I was able to solve the issue - thanks all those that helped.
Note, it turned out it had nothing to do with CentOS 6 - OpenVAS 8 should work just fine installed on CentOS 6 so long as you build the libraries in /usr/local/... and not /usr/...
Here's the problem / solution:
Problem: I was not getting reports from my scans - the scans were working (I knew this because of the length of time they were taking and the fact that I was seeing "results" - just not "reports" or "hosts" in the Asset Management).
Detail: It turns out that the report generation code is installed into /share/openvas/. The /share directory (and all sub-directories) are chmod 700. That seems OK since I'm logged in as root and running the "omp" commands as root. However, the report generation process is kicked off as user "99" (AKA: "nobody") and that user does not have permissions to access the /share directory tree.
Solution: My solution is low tech (perhaps a developer can adjust the build scripts...) all I did was chmod the directory so that others can access it:
find /share -type d -exec chmod 755 {} \;
find /share -type f -exec chmod og+rX {} \;
NOTE: once I did this I was able to access the reports via "omp" command AND vie the GSA GUI - I didn't even need to re-run the scans :)
Those commands open up the /share directory structure so that anyone can access the report generation code.
Possible development changes:
- move report code out of /share/openvas and into the /var/lib/openvas
- set a mask so that when /share is created and files are written into it they have the proper chmod so that "nobody" can access them
Brian
On June 16, 2015 at 2:46 PM Eero Volotinen <[email protected]> wrote:Redhat uses technique called backporting, so hand compling libraries from sources usually breaks system totally, if done without proper knowledge as it looks.Please do as we told and use centos 7.1 or older version of openvas.--Eero2015-06-16 20:58 GMT+03:00 Brian Thompson <[email protected]>:That will be my last resort. Our entire shop is CentOS 6, I'd rather not introduce an exception to the environment unless I have no other choice.
Brian
On June 16, 2015 at 9:53 AM Eero Volotinen <[email protected]> wrote:How about using centos 7 instead of blindy compiling libraries by hand.Openvas8 works fine on centos 7.1--Eero2015-06-16 16:27 GMT+03:00 Brian Thompson <[email protected]>:When I try and attach to an old report I see the following in the *md.log
report_severity: max(severity)=0.0
command: /bin/sh /share/openvas/openvasmd/global_report_formats/a994b278-1f62-11e1-96ac-406186ea4fc5/generate /tmp/openvasmd_T3aKoY/report.xml > /tmp/openvasmd_T3sKoY/report.out 2> /dev/null
If I start a new scan I see:
Connected to server on socket 15.
Status of task Immediate scan of IP openv (<uuid>) has changed to Requested
Task <uuid> has been requested to start by admin
Status of task Immediate scan of IP openv (UUID) has changed to Running
Failed to shake hands with peer: The TLS connection was non-properly terminated.
serve_client: failed to attach client session to socket 9
Failed to gnutls_bye: GnuTLS internal error.
(Then a bunch of "Shook hands with peer." until the job finishes)
Failed to shake hands with peer: The TLS connection was non-properly terminated.
server_client: failed to attach client session to socket 9
Failed to gnutls_bye: GnuTLS internal error.
Status of task Immediate scan of IP openv (UUID) has changed to Done
I think were on to something. I'm using gnutls-3.2.14 which I compiled myself since the CentOS 6 supplied version was too old (2.8.5), but based on the errors above it looks like there is something wrong with either the build or the version...Any ideas? Perhaps it's just a linking/path problem (perhaps it's finding the older version when it should be finding the compiled files)?
Brian
On June 16, 2015 at 3:14 AM Michael Meyer <[email protected]> wrote:
*** Brian Thompson wrote:
> But still no reports generated.
Set all "level" to 128 in "/etc/openvas/openvasmd_log.conf" and start
manager with "-v". Watch "/var/log/openvas/openvasmd.log" when
accessing a report. Maybe you'll see something that helps.
Micha
--
Michael Meyer OpenPGP Key: 0xAF069E9152A6EFA6
http://www.greenbone.net/
Greenbone Networks GmbH, Neuer Graben 17, 49074 Osnabrück | AG
Osnabrück, HR B 202460
Geschäftsführer: Lukas Grunwald, Dr. Jan-Oliver Wagner
_______________________________________________
Openvas-discuss mailing list
[email protected]
https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss
_______________________________________________
Openvas-discuss mailing list
[email protected]
https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss
_______________________________________________ Openvas-discuss mailing list [email protected] https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss
