Re: [Openvas-discuss] Greenbone NVT sync - permission denied errors on send side
Should be fixed now, thanks for noticing. Regards, Michael * Matthew Hall [24. May 2017]: > I am receiving the following EACCES errors when trying to sync the Greenbone > NVTs today. > > Can somebody with the right access to that box please help to check it? > > From the outside it seems like something has gone wrong with the FS > permissions / IO / SAN volume / etc. > > Matthew. > > rsync: send_files failed to open > "/gb_intel_active_management_technology_detect.nasl" (in nvt-feed): > Permission denied (13) > rsync: send_files failed to open > "/gb_intel_active_management_technology_detect.nasl.asc" (in nvt-feed): > Permission denied (13) > rsync: send_files failed to open > "/gb_intel_standard_manageability_detect.nasl" (in nvt-feed): Permission > denied (13) > rsync: send_files failed to open > "/gb_intel_standard_manageability_detect.nasl.asc" (in nvt-feed): Permission > denied (13) > rsync: send_files failed to open > "/2017/gb_adobe_creative_cloud_apsb17-13_win.nasl" (in nvt-feed): Permission > denied (13) > rsync: send_files failed to open > "/2017/gb_adobe_creative_cloud_apsb17-13_win.nasl.asc" (in nvt-feed): > Permission denied (13) > rsync: send_files failed to open "/2017/gb_intel_amt_prive_esc_vuln.nasl" (in > nvt-feed): Permission denied (13) > rsync: send_files failed to open "/2017/gb_intel_amt_prive_esc_vuln.nasl.asc" > (in nvt-feed): Permission denied (13) > rsync: send_files failed to open > "/2017/gb_intel_standard_manageability_priv_esc_vuln.nasl" (in nvt-feed): > Permission denied (13) > rsync: send_files failed to open > "/2017/gb_intel_standard_manageability_priv_esc_vuln.nasl.asc" (in nvt-feed): > Permission denied (13) > rsync: send_files failed to open > "/2017/gb_oracle_mysql_integer_overflow_vuln.nasl" (in nvt-feed): Permission > denied (13) > rsync: send_files failed to open > "/2017/gb_oracle_mysql_integer_overflow_vuln.nasl.asc" (in nvt-feed): > Permission denied (13) > ___ > Openvas-discuss mailing list > Openvas-discuss@wald.intevation.org > https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss -- Michael Wiegand | Greenbone Networks GmbH | http://www.greenbone.net/ Neumarkt 12, 49074 Osnabrück, Germany | AG Osnabrück, HR B 202460 Executive Directors: Lukas Grunwald, Dr. Jan-Oliver Wagner signature.asc Description: Digital signature ___ Openvas-discuss mailing list Openvas-discuss@wald.intevation.org https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss
Re: [Openvas-discuss] Client
* git-...@openmailbox.org [16. Dec 2016]: > I wrote a simple Ncurses OpenVAS client. > Here i leave a 'demo' video and the source code. > > Suggestions, insults, etc... are welcome. The video looks nice. Unfortunately I am unable to build it myself since the libncurses and libxml++ dependencies seem to be quite cutting edge and are not available e.g. in Debian Stable. Do you have a reason for using the library versions you used? Any plans on making nomp buildable with older library versions? Regards, Michael -- Michael Wiegand | Greenbone Networks GmbH | http://www.greenbone.net/ Neumarkt 12, 49074 Osnabrück, Germany | AG Osnabrück, HR B 202460 Executive Directors: Lukas Grunwald, Dr. Jan-Oliver Wagner pgpCHajU35X1Y.pgp Description: PGP signature ___ Openvas-discuss mailing list Openvas-discuss@wald.intevation.org https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss
Re: [Openvas-discuss] openvas-check-setup: wrong behavior when missing permissions
Hello, Thank you for reporting this, please excuse the long wait for a response. The openvas-check-setup version 2.3.6 tests if the config file is owned by someone other than the effective user ID and will issue a warning in this case. Regards, Michael * tuxayo [20. May 2016]: >Hi, > >When running openvas-check-setup.sh as normal user. >The check fails on the redis part. >Because it thinks that "kb_location setting" value is "/tmp/redis.sock". >Which is not the case. > >When running as root. >"kb_location setting" value is "/var/lib/redis/redis.sock" >Which is correct. >And the check is successful. > >So it seems that the script should detect a lack of permission and notify >the user. >To avoid continuing with some default values that doesn't reflect the >conf. > >See the two log files for more details. > >Context: > OS: Arch Linux > greenbone-security-assistant 6.0.6-2 > openvas-cli 1.4.3-1 > openvas-libraries 8.0.5-1 > openvas-manager 6.0.6-1 > openvas-scanner 5.0.4-3 > Instructions followed: https://wiki.archlinux.org/index.php/OpenVAS > >Cheers, > > -- > tuxayo -- Michael Wiegand | Greenbone Networks GmbH | http://www.greenbone.net/ Neuer Graben 17, 49074 Osnabrück, Germany | AG Osnabrück, HR B 202460 Executive Directors: Lukas Grunwald, Dr. Jan-Oliver Wagner pgpF3c6CUdy2L.pgp Description: PGP signature ___ Openvas-discuss mailing list Openvas-discuss@wald.intevation.org https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss
Re: [Openvas-discuss] [Openvas-announce] New release for OpenVAS-8
* Sebastien Aucouturier [ 7. Sep 2016]: > Friends, > Take care that openvas-manager 6.0.9 need a minimun openvas-librairie 8.0.8 > because of a change in credentials_t structure introduce in 8.0.8 > > CMakeLists.txt only ask for a openvas-librairie 8.0.5 Thank you very much for spotting this, sorry we missed it earlier. I have bumped the version requirements of openvas-manager 6.0 in SVN r26203. Regards, Michael -- Michael Wiegand | Greenbone Networks GmbH | http://www.greenbone.net/ Neuer Graben 17, 49074 Osnabrück, Germany | AG Osnabrück, HR B 202460 Executive Directors: Lukas Grunwald, Dr. Jan-Oliver Wagner pgpgPpWU9Z3C1.pgp Description: PGP signature ___ Openvas-discuss mailing list Openvas-discuss@wald.intevation.org https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss
Re: [Openvas-discuss] openvas-nvt-feed
Hello, The tarball was not updated with the most recent feed updates, I have done so now. Keep in mind that the tarball is intended to speed up the initial synchronization with the feed and should normally only be used to populate an empty NVT collection. For subsequent updates the rsync feed is recommended. Regards, Michael * Christopher Cutajar [27. Nov 2015]: > From my knowledge the nvt-feed gets updated daily. > Furthermore, openvas-nvt-sync graps the current tar.bz2 from the link I > mentioned earlier and downloads that package. > > > Date: Fri, 27 Nov 2015 11:59:36 +0100 > > From: michael.me...@greenbone.net > > To: openvas-discuss@wald.intevation.org > > Subject: Re: [Openvas-discuss] openvas-nvt-feed > > > > *** Helmut Koers wrote: > > > >From my experience I can say that the NVT-FEED on OpenVAS gets updated > > > once a week, most of the times on Wednesday morning CET. I have not been > > > able to receive the version that the below mentioned link is offering via > > > RSync. > > > > See "plugin_feed_info.inc". > > > > Micha > > > > -- > > Michael Meyer OpenPGP Key: 0xAF069E9152A6EFA6 > > http://www.greenbone.net/ > > Greenbone Networks GmbH, Neuer Graben 17, 49074 Osnabrück | AG > > Osnabrück, HR B 202460 > > Geschäftsführer: Lukas Grunwald, Dr. Jan-Oliver Wagner > > ___ > > Openvas-discuss mailing list > > Openvas-discuss@wald.intevation.org > > https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss > > ___________ > Openvas-discuss mailing list > Openvas-discuss@wald.intevation.org > https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss -- Michael Wiegand | Greenbone Networks GmbH | http://www.greenbone.net/ Neuer Graben 17, 49074 Osnabrück, Germany | AG Osnabrück, HR B 202460 Executive Directors: Lukas Grunwald, Dr. Jan-Oliver Wagner pgpDc6suvHJIF.pgp Description: PGP signature ___ Openvas-discuss mailing list Openvas-discuss@wald.intevation.org https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss
Re: [Openvas-discuss] Fwd: Fwd: log
* saurabh Garg [20. Aug 2015]: Dear Team Members I have installed openvas 8 through source code in virtual machine. After that I run the script also which was given at your website. As per that script the installation is fine, I am attaching a log. Now when I am launching the web browser and writing https://localhost:9391 https://localhost:9392, it is giving error. ... OK: Greenbone Security Assistant is listening on port 443, which is the default port. Have you tried port 443? Regards, Michael -- Michael Wiegand | Greenbone Networks GmbH | http://www.greenbone.net/ Neuer Graben 17, 49074 Osnabrück, Germany | AG Osnabrück, HR B 202460 Executive Directors: Lukas Grunwald, Dr. Jan-Oliver Wagner pgph2q7sQAgih.pgp Description: PGP signature ___ Openvas-discuss mailing list Openvas-discuss@wald.intevation.org https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss
Re: [Openvas-discuss] Missing glib.h inclusion in GSA 6.0.4
Hello, Thank you for spotting this. This was indeed fixed in the SVN trunk in revision 22706, but not backported. I've backported the change to gsa-6.0 in revision 22806, it will be included in the next GSA release. Regards, Michael * Winfried Neessen [14. Jul 2015]: Hi, I was just building GSA 6.0.4 from the sources on my system. After a successful: mkdir build cd build cmake -DCMAKE_BUILD_TYPE=Release -DCMAKE_INSTALL_PREFIX=/usr/pkg/openvas .. I ran the make command and ran into the following issue: % make [ 5%] Generating CPE icon dictionary [ 5%] Built target cpe-icon-dict [ 10%] Generating timezone dictionary [ 10%] Built target zone-dict [ 15%] Built target gsad_omp [ 21%] Built target gsad_base Scanning dependencies of target gsad_xslt_ext [ 26%] Building C object src/CMakeFiles/gsad_xslt_ext.dir/xslt_i18n.c.o In file included from /home/wneessen/compile/openvas8/greenbone-security-assistant-6.0.4/src/xslt_i18n.h:30:0, from /home/wneessen/compile/openvas8/greenbone-security-assistant-6.0.4/src/xslt_i18n.c:26: /usr/include/glib-2.0/glib/gstring.h:29:2: error: #error Only glib.h can be included directly. #error Only glib.h can be included directly. ^ In file included from /usr/include/glib-2.0/glib/gstring.h:32:0, from /home/wneessen/compile/openvas8/greenbone-security-assistant-6.0.4/src/xslt_i18n.h:30, from /home/wneessen/compile/openvas8/greenbone-security-assistant-6.0.4/src/xslt_i18n.c:26: /usr/include/glib-2.0/glib/gtypes.h:29:2: error: #error Only glib.h can be included directly. #error Only glib.h can be included directly. ^ In file included from /usr/lib/glib-2.0/include/glibconfig.h:9:0, from /usr/include/glib-2.0/glib/gtypes.h:32, from /usr/include/glib-2.0/glib/gstring.h:32, from /home/wneessen/compile/openvas8/greenbone-security-assistant-6.0.4/src/xslt_i18n.h:30, from /home/wneessen/compile/openvas8/greenbone-security-assistant-6.0.4/src/xslt_i18n.c:26: /usr/include/glib-2.0/glib/gmacros.h:33:2: error: #error Only glib.h can be included directly. #error Only glib.h can be included directly. [...] After I added #include glib.h to the greenbone-security-assistant-6.0.4/src/xslt_i18n.h file, the make process ran successfully. Just in case some runs into the same issues. Winni ___ Openvas-discuss mailing list Openvas-discuss@wald.intevation.org https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss -- Michael Wiegand | Greenbone Networks GmbH | http://www.greenbone.net/ Neuer Graben 17, 49074 Osnabrück, Germany | AG Osnabrück, HR B 202460 Executive Directors: Lukas Grunwald, Dr. Jan-Oliver Wagner pgpiMG2et05Z2.pgp Description: PGP signature ___ Openvas-discuss mailing list Openvas-discuss@wald.intevation.org https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss
Re: [Openvas-discuss] OpenVAS 8 openvas-check-setup
Hello,
I've just committed openvas-check-setup 2.3.1 which should improve the
checks for inet6. Can you verify that the services are now detected
correctly?
Regards,
Michael
* Ian Samuel [10. Jul 2015]:
Hi,
FYI, I get the following error when running openvas-check-setup
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address Foreign Address State
PID/Program name
tcp0 0 0.0.0.0:10050 0.0.0.0:* LISTEN
1368/zabbix_agentd
tcp0 0 127.0.0.1:6379 0.0.0.0:* LISTEN
16727/redis-server
tcp0 0 0.0.0.0:93910.0.0.0:* LISTEN
16839/openvassd: Wa
tcp0 0 0.0.0.0:80 0.0.0.0:* LISTEN
2428/gsad
tcp0 0 0.0.0.0:93920.0.0.0:* LISTEN
2427/gsad
tcp0 0 0.0.0.0:22 0.0.0.0:* LISTEN
1228/sshd
tcp0 0 127.0.0.1:250.0.0.0:* LISTEN
2297/master
OK: OpenVAS Scanner is running and listening on all interfaces.
OK: OpenVAS Scanner is listening on port 9391, which is the default
port.
ERROR: OpenVAS Manager is NOT running!
FIX: Start OpenVAS Manager (openvasmd).
but that is because on my recent CentOS 7 installation, openvasmd is
listening on inet6 and the check-setup script is only looking for inet.
OPENVASMD_HOST=`netstat -A inet -ntlp 2 /dev/null | grep openvasmd | awk
-F\ '{print $4}' | awk -F: '{print $1}'`
OPENVASMD_PORT=`netstat -A inet -ntlp 2 /dev/null | grep openvasmd | awk
-F\ '{print $4}' | awk -F: '{print $2}'`
~]# netstat -npl | grep openvas
tcp0 0 0.0.0.0:93910.0.0.0:* LISTEN
16839/openvassd: Wa
tcp6 0 0 :::9390 :::*LISTEN
17261/openvasmd
i.
___
Openvas-discuss mailing list
Openvas-discuss@wald.intevation.org
https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss
--
Michael Wiegand | Greenbone Networks GmbH | http://www.greenbone.net/
Neuer Graben 17, 49074 Osnabrück, Germany | AG Osnabrück, HR B 202460
Executive Directors: Lukas Grunwald, Dr. Jan-Oliver Wagner
pgp3I6eUPWk3s.pgp
Description: PGP signature
___
Openvas-discuss mailing list
Openvas-discuss@wald.intevation.org
https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss
Re: [Openvas-discuss] NVT Feed Update does not complete
Hello, Recent changes to the feed directory structure and the feed update process regrettably resulted in a number of duplicate NVTs in the OpenVAS NVT feed. The duplicate NVTs have been removed from the OpenVAS NVT feed as of feed version 201502270907. Subsequent call of openvas-nvt-sync will automatically remove the duplicate NVTs from your plugins directory if you are using rsync. Sorry for the inconvenience caused by the latest changes. Regards, Michael * Sebastien Aucouturier [27. Feb 2015]: Hi, A friend of mine show me that latest feed contains lots of duplicate plugins (we count 3952). example: /var/lib/openvas/plugins/openvas_tcp_scanner.nasl /var/lib/openvas/plugins/2011/openvas_tcp_scanner.nasl this causes openvassd 6 to crash (coredump) on few duplicate (5 plugins) during plugins loading. Perhaps Older version than latest Openvas 7/8 may shared same behaviour. To fix, We run a script to delete duplicates after nvt-sync. BR Seb 2015-02-26 20:35 GMT+01:00 Win Pham w...@mindspring.com: We just finished a clean build and you're right that it does fix the issue. From that, it is clear the issue was address in the openvas code already. I think the issue will only affect folks who have older versions of Openvas as we did on a few boxes. One of the boxes was running the 7 beta. It's interesting that the .nasl while loading could cause the SEGV signal to be received (as logged) and discontinue loading the rest. Below is the gdb from the beta7. I just didn't loading a .nasl would ever cause an issue. (gdb) bt #0 0x7f68a5405060 in recvmsg () at ../sysdeps/unix/syscall-template.S:83 #1 0x004076b1 in loading_handler_start () at /opt/download/openvas-scanner-4.0+beta7/src/openvassd.c:749 #2 main (argc=1, argv=0x7fffe2205cd8) at /opt/download/openvas-scanner-4.0+beta7/src/openvassd.c:950 On 2/26/2015 1:17 PM, Hani Benhabiles wrote: On 2015-02-26 17:52, Win Pham wrote: See if this helps: [Thu Feb 26 17:45:39 2015][1490] Loading 2011/gb_google_chrome_mult_vuln_jun11_win.nasl [Thu Feb 26 17:45:39 2015][1490] Loading 2011/gb_wireshark_asn1ber_dissector_dos_vuln_win.nasl [Thu Feb 26 17:45:39 2015][1490] Loading 2011/gb_ubuntu_USN_1207_1.nasl [Thu Feb 26 17:45:39 2015][1490] Loading 2011/openvas_tcp_scanner.nasl [Thu Feb 26 17:45:39 2015][1490] received the SEGV signal [Thu Feb 26 17:45:39 2015][1490] closing logfile * * * Hi, I tried a clean rebuild with both OpenVAS 7 and 8, using the latest nvt feed, and got no problems. Can you get me a backtrace of the hanging process, using gdb ? $ gdb -q (gdb) attach PID_OF_OPENVASSD some output (gdb) bt post back this output On 2/26/2015 12:24 PM, Michael Meyer wrote: *** Helmut Koers wrote: md otp:MESSAGE:2015-02-26 16h32.24 CET:3476: Scanner loading: 38150 / 41904 nvts. md otp:MESSAGE:2015-02-26 16h35.14 CET:3487: Scanner loading: 38150 / 41904 nvts. md otp:MESSAGE:2015-02-26 16h35.14 CET:3488: Scanner loading: 38150 / 41904 nvts. md otp:MESSAGE:2015-02-26 16h35.24 CET:3491: Scanner loading: 38150 / 41904 nvts. Stop scanner and add log_plugins_name_at_load = yes to /etc/openvas/openvassd.conf. Start scanner and look in /var/log/openvas/openvassd.messages on which NVT it hangs. Please try a few times to see if it is always the same NVT. Micha ___ Openvas-discuss mailing list Openvas-discuss@wald.intevation.org https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss ___ Openvas-discuss mailing list Openvas-discuss@wald.intevation.org https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss ___ Openvas-discuss mailing list Openvas-discuss@wald.intevation.org https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss -- -- Sébastien AUCOUTURIER | Research and Development Manager Phone. +33(0)5.67.34.67.84| www.itrust.fr IT Security Experts (Services Solutions) | Keep Information Security Simple This e-mail is confidential (and any attachments) is intended to its recipient(s). ___ Openvas-discuss mailing list Openvas-discuss@wald.intevation.org https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss -- Michael Wiegand | Greenbone Networks GmbH | http://www.greenbone.net/ Neuer Graben 17, 49074 Osnabrück, Germany | AG Osnabrück, HR B 202460 Executive Directors: Lukas Grunwald, Dr. Jan-Oliver Wagner pgpvBJBo_BdqH.pgp Description: PGP signature ___ Openvas-discuss mailing list Openvas-discuss@wald.intevation.org https://lists.wald.intevation.org/cgi
Re: [Openvas-discuss] Questionalbe use of -Werror flag
* Winfried Neessen [30. Jan 2015]: I am just in the process of compiling OpenVAS 7 on Arch Linux 2015.01.01. While compiling the libraries, the make process stopped, due to a warning that was thrown by gcc: In file included from /usr/include/unistd.h:25:0, from /home/wneessen/compile/openvas7/openvas-libraries-7.0.7/nasl/nasl_builtin_synscan.c:29: /usr/include/features.h:148:3: warning: #warning _BSD_SOURCE and _SVID_SOURCE are deprecated, use _DEFAULT_SOURCE [-Wcpp] # warning _BSD_SOURCE and _SVID_SOURCE are deprecated, use _DEFAULT_SOURCE ^ As all makefiles contained -Werror, this warning caused the make process to stop- although this warning is (at least in my opinion) not relevant for the build process. After I removed -Werror flag from all make files, I was able to successfully finish the build. My question is, does it really make sense to use the -Werror flag here? Please note that -Werror is only added to the flags if you are using the Debug build type (which is the default build type when building from source). The Debug build type is primarily intended for developers. I personally think that -Werror makes quite a bit of sense in a development environment since the effects makes warnings more difficult to ignore and encourages developers to pay attention to what the compiler is trying to say. :) If you want to build OpenVAS yourself, you will most likely want to use the Release build type which disables the -Werror flag and other debug code. To do so, simply add -DCMAKE_BUILD_TYPE=Release to you cmake parameters when configuring. Regards, Michael -- Michael Wiegand | Greenbone Networks GmbH | http://www.greenbone.net/ Neuer Graben 17, 49074 Osnabrück, Germany | AG Osnabrück, HR B 202460 Executive Directors: Lukas Grunwald, Dr. Jan-Oliver Wagner pgp7gnyZ3cTf6.pgp Description: PGP signature ___ Openvas-discuss mailing list Openvas-discuss@wald.intevation.org https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss
Re: [Openvas-discuss] gsd build problems
* William [ 6. Mar 2013]: Thanks Michael, the current SVN version of gsd compiled cleanly against the OpenVAS-5 libraries on ubuntu 12.04 x86_64. Glad to hear! Would you recommend rebuilding all the openVAS components from the current SVN versions or will this version of gsd interoperate ok with components built from the OpenVAS-5 sources ? This is not necessary, the changes in gsd after the last release only affected the build environment and not the interoperability with other components. You can of course switch to SVN trunk, but keep in mind that trunk has already well progressed from what will become OpenVAS-6 and is currently under heavy development, so it might work strangely at times. Regards, Michael -- Michael Wiegand | Greenbone Networks GmbH | http://www.greenbone.net/ Neuer Graben 17, 49074 Osnabrück, Germany | AG Osnabrück, HR B 202460 Executive Directors: Lukas Grunwald, Dr. Jan-Oliver Wagner ___ Openvas-discuss mailing list Openvas-discuss@wald.intevation.org https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss
Re: [Openvas-discuss] gsd build problem
* William [ 4. Mar 2013]: hi folks, I'm building openvas 5 on ubuntu 12.04. I have everything built and installed except gsd. When making gsd, I get the following error: /usr/bin/ld: CMakeFiles/gsd.dir/gsd_controll.cpp.o: undefined reference to symbol 'free_log_configuration' /usr/bin/ld: note: 'free_log_configuration' is defined in DSO /usr/local/lib/libopenvas_misc.so try adding it to the linker command line /usr/local/lib/libopenvas_misc.so: could not read symbols: Invalid operation collect2: ld returned 1 exit status This was already fixed in the SVN, but did not make it into a release yet. Could you try with the current SVN version? Regards, Michael -- Michael Wiegand | Greenbone Networks GmbH | http://www.greenbone.net/ Neuer Graben 17, 49074 Osnabrück, Germany | AG Osnabrück, HR B 202460 Executive Directors: Lukas Grunwald, Dr. Jan-Oliver Wagner ___ Openvas-discuss mailing list Openvas-discuss@wald.intevation.org https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss
Re: [Openvas-discuss] the question of plugins between openvas and nessus
Hello, Please do limit your questions to one mailing list, either openvas-discuss or openvas-devel, else many people will get your mails twice. For your questions, I'd recommend the openvas-discuss list. Thank you! Regards, Michael * 王风军 [19. Nov 2012]: Hi, my admired friends, I tried replace the openvas's plugins directory with nessus plugins directory. Its result was that the scaning could process completely, but the scanning result is NONE, that is to say, the openvas can't use the plugins of nessus, directly. please share your experience and advice. best regards ___ Openvas-discuss mailing list Openvas-discuss@wald.intevation.org https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss -- Michael Wiegand | Greenbone Networks GmbH | http://www.greenbone.net/ Neuer Graben 17, 49074 Osnabrück, Germany | AG Osnabrück, HR B 202460 Executive Directors: Lukas Grunwald, Dr. Jan-Oliver Wagner ___ Openvas-discuss mailing list Openvas-discuss@wald.intevation.org https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss
Re: [Openvas-discuss] Error building openvas from source
* Stefan Schwarz [14. Jul 2012]: Hi, when building openvas from svn i get following error when running cmake: cd openvas-libraries/ cmake -DBUILD_WITH_LDAP=ON . make sudo make install -- Configuring the Libraries... -- Install prefix: /usr/local [] -- Configuring done CMake Error at nasl/CMakeLists.txt:116 (add_executable): Target openvas-nasl links to item -lgpgme -lgpg-error which has leading or trailing whitespace. This is now an error according to policy CMP0004. Maybe this was introduced with svn rev 13683: r13683 | mwiegand | 2012-07-05 13:31:09 +0200 (Do, 05. Jul 2012) * nasl/CMakeLists.txt: Ensure that compilation with modern gccs works by moving linker flags from LINK_FLAGS to target_link_libraries. I'm currently running ubuntu 10.04 LTS (gcc 4.4.3). I'm not really experienced with cmake so any hints are appreciated. As Michael Meyer suggested, this was an error related to the quoting of the LDFLAGS and was indeed introduced by me. It should be fixed in SNV r13734 now, could you test again when you get a chance? Regards, Michael -- Michael Wiegand | Greenbone Networks GmbH | http://www.greenbone.net/ Neuer Graben 17, 49074 Osnabrück, Germany | AG Osnabrück, HR B 202460 Executive Directors: Lukas Grunwald, Dr. Jan-Oliver Wagner ___ Openvas-discuss mailing list Openvas-discuss@wald.intevation.org http://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss
Re: [Openvas-discuss] gsad web interface not working
* Paolo [16. Jul 2012]: so everytime I click on login I get this asking for 1048576 and then nothing happens. Please someone could give me some advice? Which libgnutls version are you using? There seems to be an issue with libgnutls 2.12 and above, downgrading to 2.10 seems to have helped some folks. Regards, Michael -- Michael Wiegand | Greenbone Networks GmbH | http://www.greenbone.net/ Neuer Graben 17, 49074 Osnabrück, Germany | AG Osnabrück, HR B 202460 Executive Directors: Lukas Grunwald, Dr. Jan-Oliver Wagner ___ Openvas-discuss mailing list Openvas-discuss@wald.intevation.org http://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss
Re: [Openvas-discuss] errors building openvas-libraries 5.0.1
* John Walker [16. Jul 2012]: I am trying to install OpenVAS from source. I am using the instructions provided with the source. The build platform is Ubuntu 12.04, running in a virtual machine. I started with openvas-libraries. cmake runs and warns me about wmiclient, and ldap. Output of cmake states it has found ssh libs: -- checking for module 'libssh=0.4.5' -- found libssh, version 0.5.2 When I make the command fails when trying to link the executable openvas-nasl. I wonder if anyone on the list can provide suggestions to resolve this error. This is fixed in the current SVN trunk. Regards, Michael -- Michael Wiegand | Greenbone Networks GmbH | http://www.greenbone.net/ Neuer Graben 17, 49074 Osnabrück, Germany | AG Osnabrück, HR B 202460 Executive Directors: Lukas Grunwald, Dr. Jan-Oliver Wagner ___ Openvas-discuss mailing list Openvas-discuss@wald.intevation.org http://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss
Re: [Openvas-discuss] gsad web interface not working
* Reindl Harald [16. Jul 2012]: Am 16.07.2012 10:02, schrieb Michael Wiegand: * Paolo [16. Jul 2012]: so everytime I click on login I get this asking for 1048576 and then nothing happens. Please someone could give me some advice? Which libgnutls version are you using? There seems to be an issue with libgnutls 2.12 and above, downgrading to 2.10 seems to have helped some folks. the problem is that you CAN NOT downgrade gnutls without breaking your whole system and since gsad is the only application not work with gnutls-2.12.17-1.fc17.x86_64 it is a little bit rude to say it is not gsad's fault Well, the effects of downgrading obviously depend on the rest of your system. I did not try it myself, but other folks on the list confirmed this worked for them. Furthermore, nowhere did I say that this is not gsad's fault (though I would guess the bug is on the openvasmd side). This is most certainly a bug in OpenVAS which has not yet been fixed. The bug will be fixed eventually, detailed bug reports and/or patches would certainly be helpful. Regards, Michael -- Michael Wiegand | Greenbone Networks GmbH | http://www.greenbone.net/ Neuer Graben 17, 49074 Osnabrück, Germany | AG Osnabrück, HR B 202460 Executive Directors: Lukas Grunwald, Dr. Jan-Oliver Wagner ___ Openvas-discuss mailing list Openvas-discuss@wald.intevation.org http://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss
Re: [Openvas-discuss] reverse_lookup in scanner preferences missing
* Stefan Schwarz [25. Nov 2011]: Works as expected, despite the fact that setting reverse_lookup = yes within openvassd.conf always results in a default setting of no when creating new configs :-( But this can be easily edited afterwards :-) You are right, the Manager does set it explicitly to no, so that part of my answer was a little misleading. ;) Regards, Michael -- Michael Wiegand | Greenbone Networks GmbH | http://www.greenbone.net/ Neuer Graben 17, 49074 Osnabrück, Germany | AG Osnabrück, HR B 202460 Executive Directors: Lukas Grunwald, Dr. Jan-Oliver Wagner ___ Openvas-discuss mailing list Openvas-discuss@wald.intevation.org http://lists.wald.intevation.org/mailman/listinfo/openvas-discuss
Re: [Openvas-discuss] gsad won't start - MHD HTTPS problem
* Steve Fluegel [18. Sep 2011]: I’m trying to install openvas 4 on Centos 5 (32-bit). Everything seems to go fine, but the gsad service won’t start. It gives this message: Starting greenbone-security-assistant: MHD HTTPS option 8 passed to MHD compiled without HTTPS support Apparently your distribution does not ship libmicrohttpd with HTTPS support. If you want to use HTTPS, you can ask the maintainer of the libmicrohttpd you are using for a version which supports it or build libmicrohttpd yourself. If you don't need HTTPS right now, you can launch gsad with the --http-only parameter to use HTTP instead. Regards, Michael -- Michael Wiegand | Greenbone Networks GmbH | http://www.greenbone.net/ Neuer Graben 17, 49074 Osnabrück, Germany | AG Osnabrück, HR B 202460 Executive Directors: Lukas Grunwald, Dr. Jan-Oliver Wagner ___ Openvas-discuss mailing list Openvas-discuss@wald.intevation.org http://lists.wald.intevation.org/mailman/listinfo/openvas-discuss
Re: [Openvas-discuss] Greenbone Secuirty Assistant Internal Errors!
* Jan Muhammad [ 4. Aug 2011]: Wondering what configuration I had missed that it gives me these errors? Make sure you have openvas-administrator installed and running. Regards, Michael -- Michael Wiegand | Greenbone Networks GmbH | http://www.greenbone.net/ Neuer Graben 17, 49074 Osnabrück, Germany | AG Osnabrück, HR B 202460 Executive Directors: Lukas Grunwald, Dr. Jan-Oliver Wagner ___ Openvas-discuss mailing list Openvas-discuss@wald.intevation.org http://lists.wald.intevation.org/mailman/listinfo/openvas-discuss
Re: [Openvas-discuss] Greenbone Secuirty Assistant Internal Errors!
* Jan Muhammad [ 4. Aug 2011]: WARNING: OpenVAS Administrator is listening on port 3567, which is NOT the default port! SUGGEST: Ensure OpenVAS Administrator is listening on port 9393. So am not sure how and where I need to change the port number to fix this error. The log file is attached. This depends entirely on the distribution you are using and on the packages you have used to install OpenVAS. Most likely there is a file /etc/init.d/openvas-administrator which launches OpenVAS Administrator. This would be a good starting point. For more information please check you distributions documentation and ask the maintainers of the packages you installed. Regards, Michael -- Michael Wiegand | Greenbone Networks GmbH | http://www.greenbone.net/ Neuer Graben 17, 49074 Osnabrück, Germany | AG Osnabrück, HR B 202460 Executive Directors: Lukas Grunwald, Dr. Jan-Oliver Wagner ___ Openvas-discuss mailing list Openvas-discuss@wald.intevation.org http://lists.wald.intevation.org/mailman/listinfo/openvas-discuss
[Openvas-discuss] Support for Shared Sockets removed from SSH LSCs
Hello, In accordance with the OpenVAS Change Request #53 (see http://www.openvas.org/openvas-cr-53.html for details), I have removed support for the use of so called shared sockets for SSH connections during Local Security Checks (LSCs). The main effects you may observe include a much faster scan speed when doing LSCs via SSH and more stable LSCs. Side effects may include a slightly increased load on the target due to the now concurrent LSCs. The updated script will be included in the next update of the OpenVAS NVT Feed, which will most likely happen later today. I'd like to ask all of you to pay close attention to you LSCs via SSH after your next synchronization with the OpenVAS NVT Feed. Please report any observations, positive or negative. As always, if there are any questions or suggestions, feel free to let me know. Regards, Michael -- Michael Wiegand | Greenbone Networks GmbH | http://www.greenbone.net/ Neuer Graben 17, 49074 Osnabrück, Germany | AG Osnabrück, HR B 202460 Executive Directors: Lukas Grunwald, Dr. Jan-Oliver Wagner ___ Openvas-discuss mailing list Openvas-discuss@wald.intevation.org http://lists.wald.intevation.org/mailman/listinfo/openvas-discuss
Re: [Openvas-discuss] OpenBSD - openvas-check-setup fails
* Nigel Taylor [14. Apr 2011]: The openvas-check-setup script fails on OpenBSD when it shouldn't. This is due to netstat arguments being Linux specific. Shouldn't this script be supplied either with the libraries or scanner. Then it can be patched along with the rest of the scripts / code. If separate it needs to be made compatible for other operating systems. Thank you for spotting this. Right now, the script is intended to be distribute separate of the other code and mainly targets Debian GNU/Linux and its derivatives. We lack the resources to ensure in works 100% on all platforms, so we definitely thankful for any patch that ensures the script is usable on other platforms. I already made these changes to the script, a) date command -R exists for Linux only. b) ls arguments get expanded and exceed limits, changing to the find command resolves this. -echo Date: `date -R` $LOG +echo Date: `date +%a,%d %b %Y %H:%M:%S %z` $LOG Close, but not quite. Your format produces depends on the current locale while -R always returns a date in RFC 2822 format in English. Is there perhaps a similar option in date on OpenBSD? -NVTCOUNT=`ls $PLUGINSFOLDER/*nasl | wc -l` +NVTCOUNT=`find $PLUGINSFOLDER -name *nasl | wc -l` Yes, this definitely makes sense since it counts NVTs in subdirectories as well and thus cause the two (Scanner and Manager) NVT counts to match if everything is up to date. I have patched the check in the current version (2.0.6). The result of using the netstat command in the script on OpenBSD... $ netstat -A inet -ntlp netstat: kvm_openfiles: -ntlp: No such file or directory To find running processes listening ports on OpenBSD something like this is required not netstat... $ fstat -n | grep openvas.*tcp root openvasad 79764* internet stream tcp 0xfe8108a28270 *:9393 root openvasmd 21093* internet stream tcp 0xfe8119707710 *:9390 root openvassd 296534* internet stream tcp 0xfe81197074e0 127.0.0.1:9391 Which shows OpenVAS Scanner, Manager, Administrator running listening on all interfaces apart from scanner and using default ports. Sounds promising, but fstat is not available on most GNU/Linux system. Could you write a patch which checks if the current system is an OpenBSD system and if so checks with fstat instead of netstat? Again, thanks a lot for your patch! Regards, Michael -- Michael Wiegand | Greenbone Networks GmbH | http://www.greenbone.net/ Neuer Graben 17, 49074 Osnabrück, Germany | AG Osnabrück, HR B 202460 Executive Directors: Lukas Grunwald, Dr. Jan-Oliver Wagner ___ Openvas-discuss mailing list Openvas-discuss@wald.intevation.org http://lists.wald.intevation.org/mailman/listinfo/openvas-discuss
Re: [Openvas-discuss] No OpenVAS Manager database found.
* Zaki Akhmad [ 6. Apr 2011]: Dear Michael, here I attached the /tmp/openvas-check-setup.log Hope it can be helpful to identify the problem. -za, openvas-check-setup 2.0.2 Please make sure to use the most recent version of openvas-check-setup. I think your main problem is using an beta version and then upgrading to OpenVAS-4 in the same installation. I do recommend a clean installation of OpenVAS-4; otherwise you might face issues like this originating from obsolete configuration files and the like. Regards, Michael -- Michael Wiegand | Greenbone Networks GmbH | http://www.greenbone.net/ Neuer Graben 17, 49074 Osnabrück, Germany | AG Osnabrück, HR B 202460 Executive Directors: Lukas Grunwald, Dr. Jan-Oliver Wagner ___ Openvas-discuss mailing list Openvas-discuss@wald.intevation.org http://lists.wald.intevation.org/mailman/listinfo/openvas-discuss
Re: [Openvas-discuss] Openvasad stopping??
* Matthew Coene [ 5. Apr 2011]: The only problem I have had at all, and it seems minor is that every day or so, it seems 'openvasad' stops... I can't find anything in any log anywhere to indicate the reason why.. Openvas-check-config works and tells me there is nothing wrong with my setup. I can restart it again and it works up until whenever it dies... The only thing I can think of is that I am like times of old starting the components manually as I haven't linked the startup scripts to their respective start runlevels... So maybe I am missing something like a service HUP / restart or something that the scripts call but doesn't get restarted on account of me just starting 'openvasad' ??? Is there perhaps some process sending a SIGHUP or SIGINT to running processes? OpenVAS Administrator is POSIX compliant in this respect and will terminate upon receiving on of these signals. Some tools like logrotate will send SIGHUP to processes, expecting the more modern behaviour of reloading on a SIGHUP signal. Regards, Michael -- Michael Wiegand | Greenbone Networks GmbH | http://www.greenbone.net/ Neuer Graben 17, 49074 Osnabrück, Germany | AG Osnabrück, HR B 202460 Executive Directors: Lukas Grunwald, Dr. Jan-Oliver Wagner ___ Openvas-discuss mailing list Openvas-discuss@wald.intevation.org http://lists.wald.intevation.org/mailman/listinfo/openvas-discuss
Re: [Openvas-discuss] No OpenVAS Manager database found.
* Zaki Akhmad [ 4. Apr 2011]: Step 1: Checking OpenVAS Scanner ... OK: OpenVAS Scanner is present in version 3.2.2. OK: OpenVAS Scanner CA Certificate is present as /usr/local/var/lib/openvas/CA/cacert.pem. OK: NVT collection in /usr/local/lib/openvas/plugins contains 20283 NVTs. Step 2: Checking OpenVAS Manager ... OK: OpenVAS Manager is present in version 2.0.2. OK: OpenVAS Manager client certificate is present as /usr/local/var/lib/openvas/CA/clientcert.pem. ERROR: No OpenVAS Manager database found. (Tried: /usr/local/lib/openvas/mgr/tasks.db) FIX: Run 'openvasmd --rebuild' while OpenVAS Scanner is running. ERROR: Your OpenVAS-4 installation is not yet complete! The OpenVAS Manager database is at /usr/local/var/lib/openvas/mgr/tasks.db Is the script or my OpenVAS Manager installation that went wrong? I think you are probably trying to use OpenVAS-4 by updating an older OpenVAS installation. Is this true? Keep in mind that the openvas-check-setup script is intended for use with OpenVAS-4 and may not work properly with existing older installations. That being said, I'll update the openvas-check-setup script to better identify situations like the one you described. Regards, Michael -- Michael Wiegand | Greenbone Networks GmbH | http://www.greenbone.net/ Neuer Graben 17, 49074 Osnabrück, Germany | AG Osnabrück, HR B 202460 Executive Directors: Lukas Grunwald, Dr. Jan-Oliver Wagner ___ Openvas-discuss mailing list Openvas-discuss@wald.intevation.org http://lists.wald.intevation.org/mailman/listinfo/openvas-discuss
Re: [Openvas-discuss] GSA Problem
* lucone [23. Mar 2011]: i've just installed , via atomic repository, Openvas with GSA on a 64 bit RHEL5 (on VMWARE) i configured GSAD to listen on server ip instead of localhost ip i set users to accept all LAN request but when i attempt to login to web interfaces respond me Login failed. Did you create a user? What does openvas-check-setup say? Regards, Michael -- Michael Wiegand | OpenPGP: D7D049EC | Intevation GmbH - www.intevation.de Neuer Graben 17, 49074 Osnabrück, Germany |AG Osnabrück, HR B 18998 Geschäftsführer: Frank Koormann, Bernhard Reiter, Dr. Jan-Oliver Wagner ___ Openvas-discuss mailing list Openvas-discuss@wald.intevation.org http://lists.wald.intevation.org/mailman/listinfo/openvas-discuss
Re: [Openvas-discuss] Installation Manual for OpenVAS!
* Jan Muhammad [23. Mar 2011]: Hi Group, Since am new to OpenVAS, and wondering where to start from; as of an earlier post I have downloaded all packages for my Fedora Core 13 system. Have unzipped/untarred the 7 packages (gsd, greenbone-security-assistant, openvas-administrator, openvas-cli, openvas-libraries, openvas-manager and openvas-scanner). I am aware that OpenVAS has 3 clients with server, manager, administrator and libraries modules. Google search for installation guide such as this: http://www.susegeek.com/security/openvas-opensource-vulnerability-assessment-scanner/ Gives me some information; But wondering where can I get complete 'Installation Manual' or step-by-step guide' on how to configure and test my OpenVAS installation? Take a look at http://www.openvas.org/setup-and-start.html. This -- together with the openvas-check-setup script -- should help you cover the first steps. Is the Openvas-compendium on (http://www.openvas.org/about-software.html) is the EXACT manual am looking for? The openvas-compendium was originally written for OpenVAS 2.0 and is increasingly outdated. Am not sure either to follow this Compendium or the link such as the link on susegeek would be helpful? The susegeek description is very old as well and probably only somewhat helpful. Every tarball contains an INSTALL and README file. Be sure to read these files for up-to-date instructions. Regards, Michael -- Michael Wiegand | OpenPGP: D7D049EC | Intevation GmbH - www.intevation.de Neuer Graben 17, 49074 Osnabrück, Germany |AG Osnabrück, HR B 18998 Geschäftsführer: Frank Koormann, Bernhard Reiter, Dr. Jan-Oliver Wagner ___ Openvas-discuss mailing list Openvas-discuss@wald.intevation.org http://lists.wald.intevation.org/mailman/listinfo/openvas-discuss
Re: [Openvas-discuss] openvas 4.0 runs smooth out of the box on
* Dan The Man [22. Mar 2011]: So are you going to update your site letting folks know that CentOS 5.5 and RHEL 5.5 do not work with 4.0 from packages so we don't waste lots of time like I have last and part of this week? Might be prudent, or at least someone should acknowledge the CentOS and Red Hat Enterprise Linux issues and provide a fix. Thanks. Let me know if I can provide any more information than I have to the list already. As you have surely read on the OpenVAS website, the openvas-dis...@wald.intevation.org list is the correct list if you are having issues with packages built by third parties. The openvas-discuss list is intended for discussion of OpenVAS and may help you once you have successfully installed OpenVAS. But most subscribers of openvas-discuss may have installed OpenVAS from different sources on different platforms and are unlikely to be able to help you. Additionaly, not all package maintainers are subscribed to openvas-discuss (and they should not have to), but they are subscribed to the openvas-distro list. So a good first step towards solving this issue would be mentioning it to the people who could actually do something about it. Regards, Michael -- Michael Wiegand | OpenPGP: D7D049EC | Intevation GmbH - www.intevation.de Neuer Graben 17, 49074 Osnabrück, Germany |AG Osnabrück, HR B 18998 Geschäftsführer: Frank Koormann, Bernhard Reiter, Dr. Jan-Oliver Wagner ___ Openvas-discuss mailing list Openvas-discuss@wald.intevation.org http://lists.wald.intevation.org/mailman/listinfo/openvas-discuss
Re: [Openvas-discuss] Unable to find expected entry Sources in Meta-index file (Malformed Release file?)
* IE_林虹廷(HT.Lin) [21. Mar 2011]: After run sudo apt-get update, the error msg is W: Failed to fetch http://download.opensuse.org/repositories/security:/OpenVAS:/STABLE:/v4/xUbuntu_10.10/./Release Unable to find expected entry Sources in Meta-index file (Malformed Release file?) Remove the lines starting with deb-src http://download.opensuse.org; from your /etc/apt/sources.list. Did you use add-apt-repository or did you edit /etc/apt/sources.list manually? Regards, Michael -- Michael Wiegand | OpenPGP: D7D049EC | Intevation GmbH - www.intevation.de Neuer Graben 17, 49074 Osnabrück, Germany |AG Osnabrück, HR B 18998 Geschäftsführer: Frank Koormann, Bernhard Reiter, Dr. Jan-Oliver Wagner ___ Openvas-discuss mailing list Openvas-discuss@wald.intevation.org http://lists.wald.intevation.org/mailman/listinfo/openvas-discuss
Re: [Openvas-discuss] Using certificates for ssh credentials fails
* Stefan Schwarz [ 3. Mar 2011]: I get lots of sshd errors of: error: RSA_public_decrypt failed: error:0407006A:lib(4):func(112):reason(106) Asking openssl for this error: openssl errstr 0407006A error:0407006A:rsa routines:RSA_padding_check_PKCS1_type_1:block type is not 01 I don't have enough time to dig deeper into this, but from what I've heard it is probably related to the openvas-libraries/libgnutls interaction. It works fine with libgnutls 2.4.2, I guess you are using a more recent version? Regards, Michael -- Michael Wiegand | OpenPGP: D7D049EC | Intevation GmbH - www.intevation.de Neuer Graben 17, 49074 Osnabrück, Germany |AG Osnabrück, HR B 18998 Geschäftsführer: Frank Koormann, Bernhard Reiter, Dr. Jan-Oliver Wagner ___ Openvas-discuss mailing list Openvas-discuss@wald.intevation.org http://lists.wald.intevation.org/mailman/listinfo/openvas-discuss
Re: [Openvas-discuss] openvas-libraries don't install correctly
* Stefan Schwarz [31. Jan 2011]: During the last revisions there was a different naming scheme used for libraries, appending actual SVN-revision number. After a complete rebuild /usr/local/lib looks like: -rw-r--r-- 1 root root 615350 2011-01-29 11:36 libopenvas_misc.a lrwxrwxrwx 1 root root 20 2011-01-04 16:53 libopenvas_misc.so - libopenvas_misc.so.4 lrwxrwxrwx 1 root root 24 2011-01-29 11:38 libopenvas_misc.so.4 - libopenvas_misc.so.4.0.0 -rw-r--r-- 1 root root 441441 2011-01-23 11:15 libopenvas_misc.so.4.0.0 -rw-r--r-- 1 root root 443387 2011-01-29 11:35 libopenvas_misc.so.4.0+rc5.SVN.r10111 You can see that new library versions are installed, but the links aren't corrected. So gsad builds correctly but fails starting with: gsad: symbol lookup error: gsad: undefined symbol: openvas_server_sendf_xml This is strange, in my tests cmake always corrected libopenvas_misc.so.4 to link to the correct fresh file. Which cmake version are you using? Regards, Michael -- Michael Wiegand | OpenPGP: D7D049EC | Intevation GmbH - www.intevation.de Neuer Graben 17, 49074 Osnabrück, Germany |AG Osnabrück, HR B 18998 Geschäftsführer: Frank Koormann, Bernhard Reiter, Dr. Jan-Oliver Wagner ___ Openvas-discuss mailing list Openvas-discuss@wald.intevation.org http://lists.wald.intevation.org/mailman/listinfo/openvas-discuss
Re: [Openvas-discuss] Error compiling openvas-libraries
Am Freitag, 21. Januar 2011 22:37:25 schrieb Mark LaCore: I haven't been able to compile the svn version of openvas-libraries for the past week or so. The final error has been: make[2]: *** No rule to make target `../base/libopenvas_base.so', needed by `nasl/openvas-nasl'. Stop. make[1]: *** [nasl/CMakeFiles/openvas-nasl.dir/all] Error 2 make: *** [all] Error 2 Has anyone else seen this and found a solution? I am on Ubuntu 10.10, gcc 4.4. Hello Mark, Thank you for reporting this issue. I believe I was able to fix it in the SVN in revision 10085. Could you update your checkout, run cmake again and let me know if this fixes the issue? Regards, Michael -- Michael Wiegand | Greenbone Networks GmbH | http://www.greenbone.net/ Neuer Graben 17, 49074 Osnabrück, Germany | AG Osnabrück, HR B 202460 Executive Directors: Lukas Grunwald, Dr. Jan-Oliver Wagner ___ Openvas-discuss mailing list Openvas-discuss@wald.intevation.org http://lists.wald.intevation.org/mailman/listinfo/openvas-discuss
Re: [Openvas-discuss] openvas lib beta compilation error
Am Mittwoch, 1. Dezember 2010 13:27:39 schrieb Stephan Kleine: beta 2 is still broken for me: /usr/bin/gcc -fmessage-length=0 -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack- protector -funwind-tables -fasynchronous-unwind-tables -g -Wformat -Wformat- security -O2 -D_FORTIFY_SOURCE=2 -fstack-protector -Wl,-z,relro -Wl,-z,now - Wall -Werror -fPIC -g -I/usr/src/packages/BUILD/openvas- libraries-4.0+beta2/misc/../include -I/usr/src/packages/BUILD/openvas- libraries-4.0+beta2/misc/../base - DOPENVAS_USERS_DIR=\/var/lib/openvas/users/\ - DOPENVAS_STATE_DIR=\/var/lib/openvas\ -DOPENVAS_SYSCONF_DIR=\/etc/openvas\ -I/usr/include/glib-2.0 -I/usr/lib64/glib-2.0/include -o CMakeFiles/openvas_misc_static.dir/ids_send.c.o -c /usr/src/packages/BUILD/openvas-libraries-4.0+beta2/misc/ids_send.c cc1: warnings being treated as errors /usr/src/packages/BUILD/openvas-libraries-4.0+beta2/misc/ids_send.c: In function 'ids_send': /usr/src/packages/BUILD/openvas-libraries-4.0+beta2/misc/ids_send.c:556: error: dereferencing pointer 'sa' does break strict-aliasing rules /usr/src/packages/BUILD/openvas-libraries-4.0+beta2/misc/ids_send.c:555: note: initialized from here /usr/src/packages/BUILD/openvas-libraries-4.0+beta2/misc/ids_send.c:561: error: dereferencing pointer 'saddr' does break strict-aliasing rules /usr/src/packages/BUILD/openvas-libraries-4.0+beta2/misc/ids_send.c:560: error: dereferencing pointer 'saddr' does break strict-aliasing rules /usr/src/packages/BUILD/openvas-libraries-4.0+beta2/misc/ids_send.c:559: note: initialized from here This is with gcc = 4.4, correct? The source of this are the stricter aliasing requirements introduced by gcc 4.4. The casts in ids_send.c it is complaining about are AFAICT mainly sockaddr related and, while technically an aliasing violation, common practice (see http://seclists.org/nmap-dev/2009/q3/694 for a related discussion on nmap). We will definitely have a look at the file in the near future to determine how this should be solved; in the mean time, you can silence the messages with -fno-strict-aliasing. Regards, Michael -- Michael Wiegand | Greenbone Networks GmbH | http://www.greenbone.net/ Neuer Graben 17, 49074 Osnabrück, Germany | AG Osnabrück, HR B 202460 Executive Directors: Lukas Grunwald, Dr. Jan-Oliver Wagner ___ Openvas-discuss mailing list Openvas-discuss@wald.intevation.org http://lists.wald.intevation.org/mailman/listinfo/openvas-discuss
Re: [Openvas-discuss] openvas lib beta compilation error
Am Mittwoch, 24. November 2010 15:37:44 schrieb Stephan Kleine: On Wednesday November 24 2010 10:34:45 Michael Wiegand wrote: With the default compiler and linker flags in Debian Lenny, openvas-libraries builds without any warning. I beg to differ ;P See http://pastie.org/1322953 for the log. .. installing hardening-wrapper_1.12 .. Okay, point taken. I did not take the hardening-wrapper flags into account when I refered to the Lenny default flags -- but I agree that they should be used. I'm in the process of addressing the (mostly sensible) warnings provided by those flags, expect a commit before the next release. Regards, Michael -- Michael Wiegand | Greenbone Networks GmbH | http://www.greenbone.net/ Neuer Graben 17, 49074 Osnabrück, Germany | AG Osnabrück, HR B 202460 Executive Directors: Lukas Grunwald, Dr. Jan-Oliver Wagner ___ Openvas-discuss mailing list Openvas-discuss@wald.intevation.org http://lists.wald.intevation.org/mailman/listinfo/openvas-discuss
Re: [Openvas-discuss] openvas lib beta compilation error
Am Mittwoch, 24. November 2010 02:41:01 schrieb Stephan Kleine: Another one is: would be great if you could fix those. A quick note to all: The reason for the increase in build time errors in openvas-libraries is that we finally switched on the compiler option -Werror in all parts of openvas-libraries. This will help us identify bad code and increase code quality by treating compiler warnings as errors and forcing us to fix them. With the default compiler and linker flags in Debian Lenny, openvas-libraries builds without any warning. Your distribution and/or build environment may have different defaults for various reasons and produce different warnings which then get treated as errors. In order to fix the warnings it is very useful if we can reproduce the warnings. You can help us by making your compiler flags visible (like Stephan did; configure openvas-libraries with --enable-verbose-makefile if necessary). Thank you for you cooperation. The -Werror may be a little pain for now, but will improve code quality and security in the long run. Regards, Michael -- Michael Wiegand | Greenbone Networks GmbH | http://www.greenbone.net/ Neuer Graben 17, 49074 Osnabrück, Germany | AG Osnabrück, HR B 202460 Executive Directors: Lukas Grunwald, Dr. Jan-Oliver Wagner ___ Openvas-discuss mailing list Openvas-discuss@wald.intevation.org http://lists.wald.intevation.org/mailman/listinfo/openvas-discuss
Re: [Openvas-discuss] openvas manager 1.0.2 - Could not determine openvas-libraries version
Am Mittwoch, 18. August 2010 17:20:45 schrieb Cristian Iconaru: i have run into an issue when installing openvas manager. After I run cmake I got this message: # cmake . CMake Error at CMakeLists.txt:217 (message): Could not determine openvas-libraries version. I saw that this was already fixed on 2010-07-22/v1.0.0. I have the main components (libs, scanner and client) installed (from atomic rep) and they are working ok. I have tried multiple versions but the result is the same. Has anyone run into this issue before? Is libopenvas-config available in your path? Regards, Michael -- Michael Wiegand | Greenbone Networks GmbH | http://www.greenbone.net/ Neuer Graben 17, 49074 Osnabrück, Germany | AG Osnabrück, HR B 202460 Executive Directors: Lukas Grunwald, Dr. Jan-Oliver Wagner ___ Openvas-discuss mailing list Openvas-discuss@wald.intevation.org http://lists.wald.intevation.org/mailman/listinfo/openvas-discuss
Re: [Openvas-discuss] openvas manager 1.0.2 - \Could not determine openvas-libraries version\
Am Donnerstag, 19. August 2010 14:13:16 schrieben Sie: the problem is that I can't find it. I believe it is not installed. What should I do in case is not on the system? Please keep the mailing list in CC in your replies; others may be experiencing the same issues and/or may be able to help you. I'm not sure which distribution you are using, but you most likely need to install the openvas-libraries development packages as well if you want to build openvas-manager yourself. The should have a -devel or -dev suffix. Regards, Michael -- Michael Wiegand | Greenbone Networks GmbH | http://www.greenbone.net/ Neuer Graben 17, 49074 Osnabrück, Germany | AG Osnabrück, HR B 202460 Executive Directors: Lukas Grunwald, Dr. Jan-Oliver Wagner ___ Openvas-discuss mailing list Openvas-discuss@wald.intevation.org http://lists.wald.intevation.org/mailman/listinfo/openvas-discuss
[Openvas-discuss] HTTPS in GSA with libmicrohttpd 0.9.0
Hello, In the past there were issues with the httpd library gsa uses (libmicrohttpd) that prevented some browsers (e.g. Internet Explorer) from accessing the gsa. Felix filed a bug report for libmicrohttpd back in January (see https://gnunet.org/bugs/view.php?id=1537) and the issue seems indeed to be fixed! I've just built gsa with libmicrohttpd 0.9.0 and was able to access gsa over HTTPS with Internet Explorer 8 without any issues. There were no changes required in gsa. It would be very useful if folks who had issues in the past with the browsers Felix mentioned in the issue (links, Opera, iphone, Safari, IE6+8) could try to build gsa with libmicrohttpd 0.9.0 and post their experiences here. Thanks to everyone involved for fixing this issue! Regards, Michael -- Michael Wiegand | Greenbone Networks GmbH | http://www.greenbone.net/ Neuer Graben 17, 49074 Osnabrück, Germany | AG Osnabrück, HR B 202460 Executive Directors: Lukas Grunwald, Dr. Jan-Oliver Wagner ___ Openvas-discuss mailing list Openvas-discuss@wald.intevation.org http://lists.wald.intevation.org/mailman/listinfo/openvas-discuss
Re: [Openvas-discuss] Automatic reload of Scanner after plugins update
Am Montag, 16. August 2010 10:34:53 schrieb Jonas Andradas: I would like to propose a feature for OpenVAS. I don't know if this is the correct list, or if due to the subject of the feature it would be better to use openvas-plugins. Or maybe none of them, and a separate list should be used. If so, please tell me where should I address this proposal. If the functionality is already in OpenVAS, I apologize. I haven't seen it, but I might have missed it. This feature is indeed on my wish list as well; I think it would be best if openvassd would take the actions you proposed upon receiving a SIGHUP. There are code fragments that suggest that this was at least partially implemented in ancient times, but it is not working now. I agree that this would not be very hard to implement. If you are interested in this feature, I'd suggest that you write a change request (see http://www.openvas.org/openvas-crs.html) outlining your general idea, ask for comments on openvas-devel and then call for a vote. If you need help with the change request or have other questions, feel free to ask. Regards, Michael -- Michael Wiegand | Greenbone Networks GmbH | http://www.greenbone.net/ Neuer Graben 17, 49074 Osnabrück, Germany | AG Osnabrück, HR B 202460 Executive Directors: Lukas Grunwald, Dr. Jan-Oliver Wagner ___ Openvas-discuss mailing list Openvas-discuss@wald.intevation.org http://lists.wald.intevation.org/mailman/listinfo/openvas-discuss
Re: [Openvas-discuss] Problem with Authentication of the OV Manager at the Scanner
Am Sonntag, 8. August 2010 17:50:56 schrieb bir...@fh-brandenburg.de: the communication over omp with the manager works. my problem still the communication between the manager and the scanner. when i start the manager i get an error and the log shows a authentification failure. i used the gsa to create a task, but i couldn't start it. by the way - is it necessary to install the openvas administrator, if i want to use the full greenbone security agent? At a glance, I think you have not yet created any users beside the internal om user. Is this correct? You do indeed need to create a normal user to use the manager; openvas-administrator is the recommended tool for this, especially if you want to have the full gsa setup. Regards, Michael -- Michael Wiegand | Greenbone Networks GmbH | http://www.greenbone.net/ Neuer Graben 17, 49074 Osnabrück, Germany | AG Osnabrück, HR B 202460 Executive Directors: Lukas Grunwald, Dr. Jan-Oliver Wagner ___ Openvas-discuss mailing list Openvas-discuss@wald.intevation.org http://lists.wald.intevation.org/mailman/listinfo/openvas-discuss
[Openvas-discuss] gsa-desktop 0.1.0 released
Hello, Those of you watching the SVN commits and the OpenVAS website closely will already have noticed it: Our newest OpenVAS module just had it's first release. The newest member of the OpenVAS family is called gsa-desktop and is a Qt based OMP client with the ultimate goal of providing an alternative to the Gtk based OpenVAS-Client while offering the full potential of OMP. We invite you to try out gsa-desktop and are looking forward to your feedback. Please keep in mind that gsa-desktop is still in an early stage and does not yet cover all the functionality provided by OMP. Please read the INSTALL and README files provided and feel free to ask on the OpenVAS mailing lists if you have questions. Regards, Michael -- Michael Wiegand | Greenbone Networks GmbH | http://www.greenbone.net/ Neuer Graben 17, 49074 Osnabrück, Germany | AG Osnabrück, HR B 202460 Executive Directors: Lukas Grunwald, Dr. Jan-Oliver Wagner ___ Openvas-discuss mailing list Openvas-discuss@wald.intevation.org http://lists.wald.intevation.org/mailman/listinfo/openvas-discuss
Re: [Openvas-discuss] OpenVAS Scanner 3.1 rc2: Please test
Am Dienstag, 29. Juni 2010 22:41:24 schrieb Stephan Kleine: Might be that the protocol is still compatible but -client, -cli and -manager don't compile anymore with RC2 due to some omp_ functions having gone awol. You are of course right. This has been fixed in the SVN trunk. I expect an RC3 in the very near future which will fix the issues we have discovered since RC2. Thank you very much for spotting and reporting this bug! Regards, Michael -- Michael Wiegand | Greenbone Networks GmbH | http://www.greenbone.net/ Neuer Graben 17, 49074 Osnabrück, Germany | AG Osnabrück, HR B 202460 Executive Directors: Lukas Grunwald, Dr. Jan-Oliver Wagner ___ Openvas-discuss mailing list Openvas-discuss@wald.intevation.org http://lists.wald.intevation.org/mailman/listinfo/openvas-discuss
Re: [Openvas-discuss] gsad and https
Am Mittwoch, 26. Mai 2010 10:03:06 schrieb Felix Wolfsteller: On Wednesday 26 May 2010 09:54:09 Stefan Schwarz wrote: Is there a chance to get gsad working with https (without --http-only). I tried to create a self-signed certificate and also tried to use the certificates under install/var/lib/openvas/CA, but gsad (even with -v) dies without further log-messages. In principle that is the right way to do it, afair. However, we had issues with https and assume that it is due to a buggy ssl-support of libmicrohttp, which is used by gsad. These issues did not lead to a direct death of the daemon, but probably on your system they do. The libmicrohttpd shipped with most distributions is compiled without SSL support due to the issues Felix mentioned. If you try to start an https server with a libmicrohttpd without SSL support, it will silently exit, which is probably what you are observing. You could try building libmicrohttpd yourself and enable SSL there; however, like Felix, I would suggest starting the GSA http-only and provide SSL through other means until SSL support in libmicrohttpd matures. Regards, Michael -- Michael Wiegand | Greenbone Networks GmbH | http://www.greenbone.net/ Neuer Graben 17, 49074 Osnabrück, Germany | AG Osnabrück, HR B 202460 Executive Directors: Lukas Grunwald, Dr. Jan-Oliver Wagner ___ Openvas-discuss mailing list Openvas-discuss@wald.intevation.org http://lists.wald.intevation.org/mailman/listinfo/openvas-discuss
Re: [Openvas-discuss] rsync server down
Am Donnerstag, 8. April 2010 10:11:14 schrieb Abuse 007: Hi Guys, It appears that the rsync.openvas.org server is down. I cannot connect to it. When I use the openvas-nvt-sync command it fails to connect. When I TCP traceroute it stops one hop before the server. Works fine from here. Might this be a network issue on your side? Regards, Michael -- Michael Wiegand | OpenPGP: D7D049EC | Intevation GmbH - www.intevation.de Neuer Graben 17, 49074 Osnabrück, Germany |AG Osnabrück, HR B 18998 Geschäftsführer: Frank Koormann, Bernhard Reiter, Dr. Jan-Oliver Wagner ___ Openvas-discuss mailing list Openvas-discuss@wald.intevation.org http://lists.wald.intevation.org/mailman/listinfo/openvas-discuss
Re: [Openvas-discuss] Client - Server Installation
Am Freitag, 26. März 2010 12:02:01 schrieb Zaki Akhmad: I don't want to install openvas-libraries on this laptop. I just want to make it easier to separate client and server installation. Be aware that openvas-libraries is required to run run openvas-client. You don't need to install openvas-scanner on your laptop, but you will have to install openvas-libraries. Regards, Michael -- Michael Wiegand | OpenPGP: D7D049EC | Intevation GmbH - www.intevation.de Neuer Graben 17, 49074 Osnabrück, Germany |AG Osnabrück, HR B 18998 Geschäftsführer: Frank Koormann, Bernhard Reiter, Dr. Jan-Oliver Wagner ___ Openvas-discuss mailing list Openvas-discuss@wald.intevation.org http://lists.wald.intevation.org/mailman/listinfo/openvas-discuss
Re: [Openvas-discuss] Any missing deps and missing incs resolved(?)
Michael Meyer wrote: In a fresh installation (or after deleting the cache) you get warned about slad.inc if you don't have SLAD installed. slad.inc: Not able to open nor to locate it in include paths Should we add a dummy slad.inc to the feed to avoid this warning? This issue is about to be fixed, I'm currently working on a general slad.inc which should enter the SVN and the feeds very soon. Regards Michael -- Michael Wiegand | OpenPGP: D7D049EC | Intevation GmbH - www.intevation.de Neuer Graben 17, 49074 Osnabrück, Germany |AG Osnabrück, HR B 18998 Geschäftsführer: Frank Koormann, Bernhard Reiter, Dr. Jan-Oliver Wagner ___ Openvas-discuss mailing list Openvas-discuss@wald.intevation.org http://lists.wald.intevation.org/mailman/listinfo/openvas-discuss
Re: [Openvas-discuss] Make download links on OpenVAS homepage more direct?
Jan-Oliver Wagner wrote: I think we should better make the download links on the homepage directly link the tar.gz files. Any concerns with changing the links? None at all, I like the idea. That would certainly save a number of clicks and avoid confusion. Regards, Michael -- Michael Wiegand | OpenPGP: D7D049EC | Intevation GmbH - www.intevation.de Neuer Graben 17, 49074 Osnabrück, Germany |AG Osnabrück, HR B 18998 Geschäftsführer: Frank Koormann, Bernhard Reiter, Dr. Jan-Oliver Wagner ___ Openvas-discuss mailing list Openvas-discuss@wald.intevation.org http://lists.wald.intevation.org/mailman/listinfo/openvas-discuss
Re: [Openvas-discuss] [Openvas-distro-deb] installation for debian etch failed
* Narkissos Goldmund [10. Sep 2009]: Thank's for the advise! Since installation for lenny or etch seems to require anyway partially compilation according to http://www.openvas.org/openvas-server.html, I decided to try compiling everything. Be aware that the description on the OpenVAS website is somewhat outdated. For lenny, you can use the Debian Backports repository as described on the website. The only module missing is openvas-plugins, which is available from the OpenSuSE build service, for example: http://software.opensuse.org/search?baseproject=Debian%3A5.0p=1q=openvas-plugins I started with openvas-libraries. ./configure stopped at: configure: error: glib = 2.6.0 not found I looked with dpkg -l | grep ^i|grep glib, and found: ii libavahi-glib10.6.16-3etch2 Avahi glib integration library ii libdbus-glib-1-2 0.71-3 simple interprocess messaging system (GLib-b ii libglib-perl 1.140-1 Perl interface to the GLib and GObject libra ii libglib2.0-0 2.12.4-2+etch1 The GLib library of C routines ii libglibmm-2.4-1c2a2.12.0-1 C++ wrapper for the GLib toolkit (shared lib ii libnm-glib0 0.6.4-6 network management framework (GLib shared li ii libpoppler0c2-glib0.4.5-5.1etch3 PDF rendering library (GLib-based shared lib I looked again with dpkg --status libglib2.0-0, and found: Version: 2.12.4-2+etch1 Please be aware that you need the development libraries for compiling. In your case, apt-get install libglib2.0-dev will install the necessary package. Please keep further discussion on openvas-discuss, there are more people on that list who might be able to help you. Regards, Michael -- Michael Wiegand | OpenPGP: D7D049EC | Intevation GmbH - www.intevation.de Neuer Graben 17, 49074 Osnabrück, Germany |AG Osnabrück, HR B 18998 Geschäftsführer: Frank Koormann, Bernhard Reiter, Dr. Jan-Oliver Wagner pgpjX1RQfCxzs.pgp Description: PGP signature ___ Openvas-discuss mailing list Openvas-discuss@wald.intevation.org http://lists.wald.intevation.org/mailman/listinfo/openvas-discuss
Re: [Openvas-discuss] Feature proposal
* Christian Eric Edjenguele [11. Jun 2009]: Hello, I dont no if there is always a post on this, but the question is: does it make sense implement a server-side routine to handle the report functions (security_note(), security_hole(),...) ? in order to exit the script if not explicitly specified in the code with exit(0). I'm not quite sure if I understand what you mean by server-side routine to handle the report functions. Could you provide an example? Regards, Michael -- Michael Wiegand | OpenPGP: D7D049EC | Intevation GmbH - www.intevation.de Neuer Graben 17, 49074 Osnabrück, Germany |AG Osnabrück, HR B 18998 Geschäftsführer: Frank Koormann, Bernhard Reiter, Dr. Jan-Oliver Wagner pgp0R4krZGOAy.pgp Description: PGP signature ___ Openvas-discuss mailing list Openvas-discuss@wald.intevation.org http://lists.wald.intevation.org/mailman/listinfo/openvas-discuss
Re: [Openvas-discuss] Feature proposal
* Michael Meyer [12. Jun 2009]: *** Christian Eric Edjenguele christian.edjengu...@owasp.org wrote: I dont no if there is always a post on this, but the question is: does it make sense implement a server-side routine to handle the report functions (security_note(), security_hole(),...) ? in order to exit the script if not explicitly specified in the code with exit(0). There are NVTs which using 'security_*()' more than once. Such a routine would make this NVTs not work properly anymore. Ah, now I understand what Christian Eric meant. :) Yes, mime is correct, a script might use security_* more than once or might want to output a security_note and a debug_message containing background information. Or it might want to execute additional code after it has sent a message. I think recognizing when an exit might be appropriate would mean adding quite an amount of logic to the parser. I'd rather like to see that energy going into improving existing scripts than changing the parser to compensate for bad programming styles. Regards, Michael -- Michael Wiegand | OpenPGP: D7D049EC | Intevation GmbH - www.intevation.de Neuer Graben 17, 49074 Osnabrück, Germany |AG Osnabrück, HR B 18998 Geschäftsführer: Frank Koormann, Bernhard Reiter, Dr. Jan-Oliver Wagner pgp1ev7BItzdR.pgp Description: PGP signature ___ Openvas-discuss mailing list Openvas-discuss@wald.intevation.org http://lists.wald.intevation.org/mailman/listinfo/openvas-discuss
Re: [Openvas-discuss] Problem accessing openvas server
* SECInfy Team [ 6. Jun 2009]: Hi Michael, Thanks a ton for the help. it worked for me from UI. I was able to see command line options through -h option but can anyone please give me some link where I can find details with example for the same? If not, I will write one and send it to group. I'm afraid the -h option is the only help available right now besides the man pages. I agree that something like this would be helpful and make a good addition to the compendium. So yes, any help in that direction would be very much appreciated. :) If you have any questions regarding the commandline options, feel free to ask on the mailing lists or visit our IRC channel #openvas on irc.oftc.net. Regards, Michael -- Michael Wiegand | OpenPGP: D7D049EC | Intevation GmbH - www.intevation.de Neuer Graben 17, 49074 Osnabrück, Germany |AG Osnabrück, HR B 18998 Geschäftsführer: Frank Koormann, Bernhard Reiter, Dr. Jan-Oliver Wagner pgpCHPW4aWZSI.pgp Description: PGP signature ___ Openvas-discuss mailing list Openvas-discuss@wald.intevation.org http://lists.wald.intevation.org/mailman/listinfo/openvas-discuss
Re: [Openvas-discuss] Problem accessing openvas server
* SECInfy Team [ 5. Jun 2009]: Hi, I installed latest version of openvas client and had following error. Server Error - 1.3.6.1.4.1.25623.1.0.100113 Xplode 'module_wrapper.asp' SQL Injection and Cross Site Scripting Vulnerabilities Client Invalid PLUGIN_INfo response from server Error while updating cache plugin information Login Failed Can you please help me with this? The script you mentioned was broken in the openvas-plugins 1.0.6 release and made both client and server cache unusable in some circumstances. The following steps will solve this issue: 1) Shut down openvasd. 2) Update your NVT collection by executing openvas-nvt-sync 3) Delete the server cache. (/var/cache/openvas/*) 4) Delete the client cache. (~/.openvas_nvt_cache and openvas_nvt_cache in the tasks/scopes beneath ~/.openvas/) 5) Start openvasd. 6) Connect to the server using the GUI or CLI client. Let me know if you have any questions or suggestions. Regards, Michael -- Michael Wiegand | OpenPGP: D7D049EC | Intevation GmbH - www.intevation.de Neuer Graben 17, 49074 Osnabrück, Germany |AG Osnabrück, HR B 18998 Geschäftsführer: Frank Koormann, Bernhard Reiter, Dr. Jan-Oliver Wagner pgpePCWK6jlBg.pgp Description: PGP signature ___ Openvas-discuss mailing list Openvas-discuss@wald.intevation.org http://lists.wald.intevation.org/mailman/listinfo/openvas-discuss
Re: [Openvas-discuss] Login failed
* Matthew Bellizzi [ 2. Jun 2009]: Hello I'm trying to figure something out here. So I'm trying to run openvasd on a ubuntu 8.10 box.I downloaded the source packages and got them to compile cleanly. I ran the openvasd-adduser script but, it never exits cleanly. It hangs right after the is this correct prompt y/n.I'm trying to login from another machine. I connect from the remote machine and it downloads the openvasd cert and displys it correctly but, I then get a Login failed. I have a feeling it's sometype of pathing problem betwwen the adduser script and openvasd. Any ideas? I haven't tested the Ubuntu 8.10 packages yet, so I can only guess. If possible, could you answer the following questions: - Is the user directory created, i.e. does /var/lib/openvas/users/username exist? - Which client version are you using? The client packaged by Ubuntu (1.0.4) is not compatible with the server packaged by Ubuntu. - Does the command df take very long in your environment? Regards, Michael -- Michael Wiegand | OpenPGP: D7D049EC | Intevation GmbH - www.intevation.de Neuer Graben 17, 49074 Osnabrück, Germany |AG Osnabrück, HR B 18998 Geschäftsführer: Frank Koormann, Bernhard Reiter, Dr. Jan-Oliver Wagner pgpwVecRjFvjJ.pgp Description: PGP signature ___ Openvas-discuss mailing list Openvas-discuss@wald.intevation.org http://lists.wald.intevation.org/mailman/listinfo/openvas-discuss
Re: [Openvas-discuss] Please confirm md5sum
* Hans-J. Ullrich [30. May 2009]: Am Samstag 30 Mai 2009 schrieb Michael Meyer: *** Hans-J. Ullrich hans.ullr...@loop.de wrote: I synced all the plugins using openvas-nvt-sync and it is telling me, md5sum is not o.k. I suppose, the tranmission was o.k. (as I synced several times!), so might it be, that the source of md5sum on your server is wrong? It would be nice, if you could check this and deny or confirm this. Confirm. ;-) md5sum of the file 'md5sums' is not ok. thanks for the info! I additionally found no package, which might cause the fault. So everyone can use it without any fear of security holes or crash. Nice to know! Thanks for the info again. Michael Meyer was of course right. The md5sum of the file 'md5sums' before the feed update was inadvertently included in the 'md5sums' file and was of course wrong. As Hans-J. suggested, no scripts were affected in any way as you check for yourself using the correct md5sums of the scripts. I apologize for any inconvenience, I'll try to find the cause of this bug. Regards, Michael -- Michael Wiegand | OpenPGP: D7D049EC | Intevation GmbH - www.intevation.de Neuer Graben 17, 49074 Osnabrück, Germany |AG Osnabrück, HR B 18998 Geschäftsführer: Frank Koormann, Bernhard Reiter, Dr. Jan-Oliver Wagner pgpbtXGT8x1YV.pgp Description: PGP signature ___ Openvas-discuss mailing list Openvas-discuss@wald.intevation.org http://lists.wald.intevation.org/mailman/listinfo/openvas-discuss
Re: [Openvas-discuss] CPPFLAGS problem - Mac OS X
* Jeff Simmons [30. May 2009]: Trying to compile openvas (specifically openvas-libraries-2.0.2) on a Mac (10.5.8) using Mac Ports to add necessary libraries. Mac Ports puts files into /opt/local/include and /opt/local/lib, so I should need something like: LDFLAGS=-L/opt/local/lib CPPFLAGS=-l/opt/local/include The CPPFLAGS environmental variable crashes the ./configure script with the message: C compiler cannot create executables. Without it, make can't find the necessary header files (specifically for gnutls). Anyone have any suggestions on this? Parts of the compile environment have the tendency to silently lose FLAGS. This is due to existing templates and Makefiles. We have fixed it in a number of places, looks like you just discovered a new one. Could you file a bug report for that? Regards, Michael -- Michael Wiegand | OpenPGP: D7D049EC | Intevation GmbH - www.intevation.de Neuer Graben 17, 49074 Osnabrück, Germany |AG Osnabrück, HR B 18998 Geschäftsführer: Frank Koormann, Bernhard Reiter, Dr. Jan-Oliver Wagner pgpjqkK9Y2zdi.pgp Description: PGP signature ___ Openvas-discuss mailing list Openvas-discuss@wald.intevation.org http://lists.wald.intevation.org/mailman/listinfo/openvas-discuss
Re: [Openvas-discuss] Voting: CR #27 - IPv6 support
* Chandrashekhar B [22. May 2009]: Hello, The CR #27 is finalized and we would like to now take this for implementation. Please vote +1 if we could go for the changes suggested in the CR. +1. Regards, Michael -- Michael Wiegand | OpenPGP: D7D049EC | Intevation GmbH - www.intevation.de Neuer Graben 17, 49074 Osnabrück, Germany |AG Osnabrück, HR B 18998 Geschäftsführer: Frank Koormann, Bernhard Reiter, Dr. Jan-Oliver Wagner pgpt7jC79orh2.pgp Description: PGP signature ___ Openvas-discuss mailing list Openvas-discuss@wald.intevation.org http://lists.wald.intevation.org/mailman/listinfo/openvas-discuss
[Openvas-discuss] Handling reported versions
* Michael Meyer [11. May 2009]: Yes, I think this would be a good idea. We could define a standard disclaimer text which plugins could use whenever they try remote version identification. Ok, somebody must define this disclaimer. Any volunteers? :-) I saw that the newest plugins from secpod contains the following: * NOTE: Please, ignore the warning if Patch is already applied. * Is that enough? I would propose: * This warning was generated because $SOFTWARE on $REMOTE_HOST identified itself as $VERSION and the authors of $SOFTWARE have declared versions $FROM through $UNTIL to be affected by this issue. Please note that this issue might have already been fixed by your distribution maintainers without increasing the version number reported by the software. If you are in doubt, please refer to the security announcements from the maintainers of your distribution. If you have identified this warning as a false positive, you can create a filter by doing $(CREATE_FILTER_HOWTO). * What do you think? Regards, Michael -- Michael Wiegand | OpenPGP: D7D049EC | Intevation GmbH - www.intevation.de Neuer Graben 17, 49074 Osnabrück, Germany |AG Osnabrück, HR B 18998 Geschäftsführer: Frank Koormann, Bernhard Reiter, Dr. Jan-Oliver Wagner pgpGGG4TS8x4P.pgp Description: PGP signature ___ Openvas-discuss mailing list Openvas-discuss@wald.intevation.org http://lists.wald.intevation.org/mailman/listinfo/openvas-discuss
Re: [Openvas-discuss] Possible false positives with CUPS and MySQL?
* David Corcuera [ 7. May 2009]: I am new with OpenVAS and still testing it. So perhaps, i am asking something silly. I've installed OpenVAS from debian package in etch and ran my first scan against an internal host. Results: 4 security holes. Two of them are on mysql and other two on CUPS. My debian etch has mysql 5.0.32-7etch10 and cupsys 1.2.7-4etch7 (last official etch packages) According to OpenVAS report, i should have installed mysql 5.0.66 and cupsys 1.3.10, but my versions also fix all these vulnerabilities. What is wrong with this? Any idea? I'm not really sure since I'm not a plugin author, but my first guess is that the hole was fixed in MySQL 5.0.66, but Debian backported the changes to the version they packaged for etch. I assume you are doing a remote scan; the remote scan will probably not know that the hole has already been fixed in Debian despite the low version number. Plugin authors: Am I right? Regards, Michael -- Michael Wiegand | OpenPGP: D7D049EC | Intevation GmbH - www.intevation.de Neuer Graben 17, 49074 Osnabrück, Germany |AG Osnabrück, HR B 18998 Geschäftsführer: Frank Koormann, Bernhard Reiter, Dr. Jan-Oliver Wagner pgppDMQe47fhx.pgp Description: PGP signature ___ Openvas-discuss mailing list Openvas-discuss@wald.intevation.org http://lists.wald.intevation.org/mailman/listinfo/openvas-discuss
Re: [Openvas-discuss] openvas FAQ
* Felix Wolfsteller [ 8. May 2009]: Any opinions or objections? (please give a +1 if you think its a good idea) +1. 4) missing dependencies (e.g. smb_func.inc) are due to license and nothing evil happens. smb_func.inc et al are missing includes, not dependencies. But yes, explaining the difference between includes (won't run if not satisfied) and dependencies (will run if not satisfied) will probably be useful as well. :) Regards, Michael -- Michael Wiegand | OpenPGP: D7D049EC | Intevation GmbH - www.intevation.de Neuer Graben 17, 49074 Osnabrück, Germany |AG Osnabrück, HR B 18998 Geschäftsführer: Frank Koormann, Bernhard Reiter, Dr. Jan-Oliver Wagner pgp2XaGjbwg0j.pgp Description: PGP signature ___ Openvas-discuss mailing list Openvas-discuss@wald.intevation.org http://lists.wald.intevation.org/mailman/listinfo/openvas-discuss
Re: [Openvas-discuss] invalid SEND_PLUGINS_MD5 response
* Lazar Todorovic [ 4. May 2009]: which server versions (modules -libraries, -libnasl, -server, -plugins) of the modules and which client version are you using? The Ubuntu Jaunty packages - that means 2.0.0 build 2 for everything exept the client (which ist 1.0.4 build 1). Most likely I have caused the problem by installing the openvas-plugin source package from your website, since Ubuntu doesn't seem to offer it (and I don't know any sensible possibility of NOT using it, since the openvas-nvt-sync script is also there). Thanks for your fast answer :-) Please do note that the 1.0.x client is *NOT* compatible with the 2.0.x server. This might cause your issue. Debian packages for all modules are available from apt.intevation.org, they should work for Jaunty as well. Regards, Michael -- Michael Wiegand | OpenPGP: D7D049EC | Intevation GmbH - www.intevation.de Neuer Graben 17, 49074 Osnabrück, Germany |AG Osnabrück, HR B 18998 Geschäftsführer: Frank Koormann, Bernhard Reiter, Dr. Jan-Oliver Wagner pgpIPB05fjF3m.pgp Description: PGP signature ___ Openvas-discuss mailing list Openvas-discuss@wald.intevation.org http://lists.wald.intevation.org/mailman/listinfo/openvas-discuss
Re: [Openvas-discuss] invalid SEND_PLUGINS_MD5 response
Most likely I have caused the problem by installing the openvas-plugin source package from your website, since Ubuntu doesn't seem to offer it (and I don't know any sensible possibility of NOT using it, since the openvas-nvt-sync script is also there). Thanks for your fast answer :-) A moderately new version of openvas-plugins should not do any harm. A small correction: The openvas-plugins 1.0.6 tarball contained a buggy NASL script. If you did not do an openvas-nvt-sync before the first server start, this might have corrupted both the server and the client cache. Solution for this case: Stop server and client, delete both caches, restart server. Hope that helped. Regards, Michael -- Michael Wiegand | OpenPGP: D7D049EC | Intevation GmbH - www.intevation.de Neuer Graben 17, 49074 Osnabrück, Germany |AG Osnabrück, HR B 18998 Geschäftsführer: Frank Koormann, Bernhard Reiter, Dr. Jan-Oliver Wagner pgpl8Y867zIvB.pgp Description: PGP signature ___ Openvas-discuss mailing list Openvas-discuss@wald.intevation.org http://lists.wald.intevation.org/mailman/listinfo/openvas-discuss
Re: [Openvas-discuss] Feedback on amd64 Debian / Lenny packages
* Dominique Karg [29. Apr 2009]: As Felix said, openvasd outputs messages just like this, but I think it is Debian SOP to pipe the output to /dev/null when starting up. Not sure how verbose you'd like to be in your init.d scripts. You're completely right, my bad. Output is a bit ugly tho ;-) The ugliness is caused by plugins including files which are not present in the feed because of licensing issus (smb_func.inc, smb_file_funcs.inc, byte_func.inc and sunrpc_func.inc) or because they are generated by third-party tools (slad.inc). The number of plugins dependent on these missing includes is very low (15 IIRC) and will decrease in the future. You may safely remove them from your installation. Regards, Michael -- Michael Wiegand | OpenPGP: D7D049EC | Intevation GmbH - www.intevation.de Neuer Graben 17, 49074 Osnabrück, Germany |AG Osnabrück, HR B 18998 Geschäftsführer: Frank Koormann, Bernhard Reiter, Dr. Jan-Oliver Wagner pgpBWdlmXh5sh.pgp Description: PGP signature ___ Openvas-discuss mailing list Openvas-discuss@wald.intevation.org http://lists.wald.intevation.org/mailman/listinfo/openvas-discuss
Re: [Openvas-discuss] Any news on OpenVAS debian packages?
* Dominique Karg [16. Apr 2009]: Thanks a lot Michael, will test that tomorrow. Problem is I need all or nothing; most users will use the all-in-one installer for a test environment before doing a bigger deployment, and that requires client, server, libs and plugins. Any chance you could share those others too? Sure! I think I will have them ready early next week, maybe even today. I'll post an update once I'm done uploading. Regards, Michael -- Michael Wiegand | OpenPGP: D7D049EC | Intevation GmbH - www.intevation.de Neuer Graben 17, 49074 Osnabrück, Germany |AG Osnabrück, HR B 18998 Geschäftsführer: Frank Koormann, Bernhard Reiter, Dr. Jan-Oliver Wagner pgp9dnt0Bos4n.pgp Description: PGP signature ___ Openvas-discuss mailing list Openvas-discuss@wald.intevation.org http://lists.wald.intevation.org/mailman/listinfo/openvas-discuss
Re: [Openvas-discuss] Any news on OpenVAS debian packages?
* Dominique Karg [16. Apr 2009]: Thanks a lot Michael, will test that tomorrow. Problem is I need all or nothing; most users will use the all-in-one installer for a test environment before doing a bigger deployment, and that requires client, server, libs and plugins. Any chance you could share those others too? All packages are now available from apt.intevation.de. I would appreciate feedback should you discover any issues with the packages. Regards, Michael -- Michael Wiegand | OpenPGP: D7D049EC | Intevation GmbH - www.intevation.de Neuer Graben 17, 49074 Osnabrück, Germany |AG Osnabrück, HR B 18998 Geschäftsführer: Frank Koormann, Bernhard Reiter, Dr. Jan-Oliver Wagner pgpZNUFsmHX06.pgp Description: PGP signature ___ Openvas-discuss mailing list Openvas-discuss@wald.intevation.org http://lists.wald.intevation.org/mailman/listinfo/openvas-discuss
Re: [Openvas-discuss] Any news on OpenVAS debian packages?
* Dominique Karg [15. Apr 2009]: I don't think we need to modify anything, so rebuilding isn't needed. Packages as they are are fine :-) I have uploaded packages for openvas-client 2.0.3 to apt.intevation.de. Let me know if they are okay with you, feel free to make suggestions. Regards, Michael -- Michael Wiegand | OpenPGP: D7D049EC | Intevation GmbH - www.intevation.de Neuer Graben 17, 49074 Osnabrück, Germany |AG Osnabrück, HR B 18998 Geschäftsführer: Frank Koormann, Bernhard Reiter, Dr. Jan-Oliver Wagner pgp3ZgsJYevND.pgp Description: PGP signature ___ Openvas-discuss mailing list Openvas-discuss@wald.intevation.org http://lists.wald.intevation.org/mailman/listinfo/openvas-discuss
Re: [Openvas-discuss] Strange Error with OpenVas and Nikto
* Andrea Modesto Rossi [ 6. Feb 2009]: Hi all, i use OpenVas on my Fedora10. During a scan i've got this error: Reported by NVT Nikto (NASL wrapper) (1.3.6.1.4.1.25623.1.0.14260): Nikto could not be found in your system path. OpenVAS was unable to execute Nikto and to perform the scan you requested. Please make sure that Nikto is installed and that nikto.pl is available in the PATH variable defined for your environment. but i've installed NIKTO. What does this error mean? My first guess would be that the Nikto executable on your system is not called nikto.pl, but nikto or something like this. The current Nikto Wrapper does not take this into consideration yet. As a workaround I would suggest either changing the command name in nikto.nasl or adding a symlink to your nikto executable called nikto.pl. Does this solve your issue? Regards, Michael -- Michael Wiegand | OpenPGP key: D7D049EC | http://www.intevation.de/ Intevation GmbH, Neuer Graben 17, 49074 Osnabrück | AG Osnabrück, HR B 18998 Geschäftsführer: Frank Koormann, Bernhard Reiter, Dr. Jan-Oliver Wagner pgpSmXm8g2VTc.pgp Description: PGP signature ___ Openvas-discuss mailing list Openvas-discuss@wald.intevation.org http://lists.wald.intevation.org/mailman/listinfo/openvas-discuss
Re: [Openvas-discuss] OpenVAS XML reports
* Jean-Christophe FORTON [ 5. Feb 2009]: I'm back working on my vulnerability assessment project. Glad to hear. :) Currently I'm generating xml reports and try to parse them with Xalan (JAVA API) but, unfortunately, the reports always contain the following line: setting name=Misc information on News server[entry]:From address : value=OpenVAS lis...@listme.dsbl.org/ My parser doesn't like the of lis...@listme.dsbl.org and says my xml input is not valid xml. I suppose your xml parser is right, and should be escaped in the attributes. Oddly enough, they should have been escaped during XML output. Looking at the code, I can't quite make out what went wrong there. I suppose you are not using the XML (old style - deprecated) option? Would you mind filing a bug report at http://bugs.openvas.org/ ? Any idea if this problem is fixed in version 2.0.0? There were no changes in the relevant parts of the code between 1.0.2 and 2.0.0, so I think the problem may still be there, whatever it is. But I would appreciate it if you could test the issue with an up-to-date release of OpenVAS and let us know if the bug is still present for you. Regards, Michael -- Michael Wiegand | OpenPGP key: D7D049EC | http://www.intevation.de/ Intevation GmbH, Neuer Graben 17, 49074 Osnabrück | AG Osnabrück, HR B 18998 Geschäftsführer: Frank Koormann, Bernhard Reiter, Dr. Jan-Oliver Wagner pgp5zsfQ4rZDt.pgp Description: PGP signature ___ Openvas-discuss mailing list Openvas-discuss@wald.intevation.org http://lists.wald.intevation.org/mailman/listinfo/openvas-discuss
Re: [Openvas-discuss] Next Tier for the OpenVAS feed: join with OSSIM/AlienVault
* John A. Sullivan III [14. Jan 2009]: Argh! (Very red face) You are exactly right. My late night brain cramp and my apologies. I let you know how I fare. Any other caveats about integrating OpenVAS 2.0 and OSSIM? I've read some things about output formats being mismatched, i.e., different from the Nessus format OSSIM expects. Thanks - John Depends on which output formats you are talking about. OpenVAS uses OIDs in place of the numerical IDs used by Nessus, for example. There are a few other changes as well; I'm not familiar with OSSIM, so I don't know what it expects. But unless OSSIM is doing something weird with the results, the changes should be pretty straightforward and easy to implement. Let me know if you have any questions regarding the output. Regards, Michael -- Michael Wiegand | OpenPGP key: D7D049EC | http://www.intevation.de/ Intevation GmbH, Neuer Graben 17, 49074 Osnabrück | AG Osnabrück, HR B 18998 Geschäftsführer: Frank Koormann, Bernhard Reiter, Dr. Jan-Oliver Wagner ___ Openvas-discuss mailing list Openvas-discuss@wald.intevation.org http://lists.wald.intevation.org/mailman/listinfo/openvas-discuss
Re: [Openvas-discuss] Next Tier for the OpenVAS feed: join with OSSIM/AlienVault
* John A. Sullivan III [14. Jan 2009]: Right away I see a problem. OpenVAS 2.0 requires glibc = 2.6 and Etch has 2.3.something or other. Once again: OpenVAS 2.0 requires *glib* (as in libglib2.0-dev) to be = 2.6, Etch packages 2.12 as you can see on [1]. So you should have no trouble compiling or installing OpenVAS 2.0 on Etch. Note that this is glib and _not_ glibc. I'm not sure about the exact minimum version for glibc, but it is certainly below 2.3. There was a small packaging error in the first OpenVAS 2.0.0 Debian packages which failed to specify the dependency on glib, which resulted in a glib-related error messages when configuring. This bug should be fixed very soon. I apologize for the confusion and I think it is unfortunate that these two libraries have so similar names -- but we did name neither glib nor glibc. ;) Regards, Michael [1] http://packages.debian.org/etch/libglib2.0-dev -- Michael Wiegand | OpenPGP key: D7D049EC | http://www.intevation.de/ Intevation GmbH, Neuer Graben 17, 49074 Osnabrück | AG Osnabrück, HR B 18998 Geschäftsführer: Frank Koormann, Bernhard Reiter, Dr. Jan-Oliver Wagner ___ Openvas-discuss mailing list Openvas-discuss@wald.intevation.org http://lists.wald.intevation.org/mailman/listinfo/openvas-discuss
[Openvas-discuss] Planning openvas-compendium 1.0.1
Hello, since the 1.0.0 version of the OpenVAS compendium does not yet reflect the release of OpenVAS 2.0.0 and a few other changes, I would like to release an update version of the compendium. I would like to do the 1.0.1 release on Wednesday, Jan 14. If there is anything you would like to add or update, please do so until Tuesday. Please let me know if you need help incorporating your changes or have any other questions. Regards, Michael -- Michael Wiegand | OpenPGP key: D7D049EC | http://www.intevation.de/ Intevation GmbH, Neuer Graben 17, 49074 Osnabrück | AG Osnabrück, HR B 18998 Geschäftsführer: Frank Koormann, Bernhard Reiter, Dr. Jan-Oliver Wagner ___ Openvas-discuss mailing list Openvas-discuss@wald.intevation.org http://lists.wald.intevation.org/mailman/listinfo/openvas-discuss
Re: [Openvas-discuss] Mac OS X Problems
* Andrew Blyth [19. Dec 2008]: Dear All I am running a Mac OS X (10.5). When I try and configure/compile openvas-libraries-2.0.0 I get the following error message: checking for __dn_expand in -lresolv... no configure: error: you need to install resolve library with development files I know that the resolve files are on my machine: $ ls -l /usr/include/resolv.h -rw-r--r-- 1 root wheel 19363 5 Oct 2007 /usr/include/resolv.h $ I think the resolv.h in Mac OS X is slightly different from what openvas-libraries expects. This is most likely a bug, since the functionality should be present in OS X. Would you mind filing a bug report against openvas-libraries at http://bugs.openvas.org/ so we can collect the information there? Thank you! Regards, Michael -- Michael Wiegand | OpenPGP key: D7D049EC | http://www.intevation.de/ Intevation GmbH, Neuer Graben 17, 49074 Osnabrück | AG Osnabrück, HR B 18998 Geschäftsführer: Frank Koormann, Bernhard Reiter, Dr. Jan-Oliver Wagner ___ Openvas-discuss mailing list Openvas-discuss@wald.intevation.org http://lists.wald.intevation.org/mailman/listinfo/openvas-discuss
Re: [Openvas-discuss] Cannot find libopenvas.2
* Eric Gearhart [18. Dec 2008]: To test the libtool changes, will there be another tarball to download (e.g. as a release candidate), or should we check out via svn? The changes are incorporated in OpenVAS 2.0.0, which was released two days ago and is available for download from the OpenVAS website. Regards, Michael -- Michael Wiegand | OpenPGP key: D7D049EC | http://www.intevation.de/ Intevation GmbH, Neuer Graben 17, 49074 Osnabrück | AG Osnabrück, HR B 18998 Geschäftsführer: Frank Koormann, Bernhard Reiter, Dr. Jan-Oliver Wagner ___ Openvas-discuss mailing list Openvas-discuss@wald.intevation.org http://lists.wald.intevation.org/mailman/listinfo/openvas-discuss
Re: [Openvas-discuss] Cannot find libopenvas.2
* Martin Schulze [17. Dec 2008]: As far as I've understood the problem, it would be sufficient to execute the autotools chain on a clean checkout and commit the new files that have been created/updated, at least ltmain.sh (guessed). This has been done in preparation for 2.0.0. All components now use the autotools/libtool files created on Debian Etch. I'm optimistic this might solve the issues reported, I'm looking forward to feedback. Regards, Michael -- Michael Wiegand | OpenPGP key: D7D049EC | http://www.intevation.de/ Intevation GmbH, Neuer Graben 17, 49074 Osnabrück | AG Osnabrück, HR B 18998 Geschäftsführer: Frank Koormann, Bernhard Reiter, Dr. Jan-Oliver Wagner ___ Openvas-discuss mailing list Openvas-discuss@wald.intevation.org http://lists.wald.intevation.org/mailman/listinfo/openvas-discuss
Re: [Openvas-discuss] openvasd seg faulting?
* John A. Sullivan III [10. Dec 2008]: Hello, all. I've installed openvas from source on ubuntu 8.0.4 (fully patched) on amd64. However, after installing, making a cert, adding a user, downloading the plugins, I cannot get openvasd to start. I have tried with and without the -D and I do not see it running. However, it also gives not indication of why it fails. It does successfully load all plugins (although some plugins dependent upon various functions like smb_func (I think) did not load the first time). However, then it just returns to the command prompt even with the -D: (..) Any idea what we've done wrong? Thanks - John John, Thank you for spotting this error and for the very detailed bug report. We have identified the source of this issue and fixed it in SVN revision 1960. Could you try a fresh install with the latest SVN revision = 1960 and let me know if this solves your problem? Regards, Michael -- Michael Wiegand | OpenPGP key: D7D049EC | http://www.intevation.de/ Intevation GmbH, Neuer Graben 17, 49074 Osnabrück | AG Osnabrück, HR B 18998 Geschäftsführer: Frank Koormann, Bernhard Reiter, Dr. Jan-Oliver Wagner ___ Openvas-discuss mailing list Openvas-discuss@wald.intevation.org http://lists.wald.intevation.org/mailman/listinfo/openvas-discuss
Re: [Openvas-discuss] Planning OpenVAS Developer Conference #2 (OpenVAS DevCon2)
* Jan-Oliver Wagner [ 9. Dec 2008]: I encourage you to send on-list comments :-) Well, let me be the first to do so. :) I think this is a good idea, even if Jan, Felix and myself see each other on a daily basis. I think we could make considerable progress with the important decisions Jan mentioned by meeting IRL instead of IRC for a change. I'll most certainly participate, having probably the shortest distance to travel. I can assure you that Osnabrück and especially the Intevation office make a great location for the DevCon. What I am uncertain: should we consider a Users' session prior to the DevCon with Workshops or alike? Maybe someone wants to hold a workshop. If we take a small fee we might finance travel for some developers. Opinions on this? I would be in favor of this, if there is demand for a user session or something like that. Regards, Michael -- Michael Wiegand | OpenPGP key: D7D049EC | http://www.intevation.de/ Intevation GmbH, Neuer Graben 17, 49074 Osnabrück | AG Osnabrück, HR B 18998 Geschäftsführer: Frank Koormann, Bernhard Reiter, Dr. Jan-Oliver Wagner ___ Openvas-discuss mailing list Openvas-discuss@wald.intevation.org http://lists.wald.intevation.org/mailman/listinfo/openvas-discuss
Re: [Openvas-discuss] Command line client?
* Thomas Raef [ 3. Dec 2008]: I'm trying the command line options like this: ./bin/OpenVAS-Client --list-plugins --batch-mode=192.168.1.200 1241 user password And I keep getting Batch mode requires login information. Is the command line space delimited? Or how should I be specifying the passed parameters to the command line? The current command line version of OpenVAS-Client tries to be as close to the inherited Nessus behaviour as possible and thus expects the login information to include a targets file and the name of a results file. These are of course discarded in your example, but are necessary nonetheless. I also discovered that there is a bug in the commandline processing which seems to be related to the use of the = for the batch-mode option, we will try to fix this. For now, please try the following command line: ./bin/OpenVAS-Client --list-plugins --batch-mode 192.168.1.200 1241 user password targets.txt results.txt and let me know if it works. Thank you for reporting this issue! Regards, Michael -- Michael Wiegand | OpenPGP key: D7D049EC | http://www.intevation.de/ Intevation GmbH, Neuer Graben 17, 49074 Osnabrück | AG Osnabrück, HR B 18998 Geschäftsführer: Frank Koormann, Bernhard Reiter, Dr. Jan-Oliver Wagner ___ Openvas-discuss mailing list Openvas-discuss@wald.intevation.org http://lists.wald.intevation.org/mailman/listinfo/openvas-discuss
[Openvas-discuss] Planning final release for Compendium 1.0
Hello, we had some valuable contributions to both the German and the English edition of the OpenVAS compendium and were able to remove quite a number of inconsistencies, typographic issues and spelling mistakes. I think the compendium is now ready for the real 1.0.0 release and I would like to release the final version as early as this week. If you are still in the process of proofreading and would like to submit patches for the compendium, please do contact me as soon as possible. If you haven't yet looked at the compendium, now is a very good time to do so. Additional proofreaders are more than welcome. Regards, Michael -- Michael Wiegand | OpenPGP key: D7D049EC | http://www.intevation.de/ Intevation GmbH, Neuer Graben 17, 49074 Osnabrück | AG Osnabrück, HR B 18998 Geschäftsführer: Frank Koormann, Bernhard Reiter, Dr. Jan-Oliver Wagner ___ Openvas-discuss mailing list Openvas-discuss@wald.intevation.org http://lists.wald.intevation.org/mailman/listinfo/openvas-discuss
Re: [Openvas-discuss] gnutls error message
Am Mittwoch, 27. August 2008 23:18:23 schrieb NISU DOJ: I have uninstalled the software and will reinstall the newer version when available. However, please do review this information to see if it is consistent with previous issues. Thank you [Fri Aug 22 15:07:51 2008][27630] connection from 127.0.0.1 [Fri Aug 22 15:07:57 2008][27690] SIGSEGV occured ! [Fri Aug 22 15:07:57 2008][27686] user (deleted) : test complete [Fri Aug 22 15:07:57 2008][27686] SIGSEGV occured ! [Fri Aug 22 15:13:57 2008][27630] Caught HUP signal - reconfiguring Yes, this is consistent with the issue present in OpenVAS-Server 1.0.1. We have released 1.0.2 on Monday, it is available for download at http://wald.intevation.org/frs/?group_id=29release_id=196 and fixes this bug. Could you test your setup with 1.0.2 and tell me if it works for you? [26411] gnutls_handshake: A TLS packet with unexpected length was received. [26442] gnutls_handshake: A record packet with illegal version was received. [26444] gnutls_handshake: Function was interrupted I have looked into this issue and my current observation is that these messages only occur when the server is subject to a scan, i.e. when you are scanning localhost. Can anybody confirm this observation? If that is the case, this is most likely just gnutls noticing the scan and the messages can be ignored. (They should probably be hidden behind an #ifdef DEBUG in that case.) Regards, Michael -- Michael Wiegand OpenPGP key: D7D049EC Intevation GmbH, Osnabrückhttp://www.intevation.de/ Amtsgericht Osnabrück, HR B 18998 Geschäftsführer: Frank Koormann, Bernhard Reiter, Dr. Jan-Oliver Wagner ___ Openvas-discuss mailing list Openvas-discuss@wald.intevation.org http://lists.wald.intevation.org/mailman/listinfo/openvas-discuss
Re: [Openvas-discuss] OpenVAS Vmware appliance
Am Freitag, 15. August 2008 18:58:04 schrieb Patrick Hornung: That's certainly fair. I'll try to get that for you, but I'll need some instruction or time to research how to do this. Just let us now if you need help with that. You might want to join #openvas on irc.oftc.net if you get stuck; or just ask your question on this list. openvas-nvt-sync to make sure only the exact feed contents were being run, and the tests ran through without the error. Also, I received much less trouble from starting openvasd because dependencies were all met. Perhaps there are outdated or incomplete plugins in the plugins rpm? On the downside, I'm missing port scanners and a huge number of checks, which makes sense because the feed seems to contain the Debian local security checks only (according to http://www.openvas.org/openvas-nvt-feed.html). Thank you for your correct observation. :) A number of plugins had to be removed from the plugin package since they were part of Nessus and not available under the GPL. This is very regrettable as it breaks quite a few other plugins (that's one reason for the xyz.nasl not found errors), but can't be helped at the moment. The NVT feed on the other hand is a first batch of plugins that only depend on available plugins but - as you said - they only offer a very limited number of checks. Sorry if I sound needy - I really want to understand the project and its inner workings, and I'd really like to help it grow in any way I can. Thank you, we certainly appreciate your support! Is there any question you have right now (well, apart from the SIGSEGV issue :) ) or any area you would like to concentrate on? As you have seen, NVT development is one area that could certainly use improvement and will be a focus of development in the next months. Regards, Michael -- Michael Wiegand OpenPGP key: D7D049EC Intevation GmbH, Osnabrückhttp://www.intevation.de/ Amtsgericht Osnabrück, HR B 18998 Geschäftsführer: Frank Koormann, Bernhard Reiter, Dr. Jan-Oliver Wagner ___ Openvas-discuss mailing list Openvas-discuss@wald.intevation.org http://lists.wald.intevation.org/mailman/listinfo/openvas-discuss
Re: [Openvas-discuss] OpenVAS - ready to try? Or not?
on building from source (with for example the list of packages you have to install first on Debian to get it to configure/compile? You can information on this at http://www.openvas.org/openvas-server.html and http://www.openvas.org/openvas-client.html. Thank you for your feedback, I hope I was able to help you at least a little. Please be aware OpenVAS is currently a work-in-progress, but we are trying to achieve progress as quickly (and as compatible) as possible. :) Regards, Michael -- Michael Wiegand OpenPGP key: D7D049EC Intevation GmbH, Osnabrückhttp://www.intevation.de/ Amtsgericht Osnabrück, HR B 18998 Geschäftsführer: Frank Koormann, Bernhard Reiter, Dr. Jan-Oliver Wagner ___ Openvas-discuss mailing list Openvas-discuss@wald.intevation.org http://lists.wald.intevation.org/mailman/listinfo/openvas-discuss
[Openvas-discuss] Planning releases for libraries, libnasl and server
Hello, the client is closing in on the 1.0.4 release; I'd like to start planning now for the following releases: - openvas-libraries 1.0.2 - openvas-libnasl 1.0.1 - openvas-server 1.0.1 in this order (while making sure openvas-libraries does not break anything with older versions). If you have something that should be included in the next release but isn't in SVN yet, or have suggestions for the releases, please let me know. Regards, Michael -- Michael Wiegand OpenPGP key: D7D049EC Intevation GmbH, Osnabrückhttp://www.intevation.de/ Amtsgericht Osnabrück, HR B 18998 Geschäftsführer: Frank Koormann, Bernhard Reiter, Dr. Jan-Oliver Wagner ___ Openvas-discuss mailing list Openvas-discuss@wald.intevation.org http://lists.wald.intevation.org/mailman/listinfo/openvas-discuss
Re: [Openvas-discuss] Planning openvas-client 1.0.4 release
Am Dienstag, 24. Juni 2008 14:31:21 schrieb Jan-Oliver Wagner: there are a couple of string changes. Updating the translations might make sense. You're right; if nobody else volunteers, I'll take care of translating at least the strings that changed since 1.0.3 to German. Regards, Michael -- Michael Wiegand OpenPGP key: D7D049EC Intevation GmbH, Osnabrückhttp://www.intevation.de/ Amtsgericht Osnabrück, HR B 18998 Geschäftsführer: Frank Koormann, Bernhard Reiter, Dr. Jan-Oliver Wagner ___ Openvas-discuss mailing list Openvas-discuss@wald.intevation.org http://lists.wald.intevation.org/mailman/listinfo/openvas-discuss
[Openvas-discuss] Planning openvas-client 1.0.4 release
Hello, A lot of improvements, bug fixes and code cleanups have found their way into OpenVAS-Client in the last weeks. Thanks to everyone who contributed so far! I'd to take this opportunity to start planning for the 1.0.4 release; please take your time to make sure everything is working as intended and let me if there are any issues that need to be resolved before the release. Regards, Michael -- Michael Wiegand OpenPGP key: D7D049EC Intevation GmbH, Osnabrückhttp://www.intevation.de/ Amtsgericht Osnabrück, HR B 18998 Geschäftsführer: Frank Koormann, Bernhard Reiter, Dr. Jan-Oliver Wagner ___ Openvas-discuss mailing list Openvas-discuss@wald.intevation.org http://lists.wald.intevation.org/mailman/listinfo/openvas-discuss
[Openvas-discuss] IRC channel info on website?
Hello, I just found out yesterday that there is indeed an IRC channel dedicated to OpenVAS on oftc.net. The channel is currently not very active (perhaps I'm not the only one who wasn't aware of its existence), but it might be a good idea to add information about this channel to the OpenVAS website. It might serve as a point of first contact for some folks who are interested in helping the project, but don't want to join the mailing lists or the SCM just yet. What do you think? Regards, Michael -- Michael Wiegand OpenPGP key: D7D049EC Intevation GmbH, Osnabrückhttp://www.intevation.de/ Amtsgericht Osnabrück, HR B 18998 Geschäftsführer: Frank Koormann, Bernhard Reiter, Dr. Jan-Oliver Wagner ___ Openvas-discuss mailing list Openvas-discuss@wald.intevation.org http://lists.wald.intevation.org/mailman/listinfo/openvas-discuss
