Re: [Openvas-discuss] Scanner Master Slave setup

Louis Bohm Fri, 23 Feb 2018 07:05:30 -0800

I got it working but not sure why.  So if I use a username/password and set the 
credential to allow insecure=yes the client comes back with a 200 response but 
does nothing.  If I change the credential to allow insecure=no the client comes 
back with:
md   main:  DEBUG:2018-02-23 15h01.16 UTC:25782: -> client: 
<create_credential_response status="400" status_text="Erroneous private key or 
associated passphrase"/>
but then the scan starts…


Very odd.

I will have to try the same thing but with the servercert.pem and see if that 
works.

Louis
:::::
Louis Bohm - Sr. Systems Engineer
        Dell TechDirect Certified

> On Feb 23, 2018, at 9:59 AM, Louis Bohm <[email protected]> wrote:
> 
> That yelled me this on the client but still the scan has not progressed from 
> Requested.
> 
> Client:
> lib  serv:  DEBUG:2018-02-23 14h37.52 utc:25578:    Shook hands with peer.
> md   main:  DEBUG:2018-02-23 14h37.52 utc:25578:    Serving OMP.
> md   main:  DEBUG:2018-02-23 14h37.52 utc:25578: <= client  Input may contain 
> password, suppressed.
> md    omp:  DEBUG:2018-02-23 14h37.52 utc:25578:    XML  start: authenticate 
> (0)
> md    omp:  DEBUG:2018-02-23 14h37.52 utc:25578:    client state set: 2
> md    omp:  DEBUG:2018-02-23 14h37.52 utc:25578:    XML  start: credentials 
> (2)
> md    omp:  DEBUG:2018-02-23 14h37.52 utc:25578:    client state set: 3
> md    omp:  DEBUG:2018-02-23 14h37.52 utc:25578:    XML  start: username (3)
> md    omp:  DEBUG:2018-02-23 14h37.52 utc:25578:    client state set: 5
> md    omp:  DEBUG:2018-02-23 14h37.52 utc:25578:    XML   text: admin
> md    omp:  DEBUG:2018-02-23 14h37.52 utc:25578:    XML    end: username
> md    omp:  DEBUG:2018-02-23 14h37.52 utc:25578:    client state set: 3
> md    omp:  DEBUG:2018-02-23 14h37.52 utc:25578:    XML  start: password (3)
> md    omp:  DEBUG:2018-02-23 14h37.52 utc:25578:    client state set: 4
> md    omp:  DEBUG:2018-02-23 14h37.52 utc:25578:    XML   text: ********
> md    omp:  DEBUG:2018-02-23 14h37.52 utc:25578:    XML    end: password
> md    omp:  DEBUG:2018-02-23 14h37.52 utc:25578:    client state set: 3
> md    omp:  DEBUG:2018-02-23 14h37.52 utc:25578:    XML    end: credentials
> md    omp:  DEBUG:2018-02-23 14h37.52 utc:25578:    client state set: 2
> md    omp:  DEBUG:2018-02-23 14h37.52 utc:25578:    XML    end: authenticate
> md   main:  DEBUG:2018-02-23 14h37.52 UTC:25578: -> client: 
> <authenticate_response status="200" 
> status_text="OK"><role>Admin</role><timezone>UTC</timezone><severity>nist</severity></authenticate_response>
> md    omp:  DEBUG:2018-02-23 14h37.52 UTC:25578:    client state set: 1
> md   main:  DEBUG:2018-02-23 14h37.52 UTC:25578: => client  144 bytes
> md   main:  DEBUG:2018-02-23 14h37.52 UTC:25578: => client  done
> I know the username and password are correct.  And the slave even sent a 200 
> response to the master so why is it not working????  So frustrating.
> 
> Louis
> :::::
> Louis Bohm - Sr. Systems Engineer
>       Dell TechDirect Certified
> 
>> On Feb 23, 2018, at 7:42 AM, Thijs Stuurman 
>> <[email protected] 
>> <mailto:[email protected]>> wrote:
>> 
>> Try the /var/lib/openvas/CA/cacert.pem from your slave.
>>  
>> Thijs Stuurman
>> Security Operations Center | KPN Internedservices B.V.
>> [email protected] 
>> <mailto:[email protected]> | [email protected] 
>> <mailto:[email protected]>
>> T: +31(0)299476185 | M: +31(0)624366778
>> PGP Key-ID: 0x16ADC048 (https://pgp.surfnet.nl/ <https://pgp.surfnet.nl/>)
>> Fingerprint: 2EDB 9B42 D6E8 7D4B 6E02 8BE5 6D46 8007 16AD C048
>>  
>> W: https://www.internedservices.nl <https://www.internedservices.nl/> | L: 
>> https://nl.linkedin.com/in/thijsstuurman 
>> <https://nl.linkedin.com/in/thijsstuurman>
>>  
>> Van: Louis Bohm [mailto:[email protected] <mailto:[email protected]>] 
>> Verzonden: vrijdag 23 februari 2018 13:18
>> Aan: Thijs Stuurman <[email protected] 
>> <mailto:[email protected]>>
>> CC: [email protected] 
>> <mailto:[email protected]>
>> Onderwerp: Re: [Openvas-discuss] Scanner Master Slave setup
>>  
>> According to the doc it says to use: 
>> ${CMAKE_INSTALL_PREFIX}"/var/lib/openvas/CA/servercert.pem.
>> On CentOS 7 that turns out to be: /var/lib/openvas/CA/servercert.pem 
>> according to openvas-manage-certs -V
>> [root@pci-sec02 ~]# openvas-manage-certs -V
>> OK: Directory for keys (/var/lib/openvas/private/CA) exists.
>> OK: Directory for certificates (/var/lib/openvas/CA) exists.
>> OK: CA key found in /var/lib/openvas/private/CA/cakey.pem
>> OK: CA certificate found in /var/lib/openvas/CA/cacert.pem
>> OK: CA certificate verified.
>> OK: Certificate /var/lib/openvas/CA/servercert.pem verified.
>> OK: Certificate /var/lib/openvas/CA/clientcert.pem verified.
>>  
>> Is it not the servercert.pem from the slave openvas host that I am supposed 
>> to use?
>>  
>> Louis
>> :::::
>> Louis Bohm - Sr. Systems Engineer
>>             Dell TechDirect Certified 
>>  
>> On Feb 23, 2018, at 5:09 AM, Thijs Stuurman 
>> <[email protected] 
>> <mailto:[email protected]>> wrote:
>>  
>> My best guess is that you didn’t load in the right CA certificate from your 
>> slave at step:
>>  
>> CA Certificate: The certificate you gathered from the slave
>>  
>> Thijs Stuurman
>> Security Operations Center | KPN Internedservices B.V.
>> [email protected] 
>> <mailto:[email protected]> | [email protected] 
>> <mailto:[email protected]>
>> T: +31(0)299476185 | M: +31(0)624366778
>> PGP Key-ID: 0x16ADC048 (https://pgp.surfnet.nl/ <https://pgp.surfnet.nl/>)
>> Fingerprint: 2EDB 9B42 D6E8 7D4B 6E02 8BE5 6D46 8007 16AD C048
>>  
>> W: https://www.internedservices.nl <https://www.internedservices.nl/> | L: 
>> https://nl.linkedin.com/in/thijsstuurman 
>> <https://nl.linkedin.com/in/thijsstuurman>
>>  
>> Van: Openvas-discuss [mailto:[email protected] 
>> <mailto:[email protected]>] Namens Louis Bohm
>> Verzonden: donderdag 22 februari 2018 19:11
>> Aan: [email protected] 
>> <mailto:[email protected]>
>> Onderwerp: [Openvas-discuss] Scanner Master Slave setup
>>  
>> I followed the following doc 
>> https://blog.haardiek.org/setup-openvas-as-master-and-slave.html 
>> <https://blog.haardiek.org/setup-openvas-as-master-and-slave.html> to set up 
>> the master slave environment with the exception that I am doing this on 
>> CentOS 7 with OpenVAS9.
>>  
>> On the master I am getting this:
>> lib  serv:  DEBUG:2018-02-22 17h59.10 UTC:22888:    Connected to server 
>> ‘op4us1opsscan01.domain.net <http://op4us1opsscan01.domain.net/>' port 9393.
>> lib  serv:  DEBUG:2018-02-22 17h59.10 UTC:22888:    Shook hands with server 
>> 'op4us1opsscan01.domain.net <http://op4us1opsscan01.domain.net/>' port 9393.
>> lib  serv:WARNING:2018-02-22 17h59.10 UTC:22888: openvas_server_verify: the 
>> certificate is not trusted
>> lib  serv:WARNING:2018-02-22 17h59.10 UTC:22888: openvas_server_verify: the 
>> certificate hasn't got a known issuer
>>  
>> On the client I am getting this:
>> lib  serv:  DEBUG:2018-02-22 18h05.53 utc:20431:    Shook hands with peer.
>> md   main:  DEBUG:2018-02-22 18h05.53 utc:20431:    Serving OMP.
>>  
>> But in the GUI all I see is Status: Requested and it never changes.
>>  
>> Any idea why this is not working?
>>  
>> Louis
>> :::::
>> Louis Bohm - Sr. Systems Engineer
>>             Dell TechDirect Certified
>

_______________________________________________
Openvas-discuss mailing list
[email protected]
https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss

Re: [Openvas-discuss] Scanner Master Slave setup

Reply via email to