Mark, look here:
WARNING: OpenVAS Manager is running and listening only on the local
interface.
This means that you will not be able to access the OpenVAS Manager from
the
outside using GSD or OpenVAS CLI.
SUGGEST: Ensure that OpenVAS Manager listens on all interfaces unless
you want
a local service only.
Looks like maybe your VM isn’t using the Ethernet connector or it may be
defaulted off. Enable that and rerun the test.
Bill
From: Openvas-discuss [mailto:[email protected]] On
Behalf Of Eero Volotinen
Sent: Wednesday, August 10, 2016 3:47 PM
To: Mark Pleis <[email protected]>
Cc: [email protected]
Subject: Re: [Openvas-discuss] openvas manager not listening and scan results
are blank
Just read the comments from file.
Eeeo
10.8.2016 9.50 ip. "Mark Pleis"
<[email protected]<mailto:[email protected]>> kirjoitti:
I am new to the world of OpenVAS and I am having two issues getting it up and
running. I have been googling for the past 3 days and documentation seems to be
sparse. I am asking these together because I fel they could be related some how.
1. I can't get the manager to work on all interfaces, I have changed the config
setting in the
/etc/default folder for the services and no luck I have restarted the services
and the VM.
2. I am not able to scan. when I setup a scan on the local console for an out
side machine or the local hst i get no results.
I tried using nmap on this machine and it did work
Details
---------------
Kali Linux rolling image running on VMware 5.5
OpenVAS ver 8
only 1 NIC eth0 and of cource lo
I have add below all the config files and the openvas-check-setup results. I
know this has to be simple and I am missing
something, but I just can't find it.
Thanks in advance.
Mark
--------------------------------
config files below
----------------------------------
---------------------------------------------------------------------------------------
# cat openvas-manager
---------------------------------------------------------------------------------------
# NOTE: This file is not used if you are using systemd. The options are
# hardcoded in the openvas-manager.service file. If you want to change
# them you should override the service file by creating a file
# /etc/systemd/system/openvas-manager.service.d/local.conf like this:
# [Service]
# ExecStart=
# ExecStart=/usr/sbin/openvasmd <your desired options>
# The file the OpenVAS Manager will use as database.
DATABASE_FILE=/var/lib/openvas/mgr/tasks.db
# The address the OpenVAS Manager will listen on.
MANAGER_ADDRESS=0.0.0.0
# The port the OpenVAS Manager will listen on.
MANAGER_PORT=9390
--------------------------------------------------------------------------------------
# cat openvas-scanner
--------------------------------------------------------------------------------------
# NOTE: This file is not used if you are using systemd. The options are
# hardcoded in the openvas-scanner.service file. If you want to change
# them you should override the service file by creating a file
# /etc/systemd/system/openvas-scanner.service.d/local.conf like this:
# [Service]
# ExecStart=
# ExecStart=/usr/sbin/openvassd <your desired options>
# The address the OpenVAS Scanner is listening on.
SCANNER_ADDRESS=0.0.0.0
# The port the OpenVAS Scanner is listening on.
SCANNER_PORT=9391
-------------------------------------------------------------------------------------------
# cat greenbone-security-assistant
--------------------------------------------------------------------------------------------
# NOTE: This file is not used if you are using systemd. The options are
# hardcoded in the greenbone-security-assistant.service file. If you want to
change
# them you should override the service file by creating a file
# /etc/systemd/system/greenbone-security-assistant.service.d/local.conf like
this:
# [Service]
# ExecStart=
# ExecStart=/usr/sbin/gsad --foreground <your desired options>
# The address the Greenbone Security Assistant will listen on.
GSA_ADDRESS=0.0.0.0
# The port the Greenbone Security Assistant will listen on.
GSA_PORT=9392
# The file to use as private key for HTTPS
#GSA_SSL_PRIVATE_KEY=
# The file to use as certificate for HTTPS
#GSA_SSL_CERTIFICATE=
# Should HTTP get redirected to HTTPS
# If $GSA_REDIRECT_PORT is not set it will redirect port 80.
#GSA_REDIRECT=1
# Redirect HTTP from this port to $GSA_PORT
# For this being effective $GSA_REDIRECT has to be set to 1.
#GSA_REDIRECT_PORT=9394
# The address the OpenVAS Manager is listening on.
MANAGER_ADDRESS=127.0.0.1
# The port the OpenVAS Manager is listening on.
MANAGER_PORT=9390
-----------------------------------------------------------------------------------------------
# openvas-check-setup
-----------------------------------------------------------------------------------------------
openvas-check-setup 2.3.3
Test completeness and readiness of OpenVAS-8
(add '--v6' or '--v7' or '--v9'
if you want to check for another OpenVAS version)
Please report us any non-detected problems and
help us to improve this check routine:
http://lists.wald.intevation.org/mailman/listinfo/openvas-discuss
Send us the log-file (/tmp/openvas-check-setup.log) to help analyze the
problem.
Use the parameter --server to skip checks for client tools
like GSD and OpenVAS-CLI.
Step 1: Checking OpenVAS Scanner ...
OK: OpenVAS Scanner is present in version 5.0.5.
OK: OpenVAS Scanner CA Certificate is present as
/var/lib/openvas/CA/cacert.pem.
OK: OpenVAS Scanner server certificate is valid and present as
/var/lib/openvas/CA/servercert.pem.
OK: redis-server is present in version v=3.2.3.
OK: scanner (kb_location setting) is configured properly using the
redis-server socket: /var/lib/redis/redis.sock
OK: redis-server is running and listening on socket:
/var/lib/redis/redis.sock.
OK: redis-server configuration is OK and redis-server is running.
OK: NVT collection in /var/lib/openvas/plugins contains 48413 NVTs.
WARNING: Signature checking of NVTs is not enabled in OpenVAS Scanner.
SUGGEST: Enable signature checking (see
http://www.openvas.org/trusted-nvts.html).
OK: The NVT cache in /var/cache/openvas contains 48413 files for 48413
NVTs.
Step 2: Checking OpenVAS Manager ...
OK: OpenVAS Manager is present in version 6.0.8.
OK: OpenVAS Manager client certificate is valid and present as
/var/lib/openvas/CA/clientcert.pem.
OK: OpenVAS Manager client certificate is present as
/var/lib/openvas/CA/clientcert.pem.
OK: OpenVAS Manager database found in /var/lib/openvas/mgr/tasks.db.
OK: Access rights for the OpenVAS Manager database are correct.
OK: sqlite3 found, extended checks of the OpenVAS Manager installation
enabled.
OK: OpenVAS Manager database is at revision 146.
OK: OpenVAS Manager expects database at revision 146.
OK: Database schema is up to date.
OK: OpenVAS Manager database contains information about 48413 NVTs.
OK: At least one user exists.
OK: OpenVAS SCAP database found in /var/lib/openvas/scap-data/scap.db.
OK: OpenVAS CERT database found in /var/lib/openvas/cert-data/cert.db.
OK: xsltproc found.
Step 3: Checking user configuration ...
WARNING: Your password policy is empty.
SUGGEST: Edit the /etc/openvas/pwpolicy.conf file to set a password
policy.
Step 4: Checking Greenbone Security Assistant (GSA) ...
OK: Greenbone Security Assistant is present in version 6.0.10.
Step 5: Checking OpenVAS CLI ...
OK: OpenVAS CLI version 1.4.4.
Step 6: Checking Greenbone Security Desktop (GSD) ...
SKIP: Skipping check for Greenbone Security Desktop.
Step 7: Checking if OpenVAS services are up and running ...
OK: netstat found, extended checks of the OpenVAS services enabled.
OK: OpenVAS Scanner is running and listening only on the local
interface.
OK: OpenVAS Scanner is listening on port 9391, which is the default
port.
WARNING: OpenVAS Manager is running and listening only on the local
interface.
This means that you will not be able to access the OpenVAS Manager from
the
outside using GSD or OpenVAS CLI.
SUGGEST: Ensure that OpenVAS Manager listens on all interfaces unless
you want
a local service only.
OK: OpenVAS Manager is listening on port 9390, which is the default
port.
OK: Greenbone Security Assistant is listening on port 9392, which is
the default port.
Step 8: Checking nmap installation ...
WARNING: Your version of nmap is not fully supported: 7.25BETA1
SUGGEST: You should install nmap 5.51 if you plan to use the nmap NSE
NVTs.
Step 10: Checking presence of optional tools ...
OK: pdflatex found.
OK: PDF generation successful. The PDF report format is likely to work.
OK: ssh-keygen found, LSC credential generation for GNU/Linux targets
is likely to work.
OK: rpm found, LSC credential package generation for RPM based targets
is likely to work.
OK: alien found, LSC credential package generation for DEB based
targets is likely to work.
OK: nsis found, LSC credential package generation for Microsoft Windows
targets is likely to work.
It seems like your OpenVAS-8 installation is OK.
If you think it is not OK, please report your observation
and help us to improve this check routine:
http://lists.wald.intevation.org/mailman/listinfo/openvas-discuss
Please attach the log-file (/tmp/openvas-check-setup.log) to help us analyze
the problem.
-----------------------------------------------------------------------------------------------------------
netstat -antp
------------------------------------------------------------------------------------------------------------
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address Foreign Address State
PID/Program name
tcp 0 0 0.0.0.0:22<http://0.0.0.0:22> 0.0.0.0:*
LISTEN 1410/sshd
tcp 0 0 127.0.0.1:9390<http://127.0.0.1:9390> 0.0.0.0:*
LISTEN 2962/openvasmd
tcp 0 0 127.0.0.1:9391<http://127.0.0.1:9391> 0.0.0.0:*
LISTEN 2930/openvassd: Wai
tcp 0 0 0.0.0.0:111<http://0.0.0.0:111> 0.0.0.0:*
LISTEN 477/rpcbind
tcp 0 0 127.0.0.1:80<http://127.0.0.1:80> 0.0.0.0:*
LISTEN 2972/gsad
tcp 0 0 127.0.0.1:9392<http://127.0.0.1:9392> 0.0.0.0:*
LISTEN 2968/gsad
tcp 0 464 172.16.12.73:22<http://172.16.12.73:22>
172.18.146.60:55852<http://172.18.146.60:55852> ESTABLISHED 1412/sshd:
mpleis [
tcp6 0 0 :::22 :::* LISTEN
1410/sshd
tcp6 0 0 :::111 :::* LISTEN
477/rpcbind
#
________________________________
CONFIDENTIALITY NOTICE:
This E-mail (including the attachments) is covered by the Electronic
Communications Privacy Act, 18 U.S.C.§§ 2510-2521, is confidential and may be
legally privileged. If you are not the intended recipient, you are hereby
notified that any retention, dissemination, distribution, or copying of this
communication is strictly prohibited. Please reply to the sender that you have
received the message in error, then delete it. Thank You.
_______________________________________________
Openvas-discuss mailing list
[email protected]<mailto:[email protected]>
https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss
______________________________________________________________
This email has been scanned for all viruses by McAfee.
_____________________________________________________________________________________________________________
Openvas-discuss mailing list
[email protected]
https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss
