Sep 17 18:04:27 bh01 sshd[4450]: Set /proc/self/oom_score_adj to 0Sep 17 
18:04:27 bh01 sshd[4450]: Connection from 75.*.*.* port 46882 on 66.*.*.* port 
22Sep 17 18:04:27 bh01 sshd[4450]: Connection closed by 75.*.*.* [preauth]


75.* is the OpenVAS66.* is the target CentOS box.




Date: Fri, 18 Sep 2015 00:53:12 +0300
Subject: Re: [Openvas-discuss] Setting up SSH connection to WHM (CPanel) Centos 
Box
From: [email protected]
To: [email protected]
CC: [email protected]

You should study your os a bit, to at least get ssh login information to logs.
If I remember correctly, it's located in /var/log/secure (centos) and at least 
is should be default on many os versions.
--Eero
2015-09-17 23:57 GMT+03:00 Walter York <[email protected]>:






Apologies for my ignorance...
I have updated /etc/ssh/sshd_configSyslogFacility AUTHPRIVLogLevel VERBOSE
service sshd restart

I don't have: /var/log/auth.log
the following do not appear to contain any extra detail than 
before.../var/log/messages/var/log/audit.log
How and where do I enable the type of auditing you are looking for... please 
assume that I am an imbecile with your instructions...


Date: Thu, 17 Sep 2015 23:20:28 +0300
Subject: Re: [Openvas-discuss] Setting up SSH connection to WHM (CPanel) Centos 
Box
From: [email protected]
To: [email protected]
CC: [email protected]

Hard to say, as you are not showing any relevant logs of this issue. 
You should enable enought log level of scanned box on sshd and provide relevant 
output ..
Eero
2015-09-17 23:17 GMT+03:00 Walter York <[email protected]>:



I "could" go through the time to create a centos 7 OpenVAS box but that would 
take away from the ease of having a single VM (Kali 2) to perform all of my 
testing activities.  Is there some known issue that openvas 7 won't 
authenticate to certain servers via SSH that would necessitate a version 
upgrade?
Something of interest in the target log is: op=login acct="(unknown)".  Yet I 
have properly entered the root account as the login within OpenVAS.  I must 
stress that I am able to use Putty on the same openvas box to successfully 
connect.



Date: Thu, 17 Sep 2015 23:05:08 +0300
Subject: Re: [Openvas-discuss] Setting up SSH connection to WHM (CPanel) Centos 
Box
From: [email protected]
To: [email protected]
CC: [email protected]

well, so it's using openvas 7. You should try centos 7 for scanning box and 
install openvas 8 from atomic corp repo.
--Eero
2015-09-17 22:57 GMT+03:00 Walter York <[email protected]>:



selinux does not appear to be installed on the openvas box... this is Kali v2
root@test02:~# getenforcebash: getenforce: command not foundroot@test02:~# cat 
/etc/sysconfig/selinuxcat: /etc/sysconfig/selinux: No such file or 
directoryroot@test02:~# 
dpkg -lii  sctpscan       0.1-1kali1   amd64        SCTP network scanner for 
discoverii  sed            4.2.2-4+b1   amd64        The GNU sed stream 
editorii  sendemail      1.56-5       all          lightweight, command line 
SMTP em


Date: Thu, 17 Sep 2015 22:37:57 +0300
Subject: Re: [Openvas-discuss] Setting up SSH connection to WHM (CPanel) Centos 
Box
From: [email protected]
To: [email protected]
CC: [email protected]

Is selinux disabled on openvas box?
Eero
17.9.2015 10.27 ip. "Walter York" <[email protected]> kirjoitti:



I am trying to use OpenVAS to perform a vulnerability scan against a WHM 
(CPanel) VPS box.  I am unable to get OpenVAS to connect to it either by 
username/password or certificate/password.  However, on the same OpenVAS box, I 
can use putty to connect either way.  I have disabled ConfigServer Security & 
Firewall and ModSEC.
Here is output from /var/log/audit/audit.log on the target 
box...type=USER_LOGIN msg=audit(1442515160.849:6594): pid=31916 uid=0 
auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 
msg='op=login acct="(unknown)" exe="/usr/sbin/sshd" hostname=? addr=75.*.*.* 
terminal=ssh res=failed'
I can use Putty on the same OpenVAS box and connect to my target using the same 
credential and password or certificate and password with no problems.           
                          

_______________________________________________

Openvas-discuss mailing list

[email protected]

https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss
                                          

                                          


                                          

                                          
_______________________________________________
Openvas-discuss mailing list
[email protected]
https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss

Reply via email to