Thijs,
I stopped Apache and restarted gsad, openvas-scanner, and
openvas-manager. Now when I attempt to login I get: "Login failed.
Waiting for OMP service to become available."
The only log that has a relevant entry is openvasmd.log:
lib auth: INFO:2017-10-18 13h31.15 utc:10725: Authentication
configuration not found.
So, I attempted to login again and I was able to get in. Seems like
there is a timing issue. Then, I attempted to run the task and got the
same error:
Operation: Start Task
Status code: 503
Status message: Service temporarily down
The openvasmd.log states:
lib serv:WARNING:2017-10-18 13h36.10 UTC:11214: Failed to shake hands
with peer: The TLS connection was non-properly terminated.
lib serv:WARNING:2017-10-18 13h36.10 UTC:11214: Failed to shutdown
server socket
event task:MESSAGE:2017-10-18 13h36.10 UTC:11214: Task Penetration Task
(6d5e4c84-1ff1-4115-b2aa-7cf3f7bf6d75) could not be started by admin
It seems that the tls certs are the problem. But the keys are present as
specified in /etc/openvas/openvassd.conf. Anything else I could try?
David J. Rericha
Project Manager
Open Software Solutions, LLC
On 10/17/2017 9:10 AM, Thijs Stuurman wrote:
David,
Gsad not being able to bind to a port is a whole other problem than as you
described earlier with the certificates.
Options:
- Stop Apache
- Do not bind Apache to port 80
- Make gsad bind to another port then 80 (or others which are already in use)
You can tell gsad where and how to bind, for example:
gsad -p 443 --listen=0.0.0.0 --mlisten=127.0.0.1 --mport=9390
--ssl-private-key=/etc/ssl/priv.key --ssl-certificate=/etc/ssl/cert.crt --http-sts
--gnutls-priorities="NORMAL:-VER
S-TLS-ALL:+VERS-TLS1.2:-CIPHER-ALL:+AES-256-CBC"
This makes it listen on port 443 using the -p options.
See --help for all the possible arguments.
Thijs Stuurman
Security Operations Center | KPN Internedservices B.V.
[email protected] | [email protected]
T: +31(0)299476185 | M: +31(0)624366778
PGP Key-ID: 0x16ADC048 (https://pgp.surfnet.nl/)
Fingerprint: 2EDB 9B42 D6E8 7D4B 6E02 8BE5 6D46 8007 16AD C048
W: https://www.internedservices.nl | L: http://nl.linkedin.com/in/thijsstuurman
-----Oorspronkelijk bericht-----
Van: David Rericha [mailto:[email protected]]
Verzonden: dinsdag 17 oktober 2017 15:32
Aan: Thijs Stuurman <[email protected]>;
[email protected]
Onderwerp: Re: [Openvas-discuss] Start Task: 503 - Service temporarily down
Thanks, Thjs for your suggestion. I thought i did run this command but reran it
just to make sure. However the same behavior exists. The only relevant
information I found in the logs was in gsad.log.
gsad tries to bind to port 80 but that port is being used by apache.
Here is the entire log:
gsad main: DEBUG:2017-10-17 13h25.13 utc:29285: main: gettext translation extensions are
enabled (using locale "en_US.UTF-8").
gsad main:WARNING:2017-10-17 13h25.13 utc:29287: MHD: Failed to bind to port
80: Address already in use gsad main:WARNING:2017-10-17 13h25.13 utc:29287:
main: start_http_daemon redirect failed !
gsad main:WARNING:2017-10-17 13h25.56 utc:29286: MHD: Failed to receive
data: A TLS fatal alert has been received.
gsad main:WARNING:2017-10-17 13h25.56 utc:29286: MHD: Error: received handshake
message out of context
Any ideas?
On 10/16/2017 10:04 AM, Thijs Stuurman wrote:
*It got renamed, sorry; search for openvas-manage-certs:
"""
:/opt/openvas/bin# ./openvas-manage-certs --help Illegal option --
Usage:
./openvas-manage-certs [OPTION] - Manage certificate infrastructure for an
Ope
nVAS installation
Options:
-h Print help
-a Automatically set up default infrastructure for OpenVAS
"""
Just running it with -a should do the trick.
Thijs Stuurman
Security Operations Center | KPN Internedservices B.V.
[email protected] | [email protected]
T: +31(0)299476185 | M: +31(0)624366778 PGP Key-ID: 0x16ADC048
(https://pgp.surfnet.nl/)
Fingerprint: 2EDB 9B42 D6E8 7D4B 6E02 8BE5 6D46 8007 16AD C048
W: https://www.internedservices.nl | L:
http://nl.linkedin.com/in/thijsstuurman
-----Oorspronkelijk bericht-----
Van: Openvas-discuss
[mailto:[email protected]] Namens Thijs
Stuurman
Verzonden: maandag 16 oktober 2017 17:03
Aan: David Rericha <[email protected]>;
[email protected]
Onderwerp: Re: [Openvas-discuss] Start Task: 503 - Service temporarily
down
David,
Did you run "openvas-mkcert" during your OpenVAS installation to setup and
configure the certificates for the TLS communication between the services?
Thijs Stuurman
Security Operations Center | KPN Internedservices B.V.
[email protected] | [email protected]
T: +31(0)299476185 | M: +31(0)624366778 PGP Key-ID: 0x16ADC048
(https://pgp.surfnet.nl/)
Fingerprint: 2EDB 9B42 D6E8 7D4B 6E02 8BE5 6D46 8007 16AD C048
W: https://www.internedservices.nl | L:
http://nl.linkedin.com/in/thijsstuurman
-----Oorspronkelijk bericht-----
Van: Openvas-discuss
[mailto:[email protected]] Namens David
Rericha
Verzonden: maandag 16 oktober 2017 16:53
Aan: [email protected]
Onderwerp: [Openvas-discuss] Start Task: 503 - Service temporarily
down
Hello. I am running greenbone version 9. I logged in at https://localhost:9392,
created a new task and tried to run it and got the following:
Operation: Start Task
Status code: 503
Status message: Service temporarily down
openvasmd.log reads:
lib serv:WARNING:2017-10-16 14h37.22 UTC:714: Failed to shake hands
with
peer: The TLS connection was non-properly terminated.
lib serv:WARNING:2017-10-16 14h37.22 UTC:714: Failed to shutdown
server socket event task:MESSAGE:2017-10-16 14h37.22 UTC:714: Task
Penetration Task
(6d5e4c84-1ff1-4115-b2aa-7cf3f7bf6d75) could not be started by admin
Any help would be appreciated. Thanks,
--
David J. Rericha
Project Manager
Open Software Solutions, LLC
_______________________________________________
Openvas-discuss mailing list
[email protected]
https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-dis
cuss _______________________________________________
Openvas-discuss mailing list
[email protected]
https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-dis
cuss
_______________________________________________
Openvas-discuss mailing list
[email protected]
https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss
