If there isn't a lot of entropy during key generation on the system, it can take a long time to create strong RSA keys for encrypting the credentials on the system.
On Thu, Jul 16, 2015 at 10:41 AM, Wesley Botham <[email protected]> wrote: > I just set up OpenVAS 8 in an Ubuntu 14.04 VM. I ran openvas-check-setup > 2.3.1 and it looks fine (http://pastebin.com/mjAm2pYu). I also ran an > immediate scan on 127.0.0.1, which finished quickly and successfully. > > Then I added a key via Configuration -> Targets -> Credentials. After > clicking Create Credential, the page hangs. It took 16 minutes to finish, > according to the logs: > > md crypt: INFO:2015-07-16 14h09.41 UTC:25498: starting key generation > ... > md crypt: INFO:2015-07-16 14h25.30 UTC:25498: OpenPGP key 'OpenVAS > Credential Encryption' has been generated > > I didn't know what was happening, so I opened another Greenbone tab and > tried to run an immediate scan, which did not start until after the key > generation finished. > > While generating the key, openvas-check-setup also hangs upon running > `openvasmd --get-users`, resulting in the following output: > > openvas-check-setup 2.3.1 > Test completeness and readiness of OpenVAS-8 > (add '--v6' or '--v7' or '--v9' > if you want to check for another OpenVAS version) > Please report us any non-detected problems and > help us to improve this check routine: > http://lists.wald.intevation.org/mailman/listinfo/openvas-discuss > Send us the log-file (/tmp/openvas-check-setup.log) to help analyze the > problem. > Use the parameter --server to skip checks for client tools > like GSD and OpenVAS-CLI. > Step 1: Checking OpenVAS Scanner ... > OK: OpenVAS Scanner is present in version 5.0.3. > OK: OpenVAS Scanner CA Certificate is present as > /usr/local/var/lib/openvas/CA/cacert.pem. > OK: redis-server is present in version v=2.8.4. > OK: scanner (kb_location setting) is configured properly using the > redis-server socket: /tmp/redis.sock > OK: redis-server is running and listening on socket: > /tmp/redis.sock. > OK: redis-server configuration is OK and redis-server is running. > OK: NVT collection in /usr/local/var/lib/openvas/plugins contains > 39767 NVTs. > WARNING: Signature checking of NVTs is not enabled in OpenVAS > Scanner. > SUGGEST: Enable signature checking (see > http://www.openvas.org/trusted-nvts.html). > OK: The NVT cache in /usr/local/var/cache/openvas contains 39767 > files for 39767 NVTs. > Step 2: Checking OpenVAS Manager ... > OK: OpenVAS Manager is present in version 6.0.3. > OK: OpenVAS Manager client certificate is present as > /usr/local/var/lib/openvas/CA/clientcert.pem. > OK: OpenVAS Manager database found in > /usr/local/var/lib/openvas/mgr/tasks.db. > OK: Access rights for the OpenVAS Manager database are correct. > > This happens whenever I set up a new instance of OpenVAS. It only happens > once; if I add a second credential, it succeeds immediately. > > What could be causing this one-time 16-minute delay? Is there a startup > process in the background that delays other actions until it finishes? Is > it (as it seems) triggered by my first attempt to add a credential? Is > there something I can do to front-load this process or monitor it? (I can > live with the delay, but ideally I want my bootstrap scripts to handle it > or at least to make it transparent to the next user of my VM.) > > Thanks! > > *-- * > *Wesley J. Botham* | Software Developer, U.S. Rating > *Applied Systems, Inc.* > www.appliedsystems.com | [email protected] > > > _______________________________________________ > Openvas-discuss mailing list > [email protected] > https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss > -- http://volatile-minds.blogspot.com -- blog http://www.volatileminds.net -- website
_______________________________________________ Openvas-discuss mailing list [email protected] https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss
