Hi , Still unable to complete the setup , pls let me know where i am doing wrong. any hit Pls!
./openvas-check-setup --v9 out put as below. Step 2: Checking OpenVAS Manager ... ERROR: OpenVAS Manager too old or too new: 6.1+beta3 FIX: Please install OpenVAS Manager 7.0. HINT: Please see the --v6/7/8/9 command line options to check other major versions. ERROR: Your OpenVAS-9 installation is not yet complete! Please follow the instructions marked with FIX above and run this script again. If you think this result is wrong, please report your observation and help us to improve this check routine: http://lists.wald.intevation.org/mailman/listinfo/openvas-discuss Please attach the log-file (/tmp/openvas-check-setup.log) to help us analyze the problem. Output for the command openvasmd --version as below, OpenVAS Manager 6.1+beta3 Manager DB revision 165 Copyright (C) 2010-2015 Greenbone Networks GmbH License GPLv2+: GNU GPL version 2 or later This is free software: you are free to change and redistribute it. There is NO WARRANTY, to the extent permitted by law. root@ubuntu:/home/admin-nfv# netstat -anp | grep LISTEN tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 921/sshd tcp 0 0 127.0.0.1:6379 0.0.0.0:* LISTEN 3488/redis-server 1 tcp6 0 0 :::9391 :::* LISTEN 18874/openvassd: Wa tcp6 0 0 :::80 :::* LISTEN 18928/gsad tcp6 0 0 :::22 :::* LISTEN 921/sshd tcp6 0 0 :::4000 :::* LISTEN 18927/gsad tcp6 0 0 :::9390 :::* LISTEN 18896/openvasmd unix 2 [ ACC ] STREAM LISTENING 16127 3488/redis-server 1 /var/run/redis/redis.sock unix 2 [ ACC ] STREAM LISTENING 8953 1/init @/com/ubuntu/upstart unix 2 [ ACC ] SEQPACKET LISTENING 9072 319/systemd-udevd /run/udev/control unix 2 [ ACC ] STREAM LISTENING 11216 946/acpid /var/run/acpid.socket unix 2 [ ACC ] STREAM LISTENING 745 389/dbus-daemon /var/run/dbus/system_bus_socket Thanks & Regards, Ravi. -----"Openvas-discuss" <[email protected]> wrote: ----- To: [email protected] From: [email protected] Sent by: "Openvas-discuss" Date: 11/21/2016 07:31PM Subject: Openvas-discuss Digest, Vol 118, Issue 21 Send Openvas-discuss mailing list submissions to [email protected] To subscribe or unsubscribe via the World Wide Web, visit https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss or, via email, send a message with subject or body 'help' to [email protected] You can reach the person managing the list at [email protected] When replying, please edit your Subject line so it is more specific than "Re: Contents of Openvas-discuss digest..." Today's Topics: 1. PDF report stuck (Abel Browarnik) 2. Re: PDF report stuck (F?bio Fernandes) 3. Re: Need Help to install openvas on ubuntu 14.04. (Antu Sanadi) 4. Re: Can't edit one single port list (Antu Sanadi) 5. gsad strict transport security (Thijs Stuurman) 6. Re: gsad strict transport security (Christian Fischer) 7. Re: PDF report stuck (Antu Sanadi) ---------------------------------------------------------------------- Message: 1 Date: Sun, 20 Nov 2016 08:33:43 +0000 From: Abel Browarnik <[email protected]> To: "[email protected]" <[email protected]> Subject: [Openvas-discuss] PDF report stuck Message-ID: <amspr03mb4564c959f8804640d0fe1e7c8...@amspr03mb456.eurprd03.prod.outlook.com> Content-Type: text/plain; charset="cp1255" Hi, I have run a scan for a bunch of endpoints. The result seems to be quite big. As a result (I guess) when I ask to download a pdf report I see the browser stuck and no report is obtained. How can I obtain it, even manually? The XML file is 24.8 MB. Maybe this gives a clue? Thank you in advance Abel -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://lists.wald.intevation.org/pipermail/openvas-discuss/attachments/20161120/39480d01/attachment-0001.html> ------------------------------ Message: 2 Date: Sun, 20 Nov 2016 21:42:00 +0000 From: F?bio Fernandes <[email protected]> To: Abel Browarnik <[email protected]> Cc: "[email protected]" <[email protected]> Subject: Re: [Openvas-discuss] PDF report stuck Message-ID: <[email protected]> Content-Type: text/plain; charset="utf-8" That seems like a huge report. Try to get it through the manager API. Fabio > No dia 20/11/2016, ?s 08:33, Abel Browarnik <[email protected]> escreveu: > > Hi, > > I have run a scan for a bunch of endpoints. The result seems to be quite big. > As a result (I guess) when I ask to download a pdf report I see the browser > stuck and no report is obtained. How can I obtain it, even manually? > The XML file is 24.8 MB. Maybe this gives a clue? > > Thank you in advance > > Abel > > _______________________________________________ > Openvas-discuss mailing list > [email protected] > <mailto:[email protected]> > https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discussÿ<https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss> -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://lists.wald.intevation.org/pipermail/openvas-discuss/attachments/20161120/080829f5/attachment-0001.html> ------------------------------ Message: 3 Date: Mon, 21 Nov 2016 11:53:19 +0530 From: Antu Sanadi <[email protected]> To: [email protected] Subject: Re: [Openvas-discuss] Need Help to install openvas on ubuntu 14.04. Message-ID: <[email protected]> Content-Type: text/plain; charset="windows-1252"; Format="flowed" On Friday 18 November 2016 08:23 PM, Katakam Ravi wrote: > Hi Benjamin, > > Thanks for the suggestion!. > > *1. I am following below url to setup the opnVAS.* > > http://pentestit.de/openvas-9-auf-ubuntu-14-04-lts-installieren/ > > *2. know struck with below issue .* > > root@ubuntu:/home/admin-nfv# sudo openvas-scapdata-sync > sudo: openvas-scapdata-sync: command not found ÿÿ Hello Ravi, ÿÿ Try to run: ÿÿ #greenbone-scapdata-sync > > *3. Use below comand to find the issue , got below out put. Pls give > me hint to come out of this issue ..* > > > root@ubuntu:/home/admin-nfv# ./openvas-check-setup --v9 > openvas-check-setup 2.3.6 > ÿ Test completeness and readiness of OpenVAS-9 > > Please report us any non-detected problems and > ÿ help us to improve this check routine: > http://lists.wald.intevation.org/mailman/listinfo/openvas-discuss > > ÿ Send us the log-file (/tmp/openvas-check-setup.log) to help analyze > the problem. > > ÿ Use the parameter --server to skip checks for client tools > ÿ like GSD and OpenVAS-CLI. > > Step 1: Checking OpenVAS Scanner ... > ÿ OK: OpenVAS Scanner is present in version 5.1+beta3. > ÿ OK: redis-server is present in version v=2.8.4. > ÿ OK: scanner (kb_location setting) is configured properly using the > redis-server socket: /var/run/redis/redis.sock > ÿ OK: redis-server is running and listening on socket: > /var/run/redis/redis.sock. > ÿ OK: redis-server configuration is OK and redis-server is running. > ÿ OK: NVT collection in /var/lib/openvas/plugins contains 50315 NVTs. > ÿ WARNING: Signature checking of NVTs is not enabled in OpenVAS Scanner. > ÿ SUGGEST: Enable signature checking (see > http://www.openvas.org/trusted-nvts.html). > ÿ OK: The NVT cache in /var/cache/openvas contains 50315 files for > 50315 NVTs. > Step 2: Checking OpenVAS Manager ... > ÿ ERROR: OpenVAS Manager too old or too new: 6.1+beta3 ÿÿ It's clear from the log message that ÿyou have older version of OpenVAS-Manager ÿÿ and it is not compatible with V9. ÿÿ Run the below command and check which version you have. #openvasmd --version ÿÿ - Antu > ÿ FIX: Please install OpenVAS Manager 7.0. > ÿ HINT: Please see the --v6/7/8/9 command line options to check other > major versions. > > ÿERROR: Your OpenVAS-9 installation is not yet complete! > > Please follow the instructions marked with FIX above and run this > script again. > > If you think this result is wrong, please report your observation > and help us to improve this check routine: > http://lists.wald.intevation.org/mailman/listinfo/openvas-discuss > Please attach the log-file (/tmp/openvas-check-setup.log) to help us > analyze the problem. > > > Thanks & Regards, > Ravi. > > -----"LeBlanc Benjamin-Hugo (EXT)" > <[email protected]> wrote: ----- > To: Katakam Ravi <[email protected]> > From: "LeBlanc Benjamin-Hugo (EXT)" > <[email protected]> > Date: 11/17/2016 08:48PM > Cc: "[email protected]" > <[email protected]> > Subject: RE: [Openvas-discuss] Need Help to install openvas on ubuntu > 14.04. > > Ravi, > > First, ping feed.openvas.org to check if the packets go through. > > Then, make sure your firewall has port tcp 873 enabled. This should be > pretty easy to troubleshoot. > > True, you can download the full packets, but that will be a hassle > over time. > > Benjamin-Hugo LeBlanc > > *De :*Katakam Ravi [mailto:[email protected]] > *Envoy? :* 17 novembre 2016 09:43 > *? :* LeBlanc Benjamin-Hugo (EXT) > <[email protected]> > *Cc :* [email protected] > *Objet :* RE: [Openvas-discuss] Need Help to install openvas on ubuntu > 14.04. > > Hi ÿBenjamin, > > Thanks for the infomation! followed the same steps > previously(https://launchpad.net/~mrazavi/+archive/ubuntu/openvasÿ > <https://launchpad.net/%7Emrazavi/+archive/ubuntu/openvas>). > > Able to solve key issues , used the below steps to solve it. > > gpg --keyserver hkp://keyserver.ubuntu.com:80 --recv 4AA450E0 > > gpg --export --armor 4AA450E0 | sudo apt-key add - > > *Know facing new ÿissue, ÿunable to ÿrun **/sudo openvas-nvt-sync, > /**because issue of telnet feed.openvas.org 873. * > > *Using wget got the **openvas-nvt-feed-current.tar.bz2, i am struck > **pls suggest me wt have to do next.* > > > Thanks & Regards, > > Ravi. > > > -----"LeBlanc Benjamin-Hugo (EXT)" > <[email protected] > <mailto:[email protected]>> wrote: ----- > > To: Katakam Ravi <[email protected] <mailto:[email protected]>>, > "[email protected] > <mailto:[email protected]>" > <[email protected] > <mailto:[email protected]>> > From: "LeBlanc Benjamin-Hugo (EXT)" > <[email protected] > <mailto:[email protected]>> > Date: 11/17/2016 07:39PM > Subject: RE: [Openvas-discuss] Need Help to install openvas on ubuntu > 14.04. > > Ravi, > > Did you do an apt-get update after adding the repo? These commands > work fine with a fresh installation of Ubuntu Server 16.04, and so > should work also with Ubuntu 14.04 : > > /sudo add-apt-repository ppa:mrazavi/openvas/ > > /sudo apt-get update/ > > /sudo apt-get install openvas #installs openvas-8 (otherwise use > "openvas9")/ > > /sudo apt-get install sqlite3/ > > // > > /sudo openvas-nvt-sync/ > > /sudo openvas-scapdata-sync/ > > /sudo openvas-certdata-sync/ > > // > > /sudo service openvas-scanner restart/ > > /sudo service openvas-manager restart/ > > /sudo service openvas-gsa restart/ > > /sudo openvasmd --rebuild --progress/ > > // > > /apt-get install texlive-full/ > > Hope it helps, > > Benjamin-Hugo LeBlanc > > *De :*Openvas-discuss > [mailto:[email protected]] *De la part de* > Katakam Ravi > *Envoy? :* 16 novembre 2016 09:51 > *? :* [email protected] > <mailto:[email protected]> > *Objet :* [Openvas-discuss] Need Help to install openvas on ubuntu 14.04. > > Hi All, > > Need steps to install openVAS 8/ 9 ÿon ubuntu 14.04. > > please provide the PPA, where i could get the packages. > > With below one i am unable to do it, is there any one ? > > sudo add-apt-repository ppa:mrazavi/openvas > > > Thanks & Regards, > Ravi. > > =====-----=====-----===== > Notice: The information contained in this e-mail > message and/or attachments to it may contain > confidential or privileged information. If you are > not the intended recipient, any dissemination, use, > review, distribution, printing or copying of the > information contained in this e-mail message > and/or attachments to it are strictly prohibited. If > you have received this communication in error, > please notify us by reply e-mail or telephone and > immediately and permanently delete the message > and any attachments. Thank you > > > > _______________________________________________ > Openvas-discuss mailing list > [email protected] > https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://lists.wald.intevation.org/pipermail/openvas-discuss/attachments/20161121/5fc244c7/attachment-0001.html> ------------------------------ Message: 4 Date: Mon, 21 Nov 2016 12:19:58 +0530 From: Antu Sanadi <[email protected]> To: [email protected] Subject: Re: [Openvas-discuss] Can't edit one single port list Message-ID: <[email protected]> Content-Type: text/plain; charset="windows-1252"; Format="flowed" Hi, On Saturday 19 November 2016 01:34 AM, [email protected] wrote: > Hello, > > Trying to edit any of the included port lists and can't. I have two > users, admin and another one. I have deleted all reports, tasks, etc, > and changed targets to not point to the port list I want to to edit. > > None of my port lists show the wrench as either my admin or other > user. If I click on the "All IANA assigned TCP 2012-02-10" port list, > I do not have the option to edit it ad at the bottom it says: "Targets > using this Port List: None." > > If I create a new port list, I can edit that one, and Targets don't > let you add more than one port list. ÿÿWhile creating port list you can select the ÿport range or create port list file and import it. ÿÿFor example T:1-3,U:7,9-11 defines the TCP ports 1, 2 and 3, and the UDP ports 7, 9, 10 and 11. ÿÿI did not understand what is the scenario and where more than one port list is required. - Antu > > Thanks in advance, > > Ted > > > > > _______________________________________________ > Openvas-discuss mailing list > [email protected] > https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://lists.wald.intevation.org/pipermail/openvas-discuss/attachments/20161121/2143235d/attachment-0001.html> ------------------------------ Message: 5 Date: Fri, 18 Nov 2016 16:26:40 +0000 From: Thijs Stuurman <[email protected]> To: "[email protected]" <[email protected]> Subject: [Openvas-discuss] gsad strict transport security Message-ID: <bfb0f9a20b1adf418b7e13f088ab85777a40a...@is-exch-003.office.is.nl> Content-Type: text/plain; charset="us-ascii" OpenVAS users, Someone in my organization noted that the scanner itself isn't compliant to our standards because there is no strict transport security header. Obviously I wanted to quickly show them how easy things can be fixed thus I patched gsad: """ # diff -Naur gsad.c gsad.c_htst --- gsad.c ÿ ÿ ÿ2016-08-25 16:09:08.000000000 +0200 +++ gsad.c_htst 2016-11-18 17:11:19.377228392 +0100 @@ -148,6 +148,11 @@ #define DEFAULT_GSAD_X_FRAME_OPTIONS "SAMEORIGIN" /** + * @brief Default value for HTTP header "Strict-Transport-Security" + */ +#define DEFAULT_GSAD_STRICT_TRANSPORT_SECURITY "max-age=31536000; preload" + +/** ÿÿ* @brief Default value for HTTP header "Content-Security-Policy" ÿÿ*/ #define DEFAULT_GSAD_CONTENT_SECURITY_POLICY \ @@ -179,6 +184,9 @@ ÿÿ if (strcmp (http_content_security_policy, "")) ÿ ÿ ÿ ÿ ÿ ÿ ÿ ÿ ÿ ÿ ÿ ÿ ÿ ÿ ÿ\ ÿÿ ÿ MHD_add_response_header (response, "Content-Security-Policy", ÿ ÿ ÿ ÿ ÿ ÿ \ ÿÿ ÿ ÿ ÿ ÿ ÿ ÿ ÿ ÿ ÿ ÿ ÿ ÿ ÿ ÿhttp_content_security_policy); ÿ ÿ ÿ ÿ ÿ ÿ ÿ ÿ ÿ \ + ÿif (strcmp (http_strict_transport_security, "")) ÿ ÿ ÿ ÿ ÿ ÿ ÿ ÿ ÿ ÿ ÿ ÿ ÿ ÿ\ + ÿ ÿMHD_add_response_header (response, "Strict-Transport-Security", ÿ ÿ ÿ ÿ ÿ \ + ÿ ÿ ÿ ÿ ÿ ÿ ÿ ÿ ÿ ÿ ÿ ÿ ÿ ÿ http_strict_transport_security); ÿ ÿ ÿ ÿ ÿ ÿ ÿ ÿ \ } /** @@ -298,6 +306,11 @@ gchar *http_x_frame_options; /** + * @brief Current value for HTTP header "Strict-Transport-Security" + */ +gchar *http_strict_transport_security; + +/** ÿÿ* @brief Current value for HTTP header "Content-Security-Policy" ÿÿ*/ gchar *http_content_security_policy; @@ -4923,6 +4936,7 @@ ÿÿ static gchar *guest_pass = NULL; ÿÿ static gchar *http_frame_opts = DEFAULT_GSAD_X_FRAME_OPTIONS; ÿÿ static gchar *http_csp = DEFAULT_GSAD_CONTENT_SECURITY_POLICY; + ÿstatic gchar *http_htst = DEFAULT_GSAD_STRICT_TRANSPORT_SECURITY; ÿÿ static gchar *http_guest_chart_frame_opts ÿÿ ÿ ÿ ÿ ÿ ÿ ÿ ÿ ÿ = DEFAULT_GSAD_GUEST_CHART_X_FRAME_OPTIONS; ÿÿ static gchar *http_guest_chart_csp @@ -5031,6 +5045,7 @@ ÿÿ http_x_frame_options = http_frame_opts; ÿÿ http_content_security_policy = http_csp; + ÿhttp_strict_transport_security = http_htst; ÿÿ http_guest_chart_x_frame_options = http_guest_chart_frame_opts; ÿÿ http_guest_chart_content_security_policy = http_guest_chart_csp; """ Perhaps a welcome addition in feature versions? Patching myself is an option but not very elegant. I do not want to resort to putting something like Apache or Nginx in front of it either. (it's only accessible to some system/network admins through a 2FA VPN anyway) Thijs Stuurman Security Operations Center PGP Key-ID: 0x16ADC048 Fingerprint: 2EDB 9B42 D6E8 7D4B 6E02 8BE5 6D46 8007 16AD C048 Internedservices - a KPN Company Wielingenstraat 8 | 1441 ZR Purmerend | The Netherlands T: +31(0)299476185 | M: +31(0)624366778 W: https://www.internedservices.nl<https://www.internedservices.nl/> | L: http://nl.linkedin.com/in/thijsstuurman -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://lists.wald.intevation.org/pipermail/openvas-discuss/attachments/20161118/c09eb66d/attachment-0001.html> ------------------------------ Message: 6 Date: Mon, 21 Nov 2016 08:16:07 +0100 From: Christian Fischer <[email protected]> To: [email protected] Subject: Re: [Openvas-discuss] gsad strict transport security Message-ID: <[email protected]> Content-Type: text/plain; charset=windows-1252 Hi, On 18.11.2016 17:26, Thijs Stuurman wrote: > Perhaps a welcome addition in feature versions? Patching myself is an option > but not very elegant. the upcoming OpenVAS 9 has already included the following parameter to gsad: --http-sts ÿ ÿ ÿ ÿ ÿ ÿ ÿ ÿ ÿ ÿ ÿ ÿ ÿ ÿ ÿ ÿ ÿ ÿ Enable HTTP Strict-Tranport-Security header. --http-sts-max-age=<max-age> ÿ ÿ ÿ ÿ ÿ ÿ ÿ ÿ ÿ max-age in seconds for HTTP Strict-Tranport-Security header. ÿDefaults to "31536000". Regards, -- Christian Fischer | PGP Key: 0x54F3CE5B76C597AD Greenbone Networks GmbH | http://greenbone.net Neuer Graben 17, 49074 Osnabr?ck, Germany | AG Osnabr?ck, HR B 202460 Gesch?ftsf?hrer: Lukas Grunwald, Dr. Jan-Oliver Wagner ------------------------------ Message: 7 Date: Mon, 21 Nov 2016 13:35:17 +0530 From: Antu Sanadi <[email protected]> To: [email protected] Subject: Re: [Openvas-discuss] PDF report stuck Message-ID: <[email protected]> Content-Type: text/plain; charset="windows-1252"; Format="flowed" Hello Abel, To be a more specific, you can get it from ÿCommandline Interface (CLI) http://www.openvas.org/install-source.htmlÿÿand After installing run the # omp --help ÿfor more details. -Antu On Monday 21 November 2016 03:12 AM, F?bio Fernandes wrote: > That seems like a huge report. Try to get it through the manager API. > > Fabio > >> No dia 20/11/2016, ?s 08:33, Abel Browarnik <[email protected] >> <mailto:[email protected]>> escreveu: >> >> Hi, >> I have run a scan for a bunch of endpoints. The result seems to be >> quite big. As a result (I guess) when I ask to download a pdf report >> I see the browser stuck and no report is obtained. How can I obtain >> it, even manually? >> The XML file is 24.8 MB. Maybe this gives a clue? >> Thank you in advance >> Abel >> _______________________________________________ >> Openvas-discuss mailing list >> [email protected] >> <mailto:[email protected]> >> https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss > > > > _______________________________________________ > Openvas-discuss mailing list > [email protected] > https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://lists.wald.intevation.org/pipermail/openvas-discuss/attachments/20161121/d915ef56/attachment-0001.html> ------------------------------ Subject: Digest Footer _______________________________________________ Openvas-discuss mailing list [email protected] https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss ------------------------------ End of Openvas-discuss Digest, Vol 118, Issue 21 ************************************************
_______________________________________________ Openvas-discuss mailing list [email protected] https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss
