Re: [Openvas-discuss] Detecting sensitive data with OpenVAS
On 2016-04-13 11:47, Eero Volotinen wrote: Hi, There is no a such plugin in openvas. Our company does openvas consultancy and if you are willing to pay, then we can develop plugin for this need. Eero 2016-04-13 18:58 GMT+03:00 James Lay <j...@slave-tothe-box.net>: Hi All, Did a search online and looked at the list archive, but I couldn't find anything regarding sensitive data. Things like: Social security numbers Debt/Credit card numbers Any pointers in this area would be awesome...thank you. James Thank you for the clarification. James ___ Openvas-discuss mailing list Openvas-discuss@wald.intevation.org https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss
[Openvas-discuss] Ramifications of OSVDB closure
:( https://blog.osvdb.org/2016/04/05/osvdb-fin/ What impact will this have on OpenVAS? James ___ Openvas-discuss mailing list Openvas-discuss@wald.intevation.org https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss
Re: [Openvas-discuss] Unable to perform any actions in Firefox
On Fri, 2016-01-29 at 14:48 +0100, Jan-Oliver Wagner wrote: > Am Mittwoch, 13. Januar 2016, 11:58:59 schrieb James Lay: > > This morning I'm attempting to do some scans, but every time I try and > > do anything like add a target or create a scan I am dump out to the GSA > > login page and I see: > > > > Cookie missing or bad. Please login again. > > > > I've cleared out cookies, but this continues. I only see this in > > Firefox, but not IE (ironic)..anyone else seeing this? This was > > installed from this ppa: > > > > https://launchpad.net/~mrazavi/+archive/ubuntu/openvas > > > > on Ubuntu 14.04, 64 bit. Thank you. > > I do not see this. > I am using various Firefox derivates and Chrome/Chromium. > > Thanks...must be a plugin or something on my windows firefox. James ___ Openvas-discuss mailing list Openvas-discuss@wald.intevation.org https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss
Re: [Openvas-discuss] Hi, Guys, Mayday! when using openvasmd --rebuild on archlinux, I got a TLS connection Error.
On 2016-01-27 07:32, Chi Zhang wrote: > Well, when I execute "openvasmd --rebuild --progress", the error messages (in > /var/log/openvas/openvasmd.log) are: > > lib serv:WARNING:2016-01-27 22h00.53 utc:17959: Failed to shake hands with > peer: The TLS connection was non-properly terminated. > lib serv:WARNING:2016-01-27 22h00.53 utc:17959: Failed to shutdown server > socket > > The environment is Archlinux latest version, the gnutls on my machine is > 3.4.8-1 > I follow the Archlinux wiki instructions about how to use > openvas,(https://wiki.archlinux.org/index.php/OpenVAS). > > However, when I try executing openvasmd --rebuild --progress, I got a > error"Rebuilding NVT cache... failed." > > Does someone know what the problem is ? or disable tls/ssl for openvas? : ) > > Z :) > > ___ > Openvas-discuss mailing list > Openvas-discuss@wald.intevation.org > https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss See this thread: http://thread.gmane.org/gmane.comp.security.openvas.users/9068/ James ___ Openvas-discuss mailing list Openvas-discuss@wald.intevation.org https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss
[Openvas-discuss] Unable to perform any actions in Firefox
This morning I'm attempting to do some scans, but every time I try and do anything like add a target or create a scan I am dump out to the GSA login page and I see: Cookie missing or bad. Please login again. I've cleared out cookies, but this continues. I only see this in Firefox, but not IE (ironic)..anyone else seeing this? This was installed from this ppa: https://launchpad.net/~mrazavi/+archive/ubuntu/openvas on Ubuntu 14.04, 64 bit. Thank you. James ___ Openvas-discuss mailing list Openvas-discuss@wald.intevation.org https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss
[Openvas-discuss] Offline Alive Test Comparison
Topic says it for those that may be interested. All tests were run on a home networking with a target that doesn't exist on the local subnet (192.168.1.9). Timings below: event task:MESSAGE:2016-01-13 14H46.43 MST:21609: Status of task Offline-ARP (22de1311-9e25-4314-a5d5-834229ffeb17) has changed to Running event task:MESSAGE:2016-01-13 14H46.56 MST:21609: Status of task Offline-ARP (22de1311-9e25-4314-a5d5-834229ffeb17) has changed to Done event task:MESSAGE:2016-01-13 14H48.01 MST:21827: Status of task Offline-ICMP-ARP (e0144e2a-722a-4c6e-88d8-8eb556743bf3) has changed to Running event task:MESSAGE:2016-01-13 14H48.14 MST:21827: Status of task Offline-ICMP-ARP (e0144e2a-722a-4c6e-88d8-8eb556743bf3) has changed to Done event task:MESSAGE:2016-01-13 14H48.54 MST:22023: Status of task Offline-ICMP-TCP-ACK (b9b0e827-8d70-4179-8b38-42ac700fd543) has changed to Running event task:MESSAGE:2016-01-13 14H49.13 MST:22023: Status of task Offline-ICMP-TCP-ACK (b9b0e827-8d70-4179-8b38-42ac700fd543) has changed to Done event task:MESSAGE:2016-01-13 14H49.59 MST:22219: Status of task Offline-ICMP-TCP-ACK-ARP (3d3fa215-4687-4cb6-b989-a9b578d482f8) has changed to Running event task:MESSAGE:2016-01-13 14H50.12 MST:22219: Status of task Offline-ICMP-TCP-ACK-ARP (3d3fa215-4687-4cb6-b989-a9b578d482f8) has changed to Done event task:MESSAGE:2016-01-13 14H50.43 MST:22416: Status of task Offline-PING (444bb0c3-1b9e-4d48-b71d-7917e3d95e8c) has changed to Running event task:MESSAGE:2016-01-13 15H00.26 MST:22416: Status of task Offline-PING (444bb0c3-1b9e-4d48-b71d-7917e3d95e8c) has changed to Done event task:MESSAGE:2016-01-13 15H00.51 MST:31667: Status of task Offline-TCP-ACK (7d07c54e-32cc-4232-90df-8ebfaf0c4215) has changed to Running event task:MESSAGE:2016-01-13 15H01.09 MST:31667: Status of task Offline-TCP-ACK (7d07c54e-32cc-4232-90df-8ebfaf0c4215) has changed to Done event task:MESSAGE:2016-01-13 15H02.17 MST:31868: Status of task Offline-TCP-ACK-ARP (460ab816-79d2-4bd1-bfda-25156bf5b1bc) has changed to Running event task:MESSAGE:2016-01-13 15H02.31 MST:31868: Status of task Offline-TCP-ACK-ARP (460ab816-79d2-4bd1-bfda-25156bf5b1bc) has changed to Done event task:MESSAGE:2016-01-13 15H02.56 MST:32062: Status of task Offline-TCP-SYN (f00ee361-304e-49d2-8832-e679e6e97bd2) has changed to Running event task:MESSAGE:2016-01-13 15H03.19 MST:32062: Status of task Offline-TCP-SYN (f00ee361-304e-49d2-8832-e679e6e97bd2) has changed to Done Of interest; Offline-PING took the longest and actually generated a log which included Traceroute, and a 3com switch2hub result. Hope this helps someone else evaluating OpenVAS. Thank you. James ___ Openvas-discuss mailing list Openvas-discuss@wald.intevation.org https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss
Re: [Openvas-discuss] TLS upgrade breaks OMP
On 2016-01-13 02:52, Benoît Allard wrote: On Tue, 12 Jan 2016 15:29:37 +0100 Guillaume Castagninowrote: Hi, I have the same issue since last gnutls CVE fix on ubuntu (14.04): http://launchpadlibrarian.net/20701/gnutls26_2.12.23-12ubuntu2.3_2.12.23-12ubuntu2.4.diff.gz The fix remove the fallback using extensions in certificate to negotiate cipher. This expose a bug in openvas library. find attached my fix for openvas8. The problem is that the "SECURE" priority string does not exists (see http://www.gnutls.org/manual/html_node/Priority-Strings.html). I don’t know why gnutls_priority_set_direct does not issues an error, but this is the cause of the bug. Bye ! I can confirm that the "SECURE" cipher suite does not exists, and that the documentation says that "NORMAL" means 'all the secure ciphers'. Hence I committed your patch as r24104, and backported to OpenVAS 8 as r24105. Thanks you very much for your contribution ! Don't hesitate to post such patches here or in -devel in the future. Best Regards, Ben. ___ Openvas-discuss mailing list Openvas-discuss@wald.intevation.org https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss And for those of you on Ubuntu using this ppa (https://launchpad.net/~mrazavi/+archive/ubuntu/openvas) Mohammad has already included the patch that Guillaume created...I've tested with the latest Ubuntu GnuTLS patches and it's worked fine. Reason #723 why I love open sourceFAST fixes. James ___ Openvas-discuss mailing list Openvas-discuss@wald.intevation.org https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss
Re: [Openvas-discuss] TLS upgrade breaks OMP
On Tue, 2016-01-12 at 06:46 -0700, James Lay wrote: > Topic says itafter doing an upgrade from libgnutls26:amd64 to > libgnutls-openssl27:amd64 I now get: > > Login failed. OMP service is down. > > openvasmd.log shows: > > lib serv:WARNING:2016-01-12 13h36.10 utc:1749: Failed to shake hands > with peer: A TLS packet with unexpected length was received. > lib serv:WARNING:2016-01-12 13h36.10 utc:1749: Failed to shutdown > server socket > md main:CRITICAL:2016-01-12 13h36.10 utc:1749: serve_client: failed > to attach client session to socket 9 > lib serv:WARNING:2016-01-12 13h36.10 utc:1749:Failed to > gnutls_bye: GnuTLS internal error. > > Besides downgrading, is there something I can look at to fix this? > Thank you. > > James > > ___ > Openvas-discuss mailing list > Openvas-discuss@wald.intevation.org > https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss More info..it's either one of these (from the apt-get log): Upgrade: libgnutls-openssl27:amd64 (2.12.23-12ubuntu2.3, 2.12.23-12ubuntu2.4), libgnutls26:amd64 (2.12.23-12ubuntu2.3, 2.12.23-12ubuntu2.4) Thank you. James ___ Openvas-discuss mailing list Openvas-discuss@wald.intevation.org https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss
[Openvas-discuss] TLS upgrade breaks OMP
Topic says itafter doing an upgrade from libgnutls26:amd64 to libgnutls-openssl27:amd64 I now get: Login failed. OMP service is down. openvasmd.log shows: lib serv:WARNING:2016-01-12 13h36.10 utc:1749: Failed to shake hands with peer: A TLS packet with unexpected length was received. lib serv:WARNING:2016-01-12 13h36.10 utc:1749: Failed to shutdown server socket md main:CRITICAL:2016-01-12 13h36.10 utc:1749: serve_client: failed to attach client session to socket 9 lib serv:WARNING:2016-01-12 13h36.10 utc:1749:Failed to gnutls_bye: GnuTLS internal error. Besides downgrading, is there something I can look at to fix this? Thank you. James ___ Openvas-discuss mailing list Openvas-discuss@wald.intevation.org https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss
[Openvas-discuss] Rebuilding NVT cache failed
Hello, I recently attempted to update my install with: sudo openvas-nvt-sync sudo openvas-scapdata-sync sudo openvas-certdata-sync sudo service openvas-scanner restart sudo service openvas-manager restart sudo openvasmd --rebuild --progress My rebuild progress failed: Rebuilding NVT cache... failed. The only log message that looks unusual is the below: lib serv:WARNING:2016-01-12 13h05.53 utc:20912: Failed to shake hands with peer: The signature algorithm is not supported. Is there a way to recreate the NVT cache? Thank you. James ___ Openvas-discuss mailing list Openvas-discuss@wald.intevation.org https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss
Re: [Openvas-discuss] TLS upgrade breaks OMP
On 2016-01-12 07:29, Guillaume Castagnino wrote: Hi, I have the same issue since last gnutls CVE fix on ubuntu (14.04): http://launchpadlibrarian.net/20701/gnutls26_2.12.23-12ubuntu2.3_2.12.23-12ubuntu2.4.diff.gz The fix remove the fallback using extensions in certificate to negotiate cipher. This expose a bug in openvas library. find attached my fix for openvas8. The problem is that the "SECURE" priority string does not exists (see http://www.gnutls.org/manual/html_node/Priority-Strings.html). I don’t know why gnutls_priority_set_direct does not issues an error, but this is the cause of the bug. Bye ! Le mardi 12 janvier 2016 07:18:49 James Lay a écrit : On Tue, 2016-01-12 at 15:01 +0100, Paula Gonzalez Muñoz wrote: > What distribution is openvas installed at? How did you install it? > How did you upgrade? > > Sent from my mobile device. > > > El 12 ene. 2016 2:59 p. m., "Reindl Harald" <h.rei...@thelounge.net> > > escribió: > Am 12.01.2016 um 14:46 schrieb James Lay: > Topic says itafter doing an upgrade from > libgnutls26:amd64 to > libgnutls-openssl27:amd64 I now get: > > Login failed. OMP service is down. > > openvasmd.log shows: > > lib serv:WARNING:2016-01-12 13h36.10 utc:1749: > Failed > to shake hands > with peer: A TLS packet with unexpected length was > received. > lib serv:WARNING:2016-01-12 13h36.10 utc:1749: > Failed > to shutdown > server socket > md main:CRITICAL:2016-01-12 13h36.10 utc:1749: > serve_client: failed to > attach client session to socket 9 > lib serv:WARNING:2016-01-12 13h36.10 utc:1749: > Failed to gnutls_bye: > GnuTLS internal error. > > Besides downgrading, is there something I can look > at > to fix this? > Thank you > > http://www.catb.org/esr/faqs/smart-questions.html#beprecise > > > ___ > Openvas-discuss mailing list > Openvas-discuss@wald.intevation.org > https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/o > penvas-discuss> > ___ > Openvas-discuss mailing list > Openvas-discuss@wald.intevation.org > https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-d > iscuss From here: https://launchpad.net/~mrazavi/+archive/ubuntu/openvas Ubuntu 14.04looks like I'm not the only one as I see others are having the initial NVT cache rebuild issue. Thank you. James Those of you who absolutely need this to work (like me) you can attempt the below...I would make sure you backup your systems before hand...so far this has been successful in downgrading: sudo apt-get update sudo service openvas-gsa stop sudo service openvas-manager stop sudo service openvas-scanner stop cd /var/cache/apt/archives/ sudo dpkg -i --force-downgrade libgnu*2.3* sudo echo "libgnutls26 hold" | sudo dpkg --set-selections sudo echo "libgnutls-openssl27 hold" | sudo dpkg --set-selections Once the issues get resolved you can use the below to release and allow libgnutls26 and libgnutls-openssl27 to upgrade: sudo echo "libgnutls26 install" | sudo dpkg --set-selections sudo echo "libgnutls-openssl27 install" | sudo dpkg --set-selections So far so good...I've also sent the patch (thanks Guillaume!) to Mohammad Razavi in the hopes he can update the ppa. Good luck...an unpleasant surprise. James ___ Openvas-discuss mailing list Openvas-discuss@wald.intevation.org https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss
Re: [Openvas-discuss] TLS upgrade breaks OMP
On 2016-01-12 07:29, Guillaume Castagnino wrote: Hi, I have the same issue since last gnutls CVE fix on ubuntu (14.04): http://launchpadlibrarian.net/20701/gnutls26_2.12.23-12ubuntu2.3_2.12.23-12ubuntu2.4.diff.gz The fix remove the fallback using extensions in certificate to negotiate cipher. This expose a bug in openvas library. find attached my fix for openvas8. The problem is that the "SECURE" priority string does not exists (see http://www.gnutls.org/manual/html_node/Priority-Strings.html). I don’t know why gnutls_priority_set_direct does not issues an error, but this is the cause of the bug. Bye ! Le mardi 12 janvier 2016 07:18:49 James Lay a écrit : On Tue, 2016-01-12 at 15:01 +0100, Paula Gonzalez Muñoz wrote: > What distribution is openvas installed at? How did you install it? > How did you upgrade? > > Sent from my mobile device. > > > El 12 ene. 2016 2:59 p. m., "Reindl Harald" <h.rei...@thelounge.net> > > escribió: > Am 12.01.2016 um 14:46 schrieb James Lay: > Topic says itafter doing an upgrade from > libgnutls26:amd64 to > libgnutls-openssl27:amd64 I now get: > > Login failed. OMP service is down. > > openvasmd.log shows: > > lib serv:WARNING:2016-01-12 13h36.10 utc:1749: > Failed > to shake hands > with peer: A TLS packet with unexpected length was > received. > lib serv:WARNING:2016-01-12 13h36.10 utc:1749: > Failed > to shutdown > server socket > md main:CRITICAL:2016-01-12 13h36.10 utc:1749: > serve_client: failed to > attach client session to socket 9 > lib serv:WARNING:2016-01-12 13h36.10 utc:1749: > Failed to gnutls_bye: > GnuTLS internal error. > > Besides downgrading, is there something I can look > at > to fix this? > Thank you > > http://www.catb.org/esr/faqs/smart-questions.html#beprecise > > > ___ > Openvas-discuss mailing list > Openvas-discuss@wald.intevation.org > https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/o > penvas-discuss> > ___ > Openvas-discuss mailing list > Openvas-discuss@wald.intevation.org > https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-d > iscuss From here: https://launchpad.net/~mrazavi/+archive/ubuntu/openvas Ubuntu 14.04looks like I'm not the only one as I see others are having the initial NVT cache rebuild issue. Thank you. James ___ Openvas-discuss mailing list Openvas-discuss@wald.intevation.org https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss That's helpful thank you. Sounds like those of us that didn't compile from source are out of luck for now. James ___ Openvas-discuss mailing list Openvas-discuss@wald.intevation.org https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss