date:20180223

[Openvas-discuss] Virtual Appliance, No Configuration -> Schedule menu item

2018-02-23 Thread Ian Harding


Hi!

I downloaded the virtual appliance version and have it up and working 
but I can't seem to find a couple menu items that are supposed to be 
available, or to get to a real command shell for troubleshooting the 
dreaded "SCAP and/or CERT database missing on OMP server" message.  SSH 
just leads to the curses configuration program.


Any hints on how to get moving again?

Thanks,

Ian

___
Openvas-discuss mailing list
Openvas-discuss@wald.intevation.org
https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss

Re: [Openvas-discuss] Scanner Master Slave setup

2018-02-23 Thread Thijs Stuurman

Somewhere in my old notes I see port 9393 was used by openvasad, perhaps part 
of OpenVAS 8? I don’t have it anymore.

Thijs Stuurman
Security Operations Center | KPN Internedservices B.V.
thijs.stuur...@internedservices.nl | 
thijs.stuur...@kpn.com
T: +31(0)299476185 | M: +31(0)624366778
PGP Key-ID: 0x16ADC048 (https://pgp.surfnet.nl/)
Fingerprint: 2EDB 9B42 D6E8 7D4B 6E02 8BE5 6D46 8007 16AD C048

W: https://www.internedservices.nl | L: 
https://nl.linkedin.com/in/thijsstuurman

Van: Openvas-discuss [mailto:openvas-discuss-boun...@wald.intevation.org] 
Namens Thijs Stuurman
Verzonden: vrijdag 23 februari 2018 16:58
Aan: Louis Bohm 
CC: openvas-discuss@wald.intevation.org
Onderwerp: Re: [Openvas-discuss] Scanner Master Slave setup

gvmd is the new name of openvasmd (OpenVAS 9 trunk.. not in the latest on the 
website).
I do use an entire stack on my slaves, just without gsad.

> The url says to add a listen=0.0.0.0 port=9393 for openvasmd on the slave.

It does not? https://blog.haardiek.org/setup-openvas-as-master-and-slave.html 
uses 9390 coupled to openvasmd (gvmd in my case, same thing).

I have checked my saved credentials for the slaves and “Allow insecure use” is 
set to No
On my slaves I have created one account:

gvmd --create-user=slave --role=Admin && gvmd --user=slave 
--new-password=
(or substitute gvmd with openvasmd)

That’s the account I added to my master to use though OMP Slave using port 9390.
My slaves start openvasmd (gmvd) as:

gvmd --rebuild
gvmd -p 9390 -a 0.0.0.0

I guess 9393 will work as well but I don’t know where you got that from.

Thijs Stuurman
Security Operations Center | KPN Internedservices B.V.
thijs.stuur...@internedservices.nl | 
thijs.stuur...@kpn.com
T: +31(0)299476185 | M: +31(0)624366778
PGP Key-ID: 0x16ADC048 (https://pgp.surfnet.nl/)
Fingerprint: 2EDB 9B42 D6E8 7D4B 6E02 8BE5 6D46 8007 16AD C048

W: https://www.internedservices.nl | L: 
https://nl.linkedin.com/in/thijsstuurman

Van: Louis Bohm [mailto:lo...@systemgeek.net]
Verzonden: vrijdag 23 februari 2018 16:42
Aan: Thijs Stuurman 
>
CC: 
openvas-discuss@wald.intevation.org
Onderwerp: Re: [Openvas-discuss] Scanner Master Slave setup

The url says to add a listen=0.0.0.0 port=9393 for openvasmd on the slave.  The 
master will then use just the scanner on the slave not the entire OpenVAS stack 
of the slave (even though you need to install all of it).

The Allow Insecure option is on the username/password credential created and 
assigned to the scanner config on the master.  They slave is only setup with 
the admin account.  No other users and/or roles need to be setup there.

Louis
:
Louis Bohm - Sr. Systems Engineer
Dell TechDirect Certified


___
Openvas-discuss mailing list
Openvas-discuss@wald.intevation.org
https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss

Re: [Openvas-discuss] Scanner Master Slave setup

2018-02-23 Thread Thijs Stuurman

gvmd is the new name of openvasmd (OpenVAS 9 trunk.. not in the latest on the 
website).
I do use an entire stack on my slaves, just without gsad.

> The url says to add a listen=0.0.0.0 port=9393 for openvasmd on the slave.

It does not? https://blog.haardiek.org/setup-openvas-as-master-and-slave.html 
uses 9390 coupled to openvasmd (gvmd in my case, same thing).

I have checked my saved credentials for the slaves and “Allow insecure use” is 
set to No
On my slaves I have created one account:

gvmd --create-user=slave --role=Admin && gvmd --user=slave 
--new-password=
(or substitute gvmd with openvasmd)

That’s the account I added to my master to use though OMP Slave using port 9390.
My slaves start openvasmd (gmvd) as:

gvmd --rebuild
gvmd -p 9390 -a 0.0.0.0

I guess 9393 will work as well but I don’t know where you got that from.

Thijs Stuurman
Security Operations Center | KPN Internedservices B.V.
thijs.stuur...@internedservices.nl | 
thijs.stuur...@kpn.com
T: +31(0)299476185 | M: +31(0)624366778
PGP Key-ID: 0x16ADC048 (https://pgp.surfnet.nl/)
Fingerprint: 2EDB 9B42 D6E8 7D4B 6E02 8BE5 6D46 8007 16AD C048

W: https://www.internedservices.nl | L: 
https://nl.linkedin.com/in/thijsstuurman

Van: Louis Bohm [mailto:lo...@systemgeek.net]
Verzonden: vrijdag 23 februari 2018 16:42
Aan: Thijs Stuurman 
CC: openvas-discuss@wald.intevation.org
Onderwerp: Re: [Openvas-discuss] Scanner Master Slave setup

The url says to add a listen=0.0.0.0 port=9393 for openvasmd on the slave.  The 
master will then use just the scanner on the slave not the entire OpenVAS stack 
of the slave (even though you need to install all of it).

The Allow Insecure option is on the username/password credential created and 
assigned to the scanner config on the master.  They slave is only setup with 
the admin account.  No other users and/or roles need to be setup there.

Louis
:
Louis Bohm - Sr. Systems Engineer
Dell TechDirect Certified


___
Openvas-discuss mailing list
Openvas-discuss@wald.intevation.org
https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss

Re: [Openvas-discuss] Timeout when scanning all UDP ports

2018-02-23 Thread Christian Fischer

Hi,

On 16.02.2018 13:59, Yves Gattegno wrote:
> I'd like to set the parameters so that I can scan all UDP ports but I
> can't figure our which parameters to tune and what values to set.

you probably need to raise the "scanner_plugins_timeout" [1] of your
scan configuration which is a timeout (in seconds) a Port Scanner NVT is
allowed to run.

> I guess than in the port scanner settings, I must change some nmap
> settings, such as host time out and set it to a reasonable value, maybe
> 3 or 5 seconds
> 
> What other parameter should I change to allow an efficicent scanning of
> all UDP ports, knowing that I don't care if such a scan takes more than
> 24 hours?

The NVT "Nmap (NASL wrapper)" OID: 1.3.6.1.4.1.25623.1.0.14259 from the
"Port scanners" family has various tuning options for nmap. You might
need to consult the nmap manual for more information on those options
and how to configure those to achieve what you're looking for.

> Thanks in advance
> 
> - Yves Gattegno

Regards,

[1]
http://docs.greenbone.net/GSM-Manual/gos-4/en/vulnerabilitymanagement.html?highlight=scanner_plugins_timeout#general-preferences

-- 

Christian Fischer | PGP Key: 0x54F3CE5B76C597AD
Greenbone Networks GmbH | http://greenbone.net
Neumarkt 12, 49074 Osnabrück, Germany | AG Osnabrück, HR B 202460
Geschäftsführer: Lukas Grunwald, Dr. Jan-Oliver Wagner
___
Openvas-discuss mailing list
Openvas-discuss@wald.intevation.org
https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss

Re: [Openvas-discuss] Scanner Master Slave setup

2018-02-23 Thread Louis Bohm

I got it working but not sure why.  So if I use a username/password and set the 
credential to allow insecure=yes the client comes back with a 200 response but 
does nothing.  If I change the credential to allow insecure=no the client comes 
back with:
md   main:  DEBUG:2018-02-23 15h01.16 UTC:25782: -> client: 

but then the scan starts…

Very odd.

I will have to try the same thing but with the servercert.pem and see if that 
works.

Louis
:
Louis Bohm - Sr. Systems Engineer
Dell TechDirect Certified

> On Feb 23, 2018, at 9:59 AM, Louis Bohm  wrote:
> 
> That yelled me this on the client but still the scan has not progressed from 
> Requested.
> 
> Client:
> lib  serv:  DEBUG:2018-02-23 14h37.52 utc:25578:Shook hands with peer.
> md   main:  DEBUG:2018-02-23 14h37.52 utc:25578:Serving OMP.
> md   main:  DEBUG:2018-02-23 14h37.52 utc:25578: <= client  Input may contain 
> password, suppressed.
> mdomp:  DEBUG:2018-02-23 14h37.52 utc:25578:XML  start: authenticate 
> (0)
> mdomp:  DEBUG:2018-02-23 14h37.52 utc:25578:client state set: 2
> mdomp:  DEBUG:2018-02-23 14h37.52 utc:25578:XML  start: credentials 
> (2)
> mdomp:  DEBUG:2018-02-23 14h37.52 utc:25578:client state set: 3
> mdomp:  DEBUG:2018-02-23 14h37.52 utc:25578:XML  start: username (3)
> mdomp:  DEBUG:2018-02-23 14h37.52 utc:25578:client state set: 5
> mdomp:  DEBUG:2018-02-23 14h37.52 utc:25578:XML   text: admin
> mdomp:  DEBUG:2018-02-23 14h37.52 utc:25578:XMLend: username
> mdomp:  DEBUG:2018-02-23 14h37.52 utc:25578:client state set: 3
> mdomp:  DEBUG:2018-02-23 14h37.52 utc:25578:XML  start: password (3)
> mdomp:  DEBUG:2018-02-23 14h37.52 utc:25578:client state set: 4
> mdomp:  DEBUG:2018-02-23 14h37.52 utc:25578:XML   text: 
> mdomp:  DEBUG:2018-02-23 14h37.52 utc:25578:XMLend: password
> mdomp:  DEBUG:2018-02-23 14h37.52 utc:25578:client state set: 3
> mdomp:  DEBUG:2018-02-23 14h37.52 utc:25578:XMLend: credentials
> mdomp:  DEBUG:2018-02-23 14h37.52 utc:25578:client state set: 2
> mdomp:  DEBUG:2018-02-23 14h37.52 utc:25578:XMLend: authenticate
> md   main:  DEBUG:2018-02-23 14h37.52 UTC:25578: -> client: 
>  status_text="OK">AdminUTCnist
> mdomp:  DEBUG:2018-02-23 14h37.52 UTC:25578:client state set: 1
> md   main:  DEBUG:2018-02-23 14h37.52 UTC:25578: => client  144 bytes
> md   main:  DEBUG:2018-02-23 14h37.52 UTC:25578: => client  done
> I know the username and password are correct.  And the slave even sent a 200 
> response to the master so why is it not working  So frustrating.
> 
> Louis
> :
> Louis Bohm - Sr. Systems Engineer
>   Dell TechDirect Certified
> 
>> On Feb 23, 2018, at 7:42 AM, Thijs Stuurman 
>> > > wrote:
>> 
>> Try the /var/lib/openvas/CA/cacert.pem from your slave.
>>  
>> Thijs Stuurman
>> Security Operations Center | KPN Internedservices B.V.
>> thijs.stuur...@internedservices.nl 
>>  | thijs.stuur...@kpn.com 
>> 
>> T: +31(0)299476185 | M: +31(0)624366778
>> PGP Key-ID: 0x16ADC048 (https://pgp.surfnet.nl/ )
>> Fingerprint: 2EDB 9B42 D6E8 7D4B 6E02 8BE5 6D46 8007 16AD C048
>>  
>> W: https://www.internedservices.nl  | L: 
>> https://nl.linkedin.com/in/thijsstuurman 
>> 
>>  
>> Van: Louis Bohm [mailto:lo...@systemgeek.net ] 
>> Verzonden: vrijdag 23 februari 2018 13:18
>> Aan: Thijs Stuurman > >
>> CC: openvas-discuss@wald.intevation.org 
>> 
>> Onderwerp: Re: [Openvas-discuss] Scanner Master Slave setup
>>  
>> According to the doc it says to use: 
>> ${CMAKE_INSTALL_PREFIX}"/var/lib/openvas/CA/servercert.pem.
>> On CentOS 7 that turns out to be: /var/lib/openvas/CA/servercert.pem 
>> according to openvas-manage-certs -V
>> [root@pci-sec02 ~]# openvas-manage-certs -V
>> OK: Directory for keys (/var/lib/openvas/private/CA) exists.
>> OK: Directory for certificates (/var/lib/openvas/CA) exists.
>> OK: CA key found in /var/lib/openvas/private/CA/cakey.pem
>> OK: CA certificate found in /var/lib/openvas/CA/cacert.pem
>> OK: CA certificate verified.
>> OK: Certificate /var/lib/openvas/CA/servercert.pem verified.
>> OK: Certificate /var/lib/openvas/CA/clientcert.pem verified.
>>  
>> Is it not the servercert.pem from the slave openvas host that I am supposed 
>> to use?
>>  
>> Louis
>> :
>> Louis Bohm - Sr. Systems Engineer
>> Dell TechDirect Certified 
>>  
>> On Feb 23, 2018, at 5:09 AM, Thijs Stuurman 
>> >

Re: [Openvas-discuss] Scanner Master Slave setup

2018-02-23 Thread Thijs Stuurman

I never had an issue with it. Sometimes the initial Requested state takes a 
minute orso.
Often it seems to take a couple before an actual nmap starts and the jobs goes 
to 1% and later beyond.

I cannot help you any further at this point; perhaps I can check something for 
you on my setup? Let me know.
I have 1 master and 4 slaves running…

Thijs Stuurman
Security Operations Center | KPN Internedservices B.V.
thijs.stuur...@internedservices.nl | 
thijs.stuur...@kpn.com
T: +31(0)299476185 | M: +31(0)624366778
PGP Key-ID: 0x16ADC048 (https://pgp.surfnet.nl/)
Fingerprint: 2EDB 9B42 D6E8 7D4B 6E02 8BE5 6D46 8007 16AD C048

W: https://www.internedservices.nl | L: 
https://nl.linkedin.com/in/thijsstuurman

Van: Louis Bohm [mailto:lo...@systemgeek.net]
Verzonden: vrijdag 23 februari 2018 16:00
Aan: Thijs Stuurman 
CC: openvas-discuss@wald.intevation.org
Onderwerp: Re: [Openvas-discuss] Scanner Master Slave setup

That yelled me this on the client but still the scan has not progressed from 
Requested.

Client:
lib  serv:  DEBUG:2018-02-23 14h37.52 utc:25578:Shook hands with peer.
md   main:  DEBUG:2018-02-23 14h37.52 utc:25578:Serving OMP.
md   main:  DEBUG:2018-02-23 14h37.52 utc:25578: <= client  Input may contain 
password, suppressed.
mdomp:  DEBUG:2018-02-23 14h37.52 utc:25578:XML  start: authenticate (0)
mdomp:  DEBUG:2018-02-23 14h37.52 utc:25578:client state set: 2
mdomp:  DEBUG:2018-02-23 14h37.52 utc:25578:XML  start: credentials (2)
mdomp:  DEBUG:2018-02-23 14h37.52 utc:25578:client state set: 3
mdomp:  DEBUG:2018-02-23 14h37.52 utc:25578:XML  start: username (3)
mdomp:  DEBUG:2018-02-23 14h37.52 utc:25578:client state set: 5
mdomp:  DEBUG:2018-02-23 14h37.52 utc:25578:XML   text: admin
mdomp:  DEBUG:2018-02-23 14h37.52 utc:25578:XMLend: username
mdomp:  DEBUG:2018-02-23 14h37.52 utc:25578:client state set: 3
mdomp:  DEBUG:2018-02-23 14h37.52 utc:25578:XML  start: password (3)
mdomp:  DEBUG:2018-02-23 14h37.52 utc:25578:client state set: 4
mdomp:  DEBUG:2018-02-23 14h37.52 utc:25578:XML   text: 
mdomp:  DEBUG:2018-02-23 14h37.52 utc:25578:XMLend: password
mdomp:  DEBUG:2018-02-23 14h37.52 utc:25578:client state set: 3
mdomp:  DEBUG:2018-02-23 14h37.52 utc:25578:XMLend: credentials
mdomp:  DEBUG:2018-02-23 14h37.52 utc:25578:client state set: 2
mdomp:  DEBUG:2018-02-23 14h37.52 utc:25578:XMLend: authenticate
md   main:  DEBUG:2018-02-23 14h37.52 UTC:25578: -> client: 
AdminUTCnist
mdomp:  DEBUG:2018-02-23 14h37.52 UTC:25578:client state set: 1
md   main:  DEBUG:2018-02-23 14h37.52 UTC:25578: => client  144 bytes
md   main:  DEBUG:2018-02-23 14h37.52 UTC:25578: => client  done
I know the username and password are correct.  And the slave even sent a 200 
response to the master so why is it not working  So frustrating.

Louis
:
Louis Bohm - Sr. Systems Engineer
Dell TechDirect Certified

On Feb 23, 2018, at 7:42 AM, Thijs Stuurman 
> 
wrote:

Try the /var/lib/openvas/CA/cacert.pem from your slave.

Thijs Stuurman
Security Operations Center | KPN Internedservices B.V.
thijs.stuur...@internedservices.nl | 
thijs.stuur...@kpn.com
T: +31(0)299476185 | M: +31(0)624366778
PGP Key-ID: 0x16ADC048 (https://pgp.surfnet.nl/)
Fingerprint: 2EDB 9B42 D6E8 7D4B 6E02 8BE5 6D46 8007 16AD C048

W: https://www.internedservices.nl | L: 
https://nl.linkedin.com/in/thijsstuurman

Van: Louis Bohm [mailto:lo...@systemgeek.net]
Verzonden: vrijdag 23 februari 2018 13:18
Aan: Thijs Stuurman 
>
CC: 
openvas-discuss@wald.intevation.org
Onderwerp: Re: [Openvas-discuss] Scanner Master Slave setup

According to the doc it says to use: 
${CMAKE_INSTALL_PREFIX}"/var/lib/openvas/CA/servercert.pem.
On CentOS 7 that turns out to be: /var/lib/openvas/CA/servercert.pem according 
to openvas-manage-certs -V
[root@pci-sec02 ~]# openvas-manage-certs -V
OK: Directory for keys (/var/lib/openvas/private/CA) exists.
OK: Directory for certificates (/var/lib/openvas/CA) exists.
OK: CA key found in /var/lib/openvas/private/CA/cakey.pem
OK: CA certificate found in /var/lib/openvas/CA/cacert.pem
OK: CA certificate verified.
OK: Certificate /var/lib/openvas/CA/servercert.pem verified.
OK: Certificate /var/lib/openvas/CA/clientcert.pem verified.

Is it not the servercert.pem from the slave openvas host that I am supposed to 
use?

Louis
:
Louis Bohm - Sr. Systems Engineer
Dell TechDirect Certified

On Feb

Re: [Openvas-discuss] Scanner Master Slave setup

2018-02-23 Thread Louis Bohm

That yelled me this on the client but still the scan has not progressed from 
Requested.

Client:
lib  serv:  DEBUG:2018-02-23 14h37.52 utc:25578:Shook hands with peer.
md   main:  DEBUG:2018-02-23 14h37.52 utc:25578:Serving OMP.
md   main:  DEBUG:2018-02-23 14h37.52 utc:25578: <= client  Input may contain 
password, suppressed.
mdomp:  DEBUG:2018-02-23 14h37.52 utc:25578:XML  start: authenticate (0)
mdomp:  DEBUG:2018-02-23 14h37.52 utc:25578:client state set: 2
mdomp:  DEBUG:2018-02-23 14h37.52 utc:25578:XML  start: credentials (2)
mdomp:  DEBUG:2018-02-23 14h37.52 utc:25578:client state set: 3
mdomp:  DEBUG:2018-02-23 14h37.52 utc:25578:XML  start: username (3)
mdomp:  DEBUG:2018-02-23 14h37.52 utc:25578:client state set: 5
mdomp:  DEBUG:2018-02-23 14h37.52 utc:25578:XML   text: admin
mdomp:  DEBUG:2018-02-23 14h37.52 utc:25578:XMLend: username
mdomp:  DEBUG:2018-02-23 14h37.52 utc:25578:client state set: 3
mdomp:  DEBUG:2018-02-23 14h37.52 utc:25578:XML  start: password (3)
mdomp:  DEBUG:2018-02-23 14h37.52 utc:25578:client state set: 4
mdomp:  DEBUG:2018-02-23 14h37.52 utc:25578:XML   text: 
mdomp:  DEBUG:2018-02-23 14h37.52 utc:25578:XMLend: password
mdomp:  DEBUG:2018-02-23 14h37.52 utc:25578:client state set: 3
mdomp:  DEBUG:2018-02-23 14h37.52 utc:25578:XMLend: credentials
mdomp:  DEBUG:2018-02-23 14h37.52 utc:25578:client state set: 2
mdomp:  DEBUG:2018-02-23 14h37.52 utc:25578:XMLend: authenticate
md   main:  DEBUG:2018-02-23 14h37.52 UTC:25578: -> client: 
AdminUTCnist
mdomp:  DEBUG:2018-02-23 14h37.52 UTC:25578:client state set: 1
md   main:  DEBUG:2018-02-23 14h37.52 UTC:25578: => client  144 bytes
md   main:  DEBUG:2018-02-23 14h37.52 UTC:25578: => client  done
I know the username and password are correct.  And the slave even sent a 200 
response to the master so why is it not working  So frustrating.

Louis
:
Louis Bohm - Sr. Systems Engineer
Dell TechDirect Certified

> On Feb 23, 2018, at 7:42 AM, Thijs Stuurman 
>  wrote:
> 
> Try the /var/lib/openvas/CA/cacert.pem from your slave.
>  
> Thijs Stuurman
> Security Operations Center | KPN Internedservices B.V.
> thijs.stuur...@internedservices.nl 
>  | thijs.stuur...@kpn.com 
> 
> T: +31(0)299476185 | M: +31(0)624366778
> PGP Key-ID: 0x16ADC048 (https://pgp.surfnet.nl/ )
> Fingerprint: 2EDB 9B42 D6E8 7D4B 6E02 8BE5 6D46 8007 16AD C048
>  
> W: https://www.internedservices.nl  | L: 
> https://nl.linkedin.com/in/thijsstuurman 
> 
>  
> Van: Louis Bohm [mailto:lo...@systemgeek.net] 
> Verzonden: vrijdag 23 februari 2018 13:18
> Aan: Thijs Stuurman 
> CC: openvas-discuss@wald.intevation.org
> Onderwerp: Re: [Openvas-discuss] Scanner Master Slave setup
>  
> According to the doc it says to use: 
> ${CMAKE_INSTALL_PREFIX}"/var/lib/openvas/CA/servercert.pem.
> On CentOS 7 that turns out to be: /var/lib/openvas/CA/servercert.pem 
> according to openvas-manage-certs -V
> [root@pci-sec02 ~]# openvas-manage-certs -V
> OK: Directory for keys (/var/lib/openvas/private/CA) exists.
> OK: Directory for certificates (/var/lib/openvas/CA) exists.
> OK: CA key found in /var/lib/openvas/private/CA/cakey.pem
> OK: CA certificate found in /var/lib/openvas/CA/cacert.pem
> OK: CA certificate verified.
> OK: Certificate /var/lib/openvas/CA/servercert.pem verified.
> OK: Certificate /var/lib/openvas/CA/clientcert.pem verified.
>  
> Is it not the servercert.pem from the slave openvas host that I am supposed 
> to use?
>  
> Louis
> :
> Louis Bohm - Sr. Systems Engineer
> Dell TechDirect Certified 
>  
> On Feb 23, 2018, at 5:09 AM, Thijs Stuurman 
>  > wrote:
>  
> My best guess is that you didn’t load in the right CA certificate from your 
> slave at step:
>  
> CA Certificate: The certificate you gathered from the slave
>  
> Thijs Stuurman
> Security Operations Center | KPN Internedservices B.V.
> thijs.stuur...@internedservices.nl 
>  | thijs.stuur...@kpn.com 
> 
> T: +31(0)299476185 | M: +31(0)624366778
> PGP Key-ID: 0x16ADC048 (https://pgp.surfnet.nl/ )
> Fingerprint: 2EDB 9B42 D6E8 7D4B 6E02 8BE5 6D46 8007 16AD C048
>  
> W: https://www.internedservices.nl  | L: 
> https://nl.linkedin.com/in/thijsstuurman 
> 
>  
> Van: Openvas-discuss [mailto:openvas-discuss-boun...@wald.intevation.org 
> ] Namens Louis Bohm

Re: [Openvas-discuss] Scanner Master Slave setup

2018-02-23 Thread Thijs Stuurman

Try the /var/lib/openvas/CA/cacert.pem from your slave.

Thijs Stuurman
Security Operations Center | KPN Internedservices B.V.
thijs.stuur...@internedservices.nl | 
thijs.stuur...@kpn.com
T: +31(0)299476185 | M: +31(0)624366778
PGP Key-ID: 0x16ADC048 (https://pgp.surfnet.nl/)
Fingerprint: 2EDB 9B42 D6E8 7D4B 6E02 8BE5 6D46 8007 16AD C048

W: https://www.internedservices.nl | L: 
https://nl.linkedin.com/in/thijsstuurman

Van: Louis Bohm [mailto:lo...@systemgeek.net]
Verzonden: vrijdag 23 februari 2018 13:18
Aan: Thijs Stuurman 
CC: openvas-discuss@wald.intevation.org
Onderwerp: Re: [Openvas-discuss] Scanner Master Slave setup

According to the doc it says to use: 
${CMAKE_INSTALL_PREFIX}"/var/lib/openvas/CA/servercert.pem.
On CentOS 7 that turns out to be: /var/lib/openvas/CA/servercert.pem according 
to openvas-manage-certs -V
[root@pci-sec02 ~]# openvas-manage-certs -V
OK: Directory for keys (/var/lib/openvas/private/CA) exists.
OK: Directory for certificates (/var/lib/openvas/CA) exists.
OK: CA key found in /var/lib/openvas/private/CA/cakey.pem
OK: CA certificate found in /var/lib/openvas/CA/cacert.pem
OK: CA certificate verified.
OK: Certificate /var/lib/openvas/CA/servercert.pem verified.
OK: Certificate /var/lib/openvas/CA/clientcert.pem verified.

Is it not the servercert.pem from the slave openvas host that I am supposed to 
use?

Louis
:
Louis Bohm - Sr. Systems Engineer
Dell TechDirect Certified

On Feb 23, 2018, at 5:09 AM, Thijs Stuurman 
> 
wrote:

My best guess is that you didn’t load in the right CA certificate from your 
slave at step:

CA Certificate: The certificate you gathered from the slave

Thijs Stuurman
Security Operations Center | KPN Internedservices B.V.
thijs.stuur...@internedservices.nl | 
thijs.stuur...@kpn.com
T: +31(0)299476185 | M: +31(0)624366778
PGP Key-ID: 0x16ADC048 (https://pgp.surfnet.nl/)
Fingerprint: 2EDB 9B42 D6E8 7D4B 6E02 8BE5 6D46 8007 16AD C048

W: https://www.internedservices.nl | L: 
https://nl.linkedin.com/in/thijsstuurman

Van: Openvas-discuss [mailto:openvas-discuss-boun...@wald.intevation.org] 
Namens Louis Bohm
Verzonden: donderdag 22 februari 2018 19:11
Aan: 
openvas-discuss@wald.intevation.org
Onderwerp: [Openvas-discuss] Scanner Master Slave setup

I followed the following doc 
https://blog.haardiek.org/setup-openvas-as-master-and-slave.html to set up the 
master slave environment with the exception that I am doing this on CentOS 7 
with OpenVAS9.

On the master I am getting this:
lib  serv:  DEBUG:2018-02-22 17h59.10 UTC:22888:Connected to server 
‘op4us1opsscan01.domain.net' port 9393.
lib  serv:  DEBUG:2018-02-22 17h59.10 UTC:22888:Shook hands with server 
'op4us1opsscan01.domain.net' port 9393.
lib  serv:WARNING:2018-02-22 17h59.10 UTC:22888: openvas_server_verify: the 
certificate is not trusted
lib  serv:WARNING:2018-02-22 17h59.10 UTC:22888: openvas_server_verify: the 
certificate hasn't got a known issuer

On the client I am getting this:
lib  serv:  DEBUG:2018-02-22 18h05.53 utc:20431:Shook hands with peer.
md   main:  DEBUG:2018-02-22 18h05.53 utc:20431:Serving OMP.

But in the GUI all I see is Status: Requested and it never changes.

Any idea why this is not working?

Louis
:
Louis Bohm - Sr. Systems Engineer
Dell TechDirect Certified

___
Openvas-discuss mailing list
Openvas-discuss@wald.intevation.org
https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss

Re: [Openvas-discuss] Scanner Master Slave setup

2018-02-23 Thread Louis Bohm

According to the doc it says to use: 
${CMAKE_INSTALL_PREFIX}"/var/lib/openvas/CA/servercert.pem.
On CentOS 7 that turns out to be: /var/lib/openvas/CA/servercert.pem according 
to openvas-manage-certs -V
[root@pci-sec02 ~]# openvas-manage-certs -V
OK: Directory for keys (/var/lib/openvas/private/CA) exists.
OK: Directory for certificates (/var/lib/openvas/CA) exists.
OK: CA key found in /var/lib/openvas/private/CA/cakey.pem
OK: CA certificate found in /var/lib/openvas/CA/cacert.pem
OK: CA certificate verified.
OK: Certificate /var/lib/openvas/CA/servercert.pem verified.
OK: Certificate /var/lib/openvas/CA/clientcert.pem verified.

Is it not the servercert.pem from the slave openvas host that I am supposed to 
use?

Louis
:
Louis Bohm - Sr. Systems Engineer
Dell TechDirect Certified

> On Feb 23, 2018, at 5:09 AM, Thijs Stuurman 
>  wrote:
> 
> My best guess is that you didn’t load in the right CA certificate from your 
> slave at step:
>  
> CA Certificate: The certificate you gathered from the slave
>  
> Thijs Stuurman
> Security Operations Center | KPN Internedservices B.V.
> thijs.stuur...@internedservices.nl 
>  | thijs.stuur...@kpn.com 
> 
> T: +31(0)299476185 | M: +31(0)624366778
> PGP Key-ID: 0x16ADC048 (https://pgp.surfnet.nl/ )
> Fingerprint: 2EDB 9B42 D6E8 7D4B 6E02 8BE5 6D46 8007 16AD C048
>  
> W: https://www.internedservices.nl  | L: 
> https://nl.linkedin.com/in/thijsstuurman 
> 
>  
> Van: Openvas-discuss [mailto:openvas-discuss-boun...@wald.intevation.org] 
> Namens Louis Bohm
> Verzonden: donderdag 22 februari 2018 19:11
> Aan: openvas-discuss@wald.intevation.org
> Onderwerp: [Openvas-discuss] Scanner Master Slave setup
>  
> I followed the following doc 
> https://blog.haardiek.org/setup-openvas-as-master-and-slave.html 
>  to set up 
> the master slave environment with the exception that I am doing this on 
> CentOS 7 with OpenVAS9.
>  
> On the master I am getting this:
> lib  serv:  DEBUG:2018-02-22 17h59.10 UTC:22888:Connected to server 
> ‘op4us1opsscan01.domain.net ' port 9393.
> lib  serv:  DEBUG:2018-02-22 17h59.10 UTC:22888:Shook hands with server 
> 'op4us1opsscan01.domain.net ' port 9393.
> lib  serv:WARNING:2018-02-22 17h59.10 UTC:22888: openvas_server_verify: the 
> certificate is not trusted
> lib  serv:WARNING:2018-02-22 17h59.10 UTC:22888: openvas_server_verify: the 
> certificate hasn't got a known issuer
>  
> On the client I am getting this:
> lib  serv:  DEBUG:2018-02-22 18h05.53 utc:20431:Shook hands with peer.
> md   main:  DEBUG:2018-02-22 18h05.53 utc:20431:Serving OMP.
>  
> But in the GUI all I see is Status: Requested and it never changes.
>  
> Any idea why this is not working?
>  
> Louis
> :
> Louis Bohm - Sr. Systems Engineer
> Dell TechDirect Certified 

___
Openvas-discuss mailing list
Openvas-discuss@wald.intevation.org
https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss

Re: [Openvas-discuss] Scanner Master Slave setup

2018-02-23 Thread Thijs Stuurman

My best guess is that you didn’t load in the right CA certificate from your 
slave at step:

CA Certificate: The certificate you gathered from the slave

Thijs Stuurman
Security Operations Center | KPN Internedservices B.V.
thijs.stuur...@internedservices.nl | 
thijs.stuur...@kpn.com
T: +31(0)299476185 | M: +31(0)624366778
PGP Key-ID: 0x16ADC048 (https://pgp.surfnet.nl/)
Fingerprint: 2EDB 9B42 D6E8 7D4B 6E02 8BE5 6D46 8007 16AD C048

W: https://www.internedservices.nl | L: 
https://nl.linkedin.com/in/thijsstuurman

Van: Openvas-discuss [mailto:openvas-discuss-boun...@wald.intevation.org] 
Namens Louis Bohm
Verzonden: donderdag 22 februari 2018 19:11
Aan: openvas-discuss@wald.intevation.org
Onderwerp: [Openvas-discuss] Scanner Master Slave setup

I followed the following doc 
https://blog.haardiek.org/setup-openvas-as-master-and-slave.html to set up the 
master slave environment with the exception that I am doing this on CentOS 7 
with OpenVAS9.

On the master I am getting this:
lib  serv:  DEBUG:2018-02-22 17h59.10 UTC:22888:Connected to server 
‘op4us1opsscan01.domain.net' port 9393.
lib  serv:  DEBUG:2018-02-22 17h59.10 UTC:22888:Shook hands with server 
'op4us1opsscan01.domain.net' port 9393.
lib  serv:WARNING:2018-02-22 17h59.10 UTC:22888: openvas_server_verify: the 
certificate is not trusted
lib  serv:WARNING:2018-02-22 17h59.10 UTC:22888: openvas_server_verify: the 
certificate hasn't got a known issuer

On the client I am getting this:
lib  serv:  DEBUG:2018-02-22 18h05.53 utc:20431:Shook hands with peer.
md   main:  DEBUG:2018-02-22 18h05.53 utc:20431:Serving OMP.

But in the GUI all I see is Status: Requested and it never changes.

Any idea why this is not working?

Louis
:
Louis Bohm - Sr. Systems Engineer
Dell TechDirect Certified

___
Openvas-discuss mailing list
Openvas-discuss@wald.intevation.org
https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss

[Openvas-discuss] Virtual Appliance, No Configuration -> Schedule menu item

Re: [Openvas-discuss] Scanner Master Slave setup

Re: [Openvas-discuss] Scanner Master Slave setup

Re: [Openvas-discuss] Timeout when scanning all UDP ports

Re: [Openvas-discuss] Scanner Master Slave setup

Re: [Openvas-discuss] Scanner Master Slave setup

Re: [Openvas-discuss] Scanner Master Slave setup

Re: [Openvas-discuss] Scanner Master Slave setup

Re: [Openvas-discuss] Scanner Master Slave setup

Re: [Openvas-discuss] Scanner Master Slave setup

10 matches

Site Navigation

Mail list logo

Footer information