[Openvas-discuss] Unable to add target with credentials using OMP
Hi, The Greenbone interface for OpenVAS 7 won't let me add a target with credentials, so I'm trying to do it with OMP ... but I'm getting an error message. Would anyone be able to give me a workaround or tell me what I'm doing wrong? Maybe I just need another pair of eyes on it. Here are the details: # omp -X ' create_lsc_credential nameOpenVAS SSH Key/name loginroot/login key private-BEGIN RSA PRIVATE KEY- XXX XXX XXX -END RSA PRIVATE KEY-/private publicssh-rsa B3NzaC1yc2EDAQABAAABAQCjoIDsiJWLMtGp7dNa4KinMsJroEceK/DkgZmGcGInctAUDfj5wFoFMKjPsuPn9dvRWqG9NYJBazCAK6OeqowEGJ4FcAHDGRSn1JB27a4/8KlHopwikMXHlSIZPnSp/xeiKRnBV+MBN433CovigVsh0NsRyB4Wzl5Ng+NYNPP0TkoTc+gWwBO7icIbyeg4epqOVL9LjVlh2dpRNQpx9yyDatLOie8cgrvbsMiVG9gC/aqVSiXwW2cgyckEz+2mDmgCIGf7Spd3Fi5Ohw9zebn7aw54qoYaAbThEyeWRKwie/DvvO7U4RtAijHDzvQ48NOYFQx7nlqWyCoiY+SGtATZ openvas@openvas/public /key /create_lsc_credential ' This appears to succeed. # cat bin/ompx #!/bin/bash omp -i -X $*/ # ompx get_lsc_credentials get_lsc_credentials_response status_text=OK status=200 lsc_credential id=d50da9b2-58a3-4c19-8194-a3d1d5d7ca14 owner nameadmin/name /owner nameOpenVAS SSH Key/name comment/comment creation_time2014-09-17T20:17:36Z/creation_time modification_time2014-09-17T21:04:59Z/modification_time writable1/writable in_use0/in_use permissions permission nameEverything/name /permission /permissions user_tags count0/count /user_tags loginroot/login typegen/type /lsc_credential ... But adding a target with these credentials fails. # omp -v -X ' create_target nameJohns Test VM/name hosts10.0.1.17/hosts ssh_lsc_credential id=”d50da9b2-58a3-4c19-8194-a3d1d5d7ca14” port22/port /ssh_lsc_credential /create_target ' WARNING: Verbose mode may reveal passwords! Will try to connect to host localhost, port 9390... Sending to manager: create_target nameJohns Test VM/name hosts10.0.1.17/hosts ssh_lsc_credential id=”d50da9b2-58a3-4c19-8194-a3d1d5d7ca14” port22/port /ssh_lsc_credential /create_target lib xml-Message:Error: Error on line 1 char 1: Document was empty or contained only whitespace (omp:3776): lib xml-WARNING **:End error: Error on line 1 char 1: Document was empty or contained only whitespace Failed to read response. I'm using the OpenVAS 7 virtual appliance, which I updated to the latest: greenbone-security-assistant-5.0.3.tar.gz openvas-cli-1.3.0.tar.gz openvas-libraries-7.0.4.tar.gz openvas-manager-5.0.4.tar.gz openvas-scanner-4.0.3.tar.gz Any help would be much appreciated! --John Sept 17, 2014 ___ Openvas-discuss mailing list Openvas-discuss@wald.intevation.org https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss
Re: [Openvas-discuss] (no subject)
Hi Pasquale Am 17.09.2014 um 17:42 schrieb paky...@libero.it: Hi all, I have seen in the install.txt file that to remove this problem i have to perform the command with the option -DIGNORE_UNPROTOTYPED_CALLS=1. I had the same problems on openSUSE Find the file CMakeLists.txt Now look for the line: set (CMAKE_C_FLAGS ${CMAKE_C_FLAGS} ${HARDENING_FLAGS} -Wall -D_BSD_SOURCE -D_ISOC99_SOURCE -D_SVID_SOURCE -D_FILE_OFFSET_BITS=64) replace it with the following one, or add -Wno-error=unprototyped-calls to the line: set (CMAKE_C_FLAGS ${CMAKE_C_FLAGS} ${HARDENING_FLAGS} -Wall -Wno-error=unprototyped-calls -D_BSD_SOURCE -D_ISOC99_SOURCE -D_SVID_SOURCE -D_FILE_OFFSET_BITS=64) This should silence the warnings and the code should compile. BR Dustin signature.asc Description: OpenPGP digital signature ___ Openvas-discuss mailing list Openvas-discuss@wald.intevation.org https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss
Re: [Openvas-discuss] Unable to add target with credentials using OMP
Any help would be much appreciated! The Manager logs (var/log/openvas/openvasmd.log) may indicate why the CREATE_TARGET is failing. To enable logging: add -v to openvasmd, and replace 127 with 128 in etc/openvas/openvasmd_log.conf. -- Greenbone Networks GmbH Neuer Graben 17, 49074 Osnabrueck, Germany | AG Osnabrueck, HR B 202460 Executive Directors: Lukas Grunwald, Dr. Jan-Oliver Wagner ___ Openvas-discuss mailing list Openvas-discuss@wald.intevation.org https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss
Re: [Openvas-discuss] (no subject)
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 09/17/2014 05:42 PM, paky...@libero.it wrote: i send this mail because i have a problem during the process of compilation of openVAS 7.0 manager package on openSuse OS. I have installed openVAS libraries and openVAS scanner without problems. But during the installation of openVAS manager i have a problem. I have executed the cmake command and its execution is OK. When i try to perform the make command it return this error: error: call to function ‘process_otp_scanner_input’ without a real prototype Thanks for bringing our attention to this (again). Of course the right solution was not to silent the warning. but to fix the source. This has been done in svn and will be included in the next series of tarballs. Best Regards, Ben. - -- Benoît Allard (B30A05B0)|Greenbone Networks GmbH|http://greenbone.net Neuer Graben 17, 49074 Osnabrück, Germany | AG Osnabrück, HR B 202460 Executive Directors: Lukas Grunwald, Dr. Jan-Oliver Wagner -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.12 (GNU/Linux) iQEcBAEBAgAGBQJUGtUJAAoJEHZCfVOzCgWwtUMIAMfA/Kdbn+JM+sHM9rQODQVY mj9ofVY584IJ4LvZ7ZwdUom+7CVfQ7d8FEvI9yMTGDU4GYUbWHo6xEJfx1HuXLv6 EQ9qXuj86L0KUhl1p0GpSaOh2DCJRQYW66ebTXJDbePuaQ3k8XDEbDvqXOYAphSQ WO06X78hJiGblD0DG/VOuN/XvquxUowykPUIPuLKoMcmC/w8kD13hTBuU+68TjfG zKrXlxnouQp+gYLYOsmvIzFYBhldPxNCPBs0FxlyJkULHQp99u2cE1aCct6+ARgH Z/bUgV1ClCVzmaaBJyeUAqUC8nOlPTE5FeFVFHyO/leyqp4QQJk02B1rJqhdjGU= =FYfH -END PGP SIGNATURE- ___ Openvas-discuss mailing list Openvas-discuss@wald.intevation.org https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss
Re: [Openvas-discuss] openvas-check-setup --v7 Issues
Never mind...I figured it out. From: Turner, Jonas Sent: Thursday, September 18, 2014 10:41 AM To: openvas-discuss@wald.intevation.org Subject: openvas-check-setup --v7 Issues Any idea how to fix the issue with the openvas-check-setup that still checks for OpenVas Administrator? I believe the openvas-check-setup has to be upgraded, but I don't see anywhere I can do this. I installed openvas through yum and I don't see any updates for it that would correct this issue. Any help would be appreciated. Thanks! [root@server01 ~]# openvas-check-setup --v7 openvas-check-setup 2.2.1 Test completeness and readiness of OpenVAS-7 Please report us any non-detected problems and help us to improve this check routine: http://lists.wald.intevation.org/mailman/listinfo/openvas-discuss Send us the log-file (/tmp/openvas-check-setup.log) to help analyze the problem. Use the parameter --server to skip checks for client tools like GSD and OpenVAS-CLI. Step 1: Checking OpenVAS Scanner ... OK: OpenVAS Scanner is present in version 4.0.1. OK: OpenVAS Scanner CA Certificate is present as /var/lib/openvas/CA/cacert.pem. OK: NVT collection in /var/lib/openvas/plugins contains 35685 NVTs. WARNING: Signature checking of NVTs is not enabled in OpenVAS Scanner. SUGGEST: Enable signature checking (see http://www.openvas.org/trusted-nvts.html). Step 2: Checking OpenVAS Manager ... OK: OpenVAS Manager is present in version 5.0.3. OK: OpenVAS Manager client certificate is present as /var/lib/openvas/CA/clientcert.pem. OK: OpenVAS Manager database found in /var/lib/openvas/mgr/tasks.db. OK: Access rights for the OpenVAS Manager database are correct. OK: OpenVAS SCAP database found in /var/lib/openvas/scap-data/scap.db. OK: OpenVAS CERT database found in /var/lib/openvas/cert-data/cert.db. OK: sqlite3 found, extended checks of the OpenVAS Manager installation enabled. OK: OpenVAS Manager database is at revision 123. OK: OpenVAS Manager expects database at revision 123. OK: Database schema is up to date. OK: OpenVAS Manager database contains information about 35685 NVTs. OK: xsltproc found. Step 3: Checking OpenVAS Administrator ... ERROR: No OpenVAS Administrator (openvasad) found. FIX: Please install OpenVAS Administrator. ERROR: Your OpenVAS-7 installation is not yet complete! Please follow the instructions marked with FIX above and run this script again. If you think this result is wrong, please report your observation and help us to improve this check routine: http://lists.wald.intevation.org/mailman/listinfo/openvas-discuss Please attach the log-file (/tmp/openvas-check-setup.log) to help us analyze the problem. Jonas Turner │ Security Analyst II Ph: 419.254.4890│Fax: 419.252.5557 E-mail: jotur...@hcr-manorcare.commailto:jotur...@hcr-manorcare.com ___ Openvas-discuss mailing list Openvas-discuss@wald.intevation.org https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss
[Openvas-discuss] openvas-check-setup --v7 Issues
Any idea how to fix the issue with the openvas-check-setup that still checks for OpenVas Administrator? I believe the openvas-check-setup has to be upgraded, but I don't see anywhere I can do this. I installed openvas through yum and I don't see any updates for it that would correct this issue. Any help would be appreciated. Thanks! [root@server01 ~]# openvas-check-setup --v7 openvas-check-setup 2.2.1 Test completeness and readiness of OpenVAS-7 Please report us any non-detected problems and help us to improve this check routine: http://lists.wald.intevation.org/mailman/listinfo/openvas-discuss Send us the log-file (/tmp/openvas-check-setup.log) to help analyze the problem. Use the parameter --server to skip checks for client tools like GSD and OpenVAS-CLI. Step 1: Checking OpenVAS Scanner ... OK: OpenVAS Scanner is present in version 4.0.1. OK: OpenVAS Scanner CA Certificate is present as /var/lib/openvas/CA/cacert.pem. OK: NVT collection in /var/lib/openvas/plugins contains 35685 NVTs. WARNING: Signature checking of NVTs is not enabled in OpenVAS Scanner. SUGGEST: Enable signature checking (see http://www.openvas.org/trusted-nvts.html). Step 2: Checking OpenVAS Manager ... OK: OpenVAS Manager is present in version 5.0.3. OK: OpenVAS Manager client certificate is present as /var/lib/openvas/CA/clientcert.pem. OK: OpenVAS Manager database found in /var/lib/openvas/mgr/tasks.db. OK: Access rights for the OpenVAS Manager database are correct. OK: OpenVAS SCAP database found in /var/lib/openvas/scap-data/scap.db. OK: OpenVAS CERT database found in /var/lib/openvas/cert-data/cert.db. OK: sqlite3 found, extended checks of the OpenVAS Manager installation enabled. OK: OpenVAS Manager database is at revision 123. OK: OpenVAS Manager expects database at revision 123. OK: Database schema is up to date. OK: OpenVAS Manager database contains information about 35685 NVTs. OK: xsltproc found. Step 3: Checking OpenVAS Administrator ... ERROR: No OpenVAS Administrator (openvasad) found. FIX: Please install OpenVAS Administrator. ERROR: Your OpenVAS-7 installation is not yet complete! Please follow the instructions marked with FIX above and run this script again. If you think this result is wrong, please report your observation and help us to improve this check routine: http://lists.wald.intevation.org/mailman/listinfo/openvas-discuss Please attach the log-file (/tmp/openvas-check-setup.log) to help us analyze the problem. Jonas Turner │ Security Analyst II Ph: 419.254.4890│Fax: 419.252.5557 E-mail: jotur...@hcr-manorcare.commailto:jotur...@hcr-manorcare.com ___ Openvas-discuss mailing list Openvas-discuss@wald.intevation.org https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss
[Openvas-discuss] OpenVAS-7 DEMO Virtual Appliance Version 2.0
Hello OpenVAS users, we have created a OpenVAS-7 DEMO VM Version 2.0. It was just uploaded and currently is only available via RSYNC: http://www.openvas.org/vm.html Mirrors welcome. The OVA image was created with VirtualBox 4.3, but uses the OVF 1.0 format. Changes of Version 2.0 compared to Version 1.0: * Updated base system (including all Debian security fixes) * Updated NVT/SCAP/CERT Feeds (covering recent comprehensive updates) * Updated to newest OpenVAS-7 maintenance releases (including recent security fixes) * Fixed the keyboard layout switch, by default US keyboard * Added Switch for an alternative face (German, IT-Schwachstellenampel) * Added haveged to better handle lack of entropy * Better support for ESXi import * Forced NVT cache to rebuild from scratch * Added examples on TLS cipher configuration * Removed remains of deprecated OpenVAS Administrator Confirmation that it works is very much appreciated. All the best Jan -- Dr. Jan-Oliver Wagner | +49-541-335084-0 | http://www.greenbone.net/ Greenbone Networks GmbH, Neuer Graben 17, 49074 Osnabrück | AG Osnabrück, HR B 202460 Geschäftsführer: Lukas Grunwald, Dr. Jan-Oliver Wagner ___ Openvas-discuss mailing list Openvas-discuss@wald.intevation.org https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss
Re: [Openvas-discuss] openvas-nvt-sync error
Hi, installing the package which ships the binary md5sum should fix this message. ___ Openvas-discuss mailing list Openvas-discuss@wald.intevation.org https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss
Re: [Openvas-discuss] OpenVAS-7 DEMO Virtual Appliance Version 2.0
2014-09-18 17:34 GMT+02:00 Jan-Oliver Wagner jan-oliver.wag...@greenbone.net: Hello OpenVAS users, we have created a OpenVAS-7 DEMO VM Version 2.0. It was just uploaded and currently is only available via RSYNC: http://www.openvas.org/vm.html Mirrors welcome. The OVA image was created with VirtualBox 4.3, but uses the OVF 1.0 format. Changes of Version 2.0 compared to Version 1.0: * Updated base system (including all Debian security fixes) * Updated NVT/SCAP/CERT Feeds (covering recent comprehensive updates) * Updated to newest OpenVAS-7 maintenance releases (including recent security fixes) * Fixed the keyboard layout switch, by default US keyboard * Added Switch for an alternative face (German, IT-Schwachstellenampel) * Added haveged to better handle lack of entropy * Better support for ESXi import * Forced NVT cache to rebuild from scratch * Added examples on TLS cipher configuration * Removed remains of deprecated OpenVAS Administrator Confirmation that it works is very much appreciated. All the best Jan Hello, thanks for this work! Maybe the binarysignals mirror isn't synced yet but the links are currently broken. -- Henri ___ Openvas-discuss mailing list Openvas-discuss@wald.intevation.org https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss
Re: [Openvas-discuss] OpenVAS-7 DEMO Virtual Appliance Version 2.0
Am Donnerstag, 18. September 2014, 19:22:17 schrieb Henri Doreau: Maybe the binarysignals mirror isn't synced yet but the links are currently broken. I just checked and it is there now. Thanks to binarysignals for the mirror! -- Dr. Jan-Oliver Wagner | ++49-541-335084-0 | http://www.greenbone.net/ Greenbone Networks GmbH, Neuer Graben 17, 49074 Osnabrück | AG Osnabrück, HR B 202460 Geschäftsführer: Lukas Grunwald, Dr. Jan-Oliver Wagner ___ Openvas-discuss mailing list Openvas-discuss@wald.intevation.org https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss
Re: [Openvas-discuss] CentOS - initail scan produces client not present error and empty but - Done - report
Am Freitag, 29. August 2014, 14:40:22 schrieb Paul Simons: I have installed the latest version available to CentOS. I have run the setup OK but the first try (on the 'Welcome dear new user' page does not produce any output (says - Done - ) ... I think the answer was in your log: [Fri Aug 29 12:27:47 2014][4230] The remote host (172.19.210.33) is dead -- Dr. Jan-Oliver Wagner | ++49-541-335084-0 | http://www.greenbone.net/ Greenbone Networks GmbH, Neuer Graben 17, 49074 Osnabrück | AG Osnabrück, HR B 202460 Geschäftsführer: Lukas Grunwald, Dr. Jan-Oliver Wagner ___ Openvas-discuss mailing list Openvas-discuss@wald.intevation.org https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss
Re: [Openvas-discuss] Can't create creds in Greenbone
Am Dienstag, 2. September 2014, 18:45:35 schrieb Alexander: This is a fresh install on Kali, I'm not migrating from a previous version of OpenVAS. I don't have any previous credentials to migrate, I'm trying to add new credentials. for a fresh install the key is automatically created. This causes problems on systems with too few entropy. Installing something like haveged can help here. I am not familar with Kail though. -- Dr. Jan-Oliver Wagner | ++49-541-335084-0 | http://www.greenbone.net/ Greenbone Networks GmbH, Neuer Graben 17, 49074 Osnabrück | AG Osnabrück, HR B 202460 Geschäftsführer: Lukas Grunwald, Dr. Jan-Oliver Wagner ___ Openvas-discuss mailing list Openvas-discuss@wald.intevation.org https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss
Re: [Openvas-discuss] Credentialed Scans - Not Working
Am Dienstag, 16. September 2014, 17:39:24 schrieb Turner, Jonas: Does anyone else have WORKING credential scans? I still can’t seem to get mine to work. :/ well, sure, thats daily business over here ;-) What does the log result about SMB authentication say in your report? my wild guess is that your credential encryption is damaged somehow and that the scanner thus can not send a password for authentication. -- Dr. Jan-Oliver Wagner | ++49-541-335084-0 | http://www.greenbone.net/ Greenbone Networks GmbH, Neuer Graben 17, 49074 Osnabrück | AG Osnabrück, HR B 202460 Geschäftsführer: Lukas Grunwald, Dr. Jan-Oliver Wagner ___ Openvas-discuss mailing list Openvas-discuss@wald.intevation.org https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss
Re: [Openvas-discuss] Credentialed Scans - Not Working
When you refer to report...do you mean a log file? If so, do you know of the location? If you mean report from within the GSAD interface, I haven't look if it's there. Thanks for replying btw! -Original Message- From: Openvas-discuss [mailto:openvas-discuss-boun...@wald.intevation.org] On Behalf Of Jan-Oliver Wagner Sent: Thursday, September 18, 2014 3:53 PM To: openvas-discuss@wald.intevation.org Subject: Re: [Openvas-discuss] Credentialed Scans - Not Working Am Dienstag, 16. September 2014, 17:39:24 schrieb Turner, Jonas: Does anyone else have WORKING credential scans? I still can’t seem to get mine to work. :/ well, sure, thats daily business over here ;-) What does the log result about SMB authentication say in your report? my wild guess is that your credential encryption is damaged somehow and that the scanner thus can not send a password for authentication. -- Dr. Jan-Oliver Wagner | ++49-541-335084-0 | http://www.greenbone.net/ Greenbone Networks GmbH, Neuer Graben 17, 49074 Osnabrück | AG Osnabrück, HR B 202460 Geschäftsführer: Lukas Grunwald, Dr. Jan-Oliver Wagner ___ Openvas-discuss mailing list Openvas-discuss@wald.intevation.org https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss ___ Openvas-discuss mailing list Openvas-discuss@wald.intevation.org https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss
Re: [Openvas-discuss] Unable to add target with credentials using OMP
Sending to manager: create_target nameJohns Test VM/name hosts10.0.1.17/hosts ssh_lsc_credential id=”d50da9b2-58a3-4c19-8194-a3d1d5d7ca14” The UTF-8 quotation marks here seem to be the problem. Try with a regular . port22/port /ssh_lsc_credential /create_target lib xml-Message:Error: Error on line 1 char 1: Document was empty or contained only whitespace (omp:3776): lib xml-WARNING **:End error: Error on line 1 char 1: Document was empty or contained only whitespace Failed to read response. -- Greenbone Networks GmbH Neuer Graben 17, 49074 Osnabrueck, Germany | AG Osnabrueck, HR B 202460 Executive Directors: Lukas Grunwald, Dr. Jan-Oliver Wagner ___ Openvas-discuss mailing list Openvas-discuss@wald.intevation.org https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss