date:20151214

[Openvas-discuss] Can not start scanning in openvas on kali 2.0

2015-12-14 Thread adamhj

Hello,

I run a distupgrade to kali 2.0 days before and now found that openvas can
not work correctly

I can log into the web console and create scan tasks, but no task will
start. Clicking start on tasks reports:
[QUOTE]Operation: Start Task
Status code: 503
Status message: Service temporarily down[/QUOTE]

checked the openvasmd log and found this:
--
lib  serv:WARNING:2015-12-11 05h16.22 UTC:4668: Failed to shake hands with
peer: The TLS connection was non-properly terminated.
lib  serv:WARNING:2015-12-11 05h16.22 UTC:4668: Failed to shutdown server
socket
event task:MESSAGE:2015-12-11 05h16.22 UTC:4668: Task
db60c538-ad1e-4f6f-9cd1-3e80b9926d46 could not be started by admin
--

tried openvas initial setup and got no luck

tried delete openvas CA cert manually and re-generate them
with openvas-mkcert/openvas-mkcert-client and the problem is still their

tried run openvas-setup line by line manually and found that *openvasmd
--rebuild --progress* will fail:
--
Rebuilding NVT cache... failed.
--

the error in log file looks the same:
--
lib  serv:WARNING:2015-12-11 05h21.23 utc:4701: Failed to shake hands with
peer: The TLS connection was non-properly terminated.
lib  serv:WARNING:2015-12-11 05h21.23 utc:4701: Failed to shutdown server
socket
--

openvas-check-setup runs without error:
--
root@kali:~# openvas-check-setup --v8
openvas-check-setup 2.3.0
  Test completeness and readiness of OpenVAS-8
  (add '--v6' or '--v7' or '--9'
   if you want to check for another OpenVAS version)

  Please report us any non-detected problems and
  help us to improve this check routine:
  http://lists.wald.intevation.org/mailman/listinfo/openvas-discuss

  Send us the log-file (/tmp/openvas-check-setup.log) to help analyze the
problem.

  Use the parameter --server to skip checks for client tools
  like GSD and OpenVAS-CLI.

Step 1: Checking OpenVAS Scanner ...
OK: OpenVAS Scanner is present in version 5.0.1.
OK: OpenVAS Scanner CA Certificate is present as
/var/lib/openvas/CA/cacert.pem.
OK: OpenVAS Scanner server certificate is valid and present as
/var/lib/openvas/CA/servercert.pem.
OK: NVT collection in /var/lib/openvas/plugins contains 44735 NVTs.
WARNING: Signature checking of NVTs is not enabled in OpenVAS
Scanner.
SUGGEST: Enable signature checking (see
http://www.openvas.org/trusted-nvts.html).
OK: The NVT cache in /var/cache/openvas contains 71963 files for
44735 NVTs.
OK: redis-server is present in version v=2.8.17.
OK: scanner (kb_location setting) is configured properly using the
redis-server socket: /var/lib/redis/redis.sock
OK: redis-server is running and listening on socket:
/var/lib/redis/redis.sock.
OK: redis-server configuration is OK and redis-server is running.
Step 2: Checking OpenVAS Manager ...
OK: OpenVAS Manager is present in version 6.0.1.
OK: OpenVAS Manager client certificate is valid and present as
/var/lib/openvas/CA/clientcert.pem.
OK: OpenVAS Manager database found in /var/lib/openvas/mgr/tasks.db.
OK: Access rights for the OpenVAS Manager database are correct.
OK: At least one user exists.
OK: sqlite3 found, extended checks of the OpenVAS Manager
installation enabled.
OK: OpenVAS Manager database is at revision 146.
OK: OpenVAS Manager expects database at revision 146.
OK: Database schema is up to date.
OK: OpenVAS Manager database contains information about 39009 NVTs.
OK: OpenVAS SCAP database found in
/var/lib/openvas/scap-data/scap.db.
OK: OpenVAS CERT database found in
/var/lib/openvas/cert-data/cert.db.
OK: xsltproc found.
Step 3: Checking user configuration ...
WARNING: Your password policy is empty.
SUGGEST: Edit the /etc/openvas/pwpolicy.conf file to set a password
policy.
Step 4: Checking Greenbone Security Assistant (GSA) ...
OK: Greenbone Security Assistant is present in version 6.0.1.
Step 5: Checking OpenVAS CLI ...
OK: OpenVAS CLI version 1.4.0.
Step 6: Checking Greenbone Security Desktop (GSD) ...
SKIP: Skipping check for Greenbone Security Desktop.
Step 7: Checking if OpenVAS services are up and running ...
OK: netstat found, extended checks of the OpenVAS services enabled.
OK: OpenVAS Scanner is running and listening only on the local
interface.
OK: OpenVAS Scanner is listening on port 9391, which is the default
port.
WARNING: OpenVAS Manager is running and listening only on the local
interface.
This means that you will not be able to access the OpenVAS Manager
from the
outside using GSD or OpenVAS CLI.
SUGGEST: Ensure that OpenVAS Manager listens on all interfaces
unless you want

Re: [Openvas-discuss] Can not start scanning in openvas on kali 2.0

2015-12-14 Thread Eero Volotinen

How about reinstalling latest kali and openvas?

erh.  sound like typical kali problem, it just won't work :)

--
Eero

2015-12-14 11:27 GMT+02:00 adamhj :

> Hello,
>
> I run a distupgrade to kali 2.0 days before and now found that openvas can
> not work correctly
>
> I can log into the web console and create scan tasks, but no task will
> start. Clicking start on tasks reports:
> [QUOTE]Operation: Start Task
> Status code: 503
> Status message: Service temporarily down[/QUOTE]
>
> checked the openvasmd log and found this:
> --
> lib  serv:WARNING:2015-12-11 05h16.22 UTC:4668: Failed to shake hands with
> peer: The TLS connection was non-properly terminated.
> lib  serv:WARNING:2015-12-11 05h16.22 UTC:4668: Failed to shutdown server
> socket
> event task:MESSAGE:2015-12-11 05h16.22 UTC:4668: Task
> db60c538-ad1e-4f6f-9cd1-3e80b9926d46 could not be started by admin
> --
>
> tried openvas initial setup and got no luck
>
> tried delete openvas CA cert manually and re-generate them
> with openvas-mkcert/openvas-mkcert-client and the problem is still their
>
> tried run openvas-setup line by line manually and found that *openvasmd
> --rebuild --progress* will fail:
> --
> Rebuilding NVT cache... failed.
> --
>
> the error in log file looks the same:
> --
> lib  serv:WARNING:2015-12-11 05h21.23 utc:4701: Failed to shake hands with
> peer: The TLS connection was non-properly terminated.
> lib  serv:WARNING:2015-12-11 05h21.23 utc:4701: Failed to shutdown server
> socket
> --
>
> openvas-check-setup runs without error:
> --
> root@kali:~# openvas-check-setup --v8
> openvas-check-setup 2.3.0
>   Test completeness and readiness of OpenVAS-8
>   (add '--v6' or '--v7' or '--9'
>if you want to check for another OpenVAS version)
>
>   Please report us any non-detected problems and
>   help us to improve this check routine:
>   http://lists.wald.intevation.org/mailman/listinfo/openvas-discuss
>
>   Send us the log-file (/tmp/openvas-check-setup.log) to help analyze the
> problem.
>
>   Use the parameter --server to skip checks for client tools
>   like GSD and OpenVAS-CLI.
>
> Step 1: Checking OpenVAS Scanner ...
> OK: OpenVAS Scanner is present in version 5.0.1.
> OK: OpenVAS Scanner CA Certificate is present as
> /var/lib/openvas/CA/cacert.pem.
> OK: OpenVAS Scanner server certificate is valid and present as
> /var/lib/openvas/CA/servercert.pem.
> OK: NVT collection in /var/lib/openvas/plugins contains 44735 NVTs.
> WARNING: Signature checking of NVTs is not enabled in OpenVAS
> Scanner.
> SUGGEST: Enable signature checking (see
> http://www.openvas.org/trusted-nvts.html).
> OK: The NVT cache in /var/cache/openvas contains 71963 files for
> 44735 NVTs.
> OK: redis-server is present in version v=2.8.17.
> OK: scanner (kb_location setting) is configured properly using the
> redis-server socket: /var/lib/redis/redis.sock
> OK: redis-server is running and listening on socket:
> /var/lib/redis/redis.sock.
> OK: redis-server configuration is OK and redis-server is running.
> Step 2: Checking OpenVAS Manager ...
> OK: OpenVAS Manager is present in version 6.0.1.
> OK: OpenVAS Manager client certificate is valid and present as
> /var/lib/openvas/CA/clientcert.pem.
> OK: OpenVAS Manager database found in
> /var/lib/openvas/mgr/tasks.db.
> OK: Access rights for the OpenVAS Manager database are correct.
> OK: At least one user exists.
> OK: sqlite3 found, extended checks of the OpenVAS Manager
> installation enabled.
> OK: OpenVAS Manager database is at revision 146.
> OK: OpenVAS Manager expects database at revision 146.
> OK: Database schema is up to date.
> OK: OpenVAS Manager database contains information about 39009 NVTs.
> OK: OpenVAS SCAP database found in
> /var/lib/openvas/scap-data/scap.db.
> OK: OpenVAS CERT database found in
> /var/lib/openvas/cert-data/cert.db.
> OK: xsltproc found.
> Step 3: Checking user configuration ...
> WARNING: Your password policy is empty.
> SUGGEST: Edit the /etc/openvas/pwpolicy.conf file to set a
> password policy.
> Step 4: Checking Greenbone Security Assistant (GSA) ...
> OK: Greenbone Security Assistant is present in version 6.0.1.
> Step 5: Checking OpenVAS CLI ...
> OK: OpenVAS CLI version 1.4.0.
> Step 6: Checking Greenbone Security Desktop (GSD) ...
> SKIP: Skipping check for Greenbone Security Desktop.
> Step 7: Checking if OpenVAS services are up and running ...
> OK: netstat found, extended checks of the OpenVAS services enabled.
> OK: OpenVAS Scanner is running and listening only on the local
> interface.
>

[Openvas-discuss] Openvas 8

2015-12-14 Thread fbrand .

Hi,

I have Openvas 8 on Kali and have gone through the setups, and done the
"trusted NVT's" added the gnupg folder in /etc/openvas and have set it for
gpg HOMEDIR.

When I try to do just a quick scan of any ip the openvassd.messages give me

"
..
[Wed Dec  9 21:27:45 2015][10987]
/var/lib/openvas/plugins/pre2008/check_ports.nasl: bad or missing
signature. Will not execute this script
[Wed Dec  9 21:27:45 2015][10986]
/var/lib/openvas/plugins/pre2008/scan_info.nasl: bad or missing signature.
Will not execute this script
[Wed Dec  9 21:27:46 2015][11090]
/var/lib/openvas/plugins/2011/system_characteristics.nasl: bad or missing
signature. Will not execute this script
[Wed Dec  9 21:27:46 2015][11098]
/var/lib/openvas/plugins/Policy/gb_policy_cpe.nasl: bad or missing
signature. Will not execute this script
[Wed Dec  9 21:27:46 2015][11099]
/var/lib/openvas/plugins/2009/cpe_policy.nasl: bad or missing signature.
Will not execute this script
[Wed Dec  9 21:27:46 2015][11151]
/var/lib/openvas/plugins/Policy/gb_policy_cpe_ok.nasl: bad or missing
signature. Will not execute this script
[Wed Dec  9 21:27:46 2015][11150]
/var/lib/openvas/plugins/Policy/gb_policy_cpe_violation.nasl: bad or
missing signature. Will not execute this script
[Wed Dec  9 21:27:46 2015][2286] Finished testing 192.168.0.100. Time :
23.90 secs
[Wed Dec  9 21:27:46 2015][2281] Test complete
[Wed Dec  9 21:27:46 2015][2281] Total time to scan all hosts : 28 seconds
"

I think I have really tried everything.

Would really appreciaed any help.

Regards,
Frederik
___
Openvas-discuss mailing list
Openvas-discuss@wald.intevation.org
https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss

Re: [Openvas-discuss] Can not start scanning in openvas on kali 2.0

2015-12-14 Thread Helmut Koers

In case you create new certificates, you have to update manager's record 
of the certificates used for that scanner?

https://svn.wald.intevation.org/svn/openvas/trunk/openvas-manager/INSTALL 
-> "Updating Scanner Certificates"


15.12.201508:04:44"Openvas-discuss" 
 wrote on 15.12.2015 
08:04:44:

> From: ad
amhj > To: Eero Volotinen , > Cc: "openvas-discuss@wald.intevation.org" 
 discu
s...@wald.intevation.org>>
 Date: 15.12.2015 08:05> Subject: Re: [Openvas-discuss] Can not start 
scanning
 in openvas on kali 2.0> Sent by: "Openvas-discuss" > 
> Ok, I've fixed the problem by clean all directories named openvas on
> disk and resintal
led openvas with apt..
> But the problem comes back as i re-generated those cer
ts for a long lifetime
> What I did is:
> 
---
> openvas-mkcert -f> [follow the prompt to fill in CA/
server cert infomation]> openvas-mkcert-client -i
> [follow the prompt to fill in 
client cert infomation]> [restart manager, scanner
 and greenbone service]> -
--
> New generated certs can pass those openssl tests in the openvas-
> setup script, but when it come to a scan, the tls error comes again:
> ---
> lib  serv:WARNING:2015-12-15 06h51.51 UTC:25599: Failed to shake 
> hands with peer: The TLS connection was non-properly terminated.
> lib  serv:WARNING:2015-12-15 06h51.51 UTC:25599: Failed to shutdown 
> server socket
> event task:MESSAGE:2015-12-15 06h51.51 UTC:25599: Task 60bd5e91-
> edd2-4757-b0dd-fd173d28eafd could not be started by admin
> -
--
> Did I do something wrong? It seems like that openvas has remembered 
> the first certs I generated after a clean install and rejected newer
> ones. What is the correct way t
o replace 
these certs?
> Regards,> Adam.H___
> Openvas-discuss mailing list
> Openvas-discuss@wald.intevation.org
> 
https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss___
Openvas-discuss mailing list
Openvas-discuss@wald.intevation.org
https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss

Re: [Openvas-discuss] Can not start scanning in openvas on kali 2.0

2015-12-14 Thread Chris

Hi,

>It seems like that openvas has remembered the
>first certs I generated after a clean install and rejected newer ones.
>What
>is the correct way to replace these certs?

have a look at this mailinglist post for some pointers:

http://lists.wald.intevation.org/pipermail/openvas-discuss/2015-November/008929.html
___
Openvas-discuss mailing list
Openvas-discuss@wald.intevation.org
https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss

Re: [Openvas-discuss] Importing Report

2015-12-14 Thread Ehsan Safdari

I created  user as "Observers" and assigned it with "get_tasks" permission
to the belonging tasks. but the report is empty even i scanned after and
before its creation .

how can i read report result of one scan from another user ? please
help

On Fri, Dec 11, 2015 at 12:26 PM, Ehsan Safdari  wrote:

> Then we don't have any option to import report to new user in web
> interface of OpenVAS 8 ?
>
> from where can i assign "get_task" permission is it form web interface or
> command line in Linux ?
>
> On Fri, Dec 11, 2015 at 12:20 PM, Helmut Koers 
> wrote:
>
>> You have to create the needed users as "Observers" and assign then with
>> "get_tasks" permission to the belonging tasks.
>>
>>
>> 11.12.201511:41:44"Openvas-discuss" <
>> openvas-discuss-boun...@wald.intevation.org> wrote on 11.12.2015
>> 11:41:44:
>>
>> > From: Ehsan Safda
>> ri > To: René Behring > ne.behr...@gmail.com>, > Cc: Openvas Mailingliste Englisch > s...@wald.intevation.org>>
>>  Date: 11.12.2015 11:41> Subject: Re: [Openvas-di
>> scuss] Importing Report> Sent by: "Openvas-discuss" > e...@wald.intevation.org>>
>> > thanks for answer but I will show the result to my colleges in
>> > OpenVAS Web UI not in any other format like PDF or different
>> > suppurated formats When I create an user Observer the
>>
>> report part is empty .
>> > my problem is importing report from different user prof
>> iles in OpenVAS Web UI >
>> > On Fri, Dec 11, 2015 at 11:29 AM, René Behring > hr...@gmail.com> wrote:> You can set the users as Observer or you create
>> an Alarm, which can
>> >
>> send R
>> eports via email.> Rene> Am 11.12.2015 11:23 schrieb "Ehsan Safdari
>> " :> I scan our network by Openvas and get the
>> report with admin user .
>> > Then I will share the result with my team members to solve them I
>> > created for each of one an user in OpenVAS but how can I import the
>> > report t
>> o their user profile .
>> > Or how we can use Web UI of OpenVas to only read efferent reports
>> > scanned by admi
>> n or different users?
>> > please h
>> elp thanks in advanced >
>> > ___
>> > Openvas-discuss mailing list
>> > Openvas-discuss@wald.intevation.org
>> > https://lists.wald.intevation.org/cgi-bin/mailman/l
>> istinfo/openvas-discuss> ___
>> > Openvas-discuss mailing list
>> > Openvas-discuss@wald.intevation.org
>> >
>> https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss
>
>
>
___
Openvas-discuss mailing list
Openvas-discuss@wald.intevation.org
https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss

Re: [Openvas-discuss] Importing Report

2015-12-14 Thread Rene Behring

I have created a standard Observer under Administration -> Users -> * with my 
admin account. The checkboxes "allow all and deny:“ where checkt. After that, i 
chose one of my Tasks. At the bottom of the task overview is "Permissions“ 
where i grant "read“ to "User“ observername and clicked the "*“ to create the 
Permission.
Now i can see all the reports for the task on my observer account and also 
download them.

Or are you trying to download a PDF but don’t have pdf support? Then you get a 
pdf file with 0Bytes. In that case try do download the HTML-Format.

Rene

> Am 14.12.2015 um 15:37 schrieb Ehsan Safdari :
> 
> I created  user as "Observers" and assigned it with "get_tasks" permission to 
> the belonging tasks. but the report is empty even i scanned after and before 
> its creation . 
> 
> how can i read report result of one scan from another user ? please help  
> 
> On Fri, Dec 11, 2015 at 12:26 PM, Ehsan Safdari  > wrote:
> Then we don't have any option to import report to new user in web interface 
> of OpenVAS 8 ? 
> 
> from where can i assign "get_task" permission is it form web interface or 
> command line in Linux ? 
> 
> On Fri, Dec 11, 2015 at 12:20 PM, Helmut Koers  > wrote:
> You have to create the needed users as "Observers" and assign then with 
> "get_tasks" permission to the belonging tasks. 
> 
> 
> 11.12.201511:41:44"Openvas-discuss" 
>  > wrote on 11.12.2015 
> 11:41:44:
> 
> > From: Ehsan Safda 
> ri >> To: René Behring  ne.behr...@gmail.com >, > Cc: Openvas 
> Mailingliste Englisch  s...@wald.intevation.org >> 
>  Date: 11.12.2015 11:41> Subject: Re: [Openvas-di 
> scuss] Importing Report> Sent by: "Openvas-discuss"  e...@wald.intevation.org >> 
> > thanks for answer but I will show the result to my colleges in 
> > OpenVAS Web UI not in any other format like PDF or different 
> > suppurated formats When I create an user Observer the
> 
> report part is empty .
> > my problem is importing report from different user prof 
> iles in OpenVAS Web UI > 
> > On Fri, Dec 11, 2015 at 11:29 AM, René Behring http://rene.be/> 
> hr...@gmail.com > wrote:> You can set the users as 
> Observer or you create an Alarm, which can 
> > 
> send R 
> eports via email.> Rene> Am 11.12.2015 11:23 schrieb "Ehsan Safdari 
> " >:> I scan our network by 
> Openvas and get the report with admin user . 
> > Then I will share the result with my team members to solve them I 
> > created for each of one an user in OpenVAS but how can I import the 
> > report t 
> o their user profile .
> > Or how we can use Web UI of OpenVas to only read efferent reports 
> > scanned by admi 
> n or different users? 
> > please h 
> elp thanks in advanced > 
> > ___
> > Openvas-discuss mailing list
> > Openvas-discuss@wald.intevation.org 
> > 
> > https://lists.wald.intevation.org/cgi-bin/mailman/l 
> >  
> istinfo/openvas-discuss> ___
> > Openvas-discuss mailing list
> > Openvas-discuss@wald.intevation.org 
> > 
> > https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss 
> > 
> 

___
Openvas-discuss mailing list
Openvas-discuss@wald.intevation.org
https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss

[Openvas-discuss] Can not start scanning in openvas on kali 2.0

Re: [Openvas-discuss] Can not start scanning in openvas on kali 2.0

[Openvas-discuss] Openvas 8

Re: [Openvas-discuss] Can not start scanning in openvas on kali 2.0

Re: [Openvas-discuss] Can not start scanning in openvas on kali 2.0

Re: [Openvas-discuss] Importing Report

Re: [Openvas-discuss] Importing Report

7 matches

Site Navigation

Mail list logo

Footer information