There is an issue with the setup of OpenRC in Gentoo for Openvas-8. The symbolic links in /etc/conf.d are called openvas-scanner and openvas-manager where as the init scripts in /etc/init.d are openvassd and openvasmd. If you remove the existing links from /etc/conf.d and create new ones for the files /etc/openvas/openvassd-daemon.conf and /etc/openvas/openvasmd-daemon.conf with the same names as the init scripts, then starting the daemon will then pickup the configuration directives correctly.
Also, do either of you know if the usage of redis is required with openvas-8 or is it just recommended? On Mon, Nov 30, 2015 at 11:33 AM, Eero Volotinen <[email protected]> wrote: > Well. I think without --listen it tried to bind 0.0.0.0.0 on both ipv4 and > ipv6 and it fails on non dual ipvstack machines. > > -- > Eero > > 2015-11-30 18:28 GMT+02:00 Daniel Neto <[email protected]>: > >> Hi Eero, >> >> Thank you for you quick answer.Now I'll look why my service parameters >> such --listen wasn't be loaded in initialization. >> >> Regards, >> >> -- >> Daniel Neto >> >> >> On Mon, Nov 30, 2015 at 12:52 PM, Eero Volotinen <[email protected]> >> wrote: >> >>> Yes, that is "bug/feature" that if ipv6 is disabled and then you don't >>> specify ipv4 address to --listen string, then some of openvas services >>> won't start. >>> I think it was fixed on some newer versions? >>> >>> -- >>> Eero >>> >>> 2015-11-30 16:49 GMT+02:00 Daniel Neto <[email protected]>: >>> >>>> Hi Friends, >>>> >>>> I'm using Openvas8 stable on my funtoo/gentoo environment. (Official >>>> ebuilds). >>>> >>>> I'm getting the following message when try to start as service: >>>> >>>> usr # tail -f /var/log/openvas/openvasmd.log >>>> md main:WARNING:2015-11-30 12h32.22 utc:31857: Failed to create >>>> manager socket: Address family not supported by protocol >>>> md main:WARNING:2015-11-30 12h32.46 utc:31887: Failed to create >>>> manager socket: Address family not supported by protocol >>>> md main:WARNING:2015-11-30 12h34.19 utc:31940: Failed to create >>>> manager socket: Address family not supported by protocol >>>> md main:WARNING:2015-11-30 12h35.48 utc:32180: Failed to create >>>> manager socket: Address family not supported by protocol >>>> >>>> If I run openvasmd manually with openvasmd --listen=127.0.0.1 its works >>>> well, but not as service passing the parameters by conf.d (OpenRC). >>>> >>>> My main question is: If no conf or openvasmd.conf is passed, where or >>>> what is the default settings loaded? Maybe the ipv6 search to bind address? >>>> My server have all ipv6 related disabled (custom kernel). >>>> >>>> In attach my openvas-check-setup: >>>> >>>> openvas-check-setup 2.2.6 >>>> Test completeness and readiness of OpenVAS-8 >>>> >>>> Please report us any non-detected problems and >>>> help us to improve this check routine: >>>> http://lists.wald.intevation.org/mailman/listinfo/openvas-discuss >>>> >>>> Send us the log-file (/tmp/openvas-check-setup.log) to help analyze >>>> the problem. >>>> >>>> Step 1: Checking OpenVAS Scanner ... >>>> OK: OpenVAS Scanner is present in version 5.0.4. >>>> OK: OpenVAS Scanner CA Certificate is present as >>>> /var/lib/openvas/CA/cacert.pem. >>>> OK: NVT collection in /var/lib/openvas/plugins contains 44698 >>>> NVTs. >>>> WARNING: Signature checking of NVTs is not enabled in OpenVAS >>>> Scanner. >>>> SUGGEST: Enable signature checking (see >>>> http://www.openvas.org/trusted-nvts.html). >>>> OK: The NVT cache in /var/cache/openvas contains 44698 files >>>> for 44698 NVTs. >>>> Step 2: Checking OpenVAS Manager ... >>>> OK: OpenVAS Manager is present in version 6.0.6. >>>> OK: OpenVAS Manager client certificate is present as >>>> /var/lib/openvas/CA/clientcert.pem. >>>> OK: OpenVAS Manager database found in >>>> /var/lib/openvas/mgr/tasks.db. >>>> OK: Access rights for the OpenVAS Manager database are correct. >>>> OK: sqlite3 found, extended checks of the OpenVAS Manager >>>> installation enabled. >>>> OK: OpenVAS Manager database is at revision 146. >>>> OK: OpenVAS Manager expects database at revision 146. >>>> OK: Database schema is up to date. >>>> OK: OpenVAS Manager database contains information about 44698 >>>> NVTs. >>>> OK: OpenVAS SCAP database found in >>>> /var/lib/openvas/scap-data/scap.db. >>>> OK: OpenVAS CERT database found in >>>> /var/lib/openvas/cert-data/cert.db. >>>> OK: xsltproc found. >>>> Step 3: Checking user configuration ... >>>> WARNING: Your password policy is empty. >>>> SUGGEST: Edit the /etc/openvas/pwpolicy.conf file to set a >>>> password policy. >>>> Step 4: Checking Greenbone Security Assistant (GSA) ... >>>> OK: Greenbone Security Assistant is present in version 6.0.6. >>>> Step 5: Checking OpenVAS CLI ... >>>> SKIP: Skipping check for OpenVAS CLI. >>>> Step 6: Checking Greenbone Security Desktop (GSD) ... >>>> SKIP: Skipping check for Greenbone Security Desktop. >>>> Step 7: Checking if OpenVAS services are up and running ... >>>> OK: netstat found, extended checks of the OpenVAS services >>>> enabled. >>>> OK: OpenVAS Scanner is running and listening on all interfaces. >>>> OK: OpenVAS Scanner is listening on port 9391, which is the >>>> default port. >>>> WARNING: OpenVAS Manager is running and listening only on the >>>> local interface. >>>> This means that you will not be able to access the OpenVAS >>>> Manager from the >>>> outside using GSD or OpenVAS CLI. >>>> SUGGEST: Ensure that OpenVAS Manager listens on all interfaces >>>> unless you want >>>> a local service only. >>>> OK: OpenVAS Manager is listening on port 9390, which is the >>>> default port. >>>> WARNING: Greenbone Security Assistant is listening on port 443 >>>> 80, which is NOT the default port! >>>> SUGGEST: Ensure Greenbone Security Assistant is listening on >>>> one of the following ports: 80, 443, 9392. >>>> /usr/sbin/openvas-check-setup: line 729: [: too many arguments >>>> Step 8: Checking nmap installation ... >>>> WARNING: Your version of nmap is not fully supported: 6.49BETA6 >>>> SUGGEST: You should install nmap 5.51. >>>> Step 9: Checking presence of optional tools ... >>>> OK: pdflatex found. >>>> OK: PDF generation successful. The PDF report format is likely >>>> to work. >>>> OK: ssh-keygen found, LSC credential generation for GNU/Linux >>>> targets is likely to work. >>>> WARNING: Could not find rpm binary, LSC credential package >>>> generation for RPM and DEB based targets will not work. >>>> SUGGEST: Install rpm. >>>> WARNING: Could not find makensis binary, LSC credential package >>>> generation for Microsoft Windows targets will not work. >>>> SUGGEST: Install nsis. >>>> >>>> >>>> >>>> Regards, thanks in advance. >>>> >>>> >>>> -- >>>> Daniel Neto >>>> >>>> >>>> _______________________________________________ >>>> Openvas-discuss mailing list >>>> [email protected] >>>> >>>> https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss >>>> >>> >>> >> > > _______________________________________________ > Openvas-discuss mailing list > [email protected] > https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss > -- Fred Austin VP Product Development N-Dimension Solutions *Cyber Security Protection for Critical Infrastructure Assets*This email and any files transmitted with it are solely intended for the use of the named recipient(s) and may contain information that is privileged and confidential. If you receive this email in error, please immediately notify the sender and delete this message in all its forms. E-mail transmission cannot be guaranteed to be secure or error-free as information could be intercepted, corrupted, lost, destroyed, arrive late or incomplete, or contain viruses. Therefore N-Dimension Solutions Inc. does not accept liability for any errors or omission in the contents of the message which arise as a result of e-mail transmission.
_______________________________________________ Openvas-discuss mailing list [email protected] https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss
