Re: [Openvas-discuss] (no subject)

[Kent Fritz]

I’m running libmicrohttpd 0.9.39 (the latest) with no problems, so I don’t 
think that’s the problem.

From: Openvas-discuss [mailto:openvas-discuss-boun...@wald.intevation.org] On 
Behalf Of Colin Bruce
Sent: Tuesday, February 24, 2015 8:37 AM
To: openvas-discuss@wald.intevation.org
Subject: [Openvas-discuss] (no subject)


Hi,



I am at a loss to get OpenVAS to do a scan. No matter what I try I always get 
the same result. That is nothing. All it does is run for a few seconds and then 
stop. A search with Google reveals that I am not alone. The log file contains:



event task:MESSAGE:2015-02-24 12h12.39 UTC:16937: Task 
105955ce-d4bf-4aa1-8f55-30349f7a0e69 has been requested to start by openvasusr

event wizard:MESSAGE:2015-02-24 12h12.39 UTC:16937: Wizard quick_first_scan has 
been run by openvasusr

lib  serv:WARNING:2015-02-24 12h12.39 UTC:16937:Failed to gnutls_bye: Error 
in the push function.

event task:MESSAGE:2015-02-24 12h12.40 UTC:16942: Status of task Immediate scan 
of IP 192.168.30.90 (105955ce-d4bf-4aa1-8f55-30349f7a0e69) has changed to 
Running

event task:MESSAGE:2015-02-24 12h12.42 UTC:16942: Status of task Immediate scan 
of IP 192.168.30.90 (105955ce-d4bf-4aa1-8f55-30349f7a0e69) has changed to Done


The advice seems to be to install an old version (around 2010 or 2011 vintage) 
version of libmicrohttpd. Sadly that version is no longer available. However, 
having looked at the code I suspect that the Failed to gnutls_bye is not 
relevant.

This is version 7 of OpenVAS.

Anyway, is there a fix for this?

Best wishes...
Colin



This e-mail and any attachments are confidential. If it is not intended for 
you, please notify the sender, and please erase and ignore the contents.
___
Openvas-discuss mailing list
Openvas-discuss@wald.intevation.org
https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss

Re: [Openvas-discuss] updating scap data fails

[Kent Fritz]

I just confirmed that OOM did invoke around the time that the failure occurred 
for me.

From: Openvas-discuss [mailto:openvas-discuss-boun...@wald.intevation.org] On 
Behalf Of Alexander Rau
Sent: Tuesday, February 24, 2015 8:01 PM
To: Timo Pollmeier
Cc: openvas-discuss@wald.intevation.org
Subject: Re: [Openvas-discuss] updating scap data fails

Adding a split clip level of 50MB (51200 KB) and copying the xml_split file 
into /usr/local/share/openvas/scap/ worked for me.

Alex

On Tue, Feb 24, 2015 at 5:30 AM, Timo Pollmeier 
timo.pollme...@greenbone.netmailto:timo.pollme...@greenbone.net wrote:
Hello,

To me, the problem looks like the out-of-memory error Ben described as well. 
Increasing the amount of memory should help, but if that isn't an option you 
can use the SPLIT_PART_SIZE setting like he suggested.

I mainly wanted to add that for the SPLIT_PART_SIZE setting to work, you need 
to have the python script xml_split installed.

It is currently not installed by default, but it can be found in tools/extra of 
the manager sources and it has to be copied to
[...]/share/openvas/scap/, with [...] being the prefix of the OpenVAS 
installation (in Alex' case it should be /usr/local).


Best regards,

Timo


On 02/24/2015 09:36 AM, Benoît Allard wrote:
I Alex,

On 02/23/2015 10:06 PM, Alexander Rau wrote:
Hi:

I am running openvas-scapdata-sync during initial install and am getting
the following error

[i] Updating /usr/local/var/lib/openvas/scap-data/nvdcve-2.0-2011.xml
Killed
-:1217905: parser error : AttValue: ' expected
 cpe-lang:fact-ref name=c
   ^
-:1217905: parser error : attributes construct error
 cpe-lang:fact-ref name=c
   ^
-:1217905: parser error : Couldn't find end of Start Tag fact-ref line
1217905
 cpe-lang:fact-ref name=c
   ^
-:1217905: parser error : Premature end of data in tag logical-test line
1215810
 cpe-lang:fact-ref name=c
   ^
-:1217905: parser error : Premature end of data in tag
vulnerable-configuration line 1215809
 cpe-lang:fact-ref name=c
   ^
-:1217905: parser error : Premature end of data in tag entry line 1215808
 cpe-lang:fact-ref name=c
   ^
-:1217905: parser error : Premature end of data in tag nvd line 2
 cpe-lang:fact-ref name=c
   ^
unable to parse -
[e] Update of CVEs failed at file
'/usr/local/var/lib/openvas/scap-data/nvdcve-2.0-2011.xml': xsltproc exited
with code 137

This is for OpenVAS 8 on Debian 7

I bet that if you look in your kernel logs, you will see the famous OOM
killer acting and killing an xslt process.

In the SCAP scripts, we introduced a setting to process the huge XML
files in chunks. That setting was introduced some time ago already.

Look for the SPLIT_PART_SIZE setting on top of the scap-sync script, and
set it to a sensible value, this should prevent your problem from
happening again.

Regards,
Ben.

--
Timo Pollmeier | Greenbone Networks GmbH | http://www.greenbone.net/
Neuer Graben 17, 49074 Osnabrück, Germany | AG Osnabrück, HR B 202460
Executive Directors: Lukas Grunwald, Dr. Jan-Oliver Wagner
___
Openvas-discuss mailing list
Openvas-discuss@wald.intevation.orgmailto:Openvas-discuss@wald.intevation.org
https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss




This e-mail and any attachments are confidential. If it is not intended for 
you, please notify the sender, and please erase and ignore the contents.
___
Openvas-discuss mailing list
Openvas-discuss@wald.intevation.org
https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss