date:20170725

Re: [Openvas-discuss] omp credentials

2017-07-25 Thread Matthew Hall

On Tue, Jul 25, 2017 at 08:39:45AM +0100, Gergely Molnar wrote:
> I'm not sure why it doesn't work. Could anyone point me to the right
> direction, please.
> 
> Note: I didn't restart any of the services between creating and testing the
> credentials.
> 
> Regards,
> Gary

Hi Gary,

I can't answer 100% of your question because I've coded my own OMP client.

But here are some things I did while I was working on this stuff.

Read this specification really closely, because it contains a great deal of 
details.

http://docs.greenbone.net/API/OMP/omp-6.0.html

I created a request like this:

unique_name
comment...
login
password

For the sake of testing where your problem is located, you can send it raw to 
OpenVAS on a TCP socket, if you put this in front of it:

openvas_username
openvas_password

Later on, you have to attach it to a target to use it in a scan:

...
<[ssh|smb|esxi]_lsc_credential id=ID>
(if ssh): PORT

...

Sincerely,
Matthew.
___
Openvas-discuss mailing list
Openvas-discuss@wald.intevation.org
https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss

Re: [Openvas-discuss] URGENT HELP, cant run scheduled task in Openvas 9 on Kali Linux 2017 64bits

2017-07-25 Thread TMC

there is a bug logged for this for this issue  Kali, Debian and openvas.



On 26 July 2017 at 06:39, Josemar Maso  wrote:

> Hello Everyone,
> I have OPENVAS9 on Kali.
> I can't run a scheduled task, manual tasks works
> ok but not scheduled.
> Any solution or advice on how to fix ?
>
> thank you,
>
> Josemar
> Brazil
>
> see below more details:
>
> root@machine# tail -f /var/log/openvas/openvasmd.log
> md manage:WARNING:2017-07-25 17h07.36 utc:28225: manage_schedule: child
> failed
> md manage:WARNING:2017-07-25 17h07.36 utc:28225: reschedule_task:
> rescheduling task '4d5b8fa2-358e-469c-8901-6ef621d676bd'
> md manage:WARNING:2017-07-25 17h07.51 utc:28228: manage_schedule: child
> failed
> md manage:WARNING:2017-07-25 17h07.51 utc:28228: reschedule_task:
> rescheduling task '4d5b8fa2-358e-469c-8901-6ef621d676bd'
> md manage:WARNING:2017-07-25 17h08.06 utc:28235: manage_schedule: child
> failed
> md manage:WARNING:2017-07-25 17h08.06 utc:28235: reschedule_task:
> rescheduling task '4d5b8fa2-358e-469c-8901-6ef621d676bd'
> md manage:WARNING:2017-07-25 17h08.22 utc:28238: manage_schedule: child
> failed
> md manage:WARNING:2017-07-25 17h08.22 utc:28238: reschedule_task:
> rescheduling task '4d5b8fa2-358e-469c-8901-6ef621d676bd'
> md manage:WARNING:2017-07-25 17h08.28 utc:28243: manage_schedule: child
> failed
> md manage:WARNING:2017-07-25 17h08.28 utc:28243: reschedule_task:
> rescheduling task '4d5b8fa2-358e-469c-8901-6ef621d676bd'
>
> -
> root@machine:~# openvas-check-setup
> openvas-check-setup 2.3.7
>   Test completeness and readiness of OpenVAS-9
>
>   Please report us any non-detected problems and
>   help us to improve this check routine:
>   http://lists.wald.intevation.org/mailman/listinfo/openvas-discuss
>
>   Send us the log-file (/tmp/openvas-check-setup.log) to help analyze the
> problem.
>
>   Use the parameter --server to skip checks for client tools
>   like GSD and OpenVAS-CLI.
>
> Step 1: Checking OpenVAS Scanner ...
> OK: OpenVAS Scanner is present in version 5.1.1.
> OK: redis-server is present in version v=3.2.9.
> OK: scanner (kb_location setting) is configured properly using the
> redis-server socket: /var/run/redis/redis.sock
> OK: redis-server is running and listening on socket:
> /var/run/redis/redis.sock.
> OK: redis-server configuration is OK and redis-server is running.
> OK: NVT collection in /var/lib/openvas/plugins contains 54230 NVTs.
> WARNING: Signature checking of NVTs is not enabled in OpenVAS
> Scanner.
> SUGGEST: Enable signature checking (see
> http://www.openvas.org/trusted-nvts.html).
> OK: The NVT cache in /var/cache/openvas contains 54232 files for
> 54230 NVTs.
> Step 2: Checking OpenVAS Manager ...
> OK: OpenVAS Manager is present in version 7.0.2.
> OK: OpenVAS Manager database found in
> /var/lib/openvas/mgr/tasks.db.
> OK: Access rights for the OpenVAS Manager database are correct.
> OK: sqlite3 found, extended checks of the OpenVAS Manager
> installation enabled.
> OK: OpenVAS Manager database is at revision 184.
> OK: OpenVAS Manager expects database at revision 184.
> OK: Database schema is up to date.
> OK: OpenVAS Manager database contains information about 54224 NVTs.
> OK: At least one user exists.
> OK: OpenVAS SCAP database found in /var/lib/openvas/scap-data/sca
> p.db.
> OK: OpenVAS CERT database found in /var/lib/openvas/cert-data/cer
> t.db.
> OK: xsltproc found.
> Step 3: Checking user configuration ...
> WARNING: Your password policy is empty.
> SUGGEST: Edit the /etc/openvas/pwpolicy.conf file to set a
> password policy.
> Step 4: Checking Greenbone Security Assistant (GSA) ...
> OK: Greenbone Security Assistant is present in version 7.0.2.
> OK: Your OpenVAS certificate infrastructure passed validation.
> Step 5: Checking OpenVAS CLI ...
> OK: OpenVAS CLI version 1.4.5.
> Step 6: Checking Greenbone Security Desktop (GSD) ...
> SKIP: Skipping check for Greenbone Security Desktop.
> Step 7: Checking if OpenVAS services are up and running ...
> OK: netstat found, extended checks of the OpenVAS services enabled.
> OK: OpenVAS Scanner is running and listening on a Unix domain
> socket.
> WARNING: OpenVAS Manager is running and listening only on the
> local interface.
> This means that you will not be able to access the OpenVAS Manager
> from the
> outside using GSD or OpenVAS CLI.
> SUGGEST: Ensure that OpenVAS Manager listens on all interfaces
> unless you want
> a local service only.
> OK: Greenbone Security Assistant is listening on port 443, which
> is the default port.
> Step 8: Checking nmap installation ...
> WARNING: Your version of nmap is not fully supported: 7.50
> SUGGEST: You should install nmap 5.51 if you plan to

[Openvas-discuss] URGENT HELP, cant run scheduled task in Openvas 9 on Kali Linux 2017 64bits

2017-07-25 Thread Josemar Maso

Hello Everyone,
I have OPENVAS9 on Kali.
I can't run a scheduled task, manual tasks works
ok but not scheduled.
Any solution or advice on how to fix ?

thank you,

Josemar
Brazil

see below more details:

root@machine# tail -f /var/log/openvas/openvasmd.log
md manage:WARNING:2017-07-25 17h07.36 utc:28225: manage_schedule: child
failed
md manage:WARNING:2017-07-25 17h07.36 utc:28225: reschedule_task:
rescheduling task '4d5b8fa2-358e-469c-8901-6ef621d676bd'
md manage:WARNING:2017-07-25 17h07.51 utc:28228: manage_schedule: child
failed
md manage:WARNING:2017-07-25 17h07.51 utc:28228: reschedule_task:
rescheduling task '4d5b8fa2-358e-469c-8901-6ef621d676bd'
md manage:WARNING:2017-07-25 17h08.06 utc:28235: manage_schedule: child
failed
md manage:WARNING:2017-07-25 17h08.06 utc:28235: reschedule_task:
rescheduling task '4d5b8fa2-358e-469c-8901-6ef621d676bd'
md manage:WARNING:2017-07-25 17h08.22 utc:28238: manage_schedule: child
failed
md manage:WARNING:2017-07-25 17h08.22 utc:28238: reschedule_task:
rescheduling task '4d5b8fa2-358e-469c-8901-6ef621d676bd'
md manage:WARNING:2017-07-25 17h08.28 utc:28243: manage_schedule: child
failed
md manage:WARNING:2017-07-25 17h08.28 utc:28243: reschedule_task:
rescheduling task '4d5b8fa2-358e-469c-8901-6ef621d676bd'

-
root@machine:~# openvas-check-setup
openvas-check-setup 2.3.7
  Test completeness and readiness of OpenVAS-9

  Please report us any non-detected problems and
  help us to improve this check routine:
  http://lists.wald.intevation.org/mailman/listinfo/openvas-discuss

  Send us the log-file (/tmp/openvas-check-setup.log) to help analyze the
problem.

  Use the parameter --server to skip checks for client tools
  like GSD and OpenVAS-CLI.

Step 1: Checking OpenVAS Scanner ...
OK: OpenVAS Scanner is present in version 5.1.1.
OK: redis-server is present in version v=3.2.9.
OK: scanner (kb_location setting) is configured properly using the
redis-server socket: /var/run/redis/redis.sock
OK: redis-server is running and listening on socket:
/var/run/redis/redis.sock.
OK: redis-server configuration is OK and redis-server is running.
OK: NVT collection in /var/lib/openvas/plugins contains 54230 NVTs.
WARNING: Signature checking of NVTs is not enabled in OpenVAS
Scanner.
SUGGEST: Enable signature checking (see http://www.openvas.org/
trusted-nvts.html).
OK: The NVT cache in /var/cache/openvas contains 54232 files for
54230 NVTs.
Step 2: Checking OpenVAS Manager ...
OK: OpenVAS Manager is present in version 7.0.2.
OK: OpenVAS Manager database found in /var/lib/openvas/mgr/tasks.db.
OK: Access rights for the OpenVAS Manager database are correct.
OK: sqlite3 found, extended checks of the OpenVAS Manager
installation enabled.
OK: OpenVAS Manager database is at revision 184.
OK: OpenVAS Manager expects database at revision 184.
OK: Database schema is up to date.
OK: OpenVAS Manager database contains information about 54224 NVTs.
OK: At least one user exists.
OK: OpenVAS SCAP database found in /var/lib/openvas/scap-data/
scap.db.
OK: OpenVAS CERT database found in /var/lib/openvas/cert-data/
cert.db.
OK: xsltproc found.
Step 3: Checking user configuration ...
WARNING: Your password policy is empty.
SUGGEST: Edit the /etc/openvas/pwpolicy.conf file to set a password
policy.
Step 4: Checking Greenbone Security Assistant (GSA) ...
OK: Greenbone Security Assistant is present in version 7.0.2.
OK: Your OpenVAS certificate infrastructure passed validation.
Step 5: Checking OpenVAS CLI ...
OK: OpenVAS CLI version 1.4.5.
Step 6: Checking Greenbone Security Desktop (GSD) ...
SKIP: Skipping check for Greenbone Security Desktop.
Step 7: Checking if OpenVAS services are up and running ...
OK: netstat found, extended checks of the OpenVAS services enabled.
OK: OpenVAS Scanner is running and listening on a Unix domain
socket.
WARNING: OpenVAS Manager is running and listening only on the local
interface.
This means that you will not be able to access the OpenVAS Manager
from the
outside using GSD or OpenVAS CLI.
SUGGEST: Ensure that OpenVAS Manager listens on all interfaces
unless you want
a local service only.
OK: Greenbone Security Assistant is listening on port 443, which is
the default port.
Step 8: Checking nmap installation ...
WARNING: Your version of nmap is not fully supported: 7.50
SUGGEST: You should install nmap 5.51 if you plan to use the nmap
NSE NVTs.
Step 10: Checking presence of optional tools ...
OK: pdflatex found.
OK: PDF generation successful. The PDF report format is likely to
work.
OK: ssh-keygen found, LSC credential generation for GNU/Linux
targets is likely to work.
WARNING: Could not find rpm binary, LSC credential package
generation for

Re: [Openvas-discuss] OpenVas setup

2017-07-25 Thread Christian Fischer

Hi,

On 17.07.2017 12:10, Derek Jackson wrote:
> Hi,
> 
> I'm trying to setup Openvas and it has failed twice now.  I attach the
> output of the last attempt and would appreciate any help you can offer
> to 'uninstall' and to initiate again.
> 
> I'm running the openvas setup process from a virtual machine via Kali if
> that helps.
> 
> Please see attached text file for output information.  The same problem
> seems to occur: unable to create the OpenVas library.
> 
> Happy to discuss if you have a UK number i can call.
> 
> Kind regards
> 
> Derek Jackson

the openvas-setup script is no part of the OpenVAS distribution but a
part of Kali Linux. It might be unknown to members at this mailinglist
what the script is actually doing so it could be needed that you get in
touch with the Kali support community at:

https://forums.kali.org/

Regards,

--

Christian Fischer | PGP Key: 0x54F3CE5B76C597AD
Greenbone Networks GmbH | http://greenbone.net
Neumarkt 12, 49074 Osnabrück, Germany | AG Osnabrück, HR B 202460
Geschäftsführer: Lukas Grunwald, Dr. Jan-Oliver Wagner
___
Openvas-discuss mailing list
Openvas-discuss@wald.intevation.org
https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss

Re: [Openvas-discuss] Checking for cve 2017-0199

2017-07-25 Thread Ali Khalfan

thanks


 Original Message 
Subject: Re: [Openvas-discuss] Checking for cve 2017-0199
From: Roger Davies 
To: Ali Khalfan 
CC: openvas-discuss@wald.intevation.org
Date: Tue Jul 25 2017 09:53:56 GMT+0300 (AST)
> Hi there
>
> Yes, it's in two monthly rollup checks and also in checks for Office
> KB3141529, KB3141538, KB3178702, KB3178703, KB3178710 and KB4014793.
>
> In total, 8 nasl checks, and these are authenticated.
>
>
> Roger
>
>
> On 28 June 2017 at 19:21, Ali Khalfan  > wrote:
>
> Dear All,
> Is there a .nasl available to check if a host is vulnerable to cve
> 2017-0199.
>
> I understand this requires authenticated scanning but is it
> available at all ?
>
> Ali
> -- 
> Sent from my Android device with K-9 Mail. Please excuse my brevity.
> ___
> Openvas-discuss mailing list
> Openvas-discuss@wald.intevation.org
> 
> https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss
> 
> 
>
>
>
>

___
Openvas-discuss mailing list
Openvas-discuss@wald.intevation.org
https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss

[Openvas-discuss] omp credentials

2017-07-25 Thread Gergely Molnar

Hi,

I'm struggling to get omp credentials work on openvas8 / debian 8 Jessie
(actually raspbian).
I'd like to automate the scans and would lik to avoid leaving the user/pw
in the scripts. And the web interface is not an option.
So what I've tried and found so far:

ran the command described in references:
omp -u  -w  --xml='
  Admin on pi
  admin
  admin
  Credentials with pw
'

this gives back:
 status_text="OK, resource
created" status="201">

but it does ask for a password on each omp command on admin password:
$ omp --xml=""
Enter password:
Failed to authenticate.

empty pw:
$ omp --xml=""
Enter password:
Password must be set.

on some sites people advise to use this form of the command:
omp --xml='

Admin on raspGerry
admin

-BEGIN RSA PRIVATE KEY- ... -END RSA
PRIVATE KEY-
..

'

this complained on the bogus  tag, removing that it returned an OK,
but again asked for password no matter what, and didn't recognise any of
the actual passwords I use on this system.

I can get the credentials back from openvas with:
$ omp -u  -w  -i --xml=""
(in which there's a tag: 0 that suspicious)

or I can delete the credentials with:
   omp omp -u  -w  --xml=' />'

I'm not sure why it doesn't work. Could anyone point me to the right
direction, please.

Note: I didn't restart any of the services between creating and testing the
credentials.

Regards,
Gary
___
Openvas-discuss mailing list
Openvas-discuss@wald.intevation.org
https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss

Re: [Openvas-discuss] omp credentials

Re: [Openvas-discuss] URGENT HELP, cant run scheduled task in Openvas 9 on Kali Linux 2017 64bits

[Openvas-discuss] URGENT HELP, cant run scheduled task in Openvas 9 on Kali Linux 2017 64bits

Re: [Openvas-discuss] OpenVas setup

Re: [Openvas-discuss] Checking for cve 2017-0199

[Openvas-discuss] omp credentials

6 matches

Site Navigation

Mail list logo

Footer information