Hello Fabio, thanks for your email. I confirmed that the OpenVAS machine does have ping/ssh connectivity to the test target. nmap is installed. It's version 7.01 which openvas-check-setup complains about; but I do see the spray of packets and replies when the test runs, so it seems to be functional.
In Configuration -> Scan Configs, "Full and very deep" is listed with 0 familes and 0 NVTs; but when I click into it, I see "53928 of 53943 in selected families" so that seems OK. There was no openvassd.conf so I created /etc/openvas/openvassd.conf containing just "log_whole_attack = yes" and after restarting the scanner daemon, I'm now getting reports for vulnerabilities. Thanks! Seems like that configuration file should have been created by the package installer if its presence is necessary? Cheers, Dave On Mon, Jul 03, 2017 at 08:00:13PM +0100, Fábio Fernandes wrote: > First check if you have conectivity to the host from the OpenVAS > Scanner machine (ping, telnet a known open port, etc.) > Then check if you have nmap installed. > If that is ok check if the NVTs installed are ok by checking how many > NVTs Full and very deep config is using on the Scan config menu. > If the number is between 40000 and 50000 then it is ok. > If that is ok then activate scan nvt execution logs by activating it > in the openvassd.conf (the path depends on the installation and > distro) and in the Full and very deep config. I think that for both > the option is log_whole_attack and check the results. > Fabio > > Em 03/07/2017 14:39, "Dave Holland" <[1][email protected]> escreveu: > > I'm trying out OpenVAS 9 (on Ubuntu Xenial; installed from the > PPA) and > I can't get any reports out of it. When I run a scan, tcpdump > shows > packets going to/from the target machine, but the result is > always: > >> The report is empty. This can happen for the following reasons: > >> The target hosts could be regarded dead. > The target machine allows ping and has port 22 open. I've set the > alive > test to "ICMP ping" and "Consider alive", no difference in > behaviour. > I checked that redis has the "save 900 1" line commented out as > suggested elsewhere in the mailing list archives; and redis is > running > OK. > The openvassd.messages log messages show nothing obviously > unusual: > [Mon Jul 3 13:09:10 2017][4400] Starts a new scan. Target(s) : > 172.27.88.182, with max_hosts = 20 and max_checks = 4 > [Mon Jul 3 13:09:10 2017][4400] exclude_hosts: Skipped 0 host(s). > [Mon Jul 3 13:09:10 2017][4400] source_iface: Using eth0 > (172.30.17.111 / fe80::8faf:6dcf:d449:fe9a). > [Mon Jul 3 13:09:10 2017][4400] Testing 172.27.88.182 > (172.27.88.182) [4512] > [Mon Jul 3 13:09:10 2017][4512] Finished testing 172.27.88.182. > Time : 0.51 secs > [Mon Jul 3 13:09:10 2017][4400] Test complete > [Mon Jul 3 13:09:10 2017][4400] Total time to scan all hosts : 9 > seconds > And openvasmd.log: > event task:MESSAGE:2017-07-03 13h09.00 UTC:4399: Status of task > 172.27.88.182 full and very deep (8b0a210b-3fce-4efe-9a91- > 4ce48ee0b407) has changed to Requested > event task:MESSAGE:2017-07-03 13h09.00 UTC:4399: Task > 172.27.88.182 full and very deep (8b0a210b-3fce-4efe-9a91- > 4ce48ee0b407) has been requested to start by admin > md manage: INFO:2017-07-03 13h09.01 UTC:4402: > nvt_selector_plugins: NVTs not explicitly activated anymore for > this config: 1.3.6.1.4.1.25623.1.0.10265;1. > 3.6.1.4.1.25623.1.0.103914;1.3.6.1.4.1.25623.1.0.103978;1. > 3.6.1.4.1.25623.1.0.95888;1.3.6.1.4.1.25623.1.0.12241;1.3.6. > 1.4.1.25623.1.0.11933;1.3.6.1.4.1.25623.1.0.103416;1.3.6.1. > 4.1.25623.1.0.12288;1.3.6.1.4.1.25623.1.0.80010;1.3.6.1.4.1. > 25623.1.0.810010;1.3.6.1.4.1.25623.1.0.10870;1.3.6.1.4.1. > 25623.1.0.80011;1.3.6.1.4.1.25623.1.0.103585;1.3.6.1.4.1. > 25623.1.0.103697;1.3.6.1.4.1.25623.1.0.100509;1.3.6.1.4.1. > 25623.1.0.80104;1.3.6.1.4.1.25623.1.0.80086;1.3.6.1.4.1. > 25623.1.0.900238;. Please adjust the config if you think this is > wrong. > event task:MESSAGE:2017-07-03 13h09.02 UTC:4402: Status of task > 172.27.88.182 full and very deep (8b0a210b-3fce-4efe-9a91- > 4ce48ee0b407) has changed to Running > event task:MESSAGE:2017-07-03 13h09.11 UTC:4402: Status of task > 172.27.88.182 full and very deep (8b0a210b-3fce-4efe-9a91- > 4ce48ee0b407) has changed to Done > What can I do to get more debug information? Or can anyone suggest > a > cause? > thanks, > Dave > -- > ** Dave Holland ** Systems Support -- Informatics Systems Group ** > ** 01223 496923 ** The Sanger Institute, Hinxton, Cambridge, UK ** > -- > The Wellcome Trust Sanger Institute is operated by Genome > Research > Limited, a charity registered in England with number 1021457 and > a > company registered in England with number 2742969, whose > registered > office is 215 Euston Road, London, NW1 2BE. > _______________________________________________ > Openvas-discuss mailing list > [2][email protected] > [3]https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/ > openvas-discuss > > References > > 1. mailto:[email protected] > 2. mailto:[email protected] > 3. https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss -- ** Dave Holland ** Systems Support -- Informatics Systems Group ** ** 01223 496923 ** The Sanger Institute, Hinxton, Cambridge, UK ** -- The Wellcome Trust Sanger Institute is operated by Genome Research Limited, a charity registered in England with number 1021457 and a company registered in England with number 2742969, whose registered office is 215 Euston Road, London, NW1 2BE. _______________________________________________ Openvas-discuss mailing list [email protected] https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss
