert.pem.
Checking NVT collection ...
OK: NVT collection in /usr/local/var/lib/openvas/plugins
contains 38966 NVTs.
Checking status of signature checking in OpenVAS Scanner ...
OK: Signature checking of NVTs is enabled in OpenVAS Scanner.
OK: The NVT cache in /usr/local/var/cache/openvas contains 38966
files for 38966 NVTs.
Checking presence of redis ...
OK: redis-server is present in version v=2.8.19.
Checking if redis-server is configured properly to run with openVAS ...
OK: scanner (kb_location setting) is configured properly using
the redis-server socket: /tmp/redis.sock
Checking if redis-server is running ...
OK: redis-server is running and listening on socket:
/tmp/redis.sock.
OK: redis-server configuration is OK and redis-server is running.
Checking presence of OpenVAS Manager ...
OpenVAS Manager 6.0.2
Manager DB revision 146
Copyright (C) 2010-2015 Greenbone Networks GmbH
License GPLv2+: GNU GPL version 2 or later
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.
OK: OpenVAS Manager is present in version 6.0.2.
Checking OpenVAS Manager client certificate ...
OK: OpenVAS Manager client certificate is present as
/usr/local/var/lib/openvas/CA/clientcert.pem.
Checking OpenVAS Manager database ...
OK: OpenVAS Manager database found in
/usr/local/var/lib/openvas/mgr/tasks.db.
Checking access rights of OpenVAS Manager database ...
OK: Access rights for the OpenVAS Manager database are correct.
Checking if users exist ...
OK: At least one user exists.
Checking sqlite3 presence ...
OK: sqlite3 found, extended checks of the OpenVAS Manager
installation enabled.
Checking OpenVAS Manager database revision ...
OK: OpenVAS Manager database is at revision 146.
Checking database revision expected by OpenVAS Manager ...
OK: OpenVAS Manager expects database at revision 146.
OK: Database schema is up to date.
Checking OpenVAS Manager database (NVT data) ...
ERROR: The number of NVTs in the OpenVAS Manager database is too
low.
FIX: Make sure OpenVAS Scanner is running with an up-to-date NVT
collection and run 'openvasmd --rebuild'.
WARNING: OpenVAS Scanner is NOT running!
SUGGEST: Start OpenVAS Scanner (openvassd).
_______________________________________________
Openvas-discuss mailing list
[email protected]
https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss
