Re: [Openvas-discuss] Detecting sensitive data with OpenVAS

2016-04-13 Thread James Lay 

On 2016-04-13 11:47, Eero Volotinen wrote:

Hi,

There is no a such plugin in openvas. Our company does openvas
consultancy and if you are willing to pay, then we can develop plugin
for this need.

Eero

2016-04-13 18:58 GMT+03:00 James Lay <j...@slave-tothe-box.net>:


Hi All,

Did a search online and looked at the list archive, but I couldn't
find anything regarding sensitive data.  Things like:

Social security numbers
Debt/Credit card numbers

Any pointers in this area would be awesome...thank you.

James



Thank you for the clarification.

James
___
Openvas-discuss mailing list
Openvas-discuss@wald.intevation.org
https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss

[Openvas-discuss] Ramifications of OSVDB closure

2016-04-06 Thread James Lay 

:(

https://blog.osvdb.org/2016/04/05/osvdb-fin/

What impact will this have on OpenVAS?

James
___
Openvas-discuss mailing list
Openvas-discuss@wald.intevation.org
https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss

Re: [Openvas-discuss] Unable to perform any actions in Firefox

2016-02-01 Thread James Lay 
On Fri, 2016-01-29 at 14:48 +0100, Jan-Oliver Wagner wrote:

> Am Mittwoch, 13. Januar 2016, 11:58:59 schrieb James Lay:
> > This morning I'm attempting to do some scans, but every time I try and
> > do anything like add a target or create a scan I am dump out to the GSA
> > login page and I see:
> > 
> > Cookie missing or bad. Please login again.
> > 
> > I've cleared out cookies, but this continues.  I only see this in
> > Firefox, but not IE (ironic)..anyone else seeing this?  This was
> > installed from this ppa:
> > 
> > https://launchpad.net/~mrazavi/+archive/ubuntu/openvas
> > 
> > on Ubuntu 14.04, 64 bit.  Thank you.
> 
> I do not see this.
> I am using various Firefox derivates and Chrome/Chromium.
> 
> 


Thanks...must be a plugin or something on my windows firefox.

James
___
Openvas-discuss mailing list
Openvas-discuss@wald.intevation.org
https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss

Re: [Openvas-discuss] Hi, Guys, Mayday! when using openvasmd --rebuild on archlinux, I got a TLS connection Error.

2016-01-27 Thread James Lay 
 

On 2016-01-27 07:32, Chi Zhang wrote: 

> Well, when I execute "openvasmd --rebuild --progress", the error messages (in 
> /var/log/openvas/openvasmd.log) are: 
> 
> lib  serv:WARNING:2016-01-27 22h00.53 utc:17959: Failed to shake hands with 
> peer: The TLS connection was non-properly terminated. 
> lib  serv:WARNING:2016-01-27 22h00.53 utc:17959: Failed to shutdown server 
> socket 
> 
> The environment is Archlinux latest version, the gnutls on my machine is 
> 3.4.8-1 
> I follow the Archlinux wiki instructions about how to use 
> openvas,(https://wiki.archlinux.org/index.php/OpenVAS). 
> 
> However, when I try executing openvasmd  --rebuild --progress, I got a 
> error"Rebuilding NVT cache... failed." 
> 
> Does someone know what the problem is ? or disable tls/ssl for openvas? : ) 
> 
> Z :) 
> 
> ___
> Openvas-discuss mailing list
> Openvas-discuss@wald.intevation.org
> https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss

See this thread: 

http://thread.gmane.org/gmane.comp.security.openvas.users/9068/ 

James 
  ___
Openvas-discuss mailing list
Openvas-discuss@wald.intevation.org
https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss

[Openvas-discuss] Unable to perform any actions in Firefox

2016-01-13 Thread James Lay 
This morning I'm attempting to do some scans, but every time I try and 
do anything like add a target or create a scan I am dump out to the GSA 
login page and I see:


Cookie missing or bad. Please login again.

I've cleared out cookies, but this continues.  I only see this in 
Firefox, but not IE (ironic)..anyone else seeing this?  This was 
installed from this ppa:


https://launchpad.net/~mrazavi/+archive/ubuntu/openvas

on Ubuntu 14.04, 64 bit.  Thank you.

James
___
Openvas-discuss mailing list
Openvas-discuss@wald.intevation.org
https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss

[Openvas-discuss] Offline Alive Test Comparison

2016-01-13 Thread James Lay 
 

Topic says it for those that may be interested.  All tests were run on a
home networking with a target that doesn't exist on the local subnet
(192.168.1.9).  Timings below: 

event task:MESSAGE:2016-01-13 14H46.43 MST:21609: Status of task
Offline-ARP (22de1311-9e25-4314-a5d5-834229ffeb17) has changed to
Running
event task:MESSAGE:2016-01-13 14H46.56 MST:21609: Status of task
Offline-ARP (22de1311-9e25-4314-a5d5-834229ffeb17) has changed to Done

event task:MESSAGE:2016-01-13 14H48.01 MST:21827: Status of task
Offline-ICMP-ARP (e0144e2a-722a-4c6e-88d8-8eb556743bf3) has changed to
Running
event task:MESSAGE:2016-01-13 14H48.14 MST:21827: Status of task
Offline-ICMP-ARP (e0144e2a-722a-4c6e-88d8-8eb556743bf3) has changed to
Done

event task:MESSAGE:2016-01-13 14H48.54 MST:22023: Status of task
Offline-ICMP-TCP-ACK (b9b0e827-8d70-4179-8b38-42ac700fd543) has changed
to Running
event task:MESSAGE:2016-01-13 14H49.13 MST:22023: Status of task
Offline-ICMP-TCP-ACK (b9b0e827-8d70-4179-8b38-42ac700fd543) has changed
to Done

event task:MESSAGE:2016-01-13 14H49.59 MST:22219: Status of task
Offline-ICMP-TCP-ACK-ARP (3d3fa215-4687-4cb6-b989-a9b578d482f8) has
changed to Running
event task:MESSAGE:2016-01-13 14H50.12 MST:22219: Status of task
Offline-ICMP-TCP-ACK-ARP (3d3fa215-4687-4cb6-b989-a9b578d482f8) has
changed to Done

event task:MESSAGE:2016-01-13 14H50.43 MST:22416: Status of task
Offline-PING (444bb0c3-1b9e-4d48-b71d-7917e3d95e8c) has changed to
Running
event task:MESSAGE:2016-01-13 15H00.26 MST:22416: Status of task
Offline-PING (444bb0c3-1b9e-4d48-b71d-7917e3d95e8c) has changed to Done

event task:MESSAGE:2016-01-13 15H00.51 MST:31667: Status of task
Offline-TCP-ACK (7d07c54e-32cc-4232-90df-8ebfaf0c4215) has changed to
Running
event task:MESSAGE:2016-01-13 15H01.09 MST:31667: Status of task
Offline-TCP-ACK (7d07c54e-32cc-4232-90df-8ebfaf0c4215) has changed to
Done

event task:MESSAGE:2016-01-13 15H02.17 MST:31868: Status of task
Offline-TCP-ACK-ARP (460ab816-79d2-4bd1-bfda-25156bf5b1bc) has changed
to Running
event task:MESSAGE:2016-01-13 15H02.31 MST:31868: Status of task
Offline-TCP-ACK-ARP (460ab816-79d2-4bd1-bfda-25156bf5b1bc) has changed
to Done

event task:MESSAGE:2016-01-13 15H02.56 MST:32062: Status of task
Offline-TCP-SYN (f00ee361-304e-49d2-8832-e679e6e97bd2) has changed to
Running
event task:MESSAGE:2016-01-13 15H03.19 MST:32062: Status of task
Offline-TCP-SYN (f00ee361-304e-49d2-8832-e679e6e97bd2) has changed to
Done 

Of interest; Offline-PING took the longest and actually generated a log
which included Traceroute, and a 3com switch2hub result.  Hope this
helps someone else evaluating OpenVAS.  Thank you. 

James ___
Openvas-discuss mailing list
Openvas-discuss@wald.intevation.org
https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss

Re: [Openvas-discuss] TLS upgrade breaks OMP

2016-01-13 Thread James Lay 

On 2016-01-13 02:52, Benoît Allard wrote:

On Tue, 12 Jan 2016 15:29:37 +0100
Guillaume Castagnino  wrote:


Hi,

I have the same issue since last gnutls CVE fix on ubuntu (14.04):
http://launchpadlibrarian.net/20701/gnutls26_2.12.23-12ubuntu2.3_2.12.23-12ubuntu2.4.diff.gz

The fix remove the fallback using extensions in certificate to
negotiate cipher. This expose a bug in openvas library.

find attached my fix for openvas8. The problem is that the "SECURE"
priority string does not exists (see
http://www.gnutls.org/manual/html_node/Priority-Strings.html). I
don’t know why gnutls_priority_set_direct does not issues an error,
but this is the cause of the bug.

Bye !


I can confirm that the "SECURE" cipher suite does not exists, and that
the documentation says that "NORMAL" means 'all the secure ciphers'.
Hence I committed your patch as r24104, and backported to OpenVAS 8 as
r24105.

Thanks you very much for your contribution ! Don't hesitate to post
such patches here or in -devel in the future.

Best Regards,
Ben.


___
Openvas-discuss mailing list
Openvas-discuss@wald.intevation.org
https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss


And for those of you on Ubuntu using this ppa 
(https://launchpad.net/~mrazavi/+archive/ubuntu/openvas) Mohammad has 
already included the patch that Guillaume created...I've tested with the 
latest Ubuntu GnuTLS patches and it's worked fine.  Reason #723 why I 
love open sourceFAST fixes.


James
___
Openvas-discuss mailing list
Openvas-discuss@wald.intevation.org
https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss

Re: [Openvas-discuss] TLS upgrade breaks OMP

2016-01-12 Thread James Lay 
On Tue, 2016-01-12 at 06:46 -0700, James Lay wrote:

> Topic says itafter doing an upgrade from libgnutls26:amd64 to
> libgnutls-openssl27:amd64 I now get:
> 
> Login failed. OMP service is down.
> 
> openvasmd.log shows:
> 
> lib  serv:WARNING:2016-01-12 13h36.10 utc:1749: Failed to shake hands
> with peer: A TLS packet with unexpected length was received.
> lib  serv:WARNING:2016-01-12 13h36.10 utc:1749: Failed to shutdown
> server socket
> md   main:CRITICAL:2016-01-12 13h36.10 utc:1749: serve_client: failed
> to attach client session to socket 9
> lib  serv:WARNING:2016-01-12 13h36.10 utc:1749:Failed to
> gnutls_bye: GnuTLS internal error.
> 
> Besides downgrading, is there something I can look at to fix this?
> Thank you.
> 
> James 
> 
> ___
> Openvas-discuss mailing list
> Openvas-discuss@wald.intevation.org
> https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss


More info..it's either one of these (from the apt-get log):

Upgrade: libgnutls-openssl27:amd64 (2.12.23-12ubuntu2.3,
2.12.23-12ubuntu2.4), libgnutls26:amd64 (2.12.23-12ubuntu2.3,
2.12.23-12ubuntu2.4)

Thank you.

James
___
Openvas-discuss mailing list
Openvas-discuss@wald.intevation.org
https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss

[Openvas-discuss] TLS upgrade breaks OMP

2016-01-12 Thread James Lay 
Topic says itafter doing an upgrade from libgnutls26:amd64 to
libgnutls-openssl27:amd64 I now get:

Login failed. OMP service is down.

openvasmd.log shows:

lib  serv:WARNING:2016-01-12 13h36.10 utc:1749: Failed to shake hands
with peer: A TLS packet with unexpected length was received.
lib  serv:WARNING:2016-01-12 13h36.10 utc:1749: Failed to shutdown
server socket
md   main:CRITICAL:2016-01-12 13h36.10 utc:1749: serve_client: failed to
attach client session to socket 9
lib  serv:WARNING:2016-01-12 13h36.10 utc:1749:Failed to gnutls_bye:
GnuTLS internal error.

Besides downgrading, is there something I can look at to fix this?
Thank you.

James
___
Openvas-discuss mailing list
Openvas-discuss@wald.intevation.org
https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss

[Openvas-discuss] Rebuilding NVT cache failed

2016-01-12 Thread James Lay 
Hello,

I recently attempted to update my install with:

sudo openvas-nvt-sync
sudo openvas-scapdata-sync
sudo openvas-certdata-sync

sudo service openvas-scanner restart
sudo service openvas-manager restart
sudo openvasmd --rebuild --progress

My rebuild progress failed:

Rebuilding NVT cache... failed.

The only log message that looks unusual is the below:

lib  serv:WARNING:2016-01-12 13h05.53 utc:20912: Failed to shake hands
with peer: The signature algorithm is not supported.

Is there a way to recreate the NVT cache?  Thank you.

James
___
Openvas-discuss mailing list
Openvas-discuss@wald.intevation.org
https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss

Re: [Openvas-discuss] TLS upgrade breaks OMP

2016-01-12 Thread James Lay 

On 2016-01-12 07:29, Guillaume Castagnino wrote:

Hi,

I have the same issue since last gnutls CVE fix on ubuntu (14.04):
http://launchpadlibrarian.net/20701/gnutls26_2.12.23-12ubuntu2.3_2.12.23-12ubuntu2.4.diff.gz

The fix remove the fallback using extensions in certificate to 
negotiate

cipher. This expose a bug in openvas library.

find attached my fix for openvas8. The problem is that the "SECURE"
priority string does not exists (see
http://www.gnutls.org/manual/html_node/Priority-Strings.html). I don’t
know why gnutls_priority_set_direct does not issues an error, but this
is the cause of the bug.

Bye !

Le mardi 12 janvier 2016 07:18:49 James Lay a écrit :

On Tue, 2016-01-12 at 15:01 +0100, Paula Gonzalez Muñoz wrote:
> What distribution is openvas installed at? How did you install it?
> How did you upgrade?
>
> Sent from my mobile device.
>
>
> El 12 ene. 2016 2:59 p. m., "Reindl Harald" <h.rei...@thelounge.net>
>
> escribió:
> Am 12.01.2016 um 14:46 schrieb James Lay:
> Topic says itafter doing an upgrade from
> libgnutls26:amd64 to
> libgnutls-openssl27:amd64 I now get:
>
> Login failed. OMP service is down.
>
> openvasmd.log shows:
>
> lib  serv:WARNING:2016-01-12 13h36.10 utc:1749:
> Failed
> to shake hands
> with peer: A TLS packet with unexpected length was
> received.
> lib  serv:WARNING:2016-01-12 13h36.10 utc:1749:
> Failed
> to shutdown
> server socket
> md   main:CRITICAL:2016-01-12 13h36.10 utc:1749:
> serve_client: failed to
> attach client session to socket 9
> lib  serv:WARNING:2016-01-12 13h36.10 utc:1749:
> Failed to gnutls_bye:
> GnuTLS internal error.
>
> Besides downgrading, is there something I can look
> at
> to fix this?
> Thank you
>
> http://www.catb.org/esr/faqs/smart-questions.html#beprecise
>
>
> ___
> Openvas-discuss mailing list
> Openvas-discuss@wald.intevation.org
> https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/o
> penvas-discuss>
> ___
> Openvas-discuss mailing list
> Openvas-discuss@wald.intevation.org
> https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-d
> iscuss
From here:

https://launchpad.net/~mrazavi/+archive/ubuntu/openvas

Ubuntu 14.04looks like I'm not the only one as I see others are
having the initial NVT cache rebuild issue.  Thank you.

James


Those of you who absolutely need this to work (like me) you can attempt 
the below...I would make sure you backup your systems before hand...so 
far this has been successful in downgrading:


sudo apt-get update
sudo service openvas-gsa stop
sudo service openvas-manager stop
sudo service openvas-scanner stop
cd /var/cache/apt/archives/
sudo dpkg -i --force-downgrade libgnu*2.3*
sudo echo "libgnutls26 hold" | sudo dpkg --set-selections
sudo echo "libgnutls-openssl27 hold" | sudo dpkg --set-selections

Once the issues get resolved you can use the below to release and allow 
libgnutls26 and libgnutls-openssl27 to upgrade:

sudo echo "libgnutls26 install" | sudo dpkg --set-selections
sudo echo "libgnutls-openssl27 install" | sudo dpkg --set-selections

So far so good...I've also sent the patch (thanks Guillaume!) to 
Mohammad Razavi in the hopes he can update the ppa.  Good luck...an 
unpleasant surprise.


James
___
Openvas-discuss mailing list
Openvas-discuss@wald.intevation.org
https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss

Re: [Openvas-discuss] TLS upgrade breaks OMP

2016-01-12 Thread James Lay 

On 2016-01-12 07:29, Guillaume Castagnino wrote:

Hi,

I have the same issue since last gnutls CVE fix on ubuntu (14.04):
http://launchpadlibrarian.net/20701/gnutls26_2.12.23-12ubuntu2.3_2.12.23-12ubuntu2.4.diff.gz

The fix remove the fallback using extensions in certificate to 
negotiate

cipher. This expose a bug in openvas library.

find attached my fix for openvas8. The problem is that the "SECURE"
priority string does not exists (see
http://www.gnutls.org/manual/html_node/Priority-Strings.html). I don’t
know why gnutls_priority_set_direct does not issues an error, but this
is the cause of the bug.

Bye !

Le mardi 12 janvier 2016 07:18:49 James Lay a écrit :

On Tue, 2016-01-12 at 15:01 +0100, Paula Gonzalez Muñoz wrote:
> What distribution is openvas installed at? How did you install it?
> How did you upgrade?
>
> Sent from my mobile device.
>
>
> El 12 ene. 2016 2:59 p. m., "Reindl Harald" <h.rei...@thelounge.net>
>
> escribió:
> Am 12.01.2016 um 14:46 schrieb James Lay:
> Topic says itafter doing an upgrade from
> libgnutls26:amd64 to
> libgnutls-openssl27:amd64 I now get:
>
> Login failed. OMP service is down.
>
> openvasmd.log shows:
>
> lib  serv:WARNING:2016-01-12 13h36.10 utc:1749:
> Failed
> to shake hands
> with peer: A TLS packet with unexpected length was
> received.
> lib  serv:WARNING:2016-01-12 13h36.10 utc:1749:
> Failed
> to shutdown
> server socket
> md   main:CRITICAL:2016-01-12 13h36.10 utc:1749:
> serve_client: failed to
> attach client session to socket 9
> lib  serv:WARNING:2016-01-12 13h36.10 utc:1749:
> Failed to gnutls_bye:
> GnuTLS internal error.
>
> Besides downgrading, is there something I can look
> at
> to fix this?
> Thank you
>
> http://www.catb.org/esr/faqs/smart-questions.html#beprecise
>
>
> ___
> Openvas-discuss mailing list
> Openvas-discuss@wald.intevation.org
> https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/o
> penvas-discuss>
> ___
> Openvas-discuss mailing list
> Openvas-discuss@wald.intevation.org
> https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-d
> iscuss
From here:

https://launchpad.net/~mrazavi/+archive/ubuntu/openvas

Ubuntu 14.04looks like I'm not the only one as I see others are
having the initial NVT cache rebuild issue.  Thank you.

James


___
Openvas-discuss mailing list
Openvas-discuss@wald.intevation.org
https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss


That's helpful thank you.  Sounds like those of us that didn't compile 
from source are out of luck for now.


James
___
Openvas-discuss mailing list
Openvas-discuss@wald.intevation.org
https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss