David, Your initial login was probably too fast after starting the services, they need time to initiate.
I don't know what else to tell you now to help you with the TLS error. (*In my book it's not 100% sure that it actually is a TLS issue even if it implies so) If it's your box and it's publicly connected to the Internet I won't mind taking 30 minutes to try and get it to work for you if you allow me to. Thijs Stuurman Security Operations Center | KPN Internedservices B.V. [email protected] | [email protected] T: +31(0)299476185 | M: +31(0)624366778 PGP Key-ID: 0x16ADC048 (https://pgp.surfnet.nl/) Fingerprint: 2EDB 9B42 D6E8 7D4B 6E02 8BE5 6D46 8007 16AD C048 W: https://www.internedservices.nl | L: http://nl.linkedin.com/in/thijsstuurman -----Oorspronkelijk bericht----- Van: David Rericha [mailto:[email protected]] Verzonden: woensdag 18 oktober 2017 16:06 Aan: Thijs Stuurman <[email protected]>; [email protected] Onderwerp: Re: [Openvas-discuss] Start Task: 503 - Service temporarily down Thijs, I stopped Apache and restarted gsad, openvas-scanner, and openvas-manager. Now when I attempt to login I get: "Login failed. Waiting for OMP service to become available." The only log that has a relevant entry is openvasmd.log: lib auth: INFO:2017-10-18 13h31.15 utc:10725: Authentication configuration not found. So, I attempted to login again and I was able to get in. Seems like there is a timing issue. Then, I attempted to run the task and got the same error: Operation: Start Task Status code: 503 Status message: Service temporarily down The openvasmd.log states: lib serv:WARNING:2017-10-18 13h36.10 UTC:11214: Failed to shake hands with peer: The TLS connection was non-properly terminated. lib serv:WARNING:2017-10-18 13h36.10 UTC:11214: Failed to shutdown server socket event task:MESSAGE:2017-10-18 13h36.10 UTC:11214: Task Penetration Task (6d5e4c84-1ff1-4115-b2aa-7cf3f7bf6d75) could not be started by admin It seems that the tls certs are the problem. But the keys are present as specified in /etc/openvas/openvassd.conf. Anything else I could try? David J. Rericha Project Manager Open Software Solutions, LLC On 10/17/2017 9:10 AM, Thijs Stuurman wrote: > David, > > Gsad not being able to bind to a port is a whole other problem than as you > described earlier with the certificates. > Options: > > - Stop Apache > - Do not bind Apache to port 80 > - Make gsad bind to another port then 80 (or others which are already > in use) > > You can tell gsad where and how to bind, for example: > > gsad -p 443 --listen=0.0.0.0 --mlisten=127.0.0.1 --mport=9390 > --ssl-private-key=/etc/ssl/priv.key --ssl-certificate=/etc/ssl/cert.crt > --http-sts --gnutls-priorities="NORMAL:-VER > S-TLS-ALL:+VERS-TLS1.2:-CIPHER-ALL:+AES-256-CBC" > > This makes it listen on port 443 using the -p options. > See --help for all the possible arguments. > > > Thijs Stuurman > Security Operations Center | KPN Internedservices B.V. > [email protected] | [email protected] > T: +31(0)299476185 | M: +31(0)624366778 PGP Key-ID: 0x16ADC048 > (https://pgp.surfnet.nl/) > Fingerprint: 2EDB 9B42 D6E8 7D4B 6E02 8BE5 6D46 8007 16AD C048 > > W: https://www.internedservices.nl | L: > http://nl.linkedin.com/in/thijsstuurman > > -----Oorspronkelijk bericht----- > Van: David Rericha [mailto:[email protected]] > Verzonden: dinsdag 17 oktober 2017 15:32 > Aan: Thijs Stuurman <[email protected]>; > [email protected] > Onderwerp: Re: [Openvas-discuss] Start Task: 503 - Service temporarily > down > > Thanks, Thjs for your suggestion. I thought i did run this command but reran > it just to make sure. However the same behavior exists. The only relevant > information I found in the logs was in gsad.log. > gsad tries to bind to port 80 but that port is being used by apache. > Here is the entire log: > > gsad main: DEBUG:2017-10-17 13h25.13 utc:29285: main: gettext translation > extensions are enabled (using locale "en_US.UTF-8"). > gsad main:WARNING:2017-10-17 13h25.13 utc:29287: MHD: Failed to bind to port > 80: Address already in use gsad main:WARNING:2017-10-17 13h25.13 utc:29287: > main: start_http_daemon redirect failed ! > gsad main:WARNING:2017-10-17 13h25.56 utc:29286: MHD: Failed to > receive > data: A TLS fatal alert has been received. > gsad main:WARNING:2017-10-17 13h25.56 utc:29286: MHD: Error: received > handshake message out of context > > Any ideas? > > On 10/16/2017 10:04 AM, Thijs Stuurman wrote: >> *It got renamed, sorry; search for openvas-manage-certs: >> >> """ >> :/opt/openvas/bin# ./openvas-manage-certs --help Illegal option -- >> Usage: >> ./openvas-manage-certs [OPTION] - Manage certificate infrastructure for >> an Ope >> nVAS installation >> >> Options: >> -h Print help >> -a Automatically set up default infrastructure for OpenVAS >> """ >> >> Just running it with -a should do the trick. >> >> >> Thijs Stuurman >> Security Operations Center | KPN Internedservices B.V. >> [email protected] | [email protected] >> T: +31(0)299476185 | M: +31(0)624366778 PGP Key-ID: 0x16ADC048 >> (https://pgp.surfnet.nl/) >> Fingerprint: 2EDB 9B42 D6E8 7D4B 6E02 8BE5 6D46 8007 16AD C048 >> >> W: https://www.internedservices.nl | L: >> http://nl.linkedin.com/in/thijsstuurman >> >> >> -----Oorspronkelijk bericht----- >> Van: Openvas-discuss >> [mailto:[email protected]] Namens Thijs >> Stuurman >> Verzonden: maandag 16 oktober 2017 17:03 >> Aan: David Rericha <[email protected]>; >> [email protected] >> Onderwerp: Re: [Openvas-discuss] Start Task: 503 - Service >> temporarily down >> >> David, >> >> Did you run "openvas-mkcert" during your OpenVAS installation to setup and >> configure the certificates for the TLS communication between the services? >> >> >> Thijs Stuurman >> Security Operations Center | KPN Internedservices B.V. >> [email protected] | [email protected] >> T: +31(0)299476185 | M: +31(0)624366778 PGP Key-ID: 0x16ADC048 >> (https://pgp.surfnet.nl/) >> Fingerprint: 2EDB 9B42 D6E8 7D4B 6E02 8BE5 6D46 8007 16AD C048 >> >> W: https://www.internedservices.nl | L: >> http://nl.linkedin.com/in/thijsstuurman >> >> >> -----Oorspronkelijk bericht----- >> Van: Openvas-discuss >> [mailto:[email protected]] Namens David >> Rericha >> Verzonden: maandag 16 oktober 2017 16:53 >> Aan: [email protected] >> Onderwerp: [Openvas-discuss] Start Task: 503 - Service temporarily >> down >> >> Hello. I am running greenbone version 9. I logged in at >> https://localhost:9392, created a new task and tried to run it and got the >> following: >> >> Operation: Start Task >> Status code: 503 >> Status message: Service temporarily down >> >> openvasmd.log reads: >> >> lib serv:WARNING:2017-10-16 14h37.22 UTC:714: Failed to shake hands >> with >> peer: The TLS connection was non-properly terminated. >> lib serv:WARNING:2017-10-16 14h37.22 UTC:714: Failed to shutdown >> server socket event task:MESSAGE:2017-10-16 14h37.22 UTC:714: Task >> Penetration Task >> (6d5e4c84-1ff1-4115-b2aa-7cf3f7bf6d75) could not be started by admin >> >> Any help would be appreciated. Thanks, >> >> -- >> David J. Rericha >> Project Manager >> Open Software Solutions, LLC >> >> _______________________________________________ >> Openvas-discuss mailing list >> [email protected] >> https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-di >> s cuss _______________________________________________ >> Openvas-discuss mailing list >> [email protected] >> https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-di >> s >> cuss >> >> _______________________________________________ Openvas-discuss mailing list [email protected] https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss
