Hello, Same problem here. We're upgrading our distributed scanners architecture from the OpenVAS 8 provided VM appliance to OpenVAS 9 on Ubuntu 16.04 (Mohammad Razavi ppa), and are experiencing some problems linking the various scanners to the main manager. While it worked like a charm with version 8, the road seems a little rocky now.
Providing the distant scanner IP and certs, and opening port 9390 with the "--listen=0.0.0.0" argument to openvasmd, we first tried selecting OMP Slave on the manager. But 'checking' the distant scanner always return the following error: "Status Code 500: Internal Error / An internal error occurred while verifying a scanner. It is unclear whether the scanner was verified or not. Diagnostics: Failure to send command to manager daemon." So we then tried selecting the OpenVAS Scanner type instead of OMP Slave, and we briefly celebrated as we got the "Scanner has been verified" green message. But unfortunately, when launching a scan from the distant manager, it stops at 1% with the openvasmd log stating the following: "md omp: INFO:2017-07-20 13h50.21 utc:11679: Failed to parse client XML: Error on line 1 char 2: ' ' is not a valid character following a '<' character; it may not begin an element name" Hypothesis: Could it be the Mohammad Razavi ppa for Ubuntu 16.04 that does not behave like a manual source install on a generic Debian 8? At this point, we are considering using the OpenVAS 9 Manager with OpenVAS 8 Scanners, unless someone has an idea ! Thanks, Benjamin-Hugo LeBlanc [email protected] De : Roger Davies <[email protected]> A : "Calado, Rui" <[email protected]>, [email protected] Date : 2017-07-24 06:25 Objet : Re: [Openvas-discuss] 1 openvas Manager , multiple scanners (distributed architecture) Envoyé par : "Openvas-discuss" < [email protected]> Hi Rui I think you have to configure the remote managers as 'OMP Slaves' in the main Manager configuration. Roger On 24 July 2017 at 11:09, Calado, Rui <[email protected]> wrote: Hi Roger, First of all, thank you for your answer! I tried to install openvas-manager in the remote scanner machine, but got no improvement. Can you give me your source? To follow all the steps of your suggestion I do not have more ideas for this.. - Rui From: Roger Davies [mailto:[email protected]] Sent: segunda-feira, 24 de julho de 2017 10:52 To: Calado, Rui Cc: [email protected]; Filipe, Luis Subject: Re: [Openvas-discuss] 1 openvas Manager , multiple scanners (distributed architecture) Hi there Rui The scanner service changed the way it works in version 9, it does not now advertise directly on the network. I've not tried this yet myself, but it's been suggested that you can install the manager process on the remote scanners and use that for the main manager connection, the remote manager process will report back all results from the scan. I currently have version 8 scanners on remote sites. Roger On 21 July 2017 at 16:48, Calado, Rui <[email protected]> wrote: Hello, I'm having a hard time implementing a distributed architecture with OpenVAS 9. As I said, my goal is to have only one manager on one machine and then have scanners installed on client machines that do the scans, and the manager gets all the results. Is this possible? Has anyone got it? I done a complete openvas installation (manager, libraries, scanner) at the “central station”. On the “clients”, I have only the openvas scanner installed. I've tried connecting certificates and private keys, with credentials, and it's not working. The connection between machines exists because if the manager decides to scan the client machine (where deamon is installed), using its default scanner, there is connection and results. Any help will be nice - Rui Calado
_______________________________________________ Openvas-discuss mailing list [email protected] https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss
