Thanks Reindl, It seems a little complicated, right? Does anyone applying it to secure the own OpenVAS?
Diego To: [email protected] From: [email protected] Date: Tue, 20 Oct 2015 14:35:23 +0200 Subject: Re: [Openvas-discuss] Vulnerabilities OpenVAS Am 20.10.2015 um 14:30 schrieb Diego Gomes: > Thanks Chris, > > So, I need to: > > vi /usr/lib/systemd/system/openvas-scanner.service never ever touch /usr/lib/systemd/system/ whatever you touch would be overwritten with the next update and so you throw away one of the biggest improvements compard to sysvinit * disable services you want to edit * copy the systemd-unit to /etc/systemd/system/ * edit the copy there * enable the service again * systemctl daemon reload * systemctl restart servicename > insert > "--gnutls-priorities="SECURE128:-AES-128-CBC:-CAMELLIA-128-CBC:-VERS-SSL3.0:-VERS-TLS1.0"" > this line at the end of the file? for sure not at the end of the systemd-unit what should systemd do with that line? it's a param for the ExecStart process if there is not a config file > The same for /usr/lib/systemd/system/openvas-manager.service same as above - don't touch /usr/lib/systemd > > From: [email protected] > > To: [email protected] > > Date: Tue, 20 Oct 2015 14:13:38 +0200 > > Subject: Re: [Openvas-discuss] Vulnerabilities OpenVAS > > > > Hi, > > > > > gsad > --gnutls-priorities="SECURE128:-AES-128-CBC:-CAMELLIA-128-CBC:-VERS-SSL3.0:-VERS-TLS1.0" > > > > > > restarted openvas-manager, openvas-scanner, gsad > > > > > > Started scan against localhost and the same results: > > > > you also need to add this gnutls-priorities to the openvas-manager > (openvasmd) and openvas-scanner (openvassd) startup. _______________________________________________ Openvas-discuss mailing list [email protected] https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss
_______________________________________________ Openvas-discuss mailing list [email protected] https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss
