Re: [Openvas-discuss] Weak ciphers in the OpenVas deamon...
On Donnerstag, 11. Juni 2015, Rajesh Bhavsar wrote: I have installed OpenVAS 7 in CenOS 6.4. I am facing a problem of weak Ciphers and POODLE for OpenVAS System scan. I found on Openvas Discussion forum that following command will remove the vulnerabilities with OpenVAS 7 and GSAD 5 but after running command on CentOS when I scan the system I still get the same vulnerabilities. gsad --gnutls-priorities=SECURE128:-AES-128-CBC:-CAMELLIA-128-CBC:-VERS-SSL3.0:- VERS-TLS1.0 In general, you need to have a libgnutls installed that has the capabilities for this priority string. gsad just passes the string over. As Harald and Eero stated: Upgrading the base system will help. Because this will update gnutls as well. -- Dr. Jan-Oliver Wagner | +49-541-335084-0 | http://www.greenbone.net/ Greenbone Networks GmbH, Neuer Graben 17, 49074 Osnabrück | AG Osnabrück, HR B 202460 Geschäftsführer: Lukas Grunwald, Dr. Jan-Oliver Wagner ___ Openvas-discuss mailing list Openvas-discuss@wald.intevation.org https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss
[Openvas-discuss] OpenVAS DevCon #5: See you soon
Hello OpenVAS DevCon#5 participants, everything is arranged for next week and I am looking forward to meet you. Please remind to contact the devcon team for any questions like travel assistance etc. Please also prepare yourself with regard to feature discussions. For topics, questions or proposals you have: In our first session we will collect these and do the detailed planning for the conference. All the best Jan -- Dr. Jan-Oliver Wagner | +49-541-335084-0 | http://www.greenbone.net/ Greenbone Networks GmbH, Neuer Graben 17, 49074 Osnabrück | AG Osnabrück, HR B 202460 Geschäftsführer: Lukas Grunwald, Dr. Jan-Oliver Wagner ___ Openvas-discuss mailing list Openvas-discuss@wald.intevation.org https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss
Re: [Openvas-discuss] openvasdm hangs while rebuilding
On Montag, 8. Juni 2015, Narancs wrote: I've installed openvas via atomic repo on centos 7/x64 in March 2015. it was working fine until now. (opevas 7) after the last upgrade (yum update -y), openvasmd hangs on rebuilding the database can't run any task via gsad. hangs or just takes very long? I could imagine it is about a interference of old and new processes or about a full feed update update with a slow disk. From your log file I conclude that the migration was done already. What you could do is, only start openvassd and then run a openvasmd --rebuild. This way you do not have another openvasmd potentially interfering. However, I am not familiar with the centos packages. -- Dr. Jan-Oliver Wagner | +49-541-335084-0 | http://www.greenbone.net/ Greenbone Networks GmbH, Neuer Graben 17, 49074 Osnabrück | AG Osnabrück, HR B 202460 Geschäftsführer: Lukas Grunwald, Dr. Jan-Oliver Wagner ___ Openvas-discuss mailing list Openvas-discuss@wald.intevation.org https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss
Re: [Openvas-discuss] Killing a Requested slave task
On Montag, 15. Juni 2015, Brian Chabot wrote: I'm working on setting a master and three slaves and I have a question about this situation. I create a task and set it to run and for whatever reason the slave is not picking it up. How can I stop or cancel this task without interrupting other tasks? first of all this should not happen. A task should always be stoppable, at least after some timeout. So there is likely a bug for a special situation. Restarting manager will set all tasks to Stopped. If you want to keep other scans alive, you need to go into the process table and kill the right openvasmd process. It s a bit tricky to find out the right one though. I usually use htop to find out and kill in such situations. -- Dr. Jan-Oliver Wagner | +49-541-335084-0 | http://www.greenbone.net/ Greenbone Networks GmbH, Neuer Graben 17, 49074 Osnabrück | AG Osnabrück, HR B 202460 Geschäftsführer: Lukas Grunwald, Dr. Jan-Oliver Wagner ___ Openvas-discuss mailing list Openvas-discuss@wald.intevation.org https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss
Re: [Openvas-discuss] Token Missing or bad,please login again
On Montag, 1. Juni 2015, Saurav, Rajeev wrote: I am seeing omp service is down while login GSA. Token missing or bad. Please login again Token missing and OMP down are two unrelated things. I assume you refer to the token-problem. Please help me if anyone came across such issue before. if you use several tabs of your browser you can invalidate the token for a tab when you login anew in another. Thats the usual reason why you see this. -- Dr. Jan-Oliver Wagner | +49-541-335084-0 | http://www.greenbone.net/ Greenbone Networks GmbH, Neuer Graben 17, 49074 Osnabrück | AG Osnabrück, HR B 202460 Geschäftsführer: Lukas Grunwald, Dr. Jan-Oliver Wagner ___ Openvas-discuss mailing list Openvas-discuss@wald.intevation.org https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss
Re: [Openvas-discuss] (no subject)
On Donnerstag, 18. Juni 2015, emrah leader wrote: Please follow the hint at the end of your log file. The INSTALL file of OpenVAS Manager explains how to create a user. -- Dr. Jan-Oliver Wagner | +49-541-335084-0 | http://www.greenbone.net/ Greenbone Networks GmbH, Neuer Graben 17, 49074 Osnabrück | AG Osnabrück, HR B 202460 Geschäftsführer: Lukas Grunwald, Dr. Jan-Oliver Wagner ___ Openvas-discuss mailing list Openvas-discuss@wald.intevation.org https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss
Re: [Openvas-discuss] Client not present error in OpenVAS 8
I was able to solve the issue - thanks all those that helped. Note, it turned out it had nothing to do with CentOS 6 - OpenVAS 8 should work just fine installed on CentOS 6 so long as you build the libraries in /usr/local/... and not /usr/...Heres the problem / solution:Problem: I was not getting reports from my scans - the scans were working (I knew this because of the length of time they were taking and the fact that I was seeing results - just not reports or hosts in the Asset Management).Detail: It turns out that the report generation code is installed into /share/openvas/. The /share directory (and all sub-directories) are chmod 700. That seems OK since Im logged in as root and running the omp commands as root. However, the report generation process is kicked off as user 99 (AKA: nobody) and that user does not have permissions to access the /share directory tree. Solution: My solution is low tech (perhaps a developer can adjust the build scripts...) all I did was chmod the directory so that others can access it:find /share -type d -exec chmod 755 {} \;find /share -type f -exec chmod og+rX {} \;NOTE: once I did this I was able to access the reports via omp command AND vie the GSA GUI - I didnt even need to re-run the scans :)Those commands open up the /share directory structure so that anyone can access the report generation code. Possible development changes:- move report code out of /share/openvas and into the /var/lib/openvas- set a mask so that when /share is created and files are written into it they have the proper chmod so that nobody can access themBrianOn June 16, 2015 at 2:46 PM Eero Volotinen eero.voloti...@iki.fi wrote:Redhat uses technique called backporting, so hand compling libraries from sources usually breaks system totally, if done without proper knowledge as it looks.Please do as we told and use centos 7.1 or older version of openvas.--Eero2015-06-16 20:58 GMT+03:00 Brian Thompson bthomp...@wyetechllc.com:That will be my last resort. Our entire shop is CentOS 6, Id rather not introduce an exception to the environment unless I have no other choice. BrianOn June 16, 2015 at 9:53 AM Eero Volotinen eero.voloti...@iki.fi wrote:How about using centos 7 instead of blindy compiling libraries by hand.Openvas8 works fine on centos 7.1--Eero2015-06-16 16:27 GMT+03:00 Brian Thompson bthomp...@wyetechllc.com:When I try and attach to an old report I see the following in the *md.logreport_severity: max(severity)=0.0command: /bin/sh /share/openvas/openvasmd/global_report_formats/a994b278-1f62-11e1-96ac-406186ea4fc5/generate /tmp/openvasmd_T3aKoY/report.xml /tmp/openvasmd_T3sKoY/report.out 2 /dev/nullIf I start a new scan I see:Connected to server on socket 15.Status of task Immediate scan of IP openv (uuid) has changed to RequestedTask uuid has been requested to start by adminStatus of task Immediate scan of IP openv (UUID) has changed to RunningFailed to shake hands with peer: The TLS connection was non-properly terminated.serve_client: failed to attach client session to socket 9Failed to gnutls_bye: GnuTLS internal error.(Then a bunch of Shook hands with peer. until the job finishes)Failed to shake hands with peer: The TLS connection was non-properly terminated.server_client: failed to attach client session to socket 9Failed to gnutls_bye: GnuTLS internal error.Status of task Immediate scan of IP openv (UUID) has changed to DoneI think were on to something. Im using gnutls-3.2.14 which I compiled myself since the CentOS 6 supplied version was too old (2.8.5), but based on the errors above it looks like there is something wrong with either the build or the version...Any ideas? Perhaps its just a linking/path problem (perhaps its finding the older version when it should be finding the compiled files)?BrianOn June 16, 2015 at 3:14 AM Michael Meyer michael.me...@greenbone.net wrote:*** Brian Thompson wrote: But still no reports generated.Set all level to 128 in /etc/openvas/openvasmd_log.conf and startmanager with -v. Watch /var/log/openvas/openvasmd.log whenaccessing a report. Maybe youll see something that helps.Micha-- Michael Meyer OpenPGP Key: 0xAF069E9152A6EFA6 http://www.greenbone.net/Greenbone Networks GmbH, Neuer Graben 17, 49074 Osnabrck | AGOsnabrck, HR B 202460Geschftsfhrer: Lukas Grunwald, Dr. Jan-Oliver Wagner___Openvas-discuss mailing listOpenvas-discuss@wald.intevation.orghttps://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss___ Openvas-discuss mailing list Openvas-discuss@wald.intevation.org https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss ___ Openvas-discuss mailing list Openvas-discuss@wald.intevation.org https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss
Re: [Openvas-discuss] OpenVAS Manager Stops @ Midnight
On Dienstag, 2. Juni 2015, Turner,Jonas wrote: Does anyone else have this issue, or perhaps know what job is running to kill the OpenVAS Manager? Recently, every night around midnight...the service stops and in the log...it states it can't bind to address. Anyone know of a job that would be doing this? are you working with trunk and pg and the sync as cron for midnight? There is currently a bug that kills manager during a feed sync for this setup. -- Dr. Jan-Oliver Wagner | +49-541-335084-0 | http://www.greenbone.net/ Greenbone Networks GmbH, Neuer Graben 17, 49074 Osnabrück | AG Osnabrück, HR B 202460 Geschäftsführer: Lukas Grunwald, Dr. Jan-Oliver Wagner ___ Openvas-discuss mailing list Openvas-discuss@wald.intevation.org https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss
[Openvas-discuss] Missing CVEs
Hi all! I just noticed that in OpenVAS feeds there are some CVEs missing. They are not very old and not very new (end 2014, begining of 2015) and they are not reserved CVE-IDs. Examples: CVE-2015-0051 CVE-2015-0069 CVE-2015-0316 Some questions: Anybody knows why some CVEs like those are not in the feed? Is there anyway of adding (contribute) the lost CVEs to the feeds? Is there anyway of adding manually the lost CVEs to an implementation? Thank you! Kind Regards A. ___ Openvas-discuss mailing list Openvas-discuss@wald.intevation.org https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss
Re: [Openvas-discuss] Missing CVEs
Hi, Examples: CVE-2015-0051 CVE-2015-0069 CVE-2015-0316 all three CVEs are already in the feed as you can see here: CVE-2015-0051 CVE-2015-0069 http://plugins.openvas.org/index.php?oid=805136 CVE-2015-0316 http://plugins.openvas.org/index.php?oid=805443 http://plugins.openvas.org/index.php?oid=805270 http://plugins.openvas.org/index.php?oid=805442 The search of http://plugins.openvas.org is a nice way of searching for existing NVTs for specific CVEs. Anybody knows why some CVEs like those are not in the feed? If a CVE is missing it mostly has an simple answer: No one had the time yet to implement it :-) Is there anyway of adding (contribute) the lost CVEs to the feeds? Is there anyway of adding manually the lost CVEs to an implementation? Most infos how to write NVTs are collected here: http://openvas.org/nvt-dev.html -- Chris ___ Openvas-discuss mailing list Openvas-discuss@wald.intevation.org https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss
[Openvas-discuss] Can't get openvasmd to build the database
A long time ago, I posted about an issue where OpenVAS was not loading custom plugins. I could run them with the openvas-nasl command-line tool, but they would not appear in GSA as a plugin I could add to a scan config. At the time, I was running OpenVAS 5. I recently tried to update to OpenVAS 8 and I seem to have completely broken my install. I downloaded the source for all the OpenVAS 8 components, built, and installed them. I migrated the database with openvasmd --migrate, and all was good, except I was finding that OpenVAS *still* wasn't loading my custom plugins. I looked in the openvassd.messages log, and it said it was loading them, but when I try to make a scan config, they're not in the list of plugins. I decided to try deleting my tasks.db database and starting over, and everything went to hell. I've done so many things in the last couple days to try to fix it that I can't really retrace my steps effectively, but I can tell you what's happening now. Starting with no tasks.db file and no certificates but with the plugins downloaded, I take the following steps: Run openvas-check-setup, it says there's no CA certificate for the scanner and to run openvas-mkcert. I do that and accept all the default options and the certs get built and installed. Next, openvas-check-setup says to make the certs for the manager with openvas-mkcert-client -n -i, I do that, again with default options. Next it says that there's no OpenVAS manager database and to run openvasmd --rebuild while the scanner is running. I run openvassd, then openvasmd --rebuild. It only takes about 6 seconds. Then check setup says to create a user, so I do so. I run openvas-check-setup again, but now there's a problem. It says the number of NVTs in the database is too low and to run openvasmd --rebuild while the scanner is running, but it ALSO says that the scanner isn't running and that I need to start it, but it actually *is* running. If I do `ps aux | grep openvas` then I can see openvassd is running and Waiting for incoming connections. If I try to run openvasmd --rebuild anyways, it immediately returns. I check the openvasmd.log file, and it says the certificate is not trusted and doesn't have a known issuer. Strange...I run openvas-mkcert again and restart openvassd, then try to openvasmd --rebuild again. It returns after a few seconds, and openvas-check-setup still says the scanner isn't running and I need to rebuild the database. I check the openvasmd log again and this time, it says openvas_scanner_read: failed to read from server: A TLS packet with unexpected length was received. I've attached the openvas-check-setup.log file from my last run. openvas-check-setup.log Description: openvas-check-setup.log ___ Openvas-discuss mailing list Openvas-discuss@wald.intevation.org https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss