I got it working but not sure why. So if I use a username/password and set the credential to allow insecure=yes the client comes back with a 200 response but does nothing. If I change the credential to allow insecure=no the client comes back with: md main: DEBUG:2018-02-23 15h01.16 UTC:25782: -> client: <create_credential_response status="400" status_text="Erroneous private key or associated passphrase"/> but then the scan starts…
Very odd. I will have to try the same thing but with the servercert.pem and see if that works. Louis ::::: Louis Bohm - Sr. Systems Engineer Dell TechDirect Certified > On Feb 23, 2018, at 9:59 AM, Louis Bohm <lo...@systemgeek.net> wrote: > > That yelled me this on the client but still the scan has not progressed from > Requested. > > Client: > lib serv: DEBUG:2018-02-23 14h37.52 utc:25578: Shook hands with peer. > md main: DEBUG:2018-02-23 14h37.52 utc:25578: Serving OMP. > md main: DEBUG:2018-02-23 14h37.52 utc:25578: <= client Input may contain > password, suppressed. > md omp: DEBUG:2018-02-23 14h37.52 utc:25578: XML start: authenticate > (0) > md omp: DEBUG:2018-02-23 14h37.52 utc:25578: client state set: 2 > md omp: DEBUG:2018-02-23 14h37.52 utc:25578: XML start: credentials > (2) > md omp: DEBUG:2018-02-23 14h37.52 utc:25578: client state set: 3 > md omp: DEBUG:2018-02-23 14h37.52 utc:25578: XML start: username (3) > md omp: DEBUG:2018-02-23 14h37.52 utc:25578: client state set: 5 > md omp: DEBUG:2018-02-23 14h37.52 utc:25578: XML text: admin > md omp: DEBUG:2018-02-23 14h37.52 utc:25578: XML end: username > md omp: DEBUG:2018-02-23 14h37.52 utc:25578: client state set: 3 > md omp: DEBUG:2018-02-23 14h37.52 utc:25578: XML start: password (3) > md omp: DEBUG:2018-02-23 14h37.52 utc:25578: client state set: 4 > md omp: DEBUG:2018-02-23 14h37.52 utc:25578: XML text: ******** > md omp: DEBUG:2018-02-23 14h37.52 utc:25578: XML end: password > md omp: DEBUG:2018-02-23 14h37.52 utc:25578: client state set: 3 > md omp: DEBUG:2018-02-23 14h37.52 utc:25578: XML end: credentials > md omp: DEBUG:2018-02-23 14h37.52 utc:25578: client state set: 2 > md omp: DEBUG:2018-02-23 14h37.52 utc:25578: XML end: authenticate > md main: DEBUG:2018-02-23 14h37.52 UTC:25578: -> client: > <authenticate_response status="200" > status_text="OK"><role>Admin</role><timezone>UTC</timezone><severity>nist</severity></authenticate_response> > md omp: DEBUG:2018-02-23 14h37.52 UTC:25578: client state set: 1 > md main: DEBUG:2018-02-23 14h37.52 UTC:25578: => client 144 bytes > md main: DEBUG:2018-02-23 14h37.52 UTC:25578: => client done > I know the username and password are correct. And the slave even sent a 200 > response to the master so why is it not working???? So frustrating. > > Louis > ::::: > Louis Bohm - Sr. Systems Engineer > Dell TechDirect Certified > >> On Feb 23, 2018, at 7:42 AM, Thijs Stuurman >> <thijs.stuur...@internedservices.nl >> <mailto:thijs.stuur...@internedservices.nl>> wrote: >> >> Try the /var/lib/openvas/CA/cacert.pem from your slave. >> >> Thijs Stuurman >> Security Operations Center | KPN Internedservices B.V. >> thijs.stuur...@internedservices.nl >> <mailto:thijs.stuur...@internedservices.nl> | thijs.stuur...@kpn.com >> <mailto:thijs.stuur...@kpn.com> >> T: +31(0)299476185 | M: +31(0)624366778 >> PGP Key-ID: 0x16ADC048 (https://pgp.surfnet.nl/ <https://pgp.surfnet.nl/>) >> Fingerprint: 2EDB 9B42 D6E8 7D4B 6E02 8BE5 6D46 8007 16AD C048 >> >> W: https://www.internedservices.nl <https://www.internedservices.nl/> | L: >> https://nl.linkedin.com/in/thijsstuurman >> <https://nl.linkedin.com/in/thijsstuurman> >> >> Van: Louis Bohm [mailto:lo...@systemgeek.net <mailto:lo...@systemgeek.net>] >> Verzonden: vrijdag 23 februari 2018 13:18 >> Aan: Thijs Stuurman <thijs.stuur...@internedservices.nl >> <mailto:thijs.stuur...@internedservices.nl>> >> CC: openvas-discuss@wald.intevation.org >> <mailto:openvas-discuss@wald.intevation.org> >> Onderwerp: Re: [Openvas-discuss] Scanner Master Slave setup >> >> According to the doc it says to use: >> ${CMAKE_INSTALL_PREFIX}"/var/lib/openvas/CA/servercert.pem. >> On CentOS 7 that turns out to be: /var/lib/openvas/CA/servercert.pem >> according to openvas-manage-certs -V >> [root@pci-sec02 ~]# openvas-manage-certs -V >> OK: Directory for keys (/var/lib/openvas/private/CA) exists. >> OK: Directory for certificates (/var/lib/openvas/CA) exists. >> OK: CA key found in /var/lib/openvas/private/CA/cakey.pem >> OK: CA certificate found in /var/lib/openvas/CA/cacert.pem >> OK: CA certificate verified. >> OK: Certificate /var/lib/openvas/CA/servercert.pem verified. >> OK: Certificate /var/lib/openvas/CA/clientcert.pem verified. >> >> Is it not the servercert.pem from the slave openvas host that I am supposed >> to use? >> >> Louis >> ::::: >> Louis Bohm - Sr. Systems Engineer >> Dell TechDirect Certified >> >> On Feb 23, 2018, at 5:09 AM, Thijs Stuurman >> <thijs.stuur...@internedservices.nl >> <mailto:thijs.stuur...@internedservices.nl>> wrote: >> >> My best guess is that you didn’t load in the right CA certificate from your >> slave at step: >> >> CA Certificate: The certificate you gathered from the slave >> >> Thijs Stuurman >> Security Operations Center | KPN Internedservices B.V. >> thijs.stuur...@internedservices.nl >> <mailto:thijs.stuur...@internedservices.nl> | thijs.stuur...@kpn.com >> <mailto:thijs.stuur...@kpn.com> >> T: +31(0)299476185 | M: +31(0)624366778 >> PGP Key-ID: 0x16ADC048 (https://pgp.surfnet.nl/ <https://pgp.surfnet.nl/>) >> Fingerprint: 2EDB 9B42 D6E8 7D4B 6E02 8BE5 6D46 8007 16AD C048 >> >> W: https://www.internedservices.nl <https://www.internedservices.nl/> | L: >> https://nl.linkedin.com/in/thijsstuurman >> <https://nl.linkedin.com/in/thijsstuurman> >> >> Van: Openvas-discuss [mailto:openvas-discuss-boun...@wald.intevation.org >> <mailto:openvas-discuss-boun...@wald.intevation.org>] Namens Louis Bohm >> Verzonden: donderdag 22 februari 2018 19:11 >> Aan: openvas-discuss@wald.intevation.org >> <mailto:openvas-discuss@wald.intevation.org> >> Onderwerp: [Openvas-discuss] Scanner Master Slave setup >> >> I followed the following doc >> https://blog.haardiek.org/setup-openvas-as-master-and-slave.html >> <https://blog.haardiek.org/setup-openvas-as-master-and-slave.html> to set up >> the master slave environment with the exception that I am doing this on >> CentOS 7 with OpenVAS9. >> >> On the master I am getting this: >> lib serv: DEBUG:2018-02-22 17h59.10 UTC:22888: Connected to server >> ‘op4us1opsscan01.domain.net <http://op4us1opsscan01.domain.net/>' port 9393. >> lib serv: DEBUG:2018-02-22 17h59.10 UTC:22888: Shook hands with server >> 'op4us1opsscan01.domain.net <http://op4us1opsscan01.domain.net/>' port 9393. >> lib serv:WARNING:2018-02-22 17h59.10 UTC:22888: openvas_server_verify: the >> certificate is not trusted >> lib serv:WARNING:2018-02-22 17h59.10 UTC:22888: openvas_server_verify: the >> certificate hasn't got a known issuer >> >> On the client I am getting this: >> lib serv: DEBUG:2018-02-22 18h05.53 utc:20431: Shook hands with peer. >> md main: DEBUG:2018-02-22 18h05.53 utc:20431: Serving OMP. >> >> But in the GUI all I see is Status: Requested and it never changes. >> >> Any idea why this is not working? >> >> Louis >> ::::: >> Louis Bohm - Sr. Systems Engineer >> Dell TechDirect Certified >
_______________________________________________ Openvas-discuss mailing list Openvas-discuss@wald.intevation.org https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss