Hi Fred, Exactly. I did, renamed inits to match conf files and adjust dependencies in init. Works well. I also send email for maintainers of openvas ebuilds in portage tree suggesting the fix.
About redis. It's mandatory in Openvas8. -- Daniel Neto On Mon, Nov 30, 2015 at 3:28 PM, Fred Austin <[email protected]> wrote: > There is an issue with the setup of OpenRC in Gentoo for Openvas-8. The > symbolic links in /etc/conf.d are called openvas-scanner and > openvas-manager where as the init scripts in /etc/init.d are openvassd and > openvasmd. If you remove the existing links from /etc/conf.d and create new > ones for the files /etc/openvas/openvassd-daemon.conf and > /etc/openvas/openvasmd-daemon.conf with the same names as the init scripts, > then starting the daemon will then pickup the configuration directives > correctly. > > Also, do either of you know if the usage of redis is required with > openvas-8 or is it just recommended? > > > On Mon, Nov 30, 2015 at 11:33 AM, Eero Volotinen <[email protected]> > wrote: > >> Well. I think without --listen it tried to bind 0.0.0.0.0 on both ipv4 >> and ipv6 and it fails on non dual ipvstack machines. >> >> -- >> Eero >> >> 2015-11-30 18:28 GMT+02:00 Daniel Neto <[email protected]>: >> >>> Hi Eero, >>> >>> Thank you for you quick answer.Now I'll look why my service parameters >>> such --listen wasn't be loaded in initialization. >>> >>> Regards, >>> >>> -- >>> Daniel Neto >>> >>> >>> On Mon, Nov 30, 2015 at 12:52 PM, Eero Volotinen <[email protected]> >>> wrote: >>> >>>> Yes, that is "bug/feature" that if ipv6 is disabled and then you don't >>>> specify ipv4 address to --listen string, then some of openvas services >>>> won't start. >>>> I think it was fixed on some newer versions? >>>> >>>> -- >>>> Eero >>>> >>>> 2015-11-30 16:49 GMT+02:00 Daniel Neto <[email protected]>: >>>> >>>>> Hi Friends, >>>>> >>>>> I'm using Openvas8 stable on my funtoo/gentoo environment. (Official >>>>> ebuilds). >>>>> >>>>> I'm getting the following message when try to start as service: >>>>> >>>>> usr # tail -f /var/log/openvas/openvasmd.log >>>>> md main:WARNING:2015-11-30 12h32.22 utc:31857: Failed to create >>>>> manager socket: Address family not supported by protocol >>>>> md main:WARNING:2015-11-30 12h32.46 utc:31887: Failed to create >>>>> manager socket: Address family not supported by protocol >>>>> md main:WARNING:2015-11-30 12h34.19 utc:31940: Failed to create >>>>> manager socket: Address family not supported by protocol >>>>> md main:WARNING:2015-11-30 12h35.48 utc:32180: Failed to create >>>>> manager socket: Address family not supported by protocol >>>>> >>>>> If I run openvasmd manually with openvasmd --listen=127.0.0.1 its >>>>> works well, but not as service passing the parameters by conf.d (OpenRC). >>>>> >>>>> My main question is: If no conf or openvasmd.conf is passed, where or >>>>> what is the default settings loaded? Maybe the ipv6 search to bind >>>>> address? >>>>> My server have all ipv6 related disabled (custom kernel). >>>>> >>>>> In attach my openvas-check-setup: >>>>> >>>>> openvas-check-setup 2.2.6 >>>>> Test completeness and readiness of OpenVAS-8 >>>>> >>>>> Please report us any non-detected problems and >>>>> help us to improve this check routine: >>>>> http://lists.wald.intevation.org/mailman/listinfo/openvas-discuss >>>>> >>>>> Send us the log-file (/tmp/openvas-check-setup.log) to help analyze >>>>> the problem. >>>>> >>>>> Step 1: Checking OpenVAS Scanner ... >>>>> OK: OpenVAS Scanner is present in version 5.0.4. >>>>> OK: OpenVAS Scanner CA Certificate is present as >>>>> /var/lib/openvas/CA/cacert.pem. >>>>> OK: NVT collection in /var/lib/openvas/plugins contains 44698 >>>>> NVTs. >>>>> WARNING: Signature checking of NVTs is not enabled in OpenVAS >>>>> Scanner. >>>>> SUGGEST: Enable signature checking (see >>>>> http://www.openvas.org/trusted-nvts.html). >>>>> OK: The NVT cache in /var/cache/openvas contains 44698 files >>>>> for 44698 NVTs. >>>>> Step 2: Checking OpenVAS Manager ... >>>>> OK: OpenVAS Manager is present in version 6.0.6. >>>>> OK: OpenVAS Manager client certificate is present as >>>>> /var/lib/openvas/CA/clientcert.pem. >>>>> OK: OpenVAS Manager database found in >>>>> /var/lib/openvas/mgr/tasks.db. >>>>> OK: Access rights for the OpenVAS Manager database are correct. >>>>> OK: sqlite3 found, extended checks of the OpenVAS Manager >>>>> installation enabled. >>>>> OK: OpenVAS Manager database is at revision 146. >>>>> OK: OpenVAS Manager expects database at revision 146. >>>>> OK: Database schema is up to date. >>>>> OK: OpenVAS Manager database contains information about 44698 >>>>> NVTs. >>>>> OK: OpenVAS SCAP database found in >>>>> /var/lib/openvas/scap-data/scap.db. >>>>> OK: OpenVAS CERT database found in >>>>> /var/lib/openvas/cert-data/cert.db. >>>>> OK: xsltproc found. >>>>> Step 3: Checking user configuration ... >>>>> WARNING: Your password policy is empty. >>>>> SUGGEST: Edit the /etc/openvas/pwpolicy.conf file to set a >>>>> password policy. >>>>> Step 4: Checking Greenbone Security Assistant (GSA) ... >>>>> OK: Greenbone Security Assistant is present in version 6.0.6. >>>>> Step 5: Checking OpenVAS CLI ... >>>>> SKIP: Skipping check for OpenVAS CLI. >>>>> Step 6: Checking Greenbone Security Desktop (GSD) ... >>>>> SKIP: Skipping check for Greenbone Security Desktop. >>>>> Step 7: Checking if OpenVAS services are up and running ... >>>>> OK: netstat found, extended checks of the OpenVAS services >>>>> enabled. >>>>> OK: OpenVAS Scanner is running and listening on all interfaces. >>>>> OK: OpenVAS Scanner is listening on port 9391, which is the >>>>> default port. >>>>> WARNING: OpenVAS Manager is running and listening only on the >>>>> local interface. >>>>> This means that you will not be able to access the OpenVAS >>>>> Manager from the >>>>> outside using GSD or OpenVAS CLI. >>>>> SUGGEST: Ensure that OpenVAS Manager listens on all interfaces >>>>> unless you want >>>>> a local service only. >>>>> OK: OpenVAS Manager is listening on port 9390, which is the >>>>> default port. >>>>> WARNING: Greenbone Security Assistant is listening on port 443 >>>>> 80, which is NOT the default port! >>>>> SUGGEST: Ensure Greenbone Security Assistant is listening on >>>>> one of the following ports: 80, 443, 9392. >>>>> /usr/sbin/openvas-check-setup: line 729: [: too many arguments >>>>> Step 8: Checking nmap installation ... >>>>> WARNING: Your version of nmap is not fully supported: 6.49BETA6 >>>>> SUGGEST: You should install nmap 5.51. >>>>> Step 9: Checking presence of optional tools ... >>>>> OK: pdflatex found. >>>>> OK: PDF generation successful. The PDF report format is likely >>>>> to work. >>>>> OK: ssh-keygen found, LSC credential generation for GNU/Linux >>>>> targets is likely to work. >>>>> WARNING: Could not find rpm binary, LSC credential package >>>>> generation for RPM and DEB based targets will not work. >>>>> SUGGEST: Install rpm. >>>>> WARNING: Could not find makensis binary, LSC credential >>>>> package generation for Microsoft Windows targets will not work. >>>>> SUGGEST: Install nsis. >>>>> >>>>> >>>>> >>>>> Regards, thanks in advance. >>>>> >>>>> >>>>> -- >>>>> Daniel Neto >>>>> >>>>> >>>>> _______________________________________________ >>>>> Openvas-discuss mailing list >>>>> [email protected] >>>>> >>>>> https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss >>>>> >>>> >>>> >>> >> >> _______________________________________________ >> Openvas-discuss mailing list >> [email protected] >> https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss >> > > > > -- > Fred Austin > VP Product Development > N-Dimension Solutions > > > *Cyber Security Protection for Critical Infrastructure Assets*This email > and any files transmitted with it are solely intended for the use of the > named recipient(s) and may contain information that is privileged and > confidential. If you receive this email in error, please immediately notify > the sender and delete this message in all its forms. E-mail transmission > cannot be guaranteed to be secure or error-free as information could be > intercepted, corrupted, lost, destroyed, arrive late or incomplete, or > contain viruses. Therefore N-Dimension Solutions Inc. does not accept > liability for any errors or omission in the contents of the message which > arise as a result of e-mail transmission. >
_______________________________________________ Openvas-discuss mailing list [email protected] https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss
