Re: [Openvas-discuss] openvas-scapdata-sync behind a proxy
Create a new server (VM) in your DMZ which allows outbound rsync access. Then on your openvas server you can download from the DMZ server via http. On 3/8/2017 8:11 AM, Vito Logrillo wrote: > Hi, > i've tried to start openvas-scapdata-sync command, but i'm begind a > proxy and it doesn't work. > I've tried the following command: > > http_proxy="http://user:pass@proxy:port"; openvas-scapdata-sync --wget > > but i obtain this response: > > Download of SCAP data via HTTP is currently not supported! > > How can i resolve this problem? > Thanks ___ Openvas-discuss mailing list Openvas-discuss@wald.intevation.org https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss
Re: [Openvas-discuss] openvas-scapdata-sync behind a proxy
if you really want to workaround company firewalls.. then just set squid on cloud and tunnel traffic to it via ssh. Eero 2017-03-08 17:14 GMT+02:00 Vito Logrillo : > 2017-03-08 16:07 GMT+01:00 Eero Volotinen : > >> You firewall and proxy is not allowing outbound rsync connections. >> >> How about asking from firewall admin? >> >> > Not so simple... > A manual download and installation is not possible? > > > > ___ > Openvas-discuss mailing list > Openvas-discuss@wald.intevation.org > https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss > ___ Openvas-discuss mailing list Openvas-discuss@wald.intevation.org https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss
Re: [Openvas-discuss] openvas-scapdata-sync behind a proxy
Am 08.03.2017 um 16:14 schrieb Vito Logrillo: 2017-03-08 16:07 GMT+01:00 Eero Volotinen mailto:eero.voloti...@iki.fi>>: You firewall and proxy is not allowing outbound rsync connections. How about asking from firewall admin? Not so simple... than ask your boss to fire that guy when he don't understand that it's job is to protect your business *but not* harm it A manual download and installation is not possible? the scapdata is only a small part of needed updates and *no* you are not supposed to download hundrets of MB and so maximize the load on the updateservers because some idiots you don#t want or can't talk to are standing between you and a working internet frankly ask the people in your company how to solve homemade problems ___ Openvas-discuss mailing list Openvas-discuss@wald.intevation.org https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss
Re: [Openvas-discuss] openvas-scapdata-sync behind a proxy
2017-03-08 16:07 GMT+01:00 Eero Volotinen : > You firewall and proxy is not allowing outbound rsync connections. > > How about asking from firewall admin? > > Not so simple... A manual download and installation is not possible? ___ Openvas-discuss mailing list Openvas-discuss@wald.intevation.org https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss
Re: [Openvas-discuss] openvas-scapdata-sync behind a proxy
You firewall and proxy is not allowing outbound rsync connections. How about asking from firewall admin? Eero 2017-03-08 16:59 GMT+02:00 Vito Logrillo : > Thanks for your reply > i've tried > > export RSYNC_PROXY="usr:pass@proxy:port" > openvas-scapdata-sync > > without any result > > rsync: failed to connect to feed.openvas.org (89.146.224.58): Connection > timed out (110) > > I've read that i can't bypass the firewall if the rsync port (873) is not > opened...it is true? > Is it possible to perform a manual update? > Thanks > > ___ > Openvas-discuss mailing list > Openvas-discuss@wald.intevation.org > https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss > ___ Openvas-discuss mailing list Openvas-discuss@wald.intevation.org https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss
Re: [Openvas-discuss] openvas-scapdata-sync behind a proxy
Thanks for your reply i've tried export RSYNC_PROXY="usr:pass@proxy:port" openvas-scapdata-sync without any result rsync: failed to connect to feed.openvas.org (89.146.224.58): Connection timed out (110) I've read that i can't bypass the firewall if the rsync port (873) is not opened...it is true? Is it possible to perform a manual update? Thanks ___ Openvas-discuss mailing list Openvas-discuss@wald.intevation.org https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss
Re: [Openvas-discuss] openvas-scapdata-sync behind a proxy
set RSYNC_PROXY and try without --wget switch :) .. or fix your firewall.. Eero 2017-03-08 15:11 GMT+02:00 Vito Logrillo : > Hi, > i've tried to start openvas-scapdata-sync command, but i'm begind a proxy > and it doesn't work. > I've tried the following command: > > http_proxy="http://user:pass@proxy:port"; openvas-scapdata-sync --wget > > but i obtain this response: > > Download of SCAP data via HTTP is currently not supported! > > How can i resolve this problem? > Thanks > > > > ___ > Openvas-discuss mailing list > Openvas-discuss@wald.intevation.org > https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss > ___ Openvas-discuss mailing list Openvas-discuss@wald.intevation.org https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss
Re: [Openvas-discuss] openvas-scapdata-sync behind a proxy
Am 08.03.2017 um 14:11 schrieb Vito Logrillo: i've tried to start openvas-scapdata-sync command, but i'm begind a proxy and it doesn't work. I've tried the following command: http_proxy="http://user:pass@proxy:port"; openvas-scapdata-sync --wget but i obtain this response: Download of SCAP data via HTTP is currently not supported! How can i resolve this problem? by talk to your network admins that they allow rsync from the scanner machine - it's pervert setup a network security scanner and then build walls in front of it which make it hard to impossible feed it with needed updates ___ Openvas-discuss mailing list Openvas-discuss@wald.intevation.org https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss
Re: [Openvas-discuss] openvas-scapdata-sync DB migration bug
Hi, On 07.03.2017 20:39, Matthew Hall wrote: > Hello, > > I just found this little bug in OpenVAS 8 when I was working on some > procedures for syncing local scanners internally. The code to migrate DB > version 12 migrates to 14 two times instead of migrating to 15: > >12) if [ $POSTGRES -eq 1 ] >then > reinit >else > db_migrate_13 > db_migrate_14 > db_migrate_14 >fi;; > > Matthew. thanks for letting us know. This has been fixed in the OpenVAS 8 branch of SVN with r27946. As the openvas-scapdata-sync was merged into greenbone-scapdata-sync in OpenVAS 9 the newer releases are not affected by this. Thanks again. Regards, -- Christian Fischer | PGP Key: 0x54F3CE5B76C597AD Greenbone Networks GmbH | http://greenbone.net Neumarkt 12, 49074 Osnabrück, Germany | AG Osnabrück, HR B 202460 Geschäftsführer: Lukas Grunwald, Dr. Jan-Oliver Wagner ___ Openvas-discuss mailing list Openvas-discuss@wald.intevation.org https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss
Re: [Openvas-discuss] openvas-scapdata-sync
Am 23.09.2016 um 15:10 schrieb T, Jayaprakash (Nokia - IN): From my office network, I am not able to connect to “rsync://feed.openvas.org:/scap-data” which is blocking me to complete installation of OpenVAS then you are not in the position to install OpenVAS without coordination with the network admin-group by purpose ___ Openvas-discuss mailing list Openvas-discuss@wald.intevation.org https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss
Re: [Openvas-discuss] openvas-scapdata-sync
Yes, contact firewall/network administrator to open rsync protocol to feed.openvas.org Eero 2016-09-23 16:10 GMT+03:00 T, Jayaprakash (Nokia - IN) < jayaprakas...@nokia.com>: > Hi All, > > From my office network, I am not able to connect to > “rsync://feed.openvas.org:/scap-data” which is blocking me to complete > installation of OpenVAS. > > Is there any way I can get ‘scap-data’ downloaded and continue with > further steps of installations? > > > > Below is the error I am getting. > > > > [root@aspen security]# openvas-scapdata-sync > > [i] This script synchronizes a SCAP data directory with the OpenVAS one. > > [i] This script is for the SQLite3 backend. > > [i] SCAP dir: /var/lib/openvas/scap-data > > [i] Will use rsync > > [i] Using rsync: /usr/bin/rsync > > [i] Configured SCAP data rsync feed: rsync://feed.openvas.org:/scap-data > > rsync: failed to connect to feed.openvas.org: Network is unreachable (101) > > rsync error: error in socket IO (code 10) at clientserver.c(124) > [receiver=3.0.6] > > [e] Error: rsync failed. Your SCAP data might be broken now. > > > > > > > > Regards, > > Jayaprakash T > > > > ___ > Openvas-discuss mailing list > Openvas-discuss@wald.intevation.org > https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss > ___ Openvas-discuss mailing list Openvas-discuss@wald.intevation.org https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss
