hi Christian...
the check script is issuing a warning that nmap 6.47 - the one that
comes with this brand new install - is not "fully supported".
i used "full and very deep" as i'm trying to prepare a machine for a pci
scanning. do i really need to downgrade nmap?
i did check the link about the icmp packets. with the previous version i
had - i believe it was 6 - that was never a problem.
and the selinux is already disabled. i believe that was done by the
openvas-setup command from here:
http://www.openvas.org/install-packages-v7.html
if it would have worked i wouldn't mind having 7 fully functional but
following those instructions i got openvas-8, not 7 installed...
here is the full check output:
openvas-check-setup 2.3.2
Test completeness and readiness of OpenVAS-8
(add '--v6' or '--v7' or '--v9'
if you want to check for another OpenVAS version)
Please report us any non-detected problems and
help us to improve this check routine:
http://lists.wald.intevation.org/mailman/listinfo/openvas-discuss
Send us the log-file (/tmp/openvas-check-setup.log) to help analyze
the problem.
Use the parameter --server to skip checks for client tools
like GSD and OpenVAS-CLI.
Step 1: Checking OpenVAS Scanner ...
OK: OpenVAS Scanner is present in version 5.0.7.
OK: OpenVAS Scanner CA Certificate is present as
/var/lib/openvas/CA/cacert.pem.
OK: redis-server is present in version v=3.0.7.
OK: scanner (kb_location setting) is configured properly using
the redis-server socket: /tmp/redis.sock
OK: redis-server is running and listening on socket:
/tmp/redis.sock.
OK: redis-server configuration is OK and redis-server is running.
OK: NVT collection in /var/lib/openvas/plugins contains 50010 NVTs.
WARNING: Signature checking of NVTs is not enabled in OpenVAS
Scanner.
SUGGEST: Enable signature checking (see
http://www.openvas.org/trusted-nvts.html).
OK: The NVT cache in /var/cache/openvas contains 50010 files
for 50010 NVTs.
Step 2: Checking OpenVAS Manager ...
OK: OpenVAS Manager is present in version 6.0.9.
OK: OpenVAS Manager client certificate is present as
/var/lib/openvas/CA/clientcert.pem.
OK: OpenVAS Manager database found in
/var/lib/openvas/mgr/tasks.db.
OK: Access rights for the OpenVAS Manager database are correct.
OK: At least one user exists.
OK: sqlite3 found, extended checks of the OpenVAS Manager
installation enabled.
OK: OpenVAS Manager database is at revision 146.
OK: OpenVAS Manager expects database at revision 146.
OK: Database schema is up to date.
OK: OpenVAS Manager database contains information about 50010 NVTs.
OK: OpenVAS SCAP database found in
/var/lib/openvas/scap-data/scap.db.
OK: OpenVAS CERT database found in
/var/lib/openvas/cert-data/cert.db.
OK: xsltproc found.
Step 3: Checking user configuration ...
WARNING: Your password policy is empty.
SUGGEST: Edit the /etc/openvas/pwpolicy.conf file to set a
password policy.
Step 4: Checking Greenbone Security Assistant (GSA) ...
OK: Greenbone Security Assistant is present in version 6.0.11.
Step 5: Checking OpenVAS CLI ...
OK: OpenVAS CLI version 1.4.4.
Step 6: Checking Greenbone Security Desktop (GSD) ...
SKIP: Skipping check for Greenbone Security Desktop.
Step 7: Checking if OpenVAS services are up and running ...
OK: netstat found, extended checks of the OpenVAS services enabled.
OK: OpenVAS Scanner is running and listening on all interfaces.
OK: OpenVAS Scanner is listening on port 9391, which is the
default port.
OK: OpenVAS Manager is running and listening on all interfaces.
OK: OpenVAS Manager is listening on port 9390, which is the
default port.
OK: Greenbone Security Assistant is listening on port 9392,
which is the default port.
Step 8: Checking nmap installation ...
WARNING: Your version of nmap is not fully supported: 6.47
SUGGEST: You should install nmap 5.51 if you plan to use the
nmap NSE NVTs.
Step 10: Checking presence of optional tools ...
OK: pdflatex found.
WARNING: PDF generation failed, most likely due to missing
LaTeX packages. The PDF report format will not work.
SUGGEST: Install required LaTeX packages.
OK: ssh-keygen found, LSC credential generation for GNU/Linux
targets is likely to work.
OK: rpm found, LSC credential package generation for RPM based
targets is likely to work.
OK: alien found, LSC credential package generation for DEB
based targets is likely to work.
OK: nsis found, LSC credential package generation for Microsoft
Windows targets is likely to work.
OK: SELinux is disabled.
It seems like your OpenVAS-8 installation is OK.
On 11/5/16 11:27 AM, Christian Fischer wrote:
Hi,
On 11/05/2016 05:10 AM, kalin m wrote:
so i'm trying quick and dirty scan - the default. the status is changed
to "Running" and then 18 seconds later to "Done". but nothing is really
done. the interface has this column "severity" that reads N/A. and
that's it. not much of a scan results...
had posted yesterday (on IRC) some common issues users are struggling
with when having that mentioned issue:
- Make sure that you're using either the default "full'n'fast" scan
config or include the "Nmap (NASL wrapper)" NVT from the "Port scanners"
family in your custom scan config.
- If your system is not answering to ICMP requests the "Alive Test"
option of your Target configuration might be another pitfall:
http://docs.greenbone.net/GSM-Manual/gos-3.1/en/scanning.html#creating-a-target
As you're on CentOS then you might also need to disable SELinux.
Regards,
_______________________________________________
Openvas-discuss mailing list
[email protected]
https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss
