Re: [Openvas-discuss] Problems to migrate V7 to V8 OpenVAS
well, please put your redis-server configuration on pastebin.ca .. usually problem is incorrect permission on socket, or socket in wrong place or redis-server is not started .. -- Eero 2015-07-06 13:04 GMT+03:00 LABOURIAUX Pierrick pierri...@exakis.com: Hi all, I try to to migrate my OpenVAS v7 version, to the newer v8 version. (with auto-update) But, when I pass the script to ckeck the configuration, i have this : « FIX: You should start the redis-server or configure it to listen on socket: /tmp/redis.sock » Anyone does know how to solve this ? I tried to reinstall Redis-server, and add the line to listen the socket. But no Effect. Install on CentOs 7. Thank you. Cordialement, *Pierrick Labouriaux* pierri...@exakis.com veroniq...@exakis.com ___ Openvas-discuss mailing list Openvas-discuss@wald.intevation.org https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss ___ Openvas-discuss mailing list Openvas-discuss@wald.intevation.org https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss
[Openvas-discuss] Problems to migrate V7 to V8 OpenVAS
Hi all, I try to to migrate my OpenVAS v7 version, to the newer v8 version. (with auto-update) But, when I pass the script to ckeck the configuration, i have this : FIX: You should start the redis-server or configure it to listen on socket: /tmp/redis.sock Anyone does know how to solve this ? I tried to reinstall Redis-server, and add the line to listen the socket. But no Effect. Install on CentOs 7. Thank you. Cordialement, Pierrick Labouriaux pierri...@exakis.commailto:veroniq...@exakis.com ___ Openvas-discuss mailing list Openvas-discuss@wald.intevation.org https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss
Re: [Openvas-discuss] scan full and fast only performs traceroute
You need to create scan config that does not mark host as dead (not scanning), if it does not respond ping requests.. -- Eero 2015-07-06 11:27 GMT+03:00 Luc Romain l...@np6.com: Hello I’m afraid, when i perform a full and fast scan, openvas only does a traceroute or incomplete scans Help me please Luc Here openvassd.messages where X.X.X.X is the ip i want to scan [Mon Jul 6 08:13:28 2015][28385] Starts a new scan. Target(s) : X.X.X.X, with max_hosts = 20 and max_checks = 4 [Mon Jul 6 08:13:28 2015][28385] exclude_hosts: Skipped 0 host(s). [Mon Jul 6 08:13:28 2015][28385] Testing X.X.X.X (:::X.X.X.X) [28389] [Mon Jul 6 08:14:06 2015][28726] open_sock_tcp: X.X.X.X:8080 time-out. [Mon Jul 6 08:14:23 2015][28909] open_sock_tcp: X.X.X.X:15 time-out. [Mon Jul 6 08:14:51 2015][28389] Finished testing X.X.X.X. Time : 83.42 secs [Mon Jul 6 08:14:52 2015][28385] Test complete [Mon Jul 6 08:14:52 2015][28385] Total time to scan all hosts : 91 seconds ___ Openvas-discuss mailing list Openvas-discuss@wald.intevation.org https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss ___ Openvas-discuss mailing list Openvas-discuss@wald.intevation.org https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss
[Openvas-discuss] scan full and fast only performs traceroute
Hello I'm afraid, when i perform a full and fast scan, openvas only does a traceroute or incomplete scans Help me please Luc Here openvassd.messages where X.X.X.X is the ip i want to scan [Mon Jul 6 08:13:28 2015][28385] Starts a new scan. Target(s) : X.X.X.X, with max_hosts = 20 and max_checks = 4 [Mon Jul 6 08:13:28 2015][28385] exclude_hosts: Skipped 0 host(s). [Mon Jul 6 08:13:28 2015][28385] Testing X.X.X.X (:::X.X.X.X) [28389] [Mon Jul 6 08:14:06 2015][28726] open_sock_tcp: X.X.X.X:8080 time-out. [Mon Jul 6 08:14:23 2015][28909] open_sock_tcp: X.X.X.X:15 time-out. [Mon Jul 6 08:14:51 2015][28389] Finished testing X.X.X.X. Time : 83.42 secs [Mon Jul 6 08:14:52 2015][28385] Test complete [Mon Jul 6 08:14:52 2015][28385] Total time to scan all hosts : 91 seconds ___ Openvas-discuss mailing list Openvas-discuss@wald.intevation.org https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss
Re: [Openvas-discuss] Problems to migrate V7 to V8 OpenVAS
well, you should be familiar how to enable and start services. maybe your redis-server (deamon/service) is not up and running? Eero 2015-07-06 14:31 GMT+03:00 LABOURIAUX Pierrick pierri...@exakis.com: Hello Eero, Thank you for your answer, below, my response to Michael Meyer. I paste my configuration file on pastebin, (http://pastebin.ca/3048530). Thank you in advance for any answer. Regards, *Pierrick Labouriaux* pierri...@exakis.com veroniq...@exakis.com +33 (0)6 71 84 24 24 *De :* eero.t.voloti...@gmail.com [mailto:eero.t.voloti...@gmail.com] *De la part de* Eero Volotinen *Envoyé :* lundi 6 juillet 2015 12:24 *À :* LABOURIAUX Pierrick *Cc :* openvas-discuss@wald.intevation.org *Objet :* Re: [Openvas-discuss] Problems to migrate V7 to V8 OpenVAS well, please put your redis-server configuration on pastebin.ca .. usually problem is incorrect permission on socket, or socket in wrong place or redis-server is not started .. -- Eero 2015-07-06 13:04 GMT+03:00 LABOURIAUX Pierrick pierri...@exakis.com: Hi all, I try to to migrate my OpenVAS v7 version, to the newer v8 version. (with auto-update) But, when I pass the script to ckeck the configuration, i have this : « FIX: You should start the redis-server or configure it to listen on socket: /tmp/redis.sock » Anyone does know how to solve this ? I tried to reinstall Redis-server, and add the line to listen the socket. But no Effect. Install on CentOs 7. Thank you. Cordialement, *Pierrick Labouriaux* pierri...@exakis.com veroniq...@exakis.com ___ Openvas-discuss mailing list Openvas-discuss@wald.intevation.org https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss ___ Openvas-discuss mailing list Openvas-discuss@wald.intevation.org https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss
Re: [Openvas-discuss] Can't get openvasmd to build the database
On Freitag, 19. Juni 2015, Wiza, David wrote: A long time ago, I posted about an issue where OpenVAS was not loading custom plugins. I could run them with the openvas-nasl command-line tool, but they would not appear in GSA as a plugin I could add to a scan config. At the time, I was running OpenVAS 5. I recently tried to update to OpenVAS 8 and I seem to have completely broken my install. I downloaded the source for all the OpenVAS 8 components, built, and installed them. I migrated the database with openvasmd --migrate, and all was good, except I was finding that OpenVAS *still* wasn't loading my custom plugins. I looked in the openvassd.messages log, and it said it was loading them, but when I try to make a scan config, they're not in the list of plugins. I decided to try deleting my tasks.db database and starting over, and everything went to hell. if you added your custom NVTs, have you placed them into the subdirectory plugins/private/ ? If not, the get removed with the next sync. Next, the custom NVTs will be ignored if not provided with a valid signature and the signature configured for the scanner. For a trial you could add nasl_no_signature_check=yes to openvasd.conf. Then it will be considered regardless of digital signatures. Check with openvassd -s whether setting are properly done. Please check in the section SecInfo/NVTs whether your custom NVTss are there. If yes, you should find them also in the Scan Config editor under the respective family. -- Dr. Jan-Oliver Wagner | +49-541-335084-0 | http://www.greenbone.net/ Greenbone Networks GmbH, Neuer Graben 17, 49074 Osnabrück | AG Osnabrück, HR B 202460 Geschäftsführer: Lukas Grunwald, Dr. Jan-Oliver Wagner ___ Openvas-discuss mailing list Openvas-discuss@wald.intevation.org https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss
Re: [Openvas-discuss] Missing CVEs
On Dienstag, 30. Juni 2015, Public Account wrote: Then, as Timo suggested: rm /usr/local/var/lib/openvas/scap-data/scap.db /usr/local/sbin/openvas-scapdata-sync Again same version (201506240629) but this time the CVE is there !! Bingo! So, some questions arise: - Any clue why this could happen? not really ;-) - Any clue about how to detect there's a problem in the db (before discovering you are missing a CVE)? I am unsure whether it was a detectable problem. Maybe the db was correct as such, just using some wrong assumption about timestamps. - It's a good policy to, once a month for example, delete scap.db and resync? Not in my opinion. One the one hand I've not seen similar problems and on the other hand we won't find out easily about a problem with such a workaround. -- Dr. Jan-Oliver Wagner | +49-541-335084-0 | http://www.greenbone.net/ Greenbone Networks GmbH, Neuer Graben 17, 49074 Osnabrück | AG Osnabrück, HR B 202460 Geschäftsführer: Lukas Grunwald, Dr. Jan-Oliver Wagner ___ Openvas-discuss mailing list Openvas-discuss@wald.intevation.org https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss
Re: [Openvas-discuss] Openvas-8 : Problem trust import report format
On Montag, 29. Juni 2015, Yoann JOUVENT wrote: Thanks for your answers to my problem but I found the solution. Now, I have another problem. When I use the scan config to recover characteristics system, I don't have collected_object. So ovaldi can't realize its analysis. Should we set something extra in the config scan? Which version of ovaldi do you recommend me? In which of the steps described below you got struck? http://www.greenbone.net/learningcenter/oval_sc.html -- Dr. Jan-Oliver Wagner | +49-541-335084-0 | http://www.greenbone.net/ Greenbone Networks GmbH, Neuer Graben 17, 49074 Osnabrück | AG Osnabrück, HR B 202460 Geschäftsführer: Lukas Grunwald, Dr. Jan-Oliver Wagner ___ Openvas-discuss mailing list Openvas-discuss@wald.intevation.org https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss
Re: [Openvas-discuss] openvas fail
On Freitag, 26. Juni 2015, Luc Romain wrote: « My gsad and openvassmd are running so i really don' t know what the problem is... Help me please !!! :( « Gsad is working, i can access to the web interface, see my previous scan (scan has worked 3 times but i dont know why not again) When i execute omp -s (to strat a task), i don't have any result I don't know what to do... now when i launch openvassd, it take well openvassd: Reloaded 30150 of 39478 NVTs to the end in ps -ef. But instead of show « openvassd: waiting fo connection » as before, it shows « openvassd: Reloaded all the NVTs. » and nothing else I've custom some files like images or titles but nothing else. I've recompiled openvas scanner but doesn't work. (maybe this could be usefull but i don't think so) Openvassd.dump (openvassd:785): lib kb_redis-CRITICAL **: get_redis_ctx: redis connection error: No such file or directory if your redis-server is not running, OpenVAS Scanner will not scan. Can you check redis-scanner is running properly? -- Dr. Jan-Oliver Wagner | +49-541-335084-0 | http://www.greenbone.net/ Greenbone Networks GmbH, Neuer Graben 17, 49074 Osnabrück | AG Osnabrück, HR B 202460 Geschäftsführer: Lukas Grunwald, Dr. Jan-Oliver Wagner ___ Openvas-discuss mailing list Openvas-discuss@wald.intevation.org https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss
Re: [Openvas-discuss] Web UI Hangs at Login
On Donnerstag, 25. Juni 2015, Brian Chabot wrote: I have a new install. The check script finished OK. I set up a simple scan of a couple dozen IPs. Next day I come back to check on things and can't get to the tasks list. I enter username and password and click login and it hangs. The problem resolves if I restart the openvas-manager service, but that pauses my scan. Any ideas what's wrong here? which OpenVAS version are you using? -- Dr. Jan-Oliver Wagner | +49-541-335084-0 | http://www.greenbone.net/ Greenbone Networks GmbH, Neuer Graben 17, 49074 Osnabrück | AG Osnabrück, HR B 202460 Geschäftsführer: Lukas Grunwald, Dr. Jan-Oliver Wagner ___ Openvas-discuss mailing list Openvas-discuss@wald.intevation.org https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss
Re: [Openvas-discuss] Web UI Hangs at Login
That's where the fun begins. This issue seems to happen fairly randomly on all of the following: Master server: OpenVAS 7, CentOS 6.6 First slave: OpenVAS 7, CentOS 6.5 Second slave: OpenVAS 6, CentOS 6.5 Third slave: OpenVAS 8, CentOS 7.1.1503 Fourth slave: OpenVAS 7, CentOS 6.5 On Mon, Jul 6, 2015 at 9:21 AM, Jan-Oliver Wagner jan-oliver.wag...@greenbone.net wrote: On Donnerstag, 25. Juni 2015, Brian Chabot wrote: I have a new install. The check script finished OK. I set up a simple scan of a couple dozen IPs. Next day I come back to check on things and can't get to the tasks list. I enter username and password and click login and it hangs. The problem resolves if I restart the openvas-manager service, but that pauses my scan. Any ideas what's wrong here? which OpenVAS version are you using? -- Dr. Jan-Oliver Wagner | +49-541-335084-0 | http://www.greenbone.net/ Greenbone Networks GmbH, Neuer Graben 17, 49074 Osnabrück | AG Osnabrück, HR B 202460 Geschäftsführer: Lukas Grunwald, Dr. Jan-Oliver Wagner ___ Openvas-discuss mailing list Openvas-discuss@wald.intevation.org https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss -- __ Brian Chabot | Infrastructure Systems Administrator millennial media Mobile: +1 603.728.1469 Email: bcha...@millennialmedia.com Web: www.millennialmedia.com ___ Openvas-discuss mailing list Openvas-discuss@wald.intevation.org https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss
Re: [Openvas-discuss] Web UI Hangs at Login
On Montag, 6. Juli 2015, Brian Chabot wrote: That's where the fun begins. This issue seems to happen fairly randomly on all of the following: Master server: OpenVAS 7, CentOS 6.6 First slave: OpenVAS 7, CentOS 6.5 Second slave: OpenVAS 6, CentOS 6.5 Third slave: OpenVAS 8, CentOS 7.1.1503 Fourth slave: OpenVAS 7, CentOS 6.5 next time it occurs, can you check with ps or htop whether there are rebuilding processes of openvas? -- Dr. Jan-Oliver Wagner | +49-541-335084-0 | http://www.greenbone.net/ Greenbone Networks GmbH, Neuer Graben 17, 49074 Osnabrück | AG Osnabrück, HR B 202460 Geschäftsführer: Lukas Grunwald, Dr. Jan-Oliver Wagner ___ Openvas-discuss mailing list Openvas-discuss@wald.intevation.org https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss
Re: [Openvas-discuss] Web UI Hangs at Login
Were the slaves running scans at the same time? We had problems here with such a setup because the slaves were constantly reporting back their results (during the scan) to the master and the master was busy fighting for file locks on the sqlite DB. It was impossible to do anything on the master as long as 2 or more instances were running scans at the same time. I even put the sqlite on a ramdisk to see if it was just slow disk I/O causing the problem, but the problem still persisted. On the bright side I've had good experience with using PostgreSQL as a backend for the central master :-) On 7/6/2015 8:30 AM, Brian Chabot wrote: That's where the fun begins. This issue seems to happen fairly randomly on all of the following: Master server: OpenVAS 7, CentOS 6.6 First slave: OpenVAS 7, CentOS 6.5 Second slave: OpenVAS 6, CentOS 6.5 Third slave: OpenVAS 8, CentOS 7.1.1503 Fourth slave: OpenVAS 7, CentOS 6.5 On Mon, Jul 6, 2015 at 9:21 AM, Jan-Oliver Wagner jan-oliver.wag...@greenbone.net wrote: On Donnerstag, 25. Juni 2015, Brian Chabot wrote: I have a new install. The check script finished OK. I set up a simple scan of a couple dozen IPs. Next day I come back to check on things and can't get to the tasks list. I enter username and password and click login and it hangs. The problem resolves if I restart the openvas-manager service, but that pauses my scan. Any ideas what's wrong here? which OpenVAS version are you using? -- Dr. Jan-Oliver Wagner | +49-541-335084-0 | http://www.greenbone.net/ Greenbone Networks GmbH, Neuer Graben 17, 49074 Osnabrück | AG Osnabrück, HR B 202460 Geschäftsführer: Lukas Grunwald, Dr. Jan-Oliver Wagner ___ Openvas-discuss mailing list Openvas-discuss@wald.intevation.org https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss smime.p7s Description: S/MIME Cryptographic Signature ___ Openvas-discuss mailing list Openvas-discuss@wald.intevation.org https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss
Re: [Openvas-discuss] Web UI Hangs at Login
Of course, today, nothing is hanging yet. When it did, I did check both ps and htop and it looked like absolutely nothing was happening. openvassd openvasmd and gsad were running but idle. iotop showed nothing going on. Memory was mostly free. Processor usage was 99% idle. Restarting all three services pauses scans and allows a login to the web ui. On Mon, Jul 6, 2015 at 9:38 AM, Jan-Oliver Wagner jan-oliver.wag...@greenbone.net wrote: On Montag, 6. Juli 2015, Brian Chabot wrote: That's where the fun begins. This issue seems to happen fairly randomly on all of the following: Master server: OpenVAS 7, CentOS 6.6 First slave: OpenVAS 7, CentOS 6.5 Second slave: OpenVAS 6, CentOS 6.5 Third slave: OpenVAS 8, CentOS 7.1.1503 Fourth slave: OpenVAS 7, CentOS 6.5 next time it occurs, can you check with ps or htop whether there are rebuilding processes of openvas? -- Dr. Jan-Oliver Wagner | +49-541-335084-0 | http://www.greenbone.net/ Greenbone Networks GmbH, Neuer Graben 17, 49074 Osnabrück | AG Osnabrück, HR B 202460 Geschäftsführer: Lukas Grunwald, Dr. Jan-Oliver Wagner ___ Openvas-discuss mailing list Openvas-discuss@wald.intevation.org https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss -- __ Brian Chabot | Infrastructure Systems Administrator millennial media Mobile: +1 603.728.1469 Email: bcha...@millennialmedia.com Web: www.millennialmedia.com ___ Openvas-discuss mailing list Openvas-discuss@wald.intevation.org https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss
Re: [Openvas-discuss] Can't get openvasmd to build the database
-Original Message- From: Openvas-discuss [mailto:openvas-discuss- boun...@wald.intevation.org] On Behalf Of Jan-Oliver Wagner Sent: Monday, July 06, 2015 6:12 AM To: openvas-discuss@wald.intevation.org Subject: Re: [Openvas-discuss] Can't get openvasmd to build the database On Freitag, 19. Juni 2015, Wiza, David wrote: A long time ago, I posted about an issue where OpenVAS was not loading custom plugins. I could run them with the openvas-nasl command-line tool, but they would not appear in GSA as a plugin I could add to a scan config. At the time, I was running OpenVAS 5. I recently tried to update to OpenVAS 8 and I seem to have completely broken my install. I downloaded the source for all the OpenVAS 8 components, built, and installed them. I migrated the database with openvasmd --migrate, and all was good, except I was finding that OpenVAS *still* wasn't loading my custom plugins. I looked in the openvassd.messages log, and it said it was loading them, but when I try to make a scan config, they're not in the list of plugins. I decided to try deleting my tasks.db database and starting over, and everything went to hell. if you added your custom NVTs, have you placed them into the subdirectory plugins/private/ ? If not, the get removed with the next sync. Next, the custom NVTs will be ignored if not provided with a valid signature and the signature configured for the scanner. For a trial you could add nasl_no_signature_check=yes to openvasd.conf. Then it will be considered regardless of digital signatures. Check with openvassd -s whether setting are properly done. Please check in the section SecInfo/NVTs whether your custom NVTss are there. If yes, you should find them also in the Scan Config editor under the respective family. -- Dr. Jan-Oliver Wagner | +49-541-335084-0 | http://www.greenbone.net/ Greenbone Networks GmbH, Neuer Graben 17, 49074 Osnabrück | AG Osnabrück, HR B 202460 Geschäftsführer: Lukas Grunwald, Dr. Jan-Oliver Wagner nasl_no_signature_check=yes was set. I had restarted openvassd numerous times, as well as telling openvasmd to rebuild the database. When I checked the list of NVTs from GSAD, they weren't listed, but the scanner log was showing them as being loaded without errors. In any case, I fixed the problem by completely removing anything to do with OpenVAS from the computer then re-installing OpenVAS from source. It works fine now. ___ Openvas-discuss mailing list Openvas-discuss@wald.intevation.org https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss
Re: [Openvas-discuss] Regarding to OpenVAS Web App Scanning.
Hi, see the documentation available here: I am new to OpenVAS and after installation got first problem and didn't get solution to scan web application. How is that possible? http://greenbone.net/learningcenter/task_webappscan.html ___ Openvas-discuss mailing list Openvas-discuss@wald.intevation.org https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss
[Openvas-discuss] Regarding to OpenVAS Web App Scanning.
Hi All, I am new to OpenVAS and after installation got first problem and didn't get solution to scan web application. How is that possible? Thanks Regards, Shyam Nalawade ___ Openvas-discuss mailing list Openvas-discuss@wald.intevation.org https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss
[Openvas-discuss] Informations CVE, OID, OVAL
Hello, I would like to know if it's possible to have more information about the OID structure. It is possible to obtain the whole structure about this page? = http://www.openvas.org/openvas-oids.html I need to do some comparison and matching with CVE. For me, CVE is the reference for all vulnerabilities but he is not always present in your reports. In your reports of analyses, I saw one OID reference is always present. With that I guess it's for referencing the vulnerability internally and probably match with OVAL. I founded this page http://www.openvas.org/openvas-cr-13.html for have a matching OVAL! But I don't understand clearly for the moment. Can you help me how I can match the reference between OID and OVAL? Because OVAL use too the CVE reference. Bests regards, Jonathan Rey ___ Openvas-discuss mailing list Openvas-discuss@wald.intevation.org https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss