Re: [Openvas-discuss] Service temporarily down

Eero Volotinen Mon, 09 Nov 2015 03:27:08 -0800

Well, that might be related to Debian or something else. As I don't use
Debian as my primary platform, it's a bit complex to say :) Atomic Corp
provides working openvas8 rpm-packages  and they work fine. Is there really
recent debian packages for openvas8 or it is source installation only?


Usually problem might be related to some incorrect library versions.

--
Eero

2015-11-09 13:21 GMT+02:00 Helmut Koers <hko...@de.hellmann.net>:

> So that seems to be related to Debian? May it have something to do with
> the fact that OpenVAS did no find any vulnerabilities in regards to
> certificates anymore, without applying any custom load commands?
>
>
> 09.11.2015----09:43:42eero.t.voloti...@gmail.com wrote on 09.11.2015
> 09:43:42:
>
> > From: Eero Volotinen
> <eero.voloti...@iki.fi>> To: Helmut Koers <HK
> o...@de.hellmann.net>, > Cc: "openvas-discuss@wald.intevation.org"
> <openvas-
> > discu
> s...@wald.intevation.org>>
>  Date: 09.11.2015 09:43> Subject: Re: [Openvas-discuss] S
> ervice temporarily down> Sent by: eer
> o.t.voloti...@gmail.com>
> > Well, works fine for me. I am using Centos
>  7 and latest OpenVAS8.>
> > Maybe you should al
> so try
> with C
> entos 7 :)>
> > --> Eero>
> > 2015-11-09 9:55 GMT+02:00 Helmut Koers <H
> ko...@de.hellmann.net>:> Yes, system clock is on correct time.
> >
> > I even tried to copy certificates from a fresh/working installation to
> an
> > updated/not working one and ran into the same issues. May there be a
> link
> > to the certificates anywhere, that need to be updated?
> >
> >
> > 08.11.2015----18:06:42eero.t.voloti...@gmail.com wrote on 08.11.2015
> > 18:06:42:
> >
> > > From: Eero Volotinen
> > <eero.voloti...@iki.fi>> To: Helmut Koers <HK
> > o...@de.hellmann.net>, > Cc: "openvas-discuss@wald.intevation.org"
> > <openvas-
> > > discu
> > s...@wald.intevation.org>>
> >  Date: 08.11.2015 18:06> Subject: Re: [Openvas-discuss] S
> > ervice temporarily down> Sent by: eer
> > o.t.voloti...@gmail.com>
> > > Is the system clock o
> > n corr
> > ect time?
> > >
> > > --> Eero>
> > > 2015-11-08 20:02 GMT+03:00 Helmut Koers <H
> > ko...@de.hellmann.net>:> It loads the certificates
>  exactly from the place> I looked at, as you can
> > > see below.
> > >
> > > open("/var/lib/openvas/private/CA/serverkey.pem", O_RDONLY) = 5
> > > open("/var/lib/openvas/CA/servercert.pem", O_RDONLY) = 5
> > > open("/var/lib/openvas/CA/cacert.pem", O_RDONLY) = 5
> > >
> > > I did a clean installation of Debian Jessie and OpenVAS8 using latest
> > > install media, and am having the same issues after renewing
> certificates
> > > as mentioned before.
> > >
> > >
> > > 06.11.2015----16:53:54eero.t.voloti...@gmail.com wrote on 06.11.2015
> > > 16:53:54:
> > >
> > > > From: Eero Volotinen
> > > <eero.voloti...@iki.fi>> To: Helmut Koers <HK
> > > o...@de.hellmann.net>, > Cc: openvas-disc
> > > u...@wald.intevation.org>
> > >  Date: 06.11.2015 16:53> Subject: Re: [Openvas-discuss] S
> > > ervice temporarily down> Sent by: eer
> > > o
> > .t.voloti...@gmail.com>> > Well, you could start openvasmd under strace
> > like this strace -f -e
> > > > open openvasmd and look wher
> > > e it open certificates.> Maybe you are l
> > > ooking
> > >  in wrong place..> Eero> 6.11.2015 3.51 ip. "Helmut Koers"
> <HKoers@de.h
> > > ellmann.net> kirjoitti:> Yes, I have tried both, deleting client,
> server
> > > and ca certs as well as
> > > > cert and keys (.../var/lib/openvas/CA/ und
> > > > .../var/lib/openvas/private/CA/), which then have been newly
> created.
> > > I've
> > > > tried it several time, but here was not difference, I am am still
> > seeing
> > > > the error message and am not able to execute a scan.
> > > >
> > > >
> > > > 06.11.2015----13:29:56eero.t.voloti...@gmail.com wrote on 06.11.2015
> > > > 13:29:56:
> > > >
> > > > > From: Eero Volotinen
> > > > <eero.voloti...@iki.fi>> To: Helmut Koers <HK
> > > > o...@de.hellmann.net>, > Cc: openvas-disc
> > > > u...@wald.intevation.org>
> > > >  Date: 06.11.2015 13:30> Subject: Re: [Openvas-discuss] S
> > > > ervice temporarily down> Sent by: eer
> > > > o.t.voloti...@gmail.com>
> > > > > Well, did you really deleted server ca
> > > > , cert
> > > >  and client cert?> Eero> 6.11.2015 12.57 ip. "Helmut Koers"
> > <HKoers@de.h
> > > > ellmann.net> kirjoitti:> Unfortunately, that did not solve the
> issue,
> > > same
> > > > error in GSAD than
> > > > > before.
> > > > >
> > > > > Not sure if I got the right error message in openvasmd.log before,
> > now
> > > I
> > > > > see the following:
> > > > >
> > > > > lib  serv:WARNING:2015-11-06 11h51.21 CET:7977:
> > openvas_server_verify:
> > > > the
> > > > > certificate is not trusted
> > > > > lib  serv:WARNING:2015-11-06 11h51.21 CET:7977:
> > openvas_server_verify:
> > > > the
> > > > > certificate hasn't got a known issuer
> > > > > event task:MESSAGE:2015-11-06 11h51.21 CET:7977: Task
> > > > > c0d4970e-cfa7-478f-9988-3dbfc3f11b52 could not be started by
> ovadmin
> > > > >
> > > > > I repeated the actions I have been received, but no change.
> > > > >
> > > > >
> > > > > 06.11.2015----10:59:20eero.t.voloti...@gmail.com wrote on
> 06.11.2015
> > > > > 10:59:20:
> > > > >
> > > > > > From: Eero Volotinen
> > > > > <eero.voloti...@iki.fi>> To: Helmut Koers <HK
> > > > > o...@de.hellmann.net>, > Cc: openvas-disc
> > > > > u...@wald.intevation.org>
> > > > >  Date: 06.11.2015 10:59> Subject: Re: [Openvas-discuss] S
> > > > > ervice temporarily down> Sent by: eer
> > > > > o.t.voloti...@gmail.com>
> > > > > > Try to delete old ca and certs and then regener
> > > > > ate &
> > > > > restart services.> Eero> 6.11.2015 10.44 ap. "Helmut Koers"
> > > <HKoers@de.h
> > > > > ellmann.net> kirjoitti:> Hi all,
> > > > > > after renewing OpenVAS certificates as requested:
> > > > > >
> > > > > > openvas-mkcert -f -q
> > > > > > openvas-mkcert-client -n -i
> > > > > >
> > > > > > and reooting the entire system, I can't run a scan anymore
> getting
> > > an
> > > > > > error message in GSAD saying:
> > > > > >
> > > > > > Operation:              Start Task
> > > > > > Status code:            503
> > > > > > Status message:         Service temporarily down
> > > > > >
> > > > > > The openvasmd.log shows the following:
> > > > > >
> > > > > > lib  serv:WARNING:2015-11-06 09h36.44 CET:966: Failed to shake
> > hands
> > > > > with
> > > > > > peer: The TLS connection was non-properly terminated.
> > > > > > lib  serv:WARNING:2015-11-06 09h36.44 CET:966: Failed to
> shutdown
> > > > server
> > > > > > socket
> > > > > > event task:MESSAGE:2015-11-06 09h36.44 CET:966: Task
> > > > > > 2e6cc5ec-27e3-4f29-8e53-8b2e6af6c81d could not be started by
> admin
> > > > > >
> > > > > > I am running OpenVAS 8 on Debian Jessie.
> > > > > >
> > > > > > Any advice is appreciated.
> > > > > > _______________________________________________
> > > > > > Openvas-discuss mailing list
> > > > > > Openvas-discuss@wald.intevation.org
> > > > > >
> > > > >
> > > >
> > >
> >
> https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss
>

_______________________________________________
Openvas-discuss mailing list
Openvas-discuss@wald.intevation.org
https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss

Re: [Openvas-discuss] Service temporarily down

Reply via email to