Re: [Openvas-discuss] Start Task: 503 - Service temporarily down
David, Your initial login was probably too fast after starting the services, they need time to initiate. I don't know what else to tell you now to help you with the TLS error. (*In my book it's not 100% sure that it actually is a TLS issue even if it implies so) If it's your box and it's publicly connected to the Internet I won't mind taking 30 minutes to try and get it to work for you if you allow me to. Thijs Stuurman Security Operations Center | KPN Internedservices B.V. thijs.stuur...@internedservices.nl | thijs.stuur...@kpn.com T: +31(0)299476185 | M: +31(0)624366778 PGP Key-ID: 0x16ADC048 (https://pgp.surfnet.nl/) Fingerprint: 2EDB 9B42 D6E8 7D4B 6E02 8BE5 6D46 8007 16AD C048 W: https://www.internedservices.nl | L: http://nl.linkedin.com/in/thijsstuurman -Oorspronkelijk bericht- Van: David Rericha [mailto:d.reri...@healthcareoss.com] Verzonden: woensdag 18 oktober 2017 16:06 Aan: Thijs Stuurman <thijs.stuur...@internedservices.nl>; openvas-discuss@wald.intevation.org Onderwerp: Re: [Openvas-discuss] Start Task: 503 - Service temporarily down Thijs, I stopped Apache and restarted gsad, openvas-scanner, and openvas-manager. Now when I attempt to login I get: "Login failed. Waiting for OMP service to become available." The only log that has a relevant entry is openvasmd.log: lib auth: INFO:2017-10-18 13h31.15 utc:10725: Authentication configuration not found. So, I attempted to login again and I was able to get in. Seems like there is a timing issue. Then, I attempted to run the task and got the same error: Operation: Start Task Status code: 503 Status message: Service temporarily down The openvasmd.log states: lib serv:WARNING:2017-10-18 13h36.10 UTC:11214: Failed to shake hands with peer: The TLS connection was non-properly terminated. lib serv:WARNING:2017-10-18 13h36.10 UTC:11214: Failed to shutdown server socket event task:MESSAGE:2017-10-18 13h36.10 UTC:11214: Task Penetration Task (6d5e4c84-1ff1-4115-b2aa-7cf3f7bf6d75) could not be started by admin It seems that the tls certs are the problem. But the keys are present as specified in /etc/openvas/openvassd.conf. Anything else I could try? David J. Rericha Project Manager Open Software Solutions, LLC On 10/17/2017 9:10 AM, Thijs Stuurman wrote: > David, > > Gsad not being able to bind to a port is a whole other problem than as you > described earlier with the certificates. > Options: > > - Stop Apache > - Do not bind Apache to port 80 > - Make gsad bind to another port then 80 (or others which are already > in use) > > You can tell gsad where and how to bind, for example: > > gsad -p 443 --listen=0.0.0.0 --mlisten=127.0.0.1 --mport=9390 > --ssl-private-key=/etc/ssl/priv.key --ssl-certificate=/etc/ssl/cert.crt > --http-sts --gnutls-priorities="NORMAL:-VER > S-TLS-ALL:+VERS-TLS1.2:-CIPHER-ALL:+AES-256-CBC" > > This makes it listen on port 443 using the -p options. > See --help for all the possible arguments. > > > Thijs Stuurman > Security Operations Center | KPN Internedservices B.V. > thijs.stuur...@internedservices.nl | thijs.stuur...@kpn.com > T: +31(0)299476185 | M: +31(0)624366778 PGP Key-ID: 0x16ADC048 > (https://pgp.surfnet.nl/) > Fingerprint: 2EDB 9B42 D6E8 7D4B 6E02 8BE5 6D46 8007 16AD C048 > > W: https://www.internedservices.nl | L: > http://nl.linkedin.com/in/thijsstuurman > > -Oorspronkelijk bericht- > Van: David Rericha [mailto:d.reri...@healthcareoss.com] > Verzonden: dinsdag 17 oktober 2017 15:32 > Aan: Thijs Stuurman <thijs.stuur...@internedservices.nl>; > openvas-discuss@wald.intevation.org > Onderwerp: Re: [Openvas-discuss] Start Task: 503 - Service temporarily > down > > Thanks, Thjs for your suggestion. I thought i did run this command but reran > it just to make sure. However the same behavior exists. The only relevant > information I found in the logs was in gsad.log. > gsad tries to bind to port 80 but that port is being used by apache. > Here is the entire log: > > gsad main: DEBUG:2017-10-17 13h25.13 utc:29285: main: gettext translation > extensions are enabled (using locale "en_US.UTF-8"). > gsad main:WARNING:2017-10-17 13h25.13 utc:29287: MHD: Failed to bind to port > 80: Address already in use gsad main:WARNING:2017-10-17 13h25.13 utc:29287: > main: start_http_daemon redirect failed ! > gsad main:WARNING:2017-10-17 13h25.56 utc:29286: MHD: Failed to > receive > data: A TLS fatal alert has been received. > gsad main:WARNING:2017-10-17 13h25.56 utc:29286: MHD: Error: received > handshake message out of context > > Any ideas? > > On 10/16/2017 10:04 AM, Thijs Stuurman wrote: >> *It got renamed, sorry; search for openvas-manage-certs: >> >> """ >> :/opt/openvas/bin# ./openvas-manage-certs --
Re: [Openvas-discuss] Start Task: 503 - Service temporarily down
Thijs, I stopped Apache and restarted gsad, openvas-scanner, and openvas-manager. Now when I attempt to login I get: "Login failed. Waiting for OMP service to become available." The only log that has a relevant entry is openvasmd.log: lib auth: INFO:2017-10-18 13h31.15 utc:10725: Authentication configuration not found. So, I attempted to login again and I was able to get in. Seems like there is a timing issue. Then, I attempted to run the task and got the same error: Operation: Start Task Status code: 503 Status message: Service temporarily down The openvasmd.log states: lib serv:WARNING:2017-10-18 13h36.10 UTC:11214: Failed to shake hands with peer: The TLS connection was non-properly terminated. lib serv:WARNING:2017-10-18 13h36.10 UTC:11214: Failed to shutdown server socket event task:MESSAGE:2017-10-18 13h36.10 UTC:11214: Task Penetration Task (6d5e4c84-1ff1-4115-b2aa-7cf3f7bf6d75) could not be started by admin It seems that the tls certs are the problem. But the keys are present as specified in /etc/openvas/openvassd.conf. Anything else I could try? David J. Rericha Project Manager Open Software Solutions, LLC On 10/17/2017 9:10 AM, Thijs Stuurman wrote: David, Gsad not being able to bind to a port is a whole other problem than as you described earlier with the certificates. Options: - Stop Apache - Do not bind Apache to port 80 - Make gsad bind to another port then 80 (or others which are already in use) You can tell gsad where and how to bind, for example: gsad -p 443 --listen=0.0.0.0 --mlisten=127.0.0.1 --mport=9390 --ssl-private-key=/etc/ssl/priv.key --ssl-certificate=/etc/ssl/cert.crt --http-sts --gnutls-priorities="NORMAL:-VER S-TLS-ALL:+VERS-TLS1.2:-CIPHER-ALL:+AES-256-CBC" This makes it listen on port 443 using the -p options. See --help for all the possible arguments. Thijs Stuurman Security Operations Center | KPN Internedservices B.V. thijs.stuur...@internedservices.nl | thijs.stuur...@kpn.com T: +31(0)299476185 | M: +31(0)624366778 PGP Key-ID: 0x16ADC048 (https://pgp.surfnet.nl/) Fingerprint: 2EDB 9B42 D6E8 7D4B 6E02 8BE5 6D46 8007 16AD C048 W: https://www.internedservices.nl | L: http://nl.linkedin.com/in/thijsstuurman -Oorspronkelijk bericht- Van: David Rericha [mailto:d.reri...@healthcareoss.com] Verzonden: dinsdag 17 oktober 2017 15:32 Aan: Thijs Stuurman <thijs.stuur...@internedservices.nl>; openvas-discuss@wald.intevation.org Onderwerp: Re: [Openvas-discuss] Start Task: 503 - Service temporarily down Thanks, Thjs for your suggestion. I thought i did run this command but reran it just to make sure. However the same behavior exists. The only relevant information I found in the logs was in gsad.log. gsad tries to bind to port 80 but that port is being used by apache. Here is the entire log: gsad main: DEBUG:2017-10-17 13h25.13 utc:29285: main: gettext translation extensions are enabled (using locale "en_US.UTF-8"). gsad main:WARNING:2017-10-17 13h25.13 utc:29287: MHD: Failed to bind to port 80: Address already in use gsad main:WARNING:2017-10-17 13h25.13 utc:29287: main: start_http_daemon redirect failed ! gsad main:WARNING:2017-10-17 13h25.56 utc:29286: MHD: Failed to receive data: A TLS fatal alert has been received. gsad main:WARNING:2017-10-17 13h25.56 utc:29286: MHD: Error: received handshake message out of context Any ideas? On 10/16/2017 10:04 AM, Thijs Stuurman wrote: *It got renamed, sorry; search for openvas-manage-certs: """ :/opt/openvas/bin# ./openvas-manage-certs --help Illegal option -- Usage: ./openvas-manage-certs [OPTION] - Manage certificate infrastructure for an Ope nVAS installation Options: -h Print help -a Automatically set up default infrastructure for OpenVAS """ Just running it with -a should do the trick. Thijs Stuurman Security Operations Center | KPN Internedservices B.V. thijs.stuur...@internedservices.nl | thijs.stuur...@kpn.com T: +31(0)299476185 | M: +31(0)624366778 PGP Key-ID: 0x16ADC048 (https://pgp.surfnet.nl/) Fingerprint: 2EDB 9B42 D6E8 7D4B 6E02 8BE5 6D46 8007 16AD C048 W: https://www.internedservices.nl | L: http://nl.linkedin.com/in/thijsstuurman -Oorspronkelijk bericht- Van: Openvas-discuss [mailto:openvas-discuss-boun...@wald.intevation.org] Namens Thijs Stuurman Verzonden: maandag 16 oktober 2017 17:03 Aan: David Rericha <d.reri...@healthcareoss.com>; openvas-discuss@wald.intevation.org Onderwerp: Re: [Openvas-discuss] Start Task: 503 - Service temporarily down David, Did you run "openvas-mkcert" during your OpenVAS installation to setup and configure the certificates for the TLS communication between the services? Thijs Stuurman Security Operations Center | KPN Internedservices B.V. thijs.stuur...@internedservices.nl | thijs.stuur...@kpn.com T: +
Re: [Openvas-discuss] Start Task: 503 - Service temporarily down
David, Gsad not being able to bind to a port is a whole other problem than as you described earlier with the certificates. Options: - Stop Apache - Do not bind Apache to port 80 - Make gsad bind to another port then 80 (or others which are already in use) You can tell gsad where and how to bind, for example: gsad -p 443 --listen=0.0.0.0 --mlisten=127.0.0.1 --mport=9390 --ssl-private-key=/etc/ssl/priv.key --ssl-certificate=/etc/ssl/cert.crt --http-sts --gnutls-priorities="NORMAL:-VER S-TLS-ALL:+VERS-TLS1.2:-CIPHER-ALL:+AES-256-CBC" This makes it listen on port 443 using the -p options. See --help for all the possible arguments. Thijs Stuurman Security Operations Center | KPN Internedservices B.V. thijs.stuur...@internedservices.nl | thijs.stuur...@kpn.com T: +31(0)299476185 | M: +31(0)624366778 PGP Key-ID: 0x16ADC048 (https://pgp.surfnet.nl/) Fingerprint: 2EDB 9B42 D6E8 7D4B 6E02 8BE5 6D46 8007 16AD C048 W: https://www.internedservices.nl | L: http://nl.linkedin.com/in/thijsstuurman -Oorspronkelijk bericht- Van: David Rericha [mailto:d.reri...@healthcareoss.com] Verzonden: dinsdag 17 oktober 2017 15:32 Aan: Thijs Stuurman <thijs.stuur...@internedservices.nl>; openvas-discuss@wald.intevation.org Onderwerp: Re: [Openvas-discuss] Start Task: 503 - Service temporarily down Thanks, Thjs for your suggestion. I thought i did run this command but reran it just to make sure. However the same behavior exists. The only relevant information I found in the logs was in gsad.log. gsad tries to bind to port 80 but that port is being used by apache. Here is the entire log: gsad main: DEBUG:2017-10-17 13h25.13 utc:29285: main: gettext translation extensions are enabled (using locale "en_US.UTF-8"). gsad main:WARNING:2017-10-17 13h25.13 utc:29287: MHD: Failed to bind to port 80: Address already in use gsad main:WARNING:2017-10-17 13h25.13 utc:29287: main: start_http_daemon redirect failed ! gsad main:WARNING:2017-10-17 13h25.56 utc:29286: MHD: Failed to receive data: A TLS fatal alert has been received. gsad main:WARNING:2017-10-17 13h25.56 utc:29286: MHD: Error: received handshake message out of context Any ideas? On 10/16/2017 10:04 AM, Thijs Stuurman wrote: > *It got renamed, sorry; search for openvas-manage-certs: > > """ > :/opt/openvas/bin# ./openvas-manage-certs --help Illegal option -- > Usage: >./openvas-manage-certs [OPTION] - Manage certificate infrastructure for an > Ope > nVAS installation > > Options: >-h Print help >-a Automatically set up default infrastructure for OpenVAS > """ > > Just running it with -a should do the trick. > > > Thijs Stuurman > Security Operations Center | KPN Internedservices B.V. > thijs.stuur...@internedservices.nl | thijs.stuur...@kpn.com > T: +31(0)299476185 | M: +31(0)624366778 PGP Key-ID: 0x16ADC048 > (https://pgp.surfnet.nl/) > Fingerprint: 2EDB 9B42 D6E8 7D4B 6E02 8BE5 6D46 8007 16AD C048 > > W: https://www.internedservices.nl | L: > http://nl.linkedin.com/in/thijsstuurman > > > -Oorspronkelijk bericht- > Van: Openvas-discuss > [mailto:openvas-discuss-boun...@wald.intevation.org] Namens Thijs > Stuurman > Verzonden: maandag 16 oktober 2017 17:03 > Aan: David Rericha <d.reri...@healthcareoss.com>; > openvas-discuss@wald.intevation.org > Onderwerp: Re: [Openvas-discuss] Start Task: 503 - Service temporarily > down > > David, > > Did you run "openvas-mkcert" during your OpenVAS installation to setup and > configure the certificates for the TLS communication between the services? > > > Thijs Stuurman > Security Operations Center | KPN Internedservices B.V. > thijs.stuur...@internedservices.nl | thijs.stuur...@kpn.com > T: +31(0)299476185 | M: +31(0)624366778 PGP Key-ID: 0x16ADC048 > (https://pgp.surfnet.nl/) > Fingerprint: 2EDB 9B42 D6E8 7D4B 6E02 8BE5 6D46 8007 16AD C048 > > W: https://www.internedservices.nl | L: > http://nl.linkedin.com/in/thijsstuurman > > > -Oorspronkelijk bericht- > Van: Openvas-discuss > [mailto:openvas-discuss-boun...@wald.intevation.org] Namens David > Rericha > Verzonden: maandag 16 oktober 2017 16:53 > Aan: openvas-discuss@wald.intevation.org > Onderwerp: [Openvas-discuss] Start Task: 503 - Service temporarily > down > > Hello. I am running greenbone version 9. I logged in at > https://localhost:9392, created a new task and tried to run it and got the > following: > > Operation: Start Task > Status code: 503 > Status message: Service temporarily down > > openvasmd.log reads: > > lib serv:WARNING:2017-10-16 14h37.22 UTC:714: Failed to shake hands > with &g
Re: [Openvas-discuss] Start Task: 503 - Service temporarily down
Thanks, Thjs for your suggestion. I thought i did run this command but reran it just to make sure. However the same behavior exists. The only relevant information I found in the logs was in gsad.log. gsad tries to bind to port 80 but that port is being used by apache. Here is the entire log: gsad main: DEBUG:2017-10-17 13h25.13 utc:29285: main: gettext translation extensions are enabled (using locale "en_US.UTF-8"). gsad main:WARNING:2017-10-17 13h25.13 utc:29287: MHD: Failed to bind to port 80: Address already in use gsad main:WARNING:2017-10-17 13h25.13 utc:29287: main: start_http_daemon redirect failed ! gsad main:WARNING:2017-10-17 13h25.56 utc:29286: MHD: Failed to receive data: A TLS fatal alert has been received. gsad main:WARNING:2017-10-17 13h25.56 utc:29286: MHD: Error: received handshake message out of context Any ideas? On 10/16/2017 10:04 AM, Thijs Stuurman wrote: *It got renamed, sorry; search for openvas-manage-certs: """ :/opt/openvas/bin# ./openvas-manage-certs --help Illegal option -- Usage: ./openvas-manage-certs [OPTION] - Manage certificate infrastructure for an Ope nVAS installation Options: -h Print help -a Automatically set up default infrastructure for OpenVAS """ Just running it with -a should do the trick. Thijs Stuurman Security Operations Center | KPN Internedservices B.V. thijs.stuur...@internedservices.nl | thijs.stuur...@kpn.com T: +31(0)299476185 | M: +31(0)624366778 PGP Key-ID: 0x16ADC048 (https://pgp.surfnet.nl/) Fingerprint: 2EDB 9B42 D6E8 7D4B 6E02 8BE5 6D46 8007 16AD C048 W: https://www.internedservices.nl | L: http://nl.linkedin.com/in/thijsstuurman -Oorspronkelijk bericht- Van: Openvas-discuss [mailto:openvas-discuss-boun...@wald.intevation.org] Namens Thijs Stuurman Verzonden: maandag 16 oktober 2017 17:03 Aan: David Rericha <d.reri...@healthcareoss.com>; openvas-discuss@wald.intevation.org Onderwerp: Re: [Openvas-discuss] Start Task: 503 - Service temporarily down David, Did you run "openvas-mkcert" during your OpenVAS installation to setup and configure the certificates for the TLS communication between the services? Thijs Stuurman Security Operations Center | KPN Internedservices B.V. thijs.stuur...@internedservices.nl | thijs.stuur...@kpn.com T: +31(0)299476185 | M: +31(0)624366778 PGP Key-ID: 0x16ADC048 (https://pgp.surfnet.nl/) Fingerprint: 2EDB 9B42 D6E8 7D4B 6E02 8BE5 6D46 8007 16AD C048 W: https://www.internedservices.nl | L: http://nl.linkedin.com/in/thijsstuurman -Oorspronkelijk bericht- Van: Openvas-discuss [mailto:openvas-discuss-boun...@wald.intevation.org] Namens David Rericha Verzonden: maandag 16 oktober 2017 16:53 Aan: openvas-discuss@wald.intevation.org Onderwerp: [Openvas-discuss] Start Task: 503 - Service temporarily down Hello. I am running greenbone version 9. I logged in at https://localhost:9392, created a new task and tried to run it and got the following: Operation: Start Task Status code: 503 Status message: Service temporarily down openvasmd.log reads: lib serv:WARNING:2017-10-16 14h37.22 UTC:714: Failed to shake hands with peer: The TLS connection was non-properly terminated. lib serv:WARNING:2017-10-16 14h37.22 UTC:714: Failed to shutdown server socket event task:MESSAGE:2017-10-16 14h37.22 UTC:714: Task Penetration Task (6d5e4c84-1ff1-4115-b2aa-7cf3f7bf6d75) could not be started by admin Any help would be appreciated. Thanks, -- David J. Rericha Project Manager Open Software Solutions, LLC ___ Openvas-discuss mailing list Openvas-discuss@wald.intevation.org https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss ___ Openvas-discuss mailing list Openvas-discuss@wald.intevation.org https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss ___ Openvas-discuss mailing list Openvas-discuss@wald.intevation.org https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss
Re: [Openvas-discuss] Start Task: 503 - Service temporarily down
*It got renamed, sorry; search for openvas-manage-certs: """ :/opt/openvas/bin# ./openvas-manage-certs --help Illegal option -- Usage: ./openvas-manage-certs [OPTION] - Manage certificate infrastructure for an Ope nVAS installation Options: -h Print help -a Automatically set up default infrastructure for OpenVAS """ Just running it with -a should do the trick. Thijs Stuurman Security Operations Center | KPN Internedservices B.V. thijs.stuur...@internedservices.nl | thijs.stuur...@kpn.com T: +31(0)299476185 | M: +31(0)624366778 PGP Key-ID: 0x16ADC048 (https://pgp.surfnet.nl/) Fingerprint: 2EDB 9B42 D6E8 7D4B 6E02 8BE5 6D46 8007 16AD C048 W: https://www.internedservices.nl | L: http://nl.linkedin.com/in/thijsstuurman -Oorspronkelijk bericht- Van: Openvas-discuss [mailto:openvas-discuss-boun...@wald.intevation.org] Namens Thijs Stuurman Verzonden: maandag 16 oktober 2017 17:03 Aan: David Rericha <d.reri...@healthcareoss.com>; openvas-discuss@wald.intevation.org Onderwerp: Re: [Openvas-discuss] Start Task: 503 - Service temporarily down David, Did you run "openvas-mkcert" during your OpenVAS installation to setup and configure the certificates for the TLS communication between the services? Thijs Stuurman Security Operations Center | KPN Internedservices B.V. thijs.stuur...@internedservices.nl | thijs.stuur...@kpn.com T: +31(0)299476185 | M: +31(0)624366778 PGP Key-ID: 0x16ADC048 (https://pgp.surfnet.nl/) Fingerprint: 2EDB 9B42 D6E8 7D4B 6E02 8BE5 6D46 8007 16AD C048 W: https://www.internedservices.nl | L: http://nl.linkedin.com/in/thijsstuurman -Oorspronkelijk bericht- Van: Openvas-discuss [mailto:openvas-discuss-boun...@wald.intevation.org] Namens David Rericha Verzonden: maandag 16 oktober 2017 16:53 Aan: openvas-discuss@wald.intevation.org Onderwerp: [Openvas-discuss] Start Task: 503 - Service temporarily down Hello. I am running greenbone version 9. I logged in at https://localhost:9392, created a new task and tried to run it and got the following: Operation: Start Task Status code: 503 Status message: Service temporarily down openvasmd.log reads: lib serv:WARNING:2017-10-16 14h37.22 UTC:714: Failed to shake hands with peer: The TLS connection was non-properly terminated. lib serv:WARNING:2017-10-16 14h37.22 UTC:714: Failed to shutdown server socket event task:MESSAGE:2017-10-16 14h37.22 UTC:714: Task Penetration Task (6d5e4c84-1ff1-4115-b2aa-7cf3f7bf6d75) could not be started by admin Any help would be appreciated. Thanks, -- David J. Rericha Project Manager Open Software Solutions, LLC ___ Openvas-discuss mailing list Openvas-discuss@wald.intevation.org https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss ___ Openvas-discuss mailing list Openvas-discuss@wald.intevation.org https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss ___ Openvas-discuss mailing list Openvas-discuss@wald.intevation.org https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss