Re: [Openvas-discuss] Master - Slave Openvas
I only open up port 9390. Try to connect to the system using telnet to see if you can connect? If that works, look at some of the OpenVAS log for more clues (openvasmd.log). Perhaps you forgot to load in the slaves CA certificate? Thijs Stuurman Quality & Security | KPN Internedservices B.V. thijs.stuur...@internedservices.nl<mailto:thijs.stuur...@internedservices.nl> | thijs.stuur...@kpn.com<mailto:thijs.stuur...@kpn.com> T: +31(0)299476185 | M: +31(0)624366778 PGP Key-ID: 0x16ADC048 (https://pgp.surfnet.nl/) Fingerprint: 2EDB 9B42 D6E8 7D4B 6E02 8BE5 6D46 8007 16AD C048 W: https://www.internedservices.nl<https://www.internedservices.nl/> | L: https://nl.linkedin.com/in/thijsstuurman Van: Openvas-discuss Namens Lara, Alisson Infante Verzonden: donderdag 18 oktober 2018 11:48 Aan: openvas-discuss@wald.intevation.org Onderwerp: [Openvas-discuss] Master - Slave Openvas HI Team. I have some slaves in my internal network, but when I try to insert one slave in my DMZ network not working. My master can not start a test in my slave (I already did all things, like create an user, certificate, etc). The status is Requested. I saw some documents, that I need to open firewall rules (22-SSH / 9390-OMP) from Master to Slave and I already did. My question is: I forget to create some rule? Or I need to run some procedure? Have a nice day. Alisson Lara Mit freundlichen Grüßen / Best regards, Alisson Infante Lara IT Compliance / IT Security __ GK Software SE Waldstr. 7 | 08261 Schöneck | Germany P +49 374 64 84-8154 | M +49 151 42491274 www.gk-software.com<http://www.gk-software.com/> Aufsichtsratsvorsitzender / Chairman of the Supervisory Board: Uwe Ludwig Vorstand / Management Board: Rainer Gläß (CEO), Andre Hergert Amtsgericht Chemnitz HRB 31501 / Commercial Register Chemnitz HRB 31501 Hinweis zum Datenschutz / Notes on privacy Der Inhalt dieser E-Mail sowie etwaiger Anlagen hierzu sind vertraulich und ausschließlich für den Gebrauch durch den Empfänger bestimmt. Soweit eine Weitergabe oder Verteilung nicht ausschließlich zu internen Zwecken des Empfängers geschieht, wird jede Weitergabe, Verteilung oder sonstige Kopierung untersagt. Diese E-Mail ist ausschließlich für den in der Adresse genannten Empfänger bestimmt. Sollten Sie nicht der beabsichtigte Empfänger der E-Mail sein, informieren Sie bitte unverzüglich den Absender. This message and including any attachments, may contain confidential and privileged information for the sole use of the intended recipient(s). Review, use, distribution or disclosure by others is prohibited. If you receive this message in error, please notify the sender by reply e-mail and delete the message from all computers. Please note that e-mails are susceptible to change. The sender will not accept liability for the improper or incomplete transmission of the information contained in this Message. ___ Openvas-discuss mailing list Openvas-discuss@wald.intevation.org https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss
Re: [Openvas-discuss] R: R: task stop with SIGSEGV error
If I suspect something is wrong with redis on my slaves, I just flush it; no need to rm and/or reinstall: redis-cli -s /var/run/redis/redis.sock flushall Thijs Stuurman Quality & Security | KPN Internedservices B.V. thijs.stuur...@internedservices.nl<mailto:thijs.stuur...@internedservices.nl> | thijs.stuur...@kpn.com<mailto:thijs.stuur...@kpn.com> T: +31(0)299476185 | M: +31(0)624366778 PGP Key-ID: 0x16ADC048 (https://pgp.surfnet.nl/) Fingerprint: 2EDB 9B42 D6E8 7D4B 6E02 8BE5 6D46 8007 16AD C048 W: https://www.internedservices.nl<https://www.internedservices.nl/> | L: https://nl.linkedin.com/in/thijsstuurman Van: Openvas-discuss Namens fiore...@tiscali.it Verzonden: woensdag 19 september 2018 12:33 Aan: 'Alessandro Fiorenzi' ; 'Madden, Joe' ; Openvas-discuss@wald.intevation.org Onderwerp: [Openvas-discuss] R: R: task stop with SIGSEGV error I have solved in this way: 1-stop redis server 2 rm -rf /var/lib/redis 3 reinstall redi-sever package 4 openvas-feed-upadate And restart to work… it seems Alessandro Da: Openvas-discuss mailto:openvas-discuss-boun...@wald.intevation.org>> Per conto di Alessandro Fiorenzi Inviato: martedì 18 settembre 2018 17.10 A: Madden, Joe mailto:joe.mad...@mottmac.com>>; Openvas-discuss@wald.intevation.org<mailto:Openvas-discuss@wald.intevation.org> Oggetto: [Openvas-discuss] R: task stop with SIGSEGV error Hi, I have try but it is still break ☹ Da: Madden, Joe mailto:joe.mad...@mottmac.com>> Inviato: martedì 18 settembre 2018 09.30 A: Alessandro Fiorenzi mailto:fiore...@outlook.com>>; Openvas-discuss@wald.intevation.org<mailto:Openvas-discuss@wald.intevation.org> Oggetto: RE: task stop with SIGSEGV error Hi Alessandro, We had the same issue after some updates the other week. I deleted the redis database for OpenVPN which is stored in /var/lib/redis/openvas-dump.rdb You’ll need to restart redis-server@openvas.service<mailto:redis-server@openvas.service> Then perform a openvas-feed-update Cheers From: Openvas-discuss mailto:openvas-discuss-boun...@wald.intevation.org>> On Behalf Of Alessandro Fiorenzi Sent: 17 September 2018 22:12 To: Openvas-discuss@wald.intevation.org<mailto:Openvas-discuss@wald.intevation.org> Subject: [Openvas-discuss] task stop with SIGSEGV error Hi, after I update my kali to last distroupdate I Openvas Stop Work. All daemons go up and seems ok but when I start a task of scanning… it stops with a SIGSEGV erro ras reported below: ==> openvasmd.log <== event task:MESSAGE:2018-09-17 21h08.29 UTC:3556: Status of task Immediate scan of IP 192.168.1.0/24 (fad05a3d-96cf-4f34-b7be-caa2fc8d39d4) has changed to Requested event task:MESSAGE:2018-09-17 21h08.29 UTC:3556: Task Immediate scan of IP 192.168.1.0/24 (fad05a3d-96cf-4f34-b7be-caa2fc8d39d4) has been requested to start by admin event task:MESSAGE:2018-09-17 21h08.38 UTC:3559: Status of task Immediate scan of IP 192.168.1.0/24 (fad05a3d-96cf-4f34-b7be-caa2fc8d39d4) has changed to Running ==> openvassd.messages <== SIGSEGV occured ! openvassd: Serving /var/run/openvassd.sock(sighand_segv+0x81)[0x5561aa773e11] /lib/x86_64-linux-gnu/libc.so.6(+0x35fc0)[0x7f4940ef2fc0] /lib/x86_64-linux-gnu/libc.so.6(+0x3a850)[0x7f4940ef7850] /usr/lib/x86_64-linux-gnu/libopenvas_base.so.9(nvticache_get_category+0x30)[0x7f494174f050] openvassd: Serving /var/run/openvassd.sock(plugins_scheduler_init+0x68)[0x5561aa772a28] openvassd: Serving /var/run/openvassd.sock(attack_network+0x239)[0x5561aa76d499] openvassd: Serving /var/run/openvassd.sock(+0xb4cc)[0x5561aa7704cc] openvassd: Serving /var/run/openvassd.sock(create_process+0xb7)[0x5561aa773be7] openvassd: Serving /var/run/openvassd.sock(+0xbf80)[0x5561aa770f80] openvassd: Serving /var/run/openvassd.sock(main+0x37f)[0x5561aa76c0cf] ==> openvasmd.log <== md main:WARNING:2018-09-17 21h08.42 UTC:3559: openvas_scanner_read: Failed to read from scanner: Connection reset by peer event task:MESSAGE:2018-09-17 21h08.42 UTC:3559: Status of task Immediate scan of IP 192.168.1.0/24 (fad05a3d-96cf-4f34-b7be-caa2fc8d39d4) has changed to Stopped I have try to uninstall and reinstall buti s the same Anyone have had the same problem? Thanks Alessandro ___ Openvas-discuss mailing list Openvas-discuss@wald.intevation.org https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss
Re: [Openvas-discuss] trouble running task
You need to load the CA certificate from the slave/remote scanner. This one, path example: /opt/openvas9-3/var/lib/openvas/CA/cacert.pem Just save it as a text file on your computer, load up gsad, go to Configuration > Scanners and edit the scanner. Right to CA Certificate you can click Browse, load it with that and you should be all set. Thijs Stuurman Quality & Security | KPN Internedservices B.V. thijs.stuur...@internedservices.nl<mailto:thijs.stuur...@internedservices.nl> | thijs.stuur...@kpn.com<mailto:thijs.stuur...@kpn.com> T: +31(0)299476185 | M: +31(0)624366778 PGP Key-ID: 0x16ADC048 (https://pgp.surfnet.nl/) Fingerprint: 2EDB 9B42 D6E8 7D4B 6E02 8BE5 6D46 8007 16AD C048 W: https://www.internedservices.nl<https://www.internedservices.nl/> | L: https://nl.linkedin.com/in/thijsstuurman Van: Openvas-discuss Namens Natxo Asenjo Verzonden: vrijdag 31 augustus 2018 23:35 Aan: openvas-discuss@wald.intevation.org Onderwerp: [Openvas-discuss] trouble running task hi, I have a openvasmd running version 7.0.2 , manager db revision 184, using postgresql. After successfully adding a remote scanner, I try running a task but I get this error (logs in the manager openvasmd.log): openvas_server-verify: the certificate is not trusted openvas_server_verify: the certificate hasn't got a known issuer I have tried this (http://www.openvas.org/src-doc/openvas-manager/index.html) : (in the manager) # openvasmd --modify-scanner --scanner-ca-pub /usr/local/var/lib/openvas/CA/cacert.pem Failed to find scanner I have verified the UUID multiple times, it's correct. When I run openvasmd --get-scanners, I get the UUID and I paste it to the --modify-scanner from that output. If I try verifying the scanner I get this error: openvas-manager-7.0.2/sr/manage_sql.c:46715: verify_scanner: Assertion `0' failed. How can I get this working? Thanks in advance! -- regards, natxo ___ Openvas-discuss mailing list Openvas-discuss@wald.intevation.org https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss
Re: [Openvas-discuss] PQexec failed: ERROR: operator does not exist: name = integer
Ok.. so that is the actual problem. Other queries also use "user" instead of user and the latest in the repo has it fixed: /openvas9-3/gvm-7.0.3/src/manage_sql.c init_iterator (, "SELECT max(severity)" " FROM report_counts" " WHERE report = %llu" " AND override = %d" " AND user = (SELECT id FROM users WHERE uuid = '%s')" " AND min_qod = %d" " AND (end_time = 0 or end_time >= m_now ());", report, overrides, current_credentials.uuid, min_qod); https://raw.githubusercontent.com/greenbone/gvm/master/src/manage_sql.c init_iterator (, "SELECT max(severity)" " FROM report_counts" " WHERE report = %llu" " AND override = %d" " AND \"user\" = (SELECT id FROM users WHERE uuid = '%s')" " AND min_qod = %d" " AND (end_time = 0 or end_time >= m_now ());", report, overrides, current_credentials.uuid, min_qod); So.. a few things are broken in the versions for download at http://www.openvas.org/install-source.html -_- Thijs Stuurman Quality & Security | KPN Internedservices B.V. thijs.stuur...@internedservices.nl<mailto:thijs.stuur...@internedservices.nl> | thijs.stuur...@kpn.com<mailto:thijs.stuur...@kpn.com> T: +31(0)299476185 | M: +31(0)624366778 PGP Key-ID: 0x16ADC048 (https://pgp.surfnet.nl/) Fingerprint: 2EDB 9B42 D6E8 7D4B 6E02 8BE5 6D46 8007 16AD C048 W: https://www.internedservices.nl<https://www.internedservices.nl/> | L: https://nl.linkedin.com/in/thijsstuurman Van: Openvas-discuss Namens Thijs Stuurman Verzonden: vrijdag 31 augustus 2018 13:10 Aan: openvas-discuss@wald.intevation.org Onderwerp: Re: [Openvas-discuss] PQexec failed: ERROR: operator does not exist: name = integer I haven't figured out what changed but I see what is wrong. The table still looks the same and the query didn't change in the source between the two versions: ./openvas9/openvas-manager-7.0.1/src/manage_sql.c init_iterator (, "SELECT max(severity)" " FROM report_counts" " WHERE report = %llu" " AND override = %d" " AND user = (SELECT id FROM users WHERE uuid = '%s')" " AND min_qod = %d" " AND (end_time = 0 or end_time >= m_now ());", report, overrides, current_credentials.uuid, min_qod); ./openvas9-3/gvm-7.0.3/src/manage_sql.c init_iterator (, "SELECT max(severity)" " FROM report_counts" " WHERE report = %llu" " AND override = %d" " AND user = (SELECT id FROM users WHERE uuid = '%s')" " AND min_qod = %d" " AND (end_time = 0 or end_time >= m_now ());", report, overrides, current_credentials.uuid, min_qod); Table is defined as: CREATE TABLE public.report_counts ( id integer NOT NULL, report integer, "user" integer, severity numeric, count integer, override integer, end_time integer, min_qod integer ); Seems to me, the column user doesn't exist because its "user" or user is now a reserved word since.. not sure: tasks=> SELECT max(severity) FROM report_counts WHERE report = 3913 AND override = 1 AND asdfuser = (SELECT id FROM users WHERE uuid = 'aa9e7cb5-3ad9-41fd-95d5-e15716067b20') AND min_qod = 70 AND (end_time = 0 or end_time >= m_now ()); ERROR: column "asdfuser" does not exist LINE 1: ...t_counts WHERE report = 3913 AND override = 1 AND asdfuser =... ^ tasks=> SELECT max(severity) FROM report_counts WHERE report = 3913 AND override = 1 AND user = (SELECT id FROM users WHERE uuid = 'aa9e7cb5-3ad9-41fd-95d5-e15716067b20') AND min_qod = 70 AND (end_time = 0 or end_time >= m_now ()); ERROR: operator does not exist: name = integer LINE 1: ...nts WHERE report = 3913 AND override = 1 AND user = (SELECT ... ^ HINT: No operator matches the given name and argument type(s). You might need to add explicit type casts. tasks=> SELECT max(severity) FROM report_counts WHERE report = 3913 AND override = 1 AND "user" = (SELECT id FROM users WHERE uuid = 'aa9e7cb5-3ad9-41fd-95d5-e15716067b20') AND min_qod = 70 AND (end_time = 0 or end_time >= m_now ()); max -- 10.0 (1 row) Now it's tempting to change the source and recompile but I rat
Re: [Openvas-discuss] PQexec failed: ERROR: operator does not exist: name = integer
I haven't figured out what changed but I see what is wrong. The table still looks the same and the query didn't change in the source between the two versions: ./openvas9/openvas-manager-7.0.1/src/manage_sql.c init_iterator (, "SELECT max(severity)" " FROM report_counts" " WHERE report = %llu" " AND override = %d" " AND user = (SELECT id FROM users WHERE uuid = '%s')" " AND min_qod = %d" " AND (end_time = 0 or end_time >= m_now ());", report, overrides, current_credentials.uuid, min_qod); ./openvas9-3/gvm-7.0.3/src/manage_sql.c init_iterator (, "SELECT max(severity)" " FROM report_counts" " WHERE report = %llu" " AND override = %d" " AND user = (SELECT id FROM users WHERE uuid = '%s')" " AND min_qod = %d" " AND (end_time = 0 or end_time >= m_now ());", report, overrides, current_credentials.uuid, min_qod); Table is defined as: CREATE TABLE public.report_counts ( id integer NOT NULL, report integer, "user" integer, severity numeric, count integer, override integer, end_time integer, min_qod integer ); Seems to me, the column user doesn't exist because its "user" or user is now a reserved word since.. not sure: tasks=> SELECT max(severity) FROM report_counts WHERE report = 3913 AND override = 1 AND asdfuser = (SELECT id FROM users WHERE uuid = 'aa9e7cb5-3ad9-41fd-95d5-e15716067b20') AND min_qod = 70 AND (end_time = 0 or end_time >= m_now ()); ERROR: column "asdfuser" does not exist LINE 1: ...t_counts WHERE report = 3913 AND override = 1 AND asdfuser =... ^ tasks=> SELECT max(severity) FROM report_counts WHERE report = 3913 AND override = 1 AND user = (SELECT id FROM users WHERE uuid = 'aa9e7cb5-3ad9-41fd-95d5-e15716067b20') AND min_qod = 70 AND (end_time = 0 or end_time >= m_now ()); ERROR: operator does not exist: name = integer LINE 1: ...nts WHERE report = 3913 AND override = 1 AND user = (SELECT ... ^ HINT: No operator matches the given name and argument type(s). You might need to add explicit type casts. tasks=> SELECT max(severity) FROM report_counts WHERE report = 3913 AND override = 1 AND "user" = (SELECT id FROM users WHERE uuid = 'aa9e7cb5-3ad9-41fd-95d5-e15716067b20') AND min_qod = 70 AND (end_time = 0 or end_time >= m_now ()); max -- 10.0 (1 row) Now it's tempting to change the source and recompile but I rather find out where and when this broke; why isn't anyone else running in to this? Thijs Stuurman Quality & Security | KPN Internedservices B.V. thijs.stuur...@internedservices.nl<mailto:thijs.stuur...@internedservices.nl> | thijs.stuur...@kpn.com<mailto:thijs.stuur...@kpn.com> T: +31(0)299476185 | M: +31(0)624366778 PGP Key-ID: 0x16ADC048 (https://pgp.surfnet.nl/) Fingerprint: 2EDB 9B42 D6E8 7D4B 6E02 8BE5 6D46 8007 16AD C048 W: https://www.internedservices.nl<https://www.internedservices.nl/> | L: https://nl.linkedin.com/in/thijsstuurman Van: Openvas-discuss Namens Thijs Stuurman Verzonden: vrijdag 31 augustus 2018 11:39 Aan: openvas-discuss@wald.intevation.org Onderwerp: [Openvas-discuss] PQexec failed: ERROR: operator does not exist: name = integer OpenVAS discuss, I had some performance issues so I decided to reinstall OpenVAS on all my nodes from: openvas-libraries-9.0.1.tar.gz openvas-manager-7.0.1.tar.gz openvas-scanner-5.1.1.tar.gz to: openvas-libraries-9.0.3.tar.gz openvas-manager-7.0.3.tar.gz v5.1.3.tar.gz (openvas-scanner tar.gz name is wrong but that's how it gets downloaded from the site). All good, setup everything again; using my existing database (tried openvasmd -migrate, does nothing). Slaves up and running, CA certs replaced etc'. Now, everything runs very well but when a scan ends there is an SQL error: """ event task:MESSAGE:2018-08-31 11h30.40 CEST:16331: Status of task domain_ka - officeclient (8fb8bc4a-aa53-480a-a4f2-0967864c313f) has changed to Done md manage:WARNING:2018-08-31 11h30.40 CEST:16331: sql_exec_internal: PQexec failed: ERROR: operator does not exist: name = integer LINE 1: ...nts WHERE report = 4469 AND override = 1 AND user = (SELECT ... ^ HINT: No operator matches the given name and argument type(s). You might need to add explicit type casts. (7) md manage:WARNING:2018-08-31 11h30.40 CEST:16331: sql_exec_internal: SQL: SELECT max(severity) FROM report_counts WHERE report = 4469
Re: [Openvas-discuss] PQexec failed: ERROR: operator does not exist: name = integer
Postgresql is not my thing. """ tasks=> SELECT max(severity) FROM report_counts WHERE report = 4469 AND override = 1 AND user = 'admin' AND min_qod = 70; max - (1 row) """ It works with user = '' using quotes. The query for the UUID gives back an integer: """ tasks=> SELECT id FROM users WHERE uuid = 'aa9e7cb5-3ad9-41fd-95d5-e15716067b20'; id 1 (1 row) """ Shouldn't everyone run in to this bug? """ tasks=> SELECT max(severity) FROM report_counts WHERE report = 4469 AND override = 1 AND user = 1 AND min_qod = 70; ERROR: operator does not exist: name = integer LINE 1: ...nts WHERE report = 4469 AND override = 1 AND user = 1 AND mi... ^ HINT: No operator matches the given name and argument type(s). You might need to add explicit type casts. tasks=> SELECT max(severity) FROM report_counts WHERE report = 4469 AND override = 1 AND user = '1' AND min_qod = 70; max - (1 row) """ Thijs Stuurman Quality & Security | KPN Internedservices B.V. thijs.stuur...@internedservices.nl<mailto:thijs.stuur...@internedservices.nl> | thijs.stuur...@kpn.com<mailto:thijs.stuur...@kpn.com> T: +31(0)299476185 | M: +31(0)624366778 PGP Key-ID: 0x16ADC048 (https://pgp.surfnet.nl/) Fingerprint: 2EDB 9B42 D6E8 7D4B 6E02 8BE5 6D46 8007 16AD C048 W: https://www.internedservices.nl<https://www.internedservices.nl/> | L: https://nl.linkedin.com/in/thijsstuurman Van: Openvas-discuss Namens Thijs Stuurman Verzonden: vrijdag 31 augustus 2018 11:39 Aan: openvas-discuss@wald.intevation.org Onderwerp: [Openvas-discuss] PQexec failed: ERROR: operator does not exist: name = integer OpenVAS discuss, I had some performance issues so I decided to reinstall OpenVAS on all my nodes from: openvas-libraries-9.0.1.tar.gz openvas-manager-7.0.1.tar.gz openvas-scanner-5.1.1.tar.gz to: openvas-libraries-9.0.3.tar.gz openvas-manager-7.0.3.tar.gz v5.1.3.tar.gz (openvas-scanner tar.gz name is wrong but that's how it gets downloaded from the site). All good, setup everything again; using my existing database (tried openvasmd -migrate, does nothing). Slaves up and running, CA certs replaced etc'. Now, everything runs very well but when a scan ends there is an SQL error: """ event task:MESSAGE:2018-08-31 11h30.40 CEST:16331: Status of task domain_ka - officeclient (8fb8bc4a-aa53-480a-a4f2-0967864c313f) has changed to Done md manage:WARNING:2018-08-31 11h30.40 CEST:16331: sql_exec_internal: PQexec failed: ERROR: operator does not exist: name = integer LINE 1: ...nts WHERE report = 4469 AND override = 1 AND user = (SELECT ... ^ HINT: No operator matches the given name and argument type(s). You might need to add explicit type casts. (7) md manage:WARNING:2018-08-31 11h30.40 CEST:16331: sql_exec_internal: SQL: SELECT max(severity) FROM report_counts WHERE report = 4469 AND override = 1 AND user = (SELECT id FROM users WHERE uuid = 'aa9e7cb5-3ad9-41fd-95d5-e15716067b20') AND min_qod = 70 AND (end_time = 0 or end_time >= m_now ()); md manage:WARNING:2018-08-31 11h30.40 CEST:16331: next: sql_exec_internal failed md manage:WARNING:2018-08-31 11h30.40 CEST:16331: manage_cleanup_process_error: Error exit, setting running task to Internal Error event task:MESSAGE:2018-08-31 11h30.40 CEST:16331: Status of task domain_ka - officeclient (8fb8bc4a-aa53-480a-a4f2-0967864c313f) has changed to Internal Error """ Looking at my database, "'aa9e7cb5-3ad9-41fd-95d5-e15716067b20'" is the UUID for the Admin user which I use to start the task: """ cat tasks.sql | grep aa9e7cb5-3ad9-41fd-95d5-e15716067b20 1 aa9e7cb5-3ad9-41fd-95d5-e15716067b20\N admin \N """ I don't think I have changed enough to suddenly cause this error so I am not sure where to even begin on this one. Everything runs fine, the job results are ok .. but it cannot go from 100% to status Done on a task because of this error. Anyone who has an idea or experienced this before? Thijs Stuurman Quality & Security | KPN Internedservices B.V. thijs.stuur...@internedservices.nl<mailto:thijs.stuur...@internedservices.nl> | thijs.stuur...@kpn.com<mailto:thijs.stuur...@kpn.com> T: +31(0)299476185 | M: +31(0)624366778 PGP Key-ID: 0x16ADC048 (https://pgp.surfnet.nl/) Fingerprint: 2EDB 9B42 D6E8 7D4B 6E02 8BE5 6D46 8007 16AD C048 W: https://www.internedservices.nl<https://www.internedservices.nl/> | L: https://nl.linkedin.com/in/thijsstuurman ___ Openvas-discuss mailing list Openvas-discuss@wald.intevation.org https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss
[Openvas-discuss] PQexec failed: ERROR: operator does not exist: name = integer
OpenVAS discuss, I had some performance issues so I decided to reinstall OpenVAS on all my nodes from: openvas-libraries-9.0.1.tar.gz openvas-manager-7.0.1.tar.gz openvas-scanner-5.1.1.tar.gz to: openvas-libraries-9.0.3.tar.gz openvas-manager-7.0.3.tar.gz v5.1.3.tar.gz (openvas-scanner tar.gz name is wrong but that's how it gets downloaded from the site). All good, setup everything again; using my existing database (tried openvasmd -migrate, does nothing). Slaves up and running, CA certs replaced etc'. Now, everything runs very well but when a scan ends there is an SQL error: """ event task:MESSAGE:2018-08-31 11h30.40 CEST:16331: Status of task domain_ka - officeclient (8fb8bc4a-aa53-480a-a4f2-0967864c313f) has changed to Done md manage:WARNING:2018-08-31 11h30.40 CEST:16331: sql_exec_internal: PQexec failed: ERROR: operator does not exist: name = integer LINE 1: ...nts WHERE report = 4469 AND override = 1 AND user = (SELECT ... ^ HINT: No operator matches the given name and argument type(s). You might need to add explicit type casts. (7) md manage:WARNING:2018-08-31 11h30.40 CEST:16331: sql_exec_internal: SQL: SELECT max(severity) FROM report_counts WHERE report = 4469 AND override = 1 AND user = (SELECT id FROM users WHERE uuid = 'aa9e7cb5-3ad9-41fd-95d5-e15716067b20') AND min_qod = 70 AND (end_time = 0 or end_time >= m_now ()); md manage:WARNING:2018-08-31 11h30.40 CEST:16331: next: sql_exec_internal failed md manage:WARNING:2018-08-31 11h30.40 CEST:16331: manage_cleanup_process_error: Error exit, setting running task to Internal Error event task:MESSAGE:2018-08-31 11h30.40 CEST:16331: Status of task domain_ka - officeclient (8fb8bc4a-aa53-480a-a4f2-0967864c313f) has changed to Internal Error """ Looking at my database, "'aa9e7cb5-3ad9-41fd-95d5-e15716067b20'" is the UUID for the Admin user which I use to start the task: """ cat tasks.sql | grep aa9e7cb5-3ad9-41fd-95d5-e15716067b20 1 aa9e7cb5-3ad9-41fd-95d5-e15716067b20\N admin \N """ I don't think I have changed enough to suddenly cause this error so I am not sure where to even begin on this one. Everything runs fine, the job results are ok .. but it cannot go from 100% to status Done on a task because of this error. Anyone who has an idea or experienced this before? Thijs Stuurman Quality & Security | KPN Internedservices B.V. thijs.stuur...@internedservices.nl<mailto:thijs.stuur...@internedservices.nl> | thijs.stuur...@kpn.com<mailto:thijs.stuur...@kpn.com> T: +31(0)299476185 | M: +31(0)624366778 PGP Key-ID: 0x16ADC048 (https://pgp.surfnet.nl/) Fingerprint: 2EDB 9B42 D6E8 7D4B 6E02 8BE5 6D46 8007 16AD C048 W: https://www.internedservices.nl<https://www.internedservices.nl/> | L: https://nl.linkedin.com/in/thijsstuurman ___ Openvas-discuss mailing list Openvas-discuss@wald.intevation.org https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss
Re: [Openvas-discuss] openvassd failed
Possibly the socket may not be created in /tmp, try in /etc/redis/redis.conf # Specify the path for the unix socket that will be used to listen for # incoming connections. There is no default, so Redis will not listen # on a unix socket when not specified. # #unixsocket /tmp/redis.sock unixsocket /var/run/redis/redis.sock unixsocketperm 755 root@scanner001:~# netstat -vnepl |grep redis unix 2 [ ACC ] STREAM LISTENING 161461043/redis-server 1 /var/run/redis/redis.sock root@scanner001:~# ln -s /var/run/redis/redis.sock /tmp/redis.sock root@scanner001:~# ls -l /tmp/redis.sock lrwxrwxrwx 1 root root 25 Aug 30 17:29 /tmp/redis.sock -> /var/run/redis/redis.sock Thijs Stuurman Quality & Security | KPN Internedservices B.V. thijs.stuur...@internedservices.nl<mailto:thijs.stuur...@internedservices.nl> | thijs.stuur...@kpn.com<mailto:thijs.stuur...@kpn.com> T: +31(0)299476185 | M: +31(0)624366778 PGP Key-ID: 0x16ADC048 (https://pgp.surfnet.nl/) Fingerprint: 2EDB 9B42 D6E8 7D4B 6E02 8BE5 6D46 8007 16AD C048 W: https://www.internedservices.nl<https://www.internedservices.nl/> | L: https://nl.linkedin.com/in/thijsstuurman Van: Openvas-discuss Namens Eero Volotinen Verzonden: vrijdag 31 augustus 2018 03:54 Aan: Aécio Meneses CC: openvas-discuss@wald.intevation.org Onderwerp: Re: [Openvas-discuss] openvassd failed you need to configure redis to listen that socket.. to 30. elok. 2018 klo 23.06 Aécio Meneses mailto:aeciomene...@gmail.com>> kirjoitti: Hi! I did installation of OpenVAS in the CentOS 7.5 follow the instructions of OpenVAS’s site. But, I dont get execute the New Task, because appers the following errors: * (Status Code 503) Failed to start task: Service temporarily down When I execute openvassd, appears: · (openvassd:2906): lib kb_redis-CRITICAL **: get_redis_ctx: redis connection error: Connection refused · (openvassd:2906): lib kb_redis-CRITICAL **: redis_new: cannot access redis at ‘/tmp/redis.sock’ · (openvassd:2906): lib kb_redis-CRITICAL **: get_redis_ctx: redis connection error: Connection refused I created the file and gived permission for Everyone, but isn’t suficient. Can you help me? Thanks, -- Aécio Meneses Alves Tel: 11-9.9203.8403 ___ Openvas-discuss mailing list Openvas-discuss@wald.intevation.org<mailto:Openvas-discuss@wald.intevation.org> https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss ___ Openvas-discuss mailing list Openvas-discuss@wald.intevation.org https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss
Re: [Openvas-discuss] OpenVAS 9 MigrateDB
Louis, Probably not, check the build parameters if possible. I cannot help you any further than that, I run my installation build from source. I have the –pg version of openvasmd running here: :/opt/openvas/sbin# ls -l total 7780 -rwxr-xr-x 1 root root 27363 Jun 22 2017 greenbone-certdata-sync -rwxr-xr-x 1 root root 21500 May 9 2017 greenbone-nvt-sync -rwxr-xr-x 1 root root 49073 May 9 2017 greenbone-scapdata-sync -rwxr-xr-x 1 root root 1521872 May 9 2017 gsad lrwxrwxrwx 1 root root 12 May 9 2017 openvasmd -> openvasmd-pg -rwxr-xr-x 1 root root 5894048 May 9 2017 openvasmd-pg -rwxr-xr-x 1 root root 67712 May 9 2017 openvas-migrate-to-postgres -rwxr-xr-x 1 root root 67701 May 10 2017 openvas-migrate-to-postgres_thijss -rwxr-xr-x 1 root root2567 May 9 2017 openvas-portnames-update -rwxr-xr-x 1 root root 302544 May 9 2017 openvassd Thijs Stuurman Quality & Security | KPN Internedservices B.V. thijs.stuur...@internedservices.nl<mailto:thijs.stuur...@internedservices.nl> | thijs.stuur...@kpn.com<mailto:thijs.stuur...@kpn.com> T: +31(0)299476185 | M: +31(0)624366778 PGP Key-ID: 0x16ADC048 (https://pgp.surfnet.nl/) Fingerprint: 2EDB 9B42 D6E8 7D4B 6E02 8BE5 6D46 8007 16AD C048 W: https://www.internedservices.nl<https://www.internedservices.nl/> | L: https://nl.linkedin.com/in/thijsstuurman Van: Openvas-discuss Namens Louis Bohm Verzonden: dinsdag 14 augustus 2018 12:28 Aan: openvas-discuss@wald.intevation.org Onderwerp: [Openvas-discuss] OpenVAS 9 MigrateDB Running OpenVAS 9 on Centos 7.5. I installed OpenVAS a while back via the RPMs. Now I would like to migrate the DB to Postgresql. Installed postgresql server and then ran openvas-migrate-to-postgres. When it ran it complained that the role ROOT did not exist so I created that role with superuser power. Ran it a second time this time it complained that the DB tasks did not exist so I created that. Third time it ran to finish with no errors. Now that it has run I still do not believe I am using the postgresql db. So I did some more googling and found that openvasmd can take the —database= option. So I passed it the path that postgresql reports when you run a ps on it. The openvasmd.log complains about sqlite not being found. So clearly that does not work. Either I am not doing it correctly or maybe the stock RPMs were not compiled to support postgresql??? After even more research I found this: https://fossies.org/linux/misc/openvas/openvas-manager-7.0.3.tar.gz/gvm-7.0.3/doc/postgres-HOWTO. Anyone have any clue? Louis ___ Openvas-discuss mailing list Openvas-discuss@wald.intevation.org https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss
Re: [Openvas-discuss] Admin user creation
You need to share the get_tasks permission .. per task. Make them all a member of a group and give the get_tasks permission to that group (you need to do this for each task) Thijs Stuurman Quality & Security | KPN Internedservices B.V. thijs.stuur...@internedservices.nl<mailto:thijs.stuur...@internedservices.nl> | thijs.stuur...@kpn.com<mailto:thijs.stuur...@kpn.com> T: +31(0)299476185 | M: +31(0)624366778 PGP Key-ID: 0x16ADC048 (https://pgp.surfnet.nl/) Fingerprint: 2EDB 9B42 D6E8 7D4B 6E02 8BE5 6D46 8007 16AD C048 W: https://www.internedservices.nl<https://www.internedservices.nl/> | L: https://nl.linkedin.com/in/thijsstuurman Van: Openvas-discuss Namens Sai Ravi Verzonden: dinsdag 17 juli 2018 10:23 Aan: openvas-discuss@wald.intevation.org Onderwerp: [Openvas-discuss] Admin user creation Hi All We are using OpenVAS 9 and trying to create multiple users with admin privileges. When we try to login,we were not able to see the scans scheduled by other users on the tool. Is there a way to have a common dashboard view across multiple users with admin privileges? Cheers Sai Sent from Yahoo Mail on Android<https://overview.mail.yahoo.com/mobile/?.src=Android> ___ Openvas-discuss mailing list Openvas-discuss@wald.intevation.org https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss
Re: [Openvas-discuss] Is too much power disruptive?
I don't think the SSD or RAM will do much, it's the concurrent threads that will help. Somehow my OpenVAS machines use quite a bit of CPU per NVT test which makes me limit my 4 core slaves to 2 tasks at once. Not all tasks are the same of course, when there is no web service running the amount of tests being executed is a lot less. (I always have the feeling my Nessus scanner performs the same tests way faster and with a lot less CPU stress) Thijs Stuurman Security Operations Center | KPN Internedservices B.V. thijs.stuur...@internedservices.nl | thijs.stuur...@kpn.com T: +31(0)299476185 | M: +31(0)624366778 PGP Key-ID: 0x16ADC048 (https://pgp.surfnet.nl/) Fingerprint: 2EDB 9B42 D6E8 7D4B 6E02 8BE5 6D46 8007 16AD C048 W: https://www.internedservices.nl | L: https://nl.linkedin.com/in/thijsstuurman -Oorspronkelijk bericht- Van: Openvas-discuss <openvas-discuss-boun...@wald.intevation.org> Namens Reindl Harald Verzonden: donderdag 26 april 2018 11:02 Aan: openvas-discuss@wald.intevation.org Onderwerp: Re: [Openvas-discuss] Is too much power disruptive? Am 25.04.2018 um 22:16 schrieb Peter Collins: > I'm currently scanning on a 4-core vm with 4gm ram, in Virtualbox on a > laptop, within OSSIM. Traffic average during a scan is about 4kB/s > (kiloBYTES). Network pipe is not the bottleneck. It can provide 20mb/s > (megaBITS) easily. If I get a 12-core/24-thread server with SSD and > 32G ram, will the scans go faster, all settings being the same? And, > will it hammer on the targets too hard and disrupt them? as both sides and a ton of params are involved it won't be magically faster unless you raise the number of concurrent NVT's and if a simple security scan will disrupt the target you have bigger problems at all "please no asshat questions about bytes and bits. I have indicated clearly" which is pretty idiotic when you just could wirte it correct from the start and "4gm ram" is nosense at all ___ Openvas-discuss mailing list Openvas-discuss@wald.intevation.org https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss ___ Openvas-discuss mailing list Openvas-discuss@wald.intevation.org https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss
Re: [Openvas-discuss] Tasks Autostart plugin for openvas ?
Yes. Just use GVM tools, that’s what it was made for. Again, check out https://github.com/Thij/openvas_scheduler which should help you get started quickly. Feel free to ask me for help or tips. Thijs Stuurman Security Operations Center | KPN Internedservices B.V. thijs.stuur...@internedservices.nl<mailto:thijs.stuur...@internedservices.nl> | thijs.stuur...@kpn.com<mailto:thijs.stuur...@kpn.com> T: +31(0)299476185 | M: +31(0)624366778 PGP Key-ID: 0x16ADC048 (https://pgp.surfnet.nl/) Fingerprint: 2EDB 9B42 D6E8 7D4B 6E02 8BE5 6D46 8007 16AD C048 W: https://www.internedservices.nl<https://www.internedservices.nl/> | L: https://nl.linkedin.com/in/thijsstuurman Van: Louis Bohm <lo...@systemgeek.net> Verzonden: woensdag 25 april 2018 14:41 Aan: Roger Davies <rog.dav...@gmail.com> CC: Thijs Stuurman <thijs.stuur...@internedservices.nl>; openvas-discuss@wald.intevation.org Onderwerp: Re: [Openvas-discuss] Tasks Autostart plugin for openvas ? Another way is to do it in a script. Dump out the list of tasks and their UUIDs. Create cron jobs to start the task. Use the Alert method to send an email or create a file when the task is complete. When the task is complete fire off another task… Louis : Louis Bohm - Sr. Systems Engineer Dell TechDirect Certified On Apr 25, 2018, at 8:23 AM, Roger Davies <rog.dav...@gmail.com<mailto:rog.dav...@gmail.com>> wrote: Hi It's not the nicest solution, but it does work. In the 'Alerts' setup, you can use the 'Start Task' method, which then gives you the option to select a task name, 'Start Task'. You have one task, task1, that operates on a schedule, This task1 has an alert which is setup to call another task, task2, when the original task1 is 'done'. Then in task2, you have an alert that calls task3 etc.etc. Obviously, you can have many alerts for tasks, so an email to say it's started and an email to say it's finished and an alert that copies a report somewhere, or whatever. It's not as nice as having them on a schedule, but if you comment the structure in your task names or something, it should explain itself. Roger On 25 April 2018 at 12:58, Thijs Stuurman <thijs.stuur...@internedservices.nl<mailto:thijs.stuur...@internedservices.nl>> wrote: Sounds like a horrible solution to me even if it works. Thijs Stuurman Security Operations Center | KPN Internedservices B.V. thijs.stuur...@internedservices.nl<mailto:thijs.stuur...@internedservices.nl> | thijs.stuur...@kpn.com<mailto:thijs.stuur...@kpn.com> T: +31(0)299476185 | M: +31(0)624366778 PGP Key-ID: 0x16ADC048 (https://pgp.surfnet.nl/) Fingerprint: 2EDB 9B42 D6E8 7D4B 6E02 8BE5 6D46 8007 16AD C048 W: https://www.internedservices.nl<https://www.internedservices.nl/> | L: https://nl.linkedin.com/in/thijsstuurman Van: tatooin <tato...@free.fr<mailto:tato...@free.fr>> Verzonden: woensdag 25 april 2018 13:55 Aan: Roger Davies <rog.dav...@gmail.com<mailto:rog.dav...@gmail.com>> CC: Thijs Stuurman <thijs.stuur...@internedservices.nl<mailto:thijs.stuur...@internedservices.nl>>; openvas-discuss@wald.intevation.org<mailto:openvas-discuss@wald.intevation.org> Onderwerp: Re: [Openvas-discuss] Tasks Autostart plugin for openvas ? Hi Roger, I don't get it. Adding an alert to the first task will only log when the task is done, it won't start the next task automatically. Or am I missing something here ? Thanks On Wed, 2018-04-25 at 11:30 +0100, Roger Davies wrote: Hi You can daisy-chain one task after another using the alerts bit. So, setup an alert which uses the 'Start Task' method on "Task run status changed (to Done)", then add that alert to the first task. Roger On 18 April 2018 at 08:27, tatooin <tato...@free.fr<mailto:tato...@free.fr>> wrote: Thanks Thijs, I will have a look at your script. Best, On Tue, 2018-04-17 at 12:14 +, Thijs Stuurman wrote: I use gvm-tools and a python script to schedule my jobs, perhaps this can serve as inspriration for your own solution: https://github.com/Thij/openvas_scheduler Thijs Stuurman Security Operations Center | KPN Internedservices B.V. thijs.stuur...@internedservices.nl<mailto:thijs.stuur...@internedservices.nl> | thijs.stuur...@kpn.com<mailto:thijs.stuur...@kpn.com> T: +31(0)299476185 | M: +31(0)624366778 PGP Key-ID: 0x16ADC048 (https://pgp.surfnet.nl/) Fingerprint: 2EDB 9B42 D6E8 7D4B 6E02 8BE5 6D46 8007 16AD C048 W: https://www.internedservices.nl<https://www.internedservices.nl/> | L: https://nl.linkedin.com/in/thijsstuurman Van: Openvas-discuss <openvas-discuss-boun...@wald.intevation.org<mailto:openvas-discuss-boun...@wald.intevation.org>> Namens tatooin Verzonden: dinsdag 17 april 2018 09:09 Aan: openvas-discuss@wald.intevation.org<mailto:openvas-discuss@wald.intevation.org> Onderw
Re: [Openvas-discuss] Tasks Autostart plugin for openvas ?
Running 9 here as well, I have: · Email · HTTP Get · SCP · Send to host · SNMP · Sourcefire Connector · Start Task · System Logger · Verinice.PRO Connector Thijs Stuurman Security Operations Center | KPN Internedservices B.V. thijs.stuur...@internedservices.nl<mailto:thijs.stuur...@internedservices.nl> | thijs.stuur...@kpn.com<mailto:thijs.stuur...@kpn.com> T: +31(0)299476185 | M: +31(0)624366778 PGP Key-ID: 0x16ADC048 (https://pgp.surfnet.nl/) Fingerprint: 2EDB 9B42 D6E8 7D4B 6E02 8BE5 6D46 8007 16AD C048 W: https://www.internedservices.nl<https://www.internedservices.nl/> | L: https://nl.linkedin.com/in/thijsstuurman Van: Roger Davies <rog.dav...@gmail.com> Verzonden: woensdag 25 april 2018 14:45 Aan: tatooin <tato...@free.fr> CC: Thijs Stuurman <thijs.stuur...@internedservices.nl>; openvas-discuss@wald.intevation.org Onderwerp: Re: [Openvas-discuss] Tasks Autostart plugin for openvas ? Hi Ah, OpenVAS 8, I don't think so, sorry. I'm on OpenVAS 9. You'll have to script it, or upgrade to 9. Roger On 25 April 2018 at 13:34, tatooin <tato...@free.fr<mailto:tato...@free.fr>> wrote: Hi Roger, Is this feature available in openvas 8 ? In my alerts setup, the only available methods I have are: - Email - System logger - HTTP Get - Sourcefire/Verinice connectors - Send to host / SCP / SNMP There is nowhere a "Start Task" option which would allow me to to start the next one. Is this a plugin or something not bundled by default in openvas 8 ? Thanks On Wed, 2018-04-25 at 13:23 +0100, Roger Davies wrote: Hi It's not the nicest solution, but it does work. In the 'Alerts' setup, you can use the 'Start Task' method, which then gives you the option to select a task name, 'Start Task'. You have one task, task1, that operates on a schedule, This task1 has an alert which is setup to call another task, task2, when the original task1 is 'done'. Then in task2, you have an alert that calls task3 etc.etc. Obviously, you can have many alerts for tasks, so an email to say it's started and an email to say it's finished and an alert that copies a report somewhere, or whatever. It's not as nice as having them on a schedule, but if you comment the structure in your task names or something, it should explain itself. Roger On 25 April 2018 at 12:58, Thijs Stuurman <thijs.stuur...@internedservices.nl<mailto:thijs.stuur...@internedservices.nl>> wrote: Sounds like a horrible solution to me even if it works. Thijs Stuurman Security Operations Center | KPN Internedservices B.V. thijs.stuur...@internedservices.nl<mailto:thijs.stuur...@internedservices.nl> | thijs.stuur...@kpn.com<mailto:thijs.stuur...@kpn.com> T: +31(0)299476185 | M: +31(0)624366778 PGP Key-ID: 0x16ADC048 (https://pgp.surfnet.nl/) Fingerprint: 2EDB 9B42 D6E8 7D4B 6E02 8BE5 6D46 8007 16AD C048 W: https://www.internedservices.nl<https://www.internedservices.nl/> | L: https://nl.linkedin.com/in/thijsstuurman Van: tatooin <tato...@free.fr<mailto:tato...@free.fr>> Verzonden: woensdag 25 april 2018 13:55 Aan: Roger Davies <rog.dav...@gmail.com<mailto:rog.dav...@gmail.com>> CC: Thijs Stuurman <thijs.stuur...@internedservices.nl<mailto:thijs.stuur...@internedservices.nl>>; openvas-discuss@wald.intevation.org<mailto:openvas-discuss@wald.intevation.org> Onderwerp: Re: [Openvas-discuss] Tasks Autostart plugin for openvas ? Hi Roger, I don't get it. Adding an alert to the first task will only log when the task is done, it won't start the next task automatically. Or am I missing something here ? Thanks On Wed, 2018-04-25 at 11:30 +0100, Roger Davies wrote: Hi You can daisy-chain one task after another using the alerts bit. So, setup an alert which uses the 'Start Task' method on "Task run status changed (to Done)", then add that alert to the first task. Roger On 18 April 2018 at 08:27, tatooin <tato...@free.fr<mailto:tato...@free.fr>> wrote: Thanks Thijs, I will have a look at your script. Best, On Tue, 2018-04-17 at 12:14 +, Thijs Stuurman wrote: I use gvm-tools and a python script to schedule my jobs, perhaps this can serve as inspriration for your own solution: https://github.com/Thij/openvas_scheduler Thijs Stuurman Security Operations Center | KPN Internedservices B.V. thijs.stuur...@internedservices.nl<mailto:thijs.stuur...@internedservices.nl> | thijs.stuur...@kpn.com<mailto:thijs.stuur...@kpn.com> T: +31(0)299476185 | M: +31(0)624366778 PGP Key-ID: 0x16ADC048 (https://pgp.surfnet.nl/) Fingerprint: 2EDB 9B42 D6E8 7D4B 6E02 8BE5 6D46 8007 16AD C048 W: https://www.internedservices.nl<https://www.internedservices.nl/> | L: https://nl.linkedin.com/in/thijsstuurman Van: Openvas-discuss <openvas-discuss-boun...@wald.intevation.org<mailto:openvas-discuss-boun...@wald.i
Re: [Openvas-discuss] Tasks Autostart plugin for openvas ?
Sounds like a horrible solution to me even if it works. Thijs Stuurman Security Operations Center | KPN Internedservices B.V. thijs.stuur...@internedservices.nl<mailto:thijs.stuur...@internedservices.nl> | thijs.stuur...@kpn.com<mailto:thijs.stuur...@kpn.com> T: +31(0)299476185 | M: +31(0)624366778 PGP Key-ID: 0x16ADC048 (https://pgp.surfnet.nl/) Fingerprint: 2EDB 9B42 D6E8 7D4B 6E02 8BE5 6D46 8007 16AD C048 W: https://www.internedservices.nl<https://www.internedservices.nl/> | L: https://nl.linkedin.com/in/thijsstuurman Van: tatooin <tato...@free.fr> Verzonden: woensdag 25 april 2018 13:55 Aan: Roger Davies <rog.dav...@gmail.com> CC: Thijs Stuurman <thijs.stuur...@internedservices.nl>; openvas-discuss@wald.intevation.org Onderwerp: Re: [Openvas-discuss] Tasks Autostart plugin for openvas ? Hi Roger, I don't get it. Adding an alert to the first task will only log when the task is done, it won't start the next task automatically. Or am I missing something here ? Thanks On Wed, 2018-04-25 at 11:30 +0100, Roger Davies wrote: Hi You can daisy-chain one task after another using the alerts bit. So, setup an alert which uses the 'Start Task' method on "Task run status changed (to Done)", then add that alert to the first task. Roger On 18 April 2018 at 08:27, tatooin <tato...@free.fr<mailto:tato...@free.fr>> wrote: Thanks Thijs, I will have a look at your script. Best, On Tue, 2018-04-17 at 12:14 +, Thijs Stuurman wrote: I use gvm-tools and a python script to schedule my jobs, perhaps this can serve as inspriration for your own solution: https://github.com/Thij/openvas_scheduler Thijs Stuurman Security Operations Center | KPN Internedservices B.V. thijs.stuur...@internedservices.nl<mailto:thijs.stuur...@internedservices.nl> | thijs.stuur...@kpn.com<mailto:thijs.stuur...@kpn.com> T: +31(0)299476185 | M: +31(0)624366778 PGP Key-ID: 0x16ADC048 (https://pgp.surfnet.nl/) Fingerprint: 2EDB 9B42 D6E8 7D4B 6E02 8BE5 6D46 8007 16AD C048 W: https://www.internedservices.nl<https://www.internedservices.nl/> | L: https://nl.linkedin.com/in/thijsstuurman Van: Openvas-discuss <openvas-discuss-boun...@wald.intevation.org<mailto:openvas-discuss-boun...@wald.intevation.org>> Namens tatooin Verzonden: dinsdag 17 april 2018 09:09 Aan: openvas-discuss@wald.intevation.org<mailto:openvas-discuss@wald.intevation.org> Onderwerp: [Openvas-discuss] Tasks Autostart plugin for openvas ? Hi, I was wondering if there was a plugin to automatically start tasks in order. I have ordered my tasks by groups, and on a regular basis I'm running all tasks on a given group. But this remain a manual step, as I have to login to the console and start tasks one after the other (or not more than 2 or 3 tasks simultaneously to avoid overwhelming the Openvas manager) so I was wondering if there was any plugins or something close to it to allow automatic starts of tasks once the first in list is finished ? The scheduling feature cannot do this unfortunately. Thanks ! ___ Openvas-discuss mailing list Openvas-discuss@wald.intevation.org<mailto:Openvas-discuss@wald.intevation.org> https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss ___ Openvas-discuss mailing list Openvas-discuss@wald.intevation.org https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss
Re: [Openvas-discuss] Questions on distributed Setup
I use the same model but cannot quickly answer the asked questions: > 1) Is it possible to run the Postgres on a different machine than > GVM+GSA? If yes: how? I was not able to find a definite place for > configuration :( So far I found a couple mentions of psql and sqlite > calls in source code and some wrapper scripts. Depending on the > current stance about this topic in the community, we are willing to > share our solution with you all. If you are interested ;-) Should be but I don't see where the option is or should go; search for conf options. I run the postgresql on the Master itself, gvm+gsa doesn't do much so basically it's your DB server. Why bother splitting them up? (if you want to for zoning purposes, put an Apache reverse proxy in front of it in your DMZ) > 2) As far as I understand, openvas-scanner needs a redis-service and access > to (a local) NVT database. Does it also require connection to SCAP and CERT > data or (probably in our case) the central Postgres? I don't think it generally uses the scap and cert data, I often have had sync issues with those. Basically your slave scanner is the same as your master but will run just fine with sqlite instead of postgresql. Other than that they are the same with their owen NVT database.. just not running GSA as you don't need a web interface on there. When the master gives them a task they will run it completely themselves and constantly feed back the results. The master will end up with all the scan results and history; the slave will probably be empty afterwards. You can trash the slave or give the task to another slave without worries. You want postgresql on your master for the amount of data it will have, speed.. and I believe its now preferred over sqlite? Also it can process more requests, one SELECT per CPU core.. which helps a lot. (still I find it very slow, the SELECTs take a long time for me) > 3) I found a couple tutorials online, how to set up openvas9 with postgres. > Sadly those all mention the "migrate-to-postgres" script, which (afaik) > require a running setup with SQLite. Is it also possible to setup openvas9 > using postgres without having to build the sqlite version beforehand? Any > vage hints? I had to migrate but I suppose if you setup a new clean installation with postgresql, it will setup the initial database in there just like it would do in sqlite? Just give it a try. Thijs Stuurman Security Operations Center | KPN Internedservices B.V. thijs.stuur...@internedservices.nl | thijs.stuur...@kpn.com T: +31(0)299476185 | M: +31(0)624366778 PGP Key-ID: 0x16ADC048 (https://pgp.surfnet.nl/) Fingerprint: 2EDB 9B42 D6E8 7D4B 6E02 8BE5 6D46 8007 16AD C048 W: https://www.internedservices.nl | L: https://nl.linkedin.com/in/thijsstuurman -Oorspronkelijk bericht- Van: Openvas-discuss <openvas-discuss-boun...@wald.intevation.org> Namens Louis Bohm Verzonden: dinsdag 24 april 2018 15:27 Aan: Frieder Schlesier <fschles...@gk-software.com> CC: openvas-discuss@wald.intevation.org Onderwerp: Re: [Openvas-discuss] Questions on distributed Setup I can tell you that I do use the Master/Slave setup and there is at least one other person on this list who uses the same model. Its pretty simple. The slaves just perform the actual scanning of the host and their disk usage is constant. I have one the slaves in AWS and one in the new IBM cloud (my company has instances in both clouds right now). Both slaves are using 20GB of disk. The number of CPUs and RAM is totally dependent on how many hosts you want to scan at a time. The master I have is running on VMWare. This is where it uses the DB. Right now I am using the sqlite DB but I am thinking of going to Postgresql for better performance. Generally I can run about 5-10 scans (using a subset of the full and deep profile). I will say that even if you are using a slave the master is being hit. The slave is the host reaching out to the end point doing the scanning. However, the slave scanner is CONSTANTLY updating the master with results. And from what I can get from the logs the Master is updating the slave with new marching orders. If you are going to go over to postgresql do not bother doing the slaves. Only worry about the master. The same is true with Reds. Only worry about the Master. The slaves can be swapped in and out very quickly with little effort. I even started writing a build script that I was thinking of pumping in to AWS cloud formation so it could build a new slave on demand. However, it just takes too long to download the NVTs. So I have a script to stop and start the AWS slave as needed. As far as building OpenVAS with Postgresql from scratch I am sure there are directions some where. But to be honest its so simple to install fully functional base system its not even funny. Then chaining over to postgresql is simple. Why
Re: [Openvas-discuss] Tasks Autostart plugin for openvas ?
I use gvm-tools and a python script to schedule my jobs, perhaps this can serve as inspriration for your own solution: https://github.com/Thij/openvas_scheduler Thijs Stuurman Security Operations Center | KPN Internedservices B.V. thijs.stuur...@internedservices.nl<mailto:thijs.stuur...@internedservices.nl> | thijs.stuur...@kpn.com<mailto:thijs.stuur...@kpn.com> T: +31(0)299476185 | M: +31(0)624366778 PGP Key-ID: 0x16ADC048 (https://pgp.surfnet.nl/) Fingerprint: 2EDB 9B42 D6E8 7D4B 6E02 8BE5 6D46 8007 16AD C048 W: https://www.internedservices.nl<https://www.internedservices.nl/> | L: https://nl.linkedin.com/in/thijsstuurman Van: Openvas-discuss <openvas-discuss-boun...@wald.intevation.org> Namens tatooin Verzonden: dinsdag 17 april 2018 09:09 Aan: openvas-discuss@wald.intevation.org Onderwerp: [Openvas-discuss] Tasks Autostart plugin for openvas ? Hi, I was wondering if there was a plugin to automatically start tasks in order. I have ordered my tasks by groups, and on a regular basis I'm running all tasks on a given group. But this remain a manual step, as I have to login to the console and start tasks one after the other (or not more than 2 or 3 tasks simultaneously to avoid overwhelming the Openvas manager) so I was wondering if there was any plugins or something close to it to allow automatic starts of tasks once the first in list is finished ? The scheduling feature cannot do this unfortunately. Thanks ! ___ Openvas-discuss mailing list Openvas-discuss@wald.intevation.org https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss
Re: [Openvas-discuss] OMP Execution Problem
I start (and stop) OpenVAS using a custom script. /opt/openvas9/sbin/openvasmd -p 9390 -a 127.0.0.1 /opt/openvas9/sbin/gsad -p 443 --listen=0.0.0.0 --mlisten=127.0.0.1 --mport=9390 --ssl-private-key=/etc/apache2/ssl/priv.key --ssl-certificate=/etc/apache2/ssl/pub.crt --http-sts --gnutls-priorities="NORMAL:-VERS-TLS-ALL:+VERS-TLS1.2:-CIPHER-ALL:+AES-256-CBC" You need to tell gsad how to connect to openvasmd (mport options). Thijs Stuurman Security Operations Center | KPN Internedservices B.V. thijs.stuur...@internedservices.nl<mailto:thijs.stuur...@internedservices.nl> | thijs.stuur...@kpn.com<mailto:thijs.stuur...@kpn.com> T: +31(0)299476185 | M: +31(0)624366778 PGP Key-ID: 0x16ADC048 (https://pgp.surfnet.nl/) Fingerprint: 2EDB 9B42 D6E8 7D4B 6E02 8BE5 6D46 8007 16AD C048 W: https://www.internedservices.nl<https://www.internedservices.nl/> | L: https://nl.linkedin.com/in/thijsstuurman Van: Openvas-discuss [mailto:openvas-discuss-boun...@wald.intevation.org] Namens Louis Bohm Verzonden: dinsdag 6 maart 2018 13:08 Aan: Shreyas M R <shreyas7...@gmail.com> CC: Abdallah El.Damiry <ahd...@icloud.com>; openvas-discuss@wald.intevation.org Onderwerp: Re: [Openvas-discuss] OMP Execution Problem It does not seem to be listed in many places on the internet. At least not when I googled it a long time ago. Whats odd is every one seems to run into the issue. As root run this but you can change the port number to your suiting: /usr/sbin/openvasmd -a 0.0.0.0 -p 9393 If you only want to allow OMP to be hit from the local host change the IP from 0.0.0.0 to 127.0.0.1. You will need to re-run this every time you restart openvas-manager. I have seen and tried adding this to /etc/sysconfig/openvas-manager in the form of: OPTIONS=“—listen 0.0.0.0 —port 9393” My only problem with adding this to the sysconfig server file is when I do this I can no longer login to GSAD for some reason. But so far I have only done this on my slave scanner so its no big deal for me. When I run it from the CLI all works fine. Louis : Louis Bohm - Sr. Systems Engineer Dell TechDirect Certified On Mar 6, 2018, at 5:34 AM, Shreyas M R <shreyas7...@gmail.com<mailto:shreyas7...@gmail.com>> wrote: Hi, Are omp requires the host parameter to connect openvas. for port parameter -p . Usually its 9390 Try my github link https://github.com/shreyasmrs/OpenVAS I have tabulated steps to use omp Thanks Shreyas [Afbeelding verwijderd door afzender.]<https://about.me/shreyasmrs?promo=email_sig_source=product_medium=email_sig_campaign=gmail_api> Shreyas M R about.me/shreyasmrs <https://about.me/shreyasmrs?promo=email_sig_source=product_medium=email_sig_campaign=gmail_api> On Tue, Mar 6, 2018 at 2:13 PM, Abdallah El.Damiry <ahd...@icloud.com<mailto:ahd...@icloud.com>> wrote: Dears , I have a problem with OMP command when I'm using it in more than a case and it's not working. - Case 1 : # omp -u admin -w pass -g Output : failed to acquire socket - Case 2 : (redis port 6379) # omp -u admin -w pass -h 127.0.0.1 -p 6379 --xml='' -v Output : will try to connect to host 127.0.0.1, port 6379... and no thing else Finally when I execute openvas-check-setup , the script finishes with: it seems like your openvas-9 installation is ok. Is there is any solution to this issue ? Thanks in advance. Yours AHD ___ Openvas-discuss mailing list Openvas-discuss@wald.intevation.org<mailto:Openvas-discuss@wald.intevation.org> https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss ___ Openvas-discuss mailing list Openvas-discuss@wald.intevation.org<mailto:Openvas-discuss@wald.intevation.org> https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss ___ Openvas-discuss mailing list Openvas-discuss@wald.intevation.org https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss
Re: [Openvas-discuss] OMP Execution Problem
Works fine here and it connects to the openvasmd process, not redis. “”” root@ivss:~# omp -v -u admin -w XXX --xml='' WARNING: Verbose mode may reveal passwords! Will try to connect to host 127.0.0.1, port 9390... Sending to manager: Got response: AUTHENTICATE Authenticate with the manager. COMMANDS Run a list of commands. … “”” Thijs Stuurman Security Operations Center | KPN Internedservices B.V. thijs.stuur...@internedservices.nl<mailto:thijs.stuur...@internedservices.nl> | thijs.stuur...@kpn.com<mailto:thijs.stuur...@kpn.com> T: +31(0)299476185 | M: +31(0)624366778 PGP Key-ID: 0x16ADC048 (https://pgp.surfnet.nl/) Fingerprint: 2EDB 9B42 D6E8 7D4B 6E02 8BE5 6D46 8007 16AD C048 W: https://www.internedservices.nl<https://www.internedservices.nl/> | L: https://nl.linkedin.com/in/thijsstuurman Van: Openvas-discuss [mailto:openvas-discuss-boun...@wald.intevation.org] Namens Abdallah El.Damiry Verzonden: dinsdag 6 maart 2018 09:43 Aan: openvas-discuss@wald.intevation.org Onderwerp: [Openvas-discuss] OMP Execution Problem Dears , I have a problem with OMP command when I'm using it in more than a case and it's not working. - Case 1 : # omp -u admin -w pass -g Output : failed to acquire socket - Case 2 : (redis port 6379) # omp -u admin -w pass -h 127.0.0.1 -p 6379 --xml='' -v Output : will try to connect to host 127.0.0.1, port 6379... and no thing else Finally when I execute openvas-check-setup , the script finishes with: it seems like your openvas-9 installation is ok. Is there is any solution to this issue ? Thanks in advance. Yours AHD ___ Openvas-discuss mailing list Openvas-discuss@wald.intevation.org https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss
Re: [Openvas-discuss] Scanner Master Slave setup
By the way, I do notice your initial mail contains logs with:
lib serv: DEBUG:2018-02-22 17h59.10 UTC:22888:Connected to server
‘op4us1opsscan01.domain.net<http://op4us1opsscan01.domain.net/>' port 9393.
My master connects to the slaves using OMP (Type: OMP Slave) on port 9390 on
which gvmd is listening.
I do not see any option in the slave configuration to set secure of insecure…
Thijs Stuurman
Security Operations Center | KPN Internedservices B.V.
thijs.stuur...@internedservices.nl<mailto:thijs.stuur...@internedservices.nl> |
thijs.stuur...@kpn.com<mailto:thijs.stuur...@kpn.com>
T: +31(0)299476185 | M: +31(0)624366778
PGP Key-ID: 0x16ADC048 (https://pgp.surfnet.nl/)
Fingerprint: 2EDB 9B42 D6E8 7D4B 6E02 8BE5 6D46 8007 16AD C048
W: https://www.internedservices.nl<https://www.internedservices.nl/> | L:
https://nl.linkedin.com/in/thijsstuurman
Van: Louis Bohm [mailto:lo...@systemgeek.net]
Verzonden: vrijdag 23 februari 2018 16:05
Aan: Thijs Stuurman <thijs.stuur...@internedservices.nl>
CC: openvas-discuss@wald.intevation.org
Onderwerp: Re: [Openvas-discuss] Scanner Master Slave setup
I got it working but not sure why. So if I use a username/password and set the
credential to allow insecure=yes the client comes back with a 200 response but
does nothing. If I change the credential to allow insecure=no the client comes
back with:
md main: DEBUG:2018-02-23 15h01.16 UTC:25782: -> client:
but then the scan starts…
Very odd.
I will have to try the same thing but with the servercert.pem and see if that
works.
Louis
:
Louis Bohm - Sr. Systems Engineer
Dell TechDirect Certified
On Feb 23, 2018, at 9:59 AM, Louis Bohm
<lo...@systemgeek.net<mailto:lo...@systemgeek.net>> wrote:
That yelled me this on the client but still the scan has not progressed from
Requested.
Client:
lib serv: DEBUG:2018-02-23 14h37.52 utc:25578:Shook hands with peer.
md main: DEBUG:2018-02-23 14h37.52 utc:25578:Serving OMP.
md main: DEBUG:2018-02-23 14h37.52 utc:25578: <= client Input may contain
password, suppressed.
mdomp: DEBUG:2018-02-23 14h37.52 utc:25578:XML start: authenticate (0)
mdomp: DEBUG:2018-02-23 14h37.52 utc:25578:client state set: 2
mdomp: DEBUG:2018-02-23 14h37.52 utc:25578:XML start: credentials (2)
mdomp: DEBUG:2018-02-23 14h37.52 utc:25578:client state set: 3
mdomp: DEBUG:2018-02-23 14h37.52 utc:25578:XML start: username (3)
mdomp: DEBUG:2018-02-23 14h37.52 utc:25578:client state set: 5
mdomp: DEBUG:2018-02-23 14h37.52 utc:25578:XML text: admin
mdomp: DEBUG:2018-02-23 14h37.52 utc:25578:XMLend: username
mdomp: DEBUG:2018-02-23 14h37.52 utc:25578:client state set: 3
mdomp: DEBUG:2018-02-23 14h37.52 utc:25578:XML start: password (3)
mdomp: DEBUG:2018-02-23 14h37.52 utc:25578:client state set: 4
mdomp: DEBUG:2018-02-23 14h37.52 utc:25578:XML text:
mdomp: DEBUG:2018-02-23 14h37.52 utc:25578:XMLend: password
mdomp: DEBUG:2018-02-23 14h37.52 utc:25578:client state set: 3
mdomp: DEBUG:2018-02-23 14h37.52 utc:25578:XMLend: credentials
mdomp: DEBUG:2018-02-23 14h37.52 utc:25578:client state set: 2
mdomp: DEBUG:2018-02-23 14h37.52 utc:25578:XMLend: authenticate
md main: DEBUG:2018-02-23 14h37.52 UTC:25578: -> client:
AdminUTCnist
mdomp: DEBUG:2018-02-23 14h37.52 UTC:25578:client state set: 1
md main: DEBUG:2018-02-23 14h37.52 UTC:25578: => client 144 bytes
md main: DEBUG:2018-02-23 14h37.52 UTC:25578: => client done
I know the username and password are correct. And the slave even sent a 200
response to the master so why is it not working So frustrating.
Louis
:
Louis Bohm - Sr. Systems Engineer
Dell TechDirect Certified
On Feb 23, 2018, at 7:42 AM, Thijs Stuurman
<thijs.stuur...@internedservices.nl<mailto:thijs.stuur...@internedservices.nl>>
wrote:
Try the /var/lib/openvas/CA/cacert.pem from your slave.
Thijs Stuurman
Security Operations Center | KPN Internedservices B.V.
thijs.stuur...@internedservices.nl<mailto:thijs.stuur...@internedservices.nl> |
thijs.stuur...@kpn.com<mailto:thijs.stuur...@kpn.com>
T: +31(0)299476185 | M: +31(0)624366778
PGP Key-ID: 0x16ADC048 (https://pgp.surfnet.nl/)
Fingerprint: 2EDB 9B42 D6E8 7D4B 6E02 8BE5 6D46 8007 16AD C048
W: https://www.internedservices.nl<https://www.internedservices.nl/> | L:
https://nl.linkedin.com/in/thijsstuurman
Van: Louis Bohm [mailto:lo...@systemgeek.net]
Verzonden: vrijdag 23 februari 2018 13:18
Aan: Thijs Stuurman
<thijs.stuur...@internedservices.nl<mailto:thijs.stuur...@internedservices.nl>>
CC:
openvas-discuss@wald.intevation.org<mailto:openvas-discuss@wald.intevation.org>
Onderwerp: Re: [Openvas-discuss] Scanner Master Slave setup
According to the doc it says to use
Re: [Openvas-discuss] Scanner Master Slave setup
Somewhere in my old notes I see port 9393 was used by openvasad, perhaps part of OpenVAS 8? I don’t have it anymore. Thijs Stuurman Security Operations Center | KPN Internedservices B.V. thijs.stuur...@internedservices.nl<mailto:thijs.stuur...@internedservices.nl> | thijs.stuur...@kpn.com<mailto:thijs.stuur...@kpn.com> T: +31(0)299476185 | M: +31(0)624366778 PGP Key-ID: 0x16ADC048 (https://pgp.surfnet.nl/) Fingerprint: 2EDB 9B42 D6E8 7D4B 6E02 8BE5 6D46 8007 16AD C048 W: https://www.internedservices.nl<https://www.internedservices.nl/> | L: https://nl.linkedin.com/in/thijsstuurman Van: Openvas-discuss [mailto:openvas-discuss-boun...@wald.intevation.org] Namens Thijs Stuurman Verzonden: vrijdag 23 februari 2018 16:58 Aan: Louis Bohm <lo...@systemgeek.net> CC: openvas-discuss@wald.intevation.org Onderwerp: Re: [Openvas-discuss] Scanner Master Slave setup gvmd is the new name of openvasmd (OpenVAS 9 trunk.. not in the latest on the website). I do use an entire stack on my slaves, just without gsad. > The url says to add a listen=0.0.0.0 port=9393 for openvasmd on the slave. It does not? https://blog.haardiek.org/setup-openvas-as-master-and-slave.html uses 9390 coupled to openvasmd (gvmd in my case, same thing). I have checked my saved credentials for the slaves and “Allow insecure use” is set to No On my slaves I have created one account: gvmd --create-user=slave --role=Admin && gvmd --user=slave --new-password= (or substitute gvmd with openvasmd) That’s the account I added to my master to use though OMP Slave using port 9390. My slaves start openvasmd (gmvd) as: gvmd --rebuild gvmd -p 9390 -a 0.0.0.0 I guess 9393 will work as well but I don’t know where you got that from. Thijs Stuurman Security Operations Center | KPN Internedservices B.V. thijs.stuur...@internedservices.nl<mailto:thijs.stuur...@internedservices.nl> | thijs.stuur...@kpn.com<mailto:thijs.stuur...@kpn.com> T: +31(0)299476185 | M: +31(0)624366778 PGP Key-ID: 0x16ADC048 (https://pgp.surfnet.nl/) Fingerprint: 2EDB 9B42 D6E8 7D4B 6E02 8BE5 6D46 8007 16AD C048 W: https://www.internedservices.nl<https://www.internedservices.nl/> | L: https://nl.linkedin.com/in/thijsstuurman Van: Louis Bohm [mailto:lo...@systemgeek.net] Verzonden: vrijdag 23 februari 2018 16:42 Aan: Thijs Stuurman <thijs.stuur...@internedservices.nl<mailto:thijs.stuur...@internedservices.nl>> CC: openvas-discuss@wald.intevation.org<mailto:openvas-discuss@wald.intevation.org> Onderwerp: Re: [Openvas-discuss] Scanner Master Slave setup The url says to add a listen=0.0.0.0 port=9393 for openvasmd on the slave. The master will then use just the scanner on the slave not the entire OpenVAS stack of the slave (even though you need to install all of it). The Allow Insecure option is on the username/password credential created and assigned to the scanner config on the master. They slave is only setup with the admin account. No other users and/or roles need to be setup there. Louis : Louis Bohm - Sr. Systems Engineer Dell TechDirect Certified ___ Openvas-discuss mailing list Openvas-discuss@wald.intevation.org https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss
Re: [Openvas-discuss] Scanner Master Slave setup
gvmd is the new name of openvasmd (OpenVAS 9 trunk.. not in the latest on the website). I do use an entire stack on my slaves, just without gsad. > The url says to add a listen=0.0.0.0 port=9393 for openvasmd on the slave. It does not? https://blog.haardiek.org/setup-openvas-as-master-and-slave.html uses 9390 coupled to openvasmd (gvmd in my case, same thing). I have checked my saved credentials for the slaves and “Allow insecure use” is set to No On my slaves I have created one account: gvmd --create-user=slave --role=Admin && gvmd --user=slave --new-password= (or substitute gvmd with openvasmd) That’s the account I added to my master to use though OMP Slave using port 9390. My slaves start openvasmd (gmvd) as: gvmd --rebuild gvmd -p 9390 -a 0.0.0.0 I guess 9393 will work as well but I don’t know where you got that from. Thijs Stuurman Security Operations Center | KPN Internedservices B.V. thijs.stuur...@internedservices.nl<mailto:thijs.stuur...@internedservices.nl> | thijs.stuur...@kpn.com<mailto:thijs.stuur...@kpn.com> T: +31(0)299476185 | M: +31(0)624366778 PGP Key-ID: 0x16ADC048 (https://pgp.surfnet.nl/) Fingerprint: 2EDB 9B42 D6E8 7D4B 6E02 8BE5 6D46 8007 16AD C048 W: https://www.internedservices.nl<https://www.internedservices.nl/> | L: https://nl.linkedin.com/in/thijsstuurman Van: Louis Bohm [mailto:lo...@systemgeek.net] Verzonden: vrijdag 23 februari 2018 16:42 Aan: Thijs Stuurman <thijs.stuur...@internedservices.nl> CC: openvas-discuss@wald.intevation.org Onderwerp: Re: [Openvas-discuss] Scanner Master Slave setup The url says to add a listen=0.0.0.0 port=9393 for openvasmd on the slave. The master will then use just the scanner on the slave not the entire OpenVAS stack of the slave (even though you need to install all of it). The Allow Insecure option is on the username/password credential created and assigned to the scanner config on the master. They slave is only setup with the admin account. No other users and/or roles need to be setup there. Louis : Louis Bohm - Sr. Systems Engineer Dell TechDirect Certified ___ Openvas-discuss mailing list Openvas-discuss@wald.intevation.org https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss
Re: [Openvas-discuss] Scanner Master Slave setup
I never had an issue with it. Sometimes the initial Requested state takes a
minute orso.
Often it seems to take a couple before an actual nmap starts and the jobs goes
to 1% and later beyond.
I cannot help you any further at this point; perhaps I can check something for
you on my setup? Let me know.
I have 1 master and 4 slaves running…
Thijs Stuurman
Security Operations Center | KPN Internedservices B.V.
thijs.stuur...@internedservices.nl<mailto:thijs.stuur...@internedservices.nl> |
thijs.stuur...@kpn.com<mailto:thijs.stuur...@kpn.com>
T: +31(0)299476185 | M: +31(0)624366778
PGP Key-ID: 0x16ADC048 (https://pgp.surfnet.nl/)
Fingerprint: 2EDB 9B42 D6E8 7D4B 6E02 8BE5 6D46 8007 16AD C048
W: https://www.internedservices.nl<https://www.internedservices.nl/> | L:
https://nl.linkedin.com/in/thijsstuurman
Van: Louis Bohm [mailto:lo...@systemgeek.net]
Verzonden: vrijdag 23 februari 2018 16:00
Aan: Thijs Stuurman <thijs.stuur...@internedservices.nl>
CC: openvas-discuss@wald.intevation.org
Onderwerp: Re: [Openvas-discuss] Scanner Master Slave setup
That yelled me this on the client but still the scan has not progressed from
Requested.
Client:
lib serv: DEBUG:2018-02-23 14h37.52 utc:25578:Shook hands with peer.
md main: DEBUG:2018-02-23 14h37.52 utc:25578:Serving OMP.
md main: DEBUG:2018-02-23 14h37.52 utc:25578: <= client Input may contain
password, suppressed.
mdomp: DEBUG:2018-02-23 14h37.52 utc:25578:XML start: authenticate (0)
mdomp: DEBUG:2018-02-23 14h37.52 utc:25578:client state set: 2
mdomp: DEBUG:2018-02-23 14h37.52 utc:25578:XML start: credentials (2)
mdomp: DEBUG:2018-02-23 14h37.52 utc:25578:client state set: 3
mdomp: DEBUG:2018-02-23 14h37.52 utc:25578:XML start: username (3)
mdomp: DEBUG:2018-02-23 14h37.52 utc:25578:client state set: 5
mdomp: DEBUG:2018-02-23 14h37.52 utc:25578:XML text: admin
mdomp: DEBUG:2018-02-23 14h37.52 utc:25578:XMLend: username
mdomp: DEBUG:2018-02-23 14h37.52 utc:25578:client state set: 3
mdomp: DEBUG:2018-02-23 14h37.52 utc:25578:XML start: password (3)
mdomp: DEBUG:2018-02-23 14h37.52 utc:25578:client state set: 4
mdomp: DEBUG:2018-02-23 14h37.52 utc:25578:XML text:
mdomp: DEBUG:2018-02-23 14h37.52 utc:25578:XMLend: password
mdomp: DEBUG:2018-02-23 14h37.52 utc:25578:client state set: 3
mdomp: DEBUG:2018-02-23 14h37.52 utc:25578:XMLend: credentials
mdomp: DEBUG:2018-02-23 14h37.52 utc:25578:client state set: 2
mdomp: DEBUG:2018-02-23 14h37.52 utc:25578:XMLend: authenticate
md main: DEBUG:2018-02-23 14h37.52 UTC:25578: -> client:
AdminUTCnist
mdomp: DEBUG:2018-02-23 14h37.52 UTC:25578:client state set: 1
md main: DEBUG:2018-02-23 14h37.52 UTC:25578: => client 144 bytes
md main: DEBUG:2018-02-23 14h37.52 UTC:25578: => client done
I know the username and password are correct. And the slave even sent a 200
response to the master so why is it not working So frustrating.
Louis
:
Louis Bohm - Sr. Systems Engineer
Dell TechDirect Certified
On Feb 23, 2018, at 7:42 AM, Thijs Stuurman
<thijs.stuur...@internedservices.nl<mailto:thijs.stuur...@internedservices.nl>>
wrote:
Try the /var/lib/openvas/CA/cacert.pem from your slave.
Thijs Stuurman
Security Operations Center | KPN Internedservices B.V.
thijs.stuur...@internedservices.nl<mailto:thijs.stuur...@internedservices.nl> |
thijs.stuur...@kpn.com<mailto:thijs.stuur...@kpn.com>
T: +31(0)299476185 | M: +31(0)624366778
PGP Key-ID: 0x16ADC048 (https://pgp.surfnet.nl/)
Fingerprint: 2EDB 9B42 D6E8 7D4B 6E02 8BE5 6D46 8007 16AD C048
W: https://www.internedservices.nl<https://www.internedservices.nl/> | L:
https://nl.linkedin.com/in/thijsstuurman
Van: Louis Bohm [mailto:lo...@systemgeek.net]
Verzonden: vrijdag 23 februari 2018 13:18
Aan: Thijs Stuurman
<thijs.stuur...@internedservices.nl<mailto:thijs.stuur...@internedservices.nl>>
CC:
openvas-discuss@wald.intevation.org<mailto:openvas-discuss@wald.intevation.org>
Onderwerp: Re: [Openvas-discuss] Scanner Master Slave setup
According to the doc it says to use:
${CMAKE_INSTALL_PREFIX}"/var/lib/openvas/CA/servercert.pem.
On CentOS 7 that turns out to be: /var/lib/openvas/CA/servercert.pem according
to openvas-manage-certs -V
[root@pci-sec02 ~]# openvas-manage-certs -V
OK: Directory for keys (/var/lib/openvas/private/CA) exists.
OK: Directory for certificates (/var/lib/openvas/CA) exists.
OK: CA key found in /var/lib/openvas/private/CA/cakey.pem
OK: CA certificate found in /var/lib/openvas/CA/cacert.pem
OK: CA certificate verified.
OK: Certificate /var/lib/openvas/CA/servercert.pem verified.
OK: Certificate /var/lib/openvas/CA/clientcert.pem verified.
Is it not the servercert.pem from the slave openvas host that I am supposed to
use?
Lo
Re: [Openvas-discuss] Scanner Master Slave setup
Try the /var/lib/openvas/CA/cacert.pem from your slave.
Thijs Stuurman
Security Operations Center | KPN Internedservices B.V.
thijs.stuur...@internedservices.nl<mailto:thijs.stuur...@internedservices.nl> |
thijs.stuur...@kpn.com<mailto:thijs.stuur...@kpn.com>
T: +31(0)299476185 | M: +31(0)624366778
PGP Key-ID: 0x16ADC048 (https://pgp.surfnet.nl/)
Fingerprint: 2EDB 9B42 D6E8 7D4B 6E02 8BE5 6D46 8007 16AD C048
W: https://www.internedservices.nl<https://www.internedservices.nl/> | L:
https://nl.linkedin.com/in/thijsstuurman
Van: Louis Bohm [mailto:lo...@systemgeek.net]
Verzonden: vrijdag 23 februari 2018 13:18
Aan: Thijs Stuurman <thijs.stuur...@internedservices.nl>
CC: openvas-discuss@wald.intevation.org
Onderwerp: Re: [Openvas-discuss] Scanner Master Slave setup
According to the doc it says to use:
${CMAKE_INSTALL_PREFIX}"/var/lib/openvas/CA/servercert.pem.
On CentOS 7 that turns out to be: /var/lib/openvas/CA/servercert.pem according
to openvas-manage-certs -V
[root@pci-sec02 ~]# openvas-manage-certs -V
OK: Directory for keys (/var/lib/openvas/private/CA) exists.
OK: Directory for certificates (/var/lib/openvas/CA) exists.
OK: CA key found in /var/lib/openvas/private/CA/cakey.pem
OK: CA certificate found in /var/lib/openvas/CA/cacert.pem
OK: CA certificate verified.
OK: Certificate /var/lib/openvas/CA/servercert.pem verified.
OK: Certificate /var/lib/openvas/CA/clientcert.pem verified.
Is it not the servercert.pem from the slave openvas host that I am supposed to
use?
Louis
:
Louis Bohm - Sr. Systems Engineer
Dell TechDirect Certified
On Feb 23, 2018, at 5:09 AM, Thijs Stuurman
<thijs.stuur...@internedservices.nl<mailto:thijs.stuur...@internedservices.nl>>
wrote:
My best guess is that you didn’t load in the right CA certificate from your
slave at step:
CA Certificate: The certificate you gathered from the slave
Thijs Stuurman
Security Operations Center | KPN Internedservices B.V.
thijs.stuur...@internedservices.nl<mailto:thijs.stuur...@internedservices.nl> |
thijs.stuur...@kpn.com<mailto:thijs.stuur...@kpn.com>
T: +31(0)299476185 | M: +31(0)624366778
PGP Key-ID: 0x16ADC048 (https://pgp.surfnet.nl/)
Fingerprint: 2EDB 9B42 D6E8 7D4B 6E02 8BE5 6D46 8007 16AD C048
W: https://www.internedservices.nl<https://www.internedservices.nl/> | L:
https://nl.linkedin.com/in/thijsstuurman
Van: Openvas-discuss [mailto:openvas-discuss-boun...@wald.intevation.org]
Namens Louis Bohm
Verzonden: donderdag 22 februari 2018 19:11
Aan:
openvas-discuss@wald.intevation.org<mailto:openvas-discuss@wald.intevation.org>
Onderwerp: [Openvas-discuss] Scanner Master Slave setup
I followed the following doc
https://blog.haardiek.org/setup-openvas-as-master-and-slave.html to set up the
master slave environment with the exception that I am doing this on CentOS 7
with OpenVAS9.
On the master I am getting this:
lib serv: DEBUG:2018-02-22 17h59.10 UTC:22888:Connected to server
‘op4us1opsscan01.domain.net<http://op4us1opsscan01.domain.net/>' port 9393.
lib serv: DEBUG:2018-02-22 17h59.10 UTC:22888:Shook hands with server
'op4us1opsscan01.domain.net<http://op4us1opsscan01.domain.net/>' port 9393.
lib serv:WARNING:2018-02-22 17h59.10 UTC:22888: openvas_server_verify: the
certificate is not trusted
lib serv:WARNING:2018-02-22 17h59.10 UTC:22888: openvas_server_verify: the
certificate hasn't got a known issuer
On the client I am getting this:
lib serv: DEBUG:2018-02-22 18h05.53 utc:20431:Shook hands with peer.
md main: DEBUG:2018-02-22 18h05.53 utc:20431:Serving OMP.
But in the GUI all I see is Status: Requested and it never changes.
Any idea why this is not working?
Louis
:
Louis Bohm - Sr. Systems Engineer
Dell TechDirect Certified
___
Openvas-discuss mailing list
Openvas-discuss@wald.intevation.org
https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss
Re: [Openvas-discuss] Scanner Master Slave setup
My best guess is that you didn’t load in the right CA certificate from your slave at step: CA Certificate: The certificate you gathered from the slave Thijs Stuurman Security Operations Center | KPN Internedservices B.V. thijs.stuur...@internedservices.nl<mailto:thijs.stuur...@internedservices.nl> | thijs.stuur...@kpn.com<mailto:thijs.stuur...@kpn.com> T: +31(0)299476185 | M: +31(0)624366778 PGP Key-ID: 0x16ADC048 (https://pgp.surfnet.nl/) Fingerprint: 2EDB 9B42 D6E8 7D4B 6E02 8BE5 6D46 8007 16AD C048 W: https://www.internedservices.nl<https://www.internedservices.nl/> | L: https://nl.linkedin.com/in/thijsstuurman Van: Openvas-discuss [mailto:openvas-discuss-boun...@wald.intevation.org] Namens Louis Bohm Verzonden: donderdag 22 februari 2018 19:11 Aan: openvas-discuss@wald.intevation.org Onderwerp: [Openvas-discuss] Scanner Master Slave setup I followed the following doc https://blog.haardiek.org/setup-openvas-as-master-and-slave.html to set up the master slave environment with the exception that I am doing this on CentOS 7 with OpenVAS9. On the master I am getting this: lib serv: DEBUG:2018-02-22 17h59.10 UTC:22888:Connected to server ‘op4us1opsscan01.domain.net<http://op4us1opsscan01.domain.net>' port 9393. lib serv: DEBUG:2018-02-22 17h59.10 UTC:22888:Shook hands with server 'op4us1opsscan01.domain.net<http://op4us1opsscan01.domain.net>' port 9393. lib serv:WARNING:2018-02-22 17h59.10 UTC:22888: openvas_server_verify: the certificate is not trusted lib serv:WARNING:2018-02-22 17h59.10 UTC:22888: openvas_server_verify: the certificate hasn't got a known issuer On the client I am getting this: lib serv: DEBUG:2018-02-22 18h05.53 utc:20431:Shook hands with peer. md main: DEBUG:2018-02-22 18h05.53 utc:20431:Serving OMP. But in the GUI all I see is Status: Requested and it never changes. Any idea why this is not working? Louis : Louis Bohm - Sr. Systems Engineer Dell TechDirect Certified ___ Openvas-discuss mailing list Openvas-discuss@wald.intevation.org https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss
Re: [Openvas-discuss] embedding in other tooling
So.. Google for GNU General Public License? (https://www.gnu.org/licenses/gpl-howto.en.html ?) And of course any other license you may encounter within software source code. You may want to get a lawyer involved. Thijs Stuurman Security Operations Center | KPN Internedservices B.V. thijs.stuur...@internedservices.nl<mailto:thijs.stuur...@internedservices.nl> | thijs.stuur...@kpn.com<mailto:thijs.stuur...@kpn.com> T: +31(0)299476185 | M: +31(0)624366778 PGP Key-ID: 0x16ADC048 (https://pgp.surfnet.nl/) Fingerprint: 2EDB 9B42 D6E8 7D4B 6E02 8BE5 6D46 8007 16AD C048 W: https://www.internedservices.nl<https://www.internedservices.nl/> | L: https://nl.linkedin.com/in/thijsstuurman Van: Openvas-discuss [mailto:openvas-discuss-boun...@wald.intevation.org] Namens subscription sites Verzonden: donderdag 22 februari 2018 07:37 Aan: openvas-discuss@wald.intevation.org Onderwerp: Re: [Openvas-discuss] embedding in other tooling Hello, nobody here who can shed any light on this? I also asked my question through i...@openvas.org<mailto:i...@openvas.org>, but no response there either. 1) Basically, I got an automated reply back, in which the following was stated as part of the openvas FAQ: "The community contributions of Greenbone (like the Greenbone Community Edition or the actual source code) are free of charge. You do have to accept the conditions of the GNU General Public License and of some other Open Source licenses. " So, which licenses are these or where could I find this information? 2) the website at www.openvas.org<http://www.openvas.org/> clearly states: " If you encounter problems with our infrastructure, have legal questions etc, then please contact: i...@openvas.org<mailto:i...@openvas.org>." => I think my questions are definitely legal/commercial of nature, but well, I'm going to ask here again too. 3) the website at www.openvas.org<http://www.openvas.org/> also states: " All OpenVAS products are Free Software. Most components are licensed under the GNU General Public License (GNU GPL). " but I can't find any information on the website again. Stating "most components" doesn't say a lot. Therefore, my question: is it allowed to embed the greenbone community edition in other commercial offerings, and if so, are there any restrictions/conditions? Or even just a detailed overview of what components fall under which license? "Most components", well... Thank you in advance for your feedback! On Mon, Feb 19, 2018 at 8:46 AM, subscription sites <subscription.si...@gmail.com<mailto:subscription.si...@gmail.com>> wrote: Hello, I'm not sure if this is the correct location to ask this question but: I was wondering, are there any restrictions on embedding openvas, the community edition, in other tooling for commercial purposes? If so, what are these restrictions? Or is there someone else, maybe from openvas itself, who could answer this if this isn't the correct location for this question? Thanks in advance for any feedback! ___ Openvas-discuss mailing list Openvas-discuss@wald.intevation.org https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss
Re: [Openvas-discuss] redis-server is nor tunning or listening onsocket: /var/run/redis/redis.sock
Never seen or heard about this issue. My redis.conf contains: “”” # bind 192.168.1.100 10.0.0.1 #bind 127.0.0.1 # Specify the path for the unix socket that will be used to listen for # incoming connections. There is no default, so Redis will not listen # on a unix socket when not specified. # #unixsocket /tmp/redis.sock unixsocket /var/run/redis/redis.sock unixsocketperm 755 “”” Ubuntu 16.04.3 LTS # dpkg -l |grep redis-server ii redis-server 2:3.0.6-1 Running openvas9. Thijs Stuurman Security Operations Center | KPN Internedservices B.V. thijs.stuur...@internedservices.nl<mailto:thijs.stuur...@internedservices.nl> | thijs.stuur...@kpn.com<mailto:thijs.stuur...@kpn.com> T: +31(0)299476185 | M: +31(0)624366778 PGP Key-ID: 0x16ADC048 (https://pgp.surfnet.nl/) Fingerprint: 2EDB 9B42 D6E8 7D4B 6E02 8BE5 6D46 8007 16AD C048 W: https://www.internedservices.nl<https://www.internedservices.nl/> | L: https://nl.linkedin.com/in/thijsstuurman Van: Openvas-discuss [mailto:openvas-discuss-boun...@wald.intevation.org] Namens Espresso Beanies Verzonden: donderdag 15 februari 2018 05:03 Aan: Ayo Folorunso Agunbiade <ayo.agunbia...@gmail.com> CC: openvas-discuss@wald.intevation.org Onderwerp: Re: [Openvas-discuss] redis-server is nor tunning or listening onsocket: /var/run/redis/redis.sock There’s a known issue that rebooting OpenVAS9 will cause redis to continue crashing. No way around it other than reinstalling version 9 or reverting to version 8. Sent from Mail<https://go.microsoft.com/fwlink/?LinkId=550986> for Windows 10 From: Ayo Folorunso Agunbiade<mailto:ayo.agunbia...@gmail.com> Sent: 14 février 2018 17:45 To: None<mailto:espressobean...@gmail.com> Cc: Reindl Harald<mailto:h.rei...@thelounge.net>; openvas-discuss@wald.intevation.org<mailto:openvas-discuss@wald.intevation.org> Subject: Re: [Openvas-discuss] redis-server is nor tunning or listening onsocket: /var/run/redis/redis.sock OpenVAS 9 I think I did reboot but not sure though. On Wed, Feb 14, 2018 at 3:04 PM, None <espressobean...@gmail.com<mailto:espressobean...@gmail.com>> wrote: Ayo, What version of OpenVAS are you running? 8 or 9? Did you reboot OpenVAS after it was initially working to get the "redis" error? On Tue, Feb 13, 2018 at 12:43 PM, Reindl Harald <h.rei...@thelounge.net<mailto:h.rei...@thelounge.net>> wrote: Am 13.02.2018 um 18:38 schrieb Ayo Folorunso Agunbiade: I am receiving ERROR: redis-server is nor tunning or listening on socket: /var/run/redis/redis.sock FIX: You should start the redis-server or configure it to listen on socket: /var/run/redis/redis.sock what about set it in /etc/redis.conf unixsocket /var/run/redis/redis.sock unixsocketperm 0777 since oyu don't give any useful information https://www.freedesktop.org/software/systemd/man/tmpfiles.d.html explains how to make sure "/var/run/redis" exists after reboot in case of a modern os where /var/run points to /run which is tmpfs ___ Openvas-discuss mailing list Openvas-discuss@wald.intevation.org<mailto:Openvas-discuss@wald.intevation.org> https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss ___ Openvas-discuss mailing list Openvas-discuss@wald.intevation.org<mailto:Openvas-discuss@wald.intevation.org> https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss ___ Openvas-discuss mailing list Openvas-discuss@wald.intevation.org https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss
Re: [Openvas-discuss] R: OpenVAS VM - No option to print PDFs
No idea, sorry. I compiled OpenVAS manually on a Ubuntu 16.04 VM. Thijs Stuurman Security Operations Center | KPN Internedservices B.V. thijs.stuur...@internedservices.nl<mailto:thijs.stuur...@internedservices.nl> | thijs.stuur...@kpn.com<mailto:thijs.stuur...@kpn.com> T: +31(0)299476185 | M: +31(0)624366778 PGP Key-ID: 0x16ADC048 (https://pgp.surfnet.nl/) Fingerprint: 2EDB 9B42 D6E8 7D4B 6E02 8BE5 6D46 8007 16AD C048 W: https://www.internedservices.nl<https://www.internedservices.nl/> | L: https://nl.linkedin.com/in/thijsstuurman Van: Openvas-discuss [mailto:openvas-discuss-boun...@wald.intevation.org] Namens Luca Racca Verzonden: woensdag 31 januari 2018 16:09 Aan: Brandon Bass <brandon.alan.b...@gmail.com>; openvas-discuss@wald.intevation.org Onderwerp: [Openvas-discuss] R: OpenVAS VM - No option to print PDFs Same issue for me. Seems to be an appliance issue. I didn’t find any solution. If someone can help will be very appreciate. Regards, Luca Da: Openvas-discuss [mailto:openvas-discuss-boun...@wald.intevation.org] Per conto di Brandon Bass Inviato: mercoledì 31 gennaio 2018 00:01 A: openvas-discuss@wald.intevation.org<mailto:openvas-discuss@wald.intevation.org> Oggetto: [Openvas-discuss] OpenVAS VM - No option to print PDFs I recently stood up an OpenVAS VM and for some reason it doesn't show any option to print a report in any format. Under the drop down it shows "No Results Found". I found a site saying that I would need to install Latex, which I tried but it says it's already on the most recent version. Any thoughts or suggestions? Thanks -Brandon ___ Openvas-discuss mailing list Openvas-discuss@wald.intevation.org https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss
Re: [Openvas-discuss] OpenVAS VM - No option to print PDFs
For Debian or Ubuntu, try: apt-get install texlive-latex-extra --no-install-recommends Thijs Stuurman Security Operations Center | KPN Internedservices B.V. thijs.stuur...@internedservices.nl<mailto:thijs.stuur...@internedservices.nl> | thijs.stuur...@kpn.com<mailto:thijs.stuur...@kpn.com> T: +31(0)299476185 | M: +31(0)624366778 PGP Key-ID: 0x16ADC048 (https://pgp.surfnet.nl/) Fingerprint: 2EDB 9B42 D6E8 7D4B 6E02 8BE5 6D46 8007 16AD C048 W: https://www.internedservices.nl<https://www.internedservices.nl/> | L: https://nl.linkedin.com/in/thijsstuurman Van: Openvas-discuss [mailto:openvas-discuss-boun...@wald.intevation.org] Namens Brandon Bass Verzonden: woensdag 31 januari 2018 00:01 Aan: openvas-discuss@wald.intevation.org Onderwerp: [Openvas-discuss] OpenVAS VM - No option to print PDFs I recently stood up an OpenVAS VM and for some reason it doesn't show any option to print a report in any format. Under the drop down it shows "No Results Found". I found a site saying that I would need to install Latex, which I tried but it says it's already on the most recent version. Any thoughts or suggestions? Thanks -Brandon ___ Openvas-discuss mailing list Openvas-discuss@wald.intevation.org https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss
Re: [Openvas-discuss] install ssl certificate to enable https
Something like this? /opt/openvas9/sbin/gsad -p 443 --listen=0.0.0.0 --mlisten=127.0.0.1 --mport=9390 --ssl-private-key=/etc/apache2/ssl/blah.key --ssl-certificate=/etc/apache2/ssl/blah.crt --http-sts --gnutls-priorities="NORMAL:-VERS-TLS-ALL:+VERS-TLS1.2:-CIPHER-ALL:+AES-256-CBC" Thijs Stuurman Security Operations Center | KPN Internedservices B.V. thijs.stuur...@internedservices.nl<mailto:thijs.stuur...@internedservices.nl> | thijs.stuur...@kpn.com<mailto:thijs.stuur...@kpn.com> T: +31(0)299476185 | M: +31(0)624366778 PGP Key-ID: 0x16ADC048 (https://pgp.surfnet.nl/) Fingerprint: 2EDB 9B42 D6E8 7D4B 6E02 8BE5 6D46 8007 16AD C048 W: https://www.internedservices.nl<https://www.internedservices.nl/> | L: https://nl.linkedin.com/in/thijsstuurman Van: Openvas-discuss [mailto:openvas-discuss-boun...@wald.intevation.org] Namens José Renato Castro Milanez Verzonden: woensdag 24 januari 2018 18:36 Aan: openvas-discuss@wald.intevation.org Onderwerp: [Openvas-discuss] install ssl certificate to enable https Hello friends, how are you? I'm looking for some documentation to install a ssl cert for correct https support for openvas. My cert is a wildcard one. Thanks! -- José Renato Castro Milanez Itajubá - MG ___ Openvas-discuss mailing list Openvas-discuss@wald.intevation.org https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss
Re: [Openvas-discuss] Scan Duration
I don't have any measurements but scans seem to be going smooth and fast on my side. I started a scan round yesterday morning and it should be done by Friday. Thijs Stuurman Security Operations Center | KPN Internedservices B.V. thijs.stuur...@internedservices.nl | thijs.stuur...@kpn.com T: +31(0)299476185 | M: +31(0)624366778 PGP Key-ID: 0x16ADC048 (https://pgp.surfnet.nl/) Fingerprint: 2EDB 9B42 D6E8 7D4B 6E02 8BE5 6D46 8007 16AD C048 W: https://www.internedservices.nl | L: https://nl.linkedin.com/in/thijsstuurman -Oorspronkelijk bericht- Van: Openvas-discuss [mailto:openvas-discuss-boun...@wald.intevation.org] Namens Helmut Koers Verzonden: dinsdag 23 januari 2018 08:50 Aan: openvas-discuss@wald.intevation.org Onderwerp: [Openvas-discuss] Scan Duration Dear all, we are having a couple of regular repeating scans and have recognized that all scan durations have more than doubled starting in December 2017. Can anyone confirm to see that behavior as well? May that be related to the number and/or kind of NVTs that have been added ever since? Thanks, Helmut ___ Openvas-discuss mailing list Openvas-discuss@wald.intevation.org https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss ___ Openvas-discuss mailing list Openvas-discuss@wald.intevation.org https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss
Re: [Openvas-discuss] Decentralization/containerization of OpenVAS components
Quick answer (out of time for today) - the OpenVAS Scanner on a single VM or in a single container Sure, I run 'm on single VM's - the OpenVAS CLI & Manager would need to share a container (unless I'm reading the diagram wrong and the CLI also uses port 9390 to execute commands on the Manager?) 9390 can be used, the greenbone security assistant does that as well - the Greenbone Security Assistant also in a single container Ok - an optional nginx reverse-proxy VM or container to upstream the Greenbone Security Assistant and terminate TLS No need for a reverse proxy, the latest GSA can do TLS etc' just fine with security headers. Example: gsad -p 443 --listen=0.0.0.0 --mlisten=127.0.0.1 --mport=9390 --ssl-private-key=/etc/ssl/priv.key --ssl-certificate=/etc/ssl/cert.crt --http-sts --gnutls-priorities="NORMAL:-VER S-TLS-ALL:+VERS-TLS1.2:-CIPHER-ALL:+AES-256-CBC" mlisten and mport point towards the manager. Thijs Stuurman Security Operations Center | KPN Internedservices B.V. thijs.stuur...@internedservices.nl | thijs.stuur...@kpn.com T: +31(0)299476185 | M: +31(0)624366778 PGP Key-ID: 0x16ADC048 (https://pgp.surfnet.nl/) Fingerprint: 2EDB 9B42 D6E8 7D4B 6E02 8BE5 6D46 8007 16AD C048 W: https://www.internedservices.nl | L: https://nl.linkedin.com/in/thijsstuurman -Oorspronkelijk bericht- Van: Openvas-discuss [mailto:openvas-discuss-boun...@wald.intevation.org] Namens k...@cute.im Verzonden: donderdag 18 januari 2018 16:51 Aan: openvas-discuss@wald.intevation.org Onderwerp: [Openvas-discuss] Decentralization/containerization of OpenVAS components Hello! I'm currently experimenting with running the OpenVAS 'stack' within a Docker container. However, after spotting this diagram: http://www.openvas.org/software.html it seems that a few of the OpenVAS components communicate via TCP/IP, meaning that in theory one might be able to run them in a distrubuted way across different VMs or within different Docker containers? My brief assessment lead me to believe that the following setup might be possible: - the OpenVAS Scanner on a single VM or in a single container - the OpenVAS CLI & Manager would need to share a container (unless I'm reading the diagram wrong and the CLI also uses port 9390 to execute commands on the Manager?) - the Greenbone Security Assistant also in a single container - an optional nginx reverse-proxy VM or container to upstream the Greenbone Security Assistant and terminate TLS Has anyone experimented with this in the past? Are my assumptions correct? Thanks, Kane Valentine ___ Openvas-discuss mailing list Openvas-discuss@wald.intevation.org https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss ___ Openvas-discuss mailing list Openvas-discuss@wald.intevation.org https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss
Re: [Openvas-discuss] integration and toppology
> must Openvas be installed on a dedicated machine? No (but resource requirement wise you probably want to and also to separate roles and data etc') > is it possible to make a discovery without installing any agent? Discovery? You port scan and discover stuff. > is it posiible to work with NAT? Yes, but stuff won't function correctly or at all. If you are stuck somewhere, use a VPN tunnel. > is it possible with Openvas to monitor VLAN, NAS, and machines through a > firewall? Yes, if you allow OpenVAS through the firewall. (or not, to make sure the firewall is configured ok) Thijs Stuurman Security Operations Center | KPN Internedservices B.V. thijs.stuur...@internedservices.nl | thijs.stuur...@kpn.com T: +31(0)299476185 | M: +31(0)624366778 PGP Key-ID: 0x16ADC048 (https://pgp.surfnet.nl/) Fingerprint: 2EDB 9B42 D6E8 7D4B 6E02 8BE5 6D46 8007 16AD C048 W: https://www.internedservices.nl | L: https://nl.linkedin.com/in/thijsstuurman -Oorspronkelijk bericht- Van: Openvas-discuss [mailto:openvas-discuss-boun...@wald.intevation.org] Namens Alex Smirnoff Verzonden: donderdag 14 december 2017 10:44 Aan: trazomtg <th.boib...@free.fr> CC: openvas-discuss@wald.intevation.org Onderwerp: Re: [Openvas-discuss] integration and toppology Everything is possible, depends on your requirements, expectations and effort invested ;-) Could you please be more specific? On Mon, Nov 27, 2017 at 11:56:29AM +0100, trazomtg wrote: > Hi, > > must Openvas be installed on a dedicated machine? > > is it possible to make a discovery without installing any agent? > is it posiible to work with NAT? > is it possible with Openvas to monitor VLAN, NAS, and machines through > a firewall? > > Thanks > T. > ___ > Openvas-discuss mailing list > Openvas-discuss@wald.intevation.org > https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-dis > cuss ___ Openvas-discuss mailing list Openvas-discuss@wald.intevation.org https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss ___ Openvas-discuss mailing list Openvas-discuss@wald.intevation.org https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss
Re: [Openvas-discuss] Manage permissions - Openvas 9
You have to set permissions on each note and override in my experience… just like the task, it’s tedious work. Thijs Stuurman Security Operations Center | KPN Internedservices B.V. thijs.stuur...@internedservices.nl<mailto:thijs.stuur...@internedservices.nl> | thijs.stuur...@kpn.com<mailto:thijs.stuur...@kpn.com> T: +31(0)299476185 | M: +31(0)624366778 PGP Key-ID: 0x16ADC048 (https://pgp.surfnet.nl/) Fingerprint: 2EDB 9B42 D6E8 7D4B 6E02 8BE5 6D46 8007 16AD C048 W: https://www.internedservices.nl<https://www.internedservices.nl/> | L: https://nl.linkedin.com/in/thijsstuurman Van: Openvas-discuss [mailto:openvas-discuss-boun...@wald.intevation.org] Namens Andreas Falk Verzonden: woensdag 13 december 2017 20:56 Aan: openvas-discuss@wald.intevation.org Onderwerp: [Openvas-discuss] Manage permissions - Openvas 9 Hi, We have been using OpenVas 8 for a few years now, with nightly scans on ~500 hosts. And now we are looking to use OpenVas9 and are testing it out with postgresql. One thing that I have learned from the last setup it to get the user permissions right from the beginning :) Is it possible to share everything in a task to a group of users. Even the notes and False positives? I have succeeded with setting permissions on single notes, but not all notes on a task. Any ideas or directions on this would be really helpful :) -- Regards Falk ___ Openvas-discuss mailing list Openvas-discuss@wald.intevation.org https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss
Re: [Openvas-discuss] Reporting on delta's between scans on same host
Joris, Yes, multiple tickets for the same issue will then sit in the queue. (or not if they closed or moved the ticket; it’ll come right back on the next scan) Their tickets are not my responsibility so I do not interfere with what they do with the tickets. If something cannot be fixed, you (or they) can say so using a note on the result in question and override the result. (accepting the situation or explain why it is a false positive or something). You can configure the override to be valid for all future scans of the particular task (or all tasks) (and for some time etc.’) which avoids new tickets being created. I doubt you can or even want to keep track of their tickets. Strange things happen to tickets, some even get set to resolved while the issue is clearly not… I understand you do not want to clutter the ticketing system but it only gets that way (which should make alarm bells ring somewhere) if they don’t do their job. When you do not report a finding because the same finding was there last month and someone threw that ticket away… you’ll get nowhere. (Don’t you have anything written down about how long a certain CVSS score vulnerability may exist when found?) For reporting we make reports manually based on some filters to group certain systems and the result counts. (yes, we put the numbers in excel and make a nice graph) We have too many systems to report on every task separately. Even general reports are not very helpful because systems and vulnerabilities (or non-compliances) come and go. (We named tasks according to groups to filter ‘m out, for example the name would be “domain Linux – system xyz”; you cannot (easily) filter on the comments but we use those to quickly identify if it’s a private or public system and usually we have the target IP in there as well) We can show which groups have the most issues and where improvements are clearly visible. Usually we manually point out the big improvements and not so much do any shaming; the numbers, graph(s) and tickets do enough. From my experience, shaming doesn’t improve much and can be quite devastating in the long run. If you have so many results that it would fill queues instantly and bury people under work (let’s face it, this happens a lot in large organizations when you first start scanning); do not automatically make tickets. (or perhaps only for very high CVSS scores) Make some tickets manually for the major issues which require a resolution asap. Fix the others using a separate (dedicated) security issue team and enforce a baseline to avoid such findings on new systems. Then later when the organization is more in control you can automate the tickets. You can also ease your organization in to it all by not starting to scan everything but make them onboard their systems, get admins involved. Besides the obvious vulnerability it also helps them for example check their firewall and encryption configurations. Tickets and onboarding are not your responsibility, allow their manager do his or her job. Thijs Stuurman Security Operations Center | KPN Internedservices B.V. thijs.stuur...@internedservices.nl<mailto:thijs.stuur...@internedservices.nl> | thijs.stuur...@kpn.com<mailto:thijs.stuur...@kpn.com> T: +31(0)299476185 | M: +31(0)624366778 PGP Key-ID: 0x16ADC048 (https://pgp.surfnet.nl/) Fingerprint: 2EDB 9B42 D6E8 7D4B 6E02 8BE5 6D46 8007 16AD C048 W: https://www.internedservices.nl<https://www.internedservices.nl/> | L: https://nl.linkedin.com/in/thijsstuurman Van: Openvas-discuss [mailto:openvas-discuss-boun...@wald.intevation.org] Namens Joris Verzonden: donderdag 7 december 2017 10:13 CC: openvas-discuss@wald.intevation.org Onderwerp: Re: [Openvas-discuss] Reporting on delta's between scans on same host Thanks Thijs! You made me think about past results and not having to care about it: It is true that the tickets will be only generated on current results. On the other hand, does that mean that you create multiple tickets for the same issue if it appears in 2 consecutive scans? We're interested in differential for 2 other reasons: - from a security culture perspective, it would be interesting to report on reduction on vulnerabilities and create some noise about who is doing well and who is not. - some systems will have issues which cannot be remediated per se. By differential reporting, we can look at new stuff and the report would not be cluttered by old stuff we already knew about / ticketed. Best regards Joris On Thu, Dec 7, 2017 at 10:05 AM, Thijs Stuurman <thijs.stuur...@internedservices.nl<mailto:thijs.stuur...@internedservices.nl>> wrote: You can schedule the scans to repeat them. Personally I wasn’t happy with the built in scheduler and automated one myself using python talking to the gvm-tools API. (https://github.com/Thij/openvas_scheduler which might help you automate things yourself, gvm-tools also has example scripts: https://bit
Re: [Openvas-discuss] Reporting on delta's between scans on same host
You can schedule the scans to repeat them. Personally I wasn’t happy with the built in scheduler and automated one myself using python talking to the gvm-tools API. (https://github.com/Thij/openvas_scheduler which might help you automate things yourself, gvm-tools also has example scripts: https://bitbucket.org/greenbone/gvm-tools) I am not going for differences really; any finding with a CVSS score of > 4 will trigger an alert which sends an email to our ticketing system. Once a month I start my scheduler which will start any job that hasn’t run for 3 weeks or so. (I could leave it running in a screen forever but I still supervise and time it all, when it is not running I got time to update scan systems) If you go to tasks and click on the Reports > Total number you can see an overview of all the reports and quickly see if things improved or not. There is a compare button (underneath Actions, next to ‘delete’ so be careful), click on two and you’ll get a comparison overview. Still, why care about past results; it’s the latest scan result that counts in my book. Thijs Stuurman Security Operations Center | KPN Internedservices B.V. thijs.stuur...@internedservices.nl<mailto:thijs.stuur...@internedservices.nl> | thijs.stuur...@kpn.com<mailto:thijs.stuur...@kpn.com> T: +31(0)299476185 | M: +31(0)624366778 PGP Key-ID: 0x16ADC048 (https://pgp.surfnet.nl/) Fingerprint: 2EDB 9B42 D6E8 7D4B 6E02 8BE5 6D46 8007 16AD C048 W: https://www.internedservices.nl<https://www.internedservices.nl/> | L: https://nl.linkedin.com/in/thijsstuurman Van: Openvas-discuss [mailto:openvas-discuss-boun...@wald.intevation.org] Namens Joris Verzonden: donderdag 7 december 2017 09:51 Aan: openvas-discuss@wald.intevation.org Onderwerp: [Openvas-discuss] Reporting on delta's between scans on same host Hello list, Using the scanner here and are pretty impressed with the results and the web GUI. Our next move is basically to identify differences between consecutive scans on hosts (was a vulnerability patched? was a new vulnerability introduced on the system?) Based on my understanding, the system does not support this natively but I can be wrong. How do others solve this issue? Do you build automation around it ? Best regards Joris ___ Openvas-discuss mailing list Openvas-discuss@wald.intevation.org https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss
Re: [Openvas-discuss] OpenVAS9 master/slave setup...
Christiaan, I am not familiar with your current error message. Thijs Stuurman Security Operations Center | KPN Internedservices B.V. thijs.stuur...@internedservices.nl<mailto:thijs.stuur...@internedservices.nl> | thijs.stuur...@kpn.com<mailto:thijs.stuur...@kpn.com> T: +31(0)299476185 | M: +31(0)624366778 PGP Key-ID: 0x16ADC048 (https://pgp.surfnet.nl/) Fingerprint: 2EDB 9B42 D6E8 7D4B 6E02 8BE5 6D46 8007 16AD C048 W: https://www.internedservices.nl<https://www.internedservices.nl/> | L: http://nl.linkedin.com/in/thijsstuurman Van: Christiaan De Vries [mailto:christiaan.devr...@evros.ie] Verzonden: vrijdag 17 november 2017 11:21 Aan: Thijs Stuurman <thijs.stuur...@internedservices.nl>; openvas-discuss@wald.intevation.org Onderwerp: RE: OpenVAS9 master/slave setup... Hoi Thijs, The verify scanner config test informs me that 'Scanner has been verified' and when I go into the configuration of the scanner, it shows me the following: [cid:image002.jpg@01D35F96.B3A7D450] Now, weirdly enough (after a reboot of both nodes) the error message about "the certificate hasn't got a known issuer " is gone, and the openvasmd.log (on the slave) now shows the following when I initiate a scan (from the master to the slave): mdomp: INFO:2017-11-17 10h15.32 utc:15657:Failed to parse client XML: Error on line 1 char 2: ' ' is not a valid character following a '<' character; it may not begin an element name Any idea what this could imply? Thanks for your help! Christiaan de Vries Digital Planet From: Thijs Stuurman [mailto:thijs.stuur...@internedservices.nl] Sent: 17 November 2017 10:03 To: openvas-discuss@wald.intevation.org<mailto:openvas-discuss@wald.intevation.org> Cc: Christiaan De Vries <christiaan.devr...@evros.ie<mailto:christiaan.devr...@evros.ie>> Subject: RE: OpenVAS9 master/slave setup... When creating the New Scanner on the master to configure the slave scanner, did you upload the slave's CA certificate? See the screenshot on the site. Thijs Stuurman Security Operations Center | KPN Internedservices B.V. thijs.stuur...@internedservices.nl<mailto:thijs.stuur...@internedservices.nl> | thijs.stuur...@kpn.com<mailto:thijs.stuur...@kpn.com> T: +31(0)299476185 | M: +31(0)624366778 PGP Key-ID: 0x16ADC048 (https://pgp.surfnet.nl/) Fingerprint: 2EDB 9B42 D6E8 7D4B 6E02 8BE5 6D46 8007 16AD C048 W: https://www.internedservices.nl<https://www.internedservices.nl/> | L: http://nl.linkedin.com/in/thijsstuurman Van: Openvas-discuss [mailto:openvas-discuss-boun...@wald.intevation.org] Namens Christiaan De Vries Verzonden: donderdag 16 november 2017 13:10 Aan: openvas-discuss@wald.intevation.org<mailto:openvas-discuss@wald.intevation.org> Onderwerp: [Openvas-discuss] OpenVAS9 master/slave setup... Hello everybody, I'm running OpenVAS9 and am trying to configure a master/slave combination, so I followed the instructions in the following post but am running into (what I think) are certificate issues: https://blog.haardiek.org/setup-openvas-as-master-and-slave.html I see the following messages in the master logs: lib serv: DEBUG:2017-11-15 14h13.40 UTC:2667:Connected to server '172.X.X.X' port 9391. lib serv: DEBUG:2017-11-15 14h13.40 UTC:2667:Shook hands with server '172.X.x.X' port 9391. lib serv:WARNING:2017-11-15 14h13.40 UTC:2667: openvas_server_verify: the certificate is not trusted lib serv:WARNING:2017-11-15 14h13.40 UTC:2667: openvas_server_verify: the certificate hasn't got a known issuer md manage:WARNING:2017-11-15 14h13.40 UTC:2667: slave_connect: failed to open connection to 172.X.X.X on 9391 Now, if I check the certs on the slave, all seems well: root@DMZ-NVT-01:~# openvas-manage-certs -V OK: Directory for keys (/var/lib/openvas/private/CA) exists. OK: Directory for certificates (/var/lib/openvas/CA) exists. OK: CA key found in /var/lib/openvas/private/CA/cakey.pem OK: CA certificate found in /var/lib/openvas/CA/cacert.pem OK: CA certificate verified. OK: Certificate /var/lib/openvas/CA/clientcert.pem verified. OK: Certificate /var/lib/openvas/CA/servercert.pem verified. OK: Your OpenVAS certificate infrastructure passed validation. Same for the master, the checks are fine: root@Ubuntu-OpenVAS:/var/log/openvas# openvas-manage-certs -V OK: Directory for keys (/var/lib/openvas/private/CA) exists. OK: Directory for certificates (/var/lib/openvas/CA) exists. OK: CA key found in /var/lib/openvas/private/CA/cakey.pem OK: CA certificate found in /var/lib/openvas/CA/cacert.pem OK: CA certificate verified. OK: Certificate /var/lib/openvas/CA/servercert.pem verified. OK: Certificate /var/lib/openvas/CA/clientcert.pem verified. OK: Your OpenVAS certificate infrastructure passed validation. Any advice on how to debug/tackle/solve this problem? PS: I've noticed that in the GUI of the master, the following message is displayed, not sure if this is related?: "Ce
Re: [Openvas-discuss] OpenVAS9 master/slave setup...
When creating the New Scanner on the master to configure the slave scanner, did you upload the slave's CA certificate? See the screenshot on the site. Thijs Stuurman Security Operations Center | KPN Internedservices B.V. thijs.stuur...@internedservices.nl<mailto:thijs.stuur...@internedservices.nl> | thijs.stuur...@kpn.com<mailto:thijs.stuur...@kpn.com> T: +31(0)299476185 | M: +31(0)624366778 PGP Key-ID: 0x16ADC048 (https://pgp.surfnet.nl/) Fingerprint: 2EDB 9B42 D6E8 7D4B 6E02 8BE5 6D46 8007 16AD C048 W: https://www.internedservices.nl<https://www.internedservices.nl/> | L: http://nl.linkedin.com/in/thijsstuurman Van: Openvas-discuss [mailto:openvas-discuss-boun...@wald.intevation.org] Namens Christiaan De Vries Verzonden: donderdag 16 november 2017 13:10 Aan: openvas-discuss@wald.intevation.org Onderwerp: [Openvas-discuss] OpenVAS9 master/slave setup... Hello everybody, I'm running OpenVAS9 and am trying to configure a master/slave combination, so I followed the instructions in the following post but am running into (what I think) are certificate issues: https://blog.haardiek.org/setup-openvas-as-master-and-slave.html I see the following messages in the master logs: lib serv: DEBUG:2017-11-15 14h13.40 UTC:2667:Connected to server '172.X.X.X' port 9391. lib serv: DEBUG:2017-11-15 14h13.40 UTC:2667:Shook hands with server '172.X.x.X' port 9391. lib serv:WARNING:2017-11-15 14h13.40 UTC:2667: openvas_server_verify: the certificate is not trusted lib serv:WARNING:2017-11-15 14h13.40 UTC:2667: openvas_server_verify: the certificate hasn't got a known issuer md manage:WARNING:2017-11-15 14h13.40 UTC:2667: slave_connect: failed to open connection to 172.X.X.X on 9391 Now, if I check the certs on the slave, all seems well: root@DMZ-NVT-01:~# openvas-manage-certs -V OK: Directory for keys (/var/lib/openvas/private/CA) exists. OK: Directory for certificates (/var/lib/openvas/CA) exists. OK: CA key found in /var/lib/openvas/private/CA/cakey.pem OK: CA certificate found in /var/lib/openvas/CA/cacert.pem OK: CA certificate verified. OK: Certificate /var/lib/openvas/CA/clientcert.pem verified. OK: Certificate /var/lib/openvas/CA/servercert.pem verified. OK: Your OpenVAS certificate infrastructure passed validation. Same for the master, the checks are fine: root@Ubuntu-OpenVAS:/var/log/openvas# openvas-manage-certs -V OK: Directory for keys (/var/lib/openvas/private/CA) exists. OK: Directory for certificates (/var/lib/openvas/CA) exists. OK: CA key found in /var/lib/openvas/private/CA/cakey.pem OK: CA certificate found in /var/lib/openvas/CA/cacert.pem OK: CA certificate verified. OK: Certificate /var/lib/openvas/CA/servercert.pem verified. OK: Certificate /var/lib/openvas/CA/clientcert.pem verified. OK: Your OpenVAS certificate infrastructure passed validation. Any advice on how to debug/tackle/solve this problem? PS: I've noticed that in the GUI of the master, the following message is displayed, not sure if this is related?: "Certificate currently in use will expire" Regards, Christiaan de Vries Digital Planet ___ Openvas-discuss mailing list Openvas-discuss@wald.intevation.org https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss
Re: [Openvas-discuss] Openvas user creation
Go to each task and at the bottom you can add permissions. The defaults will grant read permission to your user, group or role you choose. Thijs Stuurman Security Operations Center | KPN Internedservices B.V. thijs.stuur...@internedservices.nl<mailto:thijs.stuur...@internedservices.nl> | thijs.stuur...@kpn.com<mailto:thijs.stuur...@kpn.com> T: +31(0)299476185 | M: +31(0)624366778 PGP Key-ID: 0x16ADC048 (https://pgp.surfnet.nl/) Fingerprint: 2EDB 9B42 D6E8 7D4B 6E02 8BE5 6D46 8007 16AD C048 W: https://www.internedservices.nl<https://www.internedservices.nl/> | L: http://nl.linkedin.com/in/thijsstuurman Van: Openvas-discuss [mailto:openvas-discuss-boun...@wald.intevation.org] Namens Buddhika De Alwis Verzonden: vrijdag 27 oktober 2017 06:15 Aan: openvas-discuss@wald.intevation.org Onderwerp: [Openvas-discuss] Openvas user creation Hi all, The question is regarding the Openvas users. I want to create an account to show the tasks and results to my team. I was running the tasks using the admin account however even if I created another account with the admin role, using that account you cannot view the hosts/tasks/reports executed using the admin account. Can anyone provide any insight on this? Thanks in advance, -- Buddhika De Alwis ___ Openvas-discuss mailing list Openvas-discuss@wald.intevation.org https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss
Re: [Openvas-discuss] OpenVAS9 on Ubuntu 16.04 task status not changing to running
All I can say is that I have not encountered this issue. I have manually stopped scans or had ‘m hang (which results in a stopped state after restarting OpenVAS) but then I can easily remove the corresponding report and start a new scan again on the task. Running OpenVAS 9 on Ubuntu 16.04. Suggestions: restart all machine(s); check diskspace; check dmesg Thijs Stuurman Security Operations Center | KPN Internedservices B.V. thijs.stuur...@internedservices.nl<mailto:thijs.stuur...@internedservices.nl> | thijs.stuur...@kpn.com<mailto:thijs.stuur...@kpn.com> T: +31(0)299476185 | M: +31(0)624366778 PGP Key-ID: 0x16ADC048 (https://pgp.surfnet.nl/) Fingerprint: 2EDB 9B42 D6E8 7D4B 6E02 8BE5 6D46 8007 16AD C048 W: https://www.internedservices.nl<https://www.internedservices.nl/> | L: http://nl.linkedin.com/in/thijsstuurman Van: Openvas-discuss [mailto:openvas-discuss-boun...@wald.intevation.org] Namens Robin Baxter Verzonden: dinsdag 24 oktober 2017 16:49 Aan: openvas-discuss@wald.intevation.org Onderwerp: [Openvas-discuss] OpenVAS9 on Ubuntu 16.04 task status not changing to running Hi, has anyone encountered this and knows how to fix? Scans were stopped prior to completion and were deleted. Since then, any new scan will go to “requested” in the web interface and “has been requested to start” in the openvasmd.log, but the status never proceeds to “running.” I have repeated the same problem on several OpenVAS9 installations on Ubuntu 16.04, after scans were stopped prematurely. Any suggestions would be much appreciated. Regards, Robin Baxter Security Ops StrataDefense [cid:image001.png@01D34D72.1735AB00] Robin Baxter SOC Lead 8400 Highland Drive | Wausau WI 54401 715-842-7665 | Fax: www.stratadefense.com<http://www.stratadefense.com> Financial Networks. Secured. Since 1995 We Appreciate Your Business and Referrals This message (and any associated files) is intended only for the use of the individual or entity to which it is addressed and may contain information that is confidential, subject to copyright or constitutes a trade secret. If you are not the intended recipient you are hereby notified that any dissemination, copying or distribution of this message, or files associated with this message, is strictly prohibited. If you have received this message in error, please notify us immediately by replying to the message and deleting it from your computer. Messages sent to and from us may be monitored. Internet communications cannot be guaranteed to be secure or error-free as information could be intercepted, corrupted, lost, destroyed, arrive late or incomplete, or contain viruses. Therefore, we do not accept responsibility for any errors or omissions that are present in this message, or any attachment, that have arisen as a result of e-mail transmission. If verification is required, please request a hard-copy version. Any views or opinions presented are solely those of the author and do not necessarily represent those of the company. ___ Openvas-discuss mailing list Openvas-discuss@wald.intevation.org https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss
Re: [Openvas-discuss] OpenVAS 9 PDF report issue
I have no PDF generation issues with OpenVAS 9 on Ubuntu 16.04.02 LTS. The email function within an alert to send the PDF is also working ok for me. Perhaps you want to reinstall/setup your latex software packages. Thijs Stuurman Security Operations Center | KPN Internedservices B.V. thijs.stuur...@internedservices.nl<mailto:thijs.stuur...@internedservices.nl> | thijs.stuur...@kpn.com<mailto:thijs.stuur...@kpn.com> T: +31(0)299476185 | M: +31(0)624366778 PGP Key-ID: 0x16ADC048 (https://pgp.surfnet.nl/) Fingerprint: 2EDB 9B42 D6E8 7D4B 6E02 8BE5 6D46 8007 16AD C048 W: https://www.internedservices.nl<https://www.internedservices.nl/> | L: http://nl.linkedin.com/in/thijsstuurman Van: Openvas-discuss [mailto:openvas-discuss-boun...@wald.intevation.org] Namens None Verzonden: dinsdag 24 oktober 2017 23:44 Aan: openvas-discuss@wald.intevation.org Onderwerp: [Openvas-discuss] OpenVAS 9 PDF report issue It appears PDF reports are being rendered as gibberish in OpenVAS 9. I ran a full, deep scan and though the bookmarks were accurate, the content displayed in the PDF pages was either blank or rendered with broken lines and colored rectangles. I confirmed I have 'texlive-latex-extra --no-install-recommends' since I am running this on Ubuntu Xenial. ___ Openvas-discuss mailing list Openvas-discuss@wald.intevation.org https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss
Re: [Openvas-discuss] Start Task: 503 - Service temporarily down
David, Your initial login was probably too fast after starting the services, they need time to initiate. I don't know what else to tell you now to help you with the TLS error. (*In my book it's not 100% sure that it actually is a TLS issue even if it implies so) If it's your box and it's publicly connected to the Internet I won't mind taking 30 minutes to try and get it to work for you if you allow me to. Thijs Stuurman Security Operations Center | KPN Internedservices B.V. thijs.stuur...@internedservices.nl | thijs.stuur...@kpn.com T: +31(0)299476185 | M: +31(0)624366778 PGP Key-ID: 0x16ADC048 (https://pgp.surfnet.nl/) Fingerprint: 2EDB 9B42 D6E8 7D4B 6E02 8BE5 6D46 8007 16AD C048 W: https://www.internedservices.nl | L: http://nl.linkedin.com/in/thijsstuurman -Oorspronkelijk bericht- Van: David Rericha [mailto:d.reri...@healthcareoss.com] Verzonden: woensdag 18 oktober 2017 16:06 Aan: Thijs Stuurman <thijs.stuur...@internedservices.nl>; openvas-discuss@wald.intevation.org Onderwerp: Re: [Openvas-discuss] Start Task: 503 - Service temporarily down Thijs, I stopped Apache and restarted gsad, openvas-scanner, and openvas-manager. Now when I attempt to login I get: "Login failed. Waiting for OMP service to become available." The only log that has a relevant entry is openvasmd.log: lib auth: INFO:2017-10-18 13h31.15 utc:10725: Authentication configuration not found. So, I attempted to login again and I was able to get in. Seems like there is a timing issue. Then, I attempted to run the task and got the same error: Operation: Start Task Status code: 503 Status message: Service temporarily down The openvasmd.log states: lib serv:WARNING:2017-10-18 13h36.10 UTC:11214: Failed to shake hands with peer: The TLS connection was non-properly terminated. lib serv:WARNING:2017-10-18 13h36.10 UTC:11214: Failed to shutdown server socket event task:MESSAGE:2017-10-18 13h36.10 UTC:11214: Task Penetration Task (6d5e4c84-1ff1-4115-b2aa-7cf3f7bf6d75) could not be started by admin It seems that the tls certs are the problem. But the keys are present as specified in /etc/openvas/openvassd.conf. Anything else I could try? David J. Rericha Project Manager Open Software Solutions, LLC On 10/17/2017 9:10 AM, Thijs Stuurman wrote: > David, > > Gsad not being able to bind to a port is a whole other problem than as you > described earlier with the certificates. > Options: > > - Stop Apache > - Do not bind Apache to port 80 > - Make gsad bind to another port then 80 (or others which are already > in use) > > You can tell gsad where and how to bind, for example: > > gsad -p 443 --listen=0.0.0.0 --mlisten=127.0.0.1 --mport=9390 > --ssl-private-key=/etc/ssl/priv.key --ssl-certificate=/etc/ssl/cert.crt > --http-sts --gnutls-priorities="NORMAL:-VER > S-TLS-ALL:+VERS-TLS1.2:-CIPHER-ALL:+AES-256-CBC" > > This makes it listen on port 443 using the -p options. > See --help for all the possible arguments. > > > Thijs Stuurman > Security Operations Center | KPN Internedservices B.V. > thijs.stuur...@internedservices.nl | thijs.stuur...@kpn.com > T: +31(0)299476185 | M: +31(0)624366778 PGP Key-ID: 0x16ADC048 > (https://pgp.surfnet.nl/) > Fingerprint: 2EDB 9B42 D6E8 7D4B 6E02 8BE5 6D46 8007 16AD C048 > > W: https://www.internedservices.nl | L: > http://nl.linkedin.com/in/thijsstuurman > > -Oorspronkelijk bericht----- > Van: David Rericha [mailto:d.reri...@healthcareoss.com] > Verzonden: dinsdag 17 oktober 2017 15:32 > Aan: Thijs Stuurman <thijs.stuur...@internedservices.nl>; > openvas-discuss@wald.intevation.org > Onderwerp: Re: [Openvas-discuss] Start Task: 503 - Service temporarily > down > > Thanks, Thjs for your suggestion. I thought i did run this command but reran > it just to make sure. However the same behavior exists. The only relevant > information I found in the logs was in gsad.log. > gsad tries to bind to port 80 but that port is being used by apache. > Here is the entire log: > > gsad main: DEBUG:2017-10-17 13h25.13 utc:29285: main: gettext translation > extensions are enabled (using locale "en_US.UTF-8"). > gsad main:WARNING:2017-10-17 13h25.13 utc:29287: MHD: Failed to bind to port > 80: Address already in use gsad main:WARNING:2017-10-17 13h25.13 utc:29287: > main: start_http_daemon redirect failed ! > gsad main:WARNING:2017-10-17 13h25.56 utc:29286: MHD: Failed to > receive > data: A TLS fatal alert has been received. > gsad main:WARNING:2017-10-17 13h25.56 utc:29286: MHD: Error: received > handshake message out of context > > Any ideas? > > On 10/16/2017 10:04 AM, Thijs Stuurman wrote: >> *It got renamed, sorry; search for openvas-manage-certs: >> >> """ >> :/opt/openvas/bin# ./openvas-manage-certs --
Re: [Openvas-discuss] Start Task: 503 - Service temporarily down
David, Gsad not being able to bind to a port is a whole other problem than as you described earlier with the certificates. Options: - Stop Apache - Do not bind Apache to port 80 - Make gsad bind to another port then 80 (or others which are already in use) You can tell gsad where and how to bind, for example: gsad -p 443 --listen=0.0.0.0 --mlisten=127.0.0.1 --mport=9390 --ssl-private-key=/etc/ssl/priv.key --ssl-certificate=/etc/ssl/cert.crt --http-sts --gnutls-priorities="NORMAL:-VER S-TLS-ALL:+VERS-TLS1.2:-CIPHER-ALL:+AES-256-CBC" This makes it listen on port 443 using the -p options. See --help for all the possible arguments. Thijs Stuurman Security Operations Center | KPN Internedservices B.V. thijs.stuur...@internedservices.nl | thijs.stuur...@kpn.com T: +31(0)299476185 | M: +31(0)624366778 PGP Key-ID: 0x16ADC048 (https://pgp.surfnet.nl/) Fingerprint: 2EDB 9B42 D6E8 7D4B 6E02 8BE5 6D46 8007 16AD C048 W: https://www.internedservices.nl | L: http://nl.linkedin.com/in/thijsstuurman -Oorspronkelijk bericht- Van: David Rericha [mailto:d.reri...@healthcareoss.com] Verzonden: dinsdag 17 oktober 2017 15:32 Aan: Thijs Stuurman <thijs.stuur...@internedservices.nl>; openvas-discuss@wald.intevation.org Onderwerp: Re: [Openvas-discuss] Start Task: 503 - Service temporarily down Thanks, Thjs for your suggestion. I thought i did run this command but reran it just to make sure. However the same behavior exists. The only relevant information I found in the logs was in gsad.log. gsad tries to bind to port 80 but that port is being used by apache. Here is the entire log: gsad main: DEBUG:2017-10-17 13h25.13 utc:29285: main: gettext translation extensions are enabled (using locale "en_US.UTF-8"). gsad main:WARNING:2017-10-17 13h25.13 utc:29287: MHD: Failed to bind to port 80: Address already in use gsad main:WARNING:2017-10-17 13h25.13 utc:29287: main: start_http_daemon redirect failed ! gsad main:WARNING:2017-10-17 13h25.56 utc:29286: MHD: Failed to receive data: A TLS fatal alert has been received. gsad main:WARNING:2017-10-17 13h25.56 utc:29286: MHD: Error: received handshake message out of context Any ideas? On 10/16/2017 10:04 AM, Thijs Stuurman wrote: > *It got renamed, sorry; search for openvas-manage-certs: > > """ > :/opt/openvas/bin# ./openvas-manage-certs --help Illegal option -- > Usage: >./openvas-manage-certs [OPTION] - Manage certificate infrastructure for an > Ope > nVAS installation > > Options: >-h Print help >-a Automatically set up default infrastructure for OpenVAS > """ > > Just running it with -a should do the trick. > > > Thijs Stuurman > Security Operations Center | KPN Internedservices B.V. > thijs.stuur...@internedservices.nl | thijs.stuur...@kpn.com > T: +31(0)299476185 | M: +31(0)624366778 PGP Key-ID: 0x16ADC048 > (https://pgp.surfnet.nl/) > Fingerprint: 2EDB 9B42 D6E8 7D4B 6E02 8BE5 6D46 8007 16AD C048 > > W: https://www.internedservices.nl | L: > http://nl.linkedin.com/in/thijsstuurman > > > -Oorspronkelijk bericht- > Van: Openvas-discuss > [mailto:openvas-discuss-boun...@wald.intevation.org] Namens Thijs > Stuurman > Verzonden: maandag 16 oktober 2017 17:03 > Aan: David Rericha <d.reri...@healthcareoss.com>; > openvas-discuss@wald.intevation.org > Onderwerp: Re: [Openvas-discuss] Start Task: 503 - Service temporarily > down > > David, > > Did you run "openvas-mkcert" during your OpenVAS installation to setup and > configure the certificates for the TLS communication between the services? > > > Thijs Stuurman > Security Operations Center | KPN Internedservices B.V. > thijs.stuur...@internedservices.nl | thijs.stuur...@kpn.com > T: +31(0)299476185 | M: +31(0)624366778 PGP Key-ID: 0x16ADC048 > (https://pgp.surfnet.nl/) > Fingerprint: 2EDB 9B42 D6E8 7D4B 6E02 8BE5 6D46 8007 16AD C048 > > W: https://www.internedservices.nl | L: > http://nl.linkedin.com/in/thijsstuurman > > > -Oorspronkelijk bericht- > Van: Openvas-discuss > [mailto:openvas-discuss-boun...@wald.intevation.org] Namens David > Rericha > Verzonden: maandag 16 oktober 2017 16:53 > Aan: openvas-discuss@wald.intevation.org > Onderwerp: [Openvas-discuss] Start Task: 503 - Service temporarily > down > > Hello. I am running greenbone version 9. I logged in at > https://localhost:9392, created a new task and tried to run it and got the > following: > > Operation: Start Task > Status code: 503 > Status message: Service temporarily down > > openvasmd.log reads: > > lib serv:WARNING:2017-10-16 14h37.22 UTC:714: Failed to shake hands > with &g
Re: [Openvas-discuss] Start Task: 503 - Service temporarily down
*It got renamed, sorry; search for openvas-manage-certs: """ :/opt/openvas/bin# ./openvas-manage-certs --help Illegal option -- Usage: ./openvas-manage-certs [OPTION] - Manage certificate infrastructure for an Ope nVAS installation Options: -h Print help -a Automatically set up default infrastructure for OpenVAS """ Just running it with -a should do the trick. Thijs Stuurman Security Operations Center | KPN Internedservices B.V. thijs.stuur...@internedservices.nl | thijs.stuur...@kpn.com T: +31(0)299476185 | M: +31(0)624366778 PGP Key-ID: 0x16ADC048 (https://pgp.surfnet.nl/) Fingerprint: 2EDB 9B42 D6E8 7D4B 6E02 8BE5 6D46 8007 16AD C048 W: https://www.internedservices.nl | L: http://nl.linkedin.com/in/thijsstuurman -Oorspronkelijk bericht- Van: Openvas-discuss [mailto:openvas-discuss-boun...@wald.intevation.org] Namens Thijs Stuurman Verzonden: maandag 16 oktober 2017 17:03 Aan: David Rericha <d.reri...@healthcareoss.com>; openvas-discuss@wald.intevation.org Onderwerp: Re: [Openvas-discuss] Start Task: 503 - Service temporarily down David, Did you run "openvas-mkcert" during your OpenVAS installation to setup and configure the certificates for the TLS communication between the services? Thijs Stuurman Security Operations Center | KPN Internedservices B.V. thijs.stuur...@internedservices.nl | thijs.stuur...@kpn.com T: +31(0)299476185 | M: +31(0)624366778 PGP Key-ID: 0x16ADC048 (https://pgp.surfnet.nl/) Fingerprint: 2EDB 9B42 D6E8 7D4B 6E02 8BE5 6D46 8007 16AD C048 W: https://www.internedservices.nl | L: http://nl.linkedin.com/in/thijsstuurman -Oorspronkelijk bericht- Van: Openvas-discuss [mailto:openvas-discuss-boun...@wald.intevation.org] Namens David Rericha Verzonden: maandag 16 oktober 2017 16:53 Aan: openvas-discuss@wald.intevation.org Onderwerp: [Openvas-discuss] Start Task: 503 - Service temporarily down Hello. I am running greenbone version 9. I logged in at https://localhost:9392, created a new task and tried to run it and got the following: Operation: Start Task Status code: 503 Status message: Service temporarily down openvasmd.log reads: lib serv:WARNING:2017-10-16 14h37.22 UTC:714: Failed to shake hands with peer: The TLS connection was non-properly terminated. lib serv:WARNING:2017-10-16 14h37.22 UTC:714: Failed to shutdown server socket event task:MESSAGE:2017-10-16 14h37.22 UTC:714: Task Penetration Task (6d5e4c84-1ff1-4115-b2aa-7cf3f7bf6d75) could not be started by admin Any help would be appreciated. Thanks, -- David J. Rericha Project Manager Open Software Solutions, LLC ___ Openvas-discuss mailing list Openvas-discuss@wald.intevation.org https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss ___ Openvas-discuss mailing list Openvas-discuss@wald.intevation.org https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss ___ Openvas-discuss mailing list Openvas-discuss@wald.intevation.org https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss
Re: [Openvas-discuss] Internal scanning
Whatever works best for you. Thijs Stuurman Security Operations Center | KPN Internedservices B.V. thijs.stuur...@internedservices.nl<mailto:thijs.stuur...@internedservices.nl> | thijs.stuur...@kpn.com<mailto:thijs.stuur...@kpn.com> T: +31(0)299476185 | M: +31(0)624366778 PGP Key-ID: 0x16ADC048 (https://pgp.surfnet.nl/) Fingerprint: 2EDB 9B42 D6E8 7D4B 6E02 8BE5 6D46 8007 16AD C048 W: https://www.internedservices.nl<https://www.internedservices.nl/> | L: http://nl.linkedin.com/in/thijsstuurman Van: Rohitbhardwaj39 . [mailto:rohitbhardwa...@googlemail.com] Verzonden: maandag 16 oktober 2017 15:52 Aan: Thijs Stuurman <thijs.stuur...@internedservices.nl> CC: openvas-discuss@wald.intevation.org; alan.broadh...@moorestephens.com Onderwerp: Re: [Openvas-discuss] Internal scanning is this the easiest way or can I plug raspberry pi into client work and then ssh into it from box i the office. want to know the easiest method. On 16 October 2017 at 13:21, Thijs Stuurman <thijs.stuur...@internedservices.nl<mailto:thijs.stuur...@internedservices.nl>> wrote: See https://blog.haardiek.org/setup-openvas-as-master-and-slave.html Thijs Stuurman Security Operations Center | KPN Internedservices B.V. thijs.stuur...@internedservices.nl<mailto:thijs.stuur...@internedservices.nl> | thijs.stuur...@kpn.com<mailto:thijs.stuur...@kpn.com> T: +31(0)299476185<tel:+31%20299%20476%20185> | M: +31(0)624366778<tel:+31%206%2024366778> PGP Key-ID: 0x16ADC048 (https://pgp.surfnet.nl/) Fingerprint: 2EDB 9B42 D6E8 7D4B 6E02 8BE5 6D46 8007 16AD C048 W: https://www.internedservices.nl<https://www.internedservices.nl/> | L: http://nl.linkedin.com/in/thijsstuurman Van: Rohitbhardwaj39 . [mailto:rohitbhardwa...@googlemail.com<mailto:rohitbhardwa...@googlemail.com>] Verzonden: maandag 16 oktober 2017 14:19 Aan: Thijs Stuurman <thijs.stuur...@internedservices.nl<mailto:thijs.stuur...@internedservices.nl>> CC: openvas-discuss@wald.intevation.org<mailto:openvas-discuss@wald.intevation.org>; alan.broadh...@moorestephens.com<mailto:alan.broadh...@moorestephens.com> Onderwerp: Re: [Openvas-discuss] Internal scanning How do i setup the slave scanner. i already have box with ubuntu installed that i did via digital ocean and setup openvas via docker. On 16 October 2017 at 13:10, Thijs Stuurman <thijs.stuur...@internedservices.nl<mailto:thijs.stuur...@internedservices.nl>> wrote: You can place a slave scanner inside their network and open a route to its IP and port 9390 to communicate with it (OMP Slave). Either through their firewall or setup a VPN. Not all kind of ports, just one port. The Master will always communicate with the slave and push jobs and pull results. If you want to use your own hardware I found that scanning over a SSH layer 2 VPN works great. You just need a linux machine inside their network and be able to SSH. (you can initiate it from either side and just add additional routes as needed; I actually did this using a Raspberry Pi, it hardly needs resources because it only tunnels traffic) https://help.ubuntu.com/community/SSH_VPN Thijs Stuurman Security Operations Center | KPN Internedservices B.V. thijs.stuur...@internedservices.nl<mailto:thijs.stuur...@internedservices.nl> | thijs.stuur...@kpn.com<mailto:thijs.stuur...@kpn.com> T: +31(0)299476185<tel:%2B31%280%29299476185> | M: +31(0)624366778<tel:%2B31%280%29624366778> PGP Key-ID: 0x16ADC048 (https://pgp.surfnet.nl/) Fingerprint: 2EDB 9B42 D6E8 7D4B 6E02 8BE5 6D46 8007 16AD C048 W: https://www.internedservices.nl | L: http://nl.linkedin.com/in/thijsstuurman -Oorspronkelijk bericht- Van: Openvas-discuss [mailto:openvas-discuss-boun...@wald.intevation.org<mailto:openvas-discuss-boun...@wald.intevation.org>] Namens Rohit Verzonden: maandag 16 oktober 2017 13:44 Aan: openvas-discuss@wald.intevation.org<mailto:openvas-discuss@wald.intevation.org> Onderwerp: [Openvas-discuss] Internal scanning Hi I unsure best way to do internal scan for client using openvas. I understand there no feature whereby I download agent onto a laptop take to client and scan there network. If so what best method to scan remote internal server of a client internal facing. I guessing my client firewall would need to let me through on all kinds of ports. Any help appreciated . Regards Rohit Sent from my iPad ___ Openvas-discuss mailing list Openvas-discuss@wald.intevation.org<mailto:Openvas-discuss@wald.intevation.org> https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss ___ Openvas-discuss mailing list Openvas-discuss@wald.intevation.org https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss
Re: [Openvas-discuss] Internal scanning
See https://blog.haardiek.org/setup-openvas-as-master-and-slave.html Thijs Stuurman Security Operations Center | KPN Internedservices B.V. thijs.stuur...@internedservices.nl<mailto:thijs.stuur...@internedservices.nl> | thijs.stuur...@kpn.com<mailto:thijs.stuur...@kpn.com> T: +31(0)299476185 | M: +31(0)624366778 PGP Key-ID: 0x16ADC048 (https://pgp.surfnet.nl/) Fingerprint: 2EDB 9B42 D6E8 7D4B 6E02 8BE5 6D46 8007 16AD C048 W: https://www.internedservices.nl<https://www.internedservices.nl/> | L: http://nl.linkedin.com/in/thijsstuurman Van: Rohitbhardwaj39 . [mailto:rohitbhardwa...@googlemail.com] Verzonden: maandag 16 oktober 2017 14:19 Aan: Thijs Stuurman <thijs.stuur...@internedservices.nl> CC: openvas-discuss@wald.intevation.org; alan.broadh...@moorestephens.com Onderwerp: Re: [Openvas-discuss] Internal scanning How do i setup the slave scanner. i already have box with ubuntu installed that i did via digital ocean and setup openvas via docker. On 16 October 2017 at 13:10, Thijs Stuurman <thijs.stuur...@internedservices.nl<mailto:thijs.stuur...@internedservices.nl>> wrote: You can place a slave scanner inside their network and open a route to its IP and port 9390 to communicate with it (OMP Slave). Either through their firewall or setup a VPN. Not all kind of ports, just one port. The Master will always communicate with the slave and push jobs and pull results. If you want to use your own hardware I found that scanning over a SSH layer 2 VPN works great. You just need a linux machine inside their network and be able to SSH. (you can initiate it from either side and just add additional routes as needed; I actually did this using a Raspberry Pi, it hardly needs resources because it only tunnels traffic) https://help.ubuntu.com/community/SSH_VPN Thijs Stuurman Security Operations Center | KPN Internedservices B.V. thijs.stuur...@internedservices.nl<mailto:thijs.stuur...@internedservices.nl> | thijs.stuur...@kpn.com<mailto:thijs.stuur...@kpn.com> T: +31(0)299476185<tel:%2B31%280%29299476185> | M: +31(0)624366778<tel:%2B31%280%29624366778> PGP Key-ID: 0x16ADC048 (https://pgp.surfnet.nl/) Fingerprint: 2EDB 9B42 D6E8 7D4B 6E02 8BE5 6D46 8007 16AD C048 W: https://www.internedservices.nl | L: http://nl.linkedin.com/in/thijsstuurman -Oorspronkelijk bericht- Van: Openvas-discuss [mailto:openvas-discuss-boun...@wald.intevation.org<mailto:openvas-discuss-boun...@wald.intevation.org>] Namens Rohit Verzonden: maandag 16 oktober 2017 13:44 Aan: openvas-discuss@wald.intevation.org<mailto:openvas-discuss@wald.intevation.org> Onderwerp: [Openvas-discuss] Internal scanning Hi I unsure best way to do internal scan for client using openvas. I understand there no feature whereby I download agent onto a laptop take to client and scan there network. If so what best method to scan remote internal server of a client internal facing. I guessing my client firewall would need to let me through on all kinds of ports. Any help appreciated . Regards Rohit Sent from my iPad ___ Openvas-discuss mailing list Openvas-discuss@wald.intevation.org<mailto:Openvas-discuss@wald.intevation.org> https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss ___ Openvas-discuss mailing list Openvas-discuss@wald.intevation.org https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss
Re: [Openvas-discuss] Internal scanning
You can place a slave scanner inside their network and open a route to its IP and port 9390 to communicate with it (OMP Slave). Either through their firewall or setup a VPN. Not all kind of ports, just one port. The Master will always communicate with the slave and push jobs and pull results. If you want to use your own hardware I found that scanning over a SSH layer 2 VPN works great. You just need a linux machine inside their network and be able to SSH. (you can initiate it from either side and just add additional routes as needed; I actually did this using a Raspberry Pi, it hardly needs resources because it only tunnels traffic) https://help.ubuntu.com/community/SSH_VPN Thijs Stuurman Security Operations Center | KPN Internedservices B.V. thijs.stuur...@internedservices.nl | thijs.stuur...@kpn.com T: +31(0)299476185 | M: +31(0)624366778 PGP Key-ID: 0x16ADC048 (https://pgp.surfnet.nl/) Fingerprint: 2EDB 9B42 D6E8 7D4B 6E02 8BE5 6D46 8007 16AD C048 W: https://www.internedservices.nl | L: http://nl.linkedin.com/in/thijsstuurman -Oorspronkelijk bericht- Van: Openvas-discuss [mailto:openvas-discuss-boun...@wald.intevation.org] Namens Rohit Verzonden: maandag 16 oktober 2017 13:44 Aan: openvas-discuss@wald.intevation.org Onderwerp: [Openvas-discuss] Internal scanning Hi I unsure best way to do internal scan for client using openvas. I understand there no feature whereby I download agent onto a laptop take to client and scan there network. If so what best method to scan remote internal server of a client internal facing. I guessing my client firewall would need to let me through on all kinds of ports. Any help appreciated . Regards Rohit Sent from my iPad ___ Openvas-discuss mailing list Openvas-discuss@wald.intevation.org https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss ___ Openvas-discuss mailing list Openvas-discuss@wald.intevation.org https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss
Re: [Openvas-discuss] OpenVas with 3rd Party SSL Certs (not self signed)
Brian, OpenVAS uses X.509 (SSL or rather TLS) certificates for internal communication connections. I still use the automated setup which creates self signed certificates and it’s just as good as anything else really. Replacing those will be a bit tricky and so I haven’t bothered. You do mention however messing with Apache and a hostname mismatch error. So I think you only want to really replace the certificate used to open the Greenbone Security Assistant? You do not need Apache, just run gsad with the correct parameters such as: gsad -p 443 --listen=0.0.0.0 --mlisten=127.0.0.1 --mport=9390 --ssl-private-key=/etc/ssl/hostname_privatekey.key --ssl-certificate=/etc/ssl/hostname_cert.crt --http-sts --gnutls-priorities="NORMAL:-VERS-TLS-ALL:+VERS-TLS1.2:-CIPHER-ALL:+AES-256-CBC" This will make it listen on IP 0.0.0.0 (all IP addresses) using port 443. It will connect to OpenVAS on IP 127.0.0.1 (localhost) port 9390 (default openvasmd port). The other parameters are self-explanatory I think. Thijs Stuurman Security Operations Center | KPN Internedservices B.V. thijs.stuur...@internedservices.nl<mailto:thijs.stuur...@internedservices.nl> | thijs.stuur...@kpn.com<mailto:thijs.stuur...@kpn.com> T: +31(0)299476185 | M: +31(0)624366778 PGP Key-ID: 0x16ADC048 (https://pgp.surfnet.nl/) Fingerprint: 2EDB 9B42 D6E8 7D4B 6E02 8BE5 6D46 8007 16AD C048 W: https://www.internedservices.nl<https://www.internedservices.nl/> | L: http://nl.linkedin.com/in/thijsstuurman Van: Openvas-discuss [mailto:openvas-discuss-boun...@wald.intevation.org] Namens BT Verzonden: dinsdag 10 oktober 2017 06:03 Aan: openvas-discuss@wald.intevation.org Onderwerp: [Openvas-discuss] OpenVas with 3rd Party SSL Certs (not self signed) Does anyone have any links or documentation that would assist me with adding a 3rd party SSL cert to OpenVas? I have spent a lot of time in Apache2 only to realize that it is not being used for SSL handshakes rather OpenVas is..Getting the SSL host name mismatch error and want to install a 3rd party SSL cert. I made all of the configuration changes in apache for SSL support and wondered why my changes were not working. I also searched to find any documentation that would outline the importing of custom or 3rd party SSL certs without any luck. That lead me to seek assistance from the mailing list. Certification authority: Certificate = /var/lib/openvas/CA/cacert.pem Private key = /var/lib/openvas/private/CA/cakey.pem . OpenVAS Server : Certificate = /var/lib/openvas/CA/servercert.pem Private key = /var/lib/openvas/private/CA/serverkey.pem OpenVAS Client: Certificate = /var/lib/openvas/CA/clientcert.pem Private key = /var/lib/openvas/private/CA/clientkey.pem myserver.key --> Private Key (generated by OpenSSL) mydomain.com.crt --> Public Key Certificate (godaddy SSL cert) gd_bundle.crt --> Certificate Chain Running Ubuntu 16.04.2 and OpenVAS Manager 7.0.1 with GSA I look forward to any assistance or guidance you can offer. Thanks! Brian ___ Openvas-discuss mailing list Openvas-discuss@wald.intevation.org https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss
Re: [Openvas-discuss] Noob question
Alan Jackson, Yes there is. Edit a task and you'll see an Alerts option. Under Configuration you can create the Alert which can do exactly what you are looking for. Thijs Stuurman Security Operations Center | KPN Internedservices B.V. thijs.stuur...@internedservices.nl<mailto:thijs.stuur...@internedservices.nl> | thijs.stuur...@kpn.com<mailto:thijs.stuur...@kpn.com> T: +31(0)299476185 | M: +31(0)624366778 PGP Key-ID: 0x16ADC048 (https://pgp.surfnet.nl/) Fingerprint: 2EDB 9B42 D6E8 7D4B 6E02 8BE5 6D46 8007 16AD C048 W: https://www.internedservices.nl<https://www.internedservices.nl/> | L: http://nl.linkedin.com/in/thijsstuurman Van: Openvas-discuss [mailto:openvas-discuss-boun...@wald.intevation.org] Namens AP - Alan Jackson Verzonden: maandag 9 oktober 2017 23:50 Aan: 'openvas-discuss@wald.intevation.org' <openvas-discuss@wald.intevation.org> Onderwerp: [Openvas-discuss] Noob question I am very new to OpenVAS, but think it is great thus far. I have configured regular network scans, and am able to look at the results through the GSM. However, I would like to automate the report creation. I want the system to automatically generate a PDF (and IDEALLY send it via SFTP, or SMTP to an external system). I realize that the transmission of the report may require external applications and some scripting. Is there a way to automatically generate a certain report every time a scheduled scan is run? Thank you. Alan Jackson, CISSP, CIPM Director of Cyber Security Services Ashland Partners & Company LLP 541.842.8458 Direct 541.857.8800 Main a...@ashlandpartners.com<mailto:a...@ashlandpartners.com> www.ashlandpartners.com<http://www.ashlandpartners.com> This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. This footnote also confirms that this email message has been swept for the presence of computer viruses. ___ Openvas-discuss mailing list Openvas-discuss@wald.intevation.org https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss
Re: [Openvas-discuss] Internet Access - NVT Updates
Hostname: feed.openvas.org Protocols: http (wget, TCP port 80) & rsync (TCP port 873) Thijs Stuurman Security Operations Center | KPN Internedservices B.V. thijs.stuur...@internedservices.nl<mailto:thijs.stuur...@internedservices.nl> | thijs.stuur...@kpn.com<mailto:thijs.stuur...@kpn.com> T: +31(0)299476185 | M: +31(0)624366778 PGP Key-ID: 0x16ADC048 (https://pgp.surfnet.nl/) Fingerprint: 2EDB 9B42 D6E8 7D4B 6E02 8BE5 6D46 8007 16AD C048 W: https://www.internedservices.nl<https://www.internedservices.nl/> | L: http://nl.linkedin.com/in/thijsstuurman Van: Openvas-discuss [mailto:openvas-discuss-boun...@wald.intevation.org] Namens Shaun Glass - Business Connexion Verzonden: maandag 11 september 2017 15:22 Aan: openvas-discuss@wald.intevation.org Onderwerp: [Openvas-discuss] Internet Access - NVT Updates Good Day, I am busy with the OpenVAS installation and am at the point where internet access is required for feeds. I need to apply for internet access for the server but require a list of the servers or domains that the server needs to connect to for updating the feeds. We cannot get open access to the internet. Can anyone help with this information ? Regards -- Shaun Glass Senior Systems Engineer 2 Strand Street, Bellville, 7532 T: +27 (0) 21 947 9535 C: +27 (0) 76 474 2068 Standby: +27 (0) 82 563 1636 Meet your future today. [cid:image001.jpg@01D32B1C.5616A680] [cid:image002.jpg@01D32B1C.5616A680] [cid:image003.jpg@01D32B1C.5616A680] [cid:image004.jpg@01D32B1C.5616A680] [cid:image005.jpg@01D32B1C.5616A680] Linux: the choice of a GNU generation This e-mail and its contents are subject to the Business Connexion (Pty) Ltd. E-mail legal notice. https://www.bcx.co.za/disclaimers<https://za-api.mimecast.com/s/click/F2A44qlyvx7D1oreXULOBWLg_6chtnsYhWCpRdgJNudeR0LY4mX5MV7EIOC4ZAoF9ri9JABjpFUoTcVhlAa0DjTUTuSBcF5HuEJmSelaFeTiQcrDJFmKaLHlFf4Aj7UTOfNfypPUBvdnOPk9zx-qwQtDjkCyK9zNcdU8dqmNguk> bcxdisc ___ Openvas-discuss mailing list Openvas-discuss@wald.intevation.org https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss
Re: [Openvas-discuss] Modifying task targets with omp [PUBLIC]
I checked GVM Tools which contains functions such as: def create_target(self, name, make_unique, **kwargs) def delete_target(self, target_id, ultimate=0) def modify_target(self, target_id, **kwargs) def modify_task(self): but found: “”” def modify_task(self): # TODO: Multiple values are required to modify a task. Is this correct? raise NotImplementedError “”” So.. I guess not yet. The “old” command line OMP has the option: -M, --modify-taskModify a task. But I never used it, not sure how it works. Thijs Stuurman Security Operations Center | KPN Internedservices thijs.stuur...@internedservices.nl<mailto:thijs.stuur...@internedservices.nl> | thijs.stuur...@kpn.com<mailto:thijs.stuur...@kpn.com> T: +31(0)299476185 | M: +31(0)624366778 PGP Key-ID: 0x16ADC048 (https://pgp.surfnet.nl/) Fingerprint: 2EDB 9B42 D6E8 7D4B 6E02 8BE5 6D46 8007 16AD C048 W: https://www.internedservices.nl<https://www.internedservices.nl/> | L: http://nl.linkedin.com/in/thijsstuurman Van: Openvas-discuss [mailto:openvas-discuss-boun...@wald.intevation.org] Namens CAMPBELL Jeremy Verzonden: donderdag 31 augustus 2017 16:13 Aan: openvas-discuss@wald.intevation.org Onderwerp: [Openvas-discuss] Modifying task targets with omp [PUBLIC] Hi all, I have some systems in a dynamic cloud environment, and I’m trying to automate the maintenance of targets in OpenVAS. In the past, I’ve used alterable tasks, periodically created an updated target group, and modified the task’s configuration to use that group. I can programmatically create targets, but I don’t see a way to change the target group used by an alterable task. Is it possible to change targets on a alterable task from the command line? I’m open to doing something outside of omp if necessary. Thanks, JeremyThis message was classified PUBLIC by CAMPBELL Jeremy on Thursday, August 31, 2017 at 10:12:47 AM. This message, including attachments, is intended for the above-mentioned addressees only. It may contain confidential information the review, dissemination or disclosure of which is strictly prohibited. Should you receive this message in error, please delete it and notify the sender to the e-mail address indicated above. --- Begin Message --- Dear OpenVAS / Greenbone Users, we are happy to announce the availability of GVM-Tools. This is a collection of tools for remote controlling a OpenVAS / Greenbone setup and is intended to replace the "openvas-cli" module with its "omp" and "check_omp" command line tools. The new approach is comprised of interactive and non-interactive clients as well as supporting libraries. The programming language Python is supported directly for interactive scripting and library use. But it is also possible to issue remote GMP/OMP/OSP commands without programming in Python. The tools are compatible with the connection methods TLS, file socket and with the SSH GMP connection of Greenbone OS version 4. In other words, it can be used for any supported Greenbone OS version and for any supported OpenVAS version. The source code downloads are available from the usual place: http://www.openvas.org/install-source.html We have prepared standalone binaris for Windows, including the Python environment making it unnecessary to install anything else. The latest versions are available as (*) http://download.greenbone.net/tools/gvm-cli.exe http://download.greenbone.net/tools/gvm-pyshell.exe GVM-Tools is Open Source under the GNU General Public License. The source code is currently managed at bitbucket where you can also find some examples how to use the tools in practice: https://bitbucket.org/greenbone/gvm-tools (*) Checksums of version 1.2.0: SHA256 (gvm-cli.exe) = ca19227ba49a732f69717a395db14f08c3b2cc4c73fd00a4d81ab71c4ba4d04d SHA256 (gvm-pyshell.exe) = 1d487c9a4d449ea1e4a15ff2a9e2af4020b7f378101d5960b1709fbd50d459de Best regards -- Dr. Jan-Oliver Wagner | +49-541-760278-0 | http://www.greenbone.net/ Greenbone Networks GmbH, Neumarkt 12, 49074 Osnabrück | AG Osnabrück, HR B 202460 Geschäftsführer: Lukas Grunwald, Dr. Jan-Oliver Wagner ___ Openvas-announce mailing list openvas-annou...@wald.intevation.org https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-announce --- End Message --- ___ Openvas-discuss mailing list Openvas-discuss@wald.intevation.org https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss
[Openvas-discuss] gsad performance
OpenVAS users, I have been messing with PostgreSQL tuning (http://pgtune.leopard.in.ua/) because some of my colleagues are complaining that its slow. Of course they are a bit impatient and it's all workable for the one time a month they look at things... but still, I wonder if I can improve something. My question to all of you, what are your load times? Mine: * Tasks overview (no widgets), 244 in total showing 10 on the page takes about 4 seconds. Showing reports loading times varies strongly of course based on the amount of reports and results. As an administrator, a particular report takes 3 seconds to load but takes double that for a 'normal' user. Both users see the exact same data. The only difference is that the administrator may freely see all and any data in the system while the regular user Is limited in the amount of tasks he may see. While they both may see this particular task and report the loading time is much higher for the regular user. Everything is clearly a lot faster in response for me as administrator, that is a bit frustrating to me and for my colleagues. * Is this normal? * Is this just me? (running on a vmware machine with an Intel(R) Xeon(R) CPU E5-2660 0 @ 2.20GHz; VM has 4 cores with 4gb ram, Ubuntu 16.04 LTS and postgresql 9.5 database size of 600mb; only see 100% cpu core usage per SELECT thread without IO waits or anything else blocking/halting/being in the way) Thijs Stuurman Security Operations Center | KPN Internedservices thijs.stuur...@internedservices.nl<mailto:thijs.stuur...@internedservices.nl> | thijs.stuur...@kpn.com<mailto:thijs.stuur...@kpn.com> T: +31(0)299476185 | M: +31(0)624366778 PGP Key-ID: 0x16ADC048 (https://pgp.surfnet.nl/) Fingerprint: 2EDB 9B42 D6E8 7D4B 6E02 8BE5 6D46 8007 16AD C048 W: https://www.internedservices.nl<https://www.internedservices.nl/> | L: http://nl.linkedin.com/in/thijsstuurman ___ Openvas-discuss mailing list Openvas-discuss@wald.intevation.org https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss
Re: [Openvas-discuss] openvasmd not listening on 9390 by default for OMP?
No, you are not crazy. I don't know what you use the OMP command for but I suggest you also take a look at the new GVM Tools as being a better tool. Thijs Stuurman Security Operations Center | KPN Internedservices thijs.stuur...@internedservices.nl<mailto:thijs.stuur...@internedservices.nl> | thijs.stuur...@kpn.com<mailto:thijs.stuur...@kpn.com> T: +31(0)299476185 | M: +31(0)624366778 PGP Key-ID: 0x16ADC048 (https://pgp.surfnet.nl/) Fingerprint: 2EDB 9B42 D6E8 7D4B 6E02 8BE5 6D46 8007 16AD C048 W: https://www.internedservices.nl<https://www.internedservices.nl/> | L: http://nl.linkedin.com/in/thijsstuurman Van: Trent Townsend [mailto:trent_towns...@nextstepinnovation.com] Verzonden: woensdag 30 augustus 2017 14:57 Aan: Thijs Stuurman <thijs.stuur...@internedservices.nl>; openvas-discuss@wald.intevation.org Onderwerp: RE: [Openvas-discuss] openvasmd not listening on 9390 by default for OMP? Yes, in version 9 gsad listens on 80 and 9392 (80 simply serves as redirection.) At least, that is the default way my installed using Atomic on Cent7. Thanks for your reply - I just wanted to make sure that I wasn't crazy in having a script to start openvasmd on localhost:9390 just for OMP to work. From: Thijs Stuurman [mailto:thijs.stuur...@internedservices.nl] Sent: Wednesday, August 30, 2017 3:17 AM To: Trent Townsend <trent_towns...@nextstepinnovation.com<mailto:trent_towns...@nextstepinnovation.com>>; openvas-discuss@wald.intevation.org<mailto:openvas-discuss@wald.intevation.org> Subject: RE: [Openvas-discuss] openvasmd not listening on 9390 by default for OMP? Gsad listens on port 9392? That does not ring a bell for me. Yes, something was changed from version 8 to 9 with how the services connect and listen to by default. Personally I run a startup script with the following: openvasmd -p 9390 -a 127.0.0.1 gsad -p 443 --listen=0.0.0.0 --mlisten=127.0.0.1 --mport=9390 --ssl-private-key=priv.key --ssl-certificate=pub.crt --http-sts --gnutls-priorities="NORMAL:-VERS-TLS-ALL:+VERS-TLS1.2:-CIPHER-ALL:+AES-256-CBC" If you want to use omp though IP you have to indeed tell openvasmd to listen. *openvasmd is to be renamed to gvmd in the future; you'll have to adjust your startup script then. Thijs Stuurman Security Operations Center | KPN Internedservices thijs.stuur...@internedservices.nl<mailto:thijs.stuur...@internedservices.nl> | thijs.stuur...@kpn.com<mailto:thijs.stuur...@kpn.com> T: +31(0)299476185 | M: +31(0)624366778 PGP Key-ID: 0x16ADC048 (https://pgp.surfnet.nl/) Fingerprint: 2EDB 9B42 D6E8 7D4B 6E02 8BE5 6D46 8007 16AD C048 W: https://www.internedservices.nl<https://www.internedservices.nl/> | L: http://nl.linkedin.com/in/thijsstuurman Van: Openvas-discuss [mailto:openvas-discuss-boun...@wald.intevation.org] Namens Trent Townsend Verzonden: dinsdag 29 augustus 2017 20:07 Aan: openvas-discuss@wald.intevation.org<mailto:openvas-discuss@wald.intevation.org> Onderwerp: [Openvas-discuss] openvasmd not listening on 9390 by default for OMP? Good afternoon, One thing I've noticed about my new OpenVAS 9 install on Cent7 is that gsad only listens on 9392 and 80. Openvasmd isn't listening on 9390 like it did in my OpenVAS Cent6 installation (I think it was version 7 but I'm not sure). To run omp commands, I'm forced to manually kick off openvasmd -listen=127.0.0.1. I don't mind doing that but I'm wondering if anyone has seen this and if that is expected behavior. Thanks in advance. Trent This email is confidential and intended solely for the use of the individual to whom it is addressed. Any views or opinions presented are solely those of the author, and do not necessarily represent those of Next Step Innovation. If you are not the intended recipient, be advised that you have received this email in error, and that any use, dissemination, forwarding, printing or copying of this email is strictly prohibited. If you have received this email in error, please contact the sender. This email is confidential and intended solely for the use of the individual to whom it is addressed. Any views or opinions presented are solely those of the author, and do not necessarily represent those of Next Step Innovation. If you are not the intended recipient, be advised that you have received this email in error, and that any use, dissemination, forwarding, printing or copying of this email is strictly prohibited. If you have received this email in error, please contact the sender. ___ Openvas-discuss mailing list Openvas-discuss@wald.intevation.org https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss
Re: [Openvas-discuss] openvasmd not listening on 9390 by default for OMP?
Gsad listens on port 9392? That does not ring a bell for me. Yes, something was changed from version 8 to 9 with how the services connect and listen to by default. Personally I run a startup script with the following: openvasmd -p 9390 -a 127.0.0.1 gsad -p 443 --listen=0.0.0.0 --mlisten=127.0.0.1 --mport=9390 --ssl-private-key=priv.key --ssl-certificate=pub.crt --http-sts --gnutls-priorities="NORMAL:-VERS-TLS-ALL:+VERS-TLS1.2:-CIPHER-ALL:+AES-256-CBC" If you want to use omp though IP you have to indeed tell openvasmd to listen. *openvasmd is to be renamed to gvmd in the future; you'll have to adjust your startup script then. Thijs Stuurman Security Operations Center | KPN Internedservices thijs.stuur...@internedservices.nl<mailto:thijs.stuur...@internedservices.nl> | thijs.stuur...@kpn.com<mailto:thijs.stuur...@kpn.com> T: +31(0)299476185 | M: +31(0)624366778 PGP Key-ID: 0x16ADC048 (https://pgp.surfnet.nl/) Fingerprint: 2EDB 9B42 D6E8 7D4B 6E02 8BE5 6D46 8007 16AD C048 W: https://www.internedservices.nl<https://www.internedservices.nl/> | L: http://nl.linkedin.com/in/thijsstuurman Van: Openvas-discuss [mailto:openvas-discuss-boun...@wald.intevation.org] Namens Trent Townsend Verzonden: dinsdag 29 augustus 2017 20:07 Aan: openvas-discuss@wald.intevation.org Onderwerp: [Openvas-discuss] openvasmd not listening on 9390 by default for OMP? Good afternoon, One thing I've noticed about my new OpenVAS 9 install on Cent7 is that gsad only listens on 9392 and 80. Openvasmd isn't listening on 9390 like it did in my OpenVAS Cent6 installation (I think it was version 7 but I'm not sure). To run omp commands, I'm forced to manually kick off openvasmd -listen=127.0.0.1. I don't mind doing that but I'm wondering if anyone has seen this and if that is expected behavior. Thanks in advance. Trent This email is confidential and intended solely for the use of the individual to whom it is addressed. Any views or opinions presented are solely those of the author, and do not necessarily represent those of Next Step Innovation. If you are not the intended recipient, be advised that you have received this email in error, and that any use, dissemination, forwarding, printing or copying of this email is strictly prohibited. If you have received this email in error, please contact the sender. ___ Openvas-discuss mailing list Openvas-discuss@wald.intevation.org https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss
Re: [Openvas-discuss] DSS PCI NVT family missing
Looking at the default Nessus profiles, it seems to scan only common ports for the PCI scan. Still I would include all the ports because when a third party scans the environment (annual pentest) they probably will as well; you want to avoid new findings and be in control. My external quarterly ASV scan vendor also scans all IP’s on all ports, even when the machine is down. One thing Nessus does do/know is what the PCI rules are, which sometimes helps with findings. (it says why it is not PCI compliant) Even though the rules aren’t that strict for the internal scans, as 11.2.3.b says: For external scans, no vulnerabilities exist that are scored 4.0 or higher by the CVSS. For internal scans, all “high risk” vulnerabilities as defined in PCI DSS Requirement 6.1 are resolved. So no matter the CVSS score, with a good risk methodology you can get a case internally with a high CVSS score but a low risk which may be acceptable. No matter if you use OpenVAS, Nessus or something else you still need to decide your threshold for which findings make it to your report and then determine the risk. (I always make my own report for the customers and include the default reports with raw data as well) Thijs Stuurman Security Operations Center | KPN Internedservices thijs.stuur...@internedservices.nl<mailto:thijs.stuur...@internedservices.nl> | thijs.stuur...@kpn.com<mailto:thijs.stuur...@kpn.com> T: +31(0)299476185 | M: +31(0)624366778 PGP Key-ID: 0x16ADC048 (https://pgp.surfnet.nl/) Fingerprint: 2EDB 9B42 D6E8 7D4B 6E02 8BE5 6D46 8007 16AD C048 W: https://www.internedservices.nl<https://www.internedservices.nl/> | L: http://nl.linkedin.com/in/thijsstuurman Van: Ahmad Al-Talafha [mailto:ahmad.al-tala...@sts.com.jo] Verzonden: donderdag 24 augustus 2017 11:15 Aan: Thijs Stuurman <thijs.stuur...@internedservices.nl>; Eero Volotinen <eero.voloti...@iki.fi> CC: openvas-discuss@wald.intevation.org Onderwerp: RE: [Openvas-discuss] DSS PCI NVT family missing Thanks Thijs, I am conducting an internal scan, and testing openvas. I was confused because we have Nessus and there is a policy related to PCI DSS and thought I could find the same in openVAS Best Regards, Ahmad Al Talafha From: Thijs Stuurman [mailto:thijs.stuur...@internedservices.nl] Sent: Thursday, August 24, 2017 12:11 PM To: Ahmad Al-Talafha <ahmad.al-tala...@sts.com.jo<mailto:ahmad.al-tala...@sts.com.jo>>; Eero Volotinen <eero.voloti...@iki.fi<mailto:eero.voloti...@iki.fi>> Cc: openvas-discuss@wald.intevation.org<mailto:openvas-discuss@wald.intevation.org> Subject: RE: [Openvas-discuss] DSS PCI NVT family missing I suppose the default scan config “Full and fast” would suffice. Personally I do not use OpenVAS for PCI environments and opted for a Nessus VM which has a PCI internal vulnerability scan option. The only reason for that is because the PCI auditors (and our customers) know and trust Nessus and it clearly shows it is a PCI internal scan which was performed. It just makes the audits easier. If in any doubt, contact your PCI auditor to verify what he thinks is acceptable. Thijs Stuurman Security Operations Center | KPN Internedservices thijs.stuur...@internedservices.nl<mailto:thijs.stuur...@internedservices.nl> | thijs.stuur...@kpn.com<mailto:thijs.stuur...@kpn.com> T: +31(0)299476185 | M: +31(0)624366778 PGP Key-ID: 0x16ADC048 (https://pgp.surfnet.nl/) Fingerprint: 2EDB 9B42 D6E8 7D4B 6E02 8BE5 6D46 8007 16AD C048 W: https://www.internedservices.nl<https://www.internedservices.nl/> | L: http://nl.linkedin.com/in/thijsstuurman Van: Openvas-discuss [mailto:openvas-discuss-boun...@wald.intevation.org] Namens Ahmad Al-Talafha Verzonden: donderdag 24 augustus 2017 11:02 Aan: Eero Volotinen <eero.voloti...@iki.fi<mailto:eero.voloti...@iki.fi>> CC: openvas-discuss@wald.intevation.org<mailto:openvas-discuss@wald.intevation.org> Onderwerp: Re: [Openvas-discuss] DSS PCI NVT family missing Hi Eero, Please can you tell me in this case which NVT family to choose, and how I can check if all plugins are enabled Best Regards, Ahmad Al Talafha From: eero.t.voloti...@gmail.com<mailto:eero.t.voloti...@gmail.com> [mailto:eero.t.voloti...@gmail.com] On Behalf Of Eero Volotinen Sent: Thursday, August 24, 2017 10:32 AM To: Ahmad Al-Talafha <ahmad.al-tala...@sts.com.jo<mailto:ahmad.al-tala...@sts.com.jo>> Cc: openvas-discuss@wald.intevation.org<mailto:openvas-discuss@wald.intevation.org> Subject: Re: [Openvas-discuss] DSS PCI NVT family missing There is no such as PCI family in openvas. For internal PCI scanning you need to enable all plugins and scan all tcp ports. Eero 2017-08-24 10:07 GMT+03:00 Ahmad Al-Talafha <ahmad.al-tala...@sts.com.jo<mailto:ahmad.al-tala...@sts.com.jo>>: Dears, Hope this mail finds you well I am using openvas Version 7.0.2, and I am trying to run
Re: [Openvas-discuss] DSS PCI NVT family missing
I was checking my scan configs about those ports. You indeed want to include all the ports and also scan IP’s which do not reply to pings. (do not skip any IP for any reason, just scan everything). Thijs Stuurman Security Operations Center | KPN Internedservices thijs.stuur...@internedservices.nl<mailto:thijs.stuur...@internedservices.nl> | thijs.stuur...@kpn.com<mailto:thijs.stuur...@kpn.com> T: +31(0)299476185 | M: +31(0)624366778 PGP Key-ID: 0x16ADC048 (https://pgp.surfnet.nl/) Fingerprint: 2EDB 9B42 D6E8 7D4B 6E02 8BE5 6D46 8007 16AD C048 W: https://www.internedservices.nl<https://www.internedservices.nl/> | L: http://nl.linkedin.com/in/thijsstuurman Van: eero.t.voloti...@gmail.com [mailto:eero.t.voloti...@gmail.com] Namens Eero Volotinen Verzonden: donderdag 24 augustus 2017 11:15 Aan: Thijs Stuurman <thijs.stuur...@internedservices.nl> CC: Ahmad Al-Talafha <ahmad.al-tala...@sts.com.jo>; openvas-discuss@wald.intevation.org Onderwerp: Re: [Openvas-discuss] DSS PCI NVT family missing OpenVAS works fine for PCI internal scanning as long as parameters are correct and you really know how to use product. Full and fast does not include all tcp ports, if I remember correctly. -- Eero 2017-08-24 12:10 GMT+03:00 Thijs Stuurman <thijs.stuur...@internedservices.nl<mailto:thijs.stuur...@internedservices.nl>>: I suppose the default scan config “Full and fast” would suffice. Personally I do not use OpenVAS for PCI environments and opted for a Nessus VM which has a PCI internal vulnerability scan option. The only reason for that is because the PCI auditors (and our customers) know and trust Nessus and it clearly shows it is a PCI internal scan which was performed. It just makes the audits easier. If in any doubt, contact your PCI auditor to verify what he thinks is acceptable. Thijs Stuurman Security Operations Center | KPN Internedservices thijs.stuur...@internedservices.nl<mailto:thijs.stuur...@internedservices.nl> | thijs.stuur...@kpn.com<mailto:thijs.stuur...@kpn.com> T: +31(0)299476185<tel:+31%20299%20476%20185> | M: +31(0)624366778<tel:+31%206%2024366778> PGP Key-ID: 0x16ADC048 (https://pgp.surfnet.nl/) Fingerprint: 2EDB 9B42 D6E8 7D4B 6E02 8BE5 6D46 8007 16AD C048 W: https://www.internedservices.nl<https://www.internedservices.nl/> | L: http://nl.linkedin.com/in/thijsstuurman Van: Openvas-discuss [mailto:openvas-discuss-boun...@wald.intevation.org<mailto:openvas-discuss-boun...@wald.intevation.org>] Namens Ahmad Al-Talafha Verzonden: donderdag 24 augustus 2017 11:02 Aan: Eero Volotinen <eero.voloti...@iki.fi<mailto:eero.voloti...@iki.fi>> CC: openvas-discuss@wald.intevation.org<mailto:openvas-discuss@wald.intevation.org> Onderwerp: Re: [Openvas-discuss] DSS PCI NVT family missing Hi Eero, Please can you tell me in this case which NVT family to choose, and how I can check if all plugins are enabled Best Regards, Ahmad Al Talafha From: eero.t.voloti...@gmail.com<mailto:eero.t.voloti...@gmail.com> [mailto:eero.t.voloti...@gmail.com] On Behalf Of Eero Volotinen Sent: Thursday, August 24, 2017 10:32 AM To: Ahmad Al-Talafha <ahmad.al-tala...@sts.com.jo<mailto:ahmad.al-tala...@sts.com.jo>> Cc: openvas-discuss@wald.intevation.org<mailto:openvas-discuss@wald.intevation.org> Subject: Re: [Openvas-discuss] DSS PCI NVT family missing There is no such as PCI family in openvas. For internal PCI scanning you need to enable all plugins and scan all tcp ports. Eero 2017-08-24 10:07 GMT+03:00 Ahmad Al-Talafha <ahmad.al-tala...@sts.com.jo<mailto:ahmad.al-tala...@sts.com.jo>>: Dears, Hope this mail finds you well I am using openvas Version 7.0.2, and I am trying to run a PCI compliance scan but I cant find PCI family in the NVTs. My NVTs status shows “Too old (14 days) - Please check the automatic synchronization of your system” Please advise on this case, what I am missing Best Regards, Ahmad Al Talafha ___ Openvas-discuss mailing list Openvas-discuss@wald.intevation.org<mailto:Openvas-discuss@wald.intevation.org> https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss ___ Openvas-discuss mailing list Openvas-discuss@wald.intevation.org https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss
Re: [Openvas-discuss] DSS PCI NVT family missing
I suppose the default scan config “Full and fast” would suffice. Personally I do not use OpenVAS for PCI environments and opted for a Nessus VM which has a PCI internal vulnerability scan option. The only reason for that is because the PCI auditors (and our customers) know and trust Nessus and it clearly shows it is a PCI internal scan which was performed. It just makes the audits easier. If in any doubt, contact your PCI auditor to verify what he thinks is acceptable. Thijs Stuurman Security Operations Center | KPN Internedservices thijs.stuur...@internedservices.nl<mailto:thijs.stuur...@internedservices.nl> | thijs.stuur...@kpn.com<mailto:thijs.stuur...@kpn.com> T: +31(0)299476185 | M: +31(0)624366778 PGP Key-ID: 0x16ADC048 (https://pgp.surfnet.nl/) Fingerprint: 2EDB 9B42 D6E8 7D4B 6E02 8BE5 6D46 8007 16AD C048 W: https://www.internedservices.nl<https://www.internedservices.nl/> | L: http://nl.linkedin.com/in/thijsstuurman Van: Openvas-discuss [mailto:openvas-discuss-boun...@wald.intevation.org] Namens Ahmad Al-Talafha Verzonden: donderdag 24 augustus 2017 11:02 Aan: Eero Volotinen <eero.voloti...@iki.fi> CC: openvas-discuss@wald.intevation.org Onderwerp: Re: [Openvas-discuss] DSS PCI NVT family missing Hi Eero, Please can you tell me in this case which NVT family to choose, and how I can check if all plugins are enabled Best Regards, Ahmad Al Talafha From: eero.t.voloti...@gmail.com<mailto:eero.t.voloti...@gmail.com> [mailto:eero.t.voloti...@gmail.com] On Behalf Of Eero Volotinen Sent: Thursday, August 24, 2017 10:32 AM To: Ahmad Al-Talafha <ahmad.al-tala...@sts.com.jo<mailto:ahmad.al-tala...@sts.com.jo>> Cc: openvas-discuss@wald.intevation.org<mailto:openvas-discuss@wald.intevation.org> Subject: Re: [Openvas-discuss] DSS PCI NVT family missing There is no such as PCI family in openvas. For internal PCI scanning you need to enable all plugins and scan all tcp ports. Eero 2017-08-24 10:07 GMT+03:00 Ahmad Al-Talafha <ahmad.al-tala...@sts.com.jo<mailto:ahmad.al-tala...@sts.com.jo>>: Dears, Hope this mail finds you well I am using openvas Version 7.0.2, and I am trying to run a PCI compliance scan but I cant find PCI family in the NVTs. My NVTs status shows “Too old (14 days) - Please check the automatic synchronization of your system” Please advise on this case, what I am missing Best Regards, Ahmad Al Talafha ___ Openvas-discuss mailing list Openvas-discuss@wald.intevation.org<mailto:Openvas-discuss@wald.intevation.org> https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss ___ Openvas-discuss mailing list Openvas-discuss@wald.intevation.org https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss
Re: [Openvas-discuss] GVM-Tools scheduler script
Jan, The omp tool was useful but GVM Tools feels powerful. Getting the task information using omp took longer and it gave less information. My scheduler based on omp had to use multiple calls to omp while with GVM Tools I can get all the information with one call with an answer in XML. Basically I have barely touched GVM Tools, using just gvm-pyshell and calling gmp.get_tasks() and gmp.start_task(). The supplied example scripts are a good start but I don't think I see any overview of the API calls which can be made to gmp. Looking through gvm_connection.py helps of course. I know big organizations have trouble getting control of stuff like vulnerabilities. Scanning is 1 thing but getting and processing the information is a challenge. Sure gsad provides a very nice web interface but it gets slow and cumbersome. Also it's 'another' separate tool with usually another username/password which some people might not look at in a long time and forget (care less) how to use it. With GVM Tools I see possibilities to integrate an OpenVAS platform with existing (usually custom) tooling. Connect with message busses, integrate in to CMDB's to provide direct information where its wanted, automate processes such as onboarding and keep control. I can imagine our CMDB showing the latest scan results and having a 'Request scan' button which gets queued in bus and handled by a future version of my scheduler. Thijs Stuurman Security Operations Center | KPN Internedservices thijs.stuur...@internedservices.nl | thijs.stuur...@kpn.com T: +31(0)299476185 | M: +31(0)624366778 PGP Key-ID: 0x16ADC048 (https://pgp.surfnet.nl/) Fingerprint: 2EDB 9B42 D6E8 7D4B 6E02 8BE5 6D46 8007 16AD C048 W: https://www.internedservices.nl | L: http://nl.linkedin.com/in/thijsstuurman -Oorspronkelijk bericht- Van: Openvas-discuss [mailto:openvas-discuss-boun...@wald.intevation.org] Namens Jan-Oliver Wagner Verzonden: woensdag 23 augustus 2017 10:00 Aan: openvas-discuss@wald.intevation.org Onderwerp: Re: [Openvas-discuss] GVM-Tools scheduler script Hello Thijs, looks great! How did you like working with GVM Tools compared to the omp tool? All the best Jan Am Freitag, 18. August 2017, 20:35:29 schrieb Thijs Stuurman: > OpenVAS users, > > Recently Greenbone Dr. Jan-Oliver Wagner announced GVM-Tools which > inspired me to rewrite my task scheduler. Which task scheduler? One > day I hacked together some bash script which called the OpenVAS omp > program and parsed the output. Based on some dirty grep filtering and > tricks I managed to make it start tasks which had not run in the current > month. > > Somehow I cannot find my way with the official scheduler... and I know > some of you have built alike or even more elaborate scripts to handle things. > > I never publicly released the bash script because it was ugly, got > slow and had a lot of hard coded constraints which only fitted my own > setup. This time around I implemented everything from scratch based on > the GVM-Tools gvm-pyshell using the gmp calls to get the tasks > information in XML format and start a task. I think this version will work > for almost everyone. > > You can find the new scheduler script here: > https://github.com/Thij/openvas_scheduler See the wiki part of the > github page for a screenshot. > > It's written to run as part of the GVM-Tools gvm-pyshell, see the run > example. The code is for Python 3 and I have used urwid for a console > text GUI interface. > > What I want, and this does, it make sure all tasks run at least once a > month. I usually run the scheduler inside a screen and check on occasion. > It does not run 24/7/365, It could but I start the last week of the > month or whenever I feel like it. So what does it do exactly? In short: > > * Get tasks information, then loop tasks to determine: > > oScanner instance (slave) > > oIf the latest completed run was in the period between now and a month > ago > > oTasks in total > > oTasks that haven't run yet > > oWhich tasks are running and their status > > * If there is room for a new task on a scanner instance, look for a > job that fits. (it pop's the list, so it kind of chooses at random) > > oIf so, tell OpenVAS to start the task (just sends start for a specific > task ID) > > (IF it may start, you can configure on which days and between which > hours; I only start jobs during office hours) > > See the code for more information; for example I have limited the > settings by default to two concurrent tasks per slave scanner. This > script does not change anything in your OpenVAS setup/database. It > just reads the tasks information and requests a task start. My setup: > A master instance and 4 slave scanners. Every task is se
Re: [Openvas-discuss] set up remote scanner.
Strange, running on Ubuntu 16.04.2 LTS here (compiled from source). I never tried to verify the scanner… starting a task, seeing progress and a completion with report results was my way of testing. Now that I do try to verify the scanner; I also get the Error 500 .. can’t be really bothered to look in to it right now though, it works great! Currently my setup is battle testing my gvm-tools scheduler script, going very well! Thijs Stuurman Security Operations Center | KPN Internedservices thijs.stuur...@internedservices.nl<mailto:thijs.stuur...@internedservices.nl> | thijs.stuur...@kpn.com<mailto:thijs.stuur...@kpn.com> T: +31(0)299476185 | M: +31(0)624366778 PGP Key-ID: 0x16ADC048 (https://pgp.surfnet.nl/) Fingerprint: 2EDB 9B42 D6E8 7D4B 6E02 8BE5 6D46 8007 16AD C048 W: https://www.internedservices.nl<https://www.internedservices.nl/> | L: http://nl.linkedin.com/in/thijsstuurman Van: Benjamin-Hugo LeBlanc [mailto:benjamin-hugo.lebl...@owasp.org] Verzonden: maandag 21 augustus 2017 15:44 Aan: Thijs Stuurman <thijs.stuur...@internedservices.nl> CC: openvas-discuss@wald.intevation.org; blackc...@ukr.net Onderwerp: Re: [Openvas-discuss] set up remote scanner. The how-to in the blog post below didn't work out for me with OpenVAS 9 on Ubuntu 16.04 (didn't really investigate why). But a new OpenVAS 9 install from the sources on Debian 8.9 Jessie did the trick. Also, if you follow these steps on Jessie, don't get fooled by the 'Error 500' message when checking the distant scanner: as long as you provide the right cert, the task with the OMP slave scanner will run just fine. -- Benjamin-Hugo LeBlanc | Clé PGP: 0x5823C22CAA9EE32F Sécurité applicative et gestion des vulnérabilités technologiques Québec, Canada | 418.446.1623ᕦ(ò_óˇ)ᕤ 2017-08-16 4:04 GMT-04:00 Thijs Stuurman <thijs.stuur...@internedservices.nl<mailto:thijs.stuur...@internedservices.nl>>: See https://blog.haardiek.org/setup-openvas-as-master-and-slave.html Thijs Stuurman Security Operations Center | KPN Internedservices thijs.stuur...@internedservices.nl<mailto:thijs.stuur...@internedservices.nl> | thijs.stuur...@kpn.com<mailto:thijs.stuur...@kpn.com> T: +31(0)299476185<tel:+31%20299%20476%20185> | M: +31(0)624366778<tel:+31%206%2024366778> PGP Key-ID: 0x16ADC048 (https://pgp.surfnet.nl/) Fingerprint: 2EDB 9B42 D6E8 7D4B 6E02 8BE5 6D46 8007 16AD C048 W: https://www.internedservices.nl<https://www.internedservices.nl/> | L: http://nl.linkedin.com/in/thijsstuurman Van: Openvas-discuss [mailto:openvas-discuss-boun...@wald.intevation.org<mailto:openvas-discuss-boun...@wald.intevation.org>] Namens blackc...@ukr.net<mailto:blackc...@ukr.net> Verzonden: dinsdag 15 augustus 2017 17:39 Aan: openvas-discuss@wald.intevation.org<mailto:openvas-discuss@wald.intevation.org> Onderwerp: [Openvas-discuss] set up remote scanner. I want to install OpenVAS on main server (PC#1) and on other machine (PC#2) install only scanner, then I want to create task from OpenVAS manager in main server (PC#2) for scanner which installed on PC#2. For that purpose I created scanner on PC#2 as "openvassd --listen=0.0.0.0" and on PC#1 I created scanner with IP of PC#1, but it doesn't work. What I doing wrong? Help, please. ___ Openvas-discuss mailing list Openvas-discuss@wald.intevation.org https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss
[Openvas-discuss] GVM-Tools scheduler script
OpenVAS users, Recently Greenbone Dr. Jan-Oliver Wagner announced GVM-Tools which inspired me to rewrite my task scheduler. Which task scheduler? One day I hacked together some bash script which called the OpenVAS omp program and parsed the output. Based on some dirty grep filtering and tricks I managed to make it start tasks which had not run in the current month. Somehow I cannot find my way with the official scheduler... and I know some of you have built alike or even more elaborate scripts to handle things. I never publicly released the bash script because it was ugly, got slow and had a lot of hard coded constraints which only fitted my own setup. This time around I implemented everything from scratch based on the GVM-Tools gvm-pyshell using the gmp calls to get the tasks information in XML format and start a task. I think this version will work for almost everyone. You can find the new scheduler script here: https://github.com/Thij/openvas_scheduler See the wiki part of the github page for a screenshot. It's written to run as part of the GVM-Tools gvm-pyshell, see the run example. The code is for Python 3 and I have used urwid for a console text GUI interface. What I want, and this does, it make sure all tasks run at least once a month. I usually run the scheduler inside a screen and check on occasion. It does not run 24/7/365, It could but I start the last week of the month or whenever I feel like it. So what does it do exactly? In short: * Get tasks information, then loop tasks to determine: oScanner instance (slave) oIf the latest completed run was in the period between now and a month ago oTasks in total oTasks that haven't run yet oWhich tasks are running and their status * If there is room for a new task on a scanner instance, look for a job that fits. (it pop's the list, so it kind of chooses at random) oIf so, tell OpenVAS to start the task (just sends start for a specific task ID) (IF it may start, you can configure on which days and between which hours; I only start jobs during office hours) See the code for more information; for example I have limited the settings by default to two concurrent tasks per slave scanner. This script does not change anything in your OpenVAS setup/database. It just reads the tasks information and requests a task start. My setup: A master instance and 4 slave scanners. Every task is set and configured to run on a specific slave scanner. Any question, feedback, bug report, fork etc' is welcome. Thijs Stuurman Security Operations Center | KPN Internedservices thijs.stuur...@internedservices.nl<mailto:thijs.stuur...@internedservices.nl> | thijs.stuur...@kpn.com<mailto:thijs.stuur...@kpn.com> T: +31(0)299476185 | M: +31(0)624366778 PGP Key-ID: 0x16ADC048 (https://pgp.surfnet.nl/) Fingerprint: 2EDB 9B42 D6E8 7D4B 6E02 8BE5 6D46 8007 16AD C048 W: https://www.internedservices.nl<https://www.internedservices.nl/> | L: http://nl.linkedin.com/in/thijsstuurman ___ Openvas-discuss mailing list Openvas-discuss@wald.intevation.org https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss
Re: [Openvas-discuss] Vulnerability found on blocked port
Remi, What is the vulnerability OID number? (This should be mentioned in the details of the vulnerability, at the bottem under the Log Method section) Thijs Stuurman Security Operations Center | KPN Internedservices thijs.stuur...@internedservices.nl<mailto:thijs.stuur...@internedservices.nl> | thijs.stuur...@kpn.com<mailto:thijs.stuur...@kpn.com> T: +31(0)299476185 | M: +31(0)624366778 PGP Key-ID: 0x16ADC048 (https://pgp.surfnet.nl/) Fingerprint: 2EDB 9B42 D6E8 7D4B 6E02 8BE5 6D46 8007 16AD C048 W: https://www.internedservices.nl<https://www.internedservices.nl/> | L: http://nl.linkedin.com/in/thijsstuurman Van: Rémi Liquete [mailto:remi.l...@gmail.com] Verzonden: woensdag 16 augustus 2017 11:04 Aan: Thijs Stuurman <thijs.stuur...@internedservices.nl> CC: openvas-discuss@wald.intevation.org Onderwerp: Re: [Openvas-discuss] Vulnerability found on blocked port Thank you for your answer. Sorry for not being as clear as I wanted to. I performed a scan on a server. This server is behind a firewall that blocks all port except 3 I am scanning, and blocks ICMP protocol. At the end of the scan, I've checked the report and in this report, there is a vulnerability on ping flood in location "general/icmp". As my firewall is supposed to block this protocol, how can OpenVAS find any vulnerability with this protocol ? I hope I'm clear enough this time ! 2017-08-16 10:53 GMT+02:00 Thijs Stuurman <thijs.stuur...@internedservices.nl<mailto:thijs.stuur...@internedservices.nl>>: Rémi, Your question is not very clear to me but I will try to answer. First of all, which found vulnerability on the ICMP protocol? Detail your questions please. Second, you cannot bypass the firewall … it’s a firewall, there doing what it is supposed to. So either you find nothing, because of the firewall, and confirm your firewalling is OK. Or you whitelist your scanner in the firewall and test the system regardless. Thijs Stuurman Security Operations Center | KPN Internedservices thijs.stuur...@internedservices.nl<mailto:thijs.stuur...@internedservices.nl> | thijs.stuur...@kpn.com<mailto:thijs.stuur...@kpn.com> T: +31(0)299476185<tel:+31%20299%20476%20185> | M: +31(0)624366778<tel:+31%206%2024366778> PGP Key-ID: 0x16ADC048 (https://pgp.surfnet.nl/) Fingerprint: 2EDB 9B42 D6E8 7D4B 6E02 8BE5 6D46 8007 16AD C048 W: https://www.internedservices.nl<https://www.internedservices.nl/> | L: http://nl.linkedin.com/in/thijsstuurman Van: Openvas-discuss [mailto:openvas-discuss-boun...@wald.intevation.org<mailto:openvas-discuss-boun...@wald.intevation.org>] Namens Rémi Liquete Verzonden: woensdag 16 augustus 2017 10:46 Aan: openvas-discuss@wald.intevation.org<mailto:openvas-discuss@wald.intevation.org> Onderwerp: [Openvas-discuss] Vulnerability found on blocked port Hello, I've perform a scan on 3 TCP ports (lists en ports lists). The firewall blocks aswell the ICMP protocol. The question is : Is that normal that OpenVAS found a vulnerability on the ICMP protocol ? If this is normal, how can the scan bypass the firewall ? Regards, Rémi. ___ Openvas-discuss mailing list Openvas-discuss@wald.intevation.org https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss
Re: [Openvas-discuss] Vulnerability found on blocked port
Rémi, Your question is not very clear to me but I will try to answer. First of all, which found vulnerability on the ICMP protocol? Detail your questions please. Second, you cannot bypass the firewall … it’s a firewall, there doing what it is supposed to. So either you find nothing, because of the firewall, and confirm your firewalling is OK. Or you whitelist your scanner in the firewall and test the system regardless. Thijs Stuurman Security Operations Center | KPN Internedservices thijs.stuur...@internedservices.nl<mailto:thijs.stuur...@internedservices.nl> | thijs.stuur...@kpn.com<mailto:thijs.stuur...@kpn.com> T: +31(0)299476185 | M: +31(0)624366778 PGP Key-ID: 0x16ADC048 (https://pgp.surfnet.nl/) Fingerprint: 2EDB 9B42 D6E8 7D4B 6E02 8BE5 6D46 8007 16AD C048 W: https://www.internedservices.nl<https://www.internedservices.nl/> | L: http://nl.linkedin.com/in/thijsstuurman Van: Openvas-discuss [mailto:openvas-discuss-boun...@wald.intevation.org] Namens Rémi Liquete Verzonden: woensdag 16 augustus 2017 10:46 Aan: openvas-discuss@wald.intevation.org Onderwerp: [Openvas-discuss] Vulnerability found on blocked port Hello, I've perform a scan on 3 TCP ports (lists en ports lists). The firewall blocks aswell the ICMP protocol. The question is : Is that normal that OpenVAS found a vulnerability on the ICMP protocol ? If this is normal, how can the scan bypass the firewall ? Regards, Rémi. ___ Openvas-discuss mailing list Openvas-discuss@wald.intevation.org https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss
Re: [Openvas-discuss] set up remote scanner.
See https://blog.haardiek.org/setup-openvas-as-master-and-slave.html Thijs Stuurman Security Operations Center | KPN Internedservices thijs.stuur...@internedservices.nl<mailto:thijs.stuur...@internedservices.nl> | thijs.stuur...@kpn.com<mailto:thijs.stuur...@kpn.com> T: +31(0)299476185 | M: +31(0)624366778 PGP Key-ID: 0x16ADC048 (https://pgp.surfnet.nl/) Fingerprint: 2EDB 9B42 D6E8 7D4B 6E02 8BE5 6D46 8007 16AD C048 W: https://www.internedservices.nl<https://www.internedservices.nl/> | L: http://nl.linkedin.com/in/thijsstuurman Van: Openvas-discuss [mailto:openvas-discuss-boun...@wald.intevation.org] Namens blackc...@ukr.net Verzonden: dinsdag 15 augustus 2017 17:39 Aan: openvas-discuss@wald.intevation.org Onderwerp: [Openvas-discuss] set up remote scanner. I want to install OpenVAS on main server (PC#1) and on other machine (PC#2) install only scanner, then I want to create task from OpenVAS manager in main server (PC#2) for scanner which installed on PC#2. For that purpose I created scanner on PC#2 as "openvassd --listen=0.0.0.0" and on PC#1 I created scanner with IP of PC#1, but it doesn't work. What I doing wrong? Help, please. ___ Openvas-discuss mailing list Openvas-discuss@wald.intevation.org https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss
Re: [Openvas-discuss] Locale
Different path, only locale I have found: /opt/openvas/share/openvas/gsa/locale# ls -las total 36 4 drwxr-xr-x 9 root root 4096 May 9 19:18 . 4 drwxr-xr-x 4 root root 4096 May 9 19:18 .. 4 drwxr-xr-x 3 root root 4096 May 9 19:18 ar 4 drwxr-xr-x 3 root root 4096 May 9 19:18 de 4 drwxr-xr-x 3 root root 4096 May 9 19:18 fr 4 drwxr-xr-x 3 root root 4096 May 9 19:18 pt_BR 4 drwxr-xr-x 3 root root 4096 May 9 19:18 ru 4 drwxr-xr-x 3 root root 4096 May 9 19:18 tr 4 drwxr-xr-x 3 root root 4096 May 9 19:18 zh_CN Thijs Stuurman Security Operations Center | KPN Internedservices thijs.stuur...@internedservices.nl<mailto:thijs.stuur...@internedservices.nl> | thijs.stuur...@kpn.com<mailto:thijs.stuur...@kpn.com> T: +31(0)299476185 | M: +31(0)624366778 PGP Key-ID: 0x16ADC048 (https://pgp.surfnet.nl/) Fingerprint: 2EDB 9B42 D6E8 7D4B 6E02 8BE5 6D46 8007 16AD C048 W: https://www.internedservices.nl<https://www.internedservices.nl/> | L: http://nl.linkedin.com/in/thijsstuurman Van: Openvas-discuss [mailto:openvas-discuss-boun...@wald.intevation.org] Namens Roefs, Joris Verzonden: dinsdag 4 juli 2017 09:24 Aan: openvas-discuss@wald.intevation.org Onderwerp: Re: [Openvas-discuss] Locale Could someone maybe send me their output of 'ls -las /usr/share/openvas/locale' please? Thanks. From: Openvas-discuss [mailto:openvas-discuss-boun...@wald.intevation.org] On Behalf Of Roefs, Joris Sent: dinsdag 27 juni 2017 13:54 To: openvas-discuss@wald.intevation.org<mailto:openvas-discuss@wald.intevation.org> Subject: [Openvas-discuss] Locale hi guys, Quick question, hope you can help. I'm running OpenVAS on a Kali system, fully updated. My issue is, that I cannot set the timezone - it's stuck on UTC. The dropdown boxes are empty except for UTC and the /usr/share/openvas/locale doesn't exist (probably the cause of the issue). Any idea how to populate that locale-directory? - Joris De inhoud van dit e-mail bericht is uitsluitend bestemd voor de geadresseerde. Gebruik van de inhoud ervan door anderen zonder toestemming van de afzender is onrechtmatig. Mocht dit e-mailbericht ten onrechte bij u terechtgekomen zijn, dan verzoeken wij u vriendelijk terstond per e-mail de afzender te informeren of telefonisch via 088-1040911 contact met ons op te nemen. This e-mail and the information it contains, is for the use of the addressee(s) only. Unauthorised use, disclosure or copying is strictly prohibited. If you are not the/an addressee and are in possession of this e-mail, please notify the sender immediately by e-mail or telephone. Our phone number is + 31 88 1040911. ___ Openvas-discuss mailing list Openvas-discuss@wald.intevation.org https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss
Re: [Openvas-discuss] openVAS scanner service timing out
I recently experienced this as well, openvassd not starting.. just hanging and nothing being logged. This was the result of starting a few jobs too many and some just hanging.. I eventually used kill -9 to end and restart everything. An strace showed it halted while doing something with redis so I flushed it using: redis-cli -s /var/run/redis/redis.sock flushall It had to rebuild the database but it worked just fine again after that. Thijs Stuurman Security Operations Center | KPN Internedservices thijs.stuur...@internedservices.nl<mailto:thijs.stuur...@internedservices.nl> | thijs.stuur...@kpn.com<mailto:thijs.stuur...@kpn.com> T: +31(0)299476185 | M: +31(0)624366778 PGP Key-ID: 0x16ADC048 (https://pgp.surfnet.nl/) Fingerprint: 2EDB 9B42 D6E8 7D4B 6E02 8BE5 6D46 8007 16AD C048 W: https://www.internedservices.nl<https://www.internedservices.nl/> | L: http://nl.linkedin.com/in/thijsstuurman Van: Openvas-discuss [mailto:openvas-discuss-boun...@wald.intevation.org] Namens Harsh kapadia Verzonden: woensdag 28 juni 2017 20:19 Aan: Christian Fischer <christian.fisc...@greenbone.net> CC: openvas-discuss@wald.intevation.org Onderwerp: Re: [Openvas-discuss] openVAS scanner service timing out Hi Christian, Yes, actually the openvassd.log did not show anything. I waited and retried deleting the redis dump file and restarting the service. This resolved the issue! The service started and is scanning successfully now. Thanks a lot for your help! Regards, Harsh On Wed, Jun 28, 2017 at 11:43 PM, Christian Fischer <christian.fisc...@greenbone.net<mailto:christian.fisc...@greenbone.net>> wrote: Hi, On 28.06.2017 18:56, Harsh kapadia wrote: > Hi, > > There seems to be enough memory. > [root@etvas8r4 ~]# free > totalusedfree shared buff/cache > available > Mem:3882052 1497340 721696 102084 1663016 > 1941572 > Swap: 4063228 239012 3824216 > [root@etvas8r4 ~]# > > The logs dont display anything new - attached openvasmd.log file this is the manager logfile (openvasMd) which probably doesn't contain any information as you have an issue with the scanner (openvasSd). > Also, tried and tested deleting the redis dump and restarted services. > Still no luck. The scanner service is still getting stuck. > > Regards, > Harsh > > > On Wed, Jun 28, 2017 at 10:07 PM, Christian Fischer > <christian.fisc...@greenbone.net<mailto:christian.fisc...@greenbone.net> > <mailto:christian.fisc...@greenbone.net<mailto:christian.fisc...@greenbone.net>>> > wrote: > > Hi, > > On 28.06.2017 17:14, Harsh kapadia wrote: > > Hi, > > > > I am running openVAS 9 and the openvas scanner service is timing out - > > because of this, I cannot run reports. > > > > The openvas-check-setup show everything is OK. Below is the error > I see > > when the services dont start up: > > Redirecting to /bin/systemctl start openvas-scanner.service.service > > Job for openvas-scanner.service failed because a timeout was exceeded. > > See "systemctl status openvas-scanner.service" and "journalctl > -xe" for > > details. > > > > Have attached the "journalctl - xe " output as well. > > > > Please suggest on this. There's no further info available online > > regarding this issue. > > > > Thanks in advance! > > Harsh > > most likely the known issue where redis is blocking any access by the > scanner due to unknown reasons. This should do the trick: > > 1. Delete dump.rdb (somewhere in /var/run/redis or similar) > 2. Comment out/remove all "save xy z" (e.g. save 900 1) from your > redis.conf > 3. restart redis > 4. restart scanner and try again -- Christian Fischer | PGP Key: 0x54F3CE5B76C597AD Greenbone Networks GmbH | http://greenbone.net Neumarkt 12, 49074 Osnabrück, Germany | AG Osnabrück, HR B 202460 Geschäftsführer: Lukas Grunwald, Dr. Jan-Oliver Wagner ___ Openvas-discuss mailing list Openvas-discuss@wald.intevation.org https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss
Re: [Openvas-discuss] Scans not executing
Christian, Yes I agree. Thijs Stuurman Security Operations Center | KPN Internedservices thijs.stuur...@internedservices.nl | thijs.stuur...@kpn.com T: +31(0)299476185 | M: +31(0)624366778 PGP Key-ID: 0x16ADC048 (https://pgp.surfnet.nl/) Fingerprint: 2EDB 9B42 D6E8 7D4B 6E02 8BE5 6D46 8007 16AD C048 W: https://www.internedservices.nl | L: http://nl.linkedin.com/in/thijsstuurman -Oorspronkelijk bericht- Van: Christian Fischer [mailto:christian.fisc...@greenbone.net] Verzonden: vrijdag 23 juni 2017 15:08 Aan: Thijs Stuurman <thijs.stuur...@internedservices.nl>; Harsh kapadia <harsh9...@gmail.com> CC: openvas-discuss@wald.intevation.org Onderwerp: Re: [Openvas-discuss] Scans not executing Hi, On 23.06.2017 15:03, Thijs Stuurman wrote: > Since it follows redhat, I guess it applies to CentOS as well: > https://access.redhat.com/blogs/766093/posts/1976243 > It should be in the init script for the service, not the redis.conf itself. > > On my system: > > root@ivss:/# ls -l > /etc/systemd/system/multi-user.target.wants/redis-server.service > lrwxrwxrwx 1 root root 40 May 9 18:51 > /etc/systemd/system/multi-user.target.wants/redis-server.service -> > /lib/systemd/system/redis-server.service > root@ivss:/# cat /lib/systemd/system/redis-server.service |grep > PrivateTmp PrivateTmp=yes root@ivss:/# i don't think that it is a good idea to disable the PrivateTmp option in the systemds service file. Instead its probably quite better to have redis listen to /var/run/redis/redis.sock and follow my advise to point the openvassd.conf to that location. > Thijs Stuurman > Security Operations Center | KPN Internedservices > thijs.stuur...@internedservices.nl<mailto:thijs.stuurman@internedservi > ces.nl> | thijs.stuur...@kpn.com<mailto:thijs.stuur...@kpn.com> > T: +31(0)299476185 | M: +31(0)624366778 PGP Key-ID: 0x16ADC048 > (https://pgp.surfnet.nl/) > Fingerprint: 2EDB 9B42 D6E8 7D4B 6E02 8BE5 6D46 8007 16AD C048 > > W: https://www.internedservices.nl<https://www.internedservices.nl/> | > L: http://nl.linkedin.com/in/thijsstuurman > > Van: Harsh kapadia [mailto:harsh9...@gmail.com] > Verzonden: vrijdag 23 juni 2017 14:56 > Aan: Thijs Stuurman <thijs.stuur...@internedservices.nl> > CC: Christian Fischer <christian.fisc...@greenbone.net>; > openvas-discuss@wald.intevation.org > Onderwerp: Re: [Openvas-discuss] Scans not executing > > Christian, > > Will the same apply to CentOS as well. Where can i check the redis parameter > of PtivateTmp? Is it the /etc/redis.conf file? > > Thanks! > Harsh > > On Fri, Jun 23, 2017 at 6:12 PM, Thijs Stuurman > <thijs.stuur...@internedservices.nl<mailto:thijs.stuur...@internedservices.nl>> > wrote: > Christian, > > Ah so that is what is going on.. sneaky! I created the openvassd.conf and it > works, thanks! > > > Thijs Stuurman > Security Operations Center | KPN Internedservices > thijs.stuur...@internedservices.nl<mailto:thijs.stuurman@internedservi > ces.nl> | thijs.stuur...@kpn.com<mailto:thijs.stuur...@kpn.com> > T: +31(0)299476185 | M: +31(0)624366778 PGP Key-ID: 0x16ADC048 > (https://pgp.surfnet.nl/) > Fingerprint: 2EDB 9B42 D6E8 7D4B 6E02 8BE5 6D46 8007 16AD C048 > > W: https://www.internedservices.nl | L: > http://nl.linkedin.com/in/thijsstuurman > > > -Oorspronkelijk bericht- > Van: Openvas-discuss > [mailto:openvas-discuss-boun...@wald.intevation.org<mailto:openvas-dis > cuss-boun...@wald.intevation.org>] Namens Christian Fischer > Verzonden: vrijdag 23 juni 2017 14:36 > Aan: > openvas-discuss@wald.intevation.org<mailto:openvas-discuss@wald.inteva > tion.org> > Onderwerp: Re: [Openvas-discuss] Scans not executing Hi, > > On 23.06.2017 14:28, Thijs Stuurman wrote: >> First check where your redis.sock actually is located; if it exists at all.. >> look at your redis configuration file for the path. >> Then look at where openvas expects it to be.. it should show in the logging. >> >> I run openvas9 on Ubuntu 16.04 and openvas somehow expects it to be in /tmp/ >> but for some (probably good) reason redis refuses or cannot make it in /tmp. >> Haven’t bothered to figure out why, set it back to default >> /var/run/redis/redis.sock and made a symlink in /tmp to it because I >> had to get it working ;p (ln -s /var/run/redis/redis.sock >> /tmp/redis.sock) .. I should recompile openvas to fix the path I >> guess.. someday.. after my vacation ;p > > /tmp won't work because Debian/Ubuntu is using a "PrivateTmp=true" in its > redis systemd script which causes the redis.sock to end up somewhere in: > > /tmp/systemd-private-xyz* >
Re: [Openvas-discuss] Scans not executing
Since it follows redhat, I guess it applies to CentOS as well: https://access.redhat.com/blogs/766093/posts/1976243 It should be in the init script for the service, not the redis.conf itself. On my system: root@ivss:/# ls -l /etc/systemd/system/multi-user.target.wants/redis-server.service lrwxrwxrwx 1 root root 40 May 9 18:51 /etc/systemd/system/multi-user.target.wants/redis-server.service -> /lib/systemd/system/redis-server.service root@ivss:/# cat /lib/systemd/system/redis-server.service |grep PrivateTmp PrivateTmp=yes root@ivss:/# Thijs Stuurman Security Operations Center | KPN Internedservices thijs.stuur...@internedservices.nl<mailto:thijs.stuur...@internedservices.nl> | thijs.stuur...@kpn.com<mailto:thijs.stuur...@kpn.com> T: +31(0)299476185 | M: +31(0)624366778 PGP Key-ID: 0x16ADC048 (https://pgp.surfnet.nl/) Fingerprint: 2EDB 9B42 D6E8 7D4B 6E02 8BE5 6D46 8007 16AD C048 W: https://www.internedservices.nl<https://www.internedservices.nl/> | L: http://nl.linkedin.com/in/thijsstuurman Van: Harsh kapadia [mailto:harsh9...@gmail.com] Verzonden: vrijdag 23 juni 2017 14:56 Aan: Thijs Stuurman <thijs.stuur...@internedservices.nl> CC: Christian Fischer <christian.fisc...@greenbone.net>; openvas-discuss@wald.intevation.org Onderwerp: Re: [Openvas-discuss] Scans not executing Christian, Will the same apply to CentOS as well. Where can i check the redis parameter of PtivateTmp? Is it the /etc/redis.conf file? Thanks! Harsh On Fri, Jun 23, 2017 at 6:12 PM, Thijs Stuurman <thijs.stuur...@internedservices.nl<mailto:thijs.stuur...@internedservices.nl>> wrote: Christian, Ah so that is what is going on.. sneaky! I created the openvassd.conf and it works, thanks! Thijs Stuurman Security Operations Center | KPN Internedservices thijs.stuur...@internedservices.nl<mailto:thijs.stuur...@internedservices.nl> | thijs.stuur...@kpn.com<mailto:thijs.stuur...@kpn.com> T: +31(0)299476185 | M: +31(0)624366778 PGP Key-ID: 0x16ADC048 (https://pgp.surfnet.nl/) Fingerprint: 2EDB 9B42 D6E8 7D4B 6E02 8BE5 6D46 8007 16AD C048 W: https://www.internedservices.nl | L: http://nl.linkedin.com/in/thijsstuurman -Oorspronkelijk bericht- Van: Openvas-discuss [mailto:openvas-discuss-boun...@wald.intevation.org<mailto:openvas-discuss-boun...@wald.intevation.org>] Namens Christian Fischer Verzonden: vrijdag 23 juni 2017 14:36 Aan: openvas-discuss@wald.intevation.org<mailto:openvas-discuss@wald.intevation.org> Onderwerp: Re: [Openvas-discuss] Scans not executing Hi, On 23.06.2017 14:28, Thijs Stuurman wrote: > First check where your redis.sock actually is located; if it exists at all.. > look at your redis configuration file for the path. > Then look at where openvas expects it to be.. it should show in the logging. > > I run openvas9 on Ubuntu 16.04 and openvas somehow expects it to be in /tmp/ > but for some (probably good) reason redis refuses or cannot make it in /tmp. > Haven’t bothered to figure out why, set it back to default > /var/run/redis/redis.sock and made a symlink in /tmp to it because I > had to get it working ;p (ln -s /var/run/redis/redis.sock > /tmp/redis.sock) .. I should recompile openvas to fix the path I > guess.. someday.. after my vacation ;p /tmp won't work because Debian/Ubuntu is using a "PrivateTmp=true" in its redis systemd script which causes the redis.sock to end up somewhere in: /tmp/systemd-private-xyz* However you don't need to recompile OpenVAS to change the location where it is expecting the redis.sock. Just adding the following to your openvassd.conf (create one in your /path/to/etc/openvas if it doesn't exist): kb_location = /var/run/redis/redis.sock > Thijs Stuurman > Security Operations Center | KPN Internedservices > thijs.stuur...@internedservices.nl<mailto:thijs.stuur...@internedservices.nl><mailto:thijs.stuurman@internedservi<mailto:thijs.stuurman@internedservi> > ces.nl<http://ces.nl>> | > thijs.stuur...@kpn.com<mailto:thijs.stuur...@kpn.com><mailto:thijs.stuur...@kpn.com<mailto:thijs.stuur...@kpn.com>> > T: +31(0)299476185 | M: +31(0)624366778 PGP Key-ID: 0x16ADC048 > (https://pgp.surfnet.nl/) > Fingerprint: 2EDB 9B42 D6E8 7D4B 6E02 8BE5 6D46 8007 16AD C048 > > W: https://www.internedservices.nl<https://www.internedservices.nl/> | > L: http://nl.linkedin.com/in/thijsstuurman > > Van: Openvas-discuss > [mailto:openvas-discuss-boun...@wald.intevation.org<mailto:openvas-discuss-boun...@wald.intevation.org>] > Namens Harsh > kapadia > Verzonden: vrijdag 23 juni 2017 14:25 > Aan: Eero Volotinen <eero.voloti...@iki.fi<mailto:eero.voloti...@iki.fi>> > CC: > openvas-discuss@wald.intevation.org<mailto:openvas-discuss@wald.intevation.org> > Onderwerp: Re: [Openvas-discuss] Scans not executing > > Thanks f
Re: [Openvas-discuss] Scans not executing
Christian, Ah so that is what is going on.. sneaky! I created the openvassd.conf and it works, thanks! Thijs Stuurman Security Operations Center | KPN Internedservices thijs.stuur...@internedservices.nl | thijs.stuur...@kpn.com T: +31(0)299476185 | M: +31(0)624366778 PGP Key-ID: 0x16ADC048 (https://pgp.surfnet.nl/) Fingerprint: 2EDB 9B42 D6E8 7D4B 6E02 8BE5 6D46 8007 16AD C048 W: https://www.internedservices.nl | L: http://nl.linkedin.com/in/thijsstuurman -Oorspronkelijk bericht- Van: Openvas-discuss [mailto:openvas-discuss-boun...@wald.intevation.org] Namens Christian Fischer Verzonden: vrijdag 23 juni 2017 14:36 Aan: openvas-discuss@wald.intevation.org Onderwerp: Re: [Openvas-discuss] Scans not executing Hi, On 23.06.2017 14:28, Thijs Stuurman wrote: > First check where your redis.sock actually is located; if it exists at all.. > look at your redis configuration file for the path. > Then look at where openvas expects it to be.. it should show in the logging. > > I run openvas9 on Ubuntu 16.04 and openvas somehow expects it to be in /tmp/ > but for some (probably good) reason redis refuses or cannot make it in /tmp. > Haven’t bothered to figure out why, set it back to default > /var/run/redis/redis.sock and made a symlink in /tmp to it because I > had to get it working ;p (ln -s /var/run/redis/redis.sock > /tmp/redis.sock) .. I should recompile openvas to fix the path I > guess.. someday.. after my vacation ;p /tmp won't work because Debian/Ubuntu is using a "PrivateTmp=true" in its redis systemd script which causes the redis.sock to end up somewhere in: /tmp/systemd-private-xyz* However you don't need to recompile OpenVAS to change the location where it is expecting the redis.sock. Just adding the following to your openvassd.conf (create one in your /path/to/etc/openvas if it doesn't exist): kb_location = /var/run/redis/redis.sock > Thijs Stuurman > Security Operations Center | KPN Internedservices > thijs.stuur...@internedservices.nl<mailto:thijs.stuurman@internedservi > ces.nl> | thijs.stuur...@kpn.com<mailto:thijs.stuur...@kpn.com> > T: +31(0)299476185 | M: +31(0)624366778 PGP Key-ID: 0x16ADC048 > (https://pgp.surfnet.nl/) > Fingerprint: 2EDB 9B42 D6E8 7D4B 6E02 8BE5 6D46 8007 16AD C048 > > W: https://www.internedservices.nl<https://www.internedservices.nl/> | > L: http://nl.linkedin.com/in/thijsstuurman > > Van: Openvas-discuss > [mailto:openvas-discuss-boun...@wald.intevation.org] Namens Harsh > kapadia > Verzonden: vrijdag 23 juni 2017 14:25 > Aan: Eero Volotinen <eero.voloti...@iki.fi> > CC: openvas-discuss@wald.intevation.org > Onderwerp: Re: [Openvas-discuss] Scans not executing > > Thanks for responding! > > Should I move the socket file from /tmp to /run/redis and also modify the > kb_location path accordingly? > > I'm new to openvas and not really sure what needs to be done. > > Harsh > > On Fri, Jun 23, 2017 at 5:47 PM, Eero Volotinen > <eero.voloti...@iki.fi<mailto:eero.voloti...@iki.fi>> wrote: > sounds like connection to redis it not working. > > Eero > > 23.6.2017 3.15 ip. "Harsh kapadia" > <harsh9...@gmail.com<mailto:harsh9...@gmail.com>> kirjoitti: > Hi, > > Please see the attached output from openvas-check-setup.log file. Everything > seems OK but still the scans do not execute: > > I do still see the below errors in openvassd.dump file. > (openvassd:23236): lib kb_redis-CRITICAL **: get_redis_ctx: redis > connection error: No such file or directory > > (openvassd:23236): lib kb_redis-CRITICAL **: get_redis_ctx: redis > connection error: No such file or directory > > (openvassd:23236): lib kb_redis-CRITICAL **: get_redis_ctx: redis > connection error: No such file or directory > > (openvassd:23236): lib kb_redis-CRITICAL **: get_redis_ctx: redis > connection error: No such file or directory > > (openvassd:22085): lib kb_redis-CRITICAL **: get_redis_ctx: redis > connection error: No such file or directory > > (openvassd:22085): lib kb_redis-CRITICAL **: get_redis_ctx: redis > connection error: No such file or directory > > Kindly suggest. SELinux is turned off so it shouldn't be a problem to use the > socket for redis from /tmp directory. > > Thanks! Regards, -- Christian Fischer | PGP Key: 0x54F3CE5B76C597AD Greenbone Networks GmbH | http://greenbone.net Neumarkt 12, 49074 Osnabrück, Germany | AG Osnabrück, HR B 202460 Geschäftsführer: Lukas Grunwald, Dr. Jan-Oliver Wagner ___ Openvas-discuss mailing list Openvas-discuss@wald.intevation.org https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss ___ Openvas-discuss mailing list Openvas-discuss@wald.intevation.org https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss
Re: [Openvas-discuss] Scans not executing
First check where your redis.sock actually is located; if it exists at all.. look at your redis configuration file for the path. Then look at where openvas expects it to be.. it should show in the logging. I run openvas9 on Ubuntu 16.04 and openvas somehow expects it to be in /tmp/ but for some (probably good) reason redis refuses or cannot make it in /tmp. Haven’t bothered to figure out why, set it back to default /var/run/redis/redis.sock and made a symlink in /tmp to it because I had to get it working ;p (ln -s /var/run/redis/redis.sock /tmp/redis.sock) .. I should recompile openvas to fix the path I guess.. someday.. after my vacation ;p Thijs Stuurman Security Operations Center | KPN Internedservices thijs.stuur...@internedservices.nl<mailto:thijs.stuur...@internedservices.nl> | thijs.stuur...@kpn.com<mailto:thijs.stuur...@kpn.com> T: +31(0)299476185 | M: +31(0)624366778 PGP Key-ID: 0x16ADC048 (https://pgp.surfnet.nl/) Fingerprint: 2EDB 9B42 D6E8 7D4B 6E02 8BE5 6D46 8007 16AD C048 W: https://www.internedservices.nl<https://www.internedservices.nl/> | L: http://nl.linkedin.com/in/thijsstuurman Van: Openvas-discuss [mailto:openvas-discuss-boun...@wald.intevation.org] Namens Harsh kapadia Verzonden: vrijdag 23 juni 2017 14:25 Aan: Eero Volotinen <eero.voloti...@iki.fi> CC: openvas-discuss@wald.intevation.org Onderwerp: Re: [Openvas-discuss] Scans not executing Thanks for responding! Should I move the socket file from /tmp to /run/redis and also modify the kb_location path accordingly? I'm new to openvas and not really sure what needs to be done. Harsh On Fri, Jun 23, 2017 at 5:47 PM, Eero Volotinen <eero.voloti...@iki.fi<mailto:eero.voloti...@iki.fi>> wrote: sounds like connection to redis it not working. Eero 23.6.2017 3.15 ip. "Harsh kapadia" <harsh9...@gmail.com<mailto:harsh9...@gmail.com>> kirjoitti: Hi, Please see the attached output from openvas-check-setup.log file. Everything seems OK but still the scans do not execute: I do still see the below errors in openvassd.dump file. (openvassd:23236): lib kb_redis-CRITICAL **: get_redis_ctx: redis connection error: No such file or directory (openvassd:23236): lib kb_redis-CRITICAL **: get_redis_ctx: redis connection error: No such file or directory (openvassd:23236): lib kb_redis-CRITICAL **: get_redis_ctx: redis connection error: No such file or directory (openvassd:23236): lib kb_redis-CRITICAL **: get_redis_ctx: redis connection error: No such file or directory (openvassd:22085): lib kb_redis-CRITICAL **: get_redis_ctx: redis connection error: No such file or directory (openvassd:22085): lib kb_redis-CRITICAL **: get_redis_ctx: redis connection error: No such file or directory Kindly suggest. SELinux is turned off so it shouldn't be a problem to use the socket for redis from /tmp directory. Thanks! ___ Openvas-discuss mailing list Openvas-discuss@wald.intevation.org<mailto:Openvas-discuss@wald.intevation.org> https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss ___ Openvas-discuss mailing list Openvas-discuss@wald.intevation.org https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss
Re: [Openvas-discuss] sharing scans, tasks and hosts with other users
You can put 'm on a group. Thijs Stuurman Security Operations Center | KPN Internedservices thijs.stuur...@internedservices.nl | thijs.stuur...@kpn.com T: +31(0)299476185 | M: +31(0)624366778 PGP Key-ID: 0x16ADC048 (https://pgp.surfnet.nl/) Fingerprint: 2EDB 9B42 D6E8 7D4B 6E02 8BE5 6D46 8007 16AD C048 W: https://www.internedservices.nl | L: http://nl.linkedin.com/in/thijsstuurman -Oorspronkelijk bericht- Van: Openvas-discuss [mailto:openvas-discuss-boun...@wald.intevation.org] Namens Ali Khalfan Verzonden: woensdag 14 juni 2017 16:13 Aan: openvas-discuss@wald.intevation.org Onderwerp: Re: [Openvas-discuss] sharing scans, tasks and hosts with other users Thanks, Those instructions work well. I'm able to share scans and hosts I wish, however, we can further apply permissions on groups rather than just ad user by user it'll be great. Ali On 06/04/2017 09:18 PM, Christian Fischer wrote: > Hi, > > On 04.06.2017 19:29, Ali Khalfan wrote: >> Hi, >> >> I've been using OpenVas for a while now. I must say that as a single >> user it is pretty impressive. However, I've noticed that if I were >> to provide other users access to the scanner, I am not able to share >> any of the scans I've done or the hosts (not even the configuration). >> >> I know this issue also existed in Nessus a while back so I guess it >> makes sense. Was this issue tackled in any way ? Is my only option >> to have multiple users manage OpenVas is to just share the credentials? > such sharing ob objects can be done within OpenVAS via permissions > like explained here: > > http://docs.greenbone.net/GSM-Manual/gos-3.1/en/user_permissions.html > > To share e.g. a task you can follow the steps provided here: > > http://docs.greenbone.net/GSM-Manual/gos-3.1/en/user_permissions.html# > sharing-individual-objects-for-other-users > > If a user should have access to all objects of another user you can > also work with Super Permissions: > > http://docs.greenbone.net/GSM-Manual/gos-3.1/en/user_permissions.html# > super-permissions > >> Thanks, >> >> Ali > Regards, > > -- > > Christian Fischer | PGP Key: 0x54F3CE5B76C597AD Greenbone Networks > GmbH | http://greenbone.net Neumarkt 12, 49074 Osnabrück, Germany | AG > Osnabrück, HR B 202460 > Geschäftsführer: Lukas Grunwald, Dr. Jan-Oliver Wagner > ___ > Openvas-discuss mailing list > Openvas-discuss@wald.intevation.org > https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-dis > cuss ___ Openvas-discuss mailing list Openvas-discuss@wald.intevation.org https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss ___ Openvas-discuss mailing list Openvas-discuss@wald.intevation.org https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss
Re: [Openvas-discuss] OpenVAS not scanning when check setup appears to be OK
Ok, some idea’s to help further trouble shooting: · Can you verify that /tmp/redis.sock is actually really there? (ls the /tmp folder). · Try starting a scan after manually starting openvassd with --f (foreground) and see what it does/says · Start openvassd with strace and follow childs (strace –f /usr/sbin/openvassd) to see what happens Thijs Stuurman Security Operations Center | KPN Internedservices thijs.stuur...@internedservices.nl<mailto:thijs.stuur...@internedservices.nl> | thijs.stuur...@kpn.com<mailto:thijs.stuur...@kpn.com> T: +31(0)299476185 | M: +31(0)624366778 PGP Key-ID: 0x16ADC048 (https://pgp.surfnet.nl/) Fingerprint: 2EDB 9B42 D6E8 7D4B 6E02 8BE5 6D46 8007 16AD C048 W: https://www.internedservices.nl<https://www.internedservices.nl/> | L: http://nl.linkedin.com/in/thijsstuurman Van: Dan Beal [mailto:db...@silasg.com] Verzonden: maandag 12 juni 2017 16:28 Aan: Thijs Stuurman <thijs.stuur...@internedservices.nl>; Eero Volotinen <eero.voloti...@iki.fi> CC: openvas-discuss@wald.intevation.org Onderwerp: RE: [Openvas-discuss] OpenVAS not scanning when check setup appears to be OK tried remaking of certs – the install is about 3 weeks old, had this issue, we reinstalled because we couldn’t fix it, since we are back at this stage, we need to find the root cause. Restart of the service still fails, scan still fails. Service status – service seems to keep trying to start and failing: [root@openvasva ~]# systemctl status openvas-scanner.service ● openvas-scanner.service - OpenVAS Scanner Loaded: loaded (/usr/lib/systemd/system/openvas-scanner.service; enabled; vendor preset: disabled) Active: activating (start) since Mon 2017-06-12 09:56:41 EDT; 1min 26s ago Control: 11191 (openvassd) CGroup: /system.slice/openvas-scanner.service └─11191 /usr/sbin/openvassd Journalctl content: Jun 12 09:16:38 openvasva.silasg.com systemd[1]: Starting OpenVAS Scanner... Jun 12 09:36:38 openvasva.silasg.com systemd[1]: openvas-scanner.service start operation timed out. Terminating. Jun 12 09:36:38 openvasva.silasg.com systemd[1]: Failed to start OpenVAS Scanner. Jun 12 09:36:38 openvasva.silasg.com systemd[1]: Unit openvas-scanner.service entered failed state. Jun 12 09:36:38 openvasva.silasg.com systemd[1]: openvas-scanner.service failed. Jun 12 09:36:39 openvasva.silasg.com systemd[1]: openvas-scanner.service holdoff time over, scheduling restart. Jun 12 09:36:39 openvasva.silasg.com systemd[1]: Starting OpenVAS Scanner... Jun 12 09:56:40 openvasva.silasg.com systemd[1]: openvas-scanner.service start operation timed out. Terminating. Jun 12 09:56:40 openvasva.silasg.com systemd[1]: Failed to start OpenVAS Scanner. Jun 12 09:56:40 openvasva.silasg.com systemd[1]: Unit openvas-scanner.service entered failed state. Jun 12 09:56:40 openvasva.silasg.com systemd[1]: openvas-scanner.service failed. Jun 12 09:56:41 openvasva.silasg.com systemd[1]: openvas-scanner.service holdoff time over, scheduling restart. Jun 12 09:56:41 openvasva.silasg.com systemd[1]: Starting OpenVAS Scanner... Not sure if Redis log entries mean anything to this, it doesn’t seem so: 1050:M 12 Jun 06:58:45.205 # WARNING: The TCP backlog setting of 511 cannot be enforced because /proc/sys/net/core/somaxconn is set to the lower value of 128. 1050:M 12 Jun 06:58:45.205 # Server started, Redis version 3.0.7 1050:M 12 Jun 06:58:45.205 # WARNING overcommit_memory is set to 0! Background save may fail under low memory condition. To fix this issue add 'vm.overcommit_memory = 1' to /etc/sysctl.conf and then reboot or run the command 'sysctl vm.overcommit_memory=1' for this to take effect. 1050:M 12 Jun 06:58:45.206 # WARNING you have Transparent Huge Pages (THP) support enabled in your kernel. This will create latency and memory usage issues with Redis. To fix this issue run the command 'echo never > /sys/kernel/mm/transparent_hugepage/enabled' as root, and add it to your /etc/rc.local in order to retain the setting after a reboot. Redis must be restarted after THP is disabled. 1050:M 12 Jun 06:58:47.006 * DB loaded from disk: 1.800 seconds 1050:M 12 Jun 06:58:47.006 * The server is now ready to accept connections on port 6379 1050:M 12 Jun 06:58:47.006 * The server is now ready to accept connections at /tmp/redis.sock Further troubleshooting, when restarting the scanner service, I updated and rebuilt the NVT cache again to try to solve the problem, I got the below: [root@openvasva ~]# openvasmd --update [root@openvasva ~]# openvasmd --rebuild [root@openvasva ~]# service openvas-scanner restart Redirecting to /bin/systemctl restart openvas-scanner.service Job for openvas-scanner.service failed because a timeout was exceeded. See "systemctl status openvas-scanner.service" and "journalctl -xe" for details. Openvasmd.log: md main:MESSAGE:2017-06-12 12h21.07 utc:7137:OpenVAS Manager version 7.0.1 (DB revisio
Re: [Openvas-discuss] OpenVAS not scanning when check setup appears to be OK
Are you sure your openvas certificate is OK? Not expired or anything? Make a backup (if you care for your current certs) and make ‘m again “openvas-manage-certs -a”. Thijs Stuurman Security Operations Center | KPN Internedservices thijs.stuur...@internedservices.nl<mailto:thijs.stuur...@internedservices.nl> | thijs.stuur...@kpn.com<mailto:thijs.stuur...@kpn.com> T: +31(0)299476185 | M: +31(0)624366778 PGP Key-ID: 0x16ADC048 (https://pgp.surfnet.nl/) Fingerprint: 2EDB 9B42 D6E8 7D4B 6E02 8BE5 6D46 8007 16AD C048 W: https://www.internedservices.nl<https://www.internedservices.nl/> | L: http://nl.linkedin.com/in/thijsstuurman Van: Dan Beal [mailto:db...@silasg.com] Verzonden: maandag 12 juni 2017 14:01 Aan: Eero Volotinen <eero.voloti...@iki.fi>; Thijs Stuurman <thijs.stuur...@internedservices.nl> CC: openvas-discuss@wald.intevation.org Onderwerp: RE: [Openvas-discuss] OpenVAS not scanning when check setup appears to be OK Confirmed these settings are still in redis, from here https://forums.atomicorp.com/viewtopic.php?f=31=8539#p44057 : 6) edit /etc/redis.conf. Add/uncomment the following unixsocket /tmp/redis.sock unixsocketperm 700 From File: # Specify the path for the Unix socket that will be used to listen for # incoming connections. There is no default, so Redis will not listen # on a unix socket when not specified. # unixsocket /tmp/redis.sock unixsocketperm 700 The logs have archived, so I rebooted the server and kicked off a scan (error still occurred) from the logs – gsad.log: gsad main:MESSAGE:2017-06-12 11h18.45 utc:3287: Starting GSAD version 7.0.2 gsad xslt:WARNING:2017-06-12 11h18.45 utc:3287: init_language_lists: Failed to open locale directory "/usr/share/openvas/gsa/locale": No such file or directory gsad main:WARNING:2017-06-12 11h23.40 utc:3288: MHD: Failed to receive data: The TLS connection was non-properly terminated. gsad main:WARNING:2017-06-12 11h23.41 utc:3288: MHD: Failed to receive data: The TLS connection was non-properly terminated. gsad main:WARNING:2017-06-12 11h30.34 utc:3288: MHD: Failed to receive data: The TLS connection was non-properly terminated. -There are several of the TLS connection message from the logs – openvasmd.log: md main:MESSAGE:2017-06-12 11h18.45 utc:3285:OpenVAS Manager version 7.0.1 (DB revision 184) base gpgme:MESSAGE:2017-06-12 11h18.59 utc:3286: Setting GnuPG dir to '/var/lib/openvas/openvasmd/gnupg' base gpgme:MESSAGE:2017-06-12 11h18.59 utc:3286: Using OpenPGP engine version '2.0.22' event task:MESSAGE:2017-06-12 11h39.32 UTC:4419: Status of task Localhost (d40618d9-0bad-4dea-8a03-199375f506a9) has changed to Requested event task:MESSAGE:2017-06-12 11h39.32 UTC:4419: Task Localhost (d40618d9-0bad-4dea-8a03-199375f506a9) has been requested to start by [username] md manage: INFO:2017-06-12 11h39.33 UTC:4420: nvt_selector_plugins: NVTs not explicitly activated anymore for this config: 1.3.6.1.4.1.25623.1.0.10265;1.3.6.1.4.1.25623.1.0.103914;1.3.6.1.4.1.25623.1.0.103978;1.3.6.1.4.1.25623.1.0.95888;1.3.6.1.4.1.25623.1.0.12241;1.3.6.1.4.1.25623.1.0.11933;1.3.6.1.4.1.25623.1.0.12288;1.3.6.1.4.1.25623.1.0.80010;1.3.6.1.4.1.25623.1.0.810010;1.3.6.1.4.1.25623.1.0.10870;1.3.6.1.4.1.25623.1.0.80011;1.3.6.1.4.1.25623.1.0.103585;1.3.6.1.4.1.25623.1.0.103697;1.3.6.1.4.1.25623.1.0.100509;1.3.6.1.4.1.25623.1.0.80104;1.3.6.1.4.1.25623.1.0.80086;1.3.6.1.4.1.25623.1.0.900238;. Please adjust the config if you think this is wrong. md main:WARNING:2017-06-12 11h58.48 UTC:4420: openvas_scanner_read: Failed to read from scanner: Connection reset by peer event task:MESSAGE:2017-06-12 11h58.48 UTC:4420: Status of task Localhost (d40618d9-0bad-4dea-8a03-199375f506a9) has changed to Stopped from the log – openvassd.log: [Mon Jun 12 10:58:04 2017][26584] Failed to initialize nvti cache. – this is the same error I saw last week, I have tried, willing to retry any of these as needed: * Restarting the services * openvasmd --update && openvasmd –rebuild to rebuild the cache – this seemed to work, however the scanner still seems down, maybe I need to do it again? * Updating the server * openvas-setup – to fix any issues * confirmed verifying scanner works Dan Beal SILA M: 571.439.9230 From: eero.t.voloti...@gmail.com<mailto:eero.t.voloti...@gmail.com> [mailto:eero.t.voloti...@gmail.com] On Behalf Of Eero Volotinen Sent: Monday, June 12, 2017 3:24 AM To: Dan Beal <db...@silasg.com<mailto:db...@silasg.com>> Cc: openvas-discuss@wald.intevation.org<mailto:openvas-discuss@wald.intevation.org> Subject: Re: [Openvas-discuss] OpenVAS not scanning when check setup appears to be OK well. that sounds like redis-server is not correctly configured. Please also check out the logs of openvas. Eero 2017-06-12 10:17 GMT+03:00 Dan Beal <db...@silasg.com<mailto:db...@silasg.com>>: Thanks. Jobs will get "stopped at 1%" not jus
Re: [Openvas-discuss] sql errors
No, never. These are also the kind of errors I never ever wish to see! If your data is still there, scan tasks .. history etc' I strongly urge you to make a backup and repeat making backups just in case. Many things can cause these errors, I cannot give you any specific place to start looking for a problem or solution. Perhaps it helps to get more log/verbose/debug information out of sqlite if possible. Check versions, is everything up to date? (sqlite, openvas) Thijs Stuurman Security Operations Center | KPN Internedservices thijs.stuur...@internedservices.nl<mailto:thijs.stuur...@internedservices.nl> | thijs.stuur...@kpn.com<mailto:thijs.stuur...@kpn.com> T: +31(0)299476185 | M: +31(0)624366778 PGP Key-ID: 0x16ADC048 (https://pgp.surfnet.nl/) Fingerprint: 2EDB 9B42 D6E8 7D4B 6E02 8BE5 6D46 8007 16AD C048 W: https://www.internedservices.nl<https://www.internedservices.nl/> | L: http://nl.linkedin.com/in/thijsstuurman Van: Openvas-discuss [mailto:openvas-discuss-boun...@wald.intevation.org] Namens Turner,Jonas Verzonden: maandag 12 juni 2017 15:05 Aan: openvas-discuss@wald.intevation.org Onderwerp: [Openvas-discuss] sql errors Does anyone else get these as well? In my openvasmd.log I get this quite often. It appears when this happens my scans never seem to finish properly and things just get out of sorts. event task:MESSAGE:2017-06-08 08h00.13 EDT:25517: Task network_device_91 (3b792a23-25ab-459c-90db-2eb880099898) could not be resumed by admin event task:MESSAGE:2017-06-08 08h00.14 EDT:25517: Status of task network_device_91 (3b792a23-25ab-459c-90db-2eb880099898) has changed to Requested event task:MESSAGE:2017-06-08 08h00.15 EDT:25517: Task network_device_91 (3b792a23-25ab-459c-90db-2eb880099898) has been requested to start by admin md manage:WARNING:2017-06-08 08h00.15 EDT:25758: sql_exec_internal: sqlite3_step failed: disk I/O error md manage:WARNING:2017-06-08 08h00.15 EDT:25758: sqlv: sql_exec_internal failed md manage:WARNING:2017-06-08 08h00.15 EDT:25758: sql_exec_internal: sqlite3_step failed: file is encrypted or is not a database md manage:WARNING:2017-06-08 08h00.15 EDT:25758: sqlv: sql_exec_internal failed event task:MESSAGE:2017-06-08 08h00.44 EDT:25758: Status of task network_device_91 (3b792a23-25ab-459c-90db-2eb880099898) has changed to Stopped md manage:WARNING:2017-06-08 12h30.22 utc:16585: sql_exec_internal: sqlite3_step failed: disk I/O error md manage:WARNING:2017-06-08 12h30.22 utc:16585: sqlv: sql_exec_internal failed Jonas Turner │ Security Analyst II Ph: 419.254.4890│Fax: 419.252.5557 E-mail: jotur...@hcr-manorcare.com<mailto:jotur...@hcr-manorcare.com> CONFIDENTIALITY NOTICE The information contained in this transmission is intended only for the person or entity to which it is addressed and may contain confidential and/or privileged material. If you are not the intended recipient of this information, do not review, retransmit, disclose, disseminate, use, or take any action in reliance upon, this information. If you received this transmission in error, please contact the sender, destroy all printed copies, and delete the material from all computers. ___ Openvas-discuss mailing list Openvas-discuss@wald.intevation.org https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss
Re: [Openvas-discuss] SCAP / CERT Databases missing
Michael, Thank you for the reply and information. I am however running a PostgreSQL backend. Since everything else works and I don't see what I am missing really, I am reluctant to mess with things at this moment. I might give it a try later but looking at my schedule and vacaction planning, I don't see much time for it in the coming weeks. Thijs Stuurman Security Operations Center | KPN Internedservices thijs.stuur...@internedservices.nl | thijs.stuur...@kpn.com T: +31(0)299476185 | M: +31(0)624366778 PGP Key-ID: 0x16ADC048 (https://pgp.surfnet.nl/) Fingerprint: 2EDB 9B42 D6E8 7D4B 6E02 8BE5 6D46 8007 16AD C048 W: https://www.internedservices.nl | L: http://nl.linkedin.com/in/thijsstuurman -Oorspronkelijk bericht- Van: michael.eiss...@greenbone.net [mailto:michael.eiss...@greenbone.net] Verzonden: donderdag 8 juni 2017 22:16 Aan: Thijs Stuurman <thijs.stuur...@internedservices.nl> CC: openvas-discuss@wald.intevation.org Onderwerp: RE: [Openvas-discuss] SCAP / CERT Databases missing Dear Thijs, thank you for reaching back. I am sorry for the missing field on WebGUI, i have currently no OpenVAS installation at hand to try out. We go an alternate way for this later. Here is a guide, that covers the recreation of a clean CERT DB: Please run the following commands as root user: service openvas-manager stop mkdir /var/lib/openvas/cert-data/bak mv /var/lib/openvas/cert-data/cert.db /var/lib/openvas/cert-data/bak/ mv /var/lib/openvas/cert-data/timestamp* /var/lib/openvas/cert-data/bak/ service openvas-manager start Now we would need to trigger a Feedsync. By that, a new cert.db file (and the timestamp files) will be created. (please check with: ' ls -lah /var/lib/openvas/cert-data/cert.db ') Please asure the feedsync has completed before taking next steps! After the Feedsync has completed, please run the following commands, preferable via copy: chmod 640 /var/lib/openvas/cert-data/cert.db sqlite3 /var/lib/openvas/cert-data/cert.db 'PRAGMA journal_mode=WAL' Now reboot the machine and see if the problem has solved. If so, we would next go and remove the ../bak folder like this: cd /var/lib/openvas/cert-data rm -r bak Explanation: Withing this guide, we backup the current state, and remove the db from it's original location. The scanner will then think he has this db missing and therefore creates a new one. This process is triggered by running a feedupdate. With a newly created certs.db the problem should be gone. Cheers, Michael. On 08.06.2017 10:52, Thijs Stuurman wrote: > Michael, > > Outputs: > > """ > > ~# ls -lah /opt/openvas/var/lib/openvas/cert-data/ > /opt/openvas/var/lib/openvas/scap-data/ > > /opt/openvas/var/lib/openvas/cert-data/: > > total 35M > > drwxr-xr-x 2 root root 4.0K May 11 16:49 . > > drwxr-xr-x 10 root root 4.0K May 10 10:12 .. > > -rw-r--r-- 1 root root 1.4M Nov 29 2016 CB-K13.xml > > -rw-r--r-- 1 root root 181 May 11 08:08 CB-K13.xml.asc > > -rw-r--r-- 1 root root 4.6M Jan 25 09:59 CB-K14.xml > > -rw-r--r-- 1 root root 181 May 11 08:08 CB-K14.xml.asc > > -rw-r--r-- 1 root root 5.9M Jan 25 09:59 CB-K15.xml > > -rw-r--r-- 1 root root 181 May 11 08:08 CB-K15.xml.asc > > -rw-r--r-- 1 root root 7.9M Jan 25 09:59 CB-K16.xml > > -rw-r--r-- 1 root root 181 May 11 08:08 CB-K16.xml.asc > > -rw-r--r-- 1 root root 551K Jan 25 09:59 CB-K17.xml > > -rw-r--r-- 1 root root 181 May 11 08:08 CB-K17.xml.asc > > -rw-r--r-- 1 root root 25K May 11 16:49 cert.db > > -rw-r--r-- 1 root root 1.1K Sep 20 2016 COPYING > > -rw-r--r-- 1 root root 181 May 11 08:08 COPYING.asc > > -rw-r--r-- 1 root root 3.0K Sep 20 2016 dfn-cert-2008.xml > > -rw-r--r-- 1 root root 181 May 11 08:08 dfn-cert-2008.xml.asc > > -rw-r--r-- 1 root root 662K Sep 20 2016 dfn-cert-2009.xml > > -rw-r--r-- 1 root root 181 May 11 08:08 dfn-cert-2009.xml.asc > > -rw-r--r-- 1 root root 1.4M Sep 20 2016 dfn-cert-2010.xml > > -rw-r--r-- 1 root root 181 May 11 08:08 dfn-cert-2010.xml.asc > > -rw-r--r-- 1 root root 1.6M Sep 20 2016 dfn-cert-2011.xml > > -rw-r--r-- 1 root root 181 May 11 08:08 dfn-cert-2011.xml.asc > > -rw-r--r-- 1 root root 1.7M Sep 20 2016 dfn-cert-2012.xml > > -rw-r--r-- 1 root root 181 May 11 08:08 dfn-cert-2012.xml.asc > > -rw-r--r-- 1 root root 1.6M Nov 7 2016 dfn-cert-2013.xml > > -rw-r--r-- 1 root root 181 May 11 08:08 dfn-cert-2013.xml.asc > > -rw-r--r-- 1 root root 1.5M Apr 13 08:53 dfn-cert-2014.xml > > -rw-r--r-- 1 root root 181 May 11 08:08 dfn-cert-2014.xml.asc > > -rw-r--r-- 1 root root 2.0M May 10 07:52 dfn-cert-2015.xml > > -rw-r--r-- 1 root root 181 May 11 08:08 dfn-cert-2015.xml.asc > > -rw-r--r-- 1 root root 2.6M May 11 08:08 dfn-cert-
Re: [Openvas-discuss] omg can't connect to openvas
Gerhard, Just tell gsad where to connect to as well, something like: gsad -p 443 --listen=0.0.0.0 --mlisten=127.0.0.1 --mport=9390 --ssl-private-key=server.key --ssl-certificate=server.crt --http-sts --gnutls-priorities="SECURE128:-AES-128-CBC:-CAMELLIA-128-CBC:-VERS-SSL3.0:-VERS-TLS1.0" The --m parameters are for the connection to openvasmd. Thijs Stuurman Security Operations Center | KPN Internedservices thijs.stuur...@internedservices.nl<mailto:thijs.stuur...@internedservices.nl> | thijs.stuur...@kpn.com<mailto:thijs.stuur...@kpn.com> T: +31(0)299476185 | M: +31(0)624366778 PGP Key-ID: 0x16ADC048 (https://pgp.surfnet.nl/) Fingerprint: 2EDB 9B42 D6E8 7D4B 6E02 8BE5 6D46 8007 16AD C048 W: https://www.internedservices.nl<https://www.internedservices.nl/> | L: http://nl.linkedin.com/in/thijsstuurman Van: Gerhard Mourani [mailto:gmour...@gmail.com] Verzonden: donderdag 8 juni 2017 17:16 Aan: Thijs Stuurman <thijs.stuur...@internedservices.nl> CC: Turner,Jonas <jotur...@hcr-manorcare.com>; openvas-discuss@wald.intevation.org Onderwerp: Re: [Openvas-discuss] omg can't connect to openvas Oops, look like when starting openvasmd to listen on TCP port instead of unix socket, I'm no longer able to connect to the GSA WUI ! Here what I can see in gsad.log file -> Failed to connect to server: No such file or directory I've to make openvasmd to listen to unix socket again for the GSA WUI to work. Gerhard, On Jun 8, 2017, at 9:42 AM, Gerhard Mourani <gmour...@gmail.com<mailto:gmour...@gmail.com>> wrote: You're right. I've changed my init script to start openvasmd as follow -> openvasmd -a 127.0.0.1 -p 9390 and it works now, thanks. Gerhard, On Jun 8, 2017, at 9:37 AM, Thijs Stuurman <thijs.stuur...@internedservices.nl<mailto:thijs.stuur...@internedservices.nl>> wrote: Gerhard, Still gsad is not the correct service. Gsad is the web gui, I got that listening on 80 and 443: root@ivss:~# netstat -vnepl |grep gsad tcp0 0 0.0.0.0:80 0.0.0.0:* LISTEN 0 3859250 23930/gsad tcp0 0 0.0.0.0:443 0.0.0.0:* LISTEN 0 3852040 23929/gsad Openvasmd or gvmd is probably not listening at all on TCP and communication is probably done through a socket. Look ‘m up using “netstat -vnepl”. Either try using omp without any parameters for the IP and port to communicate with or set openvasmd to listen on a TCP port starting it specifically with options such as: openvasmd -p 9390 -a 127.0.0.1 or gvmd -p 9390 -a 127.0.0.1 OpenVAS9 it will be gvmd. Thijs Stuurman Security Operations Center | KPN Internedservices thijs.stuur...@internedservices.nl<mailto:thijs.stuur...@internedservices.nl> | thijs.stuur...@kpn.com<mailto:thijs.stuur...@kpn.com> T: +31(0)299476185 | M: +31(0)624366778 PGP Key-ID: 0x16ADC048 (https://pgp.surfnet.nl/) Fingerprint: 2EDB 9B42 D6E8 7D4B 6E02 8BE5 6D46 8007 16AD C048 W: https://www.internedservices.nl | L: http://nl.linkedin.com/in/thijsstuurman Van: Gerhard Mourani [mailto:gmour...@gmail.com] Verzonden: donderdag 8 juni 2017 15:26 Aan: Thijs Stuurman <thijs.stuur...@internedservices.nl<mailto:thijs.stuur...@internedservices.nl>> CC: Turner,Jonas <jotur...@hcr-manorcare.com<mailto:jotur...@hcr-manorcare.com>>; openvas-discuss@wald.intevation.org<mailto:openvas-discuss@wald.intevation.org> Onderwerp: Re: [Openvas-discuss] omg can't connect to openvas Thijs, No, on my installation I use port 9392 as shown with the netstat -nlp command: tcp0 0 :::9392 :::* LISTEN 25854/gsad I've nothing listening on port 9390 and here the result if I try to run omp on port 9390: omp -u admin -w admin -p 9390 -g -v WARNING: Verbose mode may reveal passwords! Will try to connect to host 127.0.0.1, port 9390... (omp:55229): lib serv-WARNING **: Failed to connect to server Failed to acquire socket. You can see that the message is different, port 9392 is the good one in my case but the omp command never complet. Gerhard, On Jun 8, 2017, at 9:19 AM, Thijs Stuurman <thijs.stuur...@internedservices.nl<mailto:thijs.stuur...@internedservices.nl>> wrote: Gerhard, You are using the wrong port. OMP needs to connect to the openvasmd process (or gvmd in openvas9) on port 9390.as Jonas is also doing. Openvasmd / gvmd is the master process, omp and gsad (the web gui) connect to that to get the information. Thijs Stuurman Security Operations Center | KPN Internedservices thijs.stuur...@internedservices.nl<mailto:thijs.stuur...@internedservices.nl> | thijs.stuur...@kpn.com<mailto:thijs.stuur...@kpn.com> T: +31(0)299476185 | M: +31(0)624366778 PGP Key-ID: 0x16ADC048 (https://pgp.surfnet.nl/) Fingerprint: 2EDB 9B42 D6E8 7D4B 6E02 8BE5 6D46 8007 16AD C048 W: https://www.internedservices.n
Re: [Openvas-discuss] omg can't connect to openvas
Gerhard, Still gsad is not the correct service. Gsad is the web gui, I got that listening on 80 and 443: root@ivss:~# netstat -vnepl |grep gsad tcp0 0 0.0.0.0:80 0.0.0.0:* LISTEN 0 3859250 23930/gsad tcp0 0 0.0.0.0:443 0.0.0.0:* LISTEN 0 3852040 23929/gsad Openvasmd or gvmd is probably not listening at all on TCP and communication is probably done through a socket. Look ‘m up using “netstat -vnepl”. Either try using omp without any parameters for the IP and port to communicate with or set openvasmd to listen on a TCP port starting it specifically with options such as: openvasmd -p 9390 -a 127.0.0.1 or gvmd -p 9390 -a 127.0.0.1 OpenVAS9 it will be gvmd. Thijs Stuurman Security Operations Center | KPN Internedservices thijs.stuur...@internedservices.nl<mailto:thijs.stuur...@internedservices.nl> | thijs.stuur...@kpn.com<mailto:thijs.stuur...@kpn.com> T: +31(0)299476185 | M: +31(0)624366778 PGP Key-ID: 0x16ADC048 (https://pgp.surfnet.nl/) Fingerprint: 2EDB 9B42 D6E8 7D4B 6E02 8BE5 6D46 8007 16AD C048 W: https://www.internedservices.nl<https://www.internedservices.nl/> | L: http://nl.linkedin.com/in/thijsstuurman Van: Gerhard Mourani [mailto:gmour...@gmail.com] Verzonden: donderdag 8 juni 2017 15:26 Aan: Thijs Stuurman <thijs.stuur...@internedservices.nl> CC: Turner,Jonas <jotur...@hcr-manorcare.com>; openvas-discuss@wald.intevation.org Onderwerp: Re: [Openvas-discuss] omg can't connect to openvas Thijs, No, on my installation I use port 9392 as shown with the netstat -nlp command: tcp0 0 :::9392 :::* LISTEN 25854/gsad I've nothing listening on port 9390 and here the result if I try to run omp on port 9390: omp -u admin -w admin -p 9390 -g -v WARNING: Verbose mode may reveal passwords! Will try to connect to host 127.0.0.1, port 9390... (omp:55229): lib serv-WARNING **: Failed to connect to server Failed to acquire socket. You can see that the message is different, port 9392 is the good one in my case but the omp command never complet. Gerhard, On Jun 8, 2017, at 9:19 AM, Thijs Stuurman <thijs.stuur...@internedservices.nl<mailto:thijs.stuur...@internedservices.nl>> wrote: Gerhard, You are using the wrong port. OMP needs to connect to the openvasmd process (or gvmd in openvas9) on port 9390.as Jonas is also doing. Openvasmd / gvmd is the master process, omp and gsad (the web gui) connect to that to get the information. Thijs Stuurman Security Operations Center | KPN Internedservices thijs.stuur...@internedservices.nl<mailto:thijs.stuur...@internedservices.nl> | thijs.stuur...@kpn.com<mailto:thijs.stuur...@kpn.com> T: +31(0)299476185 | M: +31(0)624366778 PGP Key-ID: 0x16ADC048 (https://pgp.surfnet.nl/) Fingerprint: 2EDB 9B42 D6E8 7D4B 6E02 8BE5 6D46 8007 16AD C048 W: https://www.internedservices.nl | L: http://nl.linkedin.com/in/thijsstuurman Van: Openvas-discuss [mailto:openvas-discuss-boun...@wald.intevation.org] Namens Turner,Jonas Verzonden: donderdag 8 juni 2017 14:33 Aan: Gerhard Mourani <gmour...@gmail.com<mailto:gmour...@gmail.com>>; openvas-discuss@wald.intevation.org<mailto:openvas-discuss@wald.intevation.org> Onderwerp: Re: [Openvas-discuss] omg can't connect to openvas I am not sure if this will help but this is what I do and it works for me. You can change the port of course. 1. Configure omp.config with credentials a. [Connection] b. host=127.0.0.1 c. port=9390 d. username=someuser e. password=somepassword 2. openvasmd -a 127.0.0.1 -p 9390 3. omp -g -v This provided me with the following output: <someuser@someserver:~$> omp -g -v WARNING: Verbose mode may reveal passwords! Will try to connect to host 127.0.0.1, port 9390... 8715c877-47a0-438d-98a3-27c7a6ab2196 Discovery 085569ce-73ed-11df-83c3-002264764cea empty daba56c8-73ec-11df-a475-002264764cea Full and fast 698f691e-7489-11df-9d8c-002264764cea Full and fast ultimate 708f25c4-7489-11df-8094-002264764cea Full and very deep 74db13d6-7489-11df-91b9-002264764cea Full and very deep ultimate f14981cc-80d9-4bec-8cca-ff3aa25c57be HCR - Full and Fast 2d3f051c-55ba-11e3-bf43-406186ea4fc5 Host Discovery bbca7412-a950-11e3-9109-406186ea4fc5 System Discovery Command completed successfully. From: Openvas-discuss [mailto:openvas-discuss-boun...@wald.intevation.org] On Behalf Of Gerhard Mourani Sent: Thursday, June 08, 2017 8:19 AM To: openvas-discuss@wald.intevation.org<mailto:openvas-discuss@wald.intevation.org> Subject: [Openvas-discuss] omg can't connect to openvas Hello, I'm trying to use omp command to connect to openvas but it doesn't work and never finish. Here my command. omp -u admin -w admin -p 9392 -g -v WARNING: Verbose mode may reveal passwords! Will try to connect to h
Re: [Openvas-discuss] omg can't connect to openvas
Gerhard, You are using the wrong port. OMP needs to connect to the openvasmd process (or gvmd in openvas9) on port 9390.as Jonas is also doing. Openvasmd / gvmd is the master process, omp and gsad (the web gui) connect to that to get the information. Thijs Stuurman Security Operations Center | KPN Internedservices thijs.stuur...@internedservices.nl<mailto:thijs.stuur...@internedservices.nl> | thijs.stuur...@kpn.com<mailto:thijs.stuur...@kpn.com> T: +31(0)299476185 | M: +31(0)624366778 PGP Key-ID: 0x16ADC048 (https://pgp.surfnet.nl/) Fingerprint: 2EDB 9B42 D6E8 7D4B 6E02 8BE5 6D46 8007 16AD C048 W: https://www.internedservices.nl<https://www.internedservices.nl/> | L: http://nl.linkedin.com/in/thijsstuurman Van: Openvas-discuss [mailto:openvas-discuss-boun...@wald.intevation.org] Namens Turner,Jonas Verzonden: donderdag 8 juni 2017 14:33 Aan: Gerhard Mourani <gmour...@gmail.com>; openvas-discuss@wald.intevation.org Onderwerp: Re: [Openvas-discuss] omg can't connect to openvas I am not sure if this will help but this is what I do and it works for me. You can change the port of course. 1. Configure omp.config with credentials a. [Connection] b. host=127.0.0.1 c. port=9390 d. username=someuser e. password=somepassword 2. openvasmd -a 127.0.0.1 -p 9390 3. omp -g -v This provided me with the following output: <someuser@someserver:~$> omp -g -v WARNING: Verbose mode may reveal passwords! Will try to connect to host 127.0.0.1, port 9390... 8715c877-47a0-438d-98a3-27c7a6ab2196 Discovery 085569ce-73ed-11df-83c3-002264764cea empty daba56c8-73ec-11df-a475-002264764cea Full and fast 698f691e-7489-11df-9d8c-002264764cea Full and fast ultimate 708f25c4-7489-11df-8094-002264764cea Full and very deep 74db13d6-7489-11df-91b9-002264764cea Full and very deep ultimate f14981cc-80d9-4bec-8cca-ff3aa25c57be HCR - Full and Fast 2d3f051c-55ba-11e3-bf43-406186ea4fc5 Host Discovery bbca7412-a950-11e3-9109-406186ea4fc5 System Discovery Command completed successfully. From: Openvas-discuss [mailto:openvas-discuss-boun...@wald.intevation.org] On Behalf Of Gerhard Mourani Sent: Thursday, June 08, 2017 8:19 AM To: openvas-discuss@wald.intevation.org<mailto:openvas-discuss@wald.intevation.org> Subject: [Openvas-discuss] omg can't connect to openvas Hello, I'm trying to use omp command to connect to openvas but it doesn't work and never finish. Here my command. omp -u admin -w admin -p 9392 -g -v WARNING: Verbose mode may reveal passwords! Will try to connect to host 127.0.0.1, port 9392... openvas-manager-7.0.1 openvas-gsa-7.0.2 openvas-scanner-5.1.1 openvas-libraries-9.0.1 openvas-cli-1.4.5 gsad is running on port 9392 as follow: tcp0 0 :::9392 :::* LISTEN 25854/gsad Gerhard, ___ Openvas-discuss mailing list Openvas-discuss@wald.intevation.org https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss
[Openvas-discuss] GSAD TLS settings
OpenVAS discuss, Sharing a bit of experience. With my recent upgrade from 8 to 9 I also disabled my Apache proxy which enforced some TLS and http header hardening in front of GSAD. GSAD improved a lot on this front, ++ for the developers! It did however give me one medium finding: """ Vulnerable' cipher suites accepted by this service via the TLSv1.1 protocol: TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA (SWEET32) TLS_RSA_WITH_3DES_EDE_CBC_SHA (SWEET32) """ To fix this I further restricted the TLS configuration for GSAD by adding "--gnutls-priorities=NORMAL:-VERS-TLS-ALL:+VERS-TLS1.2:-CIPHER-ALL:+AES-256-CBC" My start script uses the following: /opt/openvas9/sbin/openvasmd -p 9390 -a 127.0.0.1 /opt/openvas9/sbin/gsad -p 443 --listen=0.0.0.0 --mlisten=127.0.0.1 --mport=9390 --ssl-private-key=/xxx.key --ssl-certificate=/xxx.crt --http-sts --gnutls-priorities="NORMAL:-VERS-TLS-ALL:+VERS-TLS1.2:-CIPHER-ALL:+AES-256-CBC" I haven't added some options because they are enabled by default. Not using chroot because .. I don't know to be honest but I got everything else locked down quite well. Nmap results: """ root@scanner001:~# nmap -Pn -p 443 --script=ssl-enum-ciphers 10.xxx.xxx.xxx Starting Nmap 5.51 ( http://nmap.org ) at 2017-06-02 13:43 CEST Nmap scan report for 10.xxx.xxx.xx Host is up (0.00023s latency). PORTSTATE SERVICE 443/tcp open https | ssl-enum-ciphers: | TLSv1.2 | Ciphers (2) | TLS_RSA_WITH_AES_256_CBC_SHA | TLS_RSA_WITH_AES_256_CBC_SHA256 | Compressors (1) |_ uncompressed """ Thijs Stuurman Security Operations Center | KPN Internedservices thijs.stuur...@internedservices.nl | thijs.stuur...@kpn.com T: +31(0)299476185 | M: +31(0)624366778 PGP Key-ID: 0x16ADC048 (https://pgp.surfnet.nl/) Fingerprint: 2EDB 9B42 D6E8 7D4B 6E02 8BE5 6D46 8007 16AD C048 W: https://www.internedservices.nl | L: http://nl.linkedin.com/in/thijsstuurman ___ Openvas-discuss mailing list Openvas-discuss@wald.intevation.org https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss
Re: [Openvas-discuss] Rebuilding NVT cache... failed
R.m6, I got those same messages on OpenVAS9 about those 2 duplicates but it doesn't seem to be an issue for me: lib nvticache:WARNING:2017-05-29 10h31.52 utc:14473: NVT 2008/spysweeper_corp_installed.nasl with duplicate OID 1.3.6.1.4.1.25623.1.0.80046 will be replaced with spysweeper_corp_installed.nasl lib nvticache:WARNING:2017-05-29 10h31.54 utc:14473: NVT 2009/gb_fsecure_prdts_detect_win.nasl with duplicate OID 1.3.6.1.4.1.25623.1.0.800355 will be replaced with gb_fsecure_prdts_detect_win.nasl lib nvticache:WARNING:2017-05-29 10h31.55 utc:14473: NVT spysweeper_corp_installed.nasl with duplicate OID 1.3.6.1.4.1.25623.1.0.80046 will be replaced with 2008/spysweeper_corp_installed.nasl lib nvticache:WARNING:2017-05-29 10h31.57 utc:14473: NVT gb_fsecure_prdts_detect_win.nasl with duplicate OID 1.3.6.1.4.1.25623.1.0.800355 will be replaced with 2009/gb_fsecure_prdts_detect_win.nasl *(do not know why it gets logged twice in my case) I am on the same feed version as you: 201705150749 The 503 message probably indicates the HTTP error 503 which means Service Unavailable. Try refreshing it all with a fresh full wget of the nvt's instead of rsync using: openvas-nvt-sync --wget Than rebuild again after that. Thijs Stuurman Security Operations Center | KPN Internedservices thijs.stuur...@internedservices.nl | thijs.stuur...@kpn.com T: +31(0)299476185 | M: +31(0)624366778 PGP Key-ID: 0x16ADC048 (https://pgp.surfnet.nl/) Fingerprint: 2EDB 9B42 D6E8 7D4B 6E02 8BE5 6D46 8007 16AD C048 W: https://www.internedservices.nl | L: http://nl.linkedin.com/in/thijsstuurman -Oorspronkelijk bericht- Van: Openvas-discuss [mailto:openvas-discuss-boun...@wald.intevation.org] Namens r.m6 Verzonden: maandag 29 mei 2017 15:13 Aan: openvas-discuss@wald.intevation.org Onderwerp: [Openvas-discuss] Rebuilding NVT cache... failed Dear openVAS community, I have been using openVAS 8 successfully for a year now (Ubuntu 16.04 Server). Since last week, the service is broken (Web GUI shows “Status code: 503” ). On the commandline (sudo openvasmd --rebuild --progress -v) I am experiencing the ERROR: “Rebuilding NVT cache... failed.” Sync seems to be uptodate (sudo openvas-nvt-sync): “Feed is already current, no synchronization necessary.” The log /var/log/openvas/openvassd.messages shows: [Fri May 26 11:30:41 2017][6043] NVT with duplicate OID 1.3.6.1.4.1.25623.1.0.80046 will be replaced with 2008/spysweeper_corp_installed.nasl [Fri May 26 11:31:04 2017][6043] NVT with duplicate OID 1.3.6.1.4.1.25623.1.0.800355 will be replaced with gb_fsecure_prdts_detect_win.nasl openvas-check-setup says: "It seems like your OpenVAS-8 installation is OK." If I compare NVT to the other 2 feeds, NVT is "much" older: NVT is 201705150749 SCAP is201705290801 CERT 201705290806 Does anyone else see the same problem? Can somebody give me a hint how to resolve this problem? Many thanks in advance! ___ Openvas-discuss mailing list Openvas-discuss@wald.intevation.org https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss ___ Openvas-discuss mailing list Openvas-discuss@wald.intevation.org https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss
Re: [Openvas-discuss] OpenVAS9 hanging nasl tasks
OpenVAS-Discuss, Ok it's running to my satisfaction again. Got my master still on the main branch and 4 scanners each handling 2 tasks concurrently running the trunk version. Tasks are flying :) Finished 13 so far. Looking to finish 233 of 'm this week during daytime hours.. should be achievable. Thijs Stuurman Security Operations Center | KPN Internedservices thijs.stuur...@internedservices.nl | thijs.stuur...@kpn.com T: +31(0)299476185 | M: +31(0)624366778 PGP Key-ID: 0x16ADC048 (https://pgp.surfnet.nl/) Fingerprint: 2EDB 9B42 D6E8 7D4B 6E02 8BE5 6D46 8007 16AD C048 W: https://www.internedservices.nl | L: http://nl.linkedin.com/in/thijsstuurman -Oorspronkelijk bericht- Van: Thijs Stuurman Verzonden: maandag 29 mei 2017 13:45 Aan: 'Christian Fischer' <christian.fisc...@greenbone.net>; openvas-discuss@wald.intevation.org Onderwerp: RE: [Openvas-discuss] OpenVAS9 hanging nasl tasks Christian, I did rebuild the manager etc' to get the nasl change 'live'. I'll take a look at the patch and consider my options. Thank you for the information and work. Thijs Stuurman Security Operations Center | KPN Internedservices thijs.stuur...@internedservices.nl | thijs.stuur...@kpn.com T: +31(0)299476185 | M: +31(0)624366778 PGP Key-ID: 0x16ADC048 (https://pgp.surfnet.nl/) Fingerprint: 2EDB 9B42 D6E8 7D4B 6E02 8BE5 6D46 8007 16AD C048 W: https://www.internedservices.nl | L: http://nl.linkedin.com/in/thijsstuurman -Oorspronkelijk bericht- Van: Christian Fischer [mailto:christian.fisc...@greenbone.net] Verzonden: maandag 29 mei 2017 13:41 Aan: Thijs Stuurman <thijs.stuur...@internedservices.nl>; openvas-discuss@wald.intevation.org Onderwerp: Re: [Openvas-discuss] OpenVAS9 hanging nasl tasks Hi, On 29.05.2017 13:02, Thijs Stuurman wrote: > Christian & Hani, > > Ok, current SVN trunk version of OpenVAS9 runs fast and finishes without any > issues on the task that used to hang. > I did adjust the suggested NASL files based on > https://lists.wald.intevation.org/pipermail/openvas-nvts-commits/2017- > May/006214.html in my previous mail i but forgot to mention that you need to do a restart of the scanner and a rebuild of the manager to get the NASL changes "live". > Going to upgrade my other scanners later today and start more tasks after. i don't recommend to use the current trunk on a productive environment. The mentioned issue is also fixed in the current openvas-scanner-5.1 branch with the following commit: https://lists.wald.intevation.org/pipermail/openvas-commits/2017-May/028439.html so you can still run the latest stable OpenVAS 9 releases with that patch applied until an official release with the patch included was done. Regards, > Thijs Stuurman > Security Operations Center | KPN Internedservices > thijs.stuur...@internedservices.nl | thijs.stuur...@kpn.com > T: +31(0)299476185 | M: +31(0)624366778 PGP Key-ID: 0x16ADC048 > (https://pgp.surfnet.nl/) > Fingerprint: 2EDB 9B42 D6E8 7D4B 6E02 8BE5 6D46 8007 16AD C048 > > W: https://www.internedservices.nl | L: > http://nl.linkedin.com/in/thijsstuurman > > > > > -Oorspronkelijk bericht- > Van: Thijs Stuurman > Verzonden: maandag 29 mei 2017 10:27 > Aan: openvas-discuss@wald.intevation.org > CC: 'Christian Fischer' <christian.fisc...@greenbone.net> > Onderwerp: RE: [Openvas-discuss] OpenVAS9 hanging nasl tasks > > Christian, > > Thank you for the tip, unfortunately it still hangs on the mentioned 4 checks > even after 45 minutes. > * The progress does get to 6% now instead of 2%. > > I am going to install the trunk version from the SVN repo to see if that > helps. > > > Thijs Stuurman > Security Operations Center | KPN Internedservices > thijs.stuur...@internedservices.nl | thijs.stuur...@kpn.com > T: +31(0)299476185 | M: +31(0)624366778 PGP Key-ID: 0x16ADC048 > (https://pgp.surfnet.nl/) > Fingerprint: 2EDB 9B42 D6E8 7D4B 6E02 8BE5 6D46 8007 16AD C048 > > W: https://www.internedservices.nl | L: > http://nl.linkedin.com/in/thijsstuurman > > > > > -Oorspronkelijk bericht- > Van: Openvas-discuss > [mailto:openvas-discuss-boun...@wald.intevation.org] Namens Christian > Fischer > Verzonden: vrijdag 26 mei 2017 23:52 > Aan: openvas-discuss@wald.intevation.org > Onderwerp: Re: [Openvas-discuss] OpenVAS9 hanging nasl tasks > > Hi, > > On 23.05.2017 13:05, Thijs Stuurman wrote: >> OpenVAS discuss list, >> >> I ran a few scans with my new OpenVAS9 setup and all worked well. >> Now I am starting a lot of scans and noticing most of 'm are hanging on the >> exact same 4 tests: >> >> | \_ openvassd: testing xxx >> (/opt/openvas9/var/lib/openvas/plugins/ssh_authorization.nasl) >> | \_ openvassd: testing xxx >>
Re: [Openvas-discuss] OpenVAS9 hanging nasl tasks
Christian, I did rebuild the manager etc' to get the nasl change 'live'. I'll take a look at the patch and consider my options. Thank you for the information and work. Thijs Stuurman Security Operations Center | KPN Internedservices thijs.stuur...@internedservices.nl | thijs.stuur...@kpn.com T: +31(0)299476185 | M: +31(0)624366778 PGP Key-ID: 0x16ADC048 (https://pgp.surfnet.nl/) Fingerprint: 2EDB 9B42 D6E8 7D4B 6E02 8BE5 6D46 8007 16AD C048 W: https://www.internedservices.nl | L: http://nl.linkedin.com/in/thijsstuurman -Oorspronkelijk bericht- Van: Christian Fischer [mailto:christian.fisc...@greenbone.net] Verzonden: maandag 29 mei 2017 13:41 Aan: Thijs Stuurman <thijs.stuur...@internedservices.nl>; openvas-discuss@wald.intevation.org Onderwerp: Re: [Openvas-discuss] OpenVAS9 hanging nasl tasks Hi, On 29.05.2017 13:02, Thijs Stuurman wrote: > Christian & Hani, > > Ok, current SVN trunk version of OpenVAS9 runs fast and finishes without any > issues on the task that used to hang. > I did adjust the suggested NASL files based on > https://lists.wald.intevation.org/pipermail/openvas-nvts-commits/2017- > May/006214.html in my previous mail i but forgot to mention that you need to do a restart of the scanner and a rebuild of the manager to get the NASL changes "live". > Going to upgrade my other scanners later today and start more tasks after. i don't recommend to use the current trunk on a productive environment. The mentioned issue is also fixed in the current openvas-scanner-5.1 branch with the following commit: https://lists.wald.intevation.org/pipermail/openvas-commits/2017-May/028439.html so you can still run the latest stable OpenVAS 9 releases with that patch applied until an official release with the patch included was done. Regards, > Thijs Stuurman > Security Operations Center | KPN Internedservices > thijs.stuur...@internedservices.nl | thijs.stuur...@kpn.com > T: +31(0)299476185 | M: +31(0)624366778 PGP Key-ID: 0x16ADC048 > (https://pgp.surfnet.nl/) > Fingerprint: 2EDB 9B42 D6E8 7D4B 6E02 8BE5 6D46 8007 16AD C048 > > W: https://www.internedservices.nl | L: > http://nl.linkedin.com/in/thijsstuurman > > > > > -Oorspronkelijk bericht- > Van: Thijs Stuurman > Verzonden: maandag 29 mei 2017 10:27 > Aan: openvas-discuss@wald.intevation.org > CC: 'Christian Fischer' <christian.fisc...@greenbone.net> > Onderwerp: RE: [Openvas-discuss] OpenVAS9 hanging nasl tasks > > Christian, > > Thank you for the tip, unfortunately it still hangs on the mentioned 4 checks > even after 45 minutes. > * The progress does get to 6% now instead of 2%. > > I am going to install the trunk version from the SVN repo to see if that > helps. > > > Thijs Stuurman > Security Operations Center | KPN Internedservices > thijs.stuur...@internedservices.nl | thijs.stuur...@kpn.com > T: +31(0)299476185 | M: +31(0)624366778 PGP Key-ID: 0x16ADC048 > (https://pgp.surfnet.nl/) > Fingerprint: 2EDB 9B42 D6E8 7D4B 6E02 8BE5 6D46 8007 16AD C048 > > W: https://www.internedservices.nl | L: > http://nl.linkedin.com/in/thijsstuurman > > > > > -Oorspronkelijk bericht- > Van: Openvas-discuss > [mailto:openvas-discuss-boun...@wald.intevation.org] Namens Christian > Fischer > Verzonden: vrijdag 26 mei 2017 23:52 > Aan: openvas-discuss@wald.intevation.org > Onderwerp: Re: [Openvas-discuss] OpenVAS9 hanging nasl tasks > > Hi, > > On 23.05.2017 13:05, Thijs Stuurman wrote: >> OpenVAS discuss list, >> >> I ran a few scans with my new OpenVAS9 setup and all worked well. >> Now I am starting a lot of scans and noticing most of 'm are hanging on the >> exact same 4 tests: >> >> | \_ openvassd: testing xxx >> (/opt/openvas9/var/lib/openvas/plugins/ssh_authorization.nasl) >> | \_ openvassd: testing xxx >> (/opt/openvas9/var/lib/openvas/plugins/netbios_name_get.nasl) >> | \_ openvassd: testing xxx >> (/opt/openvas9/var/lib/openvas/plugins/pre2008/tcp_port_zero.nasl) >> | \_ openvassd: testing xxx >> | (/opt/openvas9/var/lib/openvas/plugins/2012/secpod_database_open_ac >> | c >> | ess_vuln.nasl) >> >> Is anyone else experiencing this? Is this a known issue? I updated the NVT's >> etc' yesterday. >> The processes run for an hour+. >> Killing defuncts the process. I am unable to continue in any way except kill >> and abort the whole scan. > > this might be a bug in the plugin scheduler triggered by a recent feed > update. The bugfix is already included in the current OpenVAS 9 branch but > not released yet. > > For now try to do the following changes to the two mentioned NVTs: > > https://lists.w
Re: [Openvas-discuss] OpenVAS9 hanging nasl tasks
Christian & Hani, Ok, current SVN trunk version of OpenVAS9 runs fast and finishes without any issues on the task that used to hang. I did adjust the suggested NASL files based on https://lists.wald.intevation.org/pipermail/openvas-nvts-commits/2017-May/006214.html Going to upgrade my other scanners later today and start more tasks after. Thijs Stuurman Security Operations Center | KPN Internedservices thijs.stuur...@internedservices.nl | thijs.stuur...@kpn.com T: +31(0)299476185 | M: +31(0)624366778 PGP Key-ID: 0x16ADC048 (https://pgp.surfnet.nl/) Fingerprint: 2EDB 9B42 D6E8 7D4B 6E02 8BE5 6D46 8007 16AD C048 W: https://www.internedservices.nl | L: http://nl.linkedin.com/in/thijsstuurman -Oorspronkelijk bericht- Van: Thijs Stuurman Verzonden: maandag 29 mei 2017 10:27 Aan: openvas-discuss@wald.intevation.org CC: 'Christian Fischer' <christian.fisc...@greenbone.net> Onderwerp: RE: [Openvas-discuss] OpenVAS9 hanging nasl tasks Christian, Thank you for the tip, unfortunately it still hangs on the mentioned 4 checks even after 45 minutes. * The progress does get to 6% now instead of 2%. I am going to install the trunk version from the SVN repo to see if that helps. Thijs Stuurman Security Operations Center | KPN Internedservices thijs.stuur...@internedservices.nl | thijs.stuur...@kpn.com T: +31(0)299476185 | M: +31(0)624366778 PGP Key-ID: 0x16ADC048 (https://pgp.surfnet.nl/) Fingerprint: 2EDB 9B42 D6E8 7D4B 6E02 8BE5 6D46 8007 16AD C048 W: https://www.internedservices.nl | L: http://nl.linkedin.com/in/thijsstuurman -Oorspronkelijk bericht- Van: Openvas-discuss [mailto:openvas-discuss-boun...@wald.intevation.org] Namens Christian Fischer Verzonden: vrijdag 26 mei 2017 23:52 Aan: openvas-discuss@wald.intevation.org Onderwerp: Re: [Openvas-discuss] OpenVAS9 hanging nasl tasks Hi, On 23.05.2017 13:05, Thijs Stuurman wrote: > OpenVAS discuss list, > > I ran a few scans with my new OpenVAS9 setup and all worked well. > Now I am starting a lot of scans and noticing most of 'm are hanging on the > exact same 4 tests: > > | \_ openvassd: testing xxx > (/opt/openvas9/var/lib/openvas/plugins/ssh_authorization.nasl) > | \_ openvassd: testing xxx > (/opt/openvas9/var/lib/openvas/plugins/netbios_name_get.nasl) > | \_ openvassd: testing xxx > (/opt/openvas9/var/lib/openvas/plugins/pre2008/tcp_port_zero.nasl) > | \_ openvassd: testing xxx > | (/opt/openvas9/var/lib/openvas/plugins/2012/secpod_database_open_acc > | ess_vuln.nasl) > > Is anyone else experiencing this? Is this a known issue? I updated the NVT's > etc' yesterday. > The processes run for an hour+. > Killing defuncts the process. I am unable to continue in any way except kill > and abort the whole scan. this might be a bug in the plugin scheduler triggered by a recent feed update. The bugfix is already included in the current OpenVAS 9 branch but not released yet. For now try to do the following changes to the two mentioned NVTs: https://lists.wald.intevation.org/pipermail/openvas-nvts-commits/2017-May/006214.html which might do the trick and get your scans back to green. > Thijs Stuurman > Security Operations Center | KPN Internedservices > thijs.stuur...@internedservices.nl | thijs.stuur...@kpn.com > T: +31(0)299476185 | M: +31(0)624366778 PGP Key-ID: 0x16ADC048 > (https://pgp.surfnet.nl/) > Fingerprint: 2EDB 9B42 D6E8 7D4B 6E02 8BE5 6D46 8007 16AD C048 > > W: https://www.internedservices.nl | L: > http://nl.linkedin.com/in/thijsstuurman Regards, -- Christian Fischer | PGP Key: 0x54F3CE5B76C597AD Greenbone Networks GmbH | http://greenbone.net Neumarkt 12, 49074 Osnabrück, Germany | AG Osnabrück, HR B 202460 Geschäftsführer: Lukas Grunwald, Dr. Jan-Oliver Wagner ___ Openvas-discuss mailing list Openvas-discuss@wald.intevation.org https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss ___ Openvas-discuss mailing list Openvas-discuss@wald.intevation.org https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss
[Openvas-discuss] gvm pwpolicy bug in current svn trunk
OpenVAS, I just now set up the latest SVN trunk version of OpenVAS9 and ran in to the following error: md main:MESSAGE:2017-05-29 10h50.07 utc:17270:Greenbone Vulnerability Manager version 7.1+beta1 (SVN revision 28547) (DB revision 187) md manage: INFO:2017-05-29 10h50.07 utc:17270:Creating user. base plcy:WARNING:2017-05-29 10h50.08 utc:17270: error opening '/opt/openvas9-trunk/etc/gvm/pwpolicy.conf': No such file or directory md manage:WARNING:2017-05-29 10h50.08 utc:17270: new password for 'slave' rejected: Password policy checking failed (internal error) The directory gvm does not exist, I added a symlink in the etc directory to the openvas directory to fix this for now on my installation: root@xxx:~# ls -l /opt/openvas9-trunk/etc/ total 4 lrwxrwxrwx 1 root root9 May 29 12:50 gvm -> ./openvas drwxr-xr-x 3 root root 4096 May 29 10:33 openvas Thijs Stuurman Security Operations Center | KPN Internedservices thijs.stuur...@internedservices.nl | thijs.stuur...@kpn.com T: +31(0)299476185 | M: +31(0)624366778 PGP Key-ID: 0x16ADC048 (https://pgp.surfnet.nl/) Fingerprint: 2EDB 9B42 D6E8 7D4B 6E02 8BE5 6D46 8007 16AD C048 W: https://www.internedservices.nl | L: http://nl.linkedin.com/in/thijsstuurman ___ Openvas-discuss mailing list Openvas-discuss@wald.intevation.org https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss
Re: [Openvas-discuss] OpenVAS9 hanging nasl tasks
Christian, Thank you for the tip, unfortunately it still hangs on the mentioned 4 checks even after 45 minutes. * The progress does get to 6% now instead of 2%. I am going to install the trunk version from the SVN repo to see if that helps. Thijs Stuurman Security Operations Center | KPN Internedservices thijs.stuur...@internedservices.nl | thijs.stuur...@kpn.com T: +31(0)299476185 | M: +31(0)624366778 PGP Key-ID: 0x16ADC048 (https://pgp.surfnet.nl/) Fingerprint: 2EDB 9B42 D6E8 7D4B 6E02 8BE5 6D46 8007 16AD C048 W: https://www.internedservices.nl | L: http://nl.linkedin.com/in/thijsstuurman -Oorspronkelijk bericht- Van: Openvas-discuss [mailto:openvas-discuss-boun...@wald.intevation.org] Namens Christian Fischer Verzonden: vrijdag 26 mei 2017 23:52 Aan: openvas-discuss@wald.intevation.org Onderwerp: Re: [Openvas-discuss] OpenVAS9 hanging nasl tasks Hi, On 23.05.2017 13:05, Thijs Stuurman wrote: > OpenVAS discuss list, > > I ran a few scans with my new OpenVAS9 setup and all worked well. > Now I am starting a lot of scans and noticing most of 'm are hanging on the > exact same 4 tests: > > | \_ openvassd: testing xxx > (/opt/openvas9/var/lib/openvas/plugins/ssh_authorization.nasl) > | \_ openvassd: testing xxx > (/opt/openvas9/var/lib/openvas/plugins/netbios_name_get.nasl) > | \_ openvassd: testing xxx > (/opt/openvas9/var/lib/openvas/plugins/pre2008/tcp_port_zero.nasl) > | \_ openvassd: testing xxx > | (/opt/openvas9/var/lib/openvas/plugins/2012/secpod_database_open_acc > | ess_vuln.nasl) > > Is anyone else experiencing this? Is this a known issue? I updated the NVT's > etc' yesterday. > The processes run for an hour+. > Killing defuncts the process. I am unable to continue in any way except kill > and abort the whole scan. this might be a bug in the plugin scheduler triggered by a recent feed update. The bugfix is already included in the current OpenVAS 9 branch but not released yet. For now try to do the following changes to the two mentioned NVTs: https://lists.wald.intevation.org/pipermail/openvas-nvts-commits/2017-May/006214.html which might do the trick and get your scans back to green. > Thijs Stuurman > Security Operations Center | KPN Internedservices > thijs.stuur...@internedservices.nl | thijs.stuur...@kpn.com > T: +31(0)299476185 | M: +31(0)624366778 PGP Key-ID: 0x16ADC048 > (https://pgp.surfnet.nl/) > Fingerprint: 2EDB 9B42 D6E8 7D4B 6E02 8BE5 6D46 8007 16AD C048 > > W: https://www.internedservices.nl | L: > http://nl.linkedin.com/in/thijsstuurman Regards, -- Christian Fischer | PGP Key: 0x54F3CE5B76C597AD Greenbone Networks GmbH | http://greenbone.net Neumarkt 12, 49074 Osnabrück, Germany | AG Osnabrück, HR B 202460 Geschäftsführer: Lukas Grunwald, Dr. Jan-Oliver Wagner ___ Openvas-discuss mailing list Openvas-discuss@wald.intevation.org https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss ___ Openvas-discuss mailing list Openvas-discuss@wald.intevation.org https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss
Re: [Openvas-discuss] OpenVAS9 hanging nasl tasks
Hani,
The task should have long finished by now.
It ended up with all 4 again:
"""
root 18222 0.1 0.1 143332 14024 ?Ss 11:31 0:12 openvassd:
Waiting for incoming connections
root 23807 0.4 0.3 158932 25056 ?Ss 13:08 0:17 \_ openvassd:
Serving /opt/openvas9/var/run/openvassd.sock
root 23878 47.0 0.2 158932 21416 ?t13:08 30:57 \_
openvassd: testing xxx
root 24812 0.0 0.2 158932 21484 ?S13:15 0:00 \_
openvassd: testing xxx
(/opt/openvas9/var/lib/openvas/plugins/ssh_authorization.nasl)
root 24813 0.0 0.2 158932 21488 ?S13:15 0:00 \_
openvassd: testing xxx
(/opt/openvas9/var/lib/openvas/plugins/netbios_name_get.nasl)
root 26277 0.0 0.2 158932 21484 ?S13:25 0:00 \_
openvassd: testing xxx
(/opt/openvas9/var/lib/openvas/plugins/2012/secpod_database_open_access_vuln.nasl)
root 29234 0.3 0.2 158932 22320 ?S13:47 0:05 \_
openvassd: testing xxx
(/opt/openvas9/var/lib/openvas/plugins/pre2008/tcp_port_zero.nasl)
root 18290 0.0 1.0 267816 87920 pts/2SL 11:32 0:02 openvasmd
root 23802 0.6 1.1 279308 95524 pts/2S13:08 0:25 \_ openvasmd
root 23812 0.1 1.1 274480 98048 pts/2S13:08 0:04 \_
openvasmd: OTP: Handling scan c9ac6ded-8474-4d76-bfa6-dd5f6faabaf6
"""
The Nasl's are hanging in "recvfrom(xx,"
The "openvassd: testing" process is very busy with read and writes:
"""
...
write(5, "*2\r\n$11\r\nSRANDMEMBER\r\n$41\r\noid:1"..., 70) = 70
read(5, "$1\r\n3\r\n", 16384) = 7
write(5, "*2\r\n$11\r\nSRANDMEMBER\r\n$40\r\noid:1"..., 69) = 69
read(5, "$1\r\n3\r\n", 16384) = 7
write(5, "*2\r\n$11\r\nSRANDMEMBER\r\n$40\r\noid:1"..., 69) = 69
read(5, "$1\r\n3\r\n", 16384) = 7
write(5, "*2\r\n$11\r\nSRANDMEMBER\r\n$41\r\noid:1"..., 70) = 70
...
"""
A 120 second strace dump while grepping away all those read and writes delivers
the following:
"""
...
getppid() = 23807
wait4(23807, NULL, WNOHANG, NULL) = -1 ECHILD (No child processes)
kill(23807, SIG_0) = 0
...
"""
Always the same pid, the 120 second dump results in 18 of those.
The pid is the following process:
root 23807 0.4 0.3 158932 25056 ?Ss 13:08 0:18 \_ openvassd:
Serving /opt/openvas9/var/run/openvassd.sock
It is not clear to me what it is hanging on, but it hangs while looping
something for sure.
Strace of 23807 shows it looping on:
"""
kill(23878, SIG_0) = 0
select(9, [8], NULL, NULL, {0, 1}) = 0 (Timeout)
select(8, [7], NULL, NULL, {0, 1000}) = 0 (Timeout)
wait4(-1, NULL, WNOHANG, NULL) = 0
"""
23778 is the testing process:
root 23878 47.1 0.2 158932 21416 ?R13:08 34:57 \_
openvassd: testing xxx
Thijs Stuurman
Security Operations Center | KPN Internedservices
thijs.stuur...@internedservices.nl | thijs.stuur...@kpn.com
T: +31(0)299476185 | M: +31(0)624366778
PGP Key-ID: 0x16ADC048 (https://pgp.surfnet.nl/)
Fingerprint: 2EDB 9B42 D6E8 7D4B 6E02 8BE5 6D46 8007 16AD C048
W: https://www.internedservices.nl | L: http://nl.linkedin.com/in/thijsstuurman
-Oorspronkelijk bericht-
Van: Openvas-discuss [mailto:openvas-discuss-boun...@wald.intevation.org]
Namens Thijs Stuurman
Verzonden: woensdag 24 mei 2017 13:39
Aan: Hani Benhabiles <hani.benhabi...@greenbone.net>
CC: openvas-discuss@wald.intevation.org
Onderwerp: Re: [Openvas-discuss] OpenVAS9 hanging nasl tasks
Hani,
I restarted the task that stops a few times with the same result every time.
Ran one other scan on the same scanner which completed just fine.
Yesterday I saw 4 tasks hanging, now only 2 after about 5 minutes of running:
ssh_authorization.nasl and netbios_name_get.nasl
I did update the nvt database this morning.
The target host in this scan is 'dead' and I do not expect to see any open
ports.
The ssh_authorization.nasl strace hangs at:
recvfrom(10,
Just now I saw secpod_database_open_Access_vuln.nasl getting started. So now I
expect it to end up hanging with the same 4 tasks as yesterday.
Redis is busy as ever but it seems 'normal' behavior.
Right now I think it has to do with systems not responding but these particular
scans are not being killed while I do have the default timeouts set.
Plugins_timeout is set to 320, about 5 minutes but these are running for over
30 minutes while I'm typing this email.
Checks_read_timeout = 5
scanner_plugins_timeout = 36000 ... is this the relevant one? It's set to 10
hours by default ?! hmm
Perhaps I ran in to the issue from 5.0.7 as I went from OpenVAS8 to OpenVAS9
with my scan config? The Full and fast scan (never
Re: [Openvas-discuss] OpenVAS9 hanging nasl tasks
Hani, I restarted the task that stops a few times with the same result every time. Ran one other scan on the same scanner which completed just fine. Yesterday I saw 4 tasks hanging, now only 2 after about 5 minutes of running: ssh_authorization.nasl and netbios_name_get.nasl I did update the nvt database this morning. The target host in this scan is 'dead' and I do not expect to see any open ports. The ssh_authorization.nasl strace hangs at: recvfrom(10, Just now I saw secpod_database_open_Access_vuln.nasl getting started. So now I expect it to end up hanging with the same 4 tasks as yesterday. Redis is busy as ever but it seems 'normal' behavior. Right now I think it has to do with systems not responding but these particular scans are not being killed while I do have the default timeouts set. Plugins_timeout is set to 320, about 5 minutes but these are running for over 30 minutes while I'm typing this email. Checks_read_timeout = 5 scanner_plugins_timeout = 36000 ... is this the relevant one? It's set to 10 hours by default ?! hmm Perhaps I ran in to the issue from 5.0.7 as I went from OpenVAS8 to OpenVAS9 with my scan config? The Full and fast scan (never used it) uses the same values. Main changes compared to 5.0.7: 15 * An issue which caused the 'scanner_plugins_timeout' preference to contain a 16 wrong value under certain circumstances has been addressed. Thijs Stuurman Security Operations Center | KPN Internedservices thijs.stuur...@internedservices.nl | thijs.stuur...@kpn.com T: +31(0)299476185 | M: +31(0)624366778 PGP Key-ID: 0x16ADC048 (https://pgp.surfnet.nl/) Fingerprint: 2EDB 9B42 D6E8 7D4B 6E02 8BE5 6D46 8007 16AD C048 W: https://www.internedservices.nl | L: http://nl.linkedin.com/in/thijsstuurman -Oorspronkelijk bericht- Van: Thijs Stuurman Verzonden: woensdag 24 mei 2017 12:56 Aan: 'Hani Benhabiles' <hani.benhabi...@greenbone.net> CC: openvas-discuss@wald.intevation.org Onderwerp: RE: [Openvas-discuss] OpenVAS9 hanging nasl tasks Hani, - Can you get a backtrace for the stuck processes ? The 4 nvts ones + the "testing " parent. - Could it be related to your Redis setup ? You can monitor it with: redis-cli -s /tmp/redis.sock MONITOR Strange, it floods with: """ ... 1495622782.133505 [1 unix:/var/run/redis/redis.sock] "SRANDMEMBER" "oid:1.3.6.1.4.1.25623.1.0.94181:category" 1495622782.133559 [1 unix:/var/run/redis/redis.sock] "SRANDMEMBER" "oid:1.3.6.1.4.1.25623.1.0.869756:category" 1495622782.133601 [1 unix:/var/run/redis/redis.sock] "SRANDMEMBER" "oid:1.3.6.1.4.1.25623.1.0.870215:category" 1495622782.133667 [1 unix:/var/run/redis/redis.sock] "SRANDMEMBER" "oid:1.3.6.1.4.1.25623.1.0.902298:category" 1495622782.133728 [1 unix:/var/run/redis/redis.sock] "SRANDMEMBER" "oid:1.3.6.1.4.1.25623.1.0.869970:category" 1495622782.133813 [1 unix:/var/run/redis/redis.sock] "SRANDMEMBER" "oid:1.3.6.1.4.1.25623.1.0.865412:category" 1495622782.133859 [1 unix:/var/run/redis/redis.sock] "SRANDMEMBER" "oid:1.3.6.1.4.1.25623.1.0.801558:category" ... """ Strace on openvassd show's: """ ... read(5, "$1\r\n3\r\n", 16384) = 7 write(5, "*2\r\n$11\r\nSRANDMEMBER\r\n$40\r\noid:1"..., 69) = 69 read(5, "$1\r\n3\r\n", 16384) = 7 write(5, "*2\r\n$11\r\nSRANDMEMBER\r\n$41\r\noid:1"..., 70) = 70 read(5, "$1\r\n3\r\n", 16384) = 7 write(5, "*2\r\n$11\r\nSRANDMEMBER\r\n$41\r\noid:1"..., 70) = 70 read(5, "$1\r\n3\r\n", 16384) = 7 write(5, "*2\r\n$11\r\nSRANDMEMBER\r\n$40\r\noid:1"..., 69) = 69 ... """ Both redis and openvassd are consuming all CPU resources together. - If you're able to build from source, do you see this issue with current openvas-9 branch, and with trunk branch too ? I build from source, currently running from http://www.openvas.org/install-source.html on Ubuntu 16.04 LTS: openvas-libraries-9.0.1.tar.gz openvas-manager-7.0.1.tar.gz openvas-scanner-5.1.1.tar.gz Before I get in to more debugging (bit short on time today to dive in to this), perhaps this information explains the problem? It gets stuck on just 2 now (ssh_authorization.nasl and netbios_name_get.nasl) so it seems to not be the actual nasl scan being the issue but something with my openvassd and redis part of the scanner. I run 4 scanners with the same setup/version's and there are some jobs that completed without any issue. When I stop this scan, my openvassd.messages log says: """ [Wed May 24 10:53:23 2017][19411] Stopping the whole test (requested by client) [Wed May 24 10:53:23 2017][19411] Stopping host XXX scan [Wed May 24 10:53:31 2017][19500] Stopped scan wrap-up: Launching 2014/gb_windows_services_stop.nasl (1.3.6.1.4.1
Re: [Openvas-discuss] OpenVAS9 hanging nasl tasks
017][19500] Stopped scan wrap-up: Launching GSHB/EL11/GSHB-11.nasl (1.3.6.1.4.1.25623.1.0.895000) [Wed May 24 10:53:31 2017][19500] Stopped scan wrap-up: Launching cpe_inventory.nasl (1.3.6.1.4.1.25623.1.0.810002) [Wed May 24 10:53:31 2017][19500] Stopped scan wrap-up: Launching pre2008/scan_info.nasl (1.3.6.1.4.1.25623.1.0.19506) [Wed May 24 10:53:31 2017][19500] Stopped scan wrap-up: Launching GSHB/GSHB.nasl (1.3.6.1.4.1.25623.1.0.94171) [Wed May 24 10:53:31 2017][19500] Stopped scan wrap-up: Launching 2013/gb_os_eol.nasl (1.3.6.1.4.1.25623.1.0.103674) [Wed May 24 10:53:31 2017][19500] Stopped scan wrap-up: Launching GSHB/EL13/GSHB-13.nasl (1.3.6.1.4.1.25623.1.0.94999) [Wed May 24 10:53:31 2017][19500] Stopped scan wrap-up: Launching Policy/gb_policy_tls_violation.nasl (1.3.6.1.4.1.25623.1.0.105780) [Wed May 24 10:53:31 2017][19500] Stopped scan wrap-up: Launching pre2008/check_ports.nasl (1.3.6.1.4.1.25623.1.0.10919) [Wed May 24 10:53:31 2017][19500] Stopped scan wrap-up: Launching 2016/gb_default_ssh_credentials_report.nasl (1.3.6.1.4.1.25623.1.0.103239) [Wed May 24 10:53:31 2017][19500] Stopped scan wrap-up: Launching 2017/gb_default_http_credentials_report.nasl (1.3.6.1.4.1.25623.1.0.103240) [Wed May 24 10:53:31 2017][19500] Stopped scan wrap-up: Launching 2011/host_details.nasl (1.3.6.1.4.1.25623.1.0.103997) [Wed May 24 10:53:31 2017][19500] Stopped scan wrap-up: Launching 2013/gb_host_scanned_ssh.nasl (1.3.6.1.4.1.25623.1.0.103625) [Wed May 24 10:53:31 2017][19500] Stopped scan wrap-up: Launching 2013/gb_host_scanned_wmi.nasl (1.3.6.1.4.1.25623.1.0.96171) [Wed May 24 10:53:31 2017][19500] Stopped scan wrap-up: Launching Policy/gb_policy_cpe.nasl (1.3.6.1.4.1.25623.1.0.103962) [Wed May 24 10:53:31 2017][19500] Stopped scan wrap-up: Launching 2009/cpe_policy.nasl (1.3.6.1.4.1.25623.1.0.100353) [Wed May 24 10:53:31 2017][19500] Stopped scan wrap-up: Launching Policy/gb_policy_cpe_violation.nasl (1.3.6.1.4.1.25623.1.0.103964) [Wed May 24 10:53:31 2017][19500] Stopped scan wrap-up: Launching Policy/gb_policy_cpe_ok.nasl (1.3.6.1.4.1.25623.1.0.103963) [Wed May 24 10:53:31 2017][19411] Test complete [Wed May 24 10:53:31 2017][19411] Total time to scan all hosts : 702 seconds """ Seems like it wanted to start more but never could. Perhaps I have to rebuild the redis DB; any and all tips are welcome of course. Thijs Stuurman Security Operations Center | KPN Internedservices thijs.stuur...@internedservices.nl | thijs.stuur...@kpn.com T: +31(0)299476185 | M: +31(0)624366778 PGP Key-ID: 0x16ADC048 (https://pgp.surfnet.nl/) Fingerprint: 2EDB 9B42 D6E8 7D4B 6E02 8BE5 6D46 8007 16AD C048 W: https://www.internedservices.nl | L: http://nl.linkedin.com/in/thijsstuurman -Oorspronkelijk bericht- Van: Hani Benhabiles [mailto:hani.benhabi...@greenbone.net] Verzonden: woensdag 24 mei 2017 12:10 Aan: Thijs Stuurman <thijs.stuur...@internedservices.nl> CC: openvas-discuss@wald.intevation.org Onderwerp: Re: [Openvas-discuss] OpenVAS9 hanging nasl tasks On 2017-05-23 12:05, Thijs Stuurman wrote: > OpenVAS discuss list, > > I ran a few scans with my new OpenVAS9 setup and all worked well. > Now I am starting a lot of scans and noticing most of 'm are hanging > on the exact same 4 tests: > > | \_ openvassd: testing xxx > (/opt/openvas9/var/lib/openvas/plugins/ssh_authorization.nasl) > | \_ openvassd: testing xxx > (/opt/openvas9/var/lib/openvas/plugins/netbios_name_get.nasl) > | \_ openvassd: testing xxx > (/opt/openvas9/var/lib/openvas/plugins/pre2008/tcp_port_zero.nasl) > | \_ openvassd: testing xxx > (/opt/openvas9/var/lib/openvas/plugins/2012/secpod_database_open_acces > s_vuln.nasl) > > Is anyone else experiencing this? Is this a known issue? I updated the > NVT's etc' yesterday. > The processes run for an hour+. > Killing defuncts the process. I am unable to continue in any way > except kill and abort the whole scan. > > Hi Thijs, - Can you get a backtrace for the stuck processes ? The 4 nvts ones + the "testing " parent. - Could it be related to your Redis setup ? You can monitor it with: redis-cli -s /tmp/redis.sock MONITOR - If you're able to build from source, do you see this issue with current openvas-9 branch, and with trunk branch too ? Best regards, Hani. ___ Openvas-discuss mailing list Openvas-discuss@wald.intevation.org https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss
[Openvas-discuss] OpenVAS9 hanging nasl tasks
OpenVAS discuss list, I ran a few scans with my new OpenVAS9 setup and all worked well. Now I am starting a lot of scans and noticing most of 'm are hanging on the exact same 4 tests: | \_ openvassd: testing xxx (/opt/openvas9/var/lib/openvas/plugins/ssh_authorization.nasl) | \_ openvassd: testing xxx (/opt/openvas9/var/lib/openvas/plugins/netbios_name_get.nasl) | \_ openvassd: testing xxx (/opt/openvas9/var/lib/openvas/plugins/pre2008/tcp_port_zero.nasl) | \_ openvassd: testing xxx (/opt/openvas9/var/lib/openvas/plugins/2012/secpod_database_open_access_vuln.nasl) Is anyone else experiencing this? Is this a known issue? I updated the NVT's etc' yesterday. The processes run for an hour+. Killing defuncts the process. I am unable to continue in any way except kill and abort the whole scan. Thijs Stuurman Security Operations Center | KPN Internedservices thijs.stuur...@internedservices.nl | thijs.stuur...@kpn.com T: +31(0)299476185 | M: +31(0)624366778 PGP Key-ID: 0x16ADC048 (https://pgp.surfnet.nl/) Fingerprint: 2EDB 9B42 D6E8 7D4B 6E02 8BE5 6D46 8007 16AD C048 W: https://www.internedservices.nl | L: http://nl.linkedin.com/in/thijsstuurman ___ Openvas-discuss mailing list Openvas-discuss@wald.intevation.org https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss
Re: [Openvas-discuss] Problem with OpenVAS source code installation
Nikita, Oh! I couldn’t really make that up out of the errors. Good to hear you fixed it! Thijs Stuurman Security Operations Center | KPN Internedservices thijs.stuur...@internedservices.nl<mailto:thijs.stuur...@internedservices.nl> | thijs.stuur...@kpn.com<mailto:thijs.stuur...@kpn.com> T: +31(0)299476185 | M: +31(0)624366778 PGP Key-ID: 0x16ADC048 (https://pgp.surfnet.nl/) Fingerprint: 2EDB 9B42 D6E8 7D4B 6E02 8BE5 6D46 8007 16AD C048 W: https://www.internedservices.nl<https://www.internedservices.nl/> | L: http://nl.linkedin.com/in/thijsstuurman Van: Nikita Gupta [mailto:nikitar...@gmail.com] Verzonden: vrijdag 19 mei 2017 19:34 Aan: Thijs Stuurman <thijs.stuur...@internedservices.nl> CC: openvas-discuss@wald.intevation.org Onderwerp: Re: [Openvas-discuss] Problem with OpenVAS source code installation Thanks Thijs, I had installed gnutls but actually gnutls-dev package was required. After installing gnutls-dev, the issue got resolved. Regards, Nikita On Fri, May 19, 2017 at 6:30 PM, Thijs Stuurman <thijs.stuur...@internedservices.nl<mailto:thijs.stuur...@internedservices.nl>> wrote: Try this one: ../openvas-libraries-9.0.1/build/CMakeCache.txt Line 40: //Flags used by the compiler during all build types. CMAKE_C_FLAGS:STRING= Van: Nikita Gupta [mailto:nikitar...@gmail.com<mailto:nikitar...@gmail.com>] Verzonden: vrijdag 19 mei 2017 12:04 Aan: Thijs Stuurman <thijs.stuur...@internedservices.nl<mailto:thijs.stuur...@internedservices.nl>> CC: openvas-discuss@wald.intevation.org<mailto:openvas-discuss@wald.intevation.org> Onderwerp: Re: [Openvas-discuss] Problem with OpenVAS source code installation Hi Thijs, Thanks for answering the question. There is only one file build/CMakeCache.txt where I could define it. Though the variable "CXXFLAGS" is not defined anywhere. I defined the variable and tried building again with make command, but again the same error. No result. I think the configuration must be set out of the build directory. But not sure. Can you look into this. Thanks, Nikita On Fri, May 19, 2017 at 3:00 PM, Thijs Stuurman <thijs.stuur...@internedservices.nl<mailto:thijs.stuur...@internedservices.nl>> wrote: I have not seen this error on Ubuntu 16.04, try adding the –fPIC to the build process. Find a cmake kind of file in your build directory, something like: CMAKE_CXX_FLAGS:STRING and add the option. Thijs Stuurman Security Operations Center | KPN Internedservices thijs.stuur...@internedservices.nl<mailto:thijs.stuur...@internedservices.nl> | thijs.stuur...@kpn.com<mailto:thijs.stuur...@kpn.com> T: +31(0)299476185 | M: +31(0)624366778 PGP Key-ID: 0x16ADC048 (https://pgp.surfnet.nl/) Fingerprint: 2EDB 9B42 D6E8 7D4B 6E02 8BE5 6D46 8007 16AD C048 W: https://www.internedservices.nl<https://www.internedservices.nl/> | L: http://nl.linkedin.com/in/thijsstuurman Van: Openvas-discuss [mailto:openvas-discuss-boun...@wald.intevation.org<mailto:openvas-discuss-boun...@wald.intevation.org>] Namens Nikita Gupta Verzonden: vrijdag 19 mei 2017 11:22 Aan: openvas-discuss@wald.intevation.org<mailto:openvas-discuss@wald.intevation.org> Onderwerp: [Openvas-discuss] Problem with OpenVAS source code installation Hi All, I was trying to install the OpenVAS by downloading the souce code from http://www.openvas.org/install-source.html But While installing the libraries source package, it stops at make configuration step by giving error: /usr/bin/ld: /usr/local/lib/libgnutls.a(record.o): relocation R_X86_64_32 against `.rodata' can not be used when making a shared object; recompile with -fPIC /usr/local/lib/libgnutls.a: error adding symbols: Bad value collect2: error: ld returned 1 exit status misc/CMakeFiles/openvas_misc_shared.dir/build.make:537: recipe for target 'misc/libopenvas_misc.so.9.0.1' failed make[2]: *** [misc/libopenvas_misc.so.9.0.1] Error 1 CMakeFiles/Makefile2:245: recipe for target 'misc/CMakeFiles/openvas_misc_shared.dir/all' failed make[1]: *** [misc/CMakeFiles/openvas_misc_shared.dir/all] Error 2 Makefile:160: recipe for target 'all' failed make: *** [all] Error 2 Can anyone help me to fix this issue. I searched online also. But not of much help. -- Regards, Nikita Gupta ___ Openvas-discuss mailing list Openvas-discuss@wald.intevation.org<mailto:Openvas-discuss@wald.intevation.org> https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss -- Regards, Nikita Gupta -- Regards, Nikita Gupta ___ Openvas-discuss mailing list Openvas-discuss@wald.intevation.org https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss
Re: [Openvas-discuss] Problem with OpenVAS source code installation
Try this one: ../openvas-libraries-9.0.1/build/CMakeCache.txt Line 40: //Flags used by the compiler during all build types. CMAKE_C_FLAGS:STRING= Van: Nikita Gupta [mailto:nikitar...@gmail.com] Verzonden: vrijdag 19 mei 2017 12:04 Aan: Thijs Stuurman <thijs.stuur...@internedservices.nl> CC: openvas-discuss@wald.intevation.org Onderwerp: Re: [Openvas-discuss] Problem with OpenVAS source code installation Hi Thijs, Thanks for answering the question. There is only one file build/CMakeCache.txt where I could define it. Though the variable "CXXFLAGS" is not defined anywhere. I defined the variable and tried building again with make command, but again the same error. No result. I think the configuration must be set out of the build directory. But not sure. Can you look into this. Thanks, Nikita On Fri, May 19, 2017 at 3:00 PM, Thijs Stuurman <thijs.stuur...@internedservices.nl<mailto:thijs.stuur...@internedservices.nl>> wrote: I have not seen this error on Ubuntu 16.04, try adding the –fPIC to the build process. Find a cmake kind of file in your build directory, something like: CMAKE_CXX_FLAGS:STRING and add the option. Thijs Stuurman Security Operations Center | KPN Internedservices thijs.stuur...@internedservices.nl<mailto:thijs.stuur...@internedservices.nl> | thijs.stuur...@kpn.com<mailto:thijs.stuur...@kpn.com> T: +31(0)299476185 | M: +31(0)624366778 PGP Key-ID: 0x16ADC048 (https://pgp.surfnet.nl/) Fingerprint: 2EDB 9B42 D6E8 7D4B 6E02 8BE5 6D46 8007 16AD C048 W: https://www.internedservices.nl<https://www.internedservices.nl/> | L: http://nl.linkedin.com/in/thijsstuurman Van: Openvas-discuss [mailto:openvas-discuss-boun...@wald.intevation.org<mailto:openvas-discuss-boun...@wald.intevation.org>] Namens Nikita Gupta Verzonden: vrijdag 19 mei 2017 11:22 Aan: openvas-discuss@wald.intevation.org<mailto:openvas-discuss@wald.intevation.org> Onderwerp: [Openvas-discuss] Problem with OpenVAS source code installation Hi All, I was trying to install the OpenVAS by downloading the souce code from http://www.openvas.org/install-source.html But While installing the libraries source package, it stops at make configuration step by giving error: /usr/bin/ld: /usr/local/lib/libgnutls.a(record.o): relocation R_X86_64_32 against `.rodata' can not be used when making a shared object; recompile with -fPIC /usr/local/lib/libgnutls.a: error adding symbols: Bad value collect2: error: ld returned 1 exit status misc/CMakeFiles/openvas_misc_shared.dir/build.make:537: recipe for target 'misc/libopenvas_misc.so.9.0.1' failed make[2]: *** [misc/libopenvas_misc.so.9.0.1] Error 1 CMakeFiles/Makefile2:245: recipe for target 'misc/CMakeFiles/openvas_misc_shared.dir/all' failed make[1]: *** [misc/CMakeFiles/openvas_misc_shared.dir/all] Error 2 Makefile:160: recipe for target 'all' failed make: *** [all] Error 2 Can anyone help me to fix this issue. I searched online also. But not of much help. -- Regards, Nikita Gupta ___ Openvas-discuss mailing list Openvas-discuss@wald.intevation.org<mailto:Openvas-discuss@wald.intevation.org> https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss -- Regards, Nikita Gupta ___ Openvas-discuss mailing list Openvas-discuss@wald.intevation.org https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss
Re: [Openvas-discuss] Problem with OpenVAS source code installation
I have not seen this error on Ubuntu 16.04, try adding the –fPIC to the build process. Find a cmake kind of file in your build directory, something like: CMAKE_CXX_FLAGS:STRING and add the option. Thijs Stuurman Security Operations Center | KPN Internedservices thijs.stuur...@internedservices.nl<mailto:thijs.stuur...@internedservices.nl> | thijs.stuur...@kpn.com<mailto:thijs.stuur...@kpn.com> T: +31(0)299476185 | M: +31(0)624366778 PGP Key-ID: 0x16ADC048 (https://pgp.surfnet.nl/) Fingerprint: 2EDB 9B42 D6E8 7D4B 6E02 8BE5 6D46 8007 16AD C048 W: https://www.internedservices.nl<https://www.internedservices.nl/> | L: http://nl.linkedin.com/in/thijsstuurman Van: Openvas-discuss [mailto:openvas-discuss-boun...@wald.intevation.org] Namens Nikita Gupta Verzonden: vrijdag 19 mei 2017 11:22 Aan: openvas-discuss@wald.intevation.org Onderwerp: [Openvas-discuss] Problem with OpenVAS source code installation Hi All, I was trying to install the OpenVAS by downloading the souce code from http://www.openvas.org/install-source.html But While installing the libraries source package, it stops at make configuration step by giving error: /usr/bin/ld: /usr/local/lib/libgnutls.a(record.o): relocation R_X86_64_32 against `.rodata' can not be used when making a shared object; recompile with -fPIC /usr/local/lib/libgnutls.a: error adding symbols: Bad value collect2: error: ld returned 1 exit status misc/CMakeFiles/openvas_misc_shared.dir/build.make:537: recipe for target 'misc/libopenvas_misc.so.9.0.1' failed make[2]: *** [misc/libopenvas_misc.so.9.0.1] Error 1 CMakeFiles/Makefile2:245: recipe for target 'misc/CMakeFiles/openvas_misc_shared.dir/all' failed make[1]: *** [misc/CMakeFiles/openvas_misc_shared.dir/all] Error 2 Makefile:160: recipe for target 'all' failed make: *** [all] Error 2 Can anyone help me to fix this issue. I searched online also. But not of much help. -- Regards, Nikita Gupta ___ Openvas-discuss mailing list Openvas-discuss@wald.intevation.org https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss
Re: [Openvas-discuss] SCAP / CERT Databases missing
Panos, Nope! I recently went from 8 to 9 and also had issues with the SCAP and CERT database errors. Turned out the scripts wanted to change my database but had no rights to make the changes .. I eventually fixed that and got rid of the errors but I do not see any data. To be honest I gave up for now, not sure if missing it really makes a big deal for me. (what am I missing really? Someone let me know if I should care) Thijs Stuurman Security Operations Center | KPN Internedservices thijs.stuur...@internedservices.nl<mailto:thijs.stuur...@internedservices.nl> | thijs.stuur...@kpn.com<mailto:thijs.stuur...@kpn.com> T: +31(0)299476185 | M: +31(0)624366778 PGP Key-ID: 0x16ADC048 (https://pgp.surfnet.nl/) Fingerprint: 2EDB 9B42 D6E8 7D4B 6E02 8BE5 6D46 8007 16AD C048 W: https://www.internedservices.nl<https://www.internedservices.nl/> | L: http://nl.linkedin.com/in/thijsstuurman Van: Openvas-discuss [mailto:openvas-discuss-boun...@wald.intevation.org] Namens ?a?a???t?? ?e??t??? Verzonden: woensdag 17 mei 2017 16:40 Aan: openvas-discuss@wald.intevation.org; openvas-discuss-requ...@wald.intevation.org Onderwerp: [Openvas-discuss] SCAP / CERT Databases missing Dear All, I have latest versions of kali (4.9.0) and OpenVas (9.0) on a USB stick with persistence. Everything is setup and running, EXCEPT the fact that I get a warning in GSA that SCAP or CERT databases are empty. Followed the instructions for the corresponding feed syncs, but no change whatsoever... Any ideas? Thanks in advance, Panos Panagiotis Leontios Business Engineer | Project Manager | Consultant BEng, DIC, MSc, MBA, IRCA Lead Auditor M: +30 6977 976269 E: leonti...@ath.forthnet.gr<mailto:leonti...@ath.forthnet.gr> B: pleontios.wordpress.com<http://pleontios.wordpress.com/> L: www.linkedin.com/in/leontios<http://www.linkedin.com/in/leontios> T: @pleontios<https://twitter.com/pleontios> ___ Openvas-discuss mailing list Openvas-discuss@wald.intevation.org https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss
Re: [Openvas-discuss] omp --get-tasks
Jonas,
I am not a big fan of those kind of sudden upgrades and I compile OpenVAS from
source manually.
Looking at your strace, it connects to the defaults .. but is there anything
listerning? Can you look with netstat (netstat -vnepl) where openvasmd is
listening on (if at all)?
I actually start openvasmd with specific listening parameters:
/opt/openvas9/sbin/openvasmd -p 9390 -a 127.0.0.1
I think because otherwise it would listen on 0.0.0.0 (ALL your IP interfaces)
which is not a very nice thing to do security wise. Still, if it is listening
on 0.0.0.0 then the connection to 127.0.0.1 should work.
Maybe your openvasmd is listning through a socket and not an IP listener. The
netstat output will show those as well. (or run "netstat -vnepl | grep openvas"
to filter it out of the mess)
Thijs Stuurman
Security Operations Center | KPN Internedservices
thijs.stuur...@internedservices.nl<mailto:thijs.stuur...@internedservices.nl> |
thijs.stuur...@kpn.com<mailto:thijs.stuur...@kpn.com>
T: +31(0)299476185 | M: +31(0)624366778
PGP Key-ID: 0x16ADC048 (https://pgp.surfnet.nl/)
Fingerprint: 2EDB 9B42 D6E8 7D4B 6E02 8BE5 6D46 8007 16AD C048
W: https://www.internedservices.nl<https://www.internedservices.nl/> | L:
http://nl.linkedin.com/in/thijsstuurman
Van: Turner,Jonas [mailto:jotur...@hcr-manorcare.com]
Verzonden: donderdag 18 mei 2017 16:03
Aan: Thijs Stuurman <thijs.stuur...@internedservices.nl>;
openvas-discuss@wald.intevation.org
Onderwerp: RE: [Openvas-discuss] omp --get-tasks
I never had this problem as well until I upgraded the software. I use ansible
to update the clients so sometimes I don't realize a system is actually
upgraded to the latest and greatest, such as OpenVAS.
Here is the strace:
connect(4, {sa_family=AF_INET, sin_port=htons(9390),
sin_addr=inet_addr("127.0.0.1")}, 16) = -1 ECONNREFUSED (Connection refused)
close(4)= 0
write(2, "Failed to acquire socket.\n", 26Failed to acquire socket.
) = 26
write(2, "OMP ping failed: Failed to estab"..., 49OMP ping failed: Failed to
establish connection.
) = 49
From: Openvas-discuss [mailto:openvas-discuss-boun...@wald.intevation.org] On
Behalf Of Thijs Stuurman
Sent: Thursday, May 18, 2017 9:46 AM
To:
openvas-discuss@wald.intevation.org<mailto:openvas-discuss@wald.intevation.org>
Subject: Re: [Openvas-discuss] omp --get-tasks
Jonas,
I never had this problem. OMP here automatically connects just fine. Try a
strace to see what it does?
Just run: "strace omp --ping"
>From that I could pick out the following:
connect(4, {sa_family=AF_INET, sin_port=htons(9390),
sin_addr=inet_addr("127.0.0.1")}, 16) = 0
It connects locally to 127.0.0.1 port 9390 which has (netstat -vnepl) the
openvasmd service listening on my machine:
tcp0 0 127.0.0.1:9390 0.0.0.0:* LISTEN
0 30921 5816/openvasmd
Thijs Stuurman
Security Operations Center | KPN Internedservices
thijs.stuur...@internedservices.nl<mailto:thijs.stuur...@internedservices.nl> |
thijs.stuur...@kpn.com<mailto:thijs.stuur...@kpn.com>
T: +31(0)299476185 | M: +31(0)624366778
PGP Key-ID: 0x16ADC048 (https://pgp.surfnet.nl/)
Fingerprint: 2EDB 9B42 D6E8 7D4B 6E02 8BE5 6D46 8007 16AD C048
W: https://www.internedservices.nl<https://www.internedservices.nl/> | L:
http://nl.linkedin.com/in/thijsstuurman
Van: Openvas-discuss [mailto:openvas-discuss-boun...@wald.intevation.org]
Namens Turner,Jonas
Verzonden: donderdag 18 mei 2017 15:20
Aan: Antu Sanadi <sa...@secpod.com<mailto:sa...@secpod.com>>
CC:
openvas-discuss@wald.intevation.org<mailto:openvas-discuss@wald.intevation.org>
Onderwerp: Re: [Openvas-discuss] omp --get-tasks
Yeah I have restarted the services and the server. The scans and everything
else works well but I just can't seem to use the omp cli
From: Antu Sanadi [mailto:sa...@secpod.com]
Sent: Thursday, May 18, 2017 1:26 AM
To: Turner,Jonas
Cc:
openvas-discuss@wald.intevation.org<mailto:openvas-discuss@wald.intevation.org>
Subject: Re: [Openvas-discuss] omp --get-tasks
Hi,
Have you tried restarting openvas services?
Make sure you do not have two services trying to bind to the same port and
there is no conflict.
Generally "Failed to acquire socket" occurs when you are trying to bind the
port which is already occupied.
And also run the openvas-check-setup script
http://www.openvas.org/setup-and-start.html
Thanks,
Antu Sanadi
On Wednesday 17 May 2017 07:04 PM, Turner,Jonas wrote:
I had everything working great and I updated OpenVAS and apparently the omp CLI
doesn't work. I get the "Failed to acquire socket." Error. Any thoughts on
getting this cli to work again? :)
___
Openvas-discuss mailing list
Openvas-discuss@wald.intevation.org<mailto:Openvas-discuss@wal
Re: [Openvas-discuss] omp --get-tasks
Jonas,
I never had this problem. OMP here automatically connects just fine. Try a
strace to see what it does?
Just run: "strace omp --ping"
>From that I could pick out the following:
connect(4, {sa_family=AF_INET, sin_port=htons(9390),
sin_addr=inet_addr("127.0.0.1")}, 16) = 0
It connects locally to 127.0.0.1 port 9390 which has (netstat -vnepl) the
openvasmd service listening on my machine:
tcp0 0 127.0.0.1:9390 0.0.0.0:* LISTEN
0 30921 5816/openvasmd
Thijs Stuurman
Security Operations Center | KPN Internedservices
thijs.stuur...@internedservices.nl<mailto:thijs.stuur...@internedservices.nl> |
thijs.stuur...@kpn.com<mailto:thijs.stuur...@kpn.com>
T: +31(0)299476185 | M: +31(0)624366778
PGP Key-ID: 0x16ADC048 (https://pgp.surfnet.nl/)
Fingerprint: 2EDB 9B42 D6E8 7D4B 6E02 8BE5 6D46 8007 16AD C048
W: https://www.internedservices.nl<https://www.internedservices.nl/> | L:
http://nl.linkedin.com/in/thijsstuurman
Van: Openvas-discuss [mailto:openvas-discuss-boun...@wald.intevation.org]
Namens Turner,Jonas
Verzonden: donderdag 18 mei 2017 15:20
Aan: Antu Sanadi <sa...@secpod.com>
CC: openvas-discuss@wald.intevation.org
Onderwerp: Re: [Openvas-discuss] omp --get-tasks
Yeah I have restarted the services and the server. The scans and everything
else works well but I just can't seem to use the omp cli
From: Antu Sanadi [mailto:sa...@secpod.com]
Sent: Thursday, May 18, 2017 1:26 AM
To: Turner,Jonas
Cc:
openvas-discuss@wald.intevation.org<mailto:openvas-discuss@wald.intevation.org>
Subject: Re: [Openvas-discuss] omp --get-tasks
Hi,
Have you tried restarting openvas services?
Make sure you do not have two services trying to bind to the same port and
there is no conflict.
Generally "Failed to acquire socket" occurs when you are trying to bind the
port which is already occupied.
And also run the openvas-check-setup script
http://www.openvas.org/setup-and-start.html
Thanks,
Antu Sanadi
On Wednesday 17 May 2017 07:04 PM, Turner,Jonas wrote:
I had everything working great and I updated OpenVAS and apparently the omp CLI
doesn't work. I get the "Failed to acquire socket." Error. Any thoughts on
getting this cli to work again? :)
___
Openvas-discuss mailing list
Openvas-discuss@wald.intevation.org<mailto:Openvas-discuss@wald.intevation.org>
https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss
___
Openvas-discuss mailing list
Openvas-discuss@wald.intevation.org
https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss
[Openvas-discuss] OpenVAS9 and slave scanners
OpenVAS-discuss, Sharing some experience just because. I just now upgraded my platform to OpenVAS9 from 8 and feared issues with my slave scanners because I saw a lot of messages and posts about the OpenVAS9 slaves using sockets instead of a TCP listener. I didn't want to stunnel my way from sockets to IP and such. Turns out, my setup was different from the get-go! My slaves use a full OpenVAS installation (libraries, manager and scanner). The master communicates with the slaves using OMP. This works just fine over TCP with OpenVAS9 through port 9390 with SSL and credentials. In OpenVAS9 I see 3 options for a "Scanner": - OMP Slave - OpenVAS Scanner - OSP Scanner I use the OMP Slave one. If anyone has any questions regarding this, let me know. Thijs Stuurman Security Operations Center | KPN Internedservices thijs.stuur...@internedservices.nl | thijs.stuur...@kpn.com T: +31(0)299476185 | M: +31(0)624366778 PGP Key-ID: 0x16ADC048 (https://pgp.surfnet.nl/) Fingerprint: 2EDB 9B42 D6E8 7D4B 6E02 8BE5 6D46 8007 16AD C048 W: https://www.internedservices.nl | L: http://nl.linkedin.com/in/thijsstuurman ___ Openvas-discuss mailing list Openvas-discuss@wald.intevation.org https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss
Re: [Openvas-discuss] Openvas9 sqlite to postgresql
Ok I found another path that worked successfully for me.
For anyone who needs the information:
- took my original openvas8 sqlite database which was version 146.
- I did NOT migrate this sqlite database with openvasmd to get it to 184 as
previously done
- Running the openvas-migrate-to-postgres script told me that now I was off by
1 table instead of 5 or so
- It was missing "auth_cache" which seems not important to me to migrate so I
adjusted the openvas-migrate-to-postgres script to skip the whole addition of
this table; the table gets created in postgres anyway by the script.
"""
--- openvas-migrate-to-postgres 2017-05-09 19:14:26.0 +0200
+++ openvas-migrate-to-postgres_thijss 2017-05-10 11:20:02.297003082 +0200
@@ -1291,7 +1291,7 @@
creation_time integer);"
}
-TABLES_146="$TABLES_145 auth_cache"
+TABLES_146="$TABLES_145"
migrate_146_to_147 () {
pg "ALTER TABLE report_counts ADD COLUMN min_qod INTEGER;"
"""
After the import I additional ran " ./openvasmd --migrate " to make sure my
postgres was up to date and surely it went Migrating from 147 to 184 again.
I can now login and see all my tasks and reports etc'.
Thijs Stuurman
Security Operations Center | KPN Internedservices
thijs.stuur...@internedservices.nl | thijs.stuur...@kpn.com
T: +31(0)299476185 | M: +31(0)624366778
PGP Key-ID: 0x16ADC048 (https://pgp.surfnet.nl/)
Fingerprint: 2EDB 9B42 D6E8 7D4B 6E02 8BE5 6D46 8007 16AD C048
W: https://www.internedservices.nl | L: http://nl.linkedin.com/in/thijsstuurman
-Oorspronkelijk bericht-----
Van: Openvas-discuss [mailto:openvas-discuss-boun...@wald.intevation.org]
Namens Thijs Stuurman
Verzonden: woensdag 10 mei 2017 10:29
Aan: openvas-discuss@wald.intevation.org
Onderwerp: [Openvas-discuss] Openvas9 sqlite to postgresql
OpenVAS-Discuss,
I am attempting an upgrade from OpenVAS 8 to 9 and sqlite to postgres.
It seems I successfully upgraded my openvas8 sqlite database with the openvas9
openvasmd --migrate:
"""
md main: INFO:2017-05-10 08h20.47 utc:27669:Migrating database.
md main: INFO:2017-05-10 08h20.47 utc:27669:Migrating to 147
...
md main: INFO:2017-05-10 08h20.50 utc:27669:Migrating to 184
"""
Yet I cannot migrate to postgres (using a freshly created empty tasks database)
it ends at:
"""
<31>May 10 10:21:13 openvas-migrate-to-postgres: resources_predefined nvts
tasks reports
11d10
< auth_cache
26,30d24
< host_details
< host_identifiers
< host_max_severities
< host_oss
< hosts
36d29
< oss
<29>May 10 10:21:13 openvas-migrate-to-postgres: Internal Error: tables being
copied do not match tables in SQLite db """
Any tips?
Thijs Stuurman
Security Operations Center | KPN Internedservices
thijs.stuur...@internedservices.nl | thijs.stuur...@kpn.com
T: +31(0)299476185 | M: +31(0)624366778
PGP Key-ID: 0x16ADC048 (https://pgp.surfnet.nl/)
Fingerprint: 2EDB 9B42 D6E8 7D4B 6E02 8BE5 6D46 8007 16AD C048
W: https://www.internedservices.nl | L: http://nl.linkedin.com/in/thijsstuurman
___
Openvas-discuss mailing list
Openvas-discuss@wald.intevation.org
https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss
___
Openvas-discuss mailing list
Openvas-discuss@wald.intevation.org
https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss
[Openvas-discuss] Openvas9 sqlite to postgresql
OpenVAS-Discuss, I am attempting an upgrade from OpenVAS 8 to 9 and sqlite to postgres. It seems I successfully upgraded my openvas8 sqlite database with the openvas9 openvasmd --migrate: """ md main: INFO:2017-05-10 08h20.47 utc:27669:Migrating database. md main: INFO:2017-05-10 08h20.47 utc:27669:Migrating to 147 ... md main: INFO:2017-05-10 08h20.50 utc:27669:Migrating to 184 """ Yet I cannot migrate to postgres (using a freshly created empty tasks database) it ends at: """ <31>May 10 10:21:13 openvas-migrate-to-postgres: resources_predefined nvts tasks reports 11d10 < auth_cache 26,30d24 < host_details < host_identifiers < host_max_severities < host_oss < hosts 36d29 < oss <29>May 10 10:21:13 openvas-migrate-to-postgres: Internal Error: tables being copied do not match tables in SQLite db """ Any tips? Thijs Stuurman Security Operations Center | KPN Internedservices thijs.stuur...@internedservices.nl | thijs.stuur...@kpn.com T: +31(0)299476185 | M: +31(0)624366778 PGP Key-ID: 0x16ADC048 (https://pgp.surfnet.nl/) Fingerprint: 2EDB 9B42 D6E8 7D4B 6E02 8BE5 6D46 8007 16AD C048 W: https://www.internedservices.nl | L: http://nl.linkedin.com/in/thijsstuurman ___ Openvas-discuss mailing list Openvas-discuss@wald.intevation.org https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss
Re: [Openvas-discuss] Using slaves
I am using OpenVAS 8, no idea what changed in 9 on this front, and no.. there is no way. What I currently do is the following: * Master instance which does not run any scans itself, just start on the slave and collect all the information and run the web interface * 2 slaves (1 with public interface and one within a management network) * All jobs are specifically assigned to the slave in the correct network manually when creating the task * I run a bash scheduler script on the Master to start tasks based on the configured slave for the task and how many tasks are running on that slave; limiting my slaves to two tasks at a time. This process simply loops every 5 minutes on week days between 08:00 and 16:00 hours to avoid scans during the weekend and night. My goals is to scan everything at least once a month (my scheduler script checks if it has run this month or not...). This works just fine to finish all the scans within two weeks. (211 tasks in total consisting out of tasks with a single machine, multiple machines and entire subnets) When it is going to take too long I will have to manually add another scan slave and assign some of the current tasks and new tasks to that node... no other way around it. Sometimes when a scan is not causing much load (such as subnet scans which take a long time but the subnet is quite empty) I manually start a one or a few other scans. *When you create a task, before you actually start it, edit it and set "Alterable Task" to yes or you won't be able to change the slave scanner afterwards. If you want I can send you a copy of my scheduler script; it's not yet the nicest script in the world though and written specifically for my setup. Thijs Stuurman Security Operations Center | KPN Internedservices thijs.stuur...@internedservices.nl<mailto:thijs.stuur...@internedservices.nl> | thijs.stuur...@kpn.com<mailto:thijs.stuur...@kpn.com> T: +31(0)299476185 | M: +31(0)624366778 PGP Key-ID: 0x16ADC048 (https://pgp.surfnet.nl/) Fingerprint: 2EDB 9B42 D6E8 7D4B 6E02 8BE5 6D46 8007 16AD C048 W: https://www.internedservices.nl<https://www.internedservices.nl/> | L: http://nl.linkedin.com/in/thijsstuurman Van: Openvas-discuss [mailto:openvas-discuss-boun...@wald.intevation.org] Namens Niklas Klein Verzonden: maandag 10 april 2017 16:15 Aan: openvas-discuss@wald.intevation.org Onderwerp: [Openvas-discuss] Using slaves Hello, I am looking into using slaves to even out the stress on my single openvas-server. I already installed an additional openvas-instance and added it as a slave in my masters webinterface. But it seems like there is no automated loadbalancing and I have to assign tasks, which should be processed by the slave, manually. Is that right? Is there no way to automatize some kind of loadbalancing? I would also be glad if someone had a best practice document about using slaves in particular. Thanks in advance, Niklas ___ Openvas-discuss mailing list Openvas-discuss@wald.intevation.org https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss
Re: [Openvas-discuss] Get results similar to nmap -sV
You probably want this from OpenVAS but I cannot help you there. I recently needed something similar for a quick overview of the netwerk after I had done both an OpenVAS and Nessus scan and ended up using the output option -o in nmap: -oN/-oX/-oS/-oG : Output scan in normal, XML, s|https://nmap.org ) at 2017-03-23 14:59 CET Nmap scan report for localhost (127.0.0.1) Host is up (0.17s latency). Not shown: 997 closed ports PORT STATE SERVICE VERSION 22/tcp open ssh OpenSSH 6.6.1p1 (protocol 2.0) 25/tcp open smtpPostfix smtpd 80/tcp open httpApache httpd 2.4.7 Service Info: Hosts: xxx.hostname.tld, xxx.hostname.tld Service detection performed. Please report any incorrect results at https://nmap.org/submit/ . Nmap done: 1 IP address (1 host up) scanned in 9.31 seconds root@xxx:~# cat filename.txt # Nmap 7.40 scan initiated Thu Mar 23 14:59:11 2017 as: nmap -sV -oG filename.txt 127.0.0.1 Host: 127.0.0.1 (localhost) Status: Up Host: 127.0.0.1 (localhost) Ports: 22/open/tcp//ssh//OpenSSH 6.6.1p1 (protocol 2.0)/, 25/open/tcp//smtp//Postfix smtpd/, 80/open/tcp//http//Apache httpd 2.4.7/ Ignored State: closed (997) # Nmap done at Thu Mar 23 14:59:20 2017 -- 1 IP address (1 host up) scanned in 9.31 seconds """ Afterwards I grepped on "Ports" (or perhaps a -v on Up) and cleaned up the output a bit to get a workable simple overview per host. Thijs Stuurman Security Operations Center | KPN Internedservices thijs.stuur...@internedservices.nl | thijs.stuur...@kpn.com T: +31(0)299476185 | M: +31(0)624366778 PGP Key-ID: 0x16ADC048 (https://pgp.surfnet.nl/) Fingerprint: 2EDB 9B42 D6E8 7D4B 6E02 8BE5 6D46 8007 16AD C048 W: https://www.internedservices.nl | L: http://nl.linkedin.com/in/thijsstuurman -Oorspronkelijk bericht- Van: Openvas-discuss [mailto:openvas-discuss-boun...@wald.intevation.org] Namens Michal Chrobak Verzonden: donderdag 23 maart 2017 13:10 Aan: openvas-discuss@wald.intevation.org Onderwerp: [Openvas-discuss] Get results similar to nmap -sV Hi, I'm trying to prepare some nice output which gives me something like this: Hostname / IP Operation System Open ports Service name and version running under open ports (or more precision: banner which this service returns [I know it can be changed and not accurate]). Almost perfect is Asset Management -> Host details, but there is no information about services. In Scan Mgmt -> Reports -> report_name -> Vulnerability=Services gives very often very general information like " A TLScustom server answered on this port " (where nmap gives "VMware VirtualCenter Web service"). I tried to make some custom scan config to run wrapper for nmap, but I cant' see results similar to nmap -sV which I need. I would be very gracefully if anyone can help. Best Regards, Michal Chrobak Michal Chrobak IT Security Systems Engineer tel. +48 22 122 09 42 tel. +48 503 555 769 SANSEC Poland S.A. NIP: 7010352299, KRS: 429238, REGON: 146270315, Spółka zarejestrowana przez Sąd Rejonowy dla M. St. Warszawy w Warszawie, XII Wydział Gospodarczy Krajowego Rejestru Sądowego, Kapitał zakładowy: 1 000 000 PLN. Niniejsza wiadomość zawiera informacje zastrzeżone i stanowiące tajemnicę przedsiębiorstwa SANSEC Poland S.A. ___ Openvas-discuss mailing list Openvas-discuss@wald.intevation.org https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss ___ Openvas-discuss mailing list Openvas-discuss@wald.intevation.org https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss
Re: [Openvas-discuss] Restrict concurrent tasks
Not to my knowledge and it's quite annoying. I have 1 master and 2 slaves running the jobs and I completely gave up on scheduling with OpenVAS. Why care about which day/hour it starts and why limit it to a specific amount of runtime, hell if I know how long something will take. Currently I am using / developing my own bash script which calls and parses omp to schedule a maximum of 2 jobs per slave; any job that hasn't run the current month. I haven't worked it out nicely enough to release it or perhaps rewrite it in python but it's doing wonders to just let things work for me. Kind regards / Vriendelijke groet, Internedservices Thijs Stuurman Security Specialist Thijs Stuurman Wielingenstraat 8 | T +31 (0)299 476 185 1441 ZR Purmerend | F +31 (0)299 476 288 https://www.internedservices.nl | KvK Hoorn 36049256 Internedservices is ISO 9001:2008, ISO/IEC 27001:2005, ISO 2-1:2005, NEN 7510, ISAE 3402 en PCI DSS certified. -Oorspronkelijk bericht- Van: Openvas-discuss [mailto:openvas-discuss-boun...@wald.intevation.org] Namens Bryan Brannigan Verzonden: Monday, January 9, 2017 7:15 PM Aan: openvas-discuss@wald.intevation.org Onderwerp: [Openvas-discuss] Restrict concurrent tasks Is it possible to restrict the number of concurrent tasks started? I have 22 tasks scheduled to start at the same time, but can really only handle 5 concurrently. I'm trying to avoid rolling schedules if possible. ___ Openvas-discuss mailing list Openvas-discuss@wald.intevation.org https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss ___ Openvas-discuss mailing list Openvas-discuss@wald.intevation.org https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss
Re: [Openvas-discuss] Sharing notes and overrides
Jan-Oliver, When I create a new role and make admin+regularuser a member. The regularuser cannot see the role. I am not sure where I got stuck back then but right now I have created another role and I see what I did last time: - I got role A of which all my users are part - Made new role X which, while being part of the role, only admin can see - Looking at role A it has the following permissions with get_roles: get_roles Has read access to roles<-- clearly not enough to see the newly added role X, not sure what this adds get_roles Has read access to role A <-- it can see its own role, OK get_roles Has read access to role SHARE-NOTES-OVERRIDES <-- so I added this the last time, I need this for role X But when I look at the New Permission pulldown, "get_roles" is not part of the options. I guess that's why I manually added the permission using omp. Thijs Stuurman Security Operations Center PGP Key-ID: 0x16ADC048 Fingerprint: 2EDB 9B42 D6E8 7D4B 6E02 8BE5 6D46 8007 16AD C048 Internedservices - a KPN Company Wielingenstraat 8 | 1441 ZR Purmerend | The Netherlands T: +31(0)299476185 | M: +31(0)624366778 W: https://www.internedservices.nl | L: http://nl.linkedin.com/in/thijsstuurman -Oorspronkelijk bericht- Van: Openvas-discuss [mailto:openvas-discuss-boun...@wald.intevation.org] Namens Jan-Oliver Wagner Verzonden: Tuesday, December 13, 2016 3:11 PM Aan: openvas-discuss@wald.intevation.org Onderwerp: Re: [Openvas-discuss] Sharing notes and overrides Am Freitag, 18. November 2016, 13:45:35 schrieb Thijs Stuurman: > OpenVAS users, I got something to work how I wanted it but perhaps there is > an easier way? Have you tried the "New Permission" dialog instead of the omp command line call? > * The admin user can see the role (because he created it) but to > make it visible to the regular user I have manually added the permission (I > have a few other roles which have to share this role): > > omp -u admin -w XXX -Xi "get_roles id=User role UUID'>role id=SHARE-NOTES-OVERRIDES uuid'>" -- Dr. Jan-Oliver Wagner | +49-541-335084-0 | http://www.greenbone.net/ Greenbone Networks GmbH, Neuer Graben 17, 49074 Osnabrück | AG Osnabrück, HR B 202460 Geschäftsführer: Lukas Grunwald, Dr. Jan-Oliver Wagner ___ Openvas-discuss mailing list Openvas-discuss@wald.intevation.org https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss ___ Openvas-discuss mailing list Openvas-discuss@wald.intevation.org https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss
