I am new to the world of OpenVAS and I am having two issues getting it up and running. I have been googling for the past 3 days and documentation seems to be sparse. I am asking these together because I fel they could be related some how.
1. I can't get the manager to work on all interfaces, I have changed the config setting in the /etc/default folder for the services and no luck I have restarted the services and the VM. 2. I am not able to scan. when I setup a scan on the local console for an out side machine or the local hst i get no results. I tried using nmap on this machine and it did work Details --------------- Kali Linux rolling image running on VMware 5.5 OpenVAS ver 8 only 1 NIC eth0 and of cource lo I have add below all the config files and the openvas-check-setup results. I know this has to be simple and I am missing something, but I just can't find it. Thanks in advance. Mark -------------------------------- config files below ---------------------------------- --------------------------------------------------------------------------------------- # cat openvas-manager --------------------------------------------------------------------------------------- # NOTE: This file is not used if you are using systemd. The options are # hardcoded in the openvas-manager.service file. If you want to change # them you should override the service file by creating a file # /etc/systemd/system/openvas-manager.service.d/local.conf like this: # [Service] # ExecStart= # ExecStart=/usr/sbin/openvasmd <your desired options> # The file the OpenVAS Manager will use as database. DATABASE_FILE=/var/lib/openvas/mgr/tasks.db # The address the OpenVAS Manager will listen on. MANAGER_ADDRESS=0.0.0.0 # The port the OpenVAS Manager will listen on. MANAGER_PORT=9390 -------------------------------------------------------------------------------------- # cat openvas-scanner -------------------------------------------------------------------------------------- # NOTE: This file is not used if you are using systemd. The options are # hardcoded in the openvas-scanner.service file. If you want to change # them you should override the service file by creating a file # /etc/systemd/system/openvas-scanner.service.d/local.conf like this: # [Service] # ExecStart= # ExecStart=/usr/sbin/openvassd <your desired options> # The address the OpenVAS Scanner is listening on. SCANNER_ADDRESS=0.0.0.0 # The port the OpenVAS Scanner is listening on. SCANNER_PORT=9391 ------------------------------------------------------------------------------------------- # cat greenbone-security-assistant -------------------------------------------------------------------------------------------- # NOTE: This file is not used if you are using systemd. The options are # hardcoded in the greenbone-security-assistant.service file. If you want to change # them you should override the service file by creating a file # /etc/systemd/system/greenbone-security-assistant.service.d/local.conf like this: # [Service] # ExecStart= # ExecStart=/usr/sbin/gsad --foreground <your desired options> # The address the Greenbone Security Assistant will listen on. GSA_ADDRESS=0.0.0.0 # The port the Greenbone Security Assistant will listen on. GSA_PORT=9392 # The file to use as private key for HTTPS #GSA_SSL_PRIVATE_KEY= # The file to use as certificate for HTTPS #GSA_SSL_CERTIFICATE= # Should HTTP get redirected to HTTPS # If $GSA_REDIRECT_PORT is not set it will redirect port 80. #GSA_REDIRECT=1 # Redirect HTTP from this port to $GSA_PORT # For this being effective $GSA_REDIRECT has to be set to 1. #GSA_REDIRECT_PORT=9394 # The address the OpenVAS Manager is listening on. MANAGER_ADDRESS=127.0.0.1 # The port the OpenVAS Manager is listening on. MANAGER_PORT=9390 ----------------------------------------------------------------------------------------------- # openvas-check-setup ----------------------------------------------------------------------------------------------- openvas-check-setup 2.3.3 Test completeness and readiness of OpenVAS-8 (add '--v6' or '--v7' or '--v9' if you want to check for another OpenVAS version) Please report us any non-detected problems and help us to improve this check routine: http://lists.wald.intevation.org/mailman/listinfo/openvas-discuss Send us the log-file (/tmp/openvas-check-setup.log) to help analyze the problem. Use the parameter --server to skip checks for client tools like GSD and OpenVAS-CLI. Step 1: Checking OpenVAS Scanner ... OK: OpenVAS Scanner is present in version 5.0.5. OK: OpenVAS Scanner CA Certificate is present as /var/lib/openvas/CA/cacert.pem. OK: OpenVAS Scanner server certificate is valid and present as /var/lib/openvas/CA/servercert.pem. OK: redis-server is present in version v=3.2.3. OK: scanner (kb_location setting) is configured properly using the redis-server socket: /var/lib/redis/redis.sock OK: redis-server is running and listening on socket: /var/lib/redis/redis.sock. OK: redis-server configuration is OK and redis-server is running. OK: NVT collection in /var/lib/openvas/plugins contains 48413 NVTs. WARNING: Signature checking of NVTs is not enabled in OpenVAS Scanner. SUGGEST: Enable signature checking (see http://www.openvas.org/trusted-nvts.html). OK: The NVT cache in /var/cache/openvas contains 48413 files for 48413 NVTs. Step 2: Checking OpenVAS Manager ... OK: OpenVAS Manager is present in version 6.0.8. OK: OpenVAS Manager client certificate is valid and present as /var/lib/openvas/CA/clientcert.pem. OK: OpenVAS Manager client certificate is present as /var/lib/openvas/CA/clientcert.pem. OK: OpenVAS Manager database found in /var/lib/openvas/mgr/tasks.db. OK: Access rights for the OpenVAS Manager database are correct. OK: sqlite3 found, extended checks of the OpenVAS Manager installation enabled. OK: OpenVAS Manager database is at revision 146. OK: OpenVAS Manager expects database at revision 146. OK: Database schema is up to date. OK: OpenVAS Manager database contains information about 48413 NVTs. OK: At least one user exists. OK: OpenVAS SCAP database found in /var/lib/openvas/scap-data/scap.db. OK: OpenVAS CERT database found in /var/lib/openvas/cert-data/cert.db. OK: xsltproc found. Step 3: Checking user configuration ... WARNING: Your password policy is empty. SUGGEST: Edit the /etc/openvas/pwpolicy.conf file to set a password policy. Step 4: Checking Greenbone Security Assistant (GSA) ... OK: Greenbone Security Assistant is present in version 6.0.10. Step 5: Checking OpenVAS CLI ... OK: OpenVAS CLI version 1.4.4. Step 6: Checking Greenbone Security Desktop (GSD) ... SKIP: Skipping check for Greenbone Security Desktop. Step 7: Checking if OpenVAS services are up and running ... OK: netstat found, extended checks of the OpenVAS services enabled. OK: OpenVAS Scanner is running and listening only on the local interface. OK: OpenVAS Scanner is listening on port 9391, which is the default port. WARNING: OpenVAS Manager is running and listening only on the local interface. This means that you will not be able to access the OpenVAS Manager from the outside using GSD or OpenVAS CLI. SUGGEST: Ensure that OpenVAS Manager listens on all interfaces unless you want a local service only. OK: OpenVAS Manager is listening on port 9390, which is the default port. OK: Greenbone Security Assistant is listening on port 9392, which is the default port. Step 8: Checking nmap installation ... WARNING: Your version of nmap is not fully supported: 7.25BETA1 SUGGEST: You should install nmap 5.51 if you plan to use the nmap NSE NVTs. Step 10: Checking presence of optional tools ... OK: pdflatex found. OK: PDF generation successful. The PDF report format is likely to work. OK: ssh-keygen found, LSC credential generation for GNU/Linux targets is likely to work. OK: rpm found, LSC credential package generation for RPM based targets is likely to work. OK: alien found, LSC credential package generation for DEB based targets is likely to work. OK: nsis found, LSC credential package generation for Microsoft Windows targets is likely to work. It seems like your OpenVAS-8 installation is OK. If you think it is not OK, please report your observation and help us to improve this check routine: http://lists.wald.intevation.org/mailman/listinfo/openvas-discuss Please attach the log-file (/tmp/openvas-check-setup.log) to help us analyze the problem. ----------------------------------------------------------------------------------------------------------- netstat -antp ------------------------------------------------------------------------------------------------------------ Active Internet connections (servers and established) Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 1410/sshd tcp 0 0 127.0.0.1:9390 0.0.0.0:* LISTEN 2962/openvasmd tcp 0 0 127.0.0.1:9391 0.0.0.0:* LISTEN 2930/openvassd: Wai tcp 0 0 0.0.0.0:111 0.0.0.0:* LISTEN 477/rpcbind tcp 0 0 127.0.0.1:80 0.0.0.0:* LISTEN 2972/gsad tcp 0 0 127.0.0.1:9392 0.0.0.0:* LISTEN 2968/gsad tcp 0 464 172.16.12.73:22 172.18.146.60:55852 ESTABLISHED 1412/sshd: mpleis [ tcp6 0 0 :::22 :::* LISTEN 1410/sshd tcp6 0 0 :::111 :::* LISTEN 477/rpcbind # -- ------------------------------ CONFIDENTIALITY NOTICE: This E-mail (including the attachments) is covered by the Electronic Communications Privacy Act, 18 U.S.C.ยงยง 2510-2521, is confidential and may be legally privileged. If you are not the intended recipient, you are hereby notified that any retention, dissemination, distribution, or copying of this communication is strictly prohibited. Please reply to the sender that you have received the message in error, then delete it. Thank You.
_______________________________________________ Openvas-discuss mailing list [email protected] https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss
