Re: [Openvas-discuss] Openvas-discuss Openvas 7 Installation error on CentOS 6.5
Am Dienstag, 14. Oktober 2014, 15:25:37 schrieb Shwetank Sharma: I am trying to compile openvas 7 from source. All packages are compiled successfully. But when I tried to sync NVT every time I got the error mentioned below. openvas-nvt-sync openvassd: error while loading shared libraries: libopenvas_misc.so.7: cannot open shared object file: No such file or directory I think this should be addressed first. Maybe you need a LD_LIBRARY_PATH to where you installed the libs. The path needs to be known by the environment that calls openvassd. -- Dr. Jan-Oliver Wagner | ++49-541-335084-0 | http://www.greenbone.net/ Greenbone Networks GmbH, Neuer Graben 17, 49074 Osnabrück | AG Osnabrück, HR B 202460 Geschäftsführer: Lukas Grunwald, Dr. Jan-Oliver Wagner ___ Openvas-discuss mailing list Openvas-discuss@wald.intevation.org https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss
Re: [Openvas-discuss] share sockets
Am Donnerstag, 16. Oktober 2014, 05:08:24 schrieb flymolon: I've been told that everytime a script's about to exit, the socket(s) it opened should be closed. Now I want to know how the scripts share sockets, and how the openvassd processes share sockets. Anybody knows? A NVT that opens a socket does not share it with other NVTs. -- Dr. Jan-Oliver Wagner | ++49-541-335084-0 | http://www.greenbone.net/ Greenbone Networks GmbH, Neuer Graben 17, 49074 Osnabrück | AG Osnabrück, HR B 202460 Geschäftsführer: Lukas Grunwald, Dr. Jan-Oliver Wagner ___ Openvas-discuss mailing list Openvas-discuss@wald.intevation.org https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss
Re: [Openvas-discuss] 回复: install openvas has some problem
Am Samstag, 18. Oktober 2014, 09:09:09 schrieb r...@cnmoker.org: anybody konw what is problem? how fix it? usually the beta tar balls compile. I have never observed the problem, not even in SVN trunk. Have you the same problem still with the newest beta tar balls? -- Dr. Jan-Oliver Wagner | ++49-541-335084-0 | http://www.greenbone.net/ Greenbone Networks GmbH, Neuer Graben 17, 49074 Osnabrück | AG Osnabrück, HR B 202460 Geschäftsführer: Lukas Grunwald, Dr. Jan-Oliver Wagner ___ Openvas-discuss mailing list Openvas-discuss@wald.intevation.org https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss
Re: [Openvas-discuss] GSA and POODLE
Am Freitag, 17. Oktober 2014, 21:35:46 schrieb Daniel Malament: Is there a way to turn off SSLv3 on the Greenbone Security Assistant? there is a command line option for gsad --gnutls-priorities with which you control the ciphers. The abilities depend on the gnutls version you are using. -- Dr. Jan-Oliver Wagner | ++49-541-335084-0 | http://www.greenbone.net/ Greenbone Networks GmbH, Neuer Graben 17, 49074 Osnabrück | AG Osnabrück, HR B 202460 Geschäftsführer: Lukas Grunwald, Dr. Jan-Oliver Wagner ___ Openvas-discuss mailing list Openvas-discuss@wald.intevation.org https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss
Re: [Openvas-discuss] Scan on Slave dies at 3% consistently on Master, but Still continues on Slave
Am Samstag, 18. Oktober 2014, 17:13:33 schrieb Traiano Welcome: [Using openVAS 6, installed from the atomic repos. On CentOS 6.5] I'm running a scan initiated from a master node to a slave node. From the masters perspective the scan seems to die at 3% consistently, with the following messages in the master's logs. However, the scan continues on the slave! And there appear to be regular SIGSEGV errors in the openvassd logs on the slave during the scan process: --- [Sat Oct 18 14:35:19 2014][20293] SIGSEGV occured ! [Sat Oct 18 14:35:19 2014][20293] closing logfile [Sat Oct 18 14:35:19 2014][22681] Process 20293 seems to have died too early --- Is there a known cause for this kind of behavior, and how would I go about troubleshooting this further? sigsegv is bad and should not happen indeed. First thing to do is to check whether you are running the latest releases of the OpenVAS version you are running. These are available on the download source page and are send to openvas-announce. Once you ensured you are using the newest version and still observe the sigsegv the next thing to do is to increase the log level of openvasmd and see if the log offers a clue. Be aware that the verbosity can be very very extensive. -- Dr. Jan-Oliver Wagner | ++49-541-335084-0 | http://www.greenbone.net/ Greenbone Networks GmbH, Neuer Graben 17, 49074 Osnabrück | AG Osnabrück, HR B 202460 Geschäftsführer: Lukas Grunwald, Dr. Jan-Oliver Wagner ___ Openvas-discuss mailing list Openvas-discuss@wald.intevation.org https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss
Re: [Openvas-discuss] Task started via the CLI silently refuses to run
Am Samstag, 18. Oktober 2014, 18:29:05 schrieb Traiano Welcome: I've preconfigured targets and tasks for openvas using the gsad, and tested scanning via the gsad. Now I'd like to kick off a scan using the openvas-cli tool with something like: --- openvas-cli -v -u admin_user -w password -S task uuid --- ... Am I going about launching the task from the CLI the right way? If so, how would I debug this further? I am not sure I got the problem right. Howeverm the command line tool is called omp, not openvas-cli. You may try the -X option for omp to directly apply OMP commands and see the OMP responses. -- Dr. Jan-Oliver Wagner | ++49-541-335084-0 | http://www.greenbone.net/ Greenbone Networks GmbH, Neuer Graben 17, 49074 Osnabrück | AG Osnabrück, HR B 202460 Geschäftsführer: Lukas Grunwald, Dr. Jan-Oliver Wagner ___ Openvas-discuss mailing list Openvas-discuss@wald.intevation.org https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss
Re: [Openvas-discuss] No Scan results in OpenVAS-7
Am Mittwoch, 22. Oktober 2014, 16:06:05 schrieb Helmut Koers: I did setup OpenVAS-7 including Trusted NVTs according to the OpenVAS guidance like I did for OpenVAS-6 a couple of times already without issues. Unfortunately I do not see any results in any report, knowing there are some. The logfile openvas.dump shows (openvassd:15412): base gpgme-WARNING **: Setting GnuPG homedir failed: No such file or directory /var/lib/openvas/plugins/radius_detect.nasl: bad or missing signature. Will not execute this script for all scripts. As soon as I disable Trusted NVTs in /etc/openvas/openvassd.conf, I see the expected results in the reports. Has anything changed in these regards in OpenVAS-7? you correctly identified that the failing signatre check was the reason for no results :-) Bascially there was no change regarding the location of the gnupg signing key. It seems your v7 setup does not find it... -- Dr. Jan-Oliver Wagner | ++49-541-335084-0 | http://www.greenbone.net/ Greenbone Networks GmbH, Neuer Graben 17, 49074 Osnabrück | AG Osnabrück, HR B 202460 Geschäftsführer: Lukas Grunwald, Dr. Jan-Oliver Wagner ___ Openvas-discuss mailing list Openvas-discuss@wald.intevation.org https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss
Re: [Openvas-discuss] OpenVAS 7 installation
Am Freitag, 24. Oktober 2014, 19:58:11 schrieb Dominguez, Roland: Thanks everyone for the advice. Here's what I did. I exported one of the included scans as an XML file. Created a new scan and imported the XML file. Them I modified the ping host section to TCP based pings. Is this the proper method of solving the ICMP problem, where ICMP is blocked on a network? hm, very complicated method. If you simply change the Aive Test for the target in GSA, it is easier. Also, if there is some other than using the scan config default, the Value you enter manually to the scan config (like with your method above) gets overwritten. -- Dr. Jan-Oliver Wagner | ++49-541-335084-0 | http://www.greenbone.net/ Greenbone Networks GmbH, Neuer Graben 17, 49074 Osnabrück | AG Osnabrück, HR B 202460 Geschäftsführer: Lukas Grunwald, Dr. Jan-Oliver Wagner ___ Openvas-discuss mailing list Openvas-discuss@wald.intevation.org https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss
Re: [Openvas-discuss] CVE-2009-3095 in windows
Hello, reports about possible false positives or other bugs in the NVTs are best send to the openvas-plugins mailing list to ensure the NVT developers get aware of it. Am Montag, 27. Oktober 2014, 08:55:11 schrieb flymolon: The NVT secpod_apache_mod_proxy_ftp_cmd_inj_vuln.nasl detects CVE-2009-3095 for linux, but it filters windows out. There's an apache HTTP server in my windows server, here's its banner: HTTP/1.1 200 OK Date: Mon, 27 Oct 2014 07:28:40 GMT Server: Apache/2.2.13 (Win32) Last-Modified: Sat, 20 Nov 2004 07:16:26 GMT ETag: 1d0bb-2c-3e94b66c2e680 Accept-Ranges: bytes Content-Length: 44 Connection: close Content-Type: text/html X-Pad: avoid browser bug Does the vulnerability exist in it? or is there a tool I can use to test the attack? -- Dr. Jan-Oliver Wagner | ++49-541-335084-0 | http://www.greenbone.net/ Greenbone Networks GmbH, Neuer Graben 17, 49074 Osnabrück | AG Osnabrück, HR B 202460 Geschäftsführer: Lukas Grunwald, Dr. Jan-Oliver Wagner ___ Openvas-discuss mailing list Openvas-discuss@wald.intevation.org https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss
Re: [Openvas-discuss] Problem running OpenVAS
Am Montag, 27. Oktober 2014, 12:33:20 schrieb Andreas Walz: I'm trying to get OpenVAS running on my Linux machine since a few days...unfortunately without success :-(. I have built OpenVAS from sources using greenbone-security-assistant-5.0.3/openvas-cli-1.3.0/openvas-libraries-7.0. 4/openvas-manager-5.0.4/openvas-scanner-4.0.3/ So far, compiling does work without any problems. However, while following step 3 (from http://www.openvas.org/install-packages-v6.html#openvas_debian_obs) I get stuck over and over again: While openvas-check-setup reports (please also see attached openvas-check-setup.log) [...] Step 7: Checking if OpenVAS services are up and running ... OK: netstat found, extended checks of the OpenVAS services enabled. ERROR: OpenVAS Scanner is NOT running! FIX: Start OpenVAS Scanner (openvassd). ERROR: OpenVAS Manager is NOT running! FIX: Start OpenVAS Manager (openvasmd). [...] I perform /etc/init.d/openvas-scanner start and what I get is OpenVAS # /etc/init.d/openvas-scanner start Starting OpenVAS Scanner: WARN: The (expected) certificate file /var/lib/openvas/CA//cakey.pem is not available.The OpenVAS daemon might not start up.WARN: The (expected) certificate file /var/lib/openvas/CA//serverkey.pem is not available.The OpenVAS daemon might not start up.log_init():open : No such file or directory Could not open the logfile, using stderr dup2 : Bad file descriptor fdopen : Bad file descriptor rules_new():open : No such file or directory /usr/share/openvas/openvas-services could not be found. Install it and try again ERROR. In fact, the files are there: OpenVAS # ll /var/lib/openvas/CA total 28 -rw-r--r-- 1 root root 1513 Oct 27 09:33 cacert.pem -rw--- 1 root root 887 Oct 27 09:34 cakey.pem -rw--- 1 root root 3950 Oct 27 09:33 clientcert.pem -rw--- 1 root root 887 Oct 27 09:34 clientkey.pem -rw-r--r-- 1 root root 4312 Oct 27 09:33 servercert.pem -rw--- 1 root root 891 Oct 27 09:34 serverkey.pem Do you have any idea what I'm missing? Maybe the init script openvas-scanner behaves wrongly? You might try to start openvassd directly, for example # openvassd --listen=127.0.0.1 --foreground -- Dr. Jan-Oliver Wagner | ++49-541-335084-0 | http://www.greenbone.net/ Greenbone Networks GmbH, Neuer Graben 17, 49074 Osnabrück | AG Osnabrück, HR B 202460 Geschäftsführer: Lukas Grunwald, Dr. Jan-Oliver Wagner ___ Openvas-discuss mailing list Openvas-discuss@wald.intevation.org https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss
Re: [Openvas-discuss] os icmp echo no answer
Am Dienstag, 28. Oktober 2014, 03:43:53 schrieb flymolon: Why does the function ModuleA() in os_fingerprint.nasl receive nothing while executing 'ping' command in bash is ok? such questions are best addressed to the openvas-plugins mailing list where the NVT developers hang around. -- Dr. Jan-Oliver Wagner | ++49-541-335084-0 | http://www.greenbone.net/ Greenbone Networks GmbH, Neuer Graben 17, 49074 Osnabrück | AG Osnabrück, HR B 202460 Geschäftsführer: Lukas Grunwald, Dr. Jan-Oliver Wagner ___ Openvas-discuss mailing list Openvas-discuss@wald.intevation.org https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss
Re: [Openvas-discuss] IRC #openvas archive stopped working
Am Donnerstag, 30. Oktober 2014, 10:32:36 schrieb Dustin Demuth: Who is in charge of archiving the #openvas irc channel? It seems like the archive [1] does not work anymore since 21.10.2014 http://www.linux.hr/openvas/archive/ oops, true. Kost (Vlatko) set it up and maintained it. Not sure what happened. I send Kost a reminder about it. -- Dr. Jan-Oliver Wagner | ++49-541-335084-0 | http://www.greenbone.net/ Greenbone Networks GmbH, Neuer Graben 17, 49074 Osnabrück | AG Osnabrück, HR B 202460 Geschäftsführer: Lukas Grunwald, Dr. Jan-Oliver Wagner ___ Openvas-discuss mailing list Openvas-discuss@wald.intevation.org https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss
Re: [Openvas-discuss] sharing targets across users?
Am Freitag, 10. Oktober 2014, 15:53:14 schrieb Christopher Couples: After setting up openvas 7, I added a few targets using the Greenbone gui. I then created accounts for two of my colleagues, and charged one of them with adding the remainder of our systems (some 120+), which task he completed. When I log out and back into Greenbone, I'm unable to see any of the systems added by my colleague, and vice-versa. This behavior is also the same when using the openvas-cli -- I can only see the targets which I added. Where can I set the newly-added systems to be viewable by all users (we're all Admins in Greenbone, so we should all see everything)? That Admin role is not meant to able to see everything. It is meant to manage Users primarily. But what you could do is making a target readable to role Admin. However, the GUI does not support this too well at the moment. -- Dr. Jan-Oliver Wagner | ++49-541-335084-0 | http://www.greenbone.net/ Greenbone Networks GmbH, Neuer Graben 17, 49074 Osnabrück | AG Osnabrück, HR B 202460 Geschäftsführer: Lukas Grunwald, Dr. Jan-Oliver Wagner ___ Openvas-discuss mailing list Openvas-discuss@wald.intevation.org https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss
Re: [Openvas-discuss] Openvas console report and mail report (not the same?)
Am Freitag, 25. April 2014, 04:31:21 schrieb luciano fain: Hi all, anybody knows why the PDF report generated in the Greenbone Security Assistant console isn't the same when is sent by mail throught an alert? The key difference: in the report received by mail you have all dead host... and in the report generated online in the console you have only live host with issues. Regards. I'd say a different filter was applied. -- Dr. Jan-Oliver Wagner | ++49-541-335084-0 | http://www.greenbone.net/ Greenbone Networks GmbH, Neuer Graben 17, 49074 Osnabrück | AG Osnabrück, HR B 202460 Geschäftsführer: Lukas Grunwald, Dr. Jan-Oliver Wagner ___ Openvas-discuss mailing list Openvas-discuss@wald.intevation.org https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss
Re: [Openvas-discuss] Capacity Limits
Am Mittwoch, 1. Oktober 2014, 17:48:19 schrieb Turner, Jonas: Are there any limits to what OpenVAS can and cannot do with regards to do scans? I am looking to scan 675 subnets and want to know that if I kick off multiple tasks...would it break OpenVAS either the manager or scanner? size of subnets and number of hosts alive are relevant. If you mean class C networks all filled, we are talking about 170k hosts. Surely you should plan several tasks and give it some time. Other than that it should be possible. Of course many aspects influence the duration of the scan. -- Dr. Jan-Oliver Wagner | ++49-541-335084-0 | http://www.greenbone.net/ Greenbone Networks GmbH, Neuer Graben 17, 49074 Osnabrück | AG Osnabrück, HR B 202460 Geschäftsführer: Lukas Grunwald, Dr. Jan-Oliver Wagner ___ Openvas-discuss mailing list Openvas-discuss@wald.intevation.org https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss
Re: [Openvas-discuss] Parsing OpenVAS XML from Dradis
Am Montag, 6. Oktober 2014, 15:15:33 schrieb Brandon Perry: TBH there should be a published XSD of the XML report so that programs can validate the reports they are getting against them, and so that multiple versions of the reports can be supported. I agree it is desirable. Currently we are lacking man power to solve this quickly (we have open positions at Greenbone btw). However, once we get to the Import Center feature it will be worked on for sure. -- Dr. Jan-Oliver Wagner | ++49-541-335084-0 | http://www.greenbone.net/ Greenbone Networks GmbH, Neuer Graben 17, 49074 Osnabrück | AG Osnabrück, HR B 202460 Geschäftsführer: Lukas Grunwald, Dr. Jan-Oliver Wagner ___ Openvas-discuss mailing list Openvas-discuss@wald.intevation.org https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss
Re: [Openvas-discuss] user roles
Am Dienstag, 7. Oktober 2014, 20:30:36 schrieb Jack Harvey: Finally figured it out...in case anyone wants to know how to add observers to tasks on OpenVAS v7... omp -iX modify_task task_id='task-id-is-in-these-single-quotes' observerslist-of-space-delimited-already-defined-users/observers/modi fy_task In order to add to the list your command must add all PREVIOUS as well as the NEW users. The process does not append, it overwrites. perhaps I am missing something here, but have you checked the Permissions box on the Task Details dialog? -- Dr. Jan-Oliver Wagner | ++49-541-335084-0 | http://www.greenbone.net/ Greenbone Networks GmbH, Neuer Graben 17, 49074 Osnabrück | AG Osnabrück, HR B 202460 Geschäftsführer: Lukas Grunwald, Dr. Jan-Oliver Wagner ___ Openvas-discuss mailing list Openvas-discuss@wald.intevation.org https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss
Re: [Openvas-discuss] Credentialed Scans - Not Working
Am Montag, 6. Oktober 2014, 16:56:27 schrieb Turner, Jonas: Well, it appears to be working now. I haven't done anything different except to lower the amount of IP's I scanned. I am getting the SMB log in now and can now see Adobe and Java vulnerabilities and windows. I can not imagine any reason on OpenVAS side to explain this. We've seen cases where other network defense systems start blocking at certain traffic levels. But in fact it would look differently than would you described. -- Dr. Jan-Oliver Wagner | ++49-541-335084-0 | http://www.greenbone.net/ Greenbone Networks GmbH, Neuer Graben 17, 49074 Osnabrück | AG Osnabrück, HR B 202460 Geschäftsführer: Lukas Grunwald, Dr. Jan-Oliver Wagner ___ Openvas-discuss mailing list Openvas-discuss@wald.intevation.org https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss
Re: [Openvas-discuss] arachni, etc.
Am Mittwoch, 1. Oktober 2014, 15:51:43 schrieb Geoff Galitz: FWIW, openvas as a wrapper around other established tools/projects is half the point of openvas (to me anyways). It would be great if the project somehow identifies what needs to be done to get these to work again. There's no real reason the appropriate scripts/configs cannot be edited or added.. just lack of develpment resources. While I think it is very valuable to have various scan tools managed via OpenVAS I think it is the wrong appoach to wrap up other tools within a NASL NVT. Which is something that OpenVAS inherited. This approach causes several headaches. This topic was discussed at the last OpenVAS developer conferences and meanwhile we have started a prototype for the new OSP concept (OpenVAS Scanner Protocol). w3af serves as a reference for this. We are not yet where we want to be. But OpenVAS-8 will likely offer something usable. Please be patient with our limited development resources. We have a couple of open developer positions at Greenbone btw ;-) I also can offer to sponsor any OSP wrapper development for the various other scan tools. You need to be familiar with trunk and Python for this. -- Dr. Jan-Oliver Wagner | ++49-541-335084-0 | http://www.greenbone.net/ Greenbone Networks GmbH, Neuer Graben 17, 49074 Osnabrück | AG Osnabrück, HR B 202460 Geschäftsführer: Lukas Grunwald, Dr. Jan-Oliver Wagner ___ Openvas-discuss mailing list Openvas-discuss@wald.intevation.org https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss
Re: [Openvas-discuss] RES: RES: RES: UDP Issue
Am Montag, 29. September 2014, 13:49:37 schrieb Pablo Estrela Alves: Both! -If I run just UDP, the task says stopped at 1%. IIRC, there was some bug some time ago with UDP-only scans. Should be fixed since quite some time, but maybe you are using an older version? -If I run UDP and TCP, the task stops in 1% This means that the port scan is still in progress. UDP scans can be painful slow. I mean really slow. -- Dr. Jan-Oliver Wagner | ++49-541-335084-0 | http://www.greenbone.net/ Greenbone Networks GmbH, Neuer Graben 17, 49074 Osnabrück | AG Osnabrück, HR B 202460 Geschäftsführer: Lukas Grunwald, Dr. Jan-Oliver Wagner ___ Openvas-discuss mailing list Openvas-discuss@wald.intevation.org https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss
Re: [Openvas-discuss] Credentialed Scans - Not Working
Am Mittwoch, 24. September 2014, 15:43:36 schrieb Turner, Jonas: Any update on this? Or any log locations I can look to see why the credentials aren't working? Perhaps somethings corrupted or needs to be completed again? -Original Message- From: Openvas-discuss [mailto:openvas-discuss-boun...@wald.intevation.org] On Behalf Of Turner, Jonas Sent: Friday, September 19, 2014 8:23 AM To: Jan-Oliver Wagner; openvas-discuss@wald.intevation.org Subject: Re: [Openvas-discuss] Credentialed Scans - Not Working Is it the one that's called SMB Test? It should be something like SMB log in or SSH Authorization Check, depending on which way you try to log in. And what does your SMB Test say? -- Dr. Jan-Oliver Wagner | ++49-541-335084-0 | http://www.greenbone.net/ Greenbone Networks GmbH, Neuer Graben 17, 49074 Osnabrück | AG Osnabrück, HR B 202460 Geschäftsführer: Lukas Grunwald, Dr. Jan-Oliver Wagner ___ Openvas-discuss mailing list Openvas-discuss@wald.intevation.org https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss
Re: [Openvas-discuss] Trigger report creation
Am Mittwoch, 10. September 2014, 19:59:26 schrieb Phillip Rice: Is it possible to trigger a report to be created and saved to the local file system in a similar way that alerts and triggered when scan tasks compete etc? The OpenVAS Manager has no access to the filesystem where your browser is running. You could, however, automate this via OMP (omp running on your local machine). -- Dr. Jan-Oliver Wagner | ++49-541-335084-0 | http://www.greenbone.net/ Greenbone Networks GmbH, Neuer Graben 17, 49074 Osnabrück | AG Osnabrück, HR B 202460 Geschäftsführer: Lukas Grunwald, Dr. Jan-Oliver Wagner ___ Openvas-discuss mailing list Openvas-discuss@wald.intevation.org https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss
Re: [Openvas-discuss] openvas installed via Atomicorp repos
Am Mittwoch, 10. September 2014, 20:32:36 schrieb Jack Harvey: I apologize if asking dumb question...again... If I install OpenVAS onto CentOS via atomicorp, it appears to be v7. Based on individual version numbers (based on this http://www.openvas.org/install-source.html) Am I correct? Again, sorry to be so slow... I am not a CentOS user, but from what I see from other folks here, yes v7 is what you get from Atomic. -- Dr. Jan-Oliver Wagner | ++49-541-335084-0 | http://www.greenbone.net/ Greenbone Networks GmbH, Neuer Graben 17, 49074 Osnabrück | AG Osnabrück, HR B 202460 Geschäftsführer: Lukas Grunwald, Dr. Jan-Oliver Wagner ___ Openvas-discuss mailing list Openvas-discuss@wald.intevation.org https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss
Re: [Openvas-discuss] single plugin scan
Am Freitag, 12. September 2014, 04:59:18 schrieb flymolon: I did a scan with all plugins enabled and the vulnerability with ID: 1.3.6.1.4.1.25623.1.0.900287 was reported, then I did a scan only with that plugin enabled, but the vulnerability report was empty. I'm using OpenVAS-7. According to the thread: http://lists.wald.intevation.org/pipermail/openvas-discuss/2011-November/0 03620.html I just need to set the option unscanned_closed as no, but there's still no vulnerability reported. What else must I do? And, what is the most common solution? In OpenVAS-7 you should use the Target option Consider Alive for Alive Test. I am not sure though whether this is the only hurdle to get this single NVT to run. Uusually, the dependencies are automatically considered, but maybe something is wrong with this NVT (secpod_ms11-043.nasl). -- Dr. Jan-Oliver Wagner | ++49-541-335084-0 | http://www.greenbone.net/ Greenbone Networks GmbH, Neuer Graben 17, 49074 Osnabrück | AG Osnabrück, HR B 202460 Geschäftsführer: Lukas Grunwald, Dr. Jan-Oliver Wagner ___ Openvas-discuss mailing list Openvas-discuss@wald.intevation.org https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss
Re: [Openvas-discuss] gsad eating all CPU
Am Samstag, 13. September 2014, 19:23:58 schrieb Rainer Sokoll: I know this is a known issue. Once a browser connects to gsad, the daemon eats all CPU. this doesn't happen for me. How do you observe this? What I do not understand: ~# ps x | grep gsad ... I use htop and then treeview to have a quick view on parent-child relationsships. Perhaps this explains situation better? -- Dr. Jan-Oliver Wagner | ++49-541-335084-0 | http://www.greenbone.net/ Greenbone Networks GmbH, Neuer Graben 17, 49074 Osnabrück | AG Osnabrück, HR B 202460 Geschäftsführer: Lukas Grunwald, Dr. Jan-Oliver Wagner ___ Openvas-discuss mailing list Openvas-discuss@wald.intevation.org https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss
Re: [Openvas-discuss] OpenVAS hostnames are not listed in Asset Management
Am Donnerstag, 18. September 2014, 16:52:03 schrieb Ryan Jones: I've got an openvas installation on centos 6.5. I've scanned the vlan on which this server resides, and have gotten only one hostname back, from an alfresco ubuntu server that has cifs enabled. I found in the results table in the sqlite3 database, that it was found through the netbios name. I've monitored our dns server, and I can see the openvas server performing reverse DNS lookups successfully. What's more, in the results table in tasks.db, I can see Nikto scans that have fqdn for various servers. For whatever reason, in Greenbone, these hostnames are not displayed, or are not available. I can't see anything useful in the openvassd.log, .dump, or openvasmd.log files. if you open the host details via the asset management for one of those hosts, do you see more details in the section Host Identification? -- Dr. Jan-Oliver Wagner | ++49-541-335084-0 | http://www.greenbone.net/ Greenbone Networks GmbH, Neuer Graben 17, 49074 Osnabrück | AG Osnabrück, HR B 202460 Geschäftsführer: Lukas Grunwald, Dr. Jan-Oliver Wagner ___ Openvas-discuss mailing list Openvas-discuss@wald.intevation.org https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss
Re: [Openvas-discuss] Observers and Overrides
Am Dienstag, 23. September 2014, 13:19:36 schrieb Helmut Koers: I recognized that overrides can not be seen/applied by observers of tasks in OpenVAS 6. The issue has been mentioned some time ago already (see below), but there seems to no final answer/solution. I want to use it for the same reasons as mentioned below. Is there any information available in these regards? this functionality has indeed limitations in OpenVAS-6. With OpenVAS-7 there is a far more generic approach for access control. -- Dr. Jan-Oliver Wagner | ++49-541-335084-0 | http://www.greenbone.net/ Greenbone Networks GmbH, Neuer Graben 17, 49074 Osnabrück | AG Osnabrück, HR B 202460 Geschäftsführer: Lukas Grunwald, Dr. Jan-Oliver Wagner ___ Openvas-discuss mailing list Openvas-discuss@wald.intevation.org https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss
Re: [Openvas-discuss] OV and wapiti
Am Donnerstag, 25. September 2014, 12:07:49 schrieb Rainer Sokoll: a report gives me: wapiti report filename is empty. that could mean that wrong version of wapiti is used or tmp dir is not accessible. Make sure to have wapiti 2.x as wapiti 1.x is not supported. I’m on FC20, and yum info wapiti returns: Name: wapiti Arch: noarch Version : 2.3.0 Release : 5.fc20.art Size: 1.1 M Repo: installed From repo : atomic What could be wrong? One guess would be icompatiblity of the NVT wrapper for wapiti which hasn't received attention for quite some time. I assume there are only very few wapiti-via-OpenVAS users, if any. -- Dr. Jan-Oliver Wagner | ++49-541-335084-0 | http://www.greenbone.net/ Greenbone Networks GmbH, Neuer Graben 17, 49074 Osnabrück | AG Osnabrück, HR B 202460 Geschäftsführer: Lukas Grunwald, Dr. Jan-Oliver Wagner ___ Openvas-discuss mailing list Openvas-discuss@wald.intevation.org https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss
Re: [Openvas-discuss] WebScan with credential
Am Freitag, 26. September 2014, 03:55:17 schrieb luciano fain: Hi all, is it possible to do a webscan with credentials? I'm using nikto arachni as web app scanners, and I know both can do web scan with credentials using it by line command, but it is possible to do that from openvas? Best Regards.Luciano The General settings allow to add credentials. But I have not checked wether these are considered by the nikto and arachni wrappers. Those wrappers have not seen much attention since a while now. -- Dr. Jan-Oliver Wagner | ++49-541-335084-0 | http://www.greenbone.net/ Greenbone Networks GmbH, Neuer Graben 17, 49074 Osnabrück | AG Osnabrück, HR B 202460 Geschäftsführer: Lukas Grunwald, Dr. Jan-Oliver Wagner ___ Openvas-discuss mailing list Openvas-discuss@wald.intevation.org https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss
Re: [Openvas-discuss] RES: UDP Issue
Am Montag, 6. Oktober 2014, 15:31:45 schrieb Pablo Estrela Alves: I'm using OpenVas 6.0. Please, see the check setup in annex. It is easy to check for latest releases here: http://www.openvas.org/install-source.html Apparently your installation is not up-to-date. -- Dr. Jan-Oliver Wagner | ++49-541-335084-0 | http://www.greenbone.net/ Greenbone Networks GmbH, Neuer Graben 17, 49074 Osnabrück | AG Osnabrück, HR B 202460 Geschäftsführer: Lukas Grunwald, Dr. Jan-Oliver Wagner ___ Openvas-discuss mailing list Openvas-discuss@wald.intevation.org https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss
Re: [Openvas-discuss] OpenVAS-7 DEMO Virtual Appliance Version 2.0
On Donnerstag, 18. September 2014, Jan-Oliver Wagner wrote: Confirmation that it works is very much appreciated. we have had many downloads. But no confirmation yet. We need such feedback for our maintenance work. Best regards -- Dr. Jan-Oliver Wagner | +49-541-335084-0 | http://www.greenbone.net/ Greenbone Networks GmbH, Neuer Graben 17, 49074 Osnabrück | AG Osnabrück, HR B 202460 Geschäftsführer: Lukas Grunwald, Dr. Jan-Oliver Wagner ___ Openvas-discuss mailing list Openvas-discuss@wald.intevation.org https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss
[Openvas-discuss] Confirmations for working packages for OpenVAS-7?
Hello OpenVAS users! as some of you might wonder that there are no packages listed for OpenVAS-7: This is pending because so far no confirmations received us that some existing packages can be installed without any flaws, ideally the same way as OpenVAS-6 packages. Such feedback, ideally including anything to directly updated the quick guide, would help the community and be greatly appreciated. Even more helpful would be volunteers to manage that web page :-) All the best Jan -- Dr. Jan-Oliver Wagner | +49-541-335084-0 | http://www.greenbone.net/ Greenbone Networks GmbH, Neuer Graben 17, 49074 Osnabrück | AG Osnabrück, HR B 202460 Geschäftsführer: Lukas Grunwald, Dr. Jan-Oliver Wagner ___ Openvas-discuss mailing list Openvas-discuss@wald.intevation.org https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss
Re: [Openvas-discuss] Credentialed Scans - Not Working
On Donnerstag, 18. September 2014, Turner, Jonas wrote: When you refer to report...do you mean a log file? If so, do you know of the location? If you mean report from within the GSAD interface, I haven't look if it's there. yes, I meant the scan report. There should be a log message about the success or failure of SMB authorization. -- Dr. Jan-Oliver Wagner | +49-541-335084-0 | http://www.greenbone.net/ Greenbone Networks GmbH, Neuer Graben 17, 49074 Osnabrück | AG Osnabrück, HR B 202460 Geschäftsführer: Lukas Grunwald, Dr. Jan-Oliver Wagner ___ Openvas-discuss mailing list Openvas-discuss@wald.intevation.org https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss
[Openvas-discuss] OpenVAS-7 DEMO Virtual Appliance Version 2.0
Hello OpenVAS users, we have created a OpenVAS-7 DEMO VM Version 2.0. It was just uploaded and currently is only available via RSYNC: http://www.openvas.org/vm.html Mirrors welcome. The OVA image was created with VirtualBox 4.3, but uses the OVF 1.0 format. Changes of Version 2.0 compared to Version 1.0: * Updated base system (including all Debian security fixes) * Updated NVT/SCAP/CERT Feeds (covering recent comprehensive updates) * Updated to newest OpenVAS-7 maintenance releases (including recent security fixes) * Fixed the keyboard layout switch, by default US keyboard * Added Switch for an alternative face (German, IT-Schwachstellenampel) * Added haveged to better handle lack of entropy * Better support for ESXi import * Forced NVT cache to rebuild from scratch * Added examples on TLS cipher configuration * Removed remains of deprecated OpenVAS Administrator Confirmation that it works is very much appreciated. All the best Jan -- Dr. Jan-Oliver Wagner | +49-541-335084-0 | http://www.greenbone.net/ Greenbone Networks GmbH, Neuer Graben 17, 49074 Osnabrück | AG Osnabrück, HR B 202460 Geschäftsführer: Lukas Grunwald, Dr. Jan-Oliver Wagner ___ Openvas-discuss mailing list Openvas-discuss@wald.intevation.org https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss
Re: [Openvas-discuss] OpenVAS-7 DEMO Virtual Appliance Version 2.0
Am Donnerstag, 18. September 2014, 19:22:17 schrieb Henri Doreau: Maybe the binarysignals mirror isn't synced yet but the links are currently broken. I just checked and it is there now. Thanks to binarysignals for the mirror! -- Dr. Jan-Oliver Wagner | ++49-541-335084-0 | http://www.greenbone.net/ Greenbone Networks GmbH, Neuer Graben 17, 49074 Osnabrück | AG Osnabrück, HR B 202460 Geschäftsführer: Lukas Grunwald, Dr. Jan-Oliver Wagner ___ Openvas-discuss mailing list Openvas-discuss@wald.intevation.org https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss
Re: [Openvas-discuss] CentOS - initail scan produces client not present error and empty but - Done - report
Am Freitag, 29. August 2014, 14:40:22 schrieb Paul Simons: I have installed the latest version available to CentOS. I have run the setup OK but the first try (on the 'Welcome dear new user' page does not produce any output (says - Done - ) ... I think the answer was in your log: [Fri Aug 29 12:27:47 2014][4230] The remote host (172.19.210.33) is dead -- Dr. Jan-Oliver Wagner | ++49-541-335084-0 | http://www.greenbone.net/ Greenbone Networks GmbH, Neuer Graben 17, 49074 Osnabrück | AG Osnabrück, HR B 202460 Geschäftsführer: Lukas Grunwald, Dr. Jan-Oliver Wagner ___ Openvas-discuss mailing list Openvas-discuss@wald.intevation.org https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss
Re: [Openvas-discuss] Can't create creds in Greenbone
Am Dienstag, 2. September 2014, 18:45:35 schrieb Alexander: This is a fresh install on Kali, I'm not migrating from a previous version of OpenVAS. I don't have any previous credentials to migrate, I'm trying to add new credentials. for a fresh install the key is automatically created. This causes problems on systems with too few entropy. Installing something like haveged can help here. I am not familar with Kail though. -- Dr. Jan-Oliver Wagner | ++49-541-335084-0 | http://www.greenbone.net/ Greenbone Networks GmbH, Neuer Graben 17, 49074 Osnabrück | AG Osnabrück, HR B 202460 Geschäftsführer: Lukas Grunwald, Dr. Jan-Oliver Wagner ___ Openvas-discuss mailing list Openvas-discuss@wald.intevation.org https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss
Re: [Openvas-discuss] Credentialed Scans - Not Working
Am Dienstag, 16. September 2014, 17:39:24 schrieb Turner, Jonas: Does anyone else have WORKING credential scans? I still can’t seem to get mine to work. :/ well, sure, thats daily business over here ;-) What does the log result about SMB authentication say in your report? my wild guess is that your credential encryption is damaged somehow and that the scanner thus can not send a password for authentication. -- Dr. Jan-Oliver Wagner | ++49-541-335084-0 | http://www.greenbone.net/ Greenbone Networks GmbH, Neuer Graben 17, 49074 Osnabrück | AG Osnabrück, HR B 202460 Geschäftsführer: Lukas Grunwald, Dr. Jan-Oliver Wagner ___ Openvas-discuss mailing list Openvas-discuss@wald.intevation.org https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss
Re: [Openvas-discuss] cpack as rpm of openvassd fails due to a file not found exception
Am Montag, 18. August 2014, 11:35:38 schrieb Dustin Demuth: After building openvassd, I'm trying to create a rpm for openvas-scanner-release-4.0.2, with cpack -G RPM. Unfortunately the process fails, as the man-pages are renamed/converted to *.8.gz and cpack can not find the original file anymore (see verbose output of cpack below). The files seem to be generated on the fly by cpack, so renaming them had no effect. So I have two questions: a) What do I have to change to include the generated *.8.gz files into the rpm instead of the *.8 files? b) Or alternatively to a), How can cpack be told not to compress/rename the *.8 files? ... /RPM/openvas-scanner-4.0.2/usr/share/man/man8/greenbone-nvt-sync.8 *** CPack Verbose: Copying final package(s) [1]: CPack Error: Problem copying the package: /home/build/openvas/openvassd/openvas-scanner-release-4.0.2/_CPack_Packages //RPM/openvas-scanner-4.0.2.rpm to /home/build/openvas/openvassd/openvas-scanner-release-4.0.2/openvas-scanner -4.0.2.rpm CPack Error: Error when generating package: openvas-scanner Running cpack -G RPM -V in my build directory in trunk shows no error and produces a rpm package. I am not a packaging expert thoug, perhaps others here have an idea. -- Dr. Jan-Oliver Wagner | ++49-541-335084-0 | http://www.greenbone.net/ Greenbone Networks GmbH, Neuer Graben 17, 49074 Osnabrück | AG Osnabrück, HR B 202460 Geschäftsführer: Lukas Grunwald, Dr. Jan-Oliver Wagner ___ Openvas-discuss mailing list Openvas-discuss@wald.intevation.org https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss
Re: [Openvas-discuss] Scan Times
Am Donnerstag, 21. August 2014, 10:15:09 schrieb Helmut Koers: I have recognized huge differences in regards to the time it takes to complete a scan, which has the same target, port list and scan config configured. this can have many reasons. One important question is: Did the two scans achieve the same results though taking different time to complete? And how much is the difference in time? I recognized testing 'ip-address' processes on one OpenVAS installation only, where I see lots of testing 'ip-address' /var/lib/openvas/plugins/nmap_net/gb_nmap_x.nasl on another OpenVAS system. Both are running OpenVAS 6 with the latest updates and feeds. Watching the processes I suggest to use htop and switch to tree view and filter by openvas. -- Dr. Jan-Oliver Wagner | ++49-541-335084-0 | http://www.greenbone.net/ Greenbone Networks GmbH, Neuer Graben 17, 49074 Osnabrück | AG Osnabrück, HR B 202460 Geschäftsführer: Lukas Grunwald, Dr. Jan-Oliver Wagner ___ Openvas-discuss mailing list Openvas-discuss@wald.intevation.org https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss
Re: [Openvas-discuss] How can I set the account name password for SMB Login
Am Freitag, 22. August 2014, 12:31:01 schrieb flymo...@qq.com: Hi all, I want to detect a remote machine's office vertion through gsa, so I'm supposed to provide the SMB account name and password. The Login configurations on gsa describes: Provide the username/password for the common servers : HTTP, FTP, NNTP, POP2, POP3,IMAP and SMB (NetBios). Some plugins will use those logins when needed. If you do not fill some logins, those plugins will not be able run. This plugin does not do any security check. Question is, I can't find anywhere to fill them, there're only textboxes for FTP, HTTP, IMAP, NNTP, POP2 and POP3. under Configuration menu you will find item Credentials. -- Dr. Jan-Oliver Wagner | ++49-541-335084-0 | http://www.greenbone.net/ Greenbone Networks GmbH, Neuer Graben 17, 49074 Osnabrück | AG Osnabrück, HR B 202460 Geschäftsführer: Lukas Grunwald, Dr. Jan-Oliver Wagner ___ Openvas-discuss mailing list Openvas-discuss@wald.intevation.org https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss
Re: [Openvas-discuss] starting OpenVAS at boot time
Am Dienstag, 26. August 2014, 17:27:05 schrieb Jack Harvey: I have been loading OpenVAS at boot-time (Ubuntu server 14.04) by having these lines in my /etc/rc.local file: /etc/init.d/openvas-scanner start /etc/init.d/openvas-manager rebuild /etc/init.d/openvas-manager start /etc/init.d/openvas-administrator start /etc/init.d/greenbone-security-assistant start If I don't have the rebuild line I get an ERROR when the start line executes. The rebuild takes SEVERAL minutes and after the computer is completely booted and all components are started, an additional rebuild takes only 20 seconds or so. I did try leaving out of the rc.local file and just manually executed each one...If I don't execute the rebuild I get the same ERROR. Am I doing something wrong? Info appreciated. Seems you are using an older OpenVAS version prior to OpenVAS-7 where boot duration pretty short. For older versions, Scanner consumes most of the time. The --rebuild is blocked until Scanner is done with loading. -- Dr. Jan-Oliver Wagner | ++49-541-335084-0 | http://www.greenbone.net/ Greenbone Networks GmbH, Neuer Graben 17, 49074 Osnabrück | AG Osnabrück, HR B 202460 Geschäftsführer: Lukas Grunwald, Dr. Jan-Oliver Wagner ___ Openvas-discuss mailing list Openvas-discuss@wald.intevation.org https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss
Re: [Openvas-discuss] Searchable archive?
Am Mittwoch, 27. August 2014, 10:16:25 schrieb Paul Simons: I am a new user and would like to search the mailing list archive rather than repost. Is there one I can use somewhere? The archive is here: http://lists.wald.intevation.org/pipermail/openvas-discuss/ and should be searchable via arbitrary search engines. -- Dr. Jan-Oliver Wagner | ++49-541-335084-0 | http://www.greenbone.net/ Greenbone Networks GmbH, Neuer Graben 17, 49074 Osnabrück | AG Osnabrück, HR B 202460 Geschäftsführer: Lukas Grunwald, Dr. Jan-Oliver Wagner ___ Openvas-discuss mailing list Openvas-discuss@wald.intevation.org https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss
Re: [Openvas-discuss] scan with OpenVAS 7 comes no result
Am Freitag, 1. August 2014, 11:40:19 schrieb 張祚嘉: I followed the steps below to install the OpenVAS 7 http://www.mockel.se/index.php/2014/06/openvas-7-on-ubuntu-server-14-04/ However, I found out that I tried to scan my web and get all 0 for scan results. I also tried to use openvas-check, it seems my openvas installation is ok. I attached the check log in the email. Please help me out , thanks a lot. The typical reason for 0 results is that the target host was considered dead. Please change Target alive detection to Consider Alive and re-scan. -- Dr. Jan-Oliver Wagner | ++49-541-335084-0 | http://www.greenbone.net/ Greenbone Networks GmbH, Neuer Graben 17, 49074 Osnabrück | AG Osnabrück, HR B 202460 Geschäftsführer: Lukas Grunwald, Dr. Jan-Oliver Wagner ___ Openvas-discuss mailing list Openvas-discuss@wald.intevation.org https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss
Re: [Openvas-discuss] Can't create creds in Greenbone
Am Donnerstag, 7. August 2014, 19:27:10 schrieb Alexander: I have Greenbone/OpenVAS running and I'm able to interact with the Greenbone GUI. I created a target to scan, but when I try to create credentials for an authenticated scan, Greenbone hangs. The browser just sits there waiting for a server response before timing out or returning an HTTP 500. I don't see anything relevant in syslog or in the OpenVAS log files. I assume this is due to the credential encryption. If you migrated from OpenVAS-6, have you read the section Migrating Credentials in the INSTALL file of OpenVAS Manager? -- Dr. Jan-Oliver Wagner | ++49-541-335084-0 | http://www.greenbone.net/ Greenbone Networks GmbH, Neuer Graben 17, 49074 Osnabrück | AG Osnabrück, HR B 202460 Geschäftsführer: Lukas Grunwald, Dr. Jan-Oliver Wagner ___ Openvas-discuss mailing list Openvas-discuss@wald.intevation.org https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss
Re: [Openvas-discuss] Max checks
Am Dienstag, 12. August 2014, 04:12:44 schrieb luciano fain: Hi all. Anybody could suggest my max checks and Max host for a 32bit system with 4GB ? i know is better 64bits O.S. more memory but i want to know if someone have some experience with simmilar configuration. Any information will be appreciated.Best Regards.Luciano this depends also on the actual targets you are scanning. Watch the system resources with htop during a scan. Most efficiency is reached if the most of the memory is used, but not beyond. -- Dr. Jan-Oliver Wagner | ++49-541-335084-0 | http://www.greenbone.net/ Greenbone Networks GmbH, Neuer Graben 17, 49074 Osnabrück | AG Osnabrück, HR B 202460 Geschäftsführer: Lukas Grunwald, Dr. Jan-Oliver Wagner ___ Openvas-discuss mailing list Openvas-discuss@wald.intevation.org https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss
Re: [Openvas-discuss] OPenVas 2nd NIC
Am Dienstag, 12. August 2014, 19:28:19 schrieb luciano fain: Hi all, were you experimenting gsad connection problems during scannings? Should I use a 2nd nic to browse the gsad interface?Any experience will be appreciated.Best regards I am not sure I got your problem. Are you scanning the GSA web interface? Or do you have timeouts of the webinterface due to extreme load of that machine? I/O is usually not a problem. -- Dr. Jan-Oliver Wagner | ++49-541-335084-0 | http://www.greenbone.net/ Greenbone Networks GmbH, Neuer Graben 17, 49074 Osnabrück | AG Osnabrück, HR B 202460 Geschäftsführer: Lukas Grunwald, Dr. Jan-Oliver Wagner ___ Openvas-discuss mailing list Openvas-discuss@wald.intevation.org https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss
Re: [Openvas-discuss] Openvas 7 and scanning Windows hosts
Am Donnerstag, 14. August 2014, 17:10:36 schrieb Tom Powers: I recompiled openvassd and reinstalled and restarted the whole system. Rescanned windows hostsbut... Still not seeing any of the windows vulnerabilities like my openvas3 finds. Where else can I look? If you are expecting results based on authenticated scan, perhaps there is a problem with the credentials. I you are having no results at all perhaps the target is regarded as dead and you should change the target configuration to assume target alive. -- Dr. Jan-Oliver Wagner | ++49-541-335084-0 | http://www.greenbone.net/ Greenbone Networks GmbH, Neuer Graben 17, 49074 Osnabrück | AG Osnabrück, HR B 202460 Geschäftsführer: Lukas Grunwald, Dr. Jan-Oliver Wagner ___ Openvas-discuss mailing list Openvas-discuss@wald.intevation.org https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss
Re: [Openvas-discuss] script categories and safe_checks
On Montag, 4. August 2014, Rene Behring wrote: so, if ACT_DESTRUCTIVE_ATTACK, ACT_KILL_HOST and ACT_DENIAL are not executed, why are there safe_checks? if they are executed and test with if(safe_checks()) if they should run or not, why is not in every dangerous NVT a safe_checks? safe_checks() helps to have unsafe parts within a else safe check. Indeed it seems redundant to use safe_checks() in one of the unsafe categories. -- Dr. Jan-Oliver Wagner | +49-541-335084-0 | http://www.greenbone.net/ Greenbone Networks GmbH, Neuer Graben 17, 49074 Osnabrück | AG Osnabrück, HR B 202460 Geschäftsführer: Lukas Grunwald, Dr. Jan-Oliver Wagner ___ Openvas-discuss mailing list Openvas-discuss@wald.intevation.org https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss
Re: [Openvas-discuss] high load in master-slave mode
On Montag, 4. August 2014, red0queen wrote: Le 03/08/2014 19:07, Jan-Oliver Wagner a écrit : Am Montag, 28. Juli 2014, 12:59:07 schrieb red0queen: I was trying the master slave mode and I have a strange behavior : when the scan end, a scan process (openvassd) stay alive on the master node, and use 100% cpu. If I lauch another scan, a second will stay alive with full cpu usage (the master node is a dual core). I must to kill this process by hand to avoid the load. are you sure the openvassd process with 100% is on the master node? Yes. When I start a delegated analysis, the master open a new openvassd listen 127.0.0.1 (in addition of the first openvassd lauched at startup) . At the end of the scan, all the openvassd lauched on the slave ends normally, but the openvassd running on the master rise at 100% of cpu usage. All seems fine on the web gui, I just need to kill the new openvassd on the master node manually. I have no idea why this happens for you. It must be something unrelated to the actual starting of the slave scan. It is even possible to have no running openvassd at all on the master node when starting a scan on a slave node. -- Dr. Jan-Oliver Wagner | +49-541-335084-0 | http://www.greenbone.net/ Greenbone Networks GmbH, Neuer Graben 17, 49074 Osnabrück | AG Osnabrück, HR B 202460 Geschäftsführer: Lukas Grunwald, Dr. Jan-Oliver Wagner ___ Openvas-discuss mailing list Openvas-discuss@wald.intevation.org https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss
Re: [Openvas-discuss] 7 task in paralell
On Donnerstag, 14. August 2014, luciano fain wrote: Dear all, any of you knows why when you run 7 / 8 task in paralell each one with one host, the gsad intrface stucks? I can see the key problem in tasks.db access, do you have any suggestion to execute 7 or more tasks in paralell with good response of tasks.db? I know the same sqlite db is used by scanner and gsad gr.interface. Only OpenVAS Manager accesses the sqlite database, not the gsad. Are you sure it stucks? Or did it just slow down? -- Dr. Jan-Oliver Wagner | +49-541-335084-0 | http://www.greenbone.net/ Greenbone Networks GmbH, Neuer Graben 17, 49074 Osnabrück | AG Osnabrück, HR B 202460 Geschäftsführer: Lukas Grunwald, Dr. Jan-Oliver Wagner ___ Openvas-discuss mailing list Openvas-discuss@wald.intevation.org https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss
Re: [Openvas-discuss] 7 task in paralell
On Donnerstag, 14. August 2014, Brandon Perry wrote: TBH it would actually be awesome if SQLite were supported out of the box, to my understanding it is supported out of the box ... ? but you could configure OpenVAS to use PostgreSQL. Would resolve this issue, and would allow you to reduce IO during scans on the engine, and put it on a dedicated database. The PostgreSQL backend will be supported from OpenVAS-8 on. Current trunk version is not yet fully functional. -- Dr. Jan-Oliver Wagner | +49-541-335084-0 | http://www.greenbone.net/ Greenbone Networks GmbH, Neuer Graben 17, 49074 Osnabrück | AG Osnabrück, HR B 202460 Geschäftsführer: Lukas Grunwald, Dr. Jan-Oliver Wagner ___ Openvas-discuss mailing list Openvas-discuss@wald.intevation.org https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss
Re: [Openvas-discuss] script categories and safe_checks
Am Samstag, 2. August 2014, 20:30:14 schrieb Rene Behring: Hey, i thought, when safe_checks are enabled, all nvts are executed expect ACT_DENIAL, ACT_KILL_HOST, ACT_DESTRUCTIVE_ATTACK and ACT_FLOOD. And in the category ACT_MIXED_ATTACK its only looking for banners when safe_checks are enabled and its attacking when not. but in some nvts is a „if(safe_checks())“, even in some ACT_GATHER_INFO. so which exactly are executed and which not? well, if safe checks are enabled, those are not executed: ACT_DESTRUCTIVE_ATTACK, ACT_KILL_HOST, ACT_FLOOD and ACT_DENIAL and all NVTs that use the conditional. In some NVTs that might be only parts of the NVT not the full NVT. -- Dr. Jan-Oliver Wagner | ++49-541-335084-0 | http://www.greenbone.net/ Greenbone Networks GmbH, Neuer Graben 17, 49074 Osnabrück | AG Osnabrück, HR B 202460 Geschäftsführer: Lukas Grunwald, Dr. Jan-Oliver Wagner ___ Openvas-discuss mailing list Openvas-discuss@wald.intevation.org https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss
Re: [Openvas-discuss] high load in master-slave mode
Am Montag, 28. Juli 2014, 12:59:07 schrieb red0queen: I was trying the master slave mode and I have a strange behavior : when the scan end, a scan process (openvassd) stay alive on the master node, and use 100% cpu. If I lauch another scan, a second will stay alive with full cpu usage (the master node is a dual core). I must to kill this process by hand to avoid the load. are you sure the openvassd process with 100% is on the master node? Running a scan on a slave node means that openvasmd of master node will talk to the openvasmd on the slave node which then talks to the openvassd on that node. In other words: for a slave scan, the openvassd on the master node is not issued at all. -- Dr. Jan-Oliver Wagner | ++49-541-335084-0 | http://www.greenbone.net/ Greenbone Networks GmbH, Neuer Graben 17, 49074 Osnabrück | AG Osnabrück, HR B 202460 Geschäftsführer: Lukas Grunwald, Dr. Jan-Oliver Wagner ___ Openvas-discuss mailing list Openvas-discuss@wald.intevation.org https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss
Re: [Openvas-discuss] Windows authenticated scan fails
Am Donnerstag, 31. Juli 2014, 20:23:23 schrieb Michael: I am not able to perform an authenticated scan of a windows 7 system. I sucessfully generated the credentials and installed them on the windwos machine. I configured windows in accordance to http://www.greenbone.net/learningcenter/auth_scans.html and https://security.berkeley.edu/node/45 With the smbclient command from the linux system hosting openvas, I am able to sucessfully connect to the windows system, but an openvas scan fails. Hope someone can help. Please tell me if you need more information in order to help me with my problem. Do the log files say anything about it? Have you checked the scan results about SMB login? -- Dr. Jan-Oliver Wagner | ++49-541-335084-0 | http://www.greenbone.net/ Greenbone Networks GmbH, Neuer Graben 17, 49074 Osnabrück | AG Osnabrück, HR B 202460 Geschäftsführer: Lukas Grunwald, Dr. Jan-Oliver Wagner ___ Openvas-discuss mailing list Openvas-discuss@wald.intevation.org https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss
Re: [Openvas-discuss] overrides
Am Donnerstag, 31. Juli 2014, 22:49:16 schrieb red0queen: Because I want use openvas to scan lan networks for others peoples, I want know if it's possible to define an override for a subnet ? It seems limited to one host or any. I must open a request in the bugtracker ? interesting idea. Might be simple due to the new hosts module. But might also slowing down queries very much. Adding such into the issue tracker always makes sense. It is currently not being well maintained though. Any help from community to work through the tracker is welcome. -- Dr. Jan-Oliver Wagner | ++49-541-335084-0 | http://www.greenbone.net/ Greenbone Networks GmbH, Neuer Graben 17, 49074 Osnabrück | AG Osnabrück, HR B 202460 Geschäftsführer: Lukas Grunwald, Dr. Jan-Oliver Wagner ___ Openvas-discuss mailing list Openvas-discuss@wald.intevation.org https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss
Re: [Openvas-discuss] Report creation
Am Dienstag, 22. Juli 2014, 21:37:48 schrieb Phillip Rice: Is there anyway to generate the CSV results report to the openvas server file system. Currently I can see emails can be triggered when a scan completes but I would like a report to be saved to the local file system. This need to work in an automated way when a scan status changed to done for example Any solutions for this? there are two CSV Report Format Plugins (CSV Hosts and CSV Results). You can use the omp command line tool of openvas-cli package to run a OMP comamnd to get the CSV report. If that is what you are looking for? -- Dr. Jan-Oliver Wagner | ++49-541-335084-0 | http://www.greenbone.net/ Greenbone Networks GmbH, Neuer Graben 17, 49074 Osnabrück | AG Osnabrück, HR B 202460 Geschäftsführer: Lukas Grunwald, Dr. Jan-Oliver Wagner ___ Openvas-discuss mailing list Openvas-discuss@wald.intevation.org https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss
Re: [Openvas-discuss] spam out of gpgme-Messages
Am Mittwoch, 23. Juli 2014, 11:22:55 schrieb Rene Behring: i have set the „nasal_no_signature_check to „no“ and now my openvassd.dump (50mb) is getting spammed when i scan a target. The two messages are: base gpgme-Message: Using OpenPG engine version '2.0.14‘ base gpgme-Message: Setting GnuPG homedir to '/etc/openvas/gnupg‘ Is there a way to stop the spamming without deactivating the signature test or the log? all log levels are at 127 and i am using OpenVAS v6 I remember I once saw such messages. But with a quick check I did not find any such in the logs over here. Perhaps r16843 was the commit to fix it. Seems it was not applied to OpenVAS-6 branch. If you have a source-code based installation, can you try that patch and see whether it solves your problem? -- Dr. Jan-Oliver Wagner | ++49-541-335084-0 | http://www.greenbone.net/ Greenbone Networks GmbH, Neuer Graben 17, 49074 Osnabrück | AG Osnabrück, HR B 202460 Geschäftsführer: Lukas Grunwald, Dr. Jan-Oliver Wagner ___ Openvas-discuss mailing list Openvas-discuss@wald.intevation.org https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss
Re: [Openvas-discuss] Combining tasks into a single report
Am Montag, 28. Juli 2014, 00:00:20 schrieb Steve Reed: I frequently scan multiple hosts, but usually only one at a time as they can reside on different networks. Each scan ends up being a separate task. Is there a way to group tasks and create a single, combined report for the groups that provides overall statistics for the group? no, not yet. -- Dr. Jan-Oliver Wagner | ++49-541-335084-0 | http://www.greenbone.net/ Greenbone Networks GmbH, Neuer Graben 17, 49074 Osnabrück | AG Osnabrück, HR B 202460 Geschäftsführer: Lukas Grunwald, Dr. Jan-Oliver Wagner ___ Openvas-discuss mailing list Openvas-discuss@wald.intevation.org https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss
Re: [Openvas-discuss] OpenVAS 7 report
Am Montag, 28. Juli 2014, 14:22:59 schrieb Fabrizio Di Carlo: I have several questions regarding the Report functionality in OpenVAS 7, I was looking on Internet and I've found these websites: - https://svn.wald.intevation.org/svn/openvas/trunk/openvas-manager/doc/repo rt-format-HOWTO - http://www.greenbone.net/technology/report_formats.html 1) They are still valid for OpenVAS 7? yes. 2) During my report creation I was not able to find Greenbone Executive Report or Greenbone Security Report Those are on the Greenbone Security Manager. 3) Why during an import of format OpenVAS hangout? Not sure what you mean. 4) There are other way to customize a report? Insert logo, etc etc. Well, some parametrization for the plugins is already implemented, but no logos yet. -- Dr. Jan-Oliver Wagner | ++49-541-335084-0 | http://www.greenbone.net/ Greenbone Networks GmbH, Neuer Graben 17, 49074 Osnabrück | AG Osnabrück, HR B 202460 Geschäftsführer: Lukas Grunwald, Dr. Jan-Oliver Wagner ___ Openvas-discuss mailing list Openvas-discuss@wald.intevation.org https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss
Re: [Openvas-discuss] openvas for rhel7
Am Freitag, 25. Juli 2014, 23:27:24 schrieb Eero Volotinen: Is there any working packages available? No? I guess not. I received so far not a single confirmation for out-of-the-box working packages of OpenVAS-7. -- Dr. Jan-Oliver Wagner | ++49-541-335084-0 | http://www.greenbone.net/ Greenbone Networks GmbH, Neuer Graben 17, 49074 Osnabrück | AG Osnabrück, HR B 202460 Geschäftsführer: Lukas Grunwald, Dr. Jan-Oliver Wagner ___ Openvas-discuss mailing list Openvas-discuss@wald.intevation.org https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss
Re: [Openvas-discuss] SIGHUP on openvassd and openvasmd
Am Freitag, 25. Juli 2014, 22:51:29 schrieb NopSec: I read in the new OpenVAS 7 that if I send a SIGHUP signal to openvas scanner (openvassd), after having synced the plugins, it will reload the plugins. Also if I send a SIGHUP signal to a running openvas manager, it will perform an openvasmd --rebuild. Do you know what is the effect of these operations on an openvas system that is running a scan? Does the scan stop? Can the scan resume? A running scan is not affected. -- Dr. Jan-Oliver Wagner | ++49-541-335084-0 | http://www.greenbone.net/ Greenbone Networks GmbH, Neuer Graben 17, 49074 Osnabrück | AG Osnabrück, HR B 202460 Geschäftsführer: Lukas Grunwald, Dr. Jan-Oliver Wagner ___ Openvas-discuss mailing list Openvas-discuss@wald.intevation.org https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss
Re: [Openvas-discuss] SMTP problems not discovered
Am Freitag, 25. Juli 2014, 17:52:47 schrieb deepak: I don't see the host is dead message in the logs anymore. In the report, I expected at least two things to pop up: SMTP server accepts us, OID: 1.3.6.1.4.1.25623.1.0.18528 Check if Mailserver answer to VRFY and EXPN requests, OID: 1.3.6.1.4.1.25623.1.0.100072 (manual testing reveals that the server responds to EXPN) Since I don't see either of them, I suspect that it's not detecting the SMTP server or it's not running any SMTP specific tests... the log results should at least say there is a SMTP service. Have you tried with just FullFast and not an agressive scan? You could even just run the Discovery scan as a faster way to see whether it is found. -- Dr. Jan-Oliver Wagner | ++49-541-335084-0 | http://www.greenbone.net/ Greenbone Networks GmbH, Neuer Graben 17, 49074 Osnabrück | AG Osnabrück, HR B 202460 Geschäftsführer: Lukas Grunwald, Dr. Jan-Oliver Wagner ___ Openvas-discuss mailing list Openvas-discuss@wald.intevation.org https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss
Re: [Openvas-discuss] SSL cert for wiki
On Donnerstag, 24. Juli 2014, Eero Volotinen wrote: ssl certificate for wiki.openvas.org is not in processing .. looks like wiki.openvas.org is not working at this moment? I can access wiki.openvas.com and also via wiki.openvas.org. -- Dr. Jan-Oliver Wagner | ++49-541-335083-724 | http://www.intevation.de/ Intevation GmbH, Neuer Graben 17, 49074 Osnabrück | AG Osnabrück, HR B 18998 Geschäftsführer: Frank Koormann, Bernhard Reiter, Dr. Jan-Oliver Wagner ___ Openvas-discuss mailing list Openvas-discuss@wald.intevation.org https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss
Re: [Openvas-discuss] Bug in openvas 6.0 - possible breakage of default port scan
On Mittwoch, 23. Juli 2014, Thomas Reinke wrote: Probably would be good to understand and handle the logic in the nasl scripts that still rely on the default values... hm, which ones are these? nmap.nasl, amap.nasl, portbunny.nasl, portscan-strobe.nasl, pnscan.nasl In short, after you dig through code, it seems with a setting of default, invoking scanner_get_ports eventually finds it's way to the getpts function call, to get_tcp_svcs, which reads the openvas file /usr/local/var/lib/openvas/services.tcp, specifically to be able to get a list of ports. According to openvas-libraries/ChangeLog, on 2013-03-01 the handling of this file was removed. Same day the default was removed. It was me who removed it and I remember this code part was a nightmare. So there's still a whole bunch of infrastructure, afaik, that is designed to support the concept of a 'default' scan, which would appear to be controlled by what is defined in these files. On the Feed side the support of default was kept in order to support OpenVAS-5 installations (but not for a long time anymore). -- Dr. Jan-Oliver Wagner | +49-541-335084-0 | http://www.greenbone.net/ Greenbone Networks GmbH, Neuer Graben 17, 49074 Osnabrück | AG Osnabrück, HR B 202460 Geschäftsführer: Lukas Grunwald, Dr. Jan-Oliver Wagner ___ Openvas-discuss mailing list Openvas-discuss@wald.intevation.org https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss
Re: [Openvas-discuss] Bug in openvas 6.0 - possible breakage of default port scan
On Dienstag, 22. Juli 2014, Thomas Reinke wrote: The latest version of openvas has changed the logic used to validate the port_range passed in. One of the values advertised that can be used is the string default, and if you look at older daemons, they specifically support that via the getpts call. with latest you mean OpenVAS-6 here? Note that OpenVAS-7 removed even more of that port_range handling. The rationale was that a term default is entirely intransparent for the user. The touched ports should not be a matter to decide by some tools at the end of the chain. It needs always control from top level. Now, however, while default is still advertised as the default value of port_range (see preferences.c:83), if you actually try to use that default string, the daemon bails with error hm, I guess that is a left-over because near to none people use openvassd directly and openvasmd will always overwrite that default setting. Meanwhile port_range is not even part of the openvassd_defaults[] in preferences.c. Re impact: FYI - I am seeing downstream impact, as amap.nasl and nmap.nasl have explicit checks for the value default to control certain behaviours. That might be a non-trivial impact in terms of expected behaviour/performance of nmap itself... hm, this is somewhat in conflict with the intransparency of what is going on. A Nmap expert of course might know well what will happen using default. The specific use case for us is that we use the 'default' value of nmap to control nmap's scan to scan any port below 1024 and all known service ports that nmap has, and to then feed that back into openvas. It looks to me based on observations (haven't run the actual tests yet), that this capability would now be broken, as there would be no way of telling nmap to leverage this default behaviour set. right, you need now to express the ports explicitly. I am guessing based on a cursory reading of the code that backwards compatibility could be re-instated by modifying the check for a string of -1 failure to be a check for failure of both -1 and default... I.e. change in attack.c if (strcmp (port_range, -1) != 0) to if (strcmp(port_range, -1)!=0) strcmp(port_range, default)!=0) Anyone see any issues with what's been suggested? I don't see one for OpenVAS-6 branch (OpenVAS Scanner 3.4). If the patch works for you without flaws, you can commit or let us know to do so. It won't apply for OpenVAS-7 though as the conceptual change would not allow to transfer a setting that is understood by some port scanner in some way. -- Dr. Jan-Oliver Wagner | +49-541-335084-0 | http://www.greenbone.net/ Greenbone Networks GmbH, Neuer Graben 17, 49074 Osnabrück | AG Osnabrück, HR B 202460 Geschäftsführer: Lukas Grunwald, Dr. Jan-Oliver Wagner ___ Openvas-discuss mailing list Openvas-discuss@wald.intevation.org https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss
Re: [Openvas-discuss] OpenVas7 Manager to Scanner error
On Mittwoch, 23. Juli 2014, Brian Diehl wrote: Also – is there a setting to enable that would allow me to get more feedback from omp on what it is doing? I’m thinking there may be something I can set at compile time to turn on debugging, or the like. Thanks. if you increase the log level of openvasmd you will get more details. Very detailed details ;-) -- Dr. Jan-Oliver Wagner | +49-541-335084-0 | http://www.greenbone.net/ Greenbone Networks GmbH, Neuer Graben 17, 49074 Osnabrück | AG Osnabrück, HR B 202460 Geschäftsführer: Lukas Grunwald, Dr. Jan-Oliver Wagner ___ Openvas-discuss mailing list Openvas-discuss@wald.intevation.org https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss
Re: [Openvas-discuss] Bug in openvas 6.0 - possible breakage of default port scan
On Mittwoch, 23. Juli 2014, Thomas Reinke wrote: On 23/07/14 04:27 AM, Jan-Oliver Wagner wrote: FYI - I am seeing downstream impact, as amap.nasl and nmap.nasl have explicit checks for the value default to control certain behaviours. That might be a non-trivial impact in terms of expected behaviour/performance of nmap itself... hm, this is somewhat in conflict with the intransparency of what is going on. A Nmap expert of course might know well what will happen using default. That's, in my opinion, THE common way to run nmap (no port options). It's the biggest bang for the buck from nmap. It's not really an 'expert' thing - if you use nmap at ALL and know what it does, you are using that mode. Most of our users have no idea about what port scanners are used. They know about hosts and ports and know what should be touched and what should not be touched. I think the problem we are running into here is that OpenVAS has meanwhile far more non-pentester users than pentester users. The specific use case for us is that we use the 'default' value of nmap to control nmap's scan to scan any port below 1024 and all known service ports that nmap has, and to then feed that back into openvas. It looks to me based on observations (haven't run the actual tests yet), that this capability would now be broken, as there would be no way of telling nmap to leverage this default behaviour set. right, you need now to express the ports explicitly. Got it...not my preferred approach (I've always been a fan of all the work that nmap did in identifying all the common services). To have to grab all that out seems...redundant. Not a huge issue though, and admittedly I like the idea of passing port list better than the idea of patching back two versions of openvassd. with the future OSP approach we might be able to re-enable some expert features when wrapping scan components and thus help pentester who are not using OMP level. Well, eventually... It won't apply for OpenVAS-7 though as the conceptual change would not allow to transfer a setting that is understood by some port scanner in some way. Probably would be good to understand and handle the logic in the nasl scripts that still rely on the default values... hm, which ones are these? -- Dr. Jan-Oliver Wagner | +49-541-335084-0 | http://www.greenbone.net/ Greenbone Networks GmbH, Neuer Graben 17, 49074 Osnabrück | AG Osnabrück, HR B 202460 Geschäftsführer: Lukas Grunwald, Dr. Jan-Oliver Wagner ___ Openvas-discuss mailing list Openvas-discuss@wald.intevation.org https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss
Re: [Openvas-discuss] next steps for development in OpenVAS
On Dienstag, 22. Juli 2014, Pham, Tam T wrote: My current line of work is automating security scans for printers. I am familiar with NASL but was going to skip writing plugins in that if OVAL was the future. I am assuming this forum will announce when we are able to proceed with the prototype code. I am comfortable with SVN branch and trunk development so I will keep an eye out for it. What I learned about OVAL so far is that doing more complex vulnerability tests is getting hard if not impossible. Most OVAL content I see is about patch level testing and policies. I have a development background in C, C++, and Python. For me installing the development environment and stepping through the debug code is the best way to start understanding application behaviour. Any suggestions would be appreciated. Just solving some challenges is the best way to dive in. C and Python are the preferences of most of the active OpenVAS developers. So this matches well. -- Dr. Jan-Oliver Wagner | +49-541-335084-0 | http://www.greenbone.net/ Greenbone Networks GmbH, Neuer Graben 17, 49074 Osnabrück | AG Osnabrück, HR B 202460 Geschäftsführer: Lukas Grunwald, Dr. Jan-Oliver Wagner ___ Openvas-discuss mailing list Openvas-discuss@wald.intevation.org https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss
Re: [Openvas-discuss] Openvas 7 demo appliance GUI
On Dienstag, 22. Juli 2014, Gee Zany wrote: I have managed to setup the Openvas 7 demo appliance, but how do I login into the web interface without a GUI ? I can only login to the CLI. Do I have to install X windows manually ? if you look at the console, it tells you to log in with openvas/openvas. The login message tells you what to type in the browser (Web Interface:). If there is no valid URL, the VM had problems to get into the network (wrong configration of VirtualBOX or no DHCP). -- Dr. Jan-Oliver Wagner | +49-541-335084-0 | http://www.greenbone.net/ Greenbone Networks GmbH, Neuer Graben 17, 49074 Osnabrück | AG Osnabrück, HR B 202460 Geschäftsführer: Lukas Grunwald, Dr. Jan-Oliver Wagner ___ Openvas-discuss mailing list Openvas-discuss@wald.intevation.org https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss
Re: [Openvas-discuss] Odd Scan Config
On Dienstag, 22. Juli 2014, Eero Volotinen wrote: 2014-07-22 15:11 GMT+03:00 Helmut Koers hko...@de.hellmann.net: Dear list, I have two systems running OpenVAS 6. Today I recognized that one setting within the scan configs is set the other way on each system: Scan Config:Full and fast Family: Port scanners NVT:Ping Host Preference: Mark unrechable Hosts as dead (not scanning) set to Yes on one system and to No on the other one, but can not be changed via the GUI by default. Where are these preferences stored and can they be changed via another option? I think the default config cannot be changed, so just create clone of config it and modify it? yes, Eero ist correct. Also you can not modify a scan config in use. You could even clone the entire task and then set a different Scan Config. However, one of your Full and Fast seem to be strange because it is static and therefore must be the same. Are you sure for both it ist the system default Full Fast Scan Config? -- Dr. Jan-Oliver Wagner | +49-541-335084-0 | http://www.greenbone.net/ Greenbone Networks GmbH, Neuer Graben 17, 49074 Osnabrück | AG Osnabrück, HR B 202460 Geschäftsführer: Lukas Grunwald, Dr. Jan-Oliver Wagner ___ Openvas-discuss mailing list Openvas-discuss@wald.intevation.org https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss
Re: [Openvas-discuss] Forgot my login password to list
On Dienstag, 22. Juli 2014, Jagannath Naidu wrote: Please provide one follow the URL in the footer and on that page follow To unsubscribe from Openvas-discuss, get a password reminder, or change your subscription options enter your subscription email address: -- Dr. Jan-Oliver Wagner | +49-541-335084-0 | http://www.greenbone.net/ Greenbone Networks GmbH, Neuer Graben 17, 49074 Osnabrück | AG Osnabrück, HR B 202460 Geschäftsführer: Lukas Grunwald, Dr. Jan-Oliver Wagner ___ Openvas-discuss mailing list Openvas-discuss@wald.intevation.org https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss
Re: [Openvas-discuss] NVT, SCAP and CERT Updates
On Dienstag, 22. Juli 2014, René Behring wrote: Okay, but if the Scanner is scanning a System a restart is Not the best Option, right? thats why i searched an alternative. you should not do a killall openvassd. Anything else will keep a scanning process scanning :-) It will of course not consider NVTs that get in newly with a parallel feed update. Remind that the canonical way since OpenVAS-7 is to send a HUP. This will even keep the PID of the openvassd. -- Dr. Jan-Oliver Wagner | +49-541-335084-0 | http://www.greenbone.net/ Greenbone Networks GmbH, Neuer Graben 17, 49074 Osnabrück | AG Osnabrück, HR B 202460 Geschäftsführer: Lukas Grunwald, Dr. Jan-Oliver Wagner ___ Openvas-discuss mailing list Openvas-discuss@wald.intevation.org https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss
Re: [Openvas-discuss] Sponsorship for OpenVAS documentation by Acunetix
On Freitag, 18. Juli 2014, Eero Volotinen wrote: 2014-07-18 11:55 GMT+03:00 Winfried Neessen nees...@cleverbridge.com: as sponsorship is already offered by Acunetix (great product btw.), would it be an idea to also ask for sponsorship for a valid SSL certificate for the wiki instead of the CACert cert, that is still not supported by any major browser? Eh, ssl certificate cost about 5$ per year: https://cheapsslsecurity.com If needed, I can sponsor real ssl certificate from cheapsslsecurity.com .. red0queen provided the wiki and did all the setup. Perhaps you can arrange directly? -- Dr. Jan-Oliver Wagner | +49-541-335084-0 | http://www.greenbone.net/ Greenbone Networks GmbH, Neuer Graben 17, 49074 Osnabrück | AG Osnabrück, HR B 202460 Geschäftsführer: Lukas Grunwald, Dr. Jan-Oliver Wagner ___ Openvas-discuss mailing list Openvas-discuss@wald.intevation.org https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss
Re: [Openvas-discuss] Sponsorship for OpenVAS documentation by Acunetix
On Dienstag, 22. Juli 2014, Eero Volotinen wrote: Could you provide some contact information? email? He posts to this list as red0qu...@red-net.info -- Dr. Jan-Oliver Wagner | +49-541-335084-0 | http://www.greenbone.net/ Greenbone Networks GmbH, Neuer Graben 17, 49074 Osnabrück | AG Osnabrück, HR B 202460 Geschäftsführer: Lukas Grunwald, Dr. Jan-Oliver Wagner ___ Openvas-discuss mailing list Openvas-discuss@wald.intevation.org https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss
Re: [Openvas-discuss] IT Grundschutz scan fails
Am Dienstag, 15. Juli 2014, 09:55:09 schrieb Michael Lodemann: Hello, I have installed openvas in a VM (Debian based) and am trying to scan my Win7 host system. The VM host-guest configuration seems to be fine. I can nmap to my Win7, detect OS, ports and so forth. I configured the scan task (IT Grundschutz EL12 Scan Aktive Systeme) with windows crendentials (smb). Unfortunately I only receive report messages such as: ... M4.005|NI|Prüfroutine für diese Maßnahme ist nicht verfügbar. M4.006|NA|Prüfung dieser Maßnahme ist nicht implementierbar. ... M4.009|ERR|Beim Testen des Systems trat ein Fehler auf: No SSH Port or Connection! ... and so forth. Any hints, what I am missing? I'd recommend to do a simple authenticated scan of the Windows system via SMB credential first. Because I assume this did not work for your ITG scan. -- Dr. Jan-Oliver Wagner | ++49-541-335084-0 | http://www.greenbone.net/ Greenbone Networks GmbH, Neuer Graben 17, 49074 Osnabrück | AG Osnabrück, HR B 202460 Geschäftsführer: Lukas Grunwald, Dr. Jan-Oliver Wagner ___ Openvas-discuss mailing list Openvas-discuss@wald.intevation.org https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss
Re: [Openvas-discuss] Scans not starting after upgrade to V7
Am Mittwoch, 16. Juli 2014, 20:00:40 schrieb Phillip Rice: My openvas scans have stayed at REQUESTED after upgrading to V7, I initially tested the upgrade with no problems, but I am not getting the following errors in the logs With tested, do you mean initially the scans worked? openvasmd.log event task:MESSAGE:2014-07-16 07h56.20 UTC:1749: Task 17f4b0a1-fbcf-4357-a0a9-217fa4f3a059 has been requested to start by admin lib serv:WARNING:2014-07-16 07h56.20 UTC:1749:Failed to gnutls_bye: Error in the push function. base gpgme:MESSAGE:2014-07-16 07h56.24 UTC:1751: Setting GnuPG homedir to '/var/lib/openvas/gnupg' base gpgme:WARNING:2014-07-16 07h56.24 UTC:1751: Setting GnuPG homedir failed: No such file or directory md crypt:CRITICAL:2014-07-16 07h56.24 UTC:1751: lsc_crypt_new: can't continue w/o a gpgme context md main:WARNING:2014-07-16 07h56.24 UTC:1751: cleanup_manage_process: attempt to close db with open statement(s) You seem to have trouble with the gnupg directory. Have you installed OpenVAS-7 into the same prefix where you installed OpenVAS-6? -- Dr. Jan-Oliver Wagner | ++49-541-335084-0 | http://www.greenbone.net/ Greenbone Networks GmbH, Neuer Graben 17, 49074 Osnabrück | AG Osnabrück, HR B 202460 Geschäftsführer: Lukas Grunwald, Dr. Jan-Oliver Wagner ___ Openvas-discuss mailing list Openvas-discuss@wald.intevation.org https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss
Re: [Openvas-discuss] new_lsc_credential
Am Mittwoch, 16. Juli 2014, 16:58:50 schrieb markmsd: I found a error. I can't create new_lsc_credential It like this for a long time. I don't think this is a bug in OpenVAS. Something seems to be wrong with the setup. More details on the setup would help to understand the problem. The attached log seems to be incomplete. A wild guess would be the encryption for credentials. Either the key or missing libs.a The openvasmd.log might provide a clue. -- Dr. Jan-Oliver Wagner | ++49-541-335084-0 | http://www.greenbone.net/ Greenbone Networks GmbH, Neuer Graben 17, 49074 Osnabrück | AG Osnabrück, HR B 202460 Geschäftsführer: Lukas Grunwald, Dr. Jan-Oliver Wagner ___ Openvas-discuss mailing list Openvas-discuss@wald.intevation.org https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss
Re: [Openvas-discuss] OpenVAS 7 - GnuTLS internal Error
Am Donnerstag, 17. Juli 2014, 16:08:51 schrieb Phillip Rice: When I start a scan I get many errors relating to GNUTLS Just a quick question: Have you possibly scanned localhost? That would explain some of the messages. lib serv:WARNING:2014-07-17 14h04.28 utc:30626:Failed to gnutls_bye: GnuTLS internal error. lib serv:WARNING:2014-07-17 14h04.28 utc:30626: Failed to gnutls_bye: Error in the push function. lib serv:WARNING:2014-07-17 14h04.28 utc:30641: Failed to shake hands with peer: Could not negotiate a supported cipher suite. md main:CRITICAL:2014-07-17 14h04.28 utc:30641: serve_client: failed to attach client session to socket 9 lib serv:WARNING:2014-07-17 14h04.28 utc:30641:Failed to gnutls_bye: GnuTLS internal error. lib serv:WARNING:2014-07-17 14h04.28 utc:30641:Failed to gnutls_bye: Error in the push function. lib serv:WARNING:2014-07-17 14h04.28 utc:30658: Failed to shake hands with peer: Could not negotiate a supported cipher suite. md main:CRITICAL:2014-07-17 14h04.28 utc:30658: serve_client: failed to attach client session to socket 9 lib serv:WARNING:2014-07-17 14h04.28 utc:30658:Failed to gnutls_bye: GnuTLS internal error. lib serv:WARNING:2014-07-17 14h04.28 utc:30658:Failed to gnutls_bye: Error in the push function. My openvas-check-setup passes OK. This is OpenVAS v7 gnutls-2.8.5-14.el6_5.x86_64 Any help with this please? -- Dr. Jan-Oliver Wagner | ++49-541-335084-0 | http://www.greenbone.net/ Greenbone Networks GmbH, Neuer Graben 17, 49074 Osnabrück | AG Osnabrück, HR B 202460 Geschäftsführer: Lukas Grunwald, Dr. Jan-Oliver Wagner ___ Openvas-discuss mailing list Openvas-discuss@wald.intevation.org https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss
Re: [Openvas-discuss] NVT, SCAP and CERT Updates
Am Donnerstag, 17. Juli 2014, 14:32:23 schrieb Rene Behring: does the following blocks mean the same? service openvas-manager stop service openvas-scanner restart openvasmd --rebuild service openvas-manager start vs. openvassd --only-cache openvasmd --update With the second it would not be necessary to stop the services, right? Or is it be better to restart them completely? And all this is only for the new NVTs right? if you are using OpenVAS-7 a SIGHUP first to Scanner, then to Manager would be sufficient to update the NVT feed. But anayway, you don't need to stop manager for doing a rebuild as in the first block. The second block does not do the job you seem to expect. -- Dr. Jan-Oliver Wagner | ++49-541-335084-0 | http://www.greenbone.net/ Greenbone Networks GmbH, Neuer Graben 17, 49074 Osnabrück | AG Osnabrück, HR B 202460 Geschäftsführer: Lukas Grunwald, Dr. Jan-Oliver Wagner ___ Openvas-discuss mailing list Openvas-discuss@wald.intevation.org https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss
Re: [Openvas-discuss] next steps for development in OpenVAS
Am Montag, 21. Juli 2014, 20:12:44 schrieb Pham, Tam T: I have done some digging into Openvas including install from RPM in RHEL, DEB install into Ubuntu, and source install into Ubuntu. I have previous exposure to NASL from working on Nessus when it was still open source. I am instrumenting Openvas to do automated scans in my production environment and am also interested in contributing to the development effort. Any contribution is welcome! At this point I would like some suggestions on how to get more deeply involved in two areas of interest: 1) Developing plugins in OVAL to extend the tool set. Running OVAL definitions files is something currently being worked on as part of the OSP integration, prototyping with ovaldi. If your are not afraid of SVN trunk, you can soon try it out... 2) Contributing to the development of Openvas security scanner. I am interested in just digging in now and getting general understanding of the data flow. Also getting a handle on the development and debugging environment. Building from trunk is a good start. Fixing bugs, trying to trace them is something training a lot about the internals ;-) -- Dr. Jan-Oliver Wagner | ++49-541-335084-0 | http://www.greenbone.net/ Greenbone Networks GmbH, Neuer Graben 17, 49074 Osnabrück | AG Osnabrück, HR B 202460 Geschäftsführer: Lukas Grunwald, Dr. Jan-Oliver Wagner ___ Openvas-discuss mailing list Openvas-discuss@wald.intevation.org https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss
[Openvas-discuss] Sponsorship for OpenVAS documentation by Acunetix
Dear OpenVAS Users, as you might have noticed, Acunetix uses OpenVAS as a basis for their Vulnerability Online Scanner solution [1]. Now that this solution is in place, they like to start contributing to OpenVAS. On the one hand we are preparing upstream paths for NVT improvements via the Greenbone NVT development team. On the other hand Acunetix offers a sponsorship for OpenVAS documentation writers since documentation is one of the most neglected support resources currently. Please get in touch with i...@openvas.org if you have a plan on writing documentation for OpenVAS and like to apply for a sponsorship. It would be good to provide details on the content you like to produce and provide references to other documentation you wrote. Of course it would be mandatory to produce public content for everyone. Perhaps adding the content directly in the recently started OpenVAS Wiki [2]. Best regards [1] http://www.acunetix.com/online-vulnerability-scanner/ [2] https://wiki.openvas.com -- Dr. Jan-Oliver Wagner | +49-541-335084-0 | http://www.greenbone.net/ Greenbone Networks GmbH, Neuer Graben 17, 49074 Osnabrück | AG Osnabrück, HR B 202460 Geschäftsführer: Lukas Grunwald, Dr. Jan-Oliver Wagner ___ Openvas-discuss mailing list Openvas-discuss@wald.intevation.org https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss
Re: [Openvas-discuss] OpenVAS 7 Fresh Install 0 results
On Montag, 7. Juli 2014, Ricardo Iramar dos Santos wrote: And change the Target to Consider Alive now I got a lot results. :D actually this is not the real solution. You have some firewall or other measures that prevent sensible alive detection. If you scan with this setting a larger network which is populate with only a few IPs, your scan will take very looong. -- Dr. Jan-Oliver Wagner | +49-541-335084-0 | http://www.greenbone.net/ Greenbone Networks GmbH, Neuer Graben 17, 49074 Osnabrück | AG Osnabrück, HR B 202460 Geschäftsführer: Lukas Grunwald, Dr. Jan-Oliver Wagner ___ Openvas-discuss mailing list Openvas-discuss@wald.intevation.org https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss
Re: [Openvas-discuss] OpenVAS 7 Fresh Install 0 results
On Freitag, 4. Juli 2014, Ricardo Iramar dos Santos wrote: I did a fresh install of OpenVAS from source following INSTALL files in a Ubuntu 12.04.4 LTS (AWS server). Everything looks fine when I ran openvas-check-setup (below I'll paste the output). Just to test the installation I created the task below but I aways get 0 results. Please check the Errors section in the results view. Also try out to set the Alive Test to Consider Alive for this scan of a single host. -- Dr. Jan-Oliver Wagner | +49-541-335084-0 | http://www.greenbone.net/ Greenbone Networks GmbH, Neuer Graben 17, 49074 Osnabrück | AG Osnabrück, HR B 202460 Geschäftsführer: Lukas Grunwald, Dr. Jan-Oliver Wagner ___ Openvas-discuss mailing list Openvas-discuss@wald.intevation.org https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss
Re: [Openvas-discuss] email report limitation
On Dienstag, 1. Juli 2014, Jack Harvey wrote: I am emailing myself reports which are included in the body of the email. If it exceeds 20,000 characters, it truncates the report. If I email the report as an attachment, there is a 1MB size limitation which if exceeded means I get no report attached. Both these, I believe, are imposed by Openvas. Are these settings configurable? If so where/how? Any information is appreciated... these are no configuration options. But if you build from source, you can change this in the code directly. For example in openvas-manager look for #define MAX_CONTENT_LENGTH 2. -- Dr. Jan-Oliver Wagner | ++49-541-335084-0 | http://www.greenbone.net/ Greenbone Networks GmbH, Neuer Graben 17, 49074 Osnabrück | AG Osnabrück, HR B 202460 Geschäftsführer: Lukas Grunwald, Dr. Jan-Oliver Wagner ___ Openvas-discuss mailing list Openvas-discuss@wald.intevation.org https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss
Re: [Openvas-discuss] OpenVAS-7 - cloned scan configuration update behaviour
Hello, On Mittwoch, 2. Juli 2014, John weo wrote: I got some strange behavior while trying to create a custom Scan Configuration from GSA web interface I don't know if it is wrong or this is a normal behavior (In OpenVAS-6 I didn't had this problem) 1. Cloned the Full and very deep Scan Configuration. 2. Changed the name of the new configuration to Default and tried to save it, the result was : Operation:Save Config Status message: Given comment was invalid At least one entered value contains invalid characters or exceeds a size limit. You may use the Back button of your browser to adjust the entered values. If in doubt, the online help of the respective section will lead you to the appropriate help page. I was not able to reproduce this very first problem. I tried OpenVAS-7 and trunk - for both it worked nicely. Have you checked openvasmd.log for some hints? Did you migrate from a OpenVAS-6 installation or started anew? -- Dr. Jan-Oliver Wagner | ++49-541-335084-0 | http://www.greenbone.net/ Greenbone Networks GmbH, Neuer Graben 17, 49074 Osnabrück | AG Osnabrück, HR B 202460 Geschäftsführer: Lukas Grunwald, Dr. Jan-Oliver Wagner ___ Openvas-discuss mailing list Openvas-discuss@wald.intevation.org https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss
Re: [Openvas-discuss] documentation
On Montag, 23. Juni 2014, Jan-Oliver Wagner wrote: On Montag, 16. Juni 2014, Jan-Oliver Wagner wrote: once the OpenVAS community thinks it is ready to start into production, I can add a link Wiki to menu Support on www.openvas.org. Ready to link? Anyone like to write an announcement for openvas-announce? if it is not ready yet, what needs to be done to get it ready for use? -- Dr. Jan-Oliver Wagner | ++49-541-335084-0 | http://www.greenbone.net/ Greenbone Networks GmbH, Neuer Graben 17, 49074 Osnabrück | AG Osnabrück, HR B 202460 Geschäftsführer: Lukas Grunwald, Dr. Jan-Oliver Wagner ___ Openvas-discuss mailing list Openvas-discuss@wald.intevation.org https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss
[Openvas-discuss] OpenVAS Wiki now linked via Menu Support
Hello OpenVAS Users, the recently started OpenVAS Wiki is now linked from the OpenVAS Website from Menu Support. Anyone who likes to contribute to OpenVAS documentation is welcome to add to the wiki so that we quickly can fill it with the essentials. Ideally, a documentation group is formed that takes care of the wiki so that spam, nonsense and unfriendly language is kept out of the wiki. Content quality/consistency control would be nice as well. Hope it works out well and after all it is up to the Community to create a value for everyone here. All the best Jan -- Dr. Jan-Oliver Wagner | ++49-541-335084-0 | http://www.greenbone.net/ Greenbone Networks GmbH, Neuer Graben 17, 49074 Osnabrück | AG Osnabrück, HR B 202460 Geschäftsführer: Lukas Grunwald, Dr. Jan-Oliver Wagner ___ Openvas-discuss mailing list Openvas-discuss@wald.intevation.org https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss
Re: [Openvas-discuss] Integration with Splunk
On Montag, 23. Juni 2014, Michael C. Ibarra wrote: Has anyone had any success in importing (automatically) OpenVAS data, presumably XML data, into Splunk? I am trying to move away from another vuln scanner, one which is supported by Splunk. I'd love to support it. The first step of integration is typically to create a report format plugin that creates the right input format from the OpenVAS XML format. There are several examples in the source code repository of OpenVAS Manager. Basically it is a XSLT. I don't know the splunk import formats, but I guess there is some CSV or XML, neither would mean a problem. Automatic transfer would mean to add a connector and a alert if we want a push technology (like implemented for verinice.PRO). For a pull technology, splunk needs an extensions to execute OMP (like we implemented for Nagios). If anyone likes to solve this, Greenbone would be happy to sponsor it. All the best Jan -- Dr. Jan-Oliver Wagner | ++49-541-335084-0 | http://www.greenbone.net/ Greenbone Networks GmbH, Neuer Graben 17, 49074 Osnabrück | AG Osnabrück, HR B 202460 Geschäftsführer: Lukas Grunwald, Dr. Jan-Oliver Wagner ___ Openvas-discuss mailing list Openvas-discuss@wald.intevation.org https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss
Re: [Openvas-discuss] openvas-cli:Error in uploading file through modify_config
Hello, are you perhaps mixing up the config files? You refer to a specific UUID in modify_config which must be present in the database. Have you checked with omp --get-configs whether this UUID is present and whether it is the one you intend to change? Best Jan On Montag, 23. Juni 2014, NIKITA JHALA wrote: I want to replace the nmap grepaable file in NMAP ( NASL Wrapper). Here is the code which i tried: omp --config-file=auth.xml --xml=' modify_config config_id=47852b54-8294-4adf-83a8-db1c34cc5db3 preference nvt oid=1.3.6.1.4.1.25623.1.0.14259/ nameNmap (NASL wrapper):File containing grepable results/name value IyBObWFwIDYuNDAgc2NhbiBpbml0aWF0ZWQgTW9uIEp1biAyMyAxNDo1ODowNyAyMDE0IGFzOiBubWFwIC1vQSBubWFwL25tYXBfb3V0cHV0LzFzd2l0Y2ggLS1zdHlsZXNoZWV0IC4uL25tYXAvbm1hcC54c2wgMTAuMTAuNC4zMCBIb3N0OiAxMC4xMC40LjMwICgpIFN0YXR1czogVXAgSG9zdDogMTAuMTAuNC4zMCAoKSBQb3J0czogMjIvb3Blbi90Y3AvL3NzaC8vLywgMjMvb3Blbi90Y3AvL3RlbG5ldC8vLywgODAvb3Blbi90Y3AvL2h0dHAvLy8gSWdub3JlZCBTdGF0ZTogY2xvc2VkICg5OTcpICMgTm1hcCBkb25lIGF0IE1vbiBKdW4gMjMgMTQ6NTg6MTEgMjAxNCAtLSAxIElQIGFkZHJlc3MgKDEgaG9zdCB1cCkgc2Nhbm5lZCBpbiA0LjI2IHNlY29uZHMg /value /preference /modify_config' I have converted the content of gnmap file to base64.Here is the response that i get: modify_config_response status_text=OK status=200/modify_config_response But when i checked, there is no change in file. Please tell me what is wrong with above command? Is there any different way to upload replace file using omp? My gnmap file contains: # Nmap 6.40 scan initiated Mon Jun 23 14:58:07 2014 as: nmap -oA nmap/nmap_output/1switch --stylesheet ../nmap/nmap.xsl 10.10.4.30 Host: 10.10.4.30 () Status: Up Host: 10.10.4.30 () Ports: 22/open/tcp//ssh///, 23/open/tcp//telnet///, 80/open/tcp//http/// Ignored State: closed (997) # Nmap done at Mon Jun 23 14:58:11 2014 -- 1 IP address (1 host up) scanned in 4.26 seconds -- Dr. Jan-Oliver Wagner | ++49-541-335084-0 | http://www.greenbone.net/ Greenbone Networks GmbH, Neuer Graben 17, 49074 Osnabrück | AG Osnabrück, HR B 202460 Geschäftsführer: Lukas Grunwald, Dr. Jan-Oliver Wagner ___ Openvas-discuss mailing list Openvas-discuss@wald.intevation.org https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss
Re: [Openvas-discuss] OpenVAS-7 - CentOS 6.5 64-bit - Installation Issue::
On Samstag, 21. Juni 2014, Reindl Harald wrote: and they are just childish - set a /24 network to DROP in the firewall because someone called me well deserved an idiot is childish not something to show power anyone doing something not right does not implicate the right to do it wrong as well. they had some days *before* i called them names if they would read this list which is the *minimum* i require from a packager - read the upstream list It is not right to offend someone about not doing voluntary work. The more friendly and productive the communication style, the more value will be gained by and from a community. And I think it is wrong to interpret the right of free speech with the right of offensive speech. It is possible to articulate anything freely without using offensive language. -- Dr. Jan-Oliver Wagner | ++49-541-335084-0 | http://www.greenbone.net/ Greenbone Networks GmbH, Neuer Graben 17, 49074 Osnabrück | AG Osnabrück, HR B 202460 Geschäftsführer: Lukas Grunwald, Dr. Jan-Oliver Wagner ___ Openvas-discuss mailing list Openvas-discuss@wald.intevation.org https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss
Re: [Openvas-discuss] documentation
On Montag, 16. Juni 2014, Jan-Oliver Wagner wrote: once the OpenVAS community thinks it is ready to start into production, I can add a link Wiki to menu Support on www.openvas.org. Ready to link? Anyone like to write an announcement for openvas-announce? -- Dr. Jan-Oliver Wagner | ++49-541-335084-0 | http://www.greenbone.net/ Greenbone Networks GmbH, Neuer Graben 17, 49074 Osnabrück | AG Osnabrück, HR B 202460 Geschäftsführer: Lukas Grunwald, Dr. Jan-Oliver Wagner ___ Openvas-discuss mailing list Openvas-discuss@wald.intevation.org https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss
Re: [Openvas-discuss] Where to report bugs/problems in NVTs?
On Dienstag, 17. Juni 2014, Chris wrote: Eventually someone will raise hand and start cleanup ... anyone in here who have the permissions to close this reports: http://wald.intevation.org/tracker/index.php?func=detailaid=6514group_id=29atid=220 http://wald.intevation.org/tracker/index.php?func=detailaid=6532group_id=29atid=220 as both are definitely fixed. thanks for the note, I closed them as fixed. Best Jan -- Dr. Jan-Oliver Wagner | ++49-541-335084-0 | http://www.greenbone.net/ Greenbone Networks GmbH, Neuer Graben 17, 49074 Osnabrück | AG Osnabrück, HR B 202460 Geschäftsführer: Lukas Grunwald, Dr. Jan-Oliver Wagner ___ Openvas-discuss mailing list Openvas-discuss@wald.intevation.org https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss
Re: [Openvas-discuss] OpenVAS 6 Package Install
On Freitag, 20. Juni 2014, Helmut Koers wrote: Dear all, I am trying to install OpenVAS 6 on Debian 7 via OBS, but am running into the following issue: sorry for asking this: but have you ensured to run apt-get update after you extended the sources.list? -- Dr. Jan-Oliver Wagner | ++49-541-335084-0 | http://www.greenbone.net/ Greenbone Networks GmbH, Neuer Graben 17, 49074 Osnabrück | AG Osnabrück, HR B 202460 Geschäftsführer: Lukas Grunwald, Dr. Jan-Oliver Wagner ___ Openvas-discuss mailing list Openvas-discuss@wald.intevation.org https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss
Re: [Openvas-discuss] report filtering
On Freitag, 20. Juni 2014, Jack Harvey wrote: I am having an alert to email the report NOT as an attachment, but as the body of the email. I need to limit the # of lines that this report so I created a filter of type Report which contains this... rows=500 first=1 sort=name The email-body contained 600+ lines. I have searched thru the compendium and found nothing that I could use. Is there documentation for powerfilter? Any help is greatly appreciated. perhaps the misunderstanding is that rows in the filter means the number of results which in their full detail surely have 10 and more lines each. -- Dr. Jan-Oliver Wagner | ++49-541-335084-0 | http://www.greenbone.net/ Greenbone Networks GmbH, Neuer Graben 17, 49074 Osnabrück | AG Osnabrück, HR B 202460 Geschäftsführer: Lukas Grunwald, Dr. Jan-Oliver Wagner ___ Openvas-discuss mailing list Openvas-discuss@wald.intevation.org https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss
Re: [Openvas-discuss] OpenVAS Metasploit
On Freitag, 20. Juni 2014, William Scott Lockwood III wrote: Has anyone automated VAS and Sploit? At work, I have a commercial implementation of Sploit, and I'd like to be able to configure it to tell VAS to scan and return results to it in much the same way it does with Nexspose. Anyone done this? I have seen this to work, demonstrated by Kost. Search for OpenVAS bridge Metasploit. Not sure about the current state of this bridge though. -- Dr. Jan-Oliver Wagner | ++49-541-335084-0 | http://www.greenbone.net/ Greenbone Networks GmbH, Neuer Graben 17, 49074 Osnabrück | AG Osnabrück, HR B 202460 Geschäftsführer: Lukas Grunwald, Dr. Jan-Oliver Wagner ___ Openvas-discuss mailing list Openvas-discuss@wald.intevation.org https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss
Re: [Openvas-discuss] Debian 7.5 - OpenVAS :: Setup Error
On Donnerstag, 19. Juni 2014, Samuel Raj wrote: openvas-scapdata-sync openvas-certdata-sync gives many errors and the openvas-manager is refusing to start. Pl. help. which OpenVAS version / origin are you working with? Have you tried the check setup script? -- Dr. Jan-Oliver Wagner | ++49-541-335084-0 | http://www.greenbone.net/ Greenbone Networks GmbH, Neuer Graben 17, 49074 Osnabrück | AG Osnabrück, HR B 202460 Geschäftsführer: Lukas Grunwald, Dr. Jan-Oliver Wagner ___ Openvas-discuss mailing list Openvas-discuss@wald.intevation.org https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss
Re: [Openvas-discuss] automating download of reports
On Donnerstag, 19. Juni 2014, Jack Harvey wrote: And it appears that only a single address for the emailing. Correct? recent OpenVAS-7 maintenance releases (GSA 5.0.1) enabled multiple email addresses. -- Dr. Jan-Oliver Wagner | ++49-541-335084-0 | http://www.greenbone.net/ Greenbone Networks GmbH, Neuer Graben 17, 49074 Osnabrück | AG Osnabrück, HR B 202460 Geschäftsführer: Lukas Grunwald, Dr. Jan-Oliver Wagner ___ Openvas-discuss mailing list Openvas-discuss@wald.intevation.org https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss
Re: [Openvas-discuss] Where to report bugs/problems in NVTs?
At least the tracker seems to get not that much attention. This open bug: http://wald.intevation.org/tracker/index.php?func=detailaid=6532group_id=29atid=220 for example seems to be already fixed but its still open. indeed the bug tracker is looking desperately for a caretaker. Lots of issues are actually solved and another bunch is invalid. Eventually someone will raise hand and start cleanup ... -- Dr. Jan-Oliver Wagner | ++49-541-335084-0 | http://www.greenbone.net/ Greenbone Networks GmbH, Neuer Graben 17, 49074 Osnabrück | AG Osnabrück, HR B 202460 Geschäftsführer: Lukas Grunwald, Dr. Jan-Oliver Wagner ___ Openvas-discuss mailing list Openvas-discuss@wald.intevation.org https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss
Re: [Openvas-discuss] documentation
On Montag, 16. Juni 2014, Michael Meyer wrote: *** red0queen wrote: It's online, you can add a CNAME in your dns from wiki.openvas.com to greenbone.red-net.info mime@komma:~% host wiki.openvas.com wiki.openvas.com has address 94.23.247.85 once the OpenVAS community thinks it is ready to start into production, I can add a link Wiki to menu Support on www.openvas.org. BTW: Wasn't there some earlier attempt of a OpenVAS Wiki? What happened to it? Best Jan -- Dr. Jan-Oliver Wagner | ++49-541-335084-0 | http://www.greenbone.net/ Greenbone Networks GmbH, Neuer Graben 17, 49074 Osnabrück | AG Osnabrück, HR B 202460 Geschäftsführer: Lukas Grunwald, Dr. Jan-Oliver Wagner ___ Openvas-discuss mailing list Openvas-discuss@wald.intevation.org https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss