By the way, is redis-server required for OV 7 as I read Pual mentioned a related issue? The output of my “openvas-check-setup –v7” doesn’t show redis checking.
[root@aleu-vlnx1 aleu1]# openvas-check-setup --v7 openvas-check-setup 2.3.0 Test completeness and readiness of OpenVAS-7 Please report us any non-detected problems and help us to improve this check routine: http://lists.wald.intevation.org/mailman/listinfo/openvas-discuss Send us the log-file (/tmp/openvas-check-setup.log) to help analyze the problem. Use the parameter --server to skip checks for client tools like GSD and OpenVAS-CLI. Step 1: Checking OpenVAS Scanner ... OK: OpenVAS Scanner is present in version 4.0.6. OK: OpenVAS Scanner CA Certificate is present as /var/lib/openvas/CA/cacert.pem. OK: NVT collection in /var/lib/openvas/plugins contains 40639 NVTs. OK: Signature checking of NVTs is enabled in OpenVAS Scanner. WARNING: The initial NVT cache has not yet been generated. SUGGEST: Start OpenVAS Scanner for the first time to generate the cache. Step 2: Checking OpenVAS Manager ... OK: OpenVAS Manager is present in version 5.0.9. OK: OpenVAS Manager client certificate is present as /var/lib/openvas/CA/clientcert.pem. OK: OpenVAS Manager database found in /var/lib/openvas/mgr/tasks.db. OK: Access rights for the OpenVAS Manager database are correct. OK: At least one user exists. OK: sqlite3 found, extended checks of the OpenVAS Manager installation enabled. OK: OpenVAS Manager database is at revision 123. OK: OpenVAS Manager expects database at revision 123. OK: Database schema is up to date. OK: OpenVAS Manager database contains information about 40380 NVTs. OK: OpenVAS SCAP database found in /var/lib/openvas/scap-data/scap.db. OK: OpenVAS CERT database found in /var/lib/openvas/cert-data/cert.db. OK: xsltproc found. Step 3: Checking user configuration ... WARNING: Your password policy is empty. SUGGEST: Edit the /etc/openvas/pwpolicy.conf file to set a password policy. Step 4: Checking Greenbone Security Assistant (GSA) ... OK: Greenbone Security Assistant is present in version 5.0.6. Step 5: Checking OpenVAS CLI ... OK: OpenVAS CLI version 1.3.1. Step 6: Checking Greenbone Security Desktop (GSD) ... SKIP: Skipping check for Greenbone Security Desktop. Step 7: Checking if OpenVAS services are up and running ... OK: netstat found, extended checks of the OpenVAS services enabled. OK: OpenVAS Scanner is running and listening on all interfaces. OK: OpenVAS Scanner is listening on port 9391, which is the default port. OK: OpenVAS Manager is running and listening on all interfaces. OK: OpenVAS Manager is listening on port 9390, which is the default port. OK: Greenbone Security Assistant is running and listening on all interfaces. OK: Greenbone Security Assistant is listening on port 9392, which is the default port. Step 8: Checking nmap installation ... OK: nmap is present in version 5.51. Step 10: Checking presence of optional tools ... OK: pdflatex found. OK: PDF generation successful. The PDF report format is likely to work. OK: ssh-keygen found, LSC credential generation for GNU/Linux targets is likely to work. OK: rpm found, LSC credential package generation for RPM based targets is likely to work. WARNING: Could not find alien binary, LSC credential package generation for DEB based targets will not work. SUGGEST: Install alien. OK: nsis found, LSC credential package generation for Microsoft Windows targets is likely to work. OK: SELinux is disabled. It seems like your OpenVAS-7 installation is OK. From: Artie Leu Sent: Wednesday, September 09, 2015 11:25 AM To: 'Eero Volotinen' Cc: [email protected]; Paul J Subject: RE: [Openvas-discuss] [Newsletter] Re: OpenVAS 7 on VM is working on HTTP/HTTPS/Telnet/SSH ports? Hi Eero and Paul, I did. SElinux on my CentOS has been disabled permanently on file /etc/sysconfig/selinux before I sued OV 7. From: [email protected]<mailto:[email protected]> [mailto:[email protected]] On Behalf Of Eero Volotinen Sent: Wednesday, September 09, 2015 11:19 AM To: Artie Leu Cc: [email protected]<mailto:[email protected]>; Paul J Subject: Re: [Openvas-discuss] [Newsletter] Re: OpenVAS 7 on VM is working on HTTP/HTTPS/Telnet/SSH ports? Disable selinux on your machine.openvas does not work with selinux enabled. Eero 9.9.2015 9.16 ip. "Artie Leu" <[email protected]<mailto:[email protected]>> kirjoitti: Hi Paul, it is just an external scan in same subnet. Those appliances have embedded OS (linux kernel) but no firewall. Thanks. -Artie From: Openvas-discuss [mailto:[email protected]<mailto:[email protected]>] On Behalf Of Paul J Sent: Wednesday, September 09, 2015 1:31 AM To: [email protected]<mailto:[email protected]> Subject: [Newsletter] Re: [Openvas-discuss] OpenVAS 7 on VM is working on HTTP/HTTPS/Telnet/SSH ports? Are you trying to do a credentialed scan or simply an external scan? Do these appliances have an OS and firewall? From: Openvas-discuss [mailto:[email protected]] On Behalf Of Artie Leu Sent: Tuesday, September 08, 2015 6:10 PM To: [email protected]<mailto:[email protected]> Subject: [Openvas-discuss] OpenVAS 7 on VM is working on HTTP/HTTPS/Telnet/SSH ports? Hello experts, Please help… I am a beginner of OpenVAS. I like OpenVAS design and its architecture very much, but I am stuck by my trial experience at this point. Recently I installed OpenVAS 7 on a CentOS 6.6 VM and scanned some appliance products of my company in same subnet that have HTTP/HTTPS/SSH/Telnet/Ping/SNMP services open on the mgmt. IP. Although scan progress looked normal till done status, somehow scan results are always empty with various targets/port lists, and scan config. The OS is not even detected. Using task wizard didn’t help. Meanwhile I used other 3rd party scan tools (e,g Qualys) and found some vulnerabilities detected and reported, but I don’t want to give up OpenVAS. I ran openvas-check-setup –v7 without any errors before I used OpenVAS. I wonder if I missed any configurations that are critical to the scan engines. Can someone hint me where to start diagnose to ensure the scan is properly configured to function? Thanks in advance. Artie ________________________________ *** Please note that this message and any attachments may contain confidential and proprietary material and information and are intended only for the use of the intended recipient(s). If you are not the intended recipient, you are hereby notified that any review, use, disclosure, dissemination, distribution or copying of this message and any attachments is strictly prohibited. If you have received this email in error, please immediately notify the sender and destroy this e-mail and any attachments and all copies, whether electronic or printed. Please also note that any views, opinions, conclusions or commitments expressed in this message are those of the individual sender and do not necessarily reflect the views of Fortinet, Inc., its affiliates, and emails are not binding on Fortinet and only a writing manually signed by Fortinet's General Counsel can be a binding commitment of Fortinet to Fortinet's customers or partners. Thank you. *** ________________________________ ________________________________ *** Please note that this message and any attachments may contain confidential and proprietary material and information and are intended only for the use of the intended recipient(s). If you are not the intended recipient, you are hereby notified that any review, use, disclosure, dissemination, distribution or copying of this message and any attachments is strictly prohibited. If you have received this email in error, please immediately notify the sender and destroy this e-mail and any attachments and all copies, whether electronic or printed. Please also note that any views, opinions, conclusions or commitments expressed in this message are those of the individual sender and do not necessarily reflect the views of Fortinet, Inc., its affiliates, and emails are not binding on Fortinet and only a writing manually signed by Fortinet's General Counsel can be a binding commitment of Fortinet to Fortinet's customers or partners. Thank you. *** ________________________________ _______________________________________________ Openvas-discuss mailing list [email protected]<mailto:[email protected]> https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss *** Please note that this message and any attachments may contain confidential and proprietary material and information and are intended only for the use of the intended recipient(s). If you are not the intended recipient, you are hereby notified that any review, use, disclosure, dissemination, distribution or copying of this message and any attachments is strictly prohibited. If you have received this email in error, please immediately notify the sender and destroy this e-mail and any attachments and all copies, whether electronic or printed. Please also note that any views, opinions, conclusions or commitments expressed in this message are those of the individual sender and do not necessarily reflect the views of Fortinet, Inc., its affiliates, and emails are not binding on Fortinet and only a writing manually signed by Fortinet's General Counsel can be a binding commitment of Fortinet to Fortinet's customers or partners. Thank you. ***
_______________________________________________ Openvas-discuss mailing list [email protected] https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss
