date:20171117

Re: [Openvas-discuss] OpenVas9: cannot retrieve max DB number...

2017-11-17 Thread Christian Fischer

Hi,

On 15.11.2017 15:47, Christiaan De Vries wrote:
> Nov 15 14:20:48 DMZ-NVT-01 systemd[1]: Starting LSB: remote network
> security auditor - scanner...
> 
> Nov 15 14:20:48 DMZ-NVT-01 openvas-scanner[1198]: (openvassd:1246): lib 
> kb_redis-CRITICAL **: fetch_max_db_index: cannot retrieve max DB number:
> LOADING Redis is loading the dataset in memory
> 
> Nov 15 14:25:48 DMZ-NVT-01 systemd[1]: openvas-scanner.service: Start
> operation timed out. Terminating.
> 
> Nov 15 14:25:48 DMZ-NVT-01 systemd[1]: Failed to start LSB: remote
> network security auditor - scanner.
> 
> Nov 15 14:25:48 DMZ-NVT-01 systemd[1]: openvas-scanner.service: Unit
> entered failed state.
> 
> Nov 15 14:25:48 DMZ-NVT-01 systemd[1]: openvas-scanner.service: Failed
> with result 'timeout'.

This is probably the known issue where redis is blocking / doesn't
accept any connections anymore. Make sure that you have commented out all:

save xyz

statements in your redis.conf, delete the dump.rdb of redis and then
restart redis.

There are quite a lot posts here at the channel or at the mailinglists
about that where updating redis like explained above helped.

Regards,

--

Christian Fischer | PGP Key: 0x54F3CE5B76C597AD
Greenbone Networks GmbH | http://greenbone.net
Neumarkt 12, 49074 Osnabrück, Germany | AG Osnabrück, HR B 202460
Geschäftsführer: Lukas Grunwald, Dr. Jan-Oliver Wagner
___
Openvas-discuss mailing list
Openvas-discuss@wald.intevation.org
https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss

Re: [Openvas-discuss] Size of /var/lib/openvas/mgr

2017-11-17 Thread Christian Fischer

Hi,

On 16.11.2017 09:28, Romain Fritz wrote:
> In this folder there is a tasks.db file (I assume it's a database) is it
> possible to purge this database in order to have almost the same size as
> the master ?

have a look at the help output of openvasmd (openvasmd --help) which
provides the following commands:

--optimize=Run an optimization:
vacuum, analyze, cleanup-config-prefs, remove-open-port-results,
cleanup-port-names, cleanup-result-severities, cleanup-schedule-times,
rebuild-report-cache or update-report-cache.

vacuum and/or analyze might be the commands you're looking for.

Regards,

--

Christian Fischer | PGP Key: 0x54F3CE5B76C597AD
Greenbone Networks GmbH | http://greenbone.net
Neumarkt 12, 49074 Osnabrück, Germany | AG Osnabrück, HR B 202460
Geschäftsführer: Lukas Grunwald, Dr. Jan-Oliver Wagner
___
Openvas-discuss mailing list
Openvas-discuss@wald.intevation.org
https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss

Re: [Openvas-discuss] OpenVAS9 master/slave setup...

2017-11-17 Thread Christiaan De Vries

Hoi Thijs,

The verify scanner config test informs me that 'Scanner has been verified' and 
when I go into the configuration of the scanner, it shows me the following:

[cid:image001.jpg@01D35F8D.C0282440]

Now, weirdly enough (after a reboot of both nodes) the error message about "the 
certificate hasn't got a known issuer " is gone, and the openvasmd.log (on the 
slave) now shows the following when I initiate a scan (from the master to the 
slave):

mdomp:   INFO:2017-11-17 10h15.32 utc:15657:Failed to parse client XML: 
Error on line 1 char 2: ' ' is not a valid character following a '<' character; 
it may not begin an element name

Any idea what this could imply?

Thanks for your help!
Christiaan de Vries
Digital Planet

From: Thijs Stuurman [mailto:thijs.stuur...@internedservices.nl]
Sent: 17 November 2017 10:03
To: openvas-discuss@wald.intevation.org
Cc: Christiaan De Vries 
Subject: RE: OpenVAS9 master/slave setup...

When creating the New Scanner on the master to configure the slave scanner, did 
you upload the slave's CA certificate? See the screenshot on the site.

Thijs Stuurman
Security Operations Center | KPN Internedservices B.V.
thijs.stuur...@internedservices.nl | 
thijs.stuur...@kpn.com
T: +31(0)299476185 | M: +31(0)624366778
PGP Key-ID: 0x16ADC048 (https://pgp.surfnet.nl/)
Fingerprint: 2EDB 9B42 D6E8 7D4B 6E02 8BE5 6D46 8007 16AD C048

W: https://www.internedservices.nl | L: 
http://nl.linkedin.com/in/thijsstuurman

Van: Openvas-discuss [mailto:openvas-discuss-boun...@wald.intevation.org] 
Namens Christiaan De Vries
Verzonden: donderdag 16 november 2017 13:10
Aan: 
openvas-discuss@wald.intevation.org
Onderwerp: [Openvas-discuss] OpenVAS9 master/slave setup...

Hello everybody,

I'm running OpenVAS9 and am trying to configure a master/slave combination, so 
I followed the instructions in the following post but am running into (what I 
think) are certificate issues:
https://blog.haardiek.org/setup-openvas-as-master-and-slave.html

I see the following messages in the master logs:
lib  serv:  DEBUG:2017-11-15 14h13.40 UTC:2667:Connected to server 
'172.X.X.X' port 9391.
lib  serv:  DEBUG:2017-11-15 14h13.40 UTC:2667:Shook hands with server 
'172.X.x.X' port 9391.
lib  serv:WARNING:2017-11-15 14h13.40 UTC:2667: openvas_server_verify: the 
certificate is not trusted
lib  serv:WARNING:2017-11-15 14h13.40 UTC:2667: openvas_server_verify: the 
certificate hasn't got a known issuer
md manage:WARNING:2017-11-15 14h13.40 UTC:2667: slave_connect: failed to open 
connection to 172.X.X.X on 9391

Now, if I check the certs on the slave, all seems well:
root@DMZ-NVT-01:~# openvas-manage-certs -V
OK: Directory for keys (/var/lib/openvas/private/CA) exists.
OK: Directory for certificates (/var/lib/openvas/CA) exists.
OK: CA key found in /var/lib/openvas/private/CA/cakey.pem
OK: CA certificate found in /var/lib/openvas/CA/cacert.pem
OK: CA certificate verified.
OK: Certificate /var/lib/openvas/CA/clientcert.pem verified.
OK: Certificate /var/lib/openvas/CA/servercert.pem verified.
OK: Your OpenVAS certificate infrastructure passed validation.

Same for the master, the checks are fine:
root@Ubuntu-OpenVAS:/var/log/openvas# openvas-manage-certs -V
OK: Directory for keys (/var/lib/openvas/private/CA) exists.
OK: Directory for certificates (/var/lib/openvas/CA) exists.
OK: CA key found in /var/lib/openvas/private/CA/cakey.pem
OK: CA certificate found in /var/lib/openvas/CA/cacert.pem
OK: CA certificate verified.
OK: Certificate /var/lib/openvas/CA/servercert.pem verified.
OK: Certificate /var/lib/openvas/CA/clientcert.pem verified.
OK: Your OpenVAS certificate infrastructure passed validation.

Any advice on how to debug/tackle/solve this problem?

PS: I've noticed that in the GUI of the master, the following message is 
displayed, not sure if this is related?:

"Certificate currently in use will expire"

Regards,
Christiaan de Vries
Digital Planet

___
Openvas-discuss mailing list
Openvas-discuss@wald.intevation.org
https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss

Re: [Openvas-discuss] OpenVAS9 master/slave setup...

2017-11-17 Thread Thijs Stuurman

Christiaan,

I am not familiar with your current error message.

Thijs Stuurman
Security Operations Center | KPN Internedservices B.V.
thijs.stuur...@internedservices.nl | 
thijs.stuur...@kpn.com
T: +31(0)299476185 | M: +31(0)624366778
PGP Key-ID: 0x16ADC048 (https://pgp.surfnet.nl/)
Fingerprint: 2EDB 9B42 D6E8 7D4B 6E02 8BE5 6D46 8007 16AD C048

W: https://www.internedservices.nl | L: 
http://nl.linkedin.com/in/thijsstuurman

Van: Christiaan De Vries [mailto:christiaan.devr...@evros.ie]
Verzonden: vrijdag 17 november 2017 11:21
Aan: Thijs Stuurman ; 
openvas-discuss@wald.intevation.org
Onderwerp: RE: OpenVAS9 master/slave setup...

Hoi Thijs,

The verify scanner config test informs me that 'Scanner has been verified' and 
when I go into the configuration of the scanner, it shows me the following:

[cid:image002.jpg@01D35F96.B3A7D450]

Now, weirdly enough (after a reboot of both nodes) the error message about "the 
certificate hasn't got a known issuer " is gone, and the openvasmd.log (on the 
slave) now shows the following when I initiate a scan (from the master to the 
slave):

mdomp:   INFO:2017-11-17 10h15.32 utc:15657:Failed to parse client XML: 
Error on line 1 char 2: ' ' is not a valid character following a '<' character; 
it may not begin an element name

Any idea what this could imply?

Thanks for your help!
Christiaan de Vries
Digital Planet

From: Thijs Stuurman [mailto:thijs.stuur...@internedservices.nl]
Sent: 17 November 2017 10:03
To: 
openvas-discuss@wald.intevation.org
Cc: Christiaan De Vries 
>
Subject: RE: OpenVAS9 master/slave setup...

When creating the New Scanner on the master to configure the slave scanner, did 
you upload the slave's CA certificate? See the screenshot on the site.

Thijs Stuurman
Security Operations Center | KPN Internedservices B.V.
thijs.stuur...@internedservices.nl | 
thijs.stuur...@kpn.com
T: +31(0)299476185 | M: +31(0)624366778
PGP Key-ID: 0x16ADC048 (https://pgp.surfnet.nl/)
Fingerprint: 2EDB 9B42 D6E8 7D4B 6E02 8BE5 6D46 8007 16AD C048

W: https://www.internedservices.nl | L: 
http://nl.linkedin.com/in/thijsstuurman

Van: Openvas-discuss [mailto:openvas-discuss-boun...@wald.intevation.org] 
Namens Christiaan De Vries
Verzonden: donderdag 16 november 2017 13:10
Aan: 
openvas-discuss@wald.intevation.org
Onderwerp: [Openvas-discuss] OpenVAS9 master/slave setup...

Hello everybody,

I'm running OpenVAS9 and am trying to configure a master/slave combination, so 
I followed the instructions in the following post but am running into (what I 
think) are certificate issues:
https://blog.haardiek.org/setup-openvas-as-master-and-slave.html

I see the following messages in the master logs:
lib  serv:  DEBUG:2017-11-15 14h13.40 UTC:2667:Connected to server 
'172.X.X.X' port 9391.
lib  serv:  DEBUG:2017-11-15 14h13.40 UTC:2667:Shook hands with server 
'172.X.x.X' port 9391.
lib  serv:WARNING:2017-11-15 14h13.40 UTC:2667: openvas_server_verify: the 
certificate is not trusted
lib  serv:WARNING:2017-11-15 14h13.40 UTC:2667: openvas_server_verify: the 
certificate hasn't got a known issuer
md manage:WARNING:2017-11-15 14h13.40 UTC:2667: slave_connect: failed to open 
connection to 172.X.X.X on 9391

Now, if I check the certs on the slave, all seems well:
root@DMZ-NVT-01:~# openvas-manage-certs -V
OK: Directory for keys (/var/lib/openvas/private/CA) exists.
OK: Directory for certificates (/var/lib/openvas/CA) exists.
OK: CA key found in /var/lib/openvas/private/CA/cakey.pem
OK: CA certificate found in /var/lib/openvas/CA/cacert.pem
OK: CA certificate verified.
OK: Certificate /var/lib/openvas/CA/clientcert.pem verified.
OK: Certificate /var/lib/openvas/CA/servercert.pem verified.
OK: Your OpenVAS certificate infrastructure passed validation.

Same for the master, the checks are fine:
root@Ubuntu-OpenVAS:/var/log/openvas# openvas-manage-certs -V
OK: Directory for keys (/var/lib/openvas/private/CA) exists.
OK: Directory for certificates (/var/lib/openvas/CA) exists.
OK: CA key found in /var/lib/openvas/private/CA/cakey.pem
OK: CA certificate found in /var/lib/openvas/CA/cacert.pem
OK: CA certificate verified.
OK: Certificate /var/lib/openvas/CA/servercert.pem verified.
OK: Certificate /var/lib/openvas/CA/clientcert.pem verified.
OK: Your OpenVAS certificate infrastructure passed validation.

Any advice on how to debug/tackle/solve this problem?

PS: I've noticed that in the GUI of the master, the following message is 
displayed, not sure if this is related?:

"Certificate currently in use will expire"

Regards,
Christiaan de Vries
Digital Planet

Re: [Openvas-discuss] OpenVAS9 master/slave setup...

2017-11-17 Thread Thijs Stuurman

When creating the New Scanner on the master to configure the slave scanner, did 
you upload the slave's CA certificate? See the screenshot on the site.

Thijs Stuurman
Security Operations Center | KPN Internedservices B.V.
thijs.stuur...@internedservices.nl | 
thijs.stuur...@kpn.com
T: +31(0)299476185 | M: +31(0)624366778
PGP Key-ID: 0x16ADC048 (https://pgp.surfnet.nl/)
Fingerprint: 2EDB 9B42 D6E8 7D4B 6E02 8BE5 6D46 8007 16AD C048

W: https://www.internedservices.nl | L: 
http://nl.linkedin.com/in/thijsstuurman

Van: Openvas-discuss [mailto:openvas-discuss-boun...@wald.intevation.org] 
Namens Christiaan De Vries
Verzonden: donderdag 16 november 2017 13:10
Aan: openvas-discuss@wald.intevation.org
Onderwerp: [Openvas-discuss] OpenVAS9 master/slave setup...

Hello everybody,

I'm running OpenVAS9 and am trying to configure a master/slave combination, so 
I followed the instructions in the following post but am running into (what I 
think) are certificate issues:
https://blog.haardiek.org/setup-openvas-as-master-and-slave.html

I see the following messages in the master logs:
lib  serv:  DEBUG:2017-11-15 14h13.40 UTC:2667:Connected to server 
'172.X.X.X' port 9391.
lib  serv:  DEBUG:2017-11-15 14h13.40 UTC:2667:Shook hands with server 
'172.X.x.X' port 9391.
lib  serv:WARNING:2017-11-15 14h13.40 UTC:2667: openvas_server_verify: the 
certificate is not trusted
lib  serv:WARNING:2017-11-15 14h13.40 UTC:2667: openvas_server_verify: the 
certificate hasn't got a known issuer
md manage:WARNING:2017-11-15 14h13.40 UTC:2667: slave_connect: failed to open 
connection to 172.X.X.X on 9391

Now, if I check the certs on the slave, all seems well:
root@DMZ-NVT-01:~# openvas-manage-certs -V
OK: Directory for keys (/var/lib/openvas/private/CA) exists.
OK: Directory for certificates (/var/lib/openvas/CA) exists.
OK: CA key found in /var/lib/openvas/private/CA/cakey.pem
OK: CA certificate found in /var/lib/openvas/CA/cacert.pem
OK: CA certificate verified.
OK: Certificate /var/lib/openvas/CA/clientcert.pem verified.
OK: Certificate /var/lib/openvas/CA/servercert.pem verified.
OK: Your OpenVAS certificate infrastructure passed validation.

Same for the master, the checks are fine:
root@Ubuntu-OpenVAS:/var/log/openvas# openvas-manage-certs -V
OK: Directory for keys (/var/lib/openvas/private/CA) exists.
OK: Directory for certificates (/var/lib/openvas/CA) exists.
OK: CA key found in /var/lib/openvas/private/CA/cakey.pem
OK: CA certificate found in /var/lib/openvas/CA/cacert.pem
OK: CA certificate verified.
OK: Certificate /var/lib/openvas/CA/servercert.pem verified.
OK: Certificate /var/lib/openvas/CA/clientcert.pem verified.
OK: Your OpenVAS certificate infrastructure passed validation.

Any advice on how to debug/tackle/solve this problem?

PS: I've noticed that in the GUI of the master, the following message is 
displayed, not sure if this is related?:

"Certificate currently in use will expire"

Regards,
Christiaan de Vries
Digital Planet

___
Openvas-discuss mailing list
Openvas-discuss@wald.intevation.org
https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss

Re: [Openvas-discuss] OpenVas9: cannot retrieve max DB number...

Re: [Openvas-discuss] Size of /var/lib/openvas/mgr

Re: [Openvas-discuss] OpenVAS9 master/slave setup...

Re: [Openvas-discuss] OpenVAS9 master/slave setup...

Re: [Openvas-discuss] OpenVAS9 master/slave setup...

5 matches

Site Navigation

Mail list logo

Footer information