Re: [Openvas-discuss] Openvas scanner won't start

2017-08-25 Thread Ebert, Christian 
Hi,

I know they read the list. Sometimes it takes some time, but they read it.

Best regards

Christian Ebert
Chief Security Analyst, CISM, T.I.S.P.
Head of Penetration Testing

QSC AG
Mathias-Brüggen-Straße 55
50829 Köln

T  +49 221 669-8950
F  +49 221 669-85950
M  +49 163 6698950
christian.eb...@qsc.de
http://www.qsc.de

Besuchen Sie unsere Blogs:
Corporate Blog unter http://blog.qsc.de
Themen-Blog zur Digitalisierung unter 
http://digitales-wirtschaftswunder.de

Bitte finden Sie hier die handelsrechtlichen Pflichtangaben:
http://www.qsc.de/pflichtangaben

Von: Openvas-discuss [mailto:openvas-discuss-boun...@wald.intevation.org] Im 
Auftrag von Yohan Pipereau
Gesendet: Freitag, 25. August 2017 10:33
An: openvas-discuss@wald.intevation.org
Betreff: Re: [Openvas-discuss] Openvas scanner won't start


No problem :).

This is a bug I reported last week and it happens in a very particular 
situation.

Here are the details:

http://lists.wald.intevation.org/pipermail/openvas-discuss/2017-August/011380.html
By the way, does anyone know how I could report this bug to openVAS developpers?
I am not sure they read this ML.

Yohan
On 25/08/2017 01:47, Tyler Doman wrote:
That fixed it! Thanks a ton!






___

Openvas-discuss mailing list

Openvas-discuss@wald.intevation.org

https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss

___
Openvas-discuss mailing list
Openvas-discuss@wald.intevation.org
https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss

Re: [Openvas-discuss] Keep report after deleting task

2017-07-28 Thread Ebert, Christian 
Hi everyone,

we had a similar problem:

We had to modify the port list of *many* targets without loosing the results 
oft he previous scans.

Our solution works as follows (OpenVAS 8):


-  Make sure, all task are created as „alterable“

-  Create a dummy target

-  Modify the task and give it the dummy target

-  Mofify the orgininal task (portlist or …)

-  Modify the task again and give it the modified target

Maybe this can help.

Best regards

Christian Ebert
Chief Security Analyst, CISM, T.I.S.P.
Head of Penetration Testing

QSC AG
Mathias-Brüggen-Straße 55
50829 Köln

T  +49 221 669-8950
F  +49 221 669-85950
M  +49 163 6698950
christian.eb...@qsc.de
http://www.qsc.de

Besuchen Sie unsere Blogs:
Corporate Blog unter http://blog.qsc.de
Themen-Blog zur Digitalisierung unter 
http://digitales-wirtschaftswunder.de

Bitte finden Sie hier die handelsrechtlichen Pflichtangaben:
http://www.qsc.de/pflichtangaben

Von: Openvas-discuss [mailto:openvas-discuss-boun...@wald.intevation.org] Im 
Auftrag von Rémi Liquete
Gesendet: Donnerstag, 27. Juli 2017 20:13
An: Eero Volotinen 
Cc: openvas-discuss@wald.intevation.org
Betreff: Re: [Openvas-discuss] Keep report after deleting task

Ok, I will.

Thanks for you time and your help :)

Regards,
Rémi

Le 27 juil. 2017 8:00 PM, "Eero Volotinen" 
> a écrit :
that might require major modifications to sourcecode.

ask commercial consulting from greebone?

Eero

27.7.2017 5.42 ip. "Rémi Liquete" 
> kirjoitti:
Hi,

I'm getting crazy right now :(.

I made a task alterable so I could change the target.

However, when the task is no longer "new", I cannot change the target of the 
task anymore.

I tried to see what's possible to do in source code but this is a bit crazy to 
get in right now.

So, is really no solution for my need?
To remember,  here is what I need in other words :
Before each scan, I have to change my port lists and my targets. For doing it, 
I have to delete the task linked.
The problem is when I delete the tasks, I lost reports associated in greenbone 
web interface.
This is a real problem as I have to keep these reports in greenbone web 
interface.

Regards,
Rémi

Le 26 juil. 2017 5:01 PM, "Rémi Liquete" 
> a écrit :
I'm creating new tasks on each run because I can't modify port list and target 
while the task they are linked to is not deleted.
This is why I have to create tasks on each run, and doing it, delete also my 
reports.
So I think I have to check the source code :(.

Regards,
Rémi

2017-07-26 16:58 GMT+02:00 Eero Volotinen 
>:
that might not be possible without modifications to source code?

how about creating new task on each run?

Eero

2017-07-26 17:56 GMT+03:00 Rémi Liquete 
>:
I'm already creating task with scripts.
The goal is to keep reports in Greenbone (and not in disk) when I delete the 
task.
Regards,
Rémi.


2017-07-26 16:44 GMT+02:00 Eero Volotinen 
>:
How about creating tasks with scripts and deleting old results after saving 
reports to disk?

or creating new task on each scan.

Eero

2017-07-26 13:02 GMT+03:00 Rémi Liquete 
>:
Hi,
I'm creating a script based on PfSense Backup to create ports lists, tagets and 
tasks because these parameters are changing every day.
As it's impossible to modify ports lists and targets while they are in use, I 
have to delete what I've created each time the task is complete.
However I would like to keep reports generated by the tasks when I delete those 
tasks.
I'm able to get the reports in the server, but I would like to keep these in 
Greenbone interface, as long as other IT have to access to it (with proper 
permissions).
So the question is :
It is possible to keep reports when deleting tasks ?
Or is any way to modify ports lists and targets while in use so I have not to 
delete tasks.

Regards,
Rémi

___
Openvas-discuss mailing list
Openvas-discuss@wald.intevation.org
https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss




___
Openvas-discuss mailing list
Openvas-discuss@wald.intevation.org
https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss

Re: [Openvas-discuss] nic definition blanked for all tasks if undefined in Web UI dialog for a single NEW task during creation

2017-06-19 Thread Ebert, Christian 
Hi,

unfortunately I didn't get any response.

It should not be a configuration issue, because we found this problem on all 
our servers (production) AND on a fresh installation of OpenVAS 9 under Kali 
(out of the box).

We made a workaround, whichs works for us, but might not help in other 
situations:

We use the comment field for the interface description and start a script to 
bring the interface up before we start the scan and bring the interface down 
afterwards.

Maybe someone at Greenbone can give us some more information about that 
problem...

Christian Ebert
Chief Security Analyst, CISM, T.I.S.P.
Head of Penetration Testing
 
QSC AG
Mathias-Brüggen-Straße 55
50829 Köln
 
T  +49 221 669-8950
F  +49 221 669-85950
M  +49 163 6698950
christian.eb...@qsc.de
http://www.qsc.de 
 
Besuchen Sie unsere Blogs:
Corporate Blog unter http://blog.qsc.de 
Themen-Blog zur Digitalisierung unter http://digitales-wirtschaftswunder.de

 
Bitte finden Sie hier die handelsrechtlichen Pflichtangaben:
http://www.qsc.de/pflichtangaben
 

Am 19.06.2017 um 09:22 schrieb r.m6 <r...@univie.ac.at>:

Hi Christian,

did you get any feedback in the meanwhile - or did you find a solution? Is 
there any official instance to report bugs to? I am wondering why this problem 
is not more visible in the community. It is extremely distracting if you try to 
use openVAS in daily business.

Is there anybody in the community who does NOT see the described problem? This 
information would be very valuable too because it could give some hints if it 
is a general bug or if it only happens in some configuration.

Many thanks in advance!

> On 09.06.2017 10:33, Ebert, Christian wrote:
> Hi everyone,
> 
> we experienced exactly the same problem here. It happens in OpenVAS 8 
> (Debian8, Debian 9) as well as in OpenVAS 9 (Kali rolling release).
> 
> I did report that to this mailing list, but didn't get any response.
> 
> Best regards
> 
> Christian Ebert
> Chief Security Analyst, CISM, T.I.S.P.
> Head of Penetration Testing
>  
> QSC AG
> Mathias-Brüggen-Straße 55
> 50829 Köln
>  
> T  +49 221 669-8950
> F  +49 221 669-85950
> M  +49 163 6698950
> christian.eb...@qsc.de
> http://www.qsc.de 
>  
> Besuchen Sie unsere Blogs:
> Corporate Blog unter http://blog.qsc.de 
> Themen-Blog zur Digitalisierung unter http://digitales-wirtschaftswunder.de
> 
>  
> Bitte finden Sie hier die handelsrechtlichen Pflichtangaben:
> http://www.qsc.de/pflichtangaben
>  
> 
> Am 09.06.2017 um 08:46 schrieb r.m6 <r...@univie.ac.at>:
> 
> Dear openVAS Community,
> 
> we are using an openVAS 8 installation (ubuntu 16.04 server) with
> multiple scan interfaces (eth0, gre1, gre2) for vulnerability scanning.
> 
> Some tasks are configured for "Network Source Interface" (in the Web UI
> "Edit Task" dialog) eth0, some others for gre
> 
> We have observed that if the field "Network Source Interface" is (by
> accident) left blank when creating a new or editing an existing task,
> openVAS resets ALL other existing tasks for all OTHER openVAS user
> accounts on this openVAS instance to blank. This results in scanning
> from eth0 (the default) for ALL existing tasks - which is extremely
> annoying for scheduled tasks because the results are messed up, alerts
> are sent (because of the changed scan score) and each user has to repair
> each single task.
> 
> Did anyone else observe this behavior or - preferred :) - has a solution
> for this problem?
> 
> Many thanks in advance!
> 
> ___
> Openvas-discuss mailing list
> Openvas-discuss@wald.intevation.org
> https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss



smime.p7s
Description: S/MIME cryptographic signature
___
Openvas-discuss mailing list
Openvas-discuss@wald.intevation.org
https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss

[Openvas-discuss] XML error when exporting CPE definitions

2017-06-09 Thread Ebert, Christian 
Hi everyone,

 

We use OpenVAS 8 with Debian 9.

 

I try to export the CPE definitions to xml using the statement:

 

omp --username=$ADM --password=$ADMPW -iX ""

 

Basically it works fine. I get a XML output with the CPE definitions.

 

But:

(Part of the XML-Result)

 

  



  



 
cpe:/a:chialab__channelweb:bedita:3.0.1.2550_betula

 

When filling the , the ampersand and the quote inside the name are
escaped. But in  they are not.

 

So all XML tools fail, when trying to process this XML-file.

 

Fixing all these missing quotes with an editor helps. 

 

Could somebody look at this, please?

 

Best regards

 

Christian Ebert

Chief Security Analyst, CISM, T.I.S.P.

Head of Penetration Testing

 

QSC AG

Mathias-Brüggen-Straße 55

50829 Köln

 

T   +49 221 669-8950

F   +49 221 669-85950

M   +49 163 6698950

christian.eb...@qsc.de

http://  www.qsc.de 

 

Besuchen Sie auch unser Blog unter   http://blog.qsc.de


Bitte finden Sie hier die handelsrechtlichen Pflichtangaben:

  http://www.qsc.de/pflichtangaben

 



smime.p7s
Description: S/MIME cryptographic signature
___
Openvas-discuss mailing list
Openvas-discuss@wald.intevation.org
https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss

Re: [Openvas-discuss] nic definition blanked for all tasks if undefined in Web UI dialog for a single NEW task during creation

2017-06-09 Thread Ebert, Christian 
Hi everyone,

we experienced exactly the same problem here. It happens in OpenVAS 8 (Debian8, 
Debian 9) as well as in OpenVAS 9 (Kali rolling release).

I did report that to this mailing list, but didn't get any response.

Best regards

Christian Ebert
Chief Security Analyst, CISM, T.I.S.P.
Head of Penetration Testing
 
QSC AG
Mathias-Brüggen-Straße 55
50829 Köln
 
T  +49 221 669-8950
F  +49 221 669-85950
M  +49 163 6698950
christian.eb...@qsc.de
http://www.qsc.de 
 
Besuchen Sie unsere Blogs:
Corporate Blog unter http://blog.qsc.de 
Themen-Blog zur Digitalisierung unter http://digitales-wirtschaftswunder.de

 
Bitte finden Sie hier die handelsrechtlichen Pflichtangaben:
http://www.qsc.de/pflichtangaben
 

Am 09.06.2017 um 08:46 schrieb r.m6 :

Dear openVAS Community,

we are using an openVAS 8 installation (ubuntu 16.04 server) with
multiple scan interfaces (eth0, gre1, gre2) for vulnerability scanning.

Some tasks are configured for "Network Source Interface" (in the Web UI
"Edit Task" dialog) eth0, some others for gre

We have observed that if the field "Network Source Interface" is (by
accident) left blank when creating a new or editing an existing task,
openVAS resets ALL other existing tasks for all OTHER openVAS user
accounts on this openVAS instance to blank. This results in scanning
from eth0 (the default) for ALL existing tasks - which is extremely
annoying for scheduled tasks because the results are messed up, alerts
are sent (because of the changed scan score) and each user has to repair
each single task.

Did anyone else observe this behavior or - preferred :) - has a solution
for this problem?

Many thanks in advance!

___
Openvas-discuss mailing list
Openvas-discuss@wald.intevation.org
https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss


smime.p7s
Description: S/MIME cryptographic signature
___
Openvas-discuss mailing list
Openvas-discuss@wald.intevation.org
https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss

[Openvas-discuss] Bug in Handling Network Source Interface

2017-05-09 Thread Ebert, Christian 
Hi everyone,

we found a strange behaviour in OpenVAS 8 (under Debian 9 as well as under 
Kali) AND OpenVAS 9 (under Kali):


1)  Use alterable tasks

2)  For task A, define network source interface eth0

3)  Create task B without network source interface

4)  Look at task A, network source interface is blank.

5)  Create task C with network source interface eth0

6)  Create task D with network source interface eth0

7)  Modify task D, clear the network source interface

8)  Look at task C: network source interface is blank.

In other words:
Defining or modifying a task without network source interface clears ALL 
network source interfaces in ALL tasks.

Best regards

Christian Ebert
Chief Security Analyst, CISM, T.I.S.P.
Head of Penetration Testing

QSC AG
Mathias-Brüggen-Straße 55
50829 Köln

T  +49 221 669-8950
F  +49 221 669-85950
M  +49 163 6698950
christian.eb...@qsc.de
http://www.qsc.de

Besuchen Sie unsere Blogs:
Corporate Blog unter http://blog.qsc.de
Themen-Blog zur Digitalisierung unter 
http://digitales-wirtschaftswunder.de

Bitte finden Sie hier die handelsrechtlichen Pflichtangaben:
http://www.qsc.de/pflichtangaben

___
Openvas-discuss mailing list
Openvas-discuss@wald.intevation.org
https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss

Re: [Openvas-discuss] CVE-2017-5638

2017-03-17 Thread Ebert, Christian 
Hello,

thanks for the hint.

But I can't find the file in my NVT directory. The NVT sync says: feed is 
current.
And the newest NVTs are dated March, 6th.

What's going wrong?

Best regards

Christian Ebert
Chief Security Analyst, CISM, T.I.S.P.
Head of Penetration Testing

QSC AG
Mathias-Brüggen-Straße 55
50829 Köln

T  +49 221 669-8950
F  +49 221 669-85950
M  +49 163 6698950
christian.eb...@qsc.de<mailto:christian.eb...@qsc.de>
http://www.qsc.de

Besuchen Sie unsere Blogs:
Corporate Blog unter http://blog.qsc.de<http://blog.qsc.de/>
Themen-Blog zur Digitalisierung unter 
http://digitales-wirtschaftswunder.de<http://digitales-wirtschaftswunder.de/>

Bitte finden Sie hier die handelsrechtlichen Pflichtangaben:
http://www.qsc.de/pflichtangaben

Von: Antu Sanadi [mailto:sa...@secpod.com]
Gesendet: Freitag, 17. März 2017 13:05
An: Ebert, Christian <christian.eb...@qsc.de>; 
openvas-discuss@wald.intevation.org
Betreff: Re: [Openvas-discuss] CVE-2017-5638


Hi,

Already NVT (gb_apache_struts_CVE_2017_5638.nasl)  is available is OpenVAS feed.
It should detect the mentioned CVE vulnerability .

Thanks
Antu Sanadi
On Wednesday 15 March 2017 09:49 PM, Ebert, Christian wrote:
Hi everyone,

is there any possibility to use OpenVAS to check against the Apache Struts2 
vulnerability CVE-2017-5638?

There is an NMAP NSE:  
https://nmap.org/nsedoc/scripts/http-vuln-cve2017-5638.html

Does anybody have experience with this NSE? Is it reliable?

Best regards

Christian Ebert




___

Openvas-discuss mailing list

Openvas-discuss@wald.intevation.org<mailto:Openvas-discuss@wald.intevation.org>

https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss

___
Openvas-discuss mailing list
Openvas-discuss@wald.intevation.org
https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss

[Openvas-discuss] CVE-2017-5638

2017-03-15 Thread Ebert, Christian 
Hi everyone,

is there any possibility to use OpenVAS to check against the Apache Struts2 
vulnerability CVE-2017-5638?

There is an NMAP NSE:  
https://nmap.org/nsedoc/scripts/http-vuln-cve2017-5638.html

Does anybody have experience with this NSE? Is it reliable?

Best regards

Christian Ebert
___
Openvas-discuss mailing list
Openvas-discuss@wald.intevation.org
https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss

[Openvas-discuss] CSV reports

2017-02-22 Thread Ebert, Christian 
Dear OpenVAS Developer,

 

using the report format „CSV Results“ I found, that this report does NOT
export the notes, the original CVSS and the override notes.

 

Why not?

 

Wouldn’t it be a good idea to export these data too?

 

Best regards

 

Christian Ebert

Chief Security Analyst, CISM, T.I.S.P.

Head of Penetration Testing

 

QSC AG

Mathias-Brüggen-Straße 55

50829 Köln

 

T   +49 221 669-8950

F   +49 221 669-85950

M   +49 163 6698950

christian.eb...@qsc.de

http://  www.qsc.de 

 

Besuchen Sie auch unser Blog unter   http://blog.qsc.de


Bitte finden Sie hier die handelsrechtlichen Pflichtangaben:

  http://www.qsc.de/pflichtangaben

 



smime.p7s
Description: S/MIME cryptographic signature
___
Openvas-discuss mailing list
Openvas-discuss@wald.intevation.org
https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss

Re: [Openvas-discuss] Strange error extracting reports

2017-02-20 Thread Ebert, Christian 
Hi,

the hosts has 64 GB RAM.

Best regards

Christian Ebert
Chief Security Analyst, CISM, T.I.S.P.
Head of Penetration Testing

QSC AG
Mathias-Brüggen-Straße 55
50829 Köln

T+49 221 669-8950
F+49 221 669-85950
M+49 163 6698950
christian.eb...@qsc.de
http://www.qsc.de 

Besuchen Sie unsere Blogs:
Corporate Blog unter http://blog.qsc.de 
Themen-Blog zur Digitalisierung unter http://digitales-wirtschaftswunder.de


Bitte finden Sie hier die handelsrechtlichen Pflichtangaben:
http://www.qsc.de/pflichtangaben


Am 20.02.2017 um 15:26 schrieb Reindl Harald <h.rei...@thelounge.net>:



> Am 20.02.2017 um 15:18 schrieb Ebert, Christian:
> But with huge reports (the xml file is about 13 Mbytes) xmlstarlet crashes:
> -:2.10003842: xmlSAX2Characters: huge text node: out of memory

surely, forgt openvas with less then 3 GB RAM right from the start
___
Openvas-discuss mailing list
Openvas-discuss@wald.intevation.org
https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss


smime.p7s
Description: S/MIME cryptographic signature
___
Openvas-discuss mailing list
Openvas-discuss@wald.intevation.org
https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss

[Openvas-discuss] Strange error extracting reports

2017-02-20 Thread Ebert, Christian 
Hi,

 

Using OpenVAS 8 under Debian 8/9, all patches applied.

 

I try to export some reports using the built-in report format “CSV Results”

 

 omp --username=$USERNAME --password=$PASSWORD -iX "" >test.xml

 

Now I extract the report for further base64-decoding using:

 

xmlstarlet sel -t -v get_reports_response/report/text\(\) test1.xml

 

Normally it works.

 

But with huge reports (the xml file is about 13 Mbytes) xmlstarlet crashes:

 

-:2.10003842: xmlSAX2Characters: huge text node: out of memory

 

J1bm5pbmcgYXQgdGhpcyBwb3J0LgoKIFdpbmRvd3MgUmVtb3RlIE1hbmFnZW1lbnQgKFdpblJNKS
Bpcy

 
^

-:2.10003842: Extra content at the end of the document

J1bm5pbmcgYXQgdGhpcyBwb3J0LgoKIFdpbmRvd3MgUmVtb3RlIE1hbmFnZW1lbnQgKFdpblJNKS
Bpcy

 

Any ideas how to fix this?

 

I found a workaround:

Export the raw xml report, extract the xml subtree und run xsltproc using
the xslt-script of the report format “CSV Results”.

 

But this is still a workaround. It would be better, if OpenVAS could deliver
the report in a form, one can extract without a crash :-/

 

Best regards

 

Christian Ebert

Chief Security Analyst, CISM, T.I.S.P.

Head of Penetration Testing

 

QSC AG

Mathias-Brüggen-Straße 55

50829 Köln

 

T   +49 221 669-8950

F   +49 221 669-85950

M   +49 163 6698950

christian.eb...@qsc.de

http://  www.qsc.de 

 

Besuchen Sie auch unser Blog unter   http://blog.qsc.de


Bitte finden Sie hier die handelsrechtlichen Pflichtangaben:

  http://www.qsc.de/pflichtangaben

 



smime.p7s
Description: S/MIME cryptographic signature
___
Openvas-discuss mailing list
Openvas-discuss@wald.intevation.org
https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss

Re: [Openvas-discuss] Error in exporting result "preload" Missing in HSTS Header to CSV Results

2016-11-15 Thread Ebert, Christian 
Hi Michael,

great, thank you!

Best regards

Christian

-Ursprüngliche Nachricht-
Von: Openvas-discuss [mailto:openvas-discuss-boun...@wald.intevation.org] Im 
Auftrag von Michael Meyer
Gesendet: Dienstag, 15. November 2016 16:46
An: openvas-discuss@wald.intevation.org
Betreff: Re: [Openvas-discuss] Error in exporting result "preload" Missing in 
HSTS Header to CSV Results

*** Ebert, Christian wrote:

> 2)Substitute the " with ' in the NVT name

Done in r4523 using ` as workaround for the moment.

Micha

-- 
Michael Meyer  OpenPGP Key: 0xAF069E9152A6EFA6 
http://www.greenbone.net/
Greenbone Networks GmbH, Neuer Graben 17, 49074 Osnabrück | AG Osnabrück, HR B 
202460
Geschäftsführer: Lukas Grunwald, Dr. Jan-Oliver Wagner 
___
Openvas-discuss mailing list
Openvas-discuss@wald.intevation.org
https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss
___
Openvas-discuss mailing list
Openvas-discuss@wald.intevation.org
https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss

[Openvas-discuss] Error in exporting result "preload" Missing in HSTS Header to CSV Results

2016-11-15 Thread Ebert, Christian 
Hi,

we found a problem in OpenVAS 8, when we tried to get a CSV Results report from 
a scan containing a result with:

"preload" Missing in HSTS Header (OID: 1.3.6.1.4.1.25623.1.0.105878) 


The exported CSV looks as follows: (IP and hostname changed to protect the 
innocent :))

IP,Hostname,Port,Port Protocol,CVSS,Severity,Solution Type,NVT 
Name,Summary,Specific Result,NVT OID,CVEs,Task ID,Task Name,Timestamp,Result 
ID,Impact,Solution,Affected Software/OS,Vulnerability Insight,Vulnerability 
Detection Method,Product Detection Result,BIDs,CERTs,Other References
10.0.0.1,xyz.intern.qsc.de,443,tcp,0.0,Log,"Workaround",""preload" Missing in 
HSTS Header","The remote HTTPS Server is missing the 'preload' attribute in the 
HSTS header","HSTS Header: Strict-Transport-Security: max-age=15552000; 
includeSubDomains 
",1.3.6.1.4.1.25623.1.0.105878,"NOCVE",0418f60c-e949-4134-a102-66112f893593,"QSC-HAM-Trust-10.100.84.0/23",2016-11-08T08:39:58Z,151349c3-c62d-4be8-a599-04deee662dc6,"","Submit
 the domain to the 'HSTS preload list' and add the 'preload' attribute to the 
HSTS header","","","
Details:
""preload"" Missing in HSTS Header
(OID: 1.3.6.1.4.1.25623.1.0.105878)
Version used: $Revision: 3870 $
","","","",https://www.owasp.org/index.php/HTTP_Strict_Transport_Security_Cheat_Sheet,
 
https://hstspreload.appspot.com/

The word preload in the NVT Name is included in ("). Having a look into the 
source code of the corresponding XSLT-Script we found, that in the NVT name 
only singe-quotes (') are removed but not the (").

The resulting CSV therefore is syntactically not correct and crashes the import 
i.e. to MS-Access.

I suggest four ways of solving the issue:


1)Remove the " from the NVT name

2)Substitute the " with ' in the NVT name

3)Modify the XSLT-script to remove the ' from the NVT name too.

4)Modify the XSLT-script to substitute the " with "" in the NVT name

Any comments?

Best regards




Christian Ebert
Chief Security Analyst, CISM, T.I.S.P.
Head of Penetration Testing

QSC AG
Mathias-Brüggen-Straße 55
50829 Köln

T   +49 221 669-8950
F   +49 221 669-85950
M   +49 163 6698950
christian.eb...@qsc.de
http://www.qsc.de

Besuchen Sie auch unser Blog unter http://blog.qsc.de
Bitte finden Sie hier die handelsrechtlichen Pflichtangaben:
http://www.qsc.de/pflichtangaben

___
Openvas-discuss mailing list
Openvas-discuss@wald.intevation.org
https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss

Re: [Openvas-discuss] Scans in slave-mode - permission problem?

2016-11-04 Thread Ebert, Christian 
Hi!

Thank you for the quick response.
openvasmd on the slave is already listening on any ip-address and is reachable 
from the master.
The setup works correctly in single user mode, when slave, target and task 
added by the same user.

But we want to use the setup with multiple users ("admins") in our team and we 
are not sure how to set the right permissions.

Kind regards

Christian Ebert

Von: Thijs Stuurman [mailto:thijs.stuur...@internedservices.nl]
Gesendet: Freitag, 4. November 2016 11:52
An: openvas-discuss@wald.intevation.org
Cc: Ebert, Christian
Betreff: RE: Scans in slave-mode - permission problem?

So basically, your slave does not start any job and the master hangs on the 
Request status.

I don't think it's a credential issue but rather firewalling?
I use slaves as such:


· Openvasmd listens on 0.0.0.0:9390 with iptables allowing access to 
that port using TCP from the master

· Master has Slave configured

o   IP address

o   Port 9390

o   Username and password configured (I created a 'slave' user with: "openvasmd 
--create-user=slave --role=Admin && openvasmd --user=slave --new-password=XXX")

Works like a charm here.
Only downside I found is that if the master process stops (openvas restart or 
something alike) while a job still runs on a slave.. it doesn't resume its 
status.

Does this help you?


Thijs Stuurman
Security Operations Center
PGP Key-ID: 0x16ADC048
Fingerprint: 2EDB 9B42 D6E8 7D4B 6E02 8BE5 6D46 8007 16AD C048

Internedservices - a KPN Company
Wielingenstraat 8 | 1441 ZR Purmerend | The Netherlands
T: +31(0)299476185 | M: +31(0)624366778
W: https://www.internedservices.nl<https://www.internedservices.nl/> | L: 
http://nl.linkedin.com/in/thijsstuurman

Van: Openvas-discuss [mailto:openvas-discuss-boun...@wald.intevation.org] 
Namens Ebert, Christian
Verzonden: Friday, November 4, 2016 10:57 AM
Aan: 
openvas-discuss@wald.intevation.org<mailto:openvas-discuss@wald.intevation.org>
Onderwerp: [Openvas-discuss] Scans in slave-mode - permission problem?

Hi everybody!

We have got some trouble with scans in slave-mode.

We have two Debian 8.6 systems with OpenVAS 8.0 installed and want to scan some 
targets in slave mode. In preparation we added the slave system with user 
"master".

Following situation:
User A (role Admin) creates a target "T1" (no credentials for authenticated 
checks) in system-1.
User B (role Admin) creates a task "T2" with target "T1" (-> owner user A) in 
system-1 using slave system-2.
User B starts task "T2" but the task hangs in status "requested". No job starts 
in system-2.

System-1 (Master):
openvasmd.log
event target:MESSAGE:2016-11-02 16h22.00 CET:1457: Target T1 has been created 
by A
event task:MESSAGE:2016-11-02 15h23.24 UTC:1463: Status of task  T2 has changed 
to New
event task:MESSAGE:2016-11-02 15h23.24 UTC:1463: Task T2 has been created by B
event task:MESSAGE:2016-11-02 15h24.13 UTC:1465: Status of task T2 has changed 
to Requested
event task:MESSAGE:2016-11-02 15h24.13 UTC:1465: Task T2 has been requested to 
start by B

System-2 (Slave):
openvasmd.log
event lsc_credential:MESSAGE:2016-11-02 15h24.13 UTC:15193: LSC Credential 
(null) could not be deleted by master
event lsc_credential:MESSAGE:2016-11-02 15h24.13 UTC:15193: LSC Credential 
(null) could not be deleted by master
event lsc_credential:MESSAGE:2016-11-02 15h24.13 UTC:15193: LSC Credential 
(null) could not be deleted by master
event lsc_credential:MESSAGE:2016-11-02 15h24.38 UTC:15194: LSC Credential 
(null) could not be deleted by master
event lsc_credential:MESSAGE:2016-11-02 15h24.38 UTC:15194: LSC Credential 
(null) could not be deleted by master
event lsc_credential:MESSAGE:2016-11-02 15h24.38 UTC:15194: LSC Credential 
(null) could not be deleted by master


We did some research:
Everything works fine when there is no usage of a slave-system (scanner = 
system-1).
Everything works fine when user A creates the target T1 and task T2 and also 
start this task by using the slave system-2.


Has anyone got an idea?
Could you verify this problem? Is the error related to user permissions?

Thank you & kind regards.


Christian Ebert
Chief Security Analyst, CISM, T.I.S.P.
Head of Penetration Testing

QSC AG
Mathias-Brüggen-Straße 55
50829 Köln

T   +49 221 669-8950
F   +49 221 669-85950
M   +49 163 6698950
christian.eb...@qsc.de
http://www.qsc.de<http://www.qsc.de/>

Besuchen Sie auch unser Blog unter http://blog.qsc.de<http://blog.qsc.de/>
Bitte finden Sie hier die handelsrechtlichen Pflichtangaben:
http://www.qsc.de/pflichtangaben

___
Openvas-discuss mailing list
Openvas-discuss@wald.intevation.org
https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss

[Openvas-discuss] Scans in slave-mode - permission problem?

2016-11-04 Thread Ebert, Christian 
Hi everybody!

We have got some trouble with scans in slave-mode.

We have two Debian 8.6 systems with OpenVAS 8.0 installed and want to scan some 
targets in slave mode. In preparation we added the slave system with user 
"master".

Following situation:
User A (role Admin) creates a target "T1" (no credentials for authenticated 
checks) in system-1.
User B (role Admin) creates a task "T2" with target "T1" (-> owner user A) in 
system-1 using slave system-2.
User B starts task "T2" but the task hangs in status "requested". No job starts 
in system-2.

System-1 (Master):
openvasmd.log
event target:MESSAGE:2016-11-02 16h22.00 CET:1457: Target T1 has been created 
by A
event task:MESSAGE:2016-11-02 15h23.24 UTC:1463: Status of task  T2 has changed 
to New
event task:MESSAGE:2016-11-02 15h23.24 UTC:1463: Task T2 has been created by B
event task:MESSAGE:2016-11-02 15h24.13 UTC:1465: Status of task T2 has changed 
to Requested
event task:MESSAGE:2016-11-02 15h24.13 UTC:1465: Task T2 has been requested to 
start by B

System-2 (Slave):
openvasmd.log
event lsc_credential:MESSAGE:2016-11-02 15h24.13 UTC:15193: LSC Credential 
(null) could not be deleted by master
event lsc_credential:MESSAGE:2016-11-02 15h24.13 UTC:15193: LSC Credential 
(null) could not be deleted by master
event lsc_credential:MESSAGE:2016-11-02 15h24.13 UTC:15193: LSC Credential 
(null) could not be deleted by master
event lsc_credential:MESSAGE:2016-11-02 15h24.38 UTC:15194: LSC Credential 
(null) could not be deleted by master
event lsc_credential:MESSAGE:2016-11-02 15h24.38 UTC:15194: LSC Credential 
(null) could not be deleted by master
event lsc_credential:MESSAGE:2016-11-02 15h24.38 UTC:15194: LSC Credential 
(null) could not be deleted by master


We did some research:
Everything works fine when there is no usage of a slave-system (scanner = 
system-1).
Everything works fine when user A creates the target T1 and task T2 and also 
start this task by using the slave system-2.


Has anyone got an idea?
Could you verify this problem? Is the error related to user permissions?

Thank you & kind regards.


Christian Ebert
Chief Security Analyst, CISM, T.I.S.P.
Head of Penetration Testing

QSC AG
Mathias-Brüggen-Straße 55
50829 Köln

T   +49 221 669-8950
F   +49 221 669-85950
M   +49 163 6698950
christian.eb...@qsc.de
http://www.qsc.de

Besuchen Sie auch unser Blog unter http://blog.qsc.de
Bitte finden Sie hier die handelsrechtlichen Pflichtangaben:
http://www.qsc.de/pflichtangaben

___
Openvas-discuss mailing list
Openvas-discuss@wald.intevation.org
https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss

Re: [Openvas-discuss] Custom report formats in openvas

2016-10-18 Thread Ebert, Christian 
Hi,

I’m using a modified version of the original HTML roport format, sorted by 
vulnerability instead of hosts.

But finally I could solve the problems.

What kind of report did you use? Did you solve your problems? Maybe I could 
give some hints.

Best regards

Christian

Von: Fábio Fernandes [mailto:fabiogfernan...@gmail.com]
Gesendet: Donnerstag, 13. Oktober 2016 18:13
An: Ebert, Christian
Cc: openvas-discuss@wald.intevation.org
Betreff: Re: [Openvas-discuss] Custom report formats in openvas

I had some problems importing report formats too. Can you tell what is the 
report format you are using?

Fabio

No dia 13/10/2016, às 15:45, Ebert, Christian 
<christian.eb...@qsc.de<mailto:christian.eb...@qsc.de>> escreveu:

Hi everyone,

did anybody manage to create and install custom report formats in OpenVAS 8.0?

I’m completely lost.

I followed the instructions in:

https://svn.wald.intevation.org/svn/openvas/trunk/openvas-manager/doc/report-format-HOWTO

and

http://www.openvas.org/trusted-nvts.html

The report gets installed, but it is not flagged as trusted. I can activate it, 
but the report_format does not appear in the drop-down box, when selecting a 
report format.

Please help!

TIA

Christian Ebert
Chief Security Analyst, CISM, T.I.S.P.
Head of Penetration Testing

QSC AG
Mathias-Brüggen-Straße 55
50829 Köln

T   +49 221 669-8950
F   +49 221 669-85950
M   +49 163 6698950
christian.eb...@qsc.de
http://www.qsc.de<http://www.qsc.de/>

Besuchen Sie auch unser Blog unter http://blog.qsc.de<http://blog.qsc.de/>
Bitte finden Sie hier die handelsrechtlichen Pflichtangaben:
http://www.qsc.de/pflichtangaben

___
Openvas-discuss mailing list
Openvas-discuss@wald.intevation.org<mailto:Openvas-discuss@wald.intevation.org>
https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss

___
Openvas-discuss mailing list
Openvas-discuss@wald.intevation.org
https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss

[Openvas-discuss] Custom report formats in openvas

2016-10-13 Thread Ebert, Christian 
Hi everyone,

did anybody manage to create and install custom report formats in OpenVAS 8.0?

I'm completely lost.

I followed the instructions in:

https://svn.wald.intevation.org/svn/openvas/trunk/openvas-manager/doc/report-format-HOWTO

and

http://www.openvas.org/trusted-nvts.html

The report gets installed, but it is not flagged as trusted. I can activate it, 
but the report_format does not appear in the drop-down box, when selecting a 
report format.

Please help!

TIA

Christian Ebert
Chief Security Analyst, CISM, T.I.S.P.
Head of Penetration Testing

QSC AG
Mathias-Brüggen-Straße 55
50829 Köln

T   +49 221 669-8950
F   +49 221 669-85950
M   +49 163 6698950
christian.eb...@qsc.de
http://www.qsc.de

Besuchen Sie auch unser Blog unter http://blog.qsc.de
Bitte finden Sie hier die handelsrechtlichen Pflichtangaben:
http://www.qsc.de/pflichtangaben

___
Openvas-discuss mailing list
Openvas-discuss@wald.intevation.org
https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss