Hi! Thank you for the quick response. openvasmd on the slave is already listening on any ip-address and is reachable from the master. The setup works correctly in single user mode, when slave, target and task added by the same user.
But we want to use the setup with multiple users ("admins") in our team and we are not sure how to set the right permissions. Kind regards Christian Ebert Von: Thijs Stuurman [mailto:thijs.stuur...@internedservices.nl] Gesendet: Freitag, 4. November 2016 11:52 An: openvas-discuss@wald.intevation.org Cc: Ebert, Christian Betreff: RE: Scans in slave-mode - permission problem? So basically, your slave does not start any job and the master hangs on the Request status. I don't think it's a credential issue but rather firewalling? I use slaves as such: · Openvasmd listens on 0.0.0.0:9390 with iptables allowing access to that port using TCP from the master · Master has Slave configured o IP address o Port 9390 o Username and password configured (I created a 'slave' user with: "openvasmd --create-user=slave --role=Admin && openvasmd --user=slave --new-password=XXX") Works like a charm here. Only downside I found is that if the master process stops (openvas restart or something alike) while a job still runs on a slave.. it doesn't resume its status. Does this help you? Thijs Stuurman Security Operations Center PGP Key-ID: 0x16ADC048 Fingerprint: 2EDB 9B42 D6E8 7D4B 6E02 8BE5 6D46 8007 16AD C048 Internedservices - a KPN Company Wielingenstraat 8 | 1441 ZR Purmerend | The Netherlands T: +31(0)299476185 | M: +31(0)624366778 W: https://www.internedservices.nl<https://www.internedservices.nl/> | L: http://nl.linkedin.com/in/thijsstuurman Van: Openvas-discuss [mailto:openvas-discuss-boun...@wald.intevation.org] Namens Ebert, Christian Verzonden: Friday, November 4, 2016 10:57 AM Aan: openvas-discuss@wald.intevation.org<mailto:openvas-discuss@wald.intevation.org> Onderwerp: [Openvas-discuss] Scans in slave-mode - permission problem? Hi everybody! We have got some trouble with scans in slave-mode. We have two Debian 8.6 systems with OpenVAS 8.0 installed and want to scan some targets in slave mode. In preparation we added the slave system with user "master". Following situation: User A (role Admin) creates a target "T1" (no credentials for authenticated checks) in system-1. User B (role Admin) creates a task "T2" with target "T1" (-> owner user A) in system-1 using slave system-2. User B starts task "T2" but the task hangs in status "requested". No job starts in system-2. System-1 (Master): openvasmd.log event target:MESSAGE:2016-11-02 16h22.00 CET:1457: Target T1 has been created by A event task:MESSAGE:2016-11-02 15h23.24 UTC:1463: Status of task T2 has changed to New event task:MESSAGE:2016-11-02 15h23.24 UTC:1463: Task T2 has been created by B event task:MESSAGE:2016-11-02 15h24.13 UTC:1465: Status of task T2 has changed to Requested event task:MESSAGE:2016-11-02 15h24.13 UTC:1465: Task T2 has been requested to start by B System-2 (Slave): openvasmd.log event lsc_credential:MESSAGE:2016-11-02 15h24.13 UTC:15193: LSC Credential (null) could not be deleted by master event lsc_credential:MESSAGE:2016-11-02 15h24.13 UTC:15193: LSC Credential (null) could not be deleted by master event lsc_credential:MESSAGE:2016-11-02 15h24.13 UTC:15193: LSC Credential (null) could not be deleted by master event lsc_credential:MESSAGE:2016-11-02 15h24.38 UTC:15194: LSC Credential (null) could not be deleted by master event lsc_credential:MESSAGE:2016-11-02 15h24.38 UTC:15194: LSC Credential (null) could not be deleted by master event lsc_credential:MESSAGE:2016-11-02 15h24.38 UTC:15194: LSC Credential (null) could not be deleted by master We did some research: Everything works fine when there is no usage of a slave-system (scanner = system-1). Everything works fine when user A creates the target T1 and task T2 and also start this task by using the slave system-2. Has anyone got an idea? Could you verify this problem? Is the error related to user permissions? Thank you & kind regards. Christian Ebert Chief Security Analyst, CISM, T.I.S.P. Head of Penetration Testing QSC AG Mathias-Brüggen-Straße 55 50829 Köln T +49 221 669-8950 F +49 221 669-85950 M +49 163 6698950 christian.eb...@qsc.de http://www.qsc.de<http://www.qsc.de/> Besuchen Sie auch unser Blog unter http://blog.qsc.de<http://blog.qsc.de/> Bitte finden Sie hier die handelsrechtlichen Pflichtangaben: http://www.qsc.de/pflichtangaben
_______________________________________________ Openvas-discuss mailing list Openvas-discuss@wald.intevation.org https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss