[Openvas-discuss] Openvas 9 manager connection to remote scanner

Tue, 11 Apr 2017 04:42:51 -0700 

Hi,
We are trying to deploy additional scanner (node_B) to be managed by a central manager (node_A), both with openvas 9 installed. The new version of openvas scanner does not listen to tcp connections, so we are using socat on node_B to forward 9391 tcp to unix socket: node_B# socat -d -d -d TCP-LISTEN:9391,reuseaddr,fork UNIX-CLIENT:/var/run/openvassd.sock 

We create the scanner on node_A:

node_A# openvasmd --create-scanner=test --scanner-host=node_B 
--scanner-port=9391 --scanner-type=OpenVAS 
--scanner-ca-pub=/var/lib/openvas/CA/cacert.pem 
--scanner-key-pub=/var/lib/openvas/CA/clientcert.pem 
--scanner-key-priv=/var/lib/openvas/private/CA/clientkey.pem


Test the connection from node a web interface and get "Service unavailable"

socat output on node_B:


2017/04/11 12:52:57 socat[2496] I socat by Gerhard Rieger - see 
www.dest-unreach.org
2017/04/11 12:52:57 socat[2496] I This product includes software 
developed by the OpenSSL Project for use in the OpenSSL Toolkit. 
(http://www.openssl.org/)
2017/04/11 12:52:57 socat[2496] I This product includes software written 
by Tim Hudson ([email protected])

2017/04/11 12:52:57 socat[2496] I setting option "so-reuseaddr" to 1
2017/04/11 12:52:57 socat[2496] I setting option "fork" to 1
2017/04/11 12:52:57 socat[2496] I socket(2, 1, 6) -> 5
2017/04/11 12:52:57 socat[2496] I starting accept loop
2017/04/11 12:52:57 socat[2496] N listening on AF=2 0.0.0.0:9391
2017/04/11 12:53:07 socat[2496] I accept(5, {2, AF=2 node_A:41328}, 16) -> 6

2017/04/11 12:53:07 socat[2496] N accepting connection from AF=2 
node_A:41328 on AF=2 node_B:9391
2017/04/11 12:53:07 socat[2496] I permitting connection from AF=2 
node_A:41328

2017/04/11 12:53:07 socat[2496] N forked off child process 2501
2017/04/11 12:53:07 socat[2496] I close(6)
2017/04/11 12:53:07 socat[2496] I still listening
2017/04/11 12:53:07 socat[2496] N listening on AF=2 0.0.0.0:9391
2017/04/11 12:53:07 socat[2501] I just born: child process 2501
2017/04/11 12:53:07 socat[2501] I just born: child process 2501
2017/04/11 12:53:07 socat[2501] I close(5)

2017/04/11 12:53:07 socat[2501] N opening connection to AF=1 
"/var/run/openvassd.sock"

2017/04/11 12:53:07 socat[2501] I socket(1, 1, 0) -> 5

2017/04/11 12:53:07 socat[2501] N successfully connected from local 
address AF=1 "\xEE\xEE\xEE\xEE\xEE\xEE"

2017/04/11 12:53:07 socat[2501] I resolved and opened all sock addresses

2017/04/11 12:53:07 socat[2501] N starting data transfer loop with FDs 
[6,6] and [5,5]

2017/04/11 12:53:07 socat[2501] I transferred 250 bytes from 6 to 5

2017/04/11 12:53:07 socat[2501] W read(5, 0xfcae90, 8192): Connection 
reset by peer

2017/04/11 12:53:07 socat[2501] N socket 2 to socket 1 is in error
2017/04/11 12:53:07 socat[2501] N socket 2 (fd 5) is at EOF
2017/04/11 12:53:07 socat[2501] I shutdown(6, 1)
2017/04/11 12:53:07 socat[2501] N socket 1 (fd 6) is at EOF
2017/04/11 12:53:07 socat[2501] I shutdown(5, 1)
2017/04/11 12:53:07 socat[2501] N socket 2 (fd 5) is at EOF
2017/04/11 12:53:07 socat[2501] I shutdown(6, 1)

2017/04/11 12:53:07 socat[2501] I shutdown(6, 1): Transport endpoint is 
not connected

2017/04/11 12:53:07 socat[2501] I shutdown(6, 2)

2017/04/11 12:53:07 socat[2501] I shutdown(6, 2): Transport endpoint is 
not connected

2017/04/11 12:53:07 socat[2501] I shutdown(5, 2)
2017/04/11 12:53:07 socat[2501] N exiting with status 0
2017/04/11 12:53:07 socat[2496] N childdied(): handling signal 17
2017/04/11 12:53:07 socat[2496] I childdied(signum=17)
2017/04/11 12:53:07 socat[2496] I childdied(17): cannot identify child 2501
2017/04/11 12:53:07 socat[2496] I waitpid(): child 2501 exited with status 0

2017/04/11 12:53:07 socat[2496] I waitpid(-1, {}, WNOHANG): No child 
processes

2017/04/11 12:53:07 socat[2496] I childdied() finished

openvassd.messages on node_B:
[Tue Apr 11 10:59:20 2017][2669] Unknown client-requested OTP version: .

Is there any doc to configure remote scanner on version 9 ?

Thanks.
Best regards.

_______________________________________________
Openvas-discuss mailing list
[email protected]
https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss














    











					Reply via email to