Sep 17 18:04:27 bh01 sshd[4450]: Set /proc/self/oom_score_adj to 0Sep 17 18:04:27 bh01 sshd[4450]: Connection from 75.*.*.* port 46882 on 66.*.*.* port 22Sep 17 18:04:27 bh01 sshd[4450]: Connection closed by 75.*.*.* [preauth]
75.* is the OpenVAS66.* is the target CentOS box. Date: Fri, 18 Sep 2015 00:53:12 +0300 Subject: Re: [Openvas-discuss] Setting up SSH connection to WHM (CPanel) Centos Box From: [email protected] To: [email protected] CC: [email protected] You should study your os a bit, to at least get ssh login information to logs. If I remember correctly, it's located in /var/log/secure (centos) and at least is should be default on many os versions. --Eero 2015-09-17 23:57 GMT+03:00 Walter York <[email protected]>: Apologies for my ignorance... I have updated /etc/ssh/sshd_configSyslogFacility AUTHPRIVLogLevel VERBOSE service sshd restart I don't have: /var/log/auth.log the following do not appear to contain any extra detail than before.../var/log/messages/var/log/audit.log How and where do I enable the type of auditing you are looking for... please assume that I am an imbecile with your instructions... Date: Thu, 17 Sep 2015 23:20:28 +0300 Subject: Re: [Openvas-discuss] Setting up SSH connection to WHM (CPanel) Centos Box From: [email protected] To: [email protected] CC: [email protected] Hard to say, as you are not showing any relevant logs of this issue. You should enable enought log level of scanned box on sshd and provide relevant output .. Eero 2015-09-17 23:17 GMT+03:00 Walter York <[email protected]>: I "could" go through the time to create a centos 7 OpenVAS box but that would take away from the ease of having a single VM (Kali 2) to perform all of my testing activities. Is there some known issue that openvas 7 won't authenticate to certain servers via SSH that would necessitate a version upgrade? Something of interest in the target log is: op=login acct="(unknown)". Yet I have properly entered the root account as the login within OpenVAS. I must stress that I am able to use Putty on the same openvas box to successfully connect. Date: Thu, 17 Sep 2015 23:05:08 +0300 Subject: Re: [Openvas-discuss] Setting up SSH connection to WHM (CPanel) Centos Box From: [email protected] To: [email protected] CC: [email protected] well, so it's using openvas 7. You should try centos 7 for scanning box and install openvas 8 from atomic corp repo. --Eero 2015-09-17 22:57 GMT+03:00 Walter York <[email protected]>: selinux does not appear to be installed on the openvas box... this is Kali v2 root@test02:~# getenforcebash: getenforce: command not foundroot@test02:~# cat /etc/sysconfig/selinuxcat: /etc/sysconfig/selinux: No such file or directoryroot@test02:~# dpkg -lii sctpscan 0.1-1kali1 amd64 SCTP network scanner for discoverii sed 4.2.2-4+b1 amd64 The GNU sed stream editorii sendemail 1.56-5 all lightweight, command line SMTP em Date: Thu, 17 Sep 2015 22:37:57 +0300 Subject: Re: [Openvas-discuss] Setting up SSH connection to WHM (CPanel) Centos Box From: [email protected] To: [email protected] CC: [email protected] Is selinux disabled on openvas box? Eero 17.9.2015 10.27 ip. "Walter York" <[email protected]> kirjoitti: I am trying to use OpenVAS to perform a vulnerability scan against a WHM (CPanel) VPS box. I am unable to get OpenVAS to connect to it either by username/password or certificate/password. However, on the same OpenVAS box, I can use putty to connect either way. I have disabled ConfigServer Security & Firewall and ModSEC. Here is output from /var/log/audit/audit.log on the target box...type=USER_LOGIN msg=audit(1442515160.849:6594): pid=31916 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login acct="(unknown)" exe="/usr/sbin/sshd" hostname=? addr=75.*.*.* terminal=ssh res=failed' I can use Putty on the same OpenVAS box and connect to my target using the same credential and password or certificate and password with no problems. _______________________________________________ Openvas-discuss mailing list [email protected] https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss
_______________________________________________ Openvas-discuss mailing list [email protected] https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss
