Re: [Openvas-discuss] Migrate discussions to new platform

[Reindl Harald]

the whole "we migrate from mailing-lists to shithub and other platforms"
grows like a cancer :-(

Am 15.10.18 um 21:24 schrieb Jan-Oliver Wagner:
> this is a reminder:
> 
> Only 15 days to go until this mailing list is shut down.
> 
> The community forum is already very active.
> Lets meet there! :
> 
>   https://community.greenbone.net
> 
> Best regards
> 
> Jan
> 
> 
> Am Sonntag, 16. September 2018, 00:49:59 CEST schrieb Jan-Oliver Wagner:
>> Dear subscribers to openvas-discuss mailing list,
>>
>> as you have surely noticed via openvas-announce we migrate the old
>> community infrastructure to a modern one. At the same time we bring
>> various groups into one community, which also means to not distinguish
>> anymore between developers and users.
>>
>> We will shut down the openvas-discuss mailing list by October 31st 2018.
>> Everyone will be unsubscribed, but the archives will remain online.
>>
>> The members of this mailing list (openvas-discuss) are welcome to join
>> the new community portal at
>>
>>   https://community.greenbone.net/
>>
>> The category "Source Edition" is a good home for what was discussed at
>> openvas-discuss.
>>
>> However, also the new github infrastructure is a place where
>> you can directly discuss bugs and code:
>>
>>   https://github.com/greenbone
>>
>> Hope to meet you soon on one or both of these new platforms!
___
Openvas-discuss mailing list
Openvas-discuss@wald.intevation.org
https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss

Re: [Openvas-discuss] openvas install installation not complete

[Reindl Harald]

Am 09.10.18 um 09:41 schrieb Christian Fischer:
> On 04.10.2018 03:03, Joe Cummings wrote:
>> I'm new to openvas and just performed an install.  My redis-openvas
>> directory appears to be missing, along with my redis-server.sock file.  So,
>> I can not start my redis-server.
> 
> as this is an issue / setup problem with redis-server which is mostly
> unrelated on OpenVAS/GVM and highly depends on your used Linux
> distribution i would suggest to either get in touch with the redis
> support community [1] or with a support forums related to your Linux
> distribution on how to follow / configure the suggestions provided by
> the openvas-check-setup script:

on Fedora it whines about "/tmp/redis.sock" and i don't get why
distributions don't manage to compile all the client / server stuff with
the same default options as it's done fro mysqld/mariadb for decades

anyways, it's really trivial to change the socket path given that you
should run OpenVAS on a dedicated machine / vm and so redis has only one
consumer

[root@openvas:~]$ cat /etc/redis.conf | grep unixsocket
unixsocket /tmp/redis.sock
unixsocketperm 0777

>> ERROR: redis-server is not running or not listening on socket:
> /var/run/redis-openvas/redis-server.sock
>> FIX: You should start the redis-server or configure it to listen on
> socket: /var/run/redis-openvas/redis-server.
> 
> [1] https://redis.io/community
___
Openvas-discuss mailing list
Openvas-discuss@wald.intevation.org
https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss

Re: [Openvas-discuss] Migrate discussions to new platform

[Reindl Harald]

Am 16.09.18 um 00:49 schrieb Jan-Oliver Wagner:
> We will shut down the openvas-discuss mailing list by October 31st 2018.
> Everyone will be unsubscribed, but the archives will remain online.

why do you migrate something when you are not capable to migrate?

___
Openvas-discuss mailing list
Openvas-discuss@wald.intevation.org
https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss

Re: [Openvas-discuss] stupid connlimit 1 - Re: rsync: failed to connect to feed.openvas.org (89.146.224.58): Connection refused

[Reindl Harald]

your idiotic connection counter is broken

greenbone-nvt-sync:
line 360: FEED_VERSION_SERVER=`grep PLUGIN_SET
$FEED_INFO_TEMP_DIR/plugin_feed_info.inc | sed -e 's/[^0-9]//g'`
line 361: sleep 5

after adding the "sleep 5" it works

so either raise the limit to 2 or fix whatever counts connections on
your server

Am 01.09.18 um 14:58 schrieb Reindl Harald:
> Am 01.09.18 um 00:48 schrieb Reindl Harald:
>> Am 30.08.18 um 10:44 schrieb Reindl Harald:
>>> rsync: failed to connect to feed.openvas.org (89.146.224.58): Connection
>>> refused
>>>
>>> and why?
>>>
>>> that obviosuly happened also end of last month
>>> source: 91.118.73.100
>>
>> are you kidding me?
> 
> you fools limit the connection from a source ip to 1
> "greenbone-nvt-sync" obviously triggers two
> 
> easily to test:
> telnet 89.146.224.58 873
> 
> try to open another connection
> 
> [harry@srv-rhsoft:~]$ telnet 89.146.224.58 873
> Trying 89.146.224.58...
> telnet: connect to address 89.146.224.58: Connection refused
> 
> close teh first one and hit cursor-up + enter
> voila it suceeds
> 
> ---
> 
> [root@openvas:~]$ greenbone-nvt-sync
> OpenVAS community feed server - http://www.openvas.org/
> This service is hosted by Greenbone Networks - http://www.greenbone.net/
> 
> All transactions are logged.
> 
> If you have any questions, please use the OpenVAS mailing lists
> or the OpenVAS IRC chat. See http://www.openvas.org/ for details.
> 
> By using this service you agree to our terms and conditions.
> 
> Only one sync per time, otherwise the source ip will be blocked.
> 
> receiving incremental file list
> plugin_feed_info.inc
>   1,131 100%1.08MB/s0:00:00 (xfr#1, to-chk=0/1)
> 
> sent 43 bytes  received 1,235 bytes  2,556.00 bytes/sec
> total size is 1,131  speedup is 0.88
> rsync: failed to connect to feed.openvas.org (89.146.224.58): Connection
> refused (111)
> rsync: failed to connect to feed.openvas.org (2a01:130:2000:127::d1):
> Cannot assign requested address (99)
> rsync error: error in socket IO (code 10) at clientserver.c(127)
> [Receiver=3.1.3]
___
Openvas-discuss mailing list
Openvas-discuss@wald.intevation.org
https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss

[Openvas-discuss] stupid connlimit 1 - Re: rsync: failed to connect to feed.openvas.org (89.146.224.58): Connection refused

[Reindl Harald]

Am 01.09.18 um 00:48 schrieb Reindl Harald:
> Am 30.08.18 um 10:44 schrieb Reindl Harald:
>> rsync: failed to connect to feed.openvas.org (89.146.224.58): Connection
>> refused
>>
>> and why?
>>
>> that obviosuly happened also end of last month
>> source: 91.118.73.100
> 
> are you kidding me?

you fools limit the connection from a source ip to 1
"greenbone-nvt-sync" obviously triggers two

easily to test:
telnet 89.146.224.58 873

try to open another connection

[harry@srv-rhsoft:~]$ telnet 89.146.224.58 873
Trying 89.146.224.58...
telnet: connect to address 89.146.224.58: Connection refused

close teh first one and hit cursor-up + enter
voila it suceeds

---

[root@openvas:~]$ greenbone-nvt-sync
OpenVAS community feed server - http://www.openvas.org/
This service is hosted by Greenbone Networks - http://www.greenbone.net/

All transactions are logged.

If you have any questions, please use the OpenVAS mailing lists
or the OpenVAS IRC chat. See http://www.openvas.org/ for details.

By using this service you agree to our terms and conditions.

Only one sync per time, otherwise the source ip will be blocked.

receiving incremental file list
plugin_feed_info.inc
  1,131 100%1.08MB/s0:00:00 (xfr#1, to-chk=0/1)

sent 43 bytes  received 1,235 bytes  2,556.00 bytes/sec
total size is 1,131  speedup is 0.88
rsync: failed to connect to feed.openvas.org (89.146.224.58): Connection
refused (111)
rsync: failed to connect to feed.openvas.org (2a01:130:2000:127::d1):
Cannot assign requested address (99)
rsync error: error in socket IO (code 10) at clientserver.c(127)
[Receiver=3.1.3]
___
Openvas-discuss mailing list
Openvas-discuss@wald.intevation.org
https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss

Re: [Openvas-discuss] rsync: failed to connect to feed.openvas.org (89.146.224.58): Connection refused

[Reindl Harald]

Am 30.08.18 um 10:44 schrieb Reindl Harald:
> rsync: failed to connect to feed.openvas.org (89.146.224.58): Connection
> refused
> 
> and why?
> 
> that obviosuly happened also end of last month
> source: 91.118.73.100

are you kidding me?


dfn-cert-2011.xml.asc

  0   0%0.00kB/s0:00:00
181 100%0.67kB/s0:00:00 (xfr#13, to-chk=19/42)
dfn-cert-2012.xml.asc

  0   0%0.00kB/s0:00:00
181 100%0.67kB/s0:00:00 (xfr#14, to-chk=17/42)
dfn-cert-2013.xml.asc

  0   0%0.00kB/s0:00:00
181 100%0.67kB/s0:00:00 (xfr#15, to-chk=15/42)
dfn-cert-2014.xml.asc

  0   0%0.00kB/s0:00:00
181 100%0.67kB/s0:00:00 (xfr#16, to-chk=13/42)
dfn-cert-2015.xml

  0   0%0.00kB/s0:00:00
  2,134,445 100%7.43MB/s0:00:00 (xfr#17, to-chk=12/42)
dfn-cert-2015.xml.asc

  0   0%0.00kB/s0:00:00
181 100%0.65kB/s0:00:00 (xfr#18, to-chk=11/42)
dfn-cert-2016.xml.asc

  0   0%0.00kB/s0:00:00
181 100%0.65kB/s0:00:00 (xfr#19, to-chk=9/42)
dfn-cert-2017.xml

  0   0%0.00kB/s0:00:00
  3,125,006 100%   10.46MB/s0:00:00 (xfr#20, to-chk=8/42)
dfn-cert-2017.xml.asc

  0   0%0.00kB/s0:00:00
181 100%0.62kB/s0:00:00 (xfr#21, to-chk=7/42)
dfn-cert-2018.xml

  0   0%0.00kB/s0:00:00
  2,391,125 100%3.90MB/s0:00:00 (xfr#22, to-chk=6/42)
dfn-cert-2018.xml.asc

  0   0%0.00kB/s0:00:00
181 100%0.30kB/s0:00:00 (xfr#23, to-chk=5/42)
sha1sums

  0   0%0.00kB/s0:00:00
  2,236 100%3.73kB/s0:00:00 (xfr#24, to-chk=4/42)
sha256sums

  0   0%0.00kB/s0:00:00
  3,148 100%5.26kB/s0:00:00 (xfr#25, to-chk=3/42)
sha256sums.asc

  0   0%0.00kB/s0:00:00
181 100%0.30kB/s0:00:00 (xfr#26, to-chk=2/42)
timestamp

  0   0%0.00kB/s0:00:00
 13 100%0.02kB/s0:00:00 (xfr#27, to-chk=1/42)
timestamp.asc

  0   0%0.00kB/s0:00:00
181 100%0.30kB/s0:00:00 (xfr#28, to-chk=0/42)

sent 47,014 bytes  received 1,052,279 bytes  732,862.00 bytes/sec
total size is 54,348,568  speedup is 49.44
/usr/sbin/openvasmd
OpenVAS community feed server - http://www.openvas.org/
This service is hosted by Greenbone Networks - http://www.greenbone.net/

All transactions are logged.

If you have any questions, please use the OpenVAS mailing lists
or the OpenVAS IRC chat. See http://www.openvas.org/ for details.

By using this service you agree to our terms and conditions.

Only one sync per time, otherwise the source ip will be blocked.

receiving incremental file list
timestamp

  0   0%0.00kB/s0:00:00
 13 100%   12.70kB/s0:00:00 (xfr#1, to-chk=0/1)

sent 43 bytes  received 104 bytes  294.00 bytes/sec
total size is 13  speedup is 0.09
rsync: failed to connect to feed.openvas.org (89.146.224.58): Connection
refused (111)
rsync: failed to connect to feed.openvas.org (2a01:130:2000:127::d1):
Cannot assign requested address (99)
rsync error: error in socket IO (code 10) at clientserver.c(127)
[Receiver=3.1.3]
OpenVAS community feed server - http://www.openvas.org/
This service is hosted by Greenbone Networks - http://www.greenbone.net/

All transactions are logged.

If you have any questions, please use the OpenVAS mailing lists
or the OpenVAS IRC chat. See http://www.openvas.org/ for details.

By using this service you agree to our terms and conditions.

Only one sync per time, otherwise the source ip will be blocked.

receiving incremental file list
plugin_feed_info.inc

  0   0%0.00kB/s0:00:00
  1,131 100%1.08MB/s0:00:00 (xfr#1, to-chk=0/1)

sent 43 bytes  received 1,235 bytes  2,556.00 bytes/sec
total size is 1,131  speedup is 0.88
rsync: failed to connect to feed.openvas.org (89.146.224.58): Connection
refused (111)
rsync: failed to connect to feed.openvas.org (2a01:130:2000:127::d1):
Cannot assign requested address (99)
rsync error: error in socket IO (code 10) at clientserver.c(127)
[Receiver=3.1.3]

> 
> ---
> 
> [root@openvas:~]$ /usr/local/bin/openvas-sync
> OpenVAS community feed server - http://www.openvas.org/
> This service is hosted by Greenbone Networks - http://www.greenbone.net/
> 
> All transactions are logged.
> 
> If you have any questions, please use the OpenVAS mailing lists
> or the OpenVAS IRC chat. See http://www.openvas.org/ for details.
> 
> By using this service you agree to our terms and conditions.
> 
> Only one sync per time, otherwise the source ip will be blocked.
> 
> receiving incremental file list
> timestamp
>  13 100%   12.70kB/

[Openvas-discuss] rsync: failed to connect to feed.openvas.org (89.146.224.58): Connection refused

[Reindl Harald]

rsync: failed to connect to feed.openvas.org (89.146.224.58): Connection
refused

and why?

that obviosuly happened also end of last month
source: 91.118.73.100

---

[root@openvas:~]$ /usr/local/bin/openvas-sync
OpenVAS community feed server - http://www.openvas.org/
This service is hosted by Greenbone Networks - http://www.greenbone.net/

All transactions are logged.

If you have any questions, please use the OpenVAS mailing lists
or the OpenVAS IRC chat. See http://www.openvas.org/ for details.

By using this service you agree to our terms and conditions.

Only one sync per time, otherwise the source ip will be blocked.

receiving incremental file list
timestamp
 13 100%   12.70kB/s0:00:00 (xfr#1, to-chk=0/1)

sent 43 bytes  received 106 bytes  99.33 bytes/sec
total size is 13  speedup is 0.09
rsync: failed to connect to feed.openvas.org (89.146.224.58): Connection
refused (111)
rsync: failed to connect to feed.openvas.org (2a01:130:2000:127::d1):
Cannot assign requested address (99)
rsync error: error in socket IO (code 10) at clientserver.c(127)
[Receiver=3.1.3]
OpenVAS community feed server - http://www.openvas.org/
This service is hosted by Greenbone Networks - http://www.greenbone.net/
___
Openvas-discuss mailing list
Openvas-discuss@wald.intevation.org
https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss

Re: [Openvas-discuss] Failed to start LSB: remote network security auditor - scanner.

[Reindl Harald]

Am 29.08.2018 um 11:55 schrieb Davide:
> Done, but it's not working.
> Now, it's "activating" since 45 minutes.

than i am out of ideas but raise the timeout is a good idea anyways
because some openvas services really takes time to start and i had them
killed with timeout at boot before increase the setting on otherwise
perfectly working setup

> Il giorno mer 29 ago 2018 alle ore 10:46 Reindl Harald
>  ha scritto:
>>
>>
>>
>> Am 29.08.2018 um 09:45 schrieb Davide:
>>> Thank you;
>>> In my / etc / systemd / system directory I never see
>>> openvas-scanner.service but only greenbone-security-assistant.service
>>> -> dev / null
>>
>> RTFM!
>>
>> /etc/systemd/systemd/ is for your own overrides and on any proper
>> distribution you can override sysvinitscripts by create a identical
>> named .service file there
>>
>> /etc/systemd/system/servicename.service.d/ is for drop-ins - RTFM again
___
Openvas-discuss mailing list
Openvas-discuss@wald.intevation.org
https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss

Re: [Openvas-discuss] Failed to start LSB: remote network security auditor - scanner.

[Reindl Harald]

Am 29.08.2018 um 09:45 schrieb Davide:
> Thank you;
> In my / etc / systemd / system directory I never see
> openvas-scanner.service but only greenbone-security-assistant.service
> -> dev / null

RTFM!

/etc/systemd/systemd/ is for your own overrides and on any proper
distribution you can override sysvinitscripts by create a identical
named .service file there

/etc/systemd/system/servicename.service.d/ is for drop-ins - RTFM again
___
Openvas-discuss mailing list
Openvas-discuss@wald.intevation.org
https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss

Re: [Openvas-discuss] Failed to start LSB: remote network security auditor - scanner.

[Reindl Harald]

Am 28.08.2018 um 17:30 schrieb Leonardo Lanzi:
> On 08/28/2018 05:12 PM, Reindl Harald wrote:
>> Am 28.08.2018 um 16:33 schrieb Studente di Ingegneria:
>>> ● openvas-scanner.service - LSB: remote network security auditor - scanner
>>>
>>>    Loaded: loaded (/etc/init.d/openvas-scanner; generated)
>>>    Active: failed (Result: timeout) since Tue 2018-08-28 14:08:15 UTC;
>> get rid of that damned sysvinit scripts in 2018
> 
> really you think is a sysv problem?
> 
> With Ubuntu??
> 
> In 2018
> 
> Come on!!!
> 
>  and try to increase
>> TimeoutSec

better be quiet when you don't understand the topic!

* Loaded: loaded (/etc/init.d/openvas-scanner; generated)
* Active: failed (Result: timeout)
* come on, set "TimeoutSec" for systemd in your sysv script

my "TimeoutSec=1200" in /etc/systemd/system/openvas-scanner.service
which overrides the distri version (otherwise iot won't be in
/etc/systemd) is the reason for the whole override
___
Openvas-discuss mailing list
Openvas-discuss@wald.intevation.org
https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss

Re: [Openvas-discuss] Failed to start LSB: remote network security auditor - scanner.

[Reindl Harald]

Am 28.08.2018 um 16:33 schrieb Studente di Ingegneria:
> I’m having issues with my OpenVAS9 machine running on Ubuntu 18.04.1
> LTS: the database is preventing the scanner from starting, as you can
> see below:
> 
> 
> ● openvas-scanner.service - LSB: remote network security auditor - scanner
> 
>    Loaded: loaded (/etc/init.d/openvas-scanner; generated)
>    Active: failed (Result: timeout) since Tue 2018-08-28 14:08:15 UTC;
> 4min 50s ago
>    Docs: man:systemd-sysv-generator(8)
>    Process: 1121 ExecStart=/etc/init.d/openvas-scanner start
> (code=killed, signal=TERM)
>    Tasks: 1 (limit: 4915)
>    CGroup: /system.slice/openvas-scanner.service
>            └─1345 /usr/sbin/openvassd

get rid of that damned sysvinit scripts in 2018 and try to increase
TimeoutSec

[root@openvas:~]$ cat /etc/systemd/system/openvas-scanner.service
[Unit]
Description=OpenVAS Scanner
After=network.service
Before=openvas-manager.service

[Service]
Type=forking
ExecStart=/usr/sbin/openvassd

Environment="LANG=en_GB.UTF-8"
Restart=always
RestartSec=1
TimeoutSec=1200

[Install]
WantedBy=multi-user.target
___
Openvas-discuss mailing list
Openvas-discuss@wald.intevation.org
https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss

Re: [Openvas-discuss] SSL Certificates

[Reindl Harald]

Am 07.07.2018 um 19:39 schrieb Robert Fitzpatrick:
> Reindl Harald wrote:
>> openvassd.conf *is not* the admin GUI - it's that easy
>> it's the scanner-daemon, the webui is gsad
>>
> 
> I wondered as I did think that was related to scanner, but it was the
> only place found with search for certs. I only find gsad_log.conf in
> same directory, how can one update the certs for the admin GUI?

gsad --help
man systemd

--ssl-private-key= Use  as the private key for HTTPS
--ssl-certificate= Use  as the certificate for HTTPS

[root@openvas:~]$ cat /etc/systemd/system/openvas-gsa.service
[Unit]
Description=OpenVAS Greenbone Security Assistant
After=network.service openvas-scanner.service openvas-manager.service

[Service]
Type=forking
ExecStart=/usr/sbin/gsad --port=443 --gnutls-priorities=SECURE128

Environment="LANG=en_GB.UTF-8"
Restart=always
RestartSec=1
TimeoutSec=1200

[Install]
WantedBy=multi-user.target
___
Openvas-discuss mailing list
Openvas-discuss@wald.intevation.org
https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss

Re: [Openvas-discuss] SSL Certificates

[Reindl Harald]

openvassd.conf *is not* the admin GUI - it's that easy
it's the scanner-daemon, the webui is gsad

Am 07.07.2018 um 18:03 schrieb Robert Fitzpatrick:
> I tried to change the certificate for the admin GUI, key and ca file
> with Let's Encrypt cert files but site keeps using the OpenVAS cert. I
> have tried restarting both openvas-manager and openvas-scanner services
> on this CentOS 7 server. Apache already uses same certs OK. I verified
> the paths and don't find anything about certs in the docs.
> 
> Should what I'm updating work? Even tried to move the certs as I've had
> issues in the past with perms and LE certs location
> 
> [root@www ~]# tail -3 /etc/openvas/openvassd.conf
> cert_file=/etc/ssl/certs/cert.pem
> key_file=/etc/ssl/certs/privkey.pem
> ca_file=/etc/ssl/certs/chain.pem
> [root@www ~]# ls -lah /etc/ssl/certs/*pem
> -rw-r--r-- 1 root root 2.2K Jul  7 10:50 /etc/ssl/certs/cert.pem
> -rw-r--r-- 1 root root 1.7K Jul  7 10:50 /etc/ssl/certs/chain.pem
> -rw-r--r-- 1 root root 3.8K Jul  7 10:50 /etc/ssl/certs/fullchain.pem
> -rw-r--r-- 1 root root 1.7K Jul  7 10:50 /etc/ssl/certs/privkey.pem
___
Openvas-discuss mailing list
Openvas-discuss@wald.intevation.org
https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss

Re: [Openvas-discuss] No OpenVAS SCAP database found

[Reindl Harald]

receiving incremental file list
rsync: opendir "/scap-download" (in scap-data) failed: Permission denied
(13)
IO error encountered -- skipping file deletion

Am 17.05.2018 um 21:48 schrieb Xinhuan Zheng:
> Hello,
> 
> Today when I set up a brand new OpenVAS server on CentOS 7 system, after
> running openvas-setup, I received below error when logging into GUI:
> 
> Warning: SecInfo Database Missing
> 
> I ran openvas-check-setup -v9. There is errors:
> 
> Step 2: Checking OpenVAS Manager ...
>         OK: OpenVAS Manager is present in version 7.0.2.
>         OK: OpenVAS Manager database found in /var/lib/openvas/mgr/tasks.db.
>         OK: Access rights for the OpenVAS Manager database are correct.
>         OK: sqlite3 found, extended checks of the OpenVAS Manager
> installation enabled.
>         OK: OpenVAS Manager database is at revision 184.
>         OK: OpenVAS Manager expects database at revision 184.
>         OK: Database schema is up to date.
>         OK: OpenVAS Manager database contains information about 45004 NVTs.
>         OK: At least one user exists.
>         ERROR: No OpenVAS SCAP database found. (Tried:
> /var/lib/openvas/scap-data/scap.db)
>         FIX: Run a SCAP synchronization script like greenbone-scapdata-sync.
> 
>  ERROR: Your OpenVAS-9 installation is not yet complete!
> 
> However, when I tried to run /usr/sbin/greenbone-scapdata-sync, I
> received below errors:
> 
> #  /usr/sbin/greenbone-scapdata-sync
> OpenVAS community feed server - http://www.openvas.org/
> This service is hosted by Greenbone Networks - http://www.greenbone.net/
> 
> All transactions are logged.
> 
> If you have any questions, please use the OpenVAS mailing lists
> or the OpenVAS IRC chat. See http://www.openvas.org/ for details.
> 
> By using this service you agree to our terms and conditions.
> 
> Only one sync per time, otherwise the source ip will be blocked.
> 
> receiving incremental file list
> timestamp
>              13 100%   12.70kB/s    0:00:00 (xfr#1, to-chk=0/1)
> 
> sent 43 bytes  received 105 bytes  98.67 bytes/sec
> total size is 13  speedup is 0.09
> OpenVAS community feed server - http://www.openvas.org/
> This service is hosted by Greenbone Networks - http://www.greenbone.net/
> 
> All transactions are logged.
> 
> If you have any questions, please use the OpenVAS mailing lists
> or the OpenVAS IRC chat. See http://www.openvas.org/ for details.
> 
> By using this service you agree to our terms and conditions.
> 
> Only one sync per time, otherwise the source ip will be blocked.
> 
> receiving incremental file list
> rsync: opendir "/scap-download" (in scap-data) failed: Permission denied
> (13)
> IO error encountered -- skipping file deletion
> ./
> timestamp
>              13 100%   12.70kB/s    0:00:00 (xfr#1, to-chk=102/162)
> 
> sent 99 bytes  received 4,236 bytes  2,890.00 bytes/sec
> total size is 1,866,433,683  speedup is 430,549.87
> rsync error: some files/attrs were not transferred (see previous errors)
> (code 23) at main.c(1650) [generator=3.1.2]
> 
> Can someone please help?
___
Openvas-discuss mailing list
Openvas-discuss@wald.intevation.org
https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss

Re: [Openvas-discuss] Is too much power disruptive?

[Reindl Harald]

Am 25.04.2018 um 22:16 schrieb Peter Collins:
> I'm currently scanning on a 4-core vm with 4gm ram, in Virtualbox on a
> laptop, within OSSIM. Traffic average during a scan is about 4kB/s
> (kiloBYTES). Network pipe is not the bottleneck. It can provide 20mb/s
> (megaBITS) easily. If I get a 12-core/24-thread server with SSD and 32G
> ram, will the scans go faster, all settings being the same? And, will it
> hammer on the targets too hard and disrupt them?

as both sides and a ton of params are involved it won't be magically
faster unless you raise the number of concurrent NVT's and if a simple
security scan will disrupt the target you have bigger problems at all

"please no asshat questions about bytes and bits. I have indicated
clearly" which is pretty idiotic when you just could wirte it correct
from the start and "4gm ram" is nosense at all
___
Openvas-discuss mailing list
Openvas-discuss@wald.intevation.org
https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss

Re: [Openvas-discuss] Private or Corporate CAs

[Reindl Harald]

Am 11.04.2018 um 15:21 schrieb Alex Smirnoff:
> On Tue, Apr 10, 2018 at 10:16:39PM +0200, Reindl Harald wrote:
>> what the hell are you argue here?
> 
> Show. Me. A. Real. Attack. Scenario. Where. It. Matters.
> 
> Then I would fix. "Because OpenVAS does not like it" may be good enough
> reason if a person who does the scans asks politely. But only in that
> case

well, and others instead make a drama are happy that it get pointed out
and they have 2 options:

* override and ignore it
* fix it and be done

in the whole time you write responses how smart you are you could have
done both multiple times

"Man, I work in information security for fscking 30 years. I got my
first CSO job at 1996. And i spent significant share of those years
kicking checklist moron's asses. It is that simple!" is completly
irrelevant because in the time i argue and kick ass i can solve the
problem and be done - it is that simple
___
Openvas-discuss mailing list
Openvas-discuss@wald.intevation.org
https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss

Re: [Openvas-discuss] Private or Corporate CAs

[Reindl Harald]

Am 10.04.2018 um 19:39 schrieb Alex Smirnoff:
> I dare to say any "external security audit" which considers that being a
> problem is pefromed by morons that should be replaced ASAP.

you have no idea from the real world

external audits are typically ordered by customers and done by
independent companies, they have checklists and when you are too stupid
to get your shit done you are wrong at your place - it#s really that simple

> No, I won't get fired, for sure. And I won't work for any employer where
> I could get fired for standing my point.

frankly you should get fired for that idiot discussion showing that you
are a moron too stupid for set a simple override or get your fucking
internal CA to a state-of-the-art setup

what the hell are you argue here?

fix your shit or tell OpenVAS that the shit is OK and until you learned
to operate your mail-client (no need for a private copy) by silent

> On Tue, Apr 10, 2018 at 05:16:43PM +0200, Reindl Harald wrote:
>>
>>
>> Am 10.04.2018 um 17:12 schrieb Alex Smirnoff:
>>> Could you elaborate an attack scenario that depends on root certificate
>>> signature?
>>>
>>> The job of security scanner is not to point at any shit, it is to point
>>> at dangerous shit.
>>
>> it's job is to point out shit which would lead to not survive a external
>> security audit where you get simply fired when you argue like that so
>> that you can fix your crap before
>>
>> in the time you are complaining here instead make the needed overrides
>> you could have replaced your crap all over the infrastructure easily
>>
>> and if it's not doable in that time your infrastructure is crap because
>> nobody gave a shit thinking about automated certificate replacement /
>> deplyoment
>>
>>> On Mon, Apr 09, 2018 at 10:26:54AM +0200, Reindl Harald wrote:
>>>> jesus add a override and you are done
>>>>
>>>> MD5/SHA1 certificates are shit and it's th ejob of a security scanner to
>>>> point that out - for anything which you don't want to see local
>>>> overrides are the way to go
>>>>
>>>> Am 07.04.2018 um 18:32 schrieb Alex Smirnoff:
>>>>> Huh?
>>>>>
>>>>> It is relevant. But it is irrelevant for anything that is self-signed.
>>>>> Isn't it obvious?
>>>>>
>>>>> On Thu, Mar 29, 2018 at 08:41:25PM +0200, Reindl Harald wrote:
>>>>>>
>>>>>>
>>>>>> Am 29.03.2018 um 20:29 schrieb Alex Smirnoff:
>>>>>>> Could you elaborate, exactly how weak hash could matter for self-signed
>>>>>>> certificate? Without vague references like "if you don't want to trust
>>>>>>> the NSA and NIST". I do not see any of those organisations stating that
>>>>>>> weak hash is dangerous for a situation where signature itself is
>>>>>>> irrelevant
>>>>>>
>>>>>> if the signature is irrelevant why do you use https at all?
>>>>>> WTF!
>>>>>>
>>>>>> there is no technical difference between your self-signed stuff or
>>>>>> certificates signed by a public CA except that you *one time* need to 
>>>>>> make
>>>>>> an exception in the client
___
Openvas-discuss mailing list
Openvas-discuss@wald.intevation.org
https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss

Re: [Openvas-discuss] Private or Corporate CAs

[Reindl Harald]

Am 10.04.2018 um 17:12 schrieb Alex Smirnoff:
> Could you elaborate an attack scenario that depends on root certificate
> signature?
> 
> The job of security scanner is not to point at any shit, it is to point
> at dangerous shit.

it's job is to point out shit which would lead to not survive a external
security audit where you get simply fired when you argue like that so
that you can fix your crap before

in the time you are complaining here instead make the needed overrides
you could have replaced your crap all over the infrastructure easily

and if it's not doable in that time your infrastructure is crap because
nobody gave a shit thinking about automated certificate replacement /
deplyoment

> On Mon, Apr 09, 2018 at 10:26:54AM +0200, Reindl Harald wrote:
>> jesus add a override and you are done
>>
>> MD5/SHA1 certificates are shit and it's th ejob of a security scanner to
>> point that out - for anything which you don't want to see local
>> overrides are the way to go
>>
>> Am 07.04.2018 um 18:32 schrieb Alex Smirnoff:
>>> Huh?
>>>
>>> It is relevant. But it is irrelevant for anything that is self-signed.
>>> Isn't it obvious?
>>>
>>> On Thu, Mar 29, 2018 at 08:41:25PM +0200, Reindl Harald wrote:
>>>>
>>>>
>>>> Am 29.03.2018 um 20:29 schrieb Alex Smirnoff:
>>>>> Could you elaborate, exactly how weak hash could matter for self-signed
>>>>> certificate? Without vague references like "if you don't want to trust
>>>>> the NSA and NIST". I do not see any of those organisations stating that
>>>>> weak hash is dangerous for a situation where signature itself is
>>>>> irrelevant
>>>>
>>>> if the signature is irrelevant why do you use https at all?
>>>> WTF!
>>>>
>>>> there is no technical difference between your self-signed stuff or
>>>> certificates signed by a public CA except that you *one time* need to make
>>>> an exception in the client
___
Openvas-discuss mailing list
Openvas-discuss@wald.intevation.org
https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss

Re: [Openvas-discuss] Private or Corporate CAs

[Reindl Harald]

jesus add a override and you are done

MD5/SHA1 certificates are shit and it's th ejob of a security scanner to
point that out - for anything which you don't want to see local
overrides are the way to go

Am 07.04.2018 um 18:32 schrieb Alex Smirnoff:
> Huh?
> 
> It is relevant. But it is irrelevant for anything that is self-signed.
> Isn't it obvious?
> 
> On Thu, Mar 29, 2018 at 08:41:25PM +0200, Reindl Harald wrote:
>>
>>
>> Am 29.03.2018 um 20:29 schrieb Alex Smirnoff:
>>> Could you elaborate, exactly how weak hash could matter for self-signed
>>> certificate? Without vague references like "if you don't want to trust
>>> the NSA and NIST". I do not see any of those organisations stating that
>>> weak hash is dangerous for a situation where signature itself is
>>> irrelevant
>>
>> if the signature is irrelevant why do you use https at all?
>> WTF!
>>
>> there is no technical difference between your self-signed stuff or
>> certificates signed by a public CA except that you *one time* need to make
>> an exception in the client

___
Openvas-discuss mailing list
Openvas-discuss@wald.intevation.org
https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss

Re: [Openvas-discuss] "Are you dead?" Really?

[Reindl Harald]

the new enigmail autocrypt is a piece of shit

in the thunerbird preview aithout anigmail you see only the large header 
with no scrollbars and only when you reply or open the message in a new 
window you can see the content


Am 29.03.2018 um 20:29 schrieb Christian Fischer:

Hi,

On 29.03.2018 19:48, Andrew Robinson wrote:

I’ve searched through the NVTs and can’t find where this string is sourced. 
Does anyone know?


looks like this string is sent if a NVT is calling the "end_denial()"
function defined here:

https://github.com/greenbone/gvm-libs/blob/v8.0.10/nasl/nasl_misc_funcs.c#L291

Currently only NVTs launched in the "Ultimate" scan configs or in own
defined scan configurations with disabled safe checks are calling this
function.

If hosts, especially printers are scanned with such scan configs
side-effects like this (or even worse like killed hosts) can happen at
any time.

___
Openvas-discuss mailing list
Openvas-discuss@wald.intevation.org
https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss

Re: [Openvas-discuss] Private or Corporate CAs

[Reindl Harald]

Am 29.03.2018 um 20:29 schrieb Alex Smirnoff:

Could you elaborate, exactly how weak hash could matter for self-signed
certificate? Without vague references like "if you don't want to trust
the NSA and NIST". I do not see any of those organisations stating that
weak hash is dangerous for a situation where signature itself is
irrelevant


if the signature is irrelevant why do you use https at all?
WTF!

there is no technical difference between your self-signed stuff or 
certificates signed by a public CA except that you *one time* need to 
make an exception in the client

___
Openvas-discuss mailing list
Openvas-discuss@wald.intevation.org
https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss

Re: [Openvas-discuss] how to minimize harm when introducing vuln scanning to a network

[Reindl Harald]

Am 16.03.2018 um 20:41 schrieb Thomas Reinke:

LOL - you might be saying thank you as you pick up your pink slip/are
escorted out the door for impacting a production system with that
sentiment.


luckily i have the power of control the whole hardware and software 
stack and since i am not an idiot such test would happen first late at 
night where you can manage such a outage and if it happens the first 
task next day would be seek for a replacement


anyways, no attacker ever will care about this and so the outage is 
better suited at a planned schedule if it happens than at a random point 
in time where nobody expected it and can explain what happend - you get 
secorted out the door if your firewall is randomly and repeatly down and 
only god knows why because you are nice when testing your things so 
everybody but you triggers issues - worthless tests if it is vulnerable 
and can be knocked out by anybody but you don't try it



The ultimate answer is dependent upon sensitivities around your assets.
The more sensitive you are, the more you work to manage those 
sensitivities.


If nessus didn't present any issues, that's a good sign that your
system is likely robust enough, and I'd frame any plans in that
context (i.e. this is doing exactly what and how the external
contractor did it).

If additional concerns have been raised since then, you simply need
to address those - and they are specific to you (usually not a
technology problem).

In general, concerns are always around the unknowns and 'what if'.
To deal with that:

1) Know when your peak resource load times are (be it CPU, memory,
    bandwidth, whatever).   Avoid them, unless you of course are
    attempting to perform a peak test (but then, that's no longer
    a security issue).
2) Know when your peak sensitivity times are (Christmas shopping
    season? Hmmm...  Time for JD Powers to assess your reliability?
    Again...maybe avoid that.
3) Know what controls are in place to keep your assets secure even
    if you don't run an audit (regular patching?  Keeping abreast
    of advisories?).
4) If you are just starting with in-house scanning, roll out your
    scanning procedures from least important assets first to the
    most important ones last.  That will build confidence in the
    processes.  Include milestones/checks along the way that you can
    report back progress to everyone to keep them happy and confident
    that the scans will provide information without being disruptive.

There is no one-size fits all.  Tailor it to the people that have
a vested interest in what you do and why you do it, and you'll be
in good shape.

Thomas


On 03/14/2018 04:43 PM, Reindl Harald wrote:



Am 14.03.2018 um 21:06 schrieb Eero Volotinen:
I usually prefer lower scan speed as too intensive can crash firewall 
devices..


if a security scan from a single node crashs your firewall device you 
should say "thank you" for konwing that this crap needs to be replaced 
ASAP


real attackers don't care as you do

14.3.2018 22.01 "TJ" <j...@twcny.rr.com <mailto:j...@twcny.rr.com>> 
kirjoitti:


    I would exclude networked printers as the scans can cause them to
    produce volumes of printed gibberish (found out the hard way)

    Yes, definitely scan during maintenance windows/non-business hours
    until you see how well it plays in your environment.  Not to mention
    with less network traffic and systems activity, the scans should
    finish a lot sooner


    On 3/14/2018 3:53 PM, Peter Collins wrote:

    (Sorry if this is a repost. I had a technical issue with my first
    attempt)

    I would like to use OSSIM's OpenVAS component to run asset and
    vulnerability scans on both prod and non-prod. Like every place,
    we want to make sure the IT infrastructure is not harmed or
    jeopardized.

    So what is due care when introducing scanning? Should I do the
    asset scans only during maintenance windows to start off, to make
    sure nothing gets broken? Or are the non destructive, non
    authenticated scans considered safe enough to run during
    production hours, on production assets?

    I should add that Nessus has been used by an outside contractor
    without issue, on our network.

    Thanks so much in advance

___
Openvas-discuss mailing list
Openvas-discuss@wald.intevation.org
https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss

Re: [Openvas-discuss] how to minimize harm when introducing vuln scanning to a network

[Reindl Harald]

Am 14.03.2018 um 21:06 schrieb Eero Volotinen:
I usually prefer lower scan speed as too intensive can crash firewall 
devices..


if a security scan from a single node crashs your firewall device you 
should say "thank you" for konwing that this crap needs to be replaced ASAP


real attackers don't care as you do

14.3.2018 22.01 "TJ" > 
kirjoitti:


I would exclude networked printers as the scans can cause them to
produce volumes of printed gibberish (found out the hard way)

Yes, definitely scan during maintenance windows/non-business hours
until you see how well it plays in your environment.  Not to mention
with less network traffic and systems activity, the scans should
finish a lot sooner


On 3/14/2018 3:53 PM, Peter Collins wrote:

(Sorry if this is a repost. I had a technical issue with my first
attempt)

I would like to use OSSIM's OpenVAS component to run asset and
vulnerability scans on both prod and non-prod. Like every place,
we want to make sure the IT infrastructure is not harmed or
jeopardized.

So what is due care when introducing scanning? Should I do the
asset scans only during maintenance windows to start off, to make
sure nothing gets broken? Or are the non destructive, non
authenticated scans considered safe enough to run during
production hours, on production assets?

I should add that Nessus has been used by an outside contractor
without issue, on our network.

Thanks so much in advance

___
Openvas-discuss mailing list
Openvas-discuss@wald.intevation.org
https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss

Re: [Openvas-discuss] Installing OpenVAS in CentOS 7 VM

[Reindl Harald]

Am 26.02.2018 um 14:03 schrieb Jerry Lotto:

So one problem I found with the v9 install was the cron script to update 
plugins and nvts.  It referenced /usr/sbin/openvas-nvt-sync which no longer 
exists.  I changed it to greenbone-nvt-sync and now that works but the scanner 
still hangs up.  BTW /var/cache/openvas is empty


[root@openvas:~]$ cat /usr/local/bin/openvas-sync
#!/usr/bin/dash
greenbone-certdata-sync
greenbone-scapdata-sync
greenbone-nvt-sync

while that's Fedora 26 i guess CentOS7 won't be that much different for v9
___
Openvas-discuss mailing list
Openvas-discuss@wald.intevation.org
https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss

Re: [Openvas-discuss] openvas not getting installed

[Reindl Harald]

Am 17.02.2018 um 14:39 schrieb Christian Fischer:

On 13.02.2018 14:48, Amit Bhatia wrote:

I am trying to install Openvas but getting the attached error.


The "ERROR" text shows your issue and the "FIX" shows what to do to
solve this. Please consult the redis manpage/manual or the Kali Linux
support forums how to apply the "FIX" to your operating system


maybe OpenVAS should start to parse the /etc/redis.conf and seek for 
"unixsocket" to avoid every second day another guy comes with the same 
question

___
Openvas-discuss mailing list
Openvas-discuss@wald.intevation.org
https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss

Re: [Openvas-discuss] redis-server is nor tunning or listening onsocket: /var/run/redis/redis.sock

[Reindl Harald]

Am 15.02.2018 um 05:03 schrieb Espresso Beanies:
There’s a known issue that rebooting OpenVAS9 will cause redis to 
continue crashing. No way around it other than reinstalling version 9 or 
reverting to version 8


no - period

[root@openvas:~]$ rpm -qa | grep openvas
openvas-scanner-5.1.1-1.fc26.x86_64
openvas-libraries-9.0.1-1.fc26.x86_64
openvas-gsa-7.0.2-2.fc26.x86_64
openvas-cli-1.4.5-3.fc26.x86_64
openvas-manager-7.0.2-1.fc26.x86_64

[root@openvas:~]$ rpm -q redis
redis-4.0.6-1.fc26.x86_64


*From: *Ayo Folorunso Agunbiade <mailto:ayo.agunbia...@gmail.com>
*Sent: *14 février 2018 17:45
*To: *None <mailto:espressobean...@gmail.com>
*Cc: *Reindl Harald <mailto:h.rei...@thelounge.net>; 
openvas-discuss@wald.intevation.org 
<mailto:openvas-discuss@wald.intevation.org>
*Subject: *Re: [Openvas-discuss] redis-server is nor tunning or 
listening onsocket: /var/run/redis/redis.sock


OpenVAS 9

I think I did reboot but not sure though.

On Wed, Feb 14, 2018 at 3:04 PM, None <espressobean...@gmail.com 
<mailto:espressobean...@gmail.com>> wrote:


Ayo,

What version of OpenVAS are you running? 8 or 9?

Did you reboot OpenVAS after it was initially working to get the
"redis" error?

On Tue, Feb 13, 2018 at 12:43 PM, Reindl Harald
<h.rei...@thelounge.net <mailto:h.rei...@thelounge.net>> wrote:



Am 13.02.2018 um 18:38 schrieb Ayo Folorunso Agunbiade:

I am receiving ERROR: redis-server is nor tunning or
listening on socket: /var/run/redis/redis.sock
FIX: You should start the redis-server or configure it to
listen on socket: /var/run/redis/redis.sock


what about set it in /etc/redis.conf

unixsocket /var/run/redis/redis.sock
unixsocketperm 0777

since oyu don't give any useful information
https://www.freedesktop.org/software/systemd/man/tmpfiles.d.html
explains how to make sure "/var/run/redis" exists after reboot
in case of a modern os where /var/run points to /run which is tmpfs

___
Openvas-discuss mailing list
Openvas-discuss@wald.intevation.org
https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss

Re: [Openvas-discuss] redis-server is nor tunning or listening on socket: /var/run/redis/redis.sock

[Reindl Harald]

Am 13.02.2018 um 18:38 schrieb Ayo Folorunso Agunbiade:
I am receiving ERROR: redis-server is nor tunning or listening on 
socket: /var/run/redis/redis.sock
FIX: You should start the redis-server or configure it to listen on 
socket: /var/run/redis/redis.sock


what about set it in /etc/redis.conf

unixsocket /var/run/redis/redis.sock
unixsocketperm 0777

since oyu don't give any useful information 
https://www.freedesktop.org/software/systemd/man/tmpfiles.d.html 
explains how to make sure "/var/run/redis" exists after reboot in case 
of a modern os where /var/run points to /run which is tmpfs

___
Openvas-discuss mailing list
Openvas-discuss@wald.intevation.org
https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss

Re: [Openvas-discuss] upgrade from openvas 6.0.11 to a newer version

[Reindl Harald]

Am 24.01.2018 um 15:21 schrieb OpenVAS User:
I noticed that due to a bug I cannot schedule new scans in 2018 and this 
is apparently being fixed in a new release.
How can I upgrade my openvas to a newer version, possibly the latest, or 
at least one that will allow me to run a new schedule?


who knows without mentioning anything else than the openvas version

* what distribution
* how is the stuff installed now

Fedora:
openvas-libraries-9.0.1-1.fc26.x86_64
openvas-gsa-7.0.2-2.fc26.x86_64
openvas-cli-1.4.5-3.fc26.x86_64
openvas-scanner-5.1.1-1.fc26.x86_64
openvas-manager-7.0.2-1.fc26.x86_64
___
Openvas-discuss mailing list
Openvas-discuss@wald.intevation.org
https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss

[Openvas-discuss] spank.c

[Reindl Harald]

besides that there is a never triggered drop rule for source 
"224.0.0.0/4" i doubt "Your machine crashed when it received a TCP 
packet that were coming  from a multicast address" because the machinbe 
is fine


0 0 DROP   all  --  eth1   *   224.0.0.0/4  0.0.0.0/0
___

Your machine answers to TCP packets that are coming from a multicast 
address. This is known as the 'spank' denial of service attack.

Ergebnis zur Schwachstellenerkennung

Your machine crashed when it received a TCP packet that were coming
from a multicast address. This is known as the 'spank' denial of
service attack.

An attacker might use this flaw to shut down this server, thus
preventing you from working properly.

Solution: contact your operating system vendor for a patch.
Filter out multicast addresses (224.0.0.0/4)

An attacker might use this flaw to shut down this server and saturate 
your network, thus preventing you from working properly. This also could 
be used to run stealth scans against your machine.

Lösung

contact your operating system vendor for a patch. Filter out multicast 
addresses (224.0.0.0/4)

___
Openvas-discuss mailing list
Openvas-discuss@wald.intevation.org
https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss

Re: [Openvas-discuss] NFS Vulnerability issue

[Reindl Harald]

Am 13.12.2017 um 19:18 schrieb amit:
Can anyone please help me finding the nfs vulnerability , my OpenVAS is 
working perfectly, all the plugins are loaded.


its CentOS , i have stopped the  iptables  ,,, but then also not able to 
capture any vulnerability ,,, nfs is installed ...

http://www.catb.org/esr/faqs/smart-questions.html
___
Openvas-discuss mailing list
Openvas-discuss@wald.intevation.org
https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss

Re: [Openvas-discuss] KALI 2017.1 - OPENVAS

[Reindl Harald]

Am 12.12.2017 um 15:37 schrieb Edgardo Ghibaudo:
When I start OPENVAS (last version available from repository) on KALI 
2017.1 with openvas-start command, I receive the following error on 
openvas-manager:


*|openvas-manager.service never wrote its PID file. Failing.|*

Do you know how to bypass the problem ?


you remove the pid file nonsense from the systemd unit

[root@openvas:~]$ cat /etc/systemd/system/openvas-manager.service
[Unit]
Description=OpenVAS Manager
After=network.service openvas-scanner.service

[Service]
Type=forking
ExecStart=/usr/sbin/openvasmd

Environment="LANG=en_GB.UTF-8"
Restart=always
RestartSec=1
TimeoutSec=1200

[Install]
WantedBy=multi-user.target
___
Openvas-discuss mailing list
Openvas-discuss@wald.intevation.org
https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss

[Openvas-discuss] !SUBJECT! Re: Openvas-discuss Digest, Vol 131, Issue 1

[Reindl Harald]

and don't write braindead mails with "Openvas-discuss Digest, Vol 131, 
Issue 1" as subject - if you are subscribed for digest mails you are 
supposed to be a silent lurker or at least when you really think you 
need to break threaing for everybody change the subject to something useful


Am 05.12.2017 um 13:45 schrieb TMC:
1. Please understand the nature of this vulnerability before you ask 
questions about it.
2. Also recently Intel have issued a tool to test for these issues, so 
you might want to check with the Intel tool and see what it has to say. 
see here for morem informationh: 
https://security-center.intel.com/advisory.aspx?intelid=INTEL-SA-00086=en-fr

3. Your laptop might not be vulnerable, so no detection would occur.

On 5 December 2017 at 22:53, Luca Sirianni > wrote:


Hi, is a laptop, not a server so port 80 is not going to be open
inbound.
Does this mean that this way the vulnerability cannot be detected
from OpenVAS?


___
Openvas-discuss mailing list
Openvas-discuss@wald.intevation.org
https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss

Re: [Openvas-discuss] REDIS-SERVER SOCKET PROBLEM

[Reindl Harald]

Am 26.11.2017 um 10:24 schrieb Παναγιώτης Λεόντιος:

Could you please help with the fails of the redis-server as shown below in 
service status (e.g. Advanced key-value store)?


http://www.catb.org/esr/faqs/smart-questions.html#beprecise

only for "/lib/systemd/system/redis-server.service; disabled" 
(independent of the start problem where you don't provide any useful 
informations to help you) i would suggest to hire somebody wo knows what 
he is doing when you aare obviosuly not capable to do *anything* like 
RTFM and at least "systemctl enable"



Business Engineer | Project Manager | Consultant
BEng, DIC, MSc, MBA, IRCA Lead Auditor


jesus explains a lot


-Original Message-
From: Παναγιώτης Λεόντιος [mailto:leonti...@ath.forthnet.gr]
Sent: Sunday, November 26, 2017 10:37 AM
To: 'Reindl Harald'; 'openvas-discuss@wald.intevation.org'
Subject: RE: [Openvas-discuss] REDIS-SERVER SOCKET PROBLEM

Thank you once again.

The redis-server status is as follows, which did not change after restarting 
the service.

● redis-server.service - Advanced key-value store
Loaded: loaded (/lib/systemd/system/redis-server.service; disabled; vendor 
preset: disabled)
Active: failed (Result: signal) since Sun 2017-11-26 12:23:54 EET; 1min 58s 
ago
  Docs: http://redis.io/documentation,
man:redis-server(1)
   Process: 2303 ExecStart=/usr/bin/redis-server /etc/redis/redis.conf 
(code=exited, status=0/SUCCESS)  Main PID: 2304 (code=killed, signal=SEGV)

Nov 26 12:23:54 kali systemd[1]: redis-server.service: Service hold-off time 
over, scheduling restart.
Nov 26 12:23:54 kali systemd[1]: redis-server.service: Scheduled restart job, 
restart counter is at 5.
Nov 26 12:23:54 kali systemd[1]: Stopped Advanced key-value store.
Nov 26 12:23:54 kali systemd[1]: redis-server.service: Start request repeated 
too quickly.
Nov 26 12:23:54 kali systemd[1]: redis-server.service: Failed with result 
'signal'.
Nov 26 12:23:54 kali systemd[1]: Failed to start Advanced key-value store.


Panagiotis Leontios
Business Engineer | Project Manager | Consultant BEng, DIC, MSc, MBA, IRCA Lead 
Auditor



Am 26.11.2017 um 08:59 schrieb Παναγιώτης Λεόντιος:

Thanks for considering.

1. Yes, I think it does run, because when I run it separately it seems
working OK (so it shows from the command line)


you think?
frankly is that a joke?


2. The problem happens every time I try to start openvas services. How
should I REstart redis anyway?


as every other service?


3. The problem seems to be that for some reason the redis is not
listening on /var/run/redis/redis.sock, although in its config file
the unixsocket is just that


you evenb don#t know how to look if it is running, how to restart it, how to 
start it or how to ensure that it is started at boot which means you have a 
real problem operating your operating system

[root@openvas:~]$ systemctl status redis ? redis.service - Redis persistent 
key-value database
 Loaded: loaded (/usr/lib/systemd/system/redis.service; enabled; vendor 
preset: disabled)
Drop-In: /etc/systemd/system/redis.service.d
 ??limit.conf
 Active: active (running) since Thu 2017-11-23 11:06:01 CET; 2 days ago
   Main PID: 395 (redis-server)
  Tasks: 3 (limit: 512)
 CGroup: /system.slice/redis.service
 ??395 /usr/bin/redis-server 127.0.0.1:0


-Original Message-
From: Openvas-discuss
[mailto:openvas-discuss-boun...@wald.intevation.org]
On Behalf Of Reindl Harald
Sent: Sunday, November 26, 2017 11:19 AM
To: openvas-discuss@wald.intevation.org
Subject: Re: [Openvas-discuss] REDIS-SERVER SOCKET PROBLEM

* and *does it run* or could it be crashed?
* did you simply try to restart redis
* did you raed your systemlogs (OOM killer and freinds maybe)

http://www.catb.org/esr/faqs/smart-questions.html#beprecise

Am 26.11.2017 um 07:14 schrieb Παναγιώτης Λεόντιος:

Just after updated the openvas database (NVDs, etc.) via its standard
method, and trying to run *openvas-start*, I got an error message and
services didn?t start.

The *openvas-check-setup*, came up with the following error message:

*ERROR*: redis-server is not running or not listening on socket:
/var/run/redis/redis.sock

*FIX*: You should start the redis-server or configure it to listen on
socket: /var/run/redis/redis.sock

___
Openvas-discuss mailing list
Openvas-discuss@wald.intevation.org
https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss

Re: [Openvas-discuss] REDIS-SERVER SOCKET PROBLEM

[Reindl Harald]

Am 26.11.2017 um 08:59 schrieb Παναγιώτης Λεόντιος:

Thanks for considering.

1. Yes, I think it does run, because when I run it separately it seems
working OK (so it shows from the command line)


you think?
frankly is that a joke?


2. The problem happens every time I try to start openvas services. How
should I REstart redis anyway?


as every other service?


3. The problem seems to be that for some reason the redis is not listening
on /var/run/redis/redis.sock, although in its config file the unixsocket is
just that


you evenb don#t know how to look if it is running, how to restart it, 
how to start it or how to ensure that it is started at boot which means 
you have a real problem operating your operating system


[root@openvas:~]$ systemctl status redis
? redis.service - Redis persistent key-value database
   Loaded: loaded (/usr/lib/systemd/system/redis.service; enabled; 
vendor preset: disabled)

  Drop-In: /etc/systemd/system/redis.service.d
   ??limit.conf
   Active: active (running) since Thu 2017-11-23 11:06:01 CET; 2 days ago
 Main PID: 395 (redis-server)
Tasks: 3 (limit: 512)
   CGroup: /system.slice/redis.service
   ??395 /usr/bin/redis-server 127.0.0.1:0


-Original Message-
From: Openvas-discuss [mailto:openvas-discuss-boun...@wald.intevation.org]
On Behalf Of Reindl Harald
Sent: Sunday, November 26, 2017 11:19 AM
To: openvas-discuss@wald.intevation.org
Subject: Re: [Openvas-discuss] REDIS-SERVER SOCKET PROBLEM

* and *does it run* or could it be crashed?
* did you simply try to restart redis
* did you raed your systemlogs (OOM killer and freinds maybe)

http://www.catb.org/esr/faqs/smart-questions.html#beprecise

Am 26.11.2017 um 07:14 schrieb Παναγιώτης Λεόντιος:

Just after updated the openvas database (NVDs, etc.) via its standard
method, and trying to run *openvas-start*, I got an error message and
services didn?t start.

The *openvas-check-setup*, came up with the following error message:

*ERROR*: redis-server is not running or not listening on socket:
/var/run/redis/redis.sock

*FIX*: You should start the redis-server or configure it to listen on
socket: /var/run/redis/redis.sock

___
Openvas-discuss mailing list
Openvas-discuss@wald.intevation.org
https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss

Re: [Openvas-discuss] REDIS-SERVER SOCKET PROBLEM

[Reindl Harald]

* and *does it run* or could it be crashed?
* did you simply try to restart redis
* did you raed your systemlogs (OOM killer and freinds maybe)

http://www.catb.org/esr/faqs/smart-questions.html#beprecise

Am 26.11.2017 um 07:14 schrieb Παναγιώτης Λεόντιος:
Just after updated the openvas database (NVDs, etc.) via its standard 
method, and trying to run *openvas-start*, I got an error message and 
services didn’t start.


The *openvas-check-setup*, came up with the following error message:

*ERROR*: redis-server is not running or not listening on socket: 
/var/run/redis/redis.sock


*FIX*: You should start the redis-server or configure it to listen on 
socket: /var/run/redis/redis.sock


---

WHY suddenly it seems that the redis-server is not listening on its 
standard socket and HOW can I FIX it?


___
Openvas-discuss mailing list
Openvas-discuss@wald.intevation.org
https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss

Re: [Openvas-discuss] updating openvas certificates

[Reindl Harald]

Am 20.11.2017 um 08:49 schrieb Ralph Schell [Bright]:

Openvas 5.0 please. need instructions howto


upgrade to some supported version or google in the archives, OpenVAS 5.0 
is stoneold

___
Openvas-discuss mailing list
Openvas-discuss@wald.intevation.org
https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss

Re: [Openvas-discuss] openVAS Cookie stealer report email

[Reindl Harald]

00-12-01=month
c=loc1_info_message=alert(/openvas-xss-test/)
HTTP/1.1" 301 406 "-" "Mozilla/5.0 [en] (X11, U; OpenVAS 8.0.9)"
178.175.142.131 - - [07/Nov/2017:16:02:56 -0500] "GET
/cal/details_view.php?event_id=1=2000-12-01=month=loc1_in
fo_message=alert(/openvas-xss-test/) HTTP/1.1" 301 392 "-"
"Mozilla/5.0 [en] (X11, U; OpenVAS 8.0.9)"
178.175.142.131 - - [07/Nov/2017:16:02:57 -0500] "GET
/scripts/details_view.php?event_id=1=2000-12-01=month=loc1
e_info_message=alert(/openvas-xss-test/) HTTP/1.1" 301 396
"-" "Mozilla/5.0 [en] (X11, U; OpenVAS 8.0.9)"
178.175.142.131 - - [07/Nov/2017:16:02:57 -0500] "GET
/cgi-bin/details_view.php?event_id=1=2000-12-01=month=loc1
e_info_message=alert(/openvas-xss-test/) HTTP/1.1" 301 396
"-" "Mozilla/5.0 [en] (X11, U; OpenVAS 8.0.9)"
178.175.142.131 - - [07/Nov/2017:16:02:59 -0500] "GET
/details_view.php?event_id=1=2000-12-01=month=loc1_info_m
essage=alert(/openvas-xss-test/) HTTP/1.1" 301 388 "-"
"Mozilla/5.0 [en] (X11, U; OpenVAS 8.0.9)"
178.175.142.131 - - [07/Nov/2017:16:05:18 -0500] "GET
/calendar.php?year=2004=foo=01 HTTP/1.1" 301 312
"-" "Mozilla/5.0 [en] (X11, U; OpenVAS 8.0.9)"
178.175.142.131 - - [07/Nov/2017:16:05:19 -0500] "GET
/scripts/calendar.php?year=2004=foo=01 HTTP/1.1"
301 320 "-" "Mozilla/5.0 [en] (X11, U; OpenVAS 8.0.9)"
178.175.142.131 - - [07/Nov/2017:16:05:19 -0500] "GET
/cgi-bin/calendar.php?year=2004=foo=01 HTTP/1.1"
301 320 "-" "Mozilla/5.0 [en] (X11, U; OpenVAS 8.0.9)"
178.175.142.131 - - [07/Nov/2017:16:05:53 -0500] "OPTIONS * HTTP/1.1" 200 -
"-" "Mozilla/5.0 [en] (X11, U; OpenVAS 8.0.9)"

-Original Message-
From: Openvas-discuss [mailto:openvas-discuss-boun...@wald.intevation.org]
On Behalf Of Reindl Harald
Sent: Tuesday, November 07, 2017 7:41 PM
To: openvas-discuss@wald.intevation.org
Subject: Re: [Openvas-discuss] openVAS Cookie stealer report email



Am 07.11.2017 um 23:51 schrieb Paul A:

Hi, recently I got an email with the subject, “Cookie stealer report “
I looked at my apache logs and notice a particular ip scanning my
server at that time using OpenVAS which I had never heard of it
before. Doing some research I found the mailing list for OpenVAS and
found out that the program does.  With that said I’m a bit concerned
that someone using a scanning program was able to send an email
through my server from the user apache.

Return-Path: <apache@xxx>
X-Original-To: razor@xx
Delivered-To: razor@xx
Received: by mail.xxx (Postfix, from userid 48)


well, you have obviously a vulnerable script calling sendmail (Postfix, from
userid 48) and the first question you should answer yourself is why is
"mail" not in disabled_functions in your php.ini - any proper software can
use SMTP which has less security implications like additional mail-headers
with \n in teh subject and all that can of worms over decades

why does your server repsond with 301 (Moved Permanently) instead of 404
(Not Found) to requests for non existing files?

i guess the log is only a small part
so grep for 200 and the ip 178.175.142.131

cat logfile | grep 200 | grep "178\.175\.142\.131"

there must have been at least one with a status code 200 not falling under
"seem to be files I don't have on the server"

___
Openvas-discuss mailing list
Openvas-discuss@wald.intevation.org
https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss

Re: [Openvas-discuss] openVAS Cookie stealer report email

[Reindl Harald]

Am 07.11.2017 um 23:51 schrieb Paul A:
Hi, recently I got an email with the subject, “Cookie stealer report “ I 
looked at my apache logs and notice a particular ip scanning my server 
at that time using OpenVAS which I had never heard of it before. Doing 
some research I found the mailing list for OpenVAS and found out that 
the program does.  With that said I’m a bit concerned that someone using 
a scanning program was able to send an email through my server from the 
user apache.


Return-Path: 
X-Original-To: razor@xx
Delivered-To: razor@xx
Received: by mail.xxx (Postfix, from userid 48)


well, you have obviously a vulnerable script calling sendmail (Postfix, 
from userid 48) and the first question you should answer yourself is why 
is "mail" not in disabled_functions in your php.ini - any proper 
software can use SMTP which has less security implications like 
additional mail-headers with \n in teh subject and all that can of worms 
over decades


why does your server repsond with 301 (Moved Permanently) instead of 404 
(Not Found) to requests for non existing files?


i guess the log is only a small part
so grep for 200 and the ip 178.175.142.131

cat logfile | grep 200 | grep "178\.175\.142\.131"

there must have been at least one with a status code 200 not falling 
under "seem to be files I don't have on the server"

___
Openvas-discuss mailing list
Openvas-discuss@wald.intevation.org
https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss

Re: [Openvas-discuss] upgrading openvas - missing nettle-3.2.2-el6.x86_64.rpm

[Reindl Harald]

Am 07.11.2017 um 10:24 schrieb Ralph Schell [Bright]:

cannot upgrade openvas due to missing package.

found one on rpmfind belonging to the fedora project, but wonder whether 
this is usable for centos 6 instead. Is it?


upgrade from what packages?
no you can't mix fedora packages with CentOS

for CentOS normally atomic repo has packages but their quality is more 
than questionable because they don't test anything at all (otherwise 
packages won't have symbol errors after upgrades and so on) and update 
based on random, there is as example php71 which was not updated over months


F12 (F13,F14) -> RHEL6
F19 -> RHEL7

CentOS6 is practically useless as host, it even don't support 
ECDSA/ED25519 openssh keys - based on Fedoa 12, now we have F26 and F27 
is nearly finished

___
Openvas-discuss mailing list
Openvas-discuss@wald.intevation.org
https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss

Re: [Openvas-discuss] Unable to locate package openvas9

[Reindl Harald]

Am 05.11.2017 um 13:23 schrieb Ken Cho:

I want to install OpenVAS 9 in my Ubuntu Server with my Orange Pi machine.
My Orange Pi processor is Allwinner H3 (Quad-core Cortex™-A7).
apt install sqlite3
apt install openvas9

However, it shows that "E: Unable to locate package openvas9", even "apt 
install openvas".

Is it because my OS is not the official one? Thank you


http://www.openvas.org/install-packages-v5.html#ubuntu looks not 
terrible good - the main question is did anybody ever build a apckage 
for ARM and ubuntu at all?


___
Openvas-discuss mailing list
Openvas-discuss@wald.intevation.org
https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss

Re: [Openvas-discuss] how to recreate/renew certificates in openvas 5.0

[Reindl Harald]

Am 06.11.2017 um 17:03 schrieb Ralph Schell:

Question

Do i need to recreate both server and client certs or only the client certs


naturally both - they work togehter

why don't you upgrade OpenVAS itself?

with openVAs9 the joke that when all stuff is running on the same 
machine TCP to 127.0.0.1 deals with certificates is no longer needed 
since support for unix sockets was introduced as well as 
openvas-manage-certs


at least v5 is stone old

Op 6 nov. 2017 16:29 schreef "Ralph Schell [Bright]" 
>:


Hi all,

Would like to know where i can find instructions to recreate/renew
certificates in openvas 5.0(.6)

___
Openvas-discuss mailing list
Openvas-discuss@wald.intevation.org
https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss

Re: [Openvas-discuss] OpenVAS9 reboot and REDIS error message

[Reindl Harald]

Am 06.11.2017 um 16:44 schrieb None:
During a reboot of my OpenVAS9 install, I received the following when 
'openvas-scanner' tried to start on its own:


Nov 06 10:28:41 openvas-01 systemd[1]: Starting LSB: remote network 
security auditor - scanner...
Nov 06 10:28:41 openvas-01 openvas-scanner[1091]: (openvassd:1142): lib  
kb_redis-CRITICAL **: fetch_max_db_index: cannot retrieve max DB number: 
LOADING Redis is loading the dataset in memory

how much memory has the box?
assign at least 3 GB for proper operations would be my first guess
___
Openvas-discuss mailing list
Openvas-discuss@wald.intevation.org
https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss

Re: [Openvas-discuss] REDIS-SERVER ERROR

[Reindl Harald]

Am 31.10.2017 um 16:10 schrieb Παναγιώτης Λεόντιος:

Thanks again.

So, re-installing either redis-server or openvas won't solve the problem?


WTF did you not understand in "stay on-list"?

if you ask a question on a mailingölist and get a repsonse on the list 
don't reply in private but also on the list - if that's too hard for you 
don't use mailing lists at all


this is not microsoft windows

create /var/run/redis/ and follow 
https://www.freedesktop.org/software/systemd/man/tmpfiles.d.html to make 
sure it is re-created at reboot which is a trivial task not longer then 
one minute



-Original Message-
From: Openvas-discuss [mailto:openvas-discuss-boun...@wald.intevation.org]
On Behalf Of Reindl Harald
Sent: Tuesday, October 31, 2017 6:45 PM
To: Mailing-List openvas
Subject: Re: [Openvas-discuss] REDIS-SERVER ERROR

stay on-list!

Am 31.10.2017 um 17:31 schrieb Παναγιώτης Λεόντιος:

Thank you for your prompt response.

In redis.conf the "unixsocket /var/run/redis/redis.sock" is present.
I will check " unixsocketperm 0777"

BUT, when I checked for a redis folder under "/var/run " there was not

any.

Does it matter?


best file a bugreport at your distribution why they don't proper setup
services which are expected to work together and in the meantime make sure
it's created at boot (normally /var/run is a symlink from /run for years now
and /run is a tmpfs and so anything below don#t surivive a reboot)

if your distribution don't use systemd or you still don't get it run better
use a support forum of the broken distribution - and yes, kalix has way too
much support requests here while it pretends to be a preconfigured
distribution for security scanners

https://www.freedesktop.org/software/systemd/man/tmpfiles.d.html


-Original Message-
From: Openvas-discuss
[mailto:openvas-discuss-boun...@wald.intevation.org]
On Behalf Of Reindl Harald
Sent: Tuesday, October 31, 2017 6:24 PM
To: openvas-discuss@wald.intevation.org
Subject: Re: [Openvas-discuss] REDIS-SERVER ERROR



Am 31.10.2017 um 17:19 schrieb Παναγιώτης Λεόντιος:

Please help me on this if you may.

After a normal Kali Update and a Feed Update for my OpenVAS
installation, while trying to start openvas services got an error
message. Running check-setup got the following error message:

*ERROR: redis-server is not running or not listening on socket:
/var/run/redis/redis.sock *

The relevant log file is attached.

If anyone could I help I would really appreciate it. Don?t want to
remove and install OpenVAS again!!!

just tell redis to put it#s socket where it is expected

[root@openvas:~]$ cat /etc/redis.conf | grep sock # If port 0 is
specified Redis will not listen on a TCP socket.
# Specify the path for the Unix socket that will be used to listen for
# on a unix socket when not specified.
unixsocket /var/run/redis/redis.sock
unixsocketperm 0777

___
Openvas-discuss mailing list
Openvas-discuss@wald.intevation.org
https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss

Re: [Openvas-discuss] REDIS-SERVER ERROR

[Reindl Harald]

stay on-list!

Am 31.10.2017 um 17:31 schrieb Παναγιώτης Λεόντιος:

Thank you for your prompt response.

In redis.conf the "unixsocket /var/run/redis/redis.sock" is present.
I will check " unixsocketperm 0777"

BUT, when I checked for a redis folder under "/var/run " there was not any.
Does it matter?


best file a bugreport at your distribution why they don't proper setup 
services which are expected to work together and in the meantime make 
sure it's created at boot (normally /var/run is a symlink from /run for 
years now and /run is a tmpfs and so anything below don#t surivive a reboot)


if your distribution don't use systemd or you still don't get it run 
better use a support forum of the broken distribution - and yes, kalix 
has way too much support requests here while it pretends to be a 
preconfigured distribution for security scanners


https://www.freedesktop.org/software/systemd/man/tmpfiles.d.html


-Original Message-
From: Openvas-discuss [mailto:openvas-discuss-boun...@wald.intevation.org]
On Behalf Of Reindl Harald
Sent: Tuesday, October 31, 2017 6:24 PM
To: openvas-discuss@wald.intevation.org
Subject: Re: [Openvas-discuss] REDIS-SERVER ERROR



Am 31.10.2017 um 17:19 schrieb Παναγιώτης Λεόντιος:

Please help me on this if you may.

After a normal Kali Update and a Feed Update for my OpenVAS
installation, while trying to start openvas services got an error
message. Running check-setup got the following error message:

*ERROR: redis-server is not running or not listening on socket:
/var/run/redis/redis.sock *

The relevant log file is attached.

If anyone could I help I would really appreciate it. Don?t want to
remove and install OpenVAS again!!!

just tell redis to put it#s socket where it is expected

[root@openvas:~]$ cat /etc/redis.conf | grep sock # If port 0 is specified
Redis will not listen on a TCP socket.
# Specify the path for the Unix socket that will be used to listen for # on
a unix socket when not specified.
unixsocket /var/run/redis/redis.sock
unixsocketperm 0777

___
Openvas-discuss mailing list
Openvas-discuss@wald.intevation.org
https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss

Re: [Openvas-discuss] REDIS-SERVER ERROR

[Reindl Harald]

Am 31.10.2017 um 17:19 schrieb Παναγιώτης Λεόντιος:

Please help me on this if you may.

After a normal Kali Update and a Feed Update for my OpenVAS 
installation, while trying to start openvas services got an error 
message. Running check-setup got the following error message:


*ERROR: redis-server is not running or not listening on socket: 
/var/run/redis/redis.sock *


The relevant log file is attached.

If anyone could I help I would really appreciate it. Don’t want to 
remove and install OpenVAS again!!!

just tell redis to put it#s socket where it is expected

[root@openvas:~]$ cat /etc/redis.conf | grep sock
# If port 0 is specified Redis will not listen on a TCP socket.
# Specify the path for the Unix socket that will be used to listen for
# on a unix socket when not specified.
unixsocket /var/run/redis/redis.sock
unixsocketperm 0777
___
Openvas-discuss mailing list
Openvas-discuss@wald.intevation.org
https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss

[Openvas-discuss] gsa: Warning: MHD_USE_THREAD_PER_CONNECTION must be used only with MHD_USE_INTERNAL_POLLING_THREAD. Flag MHD_USE_INTERNAL_POLLING_THREAD was added. Consider setting MHD_USE_INTERNAL_

[Reindl Harald]

may somebody regulary look at logs and fix such things?

Warning: MHD_USE_THREAD_PER_CONNECTION must be used only with 
MHD_USE_INTERNAL_POLLING_THREAD. Flag MHD_USE_INTERNAL_POLLING_THREAD 
was added. Consider setting MHD_USE_INTERNAL_POLLING_THREAD explicitly.

___
Openvas-discuss mailing list
Openvas-discuss@wald.intevation.org
https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss

Re: [Openvas-discuss] openvasmd don't start after upgrade

[Reindl Harald]

my god come on - is it really so hard to automatically migrate existing 
installs at startup?


ERROR: Your OpenVAS certificate infrastructure did NOT pass validation.
FIX: Run 'openvas-manage-certs -a'.
ERROR: Your OpenVAS-9 installation is not yet complete!

[root@openvas:/var/log/openvas]$ openvas-manage-certs -a
ERROR: certtool binary not found!

Am 30.10.2017 um 14:39 schrieb Reindl Harald:



Am 30.10.2017 um 14:34 schrieb Brandon Perry:
On Oct 30, 2017, at 8:18 AM, Reindl Harald <h.rei...@thelounge.net> 
wrote:


Am 30.10.2017 um 14:03 schrieb Reindl Harald:

openvas-libraries-9.0.1-1.fc26.x86_64
openvas-manager-7.0.2-1.fc26.x86_64
openvas-cli-1.4.5-3.fc26.x86_64
openvas-gsa-7.0.2-2.fc26.x86_64
openvas-scanner-5.1.1-1.fc26.x86_64
it's not terrible helpful when a process exits with a error code and 
no message at all

[root@openvas:/etc/sysconfig]$ openvasmd
[root@openvas:/etc/sysconfig]$ openvasmd -f


ERROR: Database schema is out of date.
FIX: Run 'openvasmd —migrate'


You could try —rebuild is well


it could just create diretories below /var/lib as any other software

base gpgme:MESSAGE:2017-10-30 13h20.38 utc:2079: Setting GnuPG dir to 
'/var/lib/openvas/openvasmd/gnupg'
base gpgme:WARNING:2017-10-30 13h20.38 utc:2079: Setting GnuPG dir 
failed: No such file or directory
md  crypt:CRITICAL:2017-10-30 13h20.38 utc:2079: lsc_crypt_new: can't 
continue w/o a gpgme context
md   main:MESSAGE:2017-10-30 13h20.58 utc:2148:    OpenVAS Manager 
version 7.0.2 (DB revision 184)

md   main:   INFO:2017-10-30 13h20.58 utc:2148:    Migrating database.
md   main:   INFO:2017-10-30 13h20.58 utc:2148:    Migrating to 159

___
Openvas-discuss mailing list
Openvas-discuss@wald.intevation.org
https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss

Re: [Openvas-discuss] openvasmd don't start after upgrade

[Reindl Harald]

Am 30.10.2017 um 14:34 schrieb Brandon Perry:

On Oct 30, 2017, at 8:18 AM, Reindl Harald <h.rei...@thelounge.net> wrote:

Am 30.10.2017 um 14:03 schrieb Reindl Harald:

openvas-libraries-9.0.1-1.fc26.x86_64
openvas-manager-7.0.2-1.fc26.x86_64
openvas-cli-1.4.5-3.fc26.x86_64
openvas-gsa-7.0.2-2.fc26.x86_64
openvas-scanner-5.1.1-1.fc26.x86_64
it's not terrible helpful when a process exits with a error code and no message 
at all
[root@openvas:/etc/sysconfig]$ openvasmd
[root@openvas:/etc/sysconfig]$ openvasmd -f


ERROR: Database schema is out of date.
FIX: Run 'openvasmd —migrate'


You could try —rebuild is well


it could just create diretories below /var/lib as any other software

base gpgme:MESSAGE:2017-10-30 13h20.38 utc:2079: Setting GnuPG dir to 
'/var/lib/openvas/openvasmd/gnupg'
base gpgme:WARNING:2017-10-30 13h20.38 utc:2079: Setting GnuPG dir 
failed: No such file or directory
md  crypt:CRITICAL:2017-10-30 13h20.38 utc:2079: lsc_crypt_new: can't 
continue w/o a gpgme context
md   main:MESSAGE:2017-10-30 13h20.58 utc:2148:OpenVAS Manager 
version 7.0.2 (DB revision 184)

md   main:   INFO:2017-10-30 13h20.58 utc:2148:Migrating database.
md   main:   INFO:2017-10-30 13h20.58 utc:2148:Migrating to 159
___
Openvas-discuss mailing list
Openvas-discuss@wald.intevation.org
https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss

Re: [Openvas-discuss] openvasmd don't start after upgrade

[Reindl Harald]

Am 30.10.2017 um 14:03 schrieb Reindl Harald:

openvas-libraries-9.0.1-1.fc26.x86_64
openvas-manager-7.0.2-1.fc26.x86_64
openvas-cli-1.4.5-3.fc26.x86_64
openvas-gsa-7.0.2-2.fc26.x86_64
openvas-scanner-5.1.1-1.fc26.x86_64

it's not terrible helpful when a process exits with a error code and no 
message at all


[root@openvas:/etc/sysconfig]$ openvasmd

[root@openvas:/etc/sysconfig]$ openvasmd -f


ERROR: Database schema is out of date.
FIX: Run 'openvasmd --migrate'

yeah if it would do something

[root@openvas:~]$ openvasmd --migrate
[root@openvas:~]$ openvas-check-setup --v9
openvas-check-setup 2.3.7
  Test completeness and readiness of OpenVAS-9

  Please report us any non-detected problems and
  help us to improve this check routine:
  http://lists.wald.intevation.org/mailman/listinfo/openvas-discuss

  Send us the log-file (/tmp/openvas-check-setup.log) to help analyze 
the problem.


  Use the parameter --server to skip checks for client tools
  like GSD and OpenVAS-CLI.

Step 1: Checking OpenVAS Scanner ...
OK: OpenVAS Scanner is present in version 5.1.1.
OK: redis-server is present in version v=3.2.11.
OK: scanner (kb_location setting) is configured properly using 
the redis-server socket: /tmp/redis.sock
OK: redis-server is running and listening on socket: 
/tmp/redis.sock.

OK: redis-server configuration is OK and redis-server is running.
OK: NVT collection in /var/lib/openvas/plugins contains 55675 NVTs.
OK: Signature checking of NVTs is enabled in OpenVAS Scanner.
OK: The NVT cache in /var/cache/openvas contains 56315 files 
for 55675 NVTs.

Step 2: Checking OpenVAS Manager ...
OK: OpenVAS Manager is present in version 7.0.2.
OK: OpenVAS Manager database found in 
/var/lib/openvas/mgr/tasks.db.

OK: Access rights for the OpenVAS Manager database are correct.
OK: sqlite3 found, extended checks of the OpenVAS Manager 
installation enabled.

OK: OpenVAS Manager database is at revision 158.
OK: OpenVAS Manager expects database at revision 184.
ERROR: Database schema is out of date.
FIX: Run 'openvasmd --migrate'.


[root@openvas:/etc/sysconfig]$ systemctl status openvas-manager.service
? openvas-manager.service - OpenVAS Manager
    Loaded: loaded (/etc/systemd/system/openvas-manager.service; 
enabled; vendor preset: disabled)
    Active: failed (Result: exit-code) since Mon 2017-10-30 14:00:06 
CET; 2min 3s ago
   Process: 1339 ExecStart=/usr/sbin/openvasmd -f $MANAGER_LISTEN 
$MANAGER_PORT $SCANNER_LISTEN $SCANNER_PORT $MANAGER_OTP (code=exited, 
status=1/FAILURE)

  Main PID: 1339 (code=exited, status=1/FAILURE)

Okt 30 14:00:04 openvas.thelounge.net systemd[1]: 
openvas-manager.service: Failed with result 'exit-code'.
Okt 30 14:00:06 openvas.thelounge.net systemd[1]: 
openvas-manager.service: Service hold-off time over, scheduling restart.

Okt 30 14:00:06 openvas.thelounge.net systemd[1]: Stopped OpenVAS Manager.
Okt 30 14:00:06 openvas.thelounge.net systemd[1]: 
openvas-manager.service: Start request repeated too quickly.
Okt 30 14:00:06 openvas.thelounge.net systemd[1]: Failed to start 
OpenVAS Manager.
Okt 30 14:00:06 openvas.thelounge.net systemd[1]: 
openvas-manager.service: Unit entered failed state.
Okt 30 14:00:06 openvas.thelounge.net systemd[1]: 
openvas-manager.service: Failed with result 'exit-code'.

[root@openvas:/etc/sysconfig]$

___
Openvas-discuss mailing list
Openvas-discuss@wald.intevation.org
https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss

[Openvas-discuss] openvasmd don't start after upgrade

[Reindl Harald]

openvas-libraries-9.0.1-1.fc26.x86_64
openvas-manager-7.0.2-1.fc26.x86_64
openvas-cli-1.4.5-3.fc26.x86_64
openvas-gsa-7.0.2-2.fc26.x86_64
openvas-scanner-5.1.1-1.fc26.x86_64

it's not terrible helpful when a process exits with a error code and no 
message at all


[root@openvas:/etc/sysconfig]$ openvasmd

[root@openvas:/etc/sysconfig]$ openvasmd -f

[root@openvas:/etc/sysconfig]$ systemctl status openvas-manager.service
? openvas-manager.service - OpenVAS Manager
   Loaded: loaded (/etc/systemd/system/openvas-manager.service; 
enabled; vendor preset: disabled)
   Active: failed (Result: exit-code) since Mon 2017-10-30 14:00:06 
CET; 2min 3s ago
  Process: 1339 ExecStart=/usr/sbin/openvasmd -f $MANAGER_LISTEN 
$MANAGER_PORT $SCANNER_LISTEN $SCANNER_PORT $MANAGER_OTP (code=exited, 
status=1/FAILURE)

 Main PID: 1339 (code=exited, status=1/FAILURE)

Okt 30 14:00:04 openvas.thelounge.net systemd[1]: 
openvas-manager.service: Failed with result 'exit-code'.
Okt 30 14:00:06 openvas.thelounge.net systemd[1]: 
openvas-manager.service: Service hold-off time over, scheduling restart.

Okt 30 14:00:06 openvas.thelounge.net systemd[1]: Stopped OpenVAS Manager.
Okt 30 14:00:06 openvas.thelounge.net systemd[1]: 
openvas-manager.service: Start request repeated too quickly.
Okt 30 14:00:06 openvas.thelounge.net systemd[1]: Failed to start 
OpenVAS Manager.
Okt 30 14:00:06 openvas.thelounge.net systemd[1]: 
openvas-manager.service: Unit entered failed state.
Okt 30 14:00:06 openvas.thelounge.net systemd[1]: 
openvas-manager.service: Failed with result 'exit-code'.

[root@openvas:/etc/sysconfig]$
___
Openvas-discuss mailing list
Openvas-discuss@wald.intevation.org
https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss

Re: [Openvas-discuss] unsubscribe

[Reindl Harald]

the list-footer is for you too

why are all this fools deleting welcome messages after subscribe 
somewhere and where is the common sense gone when mail "unsubscribe" to 
every other subscriber?


Am 24.10.2017 um 11:50 schrieb Roefs, Joris:

___
Openvas-discuss mailing list
Openvas-discuss@wald.intevation.org
https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss

___
Openvas-discuss mailing list
Openvas-discuss@wald.intevation.org
https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss

[Openvas-discuss] report exceeds the maximum length of 1048576 characters

[Reindl Harald]

where is that configured?

in the past that reports came for sure as attachments and the last 
months only that annoying "finished but i even don't tell you the 
treat-level"


This email escalation is configured to attach report format 'HTML'. Full 
details and other report formats are available on the scan engine.


Note: This report exceeds the maximum length of 1048576 characters and 
thus was truncated.

___
Openvas-discuss mailing list
Openvas-discuss@wald.intevation.org
https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss

Re: [Openvas-discuss] Greenbone VM cannot sync feeds

[Reindl Harald]

Am 30.08.2017 um 06:35 schrieb Rishi Kumar:

Thank for quick response.

Bridged network is not working. When I try to use NAT with Port 
forwarding, it ask for host and guest ports.

I am not sure what to mention in these fields.
please help me to configure this


don't get me wrong but that are questions for a VIRTUALBOX list because 
basic operating system and network config is prerequisite for whatever 
application running on top

___
Openvas-discuss mailing list
Openvas-discuss@wald.intevation.org
https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss

Re: [Openvas-discuss] OpenVAS Web Access

[Reindl Harald]

Am 06.07.2017 um 11:27 schrieb Wong, Peter (KUL-MBW):
I try to access the openvas web from URL https://10.0.2.15 at Host OS 
but it is unreable. Anyone know how to access it from Host OS or Guest OS?


http://www.catb.org/esr/faqs/smart-questions.html#beprecise
___
Openvas-discuss mailing list
Openvas-discuss@wald.intevation.org
https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss

Re: [Openvas-discuss] Scan a firewalled target

[Reindl Harald]

Am 15.06.2017 um 20:16 schrieb Alvaro Fernandez:

Hi all,
i'm trying to perform an OpenVAS scan on a target with stateful 
ip-tables rules able to limit the maximum number of new connections at 
2/sec.
I've tried to perform a scan without any result: how can i setup openvas 
to perform a scan with a rate equal or less than 2 connections per second?


you need to disable rate-limits for the scanner IP and not only for 
OpenVAS, you also fail security audtits from external comapnies when not 
doing so - even if you could manage openvas not exceed it you won#t live 
long enough to get the tests finished

___
Openvas-discuss mailing list
Openvas-discuss@wald.intevation.org
https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss

Re: [Openvas-discuss] sql errors

[Reindl Harald]

Am 12.06.2017 um 15:38 schrieb Brandon Perry:


On Jun 12, 2017, at 8:33 AM, Thijs Stuurman 
> wrote:


No, never. These are also the kind of errors I never ever wish to see!
If your data is still there, scan tasks .. history etc’ I strongly 
urge you to make a backup and repeat making backups just in case.
Many things can cause these errors, I cannot give you any specific 
place to start looking for a problem or solution.
Perhaps it helps to get more log/verbose/debug information out of 
sqlite if possible.

Check versions, is everything up to date? (sqlite, openvas)


Perhaps consider PostgreSQL instead, simply for potential visibility and 
easier diagnostics.



maybe easier diagnostics *for you* - for everybody who is not usging 
postgresql in his daily workflow it leads sooner or later to more 
problems than it solves


"disk I/O error" sounds RDBMS agnostic and the only real answer to that 
is find the hardware issue and grab your backups

___
Openvas-discuss mailing list
Openvas-discuss@wald.intevation.org
https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss

Re: [Openvas-discuss] No OpenVAS Manager database found

[Reindl Harald]

Am 06.06.2017 um 19:18 schrieb Gerhard Mourani:

Hello,

Some generic information about my environment.
Linux CentOS 6.8
openvas-libraries version is 9.0.1
openvas-manger version is 7.0.1
openvas-scanner version is 5.1.1
openvas-gsa version is 7.0.2
OpenVAS compiled from source

When I run the following command -> /usr/bin/openvas-check-setup --v9
I receive the following error:
ERROR: No OpenVAS Manager database found. (Tried: 
/var/lib/openvas/mgr/tasks.db)

 FIX: Run 'openvasmd --rebuild' while OpenVAS Scanner is running.

So I run /usr/sbin/openvasmd --otp-scanner=/var/run/openvassd.sock 
--rebuild again and again with same result


and how long did you wait?

build/rebuild the database is nothing which finishes within seconds
___
Openvas-discuss mailing list
Openvas-discuss@wald.intevation.org
https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss

Re: [Openvas-discuss] problem after compiling omp: libopenvas_omp.so.8

[Reindl Harald]

Am 23.05.2017 um 16:10 schrieb Brandon Perry:



On May 23, 2017, at 9:04 AM, Dehm, Jochen  wrote:

I want to use a 2nd server  to control my OpenVAS server via omp.

After building openvas-libraries and openvas-cli from the source, I get the 
following error:

root@sv-idoit ~ # omp
omp: error while loading shared libraries: libopenvas_omp.so.8: cannot open 
shared object file: No such file or directory

root@sv-idoit ~ # which omp
/usr/local/bin/omp

The file is however available:

root@sv-idoit ~/OpenVAS/openvas-cli-1.4.5/build # locate libopenvas_omp.so.8
/root/OpenVAS/openvas-libraries-8.0.8/build/omp/libopenvas_omp.so.8
/root/OpenVAS/openvas-libraries-8.0.8/build/omp/libopenvas_omp.so.8.0.8
/usr/local/lib/libopenvas_omp.so.8
/usr/local/lib/libopenvas_omp.so.8.0.8


Either set your —prefix=/usr when configuring (before compiling) so that make 
install installs to /usr instead of /usr/local.


bad idea when you spit random stuff without proper packaging around


Or, for immediate gratification.

export PATH=$PATH:/usr/local
omp —help


nonsense - libraries has *nothing* to do with PATH

echo "/usr/local/lib/" > /etc/ld.so.conf.d/usr-local-lib.conf
chmod 0644 /etc/ld.so.conf.d/usr-local-lib.conf
ldconfig

___
Openvas-discuss mailing list
Openvas-discuss@wald.intevation.org
https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss

Re: [Openvas-discuss] [security - MiTM] piping http content to shell and downloading repo keys via HTTP

[Reindl Harald]

Am 10.04.2017 um 22:44 schrieb Dawid Bałut:
If for shell script you have only one carrier which is the root trusted 
origin, you're eliminating the need for packages signing


nonsense

once you have the GPG keys you are even able to reject malformed 
packages from the "root trusted origin" in case it was compromised


https://en.wikipedia.org/wiki/Web_of_trust

if you can't see the value of GPG signing where you have *multiple* 
sources to verify the signers key versus a random script with a hash 
placed on the same site and so both compromised especially with a 
idiotic pipe to a root shell where you don#t do *any* verification i 
can't help you

___
Openvas-discuss mailing list
Openvas-discuss@wald.intevation.org
https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss

Re: [Openvas-discuss] [security - MiTM] piping http content to shell and downloading repo keys via HTTP

[Reindl Harald]

Am 10.04.2017 um 22:03 schrieb Eero Volotinen:

well. piping shell script to rootshell is not safe even with https ..


download and execute them manually don't make things better
nobody needs shell scripts to install release-rpms at all

2017-04-10 19:59 GMT+03:00 Dawid Bałut >:


Hello Community,

I noticed that on http://www.openvas.org/install-packages-v7.html
 we're encouraging
users to wget script from atomiccorp website using http.
As we know this is potential Man in the Middle attack vector, and we
shouldn't spread such bad practice - especially that atomiccorp
website and given resource are available thru https:// so I can't
see a reason to use http.

So my inquiry is - can you please change in the guide
wget -q -O - http://www.atomicorp.com/installers/atomic
 |sh
to
wget -q -O - https://www.atomicorp.com/installers/atomic
 |sh


___
Openvas-discuss mailing list
Openvas-discuss@wald.intevation.org
https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss

Re: [Openvas-discuss] error: ‘GHmac’ undeclared

[Reindl Harald]

Am 07.04.2017 um 08:25 schrieb Eero Volotinen:

You are missing some development headers. Install them first.


amd consider a OS update - besides 6.7 at it's own is outdated why 
CentOS6 and *why in the world* type the words "./configure" or "make" as 
root in a terminal?


https://koji.fedoraproject.org/koji/buildinfo?buildID=797771
https://kojipkgs.fedoraproject.org//packages/openvas-libraries/8.0.8/2.el7/src/openvas-libraries-8.0.8-2.el7.src.rpm

BuildRequires:  glib2-devel
BuildRequires:  libgcrypt-devel
BuildRequires:  gnutls-devel >= 2.12.10
BuildRequires:  libpcap-devel
BuildRequires:  libuuid-devel
BuildRequires:  libksba-devel
BuildRequires:  gpgme-devel
BuildRequires:  cmake >= 2.6.0
BuildRequires:  bison
BuildRequires:  flex
BuildRequires:  pkgconfig
BuildRequires:  doxygen
BuildRequires:  openldap-devel
BuildRequires:  libssh-devel
BuildRequires:  hiredis-devel


2017-04-07 6:08 GMT+03:00 wooyunceshi >:

__
__
Hi，

when i compile openvas-libraries-8.0.8 on Centos 6.7,some errors occur

Scanning dependencies of target openvas_nasl_shared
[ 43%] Building C object
nasl/CMakeFiles/openvas_nasl_shared.dir/nasl_crypto.c.o
/root/openvas/openvas-libraries-8.0.8/nasl/nasl_crypto.c: In
function ‘hmac_sha256’:
/root/openvas/openvas-libraries-8.0.8/nasl/nasl_crypto.c:223: error:
‘GHmac’ undeclared (first use in this function)
/root/openvas/openvas-libraries-8.0.8/nasl/nasl_crypto.c:223: error:
(Each undeclared identifier is reported only once
/root/openvas/openvas-libraries-8.0.8/nasl/nasl_crypto.c:223: error:
for each function it appears in.)
/root/openvas/openvas-libraries-8.0.8/nasl/nasl_crypto.c:223: error:
‘hmac’ undeclared (first use in this function)
cc1: warnings being treated as errors
/root/openvas/openvas-libraries-8.0.8/nasl/nasl_crypto.c:225: error:
implicit declaration of function ‘g_hmac_new’
/root/openvas/openvas-libraries-8.0.8/nasl/nasl_crypto.c:226: error:
implicit declaration of function ‘g_hmac_update’
/root/openvas/openvas-libraries-8.0.8/nasl/nasl_crypto.c:227: error:
implicit declaration of function ‘g_hmac_get_digest’
/root/openvas/openvas-libraries-8.0.8/nasl/nasl_crypto.c:228: error:
implicit declaration of function ‘g_hmac_unref’
make[2]: ***
[nasl/CMakeFiles/openvas_nasl_shared.dir/nasl_crypto.c.o] Error 1
make[1]: *** [nasl/CMakeFiles/openvas_nasl_shared.dir/all] Error 2
make: *** [all] Error 2

Could any body help me,thanks very much

___
Openvas-discuss mailing list
Openvas-discuss@wald.intevation.org
https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss

Re: [Openvas-discuss] OpenVAS-9 Source installation warnings

[Reindl Harald]

Am 09.03.2017 um 11:47 schrieb Helmut Koers:

Hi all,
not sure if this is the right list to ask ...

When installing OpenVAS-9 from Source Code, "cmake .." creates a lot of
warnings in openvas-smb 1.0.2

Is that something I need to care about?


fine that you show us what warnings it creates to give a helpful answer :-)
___
Openvas-discuss mailing list
Openvas-discuss@wald.intevation.org
https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss

Re: [Openvas-discuss] openvas-scapdata-sync behind a proxy

[Reindl Harald]

Am 08.03.2017 um 16:14 schrieb Vito Logrillo:

2017-03-08 16:07 GMT+01:00 Eero Volotinen >:

You firewall and proxy is not allowing outbound rsync connections.

How about asking from firewall admin?

Not so simple...


than ask your boss to fire that guy when he don't understand that it's 
job is to protect your business *but not* harm it



A manual download and installation is not possible?


the scapdata is only a small part of needed updates and *no* you are not 
supposed to download hundrets of MB and so maximize the load on the 
updateservers because some idiots you don#t want or can't talk to are 
standing between you and a working internet


frankly ask the people in your company how to solve homemade problems
___
Openvas-discuss mailing list
Openvas-discuss@wald.intevation.org
https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss

Re: [Openvas-discuss] openvas-scapdata-sync behind a proxy

[Reindl Harald]

Am 08.03.2017 um 14:11 schrieb Vito Logrillo:

i've tried to start openvas-scapdata-sync command, but i'm begind a
proxy and it doesn't work.
I've tried the following command:

http_proxy="http://user:pass@proxy:port; openvas-scapdata-sync --wget

but i obtain this response:

Download of SCAP data via HTTP is currently not supported!

How can i resolve this problem?


by talk to your network admins that they allow rsync from the scanner 
machine - it's pervert setup a network security scanner and then build 
walls in front of it which make it hard to impossible feed it with 
needed updates

___
Openvas-discuss mailing list
Openvas-discuss@wald.intevation.org
https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss

Re: [Openvas-discuss] Noob question on authenticated scans

[Reindl Harald]

Am 05.03.2017 um 16:38 schrieb Vito Logrillo:

So an SSH connection is enough?No download on a target machine?
If it runs locals commands and they are supported by target machine, it
is enough?
Where can i find the commands used?
Last question: on web interface in "Target->Credentials->New Credential"
i can't setup the SSH port...it works only on port 22?


a security scanner is supposed to find the ssh port itself since it's 
scanning for vulnerable versions based on the server greeting anyways



2017-03-05 16:10 GMT+01:00 Eero Volotinen <eero.voloti...@iki.fi
<mailto:eero.voloti...@iki.fi>>:

it just logs server via ssh and runs local commands.

--
Eero

2017-03-05 17:06 GMT+02:00 Vito Logrillo <vito...@gmail.com
<mailto:vito...@gmail.com>>:

Thanks for your reply,
but i'm trying to figure out how an authenticated scan works:
Should i download and install a software? Or a bash script?Or
something else?
Thanks

2017-03-05 12:42 GMT+01:00 Eero Volotinen <eero.voloti...@iki.fi
<mailto:eero.voloti...@iki.fi>>:

autheticated scan requires usually supported platform. at
this moment only major linux distributions are supported.

        Eero

5.3.2017 1.33 ip. "Reindl Harald" <h.rei...@thelounge.net
<mailto:h.rei...@thelounge.net>> kirjoitti:



Am 05.03.2017  um 11:58 schrieb Vito
Logrillo:

Hi All,
sorry for my noob question, but i'm trying to
understand how security
scans work. My target is a custom linux distribution
on an IoT system: i
can set-up an SSH connection but i can't download
any package in a
simple way.
1. To perform an authenticated scan, an agent or a
software should be
downloaded on the target machine? Or a shell script?
2. Which are the benefits? It can check all
installed packages? Even if
they are not active?


the benefit is that it can also check services where the
ports are not reachable from the network

depending on what service and the complete setup a
vunerability on whatever is running can become very
quickly a remote exploit - simple example: you allow
users to upload php-scripts on your webserver - from
that moment on your services on 127.0.0.1 are no longer
isloated until you disable a lot of php functionality

___
Openvas-discuss mailing list
Openvas-discuss@wald.intevation.org
https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss

Re: [Openvas-discuss] Noob question on authenticated scans

[Reindl Harald]

Am 05.03.2017 um 11:58 schrieb Vito Logrillo:

Hi All,
sorry for my noob question, but i'm trying to understand how security
scans work. My target is a custom linux distribution on an IoT system: i
can set-up an SSH connection but i can't download any package in a
simple way.
1. To perform an authenticated scan, an agent or a software should be
downloaded on the target machine? Or a shell script?
2. Which are the benefits? It can check all installed packages? Even if
they are not active?


the benefit is that it can also check services where the ports are not 
reachable from the network


depending on what service and the complete setup a vunerability on 
whatever is running can become very quickly a remote exploit - simple 
example: you allow users to upload php-scripts on your webserver - from 
that moment on your services on 127.0.0.1 are no longer isloated until 
you disable a lot of php functionality

___
Openvas-discuss mailing list
Openvas-discuss@wald.intevation.org
https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss

[Openvas-discuss] FP: Hillstone Software TFTP Write/Read Request Server Denial Of Service

[Reindl Harald]

well, i honestly doubt that on our reverse-proxy something is listening 
on UDP ports at all..

___

Proto Recv-Q Send-Q Local Address   Foreign Address 
State   PID/Program name
tcp0  0 0.0.0.0:80  0.0.0.0:* 
LISTEN  20065/traffic_manag
tcp0  0 127.0.0.1:8083  0.0.0.0:* 
LISTEN  20065/traffic_manag
tcp0  0 127.0.0.1:8084  0.0.0.0:* 
LISTEN  20072/traffic_serve
tcp0  0 127.0.0.1:530.0.0.0:* 
LISTEN  811/dnsmasq
tcp0  0 0.0.0.0:443 0.0.0.0:* 
LISTEN  20065/traffic_manag
tcp0  0 0.0.0.0:10022   0.0.0.0:* 
LISTEN  17385/sshd
udp0  0 127.0.0.1:530.0.0.0:* 
   811/dnsmasq

___

Hillstone Software TFTP Write/Read Request Server Denial Of Service 
Vulnerability 	WillNotFix 	

5.0 (Mittel)
99% 10.0.0.469/udp  
Notiz hinzufügen
Übersteuerung hinzufügen
Zusammenfassung

This host is running Hillstone Software TFTP Server and is prone to 
denial of service vulnerability.

Ergebnis zur Schwachstellenerkennung

Schwachstelle wurde gemäß der Methode zur Schwachstellenerkennung erkannt.
Auswirkungen

Successful exploitation will allow attacker to crash the server process, 
resulting in a denial-of-service condition.


Impact Level: Application
Lösung

Art der Lösung: WillNotFix WillNotFix

No solution or patch was made available for at least one year since 
disclosure of this vulnerability. Likely none will be provided anymore. 
General solution options are to upgrade to a newer release, disable 
respective features, remove the product or replace the product by 
another one.

Betroffene Software/OS

Hillstone Software HS TFTP version 1.3.2
Schwachstellen-Einblick

The flaw is caused by an error when processing TFTP write and read 
requests, which can be exploited to crash the server via a specially 
crafted request sent to UDP port 69.

Methode zur Schwachstellenerkennung

Details: Hillstone Software TFTP Write/Read Request Server Denial Of 
Service Vulnerabili... (OID: 1.3.6.1.4.1.25623.1.0.802406)


Benutzte Version: $Revision: 3117 $
Verweise

CVE:CVE-2011-4720
BID:50886
Andere: http://secpod.org/blog/?p=419
http://packetstormsecurity.org/files/107468/hillstone-dos.txt

http://secpod.org/advisories/SecPod_Hillstone_Software_HS_TFTP_Server_DoS.txt
___
Openvas-discuss mailing list
Openvas-discuss@wald.intevation.org
https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss

Re: [Openvas-discuss] alert method scp not working

[Reindl Harald]

Am 23.02.2017 um 21:20 schrieb Jochen Dehm:

Yes, that's right. The fingerprint is the problem.

But with the user nobody is not so simple to implement.

root@sv-openvas /tmp # su - nobody -s /bin/bash
No directory,  Registration withHOME=/

nobody@sv-openvas:/tmp$ scp -o HashKnownHosts=no test.csv
root@192.168.1.119:/root/csv-reports
Could not create directory '/nonexistent/.ssh'.
The authenticity of host '192.168.1.119 (192.168.1.119)' can't be
established.
ECDSA key fingerprint is 21:8d:fc:b5:42:40:aa:b7:e6:40:f5:f3:2c:b3:be:00.
Are you sure you want to continue connecting (yes/no)? yes
Failed to add the host to the list of known hosts
(/nonexistent/.ssh/known_hosts).

The user has no home director

root@sv-openvas /tmp # cat /etc/passwd | grep nobody
nobody:x:65534:65534:nobody:/nonexistent:/usr/sbin/nologin


then give him one - so what
or use a different user (likely better)
___
Openvas-discuss mailing list
Openvas-discuss@wald.intevation.org
https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss

Re: [Openvas-discuss] unable to start services

[Reindl Harald]

Am 22.02.2017 um 17:28 schrieb Rishi Kumar:

I have installed openvas successfully on LMDE2, and i was able to access
greenbone admin login and logged in successfully.
Next time i am trying to start services but unable to start and hence
cannot access greenbone admin login screen.

I installed openvas following the instruction in this link:
http://www.cb-net.co.uk/linux/installing-openvas-and-greenbone-security-assistant-deployment-on-debian-8-jessie/

this guide is to compile and install packages from source.

I have created following:
/etc/systemd/system/*openvas-manager.service*
/etc/systemd/system/*openvas-scanner.service*
/etc/systemd/system/*greenbone-security-assistant.service*


and they contain what?


and made executable but when i try to start service by:


why do you make them executable?

if you would read your logs after "systemctl daemon-reload" you would 
see messages that this is a mistake



systemctl start openvas-manager.service
Failed to get D-Bus connection: Unknown error -1

Or

systemctl start openvas-manager.service
Failed to get D-Bus connection: Unknown error -1

Please help me to find the mistake and run openvas again


read your systemlogs, at least "systemctl status 
openvas-manager.service" should show the last recent ones for the service


but when it complains about dbus your system has usually a larger 
problem which is *not* openvas related

___
Openvas-discuss mailing list
Openvas-discuss@wald.intevation.org
https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss

Re: [Openvas-discuss] Unable to Sync

[Reindl Harald]

Am 20.02.2017 um 20:43 schrieb Eero Volotinen:

It's a bit hard to see that modifying dns entry as bypassing any
protections.


you don't know the environment
i don't know the environment

you replied to a answer which alread contained "Please contact your 
network administrator about this issue" and *that* is the way he has to go



I already assume that this person has permission to run openvas on


but that don#t imply that he has the permissions to do anything he wants 
*without* coordinate it with the network admin staff and typically that 
includes override company wide DNS settings



2017-02-20 15:19 GMT+02:00 Reindl Harald <h.rei...@thelounge.net
<mailto:h.rei...@thelounge.net>>:



Am 20.02.2017 um 14:14 schrieb Eero Volotinen:

sounds like client is using opendns for filtering?

is it forced or manually configured? try replacing with google dns
8.8.8.8 and try again.


NO - when you work in a company you are *not* supposed to bypass
your network admins and if you do so instead cooridnate with your
network staff you may get fired from your job

please stop confusing your private setups or your companies one
where you probably make the rules (as i do in ours) with other
emvironments

You still need to install md5sums package to get feed working..

2017-02-20 15:11 GMT+02:00 Christian Fischer
<christian.fisc...@greenbone.net
<mailto:christian.fisc...@greenbone.net>
<mailto:christian.fisc...@greenbone.net
<mailto:christian.fisc...@greenbone.net>>>:

Hi,

On 20.02.2017 14:07, Eero Volotinen wrote:
> install bzip2 and md5sum tools from package management and
try again.

in this case this won't help here.

Please contact your network administrator about this issue.
From the
output and the redirect to malware.opendns.com
<http://malware.opendns.com>
<http://malware.opendns.com> we can see that there is
some proxy in between causing the shown issue.

___
Openvas-discuss mailing list
Openvas-discuss@wald.intevation.org
https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss

Re: [Openvas-discuss] Strange error extracting reports

[Reindl Harald]

Am 20.02.2017 um 15:18 schrieb Ebert, Christian:

But with huge reports (the xml file is about 13 Mbytes) xmlstarlet crashes:
-:2.10003842: xmlSAX2Characters: huge text node: out of memory


surely, forgt openvas with less then 3 GB RAM right from the start
___
Openvas-discuss mailing list
Openvas-discuss@wald.intevation.org
https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss

Re: [Openvas-discuss] Unable to Sync

[Reindl Harald]

Am 20.02.2017 um 14:14 schrieb Eero Volotinen:

sounds like client is using opendns for filtering?

is it forced or manually configured? try replacing with google dns
8.8.8.8 and try again.


NO - when you work in a company you are *not* supposed to bypass your 
network admins and if you do so instead cooridnate with your network 
staff you may get fired from your job


please stop confusing your private setups or your companies one where 
you probably make the rules (as i do in ours) with other emvironments



You still need to install md5sums package to get feed working..

2017-02-20 15:11 GMT+02:00 Christian Fischer
>:

Hi,

On 20.02.2017 14:07, Eero Volotinen wrote:
> install bzip2 and md5sum tools from package management and try again.

in this case this won't help here.

Please contact your network administrator about this issue. From the
output and the redirect to malware.opendns.com
 we can see that there is
some proxy in between causing the shown issue.

Regards,

___
Openvas-discuss mailing list
Openvas-discuss@wald.intevation.org
https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss

Re: [Openvas-discuss] GSA crashes / OpenVAS hungs

[Reindl Harald]

Am 03.02.2017 um 16:57 schrieb tatooin:

Hi Reindl,

And thanks for your answer. Actually your questions made me find out
that for some reason my swap partition wasn't mounted. So perhaps it
explains the issues I'm facing in the end.
I have mounted my swap back, restarted gsa/redis/openvas and resumed my
scans.


you should assign at least 3 GB pyhisal RAM to your openvas machine, 
otherwise there is a butcher called OOM killer which will sooner or 
later slaughter your kittens



Let's see if it fix the issue.

As for Kali, I can unfortunately only agree with your statement. This
distrib is just buggy as hell but unfortunately there is no particular
alternative at the moment when you need a dedicated plateform for
ethical hacking, which is my case...


don't get me wrong but OpenVAS doe snot only run on Kali and when you 
want to become a hacker you should first become capable to install the 
tools at your own, Kali is no magic, it's just a distribution



-Original Message-
*From*: Reindl Harald <h.rei...@thelounge.net
<mailto:reindl%20harald%20%3ch.rei...@thelounge.net%3e>>
*To*: openvas-discuss@wald.intevation.org
<mailto:openvas-discuss@wald.intevation.org>
*Subject*: Re: [Openvas-discuss] GSA crashes / OpenVAS hungs
*Date*: Fri, 3 Feb 2017 16:17:53 +0100


Am 03.02.2017 um 16:04 schrieb tatooin:

I can resume works for some times. But again, as soon as the load
becomes significant, gsa crashes and openvassd becomes unresponsive.

It's not a load problem are purging/restarting redis is the key.

Apart from commenting out all save options in redis.conf, is there
anything I am missing with redis to get it work properly ?

I have the following error logs when gsa crashes in openvassd.messages:
/[Fri Feb 3 14:40:18 2017][7333] Client abruptly closed the communication/
/[Fri Feb 3 14:40:18 2017][7333] Test complete/
/[Fri Feb 3 14:40:18 2017][15974] Process 16844 (OID:
1.3.6.1.4.1.25623.1.0.805139) seems to have died too early/
/[Fri Feb 3 14:40:18 2017][15968] Process 7400 (OID:
1.3.6.1.4.1.25623.1.0.105211) seems to have died too early/
/[Fri Feb 3 14:40:18 2017][15970] Process 16513 (OID:
1.3.6.1.4.1.25623.1.0.805927) seems to have died too early/
/[continuing]/
/openvassd: testing 10.169.74.94(sighand_segv+0x7c)[0x56176464e10c]/
/openvassd: testing 10.169.74.91(sighand_segv+0x7c)[0x56176464e10c]/
//lib/x86_64-linux-gnu/libc.so.6(+0x33040)[0x7f574a5a0040]/
//lib/x86_64-linux-gnu/libc.so.6(+0x33040)[0x7f574a5a0040]/


these are segfaults

how many RAM has the machine?
what does dmesg say?
what doe sthe global syslog say?
how have you installed openvas?
did you ask on a kali linux channel?

each and every time kali linux is mentioned on this than becuse nothing
works as expeted

___
Openvas-discuss mailing list
Openvas-discuss@wald.intevation.org
https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss

Re: [Openvas-discuss] GSA crashes / OpenVAS hungs

[Reindl Harald]

Am 03.02.2017 um 16:04 schrieb tatooin:

I can resume works for some times. But again, as soon as the load
becomes significant, gsa crashes and openvassd becomes unresponsive.

It's not a load problem are purging/restarting redis is the key.

Apart from commenting out all save options in redis.conf, is there
anything I am missing with redis to get it work properly ?

I have the following error logs when gsa crashes in openvassd.messages:
/[Fri Feb  3 14:40:18 2017][7333] Client abruptly closed the communication/
/[Fri Feb  3 14:40:18 2017][7333] Test complete/
/[Fri Feb  3 14:40:18 2017][15974] Process 16844 (OID:
1.3.6.1.4.1.25623.1.0.805139) seems to have died too early/
/[Fri Feb  3 14:40:18 2017][15968] Process 7400 (OID:
1.3.6.1.4.1.25623.1.0.105211) seems to have died too early/
/[Fri Feb  3 14:40:18 2017][15970] Process 16513 (OID:
1.3.6.1.4.1.25623.1.0.805927) seems to have died too early/
/[continuing]/
/openvassd: testing 10.169.74.94(sighand_segv+0x7c)[0x56176464e10c]/
/openvassd: testing 10.169.74.91(sighand_segv+0x7c)[0x56176464e10c]/
//lib/x86_64-linux-gnu/libc.so.6(+0x33040)[0x7f574a5a0040]/
//lib/x86_64-linux-gnu/libc.so.6(+0x33040)[0x7f574a5a0040]/


these are segfaults

how many RAM has the machine?
what does dmesg say?
what doe sthe global syslog say?
how have you installed openvas?
did you ask on a kali linux channel?

each and every time kali linux is mentioned on this than becuse nothing 
works as expeted

___
Openvas-discuss mailing list
Openvas-discuss@wald.intevation.org
https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss

Re: [Openvas-discuss] Problem starting gsa

[Reindl Harald]

next time mention your operating system and package versions
https://bugzilla.redhat.com/show_bug.cgi?id=1416034

a new build is in testing and and then 0.9.52 should work too

Am 31.01.2017 um 11:56 schrieb Corti Matteo (ID BD):

give no output with the following entries in the log file

gsad main:  DEBUG:2017-01-31 10h49.22 utc:24066: main: gettext
translation extensions are enabled (using locale "en_US.UTF-8").
gsad main:  DEBUG:2017-01-31 10h49.22 utc:24066: Forking...
gsad main:  DEBUG:2017-01-31 10h49.22 utc:24067: Forking for redirect...
gsad main:CRITICAL:2017-01-31 10h49.22 utc:24067: main:
start_https_daemon failed!

___
Openvas-discuss mailing list
Openvas-discuss@wald.intevation.org
https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss

Re: [Openvas-discuss] Fresh install and problem with openvas-scapdata-sync

[Reindl Harald]

Am 27.01.2017 um 11:20 schrieb Michal Chrobak:

I have my openvas installation on ubuntu which is virtual machine (hosted od 
arch and kvm) with vmdk disk. I check this disk with badblocks:
user@openvas:~$ sudo poweroff
Connection to 192.168.121.253 closed by remote host.
Connection to 192.168.121.253 closed.
[mchrobak@michalc_lin] ~ $ sudo badblocks -nvs kvm/openvas.vmdk
Checking for bad blocks in non-destructive read-write mode
From block 0 to 7808703
Checking for bad blocks (non-destructive read-write test)
Testing with random pattern: done
Pass completed, 0 bad blocks found. (0/0/0 errors)

It looks like vmdk and disk of host OS is ok (I have SSD disk, buy year ago)


frankly "badblocks" on a virtual disk image should dot what exactly?

what about read the output of "dmesg" and whereever Ubunto writes the 
global syslog at times where probles appear?


look in your systemlogs on the host and the virtual machine, in the best 
case the was only concurrency from other guests and you would see 
something like "[ 1985.288632] hrtimer: interrupt took 2895550 ns" or 
disk timouts in the guest


disk timeouts are happening here regulary when the host does it's weekly 
raid-check and the backup vm it's monthly rsync --checksums over 1 TB 
btrfs compressed data on a LUKS encryption layer at the same time


but that's not the production host
___
Openvas-discuss mailing list
Openvas-discuss@wald.intevation.org
https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss

Re: [Openvas-discuss] OpenVAS 8 demo image contains expired certificates

[Reindl Harald]

Am 24.01.2017 um 09:59 schrieb Eero Volotinen:

How about rebuilding and releasing updated version with renewed openvas
certificates?
It's a bit bad feeling, if demo image does not work without tricks.


and what about making that damned certs in general valid for more than 
one year? on of the two commands supports it, the other don't and the 
defaults are a joke

___
Openvas-discuss mailing list
Openvas-discuss@wald.intevation.org
https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss

Re: [Openvas-discuss] openvas hangs in 1%

[Reindl Harald]

Am 20.01.2017 um 13:20 schrieb googu hr:

yes ,thanks !


and the next time mention your hardware-ressources unasked instead 
pretend "I am sure machine RAM is enough" and consider some linux basics 
like "dmesg" and look in the system logs where you cleraly can see OOM 
killer events



2017-01-20 18:46 GMT+08:00 Eero Volotinen >:

Well, think again.
[e] Update of CPEs failed: xsltproc exited with code 137

this means that your machine runs out of memory duting
scapdata-sync. So you must be running something like 1G memory?

2017-01-19 16:41 GMT+02:00 googu hr >:

I am sure machine RAM is enough

___
Openvas-discuss mailing list
Openvas-discuss@wald.intevation.org
https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss

Re: [Openvas-discuss] openvas hangs in 1%

[Reindl Harald]

Am 19.01.2017 um 15:41 schrieb googu hr:

I am sure machine RAM is enough


and how much is that what you *think* it's enough?

3 GB is at least required on a machine dedicated to run only openvas/gsa
___
Openvas-discuss mailing list
Openvas-discuss@wald.intevation.org
https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss

Re: [Openvas-discuss] Openvas Rsync Issue

[Reindl Harald]

Am 09.01.2017 um 13:57 schrieb satheesh prabhakaran:

I tried installing openvas using below link and was able to install
successfully in one environment (which does not need proxy to connect
internet)

http://www.dangtrinh.com/2015/05/install-openvas-8-in-ubuntu-1404-using.html

But in other environment where we need proxy to connect is throwing
error as below


https://www.google.com/search?q=rsync+proxy
https://www.bonusbits.com/wiki/HowTo:Setup_HTTP_Proxy_Settings_for_Bash_Profile_on_Linux
___
Openvas-discuss mailing list
Openvas-discuss@wald.intevation.org
https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss

Re: [Openvas-discuss] Assign Additional Resources CPU/Memory to openvasmd

[Reindl Harald]

to make it more clear for people who think "my single process has to 
utilize my hardware":


you won't get far when you complain why your webserver does not utilize 
your CPU and memory as much as you like it because it spends most of the 
time by wait for the overloaded database-server which can not serve more 
concurrency


in that case you need a database cluster to spread at least your 
select-queries over more than one instance to reduce the impact of lockings


and that may work well even if that instances are on the same host in 
multiple virtual machines because even HPC setups exists in the real 
world who prove that theory - welcome in 2017!


https://gcn.com/articles/2014/07/11/vgrid-hpc-virtualization.aspx

http://www.zdnet.com/article/yes-virtualization-is-faster-sometimes-than-native-hardware/

"However, by partitioning each host into two or four virtual machines, 
they were able to get significantly better performance"


Am 08.01.2017 um 03:23 schrieb Reindl Harald:

Am 08.01.2017 um 03:19 schrieb Fábio Fernandes:

In my opinion i think that those resources would be better spent on
openvassd process since it does the heavy lifting.


when the bottleneck are shared ressources used by openvassd it can't do
anyhting about it and so you need to get rid of the concurrecncy by just
have more of this ressources aka more instances


No dia 08/01/2017, às 00:59, Reindl Harald <h.rei...@thelounge.net>
escreveu:

Am 08.01.2017 um 01:30 schrieb TN TN:

HI Christian, I actually have it installed with postgresql, but when
you're scanning thousands of internal hosts on a weekly basis it slows
it down considerably over time.. I'm just curious on why openvasmd is
not using enough resources on the server. Thanks TN


because they are not available which means you assume the bottleneck
likely where it isn't - when you scan thousands of hosts how do you
come to the conclusion at a single openvas machine will be enough?

just install *more* instances as virtual machines when you say you
are not cpu-bound and have enough memory and spread the load -
problem solved


On 7 January 2017 at 17:09, Christian Fischer
<christian.fisc...@greenbone.net
<mailto:christian.fisc...@greenbone.net>> wrote:

   Hi,

   On 07.01.2017 19:43, TN TN wrote:
   > Hi, I have a fairly powerful server and it seems like the
openvasmd
   > process isnt using up alot of the resources on the box. If I run
   > numerous scans (the scanner being off of the main openvasmd
   server), the
   > openvasmd process barely uses any resources, however Greenbone
slows
   > down and the backend commands take much longer to execute. Is
there a
   > way to force openvasmd to use more resources (CPU/Memory) so
that it
   > runs faster? Thanks, TN

   i don't think this is possible and it also probably wouldn't help
here.
   The manager process is using the resources it needs.

   I think the bottle neck is more likely the sqlite database
backend which
   slows down if multiple scanners are sending data to the manager.
Have a
   look at the postgresql database backend which might help to
improve the
   performance.

___
Openvas-discuss mailing list
Openvas-discuss@wald.intevation.org
https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss

Re: [Openvas-discuss] Assign Additional Resources CPU/Memory to openvasmd

[Reindl Harald]

Am 08.01.2017 um 01:30 schrieb TN TN:

HI Christian, I actually have it installed with postgresql, but when
you're scanning thousands of internal hosts on a weekly basis it slows
it down considerably over time.. I'm just curious on why openvasmd is
not using enough resources on the server. Thanks TN


because they are not available which means you assume the bottleneck 
likely where it isn't - when you scan thousands of hosts how do you come 
to the conclusion at a single openvas machine will be enough?


just install *more* instances as virtual machines when you say you are 
not cpu-bound and have enough memory and spread the load - problem solved



On 7 January 2017 at 17:09, Christian Fischer
> wrote:

Hi,

On 07.01.2017 19:43, TN TN wrote:
> Hi, I have a fairly powerful server and it seems like the openvasmd
> process isnt using up alot of the resources on the box. If I run
> numerous scans (the scanner being off of the main openvasmd
server), the
> openvasmd process barely uses any resources, however Greenbone slows
> down and the backend commands take much longer to execute. Is there a
> way to force openvasmd to use more resources (CPU/Memory) so that it
> runs faster? Thanks, TN

i don't think this is possible and it also probably wouldn't help here.
The manager process is using the resources it needs.

I think the bottle neck is more likely the sqlite database backend which
slows down if multiple scanners are sending data to the manager. Have a
look at the postgresql database backend which might help to improve the
performance.

___
Openvas-discuss mailing list
Openvas-discuss@wald.intevation.org
https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss

Re: [Openvas-discuss] Port 25 weak ciphers

[Reindl Harald]

Am 03.01.2017 um 19:13 schrieb Reindl Harald:

Am 03.01.2017 um 19:02 schrieb Christian Fischer:

On 03.01.2017 18:24, Reindl Harald wrote:

on machines with the settings below talking about 'auth_password' is
wrong to begin with as long you are not been able as scanner to find any
exception where password logins are allowed at all

PasswordAuthentication  no
ChallengeResponseAuthentication no
GSSAPIAuthenticationno
GSSAPICleanupCredentialsno


instead of pointing fingers it would really help if you just provide the
asked information about your feed status as well as the output of the
NVT "OS Detection Consolidation (1.3.6.1.4.1.25623.1.0.105937)"


what did you not understand in the simple fact that i in the meantime
updated the feed and so hardly can tell you what version it *was* before
doing so


and to point again with fingers - in recent GSA versions it's no longer 
pssible to manually start a time-scheduled task so not i won>#t touch 
anything before the next automatic scan on 2017/02

___
Openvas-discuss mailing list
Openvas-discuss@wald.intevation.org
https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss

Re: [Openvas-discuss] Port 25 weak ciphers

[Reindl Harald]

Am 03.01.2017 um 19:02 schrieb Christian Fischer:

Hi,

On 03.01.2017 18:24, Reindl Harald wrote:


Am 03.01.2017 um 18:17 schrieb Christian Fischer:

On 03.01.2017 17:56, Reindl Harald wrote:

Am 03.01.2017 um 17:46 schrieb Michael Meyer:

*** Reindl Harald wrote:


the scan is from yesterday, the issues are months old (includinmg
the openssh windows bruteforce nonsense on linux machines with
key-only-auth on recent Fedora steups)


"openssh windows bruteforce nonsense on linux machines"?


* no windows machine
* no 'auth_password' at all
* linux distributions don't raise version numbers but release fixes

hence flagged as false positive yesterday since i not no longer can see
that red colored nonsense initially reported months ago

High (CVSS: 7.8)
NVT: OpenSSH 'auth_password' Denial of Service Vulnerability (Windows)
(OID: 1.3.6.1.4.1.25623.1.0.809121)
Product detection result: cpe:/a:openbsd:openssh:7.2 by SSH Server type
and version (OID: 1.3.6.1.4.1.25623.1.0.10267)

Installed version: 7.2
Fixed version: 7.3


it would make sense if you provide your used feed version:

GSA:

Administration -> NVT Feed (OpenVAS 8 and below)
Extras -> Feed status (OpenVAS 9+)


as you can see in this thread the last feed update failed but it should
have been fixed at least *two months* before

on machines with the settings below talking about 'auth_password' is
wrong to begin with as long you are not been able as scanner to find any
exception where password logins are allowed at all

PasswordAuthentication  no
ChallengeResponseAuthentication no
GSSAPIAuthenticationno
GSSAPICleanupCredentialsno


instead of pointing fingers it would really help if you just provide the
asked information about your feed status as well as the output of the
NVT "OS Detection Consolidation (1.3.6.1.4.1.25623.1.0.105937)"


what did you not understand in the simple fact that i in the meantime 
updated the feed and so hardly can tell you what version it *was* before 
doing so

___
Openvas-discuss mailing list
Openvas-discuss@wald.intevation.org
https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss

Re: [Openvas-discuss] Port 25 weak ciphers

[Reindl Harald]

Am 03.01.2017 um 18:17 schrieb Christian Fischer:

On 03.01.2017 17:56, Reindl Harald wrote:

Am 03.01.2017 um 17:46 schrieb Michael Meyer:

*** Reindl Harald wrote:


the scan is from yesterday, the issues are months old (includinmg
the openssh windows bruteforce nonsense on linux machines with
key-only-auth on recent Fedora steups)


"openssh windows bruteforce nonsense on linux machines"?


* no windows machine
* no 'auth_password' at all
* linux distributions don't raise version numbers but release fixes

hence flagged as false positive yesterday since i not no longer can see
that red colored nonsense initially reported months ago

High (CVSS: 7.8)
NVT: OpenSSH 'auth_password' Denial of Service Vulnerability (Windows)
(OID: 1.3.6.1.4.1.25623.1.0.809121)
Product detection result: cpe:/a:openbsd:openssh:7.2 by SSH Server type
and version (OID: 1.3.6.1.4.1.25623.1.0.10267)

Installed version: 7.2
Fixed version: 7.3


it would make sense if you provide your used feed version:

GSA:

Administration -> NVT Feed (OpenVAS 8 and below)
Extras -> Feed status (OpenVAS 9+)


as you can see in this thread the last feed update failed but it should 
have been fixed at least *two months* before


on machines with the settings below talking about 'auth_password' is 
wrong to begin with as long you are not been able as scanner to find any 
exception where password logins are allowed at all


PasswordAuthentication  no
ChallengeResponseAuthentication no
GSSAPIAuthenticationno
GSSAPICleanupCredentialsno
___
Openvas-discuss mailing list
Openvas-discuss@wald.intevation.org
https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss

Re: [Openvas-discuss] Port 25 weak ciphers

[Reindl Harald]

Am 03.01.2017 um 17:46 schrieb Michael Meyer:

*** Reindl Harald wrote:


the scan is from yesterday, the issues are months old (includinmg
the openssh windows bruteforce nonsense on linux machines with
key-only-auth on recent Fedora steups)


"openssh windows bruteforce nonsense on linux machines"?


* no windows machine
* no 'auth_password' at all
* linux distributions don't raise version numbers but release fixes

hence flagged as false positive yesterday since i not no longer can see 
that red colored nonsense initially reported months ago


High (CVSS: 7.8)
NVT: OpenSSH 'auth_password' Denial of Service Vulnerability (Windows) 
(OID: 1.3.6.1.4.1.25623.1.0.809121)
Product detection result: cpe:/a:openbsd:openssh:7.2 by SSH Server type 
and version (OID: 1.3.6.1.4.1.25623.1.0.10267)


Installed version: 7.2
Fixed version: 7.3


___
Openvas-discuss mailing list
Openvas-discuss@wald.intevation.org
https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss

Re: [Openvas-discuss] Port 25 weak ciphers

[Reindl Harald]

Am 03.01.2017 um 17:46 schrieb Michael Meyer:

*** Reindl Harald wrote:


the scan is from yesterday, the issues are months old (includinmg
the openssh windows bruteforce nonsense on linux machines with
key-only-auth on recent Fedora steups)


"openssh windows bruteforce nonsense on linux machines"?


[root@openvas:~]$ cat /usr/local/bin/openvas-sync
#!/usr/bin/dash
openvas-nvt-sync
openvas-scapdata-sync
openvas-certdata-sync
openvasmd --rebuild
killall -s SIGHUP openvassd


Looks like you are not a big fan of error handling?


looks like that all should not bee needed and a simple "openvas-sync" 
doe anything which is needed including reload/restart and *then* have a 
single exit code

___
Openvas-discuss mailing list
Openvas-discuss@wald.intevation.org
https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss

Re: [Openvas-discuss] Port 25 weak ciphers

[Reindl Harald]

Am 03.01.2017 um 16:17 schrieb Christian Fischer:

On 03.01.2017 16:09, Reindl Harald wrote:

nvt-sync this month failed but since this problem exists for month now i
doubt that all of them failed with connection refused in the past months


your posted plugin output shows that your feed version is *at least* 1
1/2 months old.


yeah because the feed sevrers where down at 2017/01/01
but the isssue existed for half a year


i am talking so aggressively about it because nobody with a clue about
how oppotunistic TLS works would have implementd it that way from the start


Be happy that it got changed now. Don't think that we need to discuss
this further, as it seems to make no sense to discuss such stuff with you

___
Openvas-discuss mailing list
Openvas-discuss@wald.intevation.org
https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss

Re: [Openvas-discuss] Port 25 weak ciphers

[Reindl Harald]

Am 03.01.2017 um 16:04 schrieb Christian Fischer:

On 03.01.2017 15:55, Reindl Harald wrote:

so better provide a recent feed instead talking about it


i'm not responsible for the availability of the feed (which is btw.
working just fine from two different systems in Germany and France).

Just can tell you that the issue you're so aggressively talking about
has been already fixed and is available in a current feed version


nvt-sync this month failed but since this problem exists for month now i 
doubt that all of them failed with connection refused in the past months


i am talking so aggressively about it because nobody with a clue about 
how oppotunistic TLS works would have implementd it that way from the start

___
Openvas-discuss mailing list
Openvas-discuss@wald.intevation.org
https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss

Re: [Openvas-discuss] Port 25 weak ciphers

[Reindl Harald]

Am 03.01.2017 um 15:51 schrieb Reindl Harald:



Am 03.01.2017 um 08:49 schrieb Christian Fischer:

On 02.01.2017 23:13, Reindl Harald wrote:

damned how long takes it to remove this bullshit

ENFORCING ANY BETTER SECURITY IN CASE OF OPPORTUNISTIC ENCRYPTION LEDAS
IN DELIVERING CLIENT FALL BACK TO ***NO ENVRYPTION** AT ALL

25/tcp

Weak ciphers offered by this service:
  TLS1_0_ECDH_anon_WITH_3DES_EDE_CBC_SHA
  TLS1_0_RSA_WITH_3DES_EDE_CBC_SHA
  TLS1_1_ECDH_anon_WITH_3DES_EDE_CBC_SHA
  TLS1_1_RSA_WITH_3DES_EDE_CBC_SHA
  TLS1_2_ECDH_anon_WITH_3DES_EDE_CBC_SHA
  TLS1_2_RSA_WITH_3DES_EDE_CBC_SHA


just use a current feed instead of CAPS writing and then you already got
this removed


the scan is from yesterday, the issues are months old (includinmg the
openssh windows bruteforce nonsense on linux machines with key-only-auth
on recent Fedora steups)

30 1 1 * *  root
/usr/local/bin/openvas-sync

[root@openvas:~]$ cat /usr/local/bin/openvas-sync
#!/usr/bin/dash
openvas-nvt-sync
openvas-scapdata-sync
openvas-certdata-sync
openvasmd --rebuild
killall -s SIGHUP openvassd


so better provide a recent feed instead talking about it

 Weitergeleitete Nachricht 
Betreff: Cron <root@openvas>  /usr/local/bin/openvas-sync
Datum: Sun,  1 Jan 2017 01:30:02 +0100 (CET)
Von: (Cron Daemon) <r...@esx1.thelounge.net>
An: r...@esx1.thelounge.net

[i] This script synchronizes an NVT collection with the 'OpenVAS NVT Feed'.
[i] The 'OpenVAS NVT Feed' is provided by 'The OpenVAS Project'.
[i] Online information about this feed: 
'http://www.openvas.org/openvas-nvt-feed.html'.

[i] NVT dir: /var/lib/openvas/plugins
OpenVAS community feed server - http://www.openvas.org/
This service is hosted by Greenbone Networks - http://www.greenbone.net/

All transactions are logged.

If you have any questions, please use the OpenVAS mailing lists
or the OpenVAS IRC chat. See http://www.openvas.org/ for details.

By using this service you agree to our terms and conditions.

Only one sync per time, otherwise the source ip will be blocked.

[i] Will use rsync
[i] Using rsync: /usr/bin/rsync
[i] Configured NVT rsync feed: rsync://feed.openvas.org:/nvt-feed
rsync: failed to connect to feed.openvas.org (89.146.224.58): Connection 
refused (111)
rsync: failed to connect to feed.openvas.org (2a01:130:2000:127::d1): 
Cannot assign requested address (99)
rsync error: error in socket IO (code 10) at clientserver.c(125) 
[Receiver=3.1.2]

Error: rsync failed. Your NVT collection might be broken now.
[i] This script synchronizes a SCAP data directory with the OpenVAS one.
[i] This script is for the SQLite3 backend.
[i] SCAP dir: /var/lib/openvas/scap-data
[i] Will use rsync
[i] Using rsync: /usr/bin/rsync
[i] Configured SCAP data rsync feed: rsync://feed.openvas.org:/scap-data
OpenVAS community feed server - http://www.openvas.org/
This service is hosted by Greenbone Networks - http://www.greenbone.net/

All transactions are logged.

If you have any questions, please use the OpenVAS mailing lists
or the OpenVAS IRC chat. See http://www.openvas.org/ for details.

By using this service you agree to our terms and conditions.

Only one sync per time, otherwise the source ip will be blocked.

receiving incremental file list
./
COPYING.asc

  0   0%0.00kB/s0:00:00  181 100% 
176.76kB/s0:00:00 (xfr#1, to-chk=64/67)

nvdcve-2.0-2002.xml

  0   0%0.00kB/s0:00:001,139,649   5% 
1.07MB/s0:00:162,596,930  13%1.22MB/s0:00:13 
4,124,866  21%1.29MB/s0:00:115,352,568  27%1.26MB/s 
  0:00:106,885,143  35%1.35MB/s0:00:098,576,435 
 43%1.41MB/s0:00:079,989,555  51%1.38MB/s 
0:00:06   11,389,295  58%1.42MB/s0:00:05   12,603,695 
64%1.35MB/s0:00:05   13,946,146  71%1.26MB/s0:00:04 
 15,354,824  78%1.27MB/s0:00:03   16,637,307  85% 
1.23MB/s0:00:02   17,969,071  91%1.25MB/s0:00:01 
19,492,591  99%1.30MB/s0:00:00   19,560,510 100%1.31MB/s 
   0:00:14 (xfr#2, to-chk=63/67)

nvdcve-2.0-2002.xml.asc

  0   0%0.00kB/s0:00:00  181 100% 
5.52kB/s0:00:00 (xfr#3, to-chk=62/67)

nvdcve-2.0-2003.xml

  0   0%0.00kB/s0:00:001,866,908  32% 
1.77MB/s0:00:023,924,582  68%1.86MB/s0:00:00 
5,699,608 100%1.91MB/s0:00:02 (xfr#4, to-chk=61/67)

nvdcve-2.0-2003.xml.asc

  0   0%0.00kB/s0:00:00  181 100% 
0.21kB/s0:00:00 (xfr#5, to-chk=60/67)

nvdcve-2.0-2004.xml

  0   0%0.00kB/s0:00:00  367,213   3% 
355.76kB/s0:00:321,939,044  16%  922.81kB/s0:00:10 
 3,514,300  29%1.08MB/s0:00:074,897,013  41% 
1.13MB/s0:00:056,369,110  53%1.38MB/s0:00:03 
7,838,218  66%1.35MB/s0:00:029,339,055  79%

Re: [Openvas-discuss] Port 25 weak ciphers

[Reindl Harald]

Am 03.01.2017 um 08:49 schrieb Christian Fischer:

On 02.01.2017 23:13, Reindl Harald wrote:

damned how long takes it to remove this bullshit

ENFORCING ANY BETTER SECURITY IN CASE OF OPPORTUNISTIC ENCRYPTION LEDAS
IN DELIVERING CLIENT FALL BACK TO ***NO ENVRYPTION** AT ALL

25/tcp

Weak ciphers offered by this service:
  TLS1_0_ECDH_anon_WITH_3DES_EDE_CBC_SHA
  TLS1_0_RSA_WITH_3DES_EDE_CBC_SHA
  TLS1_1_ECDH_anon_WITH_3DES_EDE_CBC_SHA
  TLS1_1_RSA_WITH_3DES_EDE_CBC_SHA
  TLS1_2_ECDH_anon_WITH_3DES_EDE_CBC_SHA
  TLS1_2_RSA_WITH_3DES_EDE_CBC_SHA


just use a current feed instead of CAPS writing and then you already got
this removed


the scan is from yesterday, the issues are months old (includinmg the 
openssh windows bruteforce nonsense on linux machines with key-only-auth 
on recent Fedora steups)


30 1 1 * *  root 
/usr/local/bin/openvas-sync


[root@openvas:~]$ cat /usr/local/bin/openvas-sync
#!/usr/bin/dash
openvas-nvt-sync
openvas-scapdata-sync
openvas-certdata-sync
openvasmd --rebuild
killall -s SIGHUP openvassd

___
Openvas-discuss mailing list
Openvas-discuss@wald.intevation.org
https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss

[Openvas-discuss] Port 25 weak ciphers

[Reindl Harald]

damned how long takes it to remove this bullshit

ENFORCING ANY BETTER SECURITY IN CASE OF OPPORTUNISTIC ENCRYPTION LEDAS 
IN DELIVERING CLIENT FALL BACK TO ***NO ENVRYPTION** AT ALL


25/tcp

Weak ciphers offered by this service:
  TLS1_0_ECDH_anon_WITH_3DES_EDE_CBC_SHA
  TLS1_0_RSA_WITH_3DES_EDE_CBC_SHA
  TLS1_1_ECDH_anon_WITH_3DES_EDE_CBC_SHA
  TLS1_1_RSA_WITH_3DES_EDE_CBC_SHA
  TLS1_2_ECDH_anon_WITH_3DES_EDE_CBC_SHA
  TLS1_2_RSA_WITH_3DES_EDE_CBC_SHA
___
Openvas-discuss mailing list
Openvas-discuss@wald.intevation.org
https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss

Re: [Openvas-discuss] OpenVAS Check for SSL Weak Ciphers

[Reindl Harald]

Am 21.12.2016 um 18:45 schrieb Eero Volotinen:

Is there any reason to support other than TLSv1.2 protocols?


in your small world probably not

in the real world where you ar enot in the position to update every 
mailclient of every customer or even every operating system and it's 
browsers of website visitors it is


there is no reason that a recent client would fall back to 3DES other 
than a major bug in that client which needs to be fixed there and not on 
the server side



2016-12-20 18:09 GMT+02:00 Madden, Joe >:

Hi,

__ __

Our openvas is showing the following ciphers as a medimum risk:

__ __

  TLS1_0_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA

  TLS1_0_DHE_RSA_WITH_3DES_EDE_CBC_SHA

  TLS1_0_RSA_WITH_3DES_EDE_CBC_SHA

  TLS1_1_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA

  TLS1_1_DHE_RSA_WITH_3DES_EDE_CBC_SHA

  TLS1_1_RSA_WITH_3DES_EDE_CBC_SHA

  TLS1_2_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA

  TLS1_2_DHE_RSA_WITH_3DES_EDE_CBC_SHA

  TLS1_2_RSA_WITH_3DES_EDE_CBC_SHA

___
Openvas-discuss mailing list
Openvas-discuss@wald.intevation.org
https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss

Re: [Openvas-discuss] Openvas9 scanner listen on interface IP address

[Reindl Harald]

Am 15.12.2016 um 11:48 schrieb Christian Fischer:

On 15.12.2016 11:40, TN TN wrote:

Hi, the latest version of the openvas9-scanner doesn't have the
--listen= function. How can I make the service listen on the
correct IP? Thanks T


have a look at the CHANGES file of openvas-scanner-5.1 from OpenVAS9:


* New command line options --unix-socket, --listen-mode,

  --listen-group, --listen-owner and --gnupg-home.

* Removed command line options --listen, --port, --gnutls-priorities

and --dh-params.

The scanner is now only listen to a unix-socket and the manger
(installed on the same host) is connecting to that unix-socket


oh yeah - please for any other services too except GSA so that we can 
get rid of all that GnuTLS / certificate issues for 1 out of 1 users 
which has the services spread over different machines

___
Openvas-discuss mailing list
Openvas-discuss@wald.intevation.org
https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss

Re: [Openvas-discuss] Openvas9 scanner listen on interface IP address

[Reindl Harald]

Am 15.12.2016 um 11:40 schrieb TN TN:

Hi, the latest version of the openvas9-scanner doesn't have the
--listen= function. How can I make the service listen on the
correct IP?


with some luck now there are config files instead CLI params and so no 
longer override distribution service units for basic configuration?

___
Openvas-discuss mailing list
Openvas-discuss@wald.intevation.org
https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss

Re: [Openvas-discuss] Openvas-discuss Digest, Vol 118, Issue 25

[Reindl Harald]

Am 25.11.2016 um 13:24 schrieb Jaydeep Shah:

I got the solution and fixed it. Now my OpenVAS is working.
Thanks for including my query in the discussion list.


did you see that?

digests are for pure readers in general but without a useful subject 
it's even more annoying and the list server should reject mails with 
"Re: [Openvas-discuss] Openvas-discuss Digest"



When replying, please edit your Subject line so it is more specific than
"Re: Contents of Openvas-discuss digest..."

___
Openvas-discuss mailing list
Openvas-discuss@wald.intevation.org
https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss

Re: [Openvas-discuss] fedora + openvas 8

[Reindl Harald]

Am 22.11.2016 um 20:52 schrieb kalin m:

hi all...

from: http://www.openvas.org/install-packages-v7.html (there is no v8?!)

i do:

wget -q -O - http://www.atomicorp.com/installers/atomic |sh


why in the world do you touch anything from Atmoic on Fedora?

man dnf
man yum

___
Openvas-discuss mailing list
Openvas-discuss@wald.intevation.org
https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss

Re: [Openvas-discuss] scans take forever - sometimes...

[Reindl Harald]

Am 15.11.2016 um 23:54 schrieb Fábio Fernandes:

It has happened to me too. Analyzing further with tcpdump and strace i could 
see that the retry speed rate seemed to be lower (maybe due to nmap adapting to 
the conditions of the network like weak connection or firewalls) but the same 
nmap command would finish in 15 to 20 minutes. I tried changing the timing 
options in the nmap portscanning plugin but never could confirm if it 
completely solved the issue as it happened only sometimes.


fix your firewall setting to *not drop* but reject packages from the 
scanner ip



No dia 10/11/2016, às 06:10, Christian Fischer 
 escreveu:

Hi,

On 09.11.2016 22:48, fschnit...@execulink.com wrote:

A good understanding
of this behaviour would be great.


the nmap.nasl is just a "wrapper" of nmap and is calling plain nmap so
you might need to dig into nmap itself to see why it is sometimes faster
and the other time not

___
Openvas-discuss mailing list
Openvas-discuss@wald.intevation.org
https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss

Re: [Openvas-discuss] In a case of the block, skip scanning.

[Reindl Harald]

Am 10.11.2016 um 17:23 schrieb n...@slimhost.com.ua:

Could U please advise me, how I can skip scanning the host if it blocked
my IP during the scan?


how do you imagine to distinct between DROP becaus eof IP blocked and 
"-j DROP" default action for anything which is not allowed? you can't 
and so openvas can't

___
Openvas-discuss mailing list
Openvas-discuss@wald.intevation.org
https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss

Re: [Openvas-discuss] openvas 8

[Reindl Harald]

Am 10.11.2016 um 19:37 schrieb kalin m:

i'd be really appreciative of a direction here. i've been trying this
for a week and my deadline is almost here. if anybody has a winning
combination of openvas 8 on any unix like os within vmware fusion 8.5
please let me know...


[root@openvas:~]$ rpm -qa | grep openvas
openvas-scanner-5.0.6-1.fc24.x86_64
openvas-manager-6.0.9-1.fc24.x86_64
openvas-gsa-6.0.11-3.fc24.x86_64
openvas-cli-1.4.4-1.fc24.x86_64
openvas-libraries-8.0.8-2.fc24.x86_64

running on Fedora 24 x86_64 for many months with just the Fedora 
packages on ESXi 5.5 which should make no differnce to VMware Fusion / 
Workstation at all

___
Openvas-discuss mailing list
Openvas-discuss@wald.intevation.org
https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss