Re: [Openvas-discuss] Setting up OPENVAS

2017-09-25 Thread Fábio Fernandes 
It seems like you are clueless about what a vulnerability scanning setup is
like.
You can install OpenVAS where you want. In you Windows 10 by using dual
boot or VM software, in your CentOS machine, or inside your clients
network.
About credentials you don't necessarly need them for vulnerability testing
unless you wan't to perform credentialed scans.

About the Greenbone page i doubt the page credentials give you access to an
OpenVAS instance.

The precision and performance of your scan will depend on the network
connection between your OpenVAS installation machine and your scan target.

For example if you have OpenVAS on your CentOS machine and scan one of your
clients machines you will be testing it's external exposure to
vulnerabilities. If you want to test internal exposure you will need an
OpenVAS instance inside the client's network to reach its internal
interfaces. The quality of the connection will play a part in the precision
and performance of the scanner. The better the connection faster the scan
will be and it increases the probability of better results.

In terms of access the scan can use credentials or not. If you don't have
credentials the results will be based on the behaviour of the target
responses. With credentials the scanner can access the machine from a user
perspective and have access to more detailed information (OS version,
installed software, etc.) and this will increase the scanner precision
(better results with less false positives). These credentials don't need to
be root and probably shouldn't be.

The choices you make about the options i presented later should consider
the objectives of the scan and the level of access given. Also keep in mind
that the scans have an impact on the network and target machine performance
so schedule the scans wisely to minimize impact.

Fabio

Em 25/09/2017 07:35, "David B"  escreveu:

> I have watched the video about setting up - /gos-3.1
>
> I have some pretty basic questions ...
>
> I am based in London, UK using a pc running windows 10 and I use
> a dedicated linux server in the US which runs CentOS Linux 6.9
>
> I would like to check the vulnerability of this US server and also
> check vulnerabilities of other servers for my clients.
>
> I am new to this and I am not sure what I am doing !!
>
> Obviously I can login to my own server which is running WebMin and
> VirtualMin so I don't need to use Putty. ( Although I can follow your
> instructions on the video ) I can just use the command shell
>
> However - if I want to check the vulnerability of a clients server do I
> need there root login details ?
>
> That can't be right ?
>
> I think I am missing something ... am I supposed to set up the OpenVAS on
> my linux server ( the one in the US ) ? Is that for checking only itself or
> for checking client IPs ?
>
> Why do I need to install it on my server - if there is an online login on
> the GreenBone.net site ?
>
> Do I need to install the OPENVAS under a virtual server and then run it
> from a url address ?
>
> I am someone can give me some guidance.
> Many thanks.
> Dave
>
> Thanks
> David Bird
>
> ___
> Openvas-discuss mailing list
> Openvas-discuss@wald.intevation.org
> https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss
>
___
Openvas-discuss mailing list
Openvas-discuss@wald.intevation.org
https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss

Re: [Openvas-discuss] Openvas Help

2017-09-21 Thread Fábio Fernandes 
1. New NVT are added weekly to the feed so new vulnerabilities can be detected. 
In some scans some NVTs can fail to detect vulnerabilities because of network 
conditions, problems with a target, etc.
2. I think nobody can help you without some more information about the bug, 
daemon error and OpenVAS version.
3. Some scans can take a lot of time because of network or scan target machine 
problems. Try to understand what is happening. Check processes running at the 
time, use log_whole_attack option in the scan configs.
4. OpenVAS Manager exposes an extensive API using the OMP protocol explained in 
http://openvas.org/protocol-doc.html . I 
see you mailed python developers list there are several clients for several 
languages.

Fabio

> No dia 20/09/2017, às 10:53, Heena Thacker  escreveu:
> 
> Can you help?
>   <>
> From: Heena Thacker 
> Sent: 20 September 2017 03:16 PM
> To: 'mailman-develop...@python.org ' 
> >
> Subject: Openvas Help
>  
> Dear Sir/Madam,
>  
> We need some Openvas support. There is no documentation help available. Can 
> you please advise?
>  
> We have made configuration as mentioned in Openvas site and seems to be setup 
> perfectly, but I need some help with these issues:
>  
> When we run scan on Openvas , everyday the same task runs, there has been no 
> change in site though the severity differs.
> From recent month there is bug listed on Openvas site, scan doesn’t run 
> somehow, its now running everyday but when I open Greenbone there is some 
> daemon error, which never came before. Is there any solution for this?
> Sometimes scan takes a long time , sometime stops at some %. Is there any 
> reason behind that?
> If there is any API from which we can fetch data quickly?
>  
>  
> Thanks in advance,
>  
> Heena Thacker
> Technical Leader – TDG
> The information contained in this communication is confidential, may be 
> privileged and is for the exclusive use of the above named addressee. If you 
> are not the intended recipient, you are expressly prohibited from copying, 
> distributing, or in any other way using any of the information contained 
> within this communication. Any views or opinions expressed are solely those 
> of the author and do not necessarily represent those of Turrem Data Group 
> Limited. All reasonable precautions have been taken to ensure no viruses are 
> present in this E-mail. Turrem Data Group Limited cannot accept 
> responsibility for loss or damage arising from the use of this E-mail or 
> attachments, we recommend that you subject these to your virus checking 
> procedures prior to use. ___
> Openvas-discuss mailing list
> Openvas-discuss@wald.intevation.org 
> 
> https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss 
> 
___
Openvas-discuss mailing list
Openvas-discuss@wald.intevation.org
https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss

Re: [Openvas-discuss] Slow scans

2017-09-16 Thread Fábio Fernandes 
In my experience generally there are 2 things that slow a scan in OpenVAS. 
Portscanning with nmap and in the vulnerability scanning some NVTs that can 
hang. There 2 ways to find out what is happening. In a scan use the scan option 
log_whole_attack and check openvassd.messages.log to see how much time 
individual NVT take to run. The other way is to watch the processes related to 
OpenVAS running.
If it is portscanning you need to adjust nmap timing parameters, in my opinion 
by the default they are too permissive. In the NVTs you can configure a 
parameter in the scan config to limit the maximum time an NVT can run.
Remember that reducing adjusting this parameters can have an impact of the 
precision of the scan and by consequence of the results. In the end its a 
choice Performance vs Precision.

Fabio.

> No dia 01/09/2017, às 15:56, Neeraj Shah  
> escreveu:
> 
> Gentleman, Can anybody advice how to fix slow scan issues ? I know this is a 
> generic question and there can be many reasons for it.  Is there any 
> parameter or config that needs to tweaked on the OPENVAS server to fasten 
> things up ?
> 
> I am running un-authenticated FULL and FAST scans.  One of the scans wherein 
> i had defined 3 ip-addresses of my HOSTS as Target took around 4 hours to 
> complete.  On the other scan, i had defined a /24 network range as TARGET.  
> It took 22 hours to complete even though there are only 12 hosts in that 
> network.
> 
> Are there any log files on OPENVAS side to debug ?
> 
> 
> Thanks in advance
> Neeraj Shah,  
> 
> ___
> Openvas-discuss mailing list
> Openvas-discuss@wald.intevation.org
> https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss

___
Openvas-discuss mailing list
Openvas-discuss@wald.intevation.org
https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss

Re: [Openvas-discuss] best methods of disabling / blacklisting stuck NVTs

2017-07-22 Thread Fábio Fernandes 
About the nmap NVT the simple answer is to reduce the number of ports tested. 
The more complex answer is to understand how nmap works, specially the type of 
TCP scan and the timing and performance parameters (go to the site  Nmap 
Reference Guide and see chapters Port Scanning Techniques and Timing and 
Performance). I use OpenVAS 8 and by default the nmap NVT has very loose timing 
parameters with in a network with firewalls can generate scans with long 
durations. I would check the configs TCP scan method and Timing template. As 
for the ports tested in my opinion that depends on general knowledge and the 
type of servers you are testing in the network. For example you should check 
ports with well known services and malware but you can skip those used by very 
specific services that are not used by the machines in your network. This 
depends on the knowledge you have on the network and on the importance and 
exposure of the servers tested.

About blacklisting NVTs i think that it is always a manual process, remember 
that you have a way to limit the NVT execution time. The default is 5 minutes i 
think.

Fabio

> No dia 22/07/2017, às 01:13, Matthew Hall  escreveu:
> 
> Hello,
> 
> Is there a simpler, or more elegant way to disable or blacklist certain NVTs 
> using the file system or the OMP Protocol commands or flags / settings on a 
> scan?
> 
> I am trying to disable a few NVTs which are getting "stuck" during my scans, 
> without having to try and totally rebuild the 'Full and fast ultimate' or 
> other various scan profiles over some tiny number of glitchy NVTs.
> 
> Also, is there anything you can do to speed up the run time of 
> /var/lib/openvas/plugins/nmap.nasl without missing too much important stuff? 
> Some of these various items take a really long time even in my small subnet, 
> so I'm trying to see how I can make this process more efficient. If anybody 
> has some data or docs I should read about optimizing the scan performance, 
> that 
> would be a huge help.
> 
> Thanks,
> Matthew.
> ___
> Openvas-discuss mailing list
> Openvas-discuss@wald.intevation.org
> https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss

___
Openvas-discuss mailing list
Openvas-discuss@wald.intevation.org
https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss

Re: [Openvas-discuss] empty reports with OpenVAS 9

2017-07-05 Thread Fábio Fernandes 

> No dia 05/07/2017, às 12:52, Dave Holland <d...@sanger.ac.uk> escreveu:
> 
> Hello Fabio,
> 
> thanks for your email. I confirmed that the OpenVAS machine does have
> ping/ssh connectivity to the test target. nmap is installed. It's
> version 7.01 which openvas-check-setup complains about; but I do see the
> spray of packets and replies when the test runs, so it seems to be
> functional.
> 
> In Configuration -> Scan Configs, "Full and very deep" is listed with 0
> familes and 0 NVTs; but when I click into it, I see "53928 of 53943
> in selected families" so that seems OK.

Strange behavior but if it works. After the restart is the "Full and very deep” 
still listed with 0 families and 0 NVTs?

> 
> There was no openvassd.conf so I created /etc/openvas/openvassd.conf
> containing just "log_whole_attack = yes" and after restarting the
> scanner daemon, I'm now getting reports for vulnerabilities. Thanks!
> 
> Seems like that configuration file should have been created by the
> package installer if its presence is necessary?
> 

I’m not 100% sure but i think the scanner can run without this config but if 
it’s existence makes it work then you better leave it. Remember that logging 
the whole attack for lots of targets consumes a lot of space so be careful.



Fábio

> Cheers,
> Dave
> 
> 
> On Mon, Jul 03, 2017 at 08:00:13PM +0100, Fábio Fernandes wrote:
>> First check if you have conectivity to the host from the OpenVAS
>> Scanner machine (ping, telnet a known open port, etc.)
>> Then check if you have nmap installed.
>> If that is ok check if the NVTs installed are ok by checking how many
>> NVTs Full and very deep config is using on the Scan config menu.
>> If the number is between 4 and 5 then it is ok.
>> If that is ok then activate scan nvt execution logs by activating it
>> in the openvassd.conf (the path depends on the installation and
>> distro) and in the Full and very deep config. I think that for both
>> the option is log_whole_attack and check the results.
>> Fabio
>> 
>> Em 03/07/2017 14:39, "Dave Holland" <[1]d...@sanger.ac.uk> escreveu:
>> 
>>  I'm trying out OpenVAS 9 (on Ubuntu Xenial; installed from the
>>  PPA) and
>>  I can't get any reports out of it. When I run a scan, tcpdump
>>  shows
>>  packets going to/from the target machine, but the result is
>>  always:
>>>> The report is empty. This can happen for the following reasons:
>>>> The target hosts could be regarded dead.
>>  The target machine allows ping and has port 22 open. I've set the
>>  alive
>>  test to "ICMP ping" and "Consider alive", no difference in
>>  behaviour.
>>  I checked that redis has the "save 900 1" line commented out as
>>  suggested elsewhere in the mailing list archives; and redis is
>>  running
>>  OK.
>>  The openvassd.messages log messages show nothing obviously
>>  unusual:
>>  [Mon Jul  3 13:09:10 2017][4400] Starts a new scan. Target(s) :
>>  172.27.88.182, with max_hosts = 20 and max_checks = 4
>>  [Mon Jul  3 13:09:10 2017][4400] exclude_hosts: Skipped 0 host(s).
>>  [Mon Jul  3 13:09:10 2017][4400] source_iface: Using eth0
>>  (172.30.17.111 / fe80::8faf:6dcf:d449:fe9a).
>>  [Mon Jul  3 13:09:10 2017][4400] Testing 172.27.88.182
>>  (172.27.88.182) [4512]
>>  [Mon Jul  3 13:09:10 2017][4512] Finished testing 172.27.88.182.
>>  Time : 0.51 secs
>>  [Mon Jul  3 13:09:10 2017][4400] Test complete
>>  [Mon Jul  3 13:09:10 2017][4400] Total time to scan all hosts : 9
>>  seconds
>>  And openvasmd.log:
>>  event task:MESSAGE:2017-07-03 13h09.00 UTC:4399: Status of task
>>  172.27.88.182 full and very deep (8b0a210b-3fce-4efe-9a91-
>>  4ce48ee0b407) has changed to Requested
>>  event task:MESSAGE:2017-07-03 13h09.00 UTC:4399: Task
>>  172.27.88.182 full and very deep (8b0a210b-3fce-4efe-9a91-
>>  4ce48ee0b407) has been requested to start by admin
>>  md manage:   INFO:2017-07-03 13h09.01 UTC:4402:
>>  nvt_selector_plugins: NVTs not explicitly activated anymore for
>>  this config: 1.3.6.1.4.1.25623.1.0.10265;1.
>>  3.6.1.4.1.25623.1.0.103914;1.3.6.1.4.1.25623.1.0.103978;1.
>>  3.6.1.4.1.25623.1.0.95888;1.3.6.1.4.1.25623.1.0.12241;1.3.6.
>>  1.4.1.25623.1.0.11933;1.3.6.1.4.1.25623.1.0.103416;1.3.6.1.
>>  4.1.25623.1.0.12288;1.3.6.1.4.1.25623.1.0.80010;1.3.6.1.4.1.
>>  25623.1.0.810010;1.3.6.1.4.1.25623.1.0.10870;1.3.6.1.4.1.
>>  25623.1.0.80011;1.3.6.1.4.1.25623.1.0.103585;1.3.6.1.4.1.
>>  25623.1.0.103697;1.3.6.1.4.1.25623.1.0.100509;1.3.6.1.4.1.
>&g

Re: [Openvas-discuss] empty reports with OpenVAS 9

2017-07-03 Thread Fábio Fernandes 
First check if you have conectivity to the host from the OpenVAS Scanner
machine (ping, telnet a known open port, etc.)

Then check if you have nmap installed.

If that is ok check if the NVTs installed are ok by checking how many NVTs
Full and very deep config is using on the Scan config menu.
If the number is between 4 and 5 then it is ok.

If that is ok then activate scan nvt execution logs by activating it in the
openvassd.conf (the path depends on the installation and distro) and in the
Full and very deep config. I think that for both the option is
log_whole_attack and check the results.

Fabio

Em 03/07/2017 14:39, "Dave Holland"  escreveu:

> I'm trying out OpenVAS 9 (on Ubuntu Xenial; installed from the PPA) and
> I can't get any reports out of it. When I run a scan, tcpdump shows
> packets going to/from the target machine, but the result is always:
>
> >> The report is empty. This can happen for the following reasons:
> >> The target hosts could be regarded dead.
>
> The target machine allows ping and has port 22 open. I've set the alive
> test to "ICMP ping" and "Consider alive", no difference in behaviour.
>
> I checked that redis has the "save 900 1" line commented out as
> suggested elsewhere in the mailing list archives; and redis is running
> OK.
>
> The openvassd.messages log messages show nothing obviously unusual:
>
> [Mon Jul  3 13:09:10 2017][4400] Starts a new scan. Target(s) :
> 172.27.88.182, with max_hosts = 20 and max_checks = 4
> [Mon Jul  3 13:09:10 2017][4400] exclude_hosts: Skipped 0 host(s).
> [Mon Jul  3 13:09:10 2017][4400] source_iface: Using eth0 (172.30.17.111 /
> fe80::8faf:6dcf:d449:fe9a).
> [Mon Jul  3 13:09:10 2017][4400] Testing 172.27.88.182 (172.27.88.182)
> [4512]
> [Mon Jul  3 13:09:10 2017][4512] Finished testing 172.27.88.182. Time :
> 0.51 secs
> [Mon Jul  3 13:09:10 2017][4400] Test complete
> [Mon Jul  3 13:09:10 2017][4400] Total time to scan all hosts : 9 seconds
>
> And openvasmd.log:
>
> event task:MESSAGE:2017-07-03 13h09.00 UTC:4399: Status of task
> 172.27.88.182 full and very deep (8b0a210b-3fce-4efe-9a91-4ce48ee0b407)
> has changed to Requested
> event task:MESSAGE:2017-07-03 13h09.00 UTC:4399: Task 172.27.88.182 full
> and very deep (8b0a210b-3fce-4efe-9a91-4ce48ee0b407) has been requested
> to start by admin
> md manage:   INFO:2017-07-03 13h09.01 UTC:4402: nvt_selector_plugins: NVTs
> not explicitly activated anymore for this config:
> 1.3.6.1.4.1.25623.1.0.10265;1.3.6.1.4.1.25623.1.0.103914;1.
> 3.6.1.4.1.25623.1.0.103978;1.3.6.1.4.1.25623.1.0.95888;1.3.
> 6.1.4.1.25623.1.0.12241;1.3.6.1.4.1.25623.1.0.11933;1.3.6.1.
> 4.1.25623.1.0.103416;1.3.6.1.4.1.25623.1.0.12288;1.3.6.1.4.
> 1.25623.1.0.80010;1.3.6.1.4.1.25623.1.0.810010;1.3.6.1.4.1.
> 25623.1.0.10870;1.3.6.1.4.1.25623.1.0.80011;1.3.6.1.4.1.
> 25623.1.0.103585;1.3.6.1.4.1.25623.1.0.103697;1.3.6.1.4.1.
> 25623.1.0.100509;1.3.6.1.4.1.25623.1.0.80104;1.3.6.1.4.1.
> 25623.1.0.80086;1.3.6.1.4.1.25623.1.0.900238;. Please adjust the config
> if you think this is wrong.
> event task:MESSAGE:2017-07-03 13h09.02 UTC:4402: Status of task
> 172.27.88.182 full and very deep (8b0a210b-3fce-4efe-9a91-4ce48ee0b407)
> has changed to Running
> event task:MESSAGE:2017-07-03 13h09.11 UTC:4402: Status of task
> 172.27.88.182 full and very deep (8b0a210b-3fce-4efe-9a91-4ce48ee0b407)
> has changed to Done
>
> What can I do to get more debug information? Or can anyone suggest a
> cause?
>
> thanks,
> Dave
> --
> ** Dave Holland ** Systems Support -- Informatics Systems Group **
> ** 01223 496923 ** The Sanger Institute, Hinxton, Cambridge, UK **
>
>
> --
>  The Wellcome Trust Sanger Institute is operated by Genome Research
>  Limited, a charity registered in England with number 1021457 and a
>  company registered in England with number 2742969, whose registered
>  office is 215 Euston Road, London, NW1 2BE.
> ___
> Openvas-discuss mailing list
> Openvas-discuss@wald.intevation.org
> https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss
>
___
Openvas-discuss mailing list
Openvas-discuss@wald.intevation.org
https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss

Re: [Openvas-discuss] Custom scan configs don't run as expected

2017-05-21 Thread Fábio Fernandes 
All scans need host discovery and port scan plugins. Only then the web
plugins will run.

Fabio

Em 20/05/2017 23:38, "Michael Helwig" 
escreveu:

> Hi,
>
> I'm trying to do a web vulnerability only scan with OpenVas.
> I'm creating my target, then a scan config where only the family "Web
> application abuses" is selected. This is currently 4505 scripts that are
> shown in my custom scan config correctly.
> I'm cloning my custom scan config from the "empty" template, which seems
> to be important.
>
> The scan starts but it ends after 1-2 Minutes without a result besides a
> single "Log" showing that it resolved the hostname correctly but failed
> at OS detection.
>
> When listing processes during the scan I can see the only thing OpenVas
> does is:
>
>427 ?Ss 0:11 openvassd: Serving /var/run/openvassd.sock
>428 ?S  0:00 openvasmd: OTP: Handling scan XXX
>435 ?R  1:33 openvassd: testing XXX.XXX.XXX.XXX
>452 ?S  0:10 openvassd: testing XXX.XXX.XXX.XXX
> (/var/lib/openvas/plugins/os_fingerprint.nasl)
>453 ?S  0:00 openvassd: testing XXX.XXX.XXX.XXX
> (/var/lib/openvas/plugins/ssh_authorization.nasl)
>454 ?S  0:00 openvassd: testing XXX.XXX.XXX.XXX
> (/var/lib/openvas/plugins/netbios_name_get.nasl)
>
> It basically runs these scripts and then exits. No other scripts seem to
> be executed during the scan, the list doesn't seem to change.
>
> The same happens on other scan templates in a little different manner.
> When I try to conduct only an FTP-Family scan (cloned from the empty
> template) OpenVas again only does a host OS check (unsuccessfull, also
> running /var/lib/openvas/plugins/os_fingerprint.nasl) and nothing more.
>
> Other preconfigured scans like "Full and fast" run without problems.
>
> When I clone my custom scan template from the "Full and fast" config and
> deselect every family besides the "Web application abuses" checkbox,
> something seems to run. But there are still more tests then I asked for.
> Since when I deselect a family from which "3477 from 3478" tests are
> included the 3477 tests do not get deselected when deselecting the
> family and I really don't want to deselect each of those manually. So
> this doesn't help me either (and seems to be a problem of the GUI).
>
> What's going on here? How can I configure my scans correctly and, for
> example, do a "web application abuses" only scan?
>
> I'm using OpenVas on Kali but I could reproduce the problem with a
> docker image of the current OpenVas version in an Ubuntu environment. So
> it doesn't seem related to my setup.
>
> I didn't find any help in the documentation, if I missed something,
> please point me to it.
>
> Thanks!
>
> Michael
>
> ___
> Openvas-discuss mailing list
> Openvas-discuss@wald.intevation.org
> https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss
>
___
Openvas-discuss mailing list
Openvas-discuss@wald.intevation.org
https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss

Re: [Openvas-discuss] Special Thanks to Author of "SMBv1 Unspecified Remote Code Execution (Shadow Brokers)"

2017-05-15 Thread Fábio Fernandes 
Indeed. Job well done Greenbone and OpenVAS community.

Fabio

Em 15/05/2017 17:14, "Matt Koivisto" 
escreveu:

> Perhaps off topic, but given the current world-wide scramble to patch
> windows systems to reduce the spread of "WannaCry", I wanted to take a
> minute to publicly thank the author and decision makers around adding the
> "SMBv1 Unspecified Remote Code Execution (Shadow Brokers)" .nasl to the
> openvas scan feed way back in February.
>
> They had the foresight to the seriousness of what was, the at that time,
> an unknown/unpatched vulnerability, and created a .nasl that was a cvss
> score of 10 for simply having SMBv1 enabled. At least for myself, when I
> saw them occurring in my network, thought that was over-aggressive. After
> MS delivered a patch in March, the .nasl didn't clear obviously, and my
> opinion was re-enforced, believing now it was simply noisy. I was clearly
> wrong. I have no visibility into any of the decision making behind the
> scenes at greenbone, but clearly you guys are doing it right!
>
> Thanks again, from myself, and on behalf of all openvas users around the
> world!
>
> This e-mail may contain information that is privileged or confidential. If
> you are not the intended recipient, please delete the e-mail and any
> attachments and notify us immediately.
> ___
> Openvas-discuss mailing list
> Openvas-discuss@wald.intevation.org
> https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss
>
___
Openvas-discuss mailing list
Openvas-discuss@wald.intevation.org
https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss

Re: [Openvas-discuss] modifying which target belongs to a task

2017-04-24 Thread Fábio Fernandes 
It doesn’t seem possible to change the target with omp. There is no attribute 
in the modify_task command.

Fabio

> No dia 20/04/2017, às 13:52, Niklas Klein  escreveu:
> 
> Hello,
> 
> I am trying to change the target which belongs to a task via omp. But in the 
> documentation 
> (http://docs.greenbone.net/API/OMP/omp-6.0.html#command_modify_task 
> ) i 
> cannot find an entry for the target under "modify_task". I already marked the 
> target "alterable" and I can change the target in the webgui, but not via omp 
> (already tried some comments e.g.: ... -iX ' task_id="10d225ab-dddc-4721-9e6b-e421f3618d50">'7864e635-6ebc-4ca6-a9c8-7f948818f054'
>  response is: "Bogus element: target_id")
> 
> I am using OpenVAS 8. Any suggestions?
> 
> Thanks in advance,
> 
> Niklas
> ___
> Openvas-discuss mailing list
> Openvas-discuss@wald.intevation.org
> https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss

___
Openvas-discuss mailing list
Openvas-discuss@wald.intevation.org
https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss

Re: [Openvas-discuss] Scan is not starting

2017-02-13 Thread Fábio Fernandes 
Also the output from ‘ps aux | grep openvas’. If it is the problem described in 
the links sent before then maybe you need to try again to restart OpenVAS redis 
db.

Fábio

> No dia 13/02/2017, às 17:48, Eero Volotinen  escreveu:
> 
> yes, send the openvas logs, not the check setup log.
> 
> try starting the scan and then send logs from openvas.
> 
> 
> 
> Eero
> 
> 13.2.2017 7.42 ip. "Firuz Dumlupinar - Vendor"  > kirjoitti:
> I have given the attached log before. Attaching again. Do you want me to send 
> any other logs? Please let me know.
> 
> Thanks,
> 
>  
> 
> Firuz
> 
>  
> 
>  
> 
> From: > on 
> behalf of Eero Volotinen  >
> Date: Sunday, February 12, 2017 at 12:23 AM
> To: Firuz Dumlupinar - Vendor  >
> Cc: "openvas-discuss@wald.intevation.org 
> " 
>  >, Christian Fischer 
> >
> Subject: Re: [Openvas-discuss] Scan is not starting
> 
>  
> 
> How about dumping logs to the pastebin? My crystall ball is broken at this 
> moment.
> 
>  
> 
> You could also try installin centos 7 and installin openvas from atomic corp 
> repository.
> 
>  
> 
> --
> 
> Eero
> 
>  
> 
> 2017-02-12 2:18 GMT+02:00 Firuz Dumlupinar - Vendor 
> >:
> 
> In the logs there is nothing related. I found the same issue here; 
> http://lists.wald.intevation.org/pipermail/openvas-discuss/2015-August/008335.html
>  
> 
>  but it doesn’t have an answerJ
> 
>  
> 
> Also on unix.stackexchange: 
> http://unix.stackexchange.com/questions/284413/greenbone-openvas-not-starting-tasks-after-reboot
>  
> 
>  I see the same problem but still no answer…
> 
>  
> 
> Firuz
> 
>  
> 
>  
> 
>  
> 
> From: > on 
> behalf of Eero Volotinen  >
> Date: Saturday, February 11, 2017 at 9:14 AM
> To: Firuz Dumlupinar - Vendor  >
> Cc: "openvas-discuss@wald.intevation.org 
> " 
>  >, Christian Fischer 
> >
> Subject: Re: [Openvas-discuss] Scan is not starting
> 
>  
> 
> and what the logs said?
> 
>  
> 
> 11.2.2017 6.49 ip. "Firuz Dumlupinar - Vendor"  > kirjoitti:
> 
> Christian,
> Thank you for the answer. I changed redis.conf file as you stated, but still 
> no luck☹
> 
> Firuz
> 
> On 2/11/17, 1:05 AM, "Openvas-discuss on behalf of Christian Fischer" 
>   on behalf of 
> christian.fisc...@greenbone.net > 
> wrote:
> 
> Hi,
> 
> On 11.02.2017 02:03, Firuz Dumlupinar - Vendor wrote:
> > I have access the web interface of greenbone but when I start a scan the
> > web page hangs and doesn’t initiate the scan.
> 
> if you're using the default redis configuration shipped with your distro
> also have a look at the redis.conf and comment out any "save 900 1"
> parts there (see [1]). Afterwards restart redis.
> 
> It still could be useful to check your logfiles like Eero pointed out.
> 
> [1]
> 
> https://wald.intevation.org/scm/viewvc.php/branches/openvas-scanner-5.1/doc/example_redis_2_6.conf.in?revision=26610=openvas=co
>  
> 
> 
> --
> 
> Christian Fischer | PGP Key: 0x54F3CE5B76C597AD
> Greenbone Networks GmbH | http://greenbone.net 
> Neumarkt 12, 49074 Osnabrück, Germany | AG Osnabrück, HR B 202460
> Geschäftsführer: Lukas Grunwald, Dr. Jan-Oliver Wagner
> 
> ___
> Openvas-discuss mailing list
> Openvas-discuss@wald.intevation.org 
> 
> 
> https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss 
> 
> 
> 
> ___
> Openvas-discuss

Re: [Openvas-discuss] Assign Additional Resources CPU/Memory to openvasmd

2017-01-07 Thread Fábio Fernandes 
Good point there. The part i don’t understand is why he is using a machine with 
considerable resources to run the manager which isn’t the most resource 
intensive process of OpenVAS.
To used that hardware properly virtualization to have one Manager in one VM and 
a Scanner in another VM would be a good option.

Fabio

> No dia 08/01/2017, às 02:33, Reindl Harald <h.rei...@thelounge.net> escreveu:
> 
> to make it more clear for people who think "my single process has to utilize 
> my hardware":
> 
> you won't get far when you complain why your webserver does not utilize your 
> CPU and memory as much as you like it because it spends most of the time by 
> wait for the overloaded database-server which can not serve more concurrency
> 
> in that case you need a database cluster to spread at least your 
> select-queries over more than one instance to reduce the impact of lockings
> 
> and that may work well even if that instances are on the same host in 
> multiple virtual machines because even HPC setups exists in the real world 
> who prove that theory - welcome in 2017!
> 
> https://gcn.com/articles/2014/07/11/vgrid-hpc-virtualization.aspx
> 
> http://www.zdnet.com/article/yes-virtualization-is-faster-sometimes-than-native-hardware/
> 
> "However, by partitioning each host into two or four virtual machines, they 
> were able to get significantly better performance"
> 
> Am 08.01.2017 um 03:23 schrieb Reindl Harald:
>> Am 08.01.2017 um 03:19 schrieb Fábio Fernandes:
>>> In my opinion i think that those resources would be better spent on
>>> openvassd process since it does the heavy lifting.
>> 
>> when the bottleneck are shared ressources used by openvassd it can't do
>> anyhting about it and so you need to get rid of the concurrecncy by just
>> have more of this ressources aka more instances
>> 
>>>> No dia 08/01/2017, às 00:59, Reindl Harald <h.rei...@thelounge.net>
>>>> escreveu:
>>>> 
>>>> Am 08.01.2017 um 01:30 schrieb TN TN:
>>>>> HI Christian, I actually have it installed with postgresql, but when
>>>>> you're scanning thousands of internal hosts on a weekly basis it slows
>>>>> it down considerably over time.. I'm just curious on why openvasmd is
>>>>> not using enough resources on the server. Thanks TN
>>>> 
>>>> because they are not available which means you assume the bottleneck
>>>> likely where it isn't - when you scan thousands of hosts how do you
>>>> come to the conclusion at a single openvas machine will be enough?
>>>> 
>>>> just install *more* instances as virtual machines when you say you
>>>> are not cpu-bound and have enough memory and spread the load -
>>>> problem solved
>>>> 
>>>>> On 7 January 2017 at 17:09, Christian Fischer
>>>>> <christian.fisc...@greenbone.net
>>>>> <mailto:christian.fisc...@greenbone.net>> wrote:
>>>>> 
>>>>>   Hi,
>>>>> 
>>>>>   On 07.01.2017 19:43, TN TN wrote:
>>>>>   > Hi, I have a fairly powerful server and it seems like the
>>>>> openvasmd
>>>>>   > process isnt using up alot of the resources on the box. If I run
>>>>>   > numerous scans (the scanner being off of the main openvasmd
>>>>>   server), the
>>>>>   > openvasmd process barely uses any resources, however Greenbone
>>>>> slows
>>>>>   > down and the backend commands take much longer to execute. Is
>>>>> there a
>>>>>   > way to force openvasmd to use more resources (CPU/Memory) so
>>>>> that it
>>>>>   > runs faster? Thanks, TN
>>>>> 
>>>>>   i don't think this is possible and it also probably wouldn't help
>>>>> here.
>>>>>   The manager process is using the resources it needs.
>>>>> 
>>>>>   I think the bottle neck is more likely the sqlite database
>>>>> backend which
>>>>>   slows down if multiple scanners are sending data to the manager.
>>>>> Have a
>>>>>   look at the postgresql database backend which might help to
>>>>> improve the
>>>>>   performance.
> ___
> Openvas-discuss mailing list
> Openvas-discuss@wald.intevation.org
> https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss

___
Openvas-discuss mailing list
Openvas-discuss@wald.intevation.org
https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss

Re: [Openvas-discuss] Assign Additional Resources CPU/Memory to openvasmd

2017-01-07 Thread Fábio Fernandes 
In my opinion i think that those resources would be better spent on openvassd 
process since it does the heavy lifting.

Fabio

> No dia 08/01/2017, às 00:59, Reindl Harald  escreveu:
> 
> 
> 
> Am 08.01.2017 um 01:30 schrieb TN TN:
>> HI Christian, I actually have it installed with postgresql, but when
>> you're scanning thousands of internal hosts on a weekly basis it slows
>> it down considerably over time.. I'm just curious on why openvasmd is
>> not using enough resources on the server. Thanks TN
> 
> because they are not available which means you assume the bottleneck likely 
> where it isn't - when you scan thousands of hosts how do you come to the 
> conclusion at a single openvas machine will be enough?
> 
> just install *more* instances as virtual machines when you say you are not 
> cpu-bound and have enough memory and spread the load - problem solved
> 
>> On 7 January 2017 at 17:09, Christian Fischer
>> > > wrote:
>> 
>>Hi,
>> 
>>On 07.01.2017 19:43, TN TN wrote:
>>> Hi, I have a fairly powerful server and it seems like the openvasmd
>>> process isnt using up alot of the resources on the box. If I run
>>> numerous scans (the scanner being off of the main openvasmd
>>server), the
>>> openvasmd process barely uses any resources, however Greenbone slows
>>> down and the backend commands take much longer to execute. Is there a
>>> way to force openvasmd to use more resources (CPU/Memory) so that it
>>> runs faster? Thanks, TN
>> 
>>i don't think this is possible and it also probably wouldn't help here.
>>The manager process is using the resources it needs.
>> 
>>I think the bottle neck is more likely the sqlite database backend which
>>slows down if multiple scanners are sending data to the manager. Have a
>>look at the postgresql database backend which might help to improve the
>>performance.
> ___
> Openvas-discuss mailing list
> Openvas-discuss@wald.intevation.org
> https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss

___
Openvas-discuss mailing list
Openvas-discuss@wald.intevation.org
https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss

Re: [Openvas-discuss] Report formats

2016-12-23 Thread Fábio Fernandes 
Are there paid conversion utilities for OpenVAS?

If nbe format can be converted in nessus format then it can be done.

Fabio

> No dia 21/12/2016, às 01:19, Eero Volotinen <eero.voloti...@iki.fi> escreveu:
> 
> well. how about paying for conversion utility?
> 
> there are some old openvas to nbe tools available alsom
> 
> Eero
> 
> 20.12.2016 10.44 ip. "Fábio Fernandes" <fabiogfernan...@gmail.com 
> <mailto:fabiogfernan...@gmail.com>> kirjoitti:
> If the product doesn't support it probably there isn't an solution for it. 
> Maybe someone in the community knows if there is a script or custom report 
> format. I had a similar situation where i needed to import OpenVAS reports 
> into ArcSight but it only consumed Qualys, Nexpose, etc. I had to create a 
> script to convert between formats. The conversion wasn't 100% complete 
> because the differences between report formats were a lot and the quantity of 
> information beetween products varied a lot too. But for the purpose it worked 
> with basic information. But this is very time consuming and maybe it isn't an 
> option for you.
> 
> Fabio
> 
> Em 20/12/2016 13:09, "Helmut Koers" <hko...@de.hellmann.net 
> <mailto:hko...@de.hellmann.net>> escreveu:
> I am looking for a report format that can be imported into BMC BL Server 
> Automation. 
> 
> The product is supporting .nessus format and Qualys exports. Is there a 
> possiblity to export such reports? 
> 
> Thanks, Helmut
> ___
> Openvas-discuss mailing list
> Openvas-discuss@wald.intevation.org 
> <mailto:Openvas-discuss@wald.intevation.org>
> https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss 
> <https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss>
> 
> ___
> Openvas-discuss mailing list
> Openvas-discuss@wald.intevation.org 
> <mailto:Openvas-discuss@wald.intevation.org>
> https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss 
> <https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss>

___
Openvas-discuss mailing list
Openvas-discuss@wald.intevation.org
https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss

Re: [Openvas-discuss] Report formats

2016-12-20 Thread Fábio Fernandes 
If the product doesn't support it probably there isn't an solution for it.
Maybe someone in the community knows if there is a script or custom report
format. I had a similar situation where i needed to import OpenVAS reports
into ArcSight but it only consumed Qualys, Nexpose, etc. I had to create a
script to convert between formats. The conversion wasn't 100% complete
because the differences between report formats were a lot and the quantity
of information beetween products varied a lot too. But for the purpose it
worked with basic information. But this is very time consuming and maybe it
isn't an option for you.

Fabio

Em 20/12/2016 13:09, "Helmut Koers"  escreveu:

> I am looking for a report format that can be imported into BMC BL Server
> Automation.
>
> The product is supporting .nessus format and Qualys exports. Is there a
> possiblity to export such reports?
>
> Thanks, Helmut
> ___
> Openvas-discuss mailing list
> Openvas-discuss@wald.intevation.org
> https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss
>
___
Openvas-discuss mailing list
Openvas-discuss@wald.intevation.org
https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss

Re: [Openvas-discuss] openvas is not finding threat

2016-12-19 Thread Fábio Fernandes 
Hi

> No dia 19/12/2016, às 05:53, Rishi Kumar  escreveu:
> 
> Hi,
> As already told scan is not finding any result.
> I have few questions:
> 1. Should the target should be in same network as my system where. Openvas is 
> installed?

To find the most vulnerabilities yes but that depends on your security 
evaluation strategy i think. For instance you want to assess your exposure 
level from the outside or inside network?
But if you are only testing OpenVAS you should try it in the same network.

> 2. If i use to scan any website do I need to provide some kind of credentials 
> to authorization.

No, you can do scans without credentials.

> 3. Is the target server is able to deny scan process by openvas?
> Is there something else that I am missing?

A firewall that blocks everything can but that is unlikely.

As to your situation sometimes i use targets that can have firewalls between 
the OpenVAS scanner and them. When choosing many ports in the portlist i 
noticed that many times the scans were at 1% like yours. Analyzing OpenVAS 
logs, processes and network activity with tcpdump i came to the conclusion that 
some firewall or specific network condition was forcing nmap to do rate 
limiting slowing down the port scan a lot. To solve this problem i tuned nmap 
port scanning plugin to be more aggressive. Keep in mind that there is always a 
tradeoff between accuracy and time consumed.

Fabio 

> 
> On Dec 10, 2016 10:36 AM, "Rishi Kumar"  > wrote:
> thanks for the valuable link.
> but this is not solving my issue. If I create target with Port List 
> (immutable): All TCP, the tasks remains at 1% I waited for good 15-20 mins 
> without any result.
> If i create target with All IANA assigned TCP 2012-02-10, the task completes 
> but again without any result.
> What is possible reason, so that I can fix the issue.
> 
> 
> On Fri, Dec 9, 2016 at 11:16 AM, Christian Fischer 
> > 
> wrote:
> Hi,
> 
> On 08.12.2016 19:08, Rishi Kumar wrote:
> > SUGGEST: You should install nmap 5.51 if you plan to use the nmap
> > NSE NVTs.
> 
> as the message is telling you you only need that specific version if you
> want to run the nmap NSE scripts from within OpenVAS which is disabled
> by default. So no, you don't need to install this version.
> 
> To get further help you could provide the results you get from within
> the scan report. Also check stuff like the hints pointed out here:
> 
> https://lists.wald.intevation.org/pipermail/openvas-discuss/2016-November/010277.html
>  
> 
> 
> Regards,
> 
> --
> 
> Christian Fischer | PGP Key: 0x54F3CE5B76C597AD
> Greenbone Networks GmbH | http://greenbone.net 
> Neuer Graben 17, 49074 Osnabrück, Germany | AG Osnabrück, HR B 202460
> Geschäftsführer: Lukas Grunwald, Dr. Jan-Oliver Wagner
> 
> 
> 
> -- 
> Thanks & Regards
> Rishi Kumar
> Email: grishi...@gmail.com 
> Mob: +91-9205932168
> ___
> Openvas-discuss mailing list
> Openvas-discuss@wald.intevation.org
> https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss

___
Openvas-discuss mailing list
Openvas-discuss@wald.intevation.org
https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss

Re: [Openvas-discuss] Modifying a Target after it's in a task?

2016-12-06 Thread Fábio Fernandes 
In GSAD or the Manager i don’t think so.

Fabio

> No dia 07/12/2016, às 00:44, TN TN  escreveu:
> 
> Hi, is there anyway to modify a target after its part of a task? Thanks, TN
> ___
> Openvas-discuss mailing list
> Openvas-discuss@wald.intevation.org
> https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss

___
Openvas-discuss mailing list
Openvas-discuss@wald.intevation.org
https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss

Re: [Openvas-discuss] OpenVAS GSAD not working (empty reply from server)

2016-12-05 Thread Fábio Fernandes 
In my CentOS version the GSAD is running on HTTPS default port (443). I think 
that is explicit in the install.

Fabio

> No dia 05/12/2016, às 13:28, mathew shires  escreveu:
> 
> I have installed the latest version of OpenVAS on CentOS from Atomicorp.
> openvas-check-setup reports no critical issues
> 
>> openvas-check-setup 2.3.2
>>   Test completeness and readiness of OpenVAS-8
>>   (add '--v6' or '--v7' or '--v9'
>>if you want to check for another OpenVAS version)
>> 
>>   Please report us any non-detected problems and
>>   help us to improve this check routine:
>>   http://lists.wald.intevation.org/mailman/listinfo/openvas-discuss 
>> 
>> 
>>   Send us the log-file (/tmp/openvas-check-setup.log) to help analyze the 
>> problem.
>> 
>>   Use the parameter --server to skip checks for client tools
>>   like GSD and OpenVAS-CLI.
>> 
>> Step 1: Checking OpenVAS Scanner ...
>> OK: OpenVAS Scanner is present in version 5.0.7.
>> OK: OpenVAS Scanner CA Certificate is present as 
>> /var/lib/openvas/CA/cacert.pem.
>> OK: redis-server is present in version v=3.0.7.
>> OK: scanner (kb_location setting) is configured properly using the 
>> redis-server socket: /tmp/redis.sock
>> OK: redis-server is running and listening on socket: /tmp/redis.sock.
>> OK: redis-server configuration is OK and redis-server is running.
>> OK: NVT collection in /var/lib/openvas/plugins contains 50525 NVTs.
>> WARNING: Signature checking of NVTs is not enabled in OpenVAS 
>> Scanner.
>> SUGGEST: Enable signature checking (see 
>> http://www.openvas.org/trusted-nvts.html 
>> ).
>> OK: The NVT cache in /var/cache/openvas contains 50525 files for 
>> 50525 NVTs.
>> Step 2: Checking OpenVAS Manager ...
>> OK: OpenVAS Manager is present in version 6.0.9.
>> OK: OpenVAS Manager client certificate is present as 
>> /var/lib/openvas/CA/clientcert.pem.
>> OK: OpenVAS Manager database found in /var/lib/openvas/mgr/tasks.db.
>> OK: Access rights for the OpenVAS Manager database are correct.
>> OK: At least one user exists.
>> OK: sqlite3 found, extended checks of the OpenVAS Manager 
>> installation enabled.
>> OK: OpenVAS Manager database is at revision 146.
>> OK: OpenVAS Manager expects database at revision 146.
>> OK: Database schema is up to date.
>> OK: OpenVAS Manager database contains information about 50525 NVTs.
>> OK: OpenVAS SCAP database found in 
>> /var/lib/openvas/scap-data/scap.db.
>> OK: OpenVAS CERT database found in 
>> /var/lib/openvas/cert-data/cert.db.
>> OK: xsltproc found.
>> Step 3: Checking user configuration ...
>> WARNING: Your password policy is empty.
>> SUGGEST: Edit the /etc/openvas/pwpolicy.conf file to set a password 
>> policy.
>> Step 4: Checking Greenbone Security Assistant (GSA) ...
>> OK: Greenbone Security Assistant is present in version 6.0.11.
>> Step 5: Checking OpenVAS CLI ...
>> OK: OpenVAS CLI version 1.4.4.
>> Step 6: Checking Greenbone Security Desktop (GSD) ...
>> SKIP: Skipping check for Greenbone Security Desktop.
>> Step 7: Checking if OpenVAS services are up and running ...
>> OK: netstat found, extended checks of the OpenVAS services enabled.
>> OK: OpenVAS Scanner is running and listening on all interfaces.
>> OK: OpenVAS Scanner is listening on port 9391, which is the default 
>> port.
>> OK: OpenVAS Manager is running and listening on all interfaces.
>> OK: OpenVAS Manager is listening on port 9390, which is the default 
>> port.
>> OK: Greenbone Security Assistant is listening on port 9392, which is 
>> the default port.
>> Step 8: Checking nmap installation ...
>> WARNING: Your version of nmap is not fully supported: 6.47
>> SUGGEST: You should install nmap 5.51 if you plan to use the nmap 
>> NSE NVTs.
>> Step 10: Checking presence of optional tools ...
>> OK: pdflatex found.
>> WARNING: PDF generation failed, most likely due to missing LaTeX 
>> packages. The PDF report format will not work.
>> SUGGEST: Install required LaTeX packages.
>> OK: ssh-keygen found, LSC credential generation for GNU/Linux 
>> targets is likely to work.
>> OK: rpm found, LSC credential package generation for RPM based 
>> targets is likely to work.
>> OK: alien found, LSC credential package generation for DEB based 
>> targets is likely to work.
>> OK: nsis found, LSC credential package generation for Microsoft 
>> Windows targets is likely to work.
>> OK: SELinux is disabled.
>> 
>> It seems like your OpenVAS-8 installation is OK.
>> 
>> If you think it is not OK, please report your observation
>> and help us to improve this

Re: [Openvas-discuss] Scan with HTTP Basic auth?

2016-12-05 Thread Fábio Fernandes 
SMB, ESXi and SSH credentials are used to scan the remote machine with full 
access to the SO. HTTP credentials are to test web vulnerabilities so i think 
it should be configured in the web application plugins (wapiti maybe?).

Fabio

> No dia 05/12/2016, às 10:58, Ralf Hildebrandt  
> escreveu:
> 
> How can I specify which HTTP Credentials to use during a scan?
> I see SMB, ESXi and SSH credentials, but can't seem to find HTTP basic
> auth credentials anywhere.
> 
> -- 
> Ralf Hildebrandt   Charite Universitätsmedizin Berlin
> ralf.hildebra...@charite.deCampus Benjamin Franklin
> http://www.charite.de  Hindenburgdamm 30, 12203 Berlin
> Geschäftsbereich IT, Abt. Netzwerk fon: +49-30-450.570.155
> ___
> Openvas-discuss mailing list
> Openvas-discuss@wald.intevation.org
> https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss

___
Openvas-discuss mailing list
Openvas-discuss@wald.intevation.org
https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss

Re: [Openvas-discuss] HELP - Problem faced in OpenVAS

2016-11-24 Thread Fábio Fernandes 
If that doesn’t work you can try this.

- Erase OpenVAS data in Redis.

Erase Openvas key

1. Open Redis client

redis-cli -s /var/lib/redis/redis.sock

2. List all keys

redis
/var/lib/redis/redis.sock> keys *
1) "OpenVAS.__GlobalDBIndex"

3. Delete OpenVAS key

redis /var/lib/redis/redis.sock> del OpenVAS.__GlobalDBIndex
(integer) 1

OR

Edit redis.conf and comment out all "save" statements.
Then stop redis and remove the dump.rdb (typically in /var/lib/redis) and
start redis again.

Fabio

> No dia 24/11/2016, às 11:14, Christian Fischer 
>  escreveu:
> 
> Hi,
> 
> On 24.11.2016 12:00, Jaydeep Shah wrote:
>> I am new user to open VAS solution. I have installed it in my system and
>> while testing scanning my own system, found Error "Service temporarily
>> down".
> 
> most likely your certificate setup is wrong or you're using outdated
> certificates. Have a look at the following steps how to fix that:
> 
> http://plugins.openvas.org/ova_503.txt
> 
> You might need to adjust commands to your running linux distribution.
> 
> Regards,
> 
> -- 
> 
> Christian Fischer | PGP Key: 0x54F3CE5B76C597AD
> Greenbone Networks GmbH | http://greenbone.net
> Neuer Graben 17, 49074 Osnabrück, Germany | AG Osnabrück, HR B 202460
> Geschäftsführer: Lukas Grunwald, Dr. Jan-Oliver Wagner
> ___
> Openvas-discuss mailing list
> Openvas-discuss@wald.intevation.org
> https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss

___
Openvas-discuss mailing list
Openvas-discuss@wald.intevation.org
https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss

Re: [Openvas-discuss] fedora + openvas 8

2016-11-23 Thread Fábio Fernandes 
>From what i can tell here in this mailing list it seems like atomic repos
don't test their releases and they are releasing some broken packages. I
used OpenVAS from atomic repos 8 months ago and the release seemed fine
only found 1 minor bug but i'm not an expert user.

Fabio

Em 22/11/2016 22:43, "kalin m"  escreveu:

>
>
> On 11/22/16 3:58 PM, Reindl Harald wrote:
>
>>
>>
>> Am 22.11.2016 um 20:52 schrieb kalin m:
>>
>>> hi all...
>>>
>>> from: http://www.openvas.org/install-packages-v7.html (there is no v8?!)
>>>
>>> i do:
>>>
>>> wget -q -O - http://www.atomicorp.com/installers/atomic |sh
>>>
>>
>> why in the world do you touch anything from Atmoic on Fedora?
>>
>
> because that's what it says on the openvas site?!
>
>
>> man dnf
>> man yum
>>
>
> and?! apparently they both work with rpms. 'dnf install openvas' didn't do
> much either. it's not funny anymore...
>
> what is your point?
>
> ___
> Openvas-discuss mailing list
> Openvas-discuss@wald.intevation.org
> https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss
>
___
Openvas-discuss mailing list
Openvas-discuss@wald.intevation.org
https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss

Re: [Openvas-discuss] email alert fail to send via MTA

2016-11-22 Thread Fábio Fernandes 
Alert config seems fine. Check the manager logs maybe they will indicate
the error. You will need probably to raise the log level.

Em 22/11/2016 01:39, "Matthew Ma 馬耀堂 (奧圖碼)" <matthew...@optoma.com>
escreveu:

> Here is my alert setting:
>
> https://s15.postimg.org/5kvep0ofv/image.png
>
> Thank you
>
>
>
> Matthew
>
>
>
> *From:* Fábio Fernandes [mailto:fabiogfernan...@gmail.com]
> *Sent:* Saturday, November 19, 2016 11:55 PM
> *To:* Matthew Ma 馬耀堂 (奧圖碼)
> *Cc:* openvas-discuss@wald.intevation.org
> *Subject:* Re: [Openvas-discuss] email alert fail to send via MTA
>
>
>
> There seems to be a problem with the alert since it gives error 500. Can
> you provide some details on the alert configuration?
>
>
>
> Fabio
>
> No dia 18/11/2016, às 02:00, Matthew Ma 馬耀堂 (奧圖碼) <matthew...@optoma.com>
> escreveu:
>
>
>
> Hi all,
>
>
>
> I have installed openvas on my centos 6 server.
>
> I have configured a mail relay server in another centos 6 server.
>
> They are in the same subnet, iptables disabled.
>
> However, every mail openvas sent did not log in mail relay server
>
> Since our company only allow that mail relay server, openvas cannot send
> mail to my company mail server.
>
>
>
> I did some test:
>
> Openvas server telnet to mail relay server   [PASS]
>
> Then send mail to my company mail server  [PASS]
>
> Use openvas test alert
> [Operation: Test Alert ,Status code: 500 ,Status message: Internal error]
>
>
>
> Is there anyone can help?
>
>
>
> Thank you!!!
>
>
> --
>
> This e-mail transmission and its attachment are intended only for the use
> of the individual or entity to which it is addressed, and may contain
> information that is privileged, confidential and exempted from disclosure
> under applicable law. If the reader is not the intended recipient, you are
> hereby notified that any disclosure, dissemination, distribution or copying
> of this communication, in part or entirety, is strictly prohibited. If you
> are not the intended recipient for this confidential e-mail, delete it
> immediately without keeping or distributing any copy and notify the sender
> immediately. The hard copies should also be destroyed. Thank you for your
> cooperation. It is advisable that any unauthorized use of confidential
> information of this Company is strictly prohibited; and any information in
> this email that does not relate to the official business of this Company
> shall be deemed as neither given nor endorsed by this Company.
>
>
>
> ___
> Openvas-discuss mailing list
> Openvas-discuss@wald.intevation.org
> https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss
>
>
>
> --
> This e-mail transmission and its attachment are intended only for the use
> of the individual or entity to which it is addressed, and may contain
> information that is privileged, confidential and exempted from disclosure
> under applicable law. If the reader is not the intended recipient, you are
> hereby notified that any disclosure, dissemination, distribution or copying
> of this communication, in part or entirety, is strictly prohibited. If you
> are not the intended recipient for this confidential e-mail, delete it
> immediately without keeping or distributing any copy and notify the sender
> immediately. The hard copies should also be destroyed. Thank you for your
> cooperation. It is advisable that any unauthorized use of confidential
> information of this Company is strictly prohibited; and any information in
> this email that does not relate to the official business of this Company
> shall be deemed as neither given nor endorsed by this Company.
>
>
> ___
> Openvas-discuss mailing list
> Openvas-discuss@wald.intevation.org
> https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss
>
___
Openvas-discuss mailing list
Openvas-discuss@wald.intevation.org
https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss

Re: [Openvas-discuss] Open UDP port only discovered with small Port List

2016-11-22 Thread Fábio Fernandes 
Both lists contain port 161?

Em 22/11/2016 07:02, "Christian Fischer" 
escreveu:

> Hi,
>
> On 21.11.2016 23:27, Daniel Walker wrote:
> > If I deactivate the Windows Firewall on the target system, OpenVAS
> > does always detect the SNMP service no matter what Port List is used.
>
> this gives you already a pointer. In general it is recommended to
> whitelist the scanning machine to avoid such issues while port scanning.
>
> You can also do some further debugging and call nmap (this is what
> OpenVAS is using for port scanning) from command line like:
>
> nmap -sU -p U:$yourportlist $targetip
>
> > I’m running OpenVAS Scanner 5.0.4 with OpenVAS Manager 6.0.5 and
> > Greenbone Security Assistant 6.0.5 on a Kali Linux 2016.1
>
> It won't solve your issue but you should note that these are quite
> outdated components of OpenVAS. Please update to the current components:
>
> Libraries 8.0.8
> Scanner 5.0.7
> Manager 6.0.9
> Greenbone Security Assistant (GSA) 6.0.11
>
> Regards,
>
> --
>
> Christian Fischer | PGP Key: 0x54F3CE5B76C597AD
> Greenbone Networks GmbH | http://greenbone.net
> Neuer Graben 17, 49074 Osnabrück, Germany | AG Osnabrück, HR B 202460
> Geschäftsführer: Lukas Grunwald, Dr. Jan-Oliver Wagner
> ___
> Openvas-discuss mailing list
> Openvas-discuss@wald.intevation.org
> https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss
___
Openvas-discuss mailing list
Openvas-discuss@wald.intevation.org
https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss

Re: [Openvas-discuss] PDF report stuck

2016-11-20 Thread Fábio Fernandes 
That seems like a huge report. Try to get it through the manager API.

Fabio

> No dia 20/11/2016, às 08:33, Abel Browarnik  escreveu:
> 
> Hi,
>  
> I have run a scan for a bunch of endpoints. The result seems to be quite big. 
> As a result (I guess) when I ask to download a pdf report I see the browser 
> stuck and no report is obtained. How can I obtain it, even manually?
> The XML file is 24.8 MB. Maybe this gives a clue…
>  
> Thank you in advance
>  
> Abel
>  
> ___
> Openvas-discuss mailing list
> Openvas-discuss@wald.intevation.org 
> 
> https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss 
> 
___
Openvas-discuss mailing list
Openvas-discuss@wald.intevation.org
https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss

Re: [Openvas-discuss] email alert fail to send via MTA

2016-11-19 Thread Fábio Fernandes 
There seems to be a problem with the alert since it gives error 500. Can you 
provide some details on the alert configuration?

Fabio
> No dia 18/11/2016, às 02:00, Matthew Ma 馬耀堂 (奧圖碼)  
> escreveu:
> 
> Hi all,
>  
> I have installed openvas on my centos 6 server.
> I have configured a mail relay server in another centos 6 server.
> They are in the same subnet, iptables disabled.
> However, every mail openvas sent did not log in mail relay server
> Since our company only allow that mail relay server, openvas cannot send mail 
> to my company mail server.
>  
> I did some test:
> Openvas server telnet to mail relay server   [PASS]
> Then send mail to my company mail server  [PASS]
> Use openvas test alert[Operation: 
> Test Alert ,Status code: 500 ,Status message: Internal error]
>  
> Is there anyone can help?
>  
> Thank you!!!
> 
> This e-mail transmission and its attachment are intended only for the use of 
> the individual or entity to which it is addressed, and may contain 
> information that is privileged, confidential and exempted from disclosure 
> under applicable law. If the reader is not the intended recipient, you are 
> hereby notified that any disclosure, dissemination, distribution or copying 
> of this communication, in part or entirety, is strictly prohibited. If you 
> are not the intended recipient for this confidential e-mail, delete it 
> immediately without keeping or distributing any copy and notify the sender 
> immediately. The hard copies should also be destroyed. Thank you for your 
> cooperation. It is advisable that any unauthorized use of confidential 
> information of this Company is strictly prohibited; and any information in 
> this email that does not relate to the official business of this Company 
> shall be deemed as neither given nor endorsed by this Company.
> 
> ___
> Openvas-discuss mailing list
> Openvas-discuss@wald.intevation.org 
> 
> https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss 
> 
___
Openvas-discuss mailing list
Openvas-discuss@wald.intevation.org
https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss

Re: [Openvas-discuss] Can't edit one single port list

2016-11-18 Thread Fábio Fernandes 
The included portlists are not editable. You can clone them and edit the
clones to change their ports to use them in a target. You can only use one
portlist per target.

Fabio

Em 18/11/2016 20:04,  escreveu:

> Hello,
>
> Trying to edit any of the included port lists and can't. I have two users,
> admin and another one. I have deleted all reports, tasks, etc, and changed
> targets to not point to the port list I want to to edit.
>
> None of my port lists show the wrench as either my admin or other user. If
> I click on the "All IANA assigned TCP 2012-02-10" port list, I do not have
> the option to edit it ad at the bottom it says: "Targets using this Port
> List: None."
>
> If I create a new port list, I can edit that one, and Targets don't let
> you add more than one port list.
>
> Thanks in advance,
>
> Ted
>
>
>
>
> ___
> Openvas-discuss mailing list
> Openvas-discuss@wald.intevation.org
> https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss
>
___
Openvas-discuss mailing list
Openvas-discuss@wald.intevation.org
https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss

Re: [Openvas-discuss] Reports and powerfilter...

2016-11-17 Thread Fábio Fernandes 
You can define an override for one nvt for all hosts.

Fabio
 
> No dia 17/11/2016, às 20:56,  
>  escreveu:
> 
> Hello, 
> 
> As I'm running scans, I get a lot of results in my reports stating a kernel 
> vulnerability because the scanner is scanning old kernels that are installed 
> on the system, but not otherwise in use. I don't want to uninstall the older 
> kernels as there may be a stability issue requiring me to revert back to one 
> of them.
> 
> I tried creating overrides but that did not seem to solve the issue as one 
> needs to be created for every result.
> 
> I tried using powerfilter with the 'not' keyword - but that didn't seem to 
> work.
> 
> So is there a way I can filter (or override) results in a report so that they 
> do not include certain kernel versions?
> 
> Thanks, 
> 
> 
> Ted.
>  
> ___
> Openvas-discuss mailing list
> Openvas-discuss@wald.intevation.org
> https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss

___
Openvas-discuss mailing list
Openvas-discuss@wald.intevation.org
https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss

Re: [Openvas-discuss] tasks hang indefinitely at start openvas 8/centos 6

2016-11-16 Thread Fábio Fernandes 
Check if all OpenVAS executables are running properly. Try ps -xau | grep -E 
“openvas|gsad”

Fabio

> No dia 16/11/2016, às 04:00, ccavello+open...@gmail.com escreveu:
> 
> I am using Openvas 8 running on Centos 6.
> For a few weeks everything was running fine.
> Nothing changed to my knowledge, besides the nightly cron updates of
> the NVT/scap/cert and daily task runs.
> Last week, no task would start. Wouldn't even get to "1%". Task start
> would hang from the GUI or from the command line (opm).
> 
> 
> omp -u openvasuser -w REDACTEDPASSWORD -G
> works fine, and returns a list of tasks.
> However, when I try to start a task, as below, it hangs
> omp -u openvasuser -w REDACTEDPASSWORD -S
> d7839d94-f5aa-4245-ae6a-38e2f47d8b20 -v
> 
> I included parts of a few straces below.
> 
> 
> Could there be anything in the OS that went afoul? I have tried
> uninstalling and reinstalling openvas but get the same result.
> 
> listener:
> [ccavello@dc1pcore-nvt01 ~]$ sudo lsof -P -itcp:9390,9391,9392
> COMMAND PID USER   FD   TYPE DEVICE SIZE/OFF NODE NAME
> gsad   1707 root5u  IPv4  12621  0t0  TCP *:9392 (LISTEN)
> openvassd  8728 root4u  IPv4 593398  0t0  TCP *:9391 (LISTEN)
> openvasmd 13364 root5u  IPv4 689561  0t0  TCP *:9390 (LISTEN)
> 
> [ccavello@dc1pcore-nvt01 ~]$ ps -ef | egrep "gsad|openv"
> root  1707 1  0 Nov14 ?00:06:42 /usr/sbin/gsad
> --listen=0.0.0.0 --port=9392 --mlisten=127.0.0.1 --mport=9390
> root  8728 1  0 00:00 ?00:01:32 openvassd: Reloaded all
> the NVTs.
> root 13364 1  0 10:54 ?00:00:07 openvasmd
> 
> [ccavello@dc1pcore-nvt01 ~]$ sudo strace -tt -f -p 13364
> 
> [pid 14169] 14:06:50.283441 read(16, "127.0.0.1   localhost
> localhost."..., 4096) = 259
> [pid 14169] 14:06:50.283500 read(16, "", 4096) = 0
> [pid 14169] 14:06:50.283534 close(16)   = 0
> [pid 14169] 14:06:50.283561 munmap(0x7f032c2d, 4096) = 0
> [pid 14169] 14:06:50.283599 open("/etc/gai.conf", O_RDONLY) = 16
> [pid 14169] 14:06:50.283634 fstat(16, {st_mode=S_IFREG|0644, st_size=0,
> ...}) = 0
> [pid 14169] 14:06:50.283691 fstat(16, {st_mode=S_IFREG|0644, st_size=0,
> ...}) = 0
> [pid 14169] 14:06:50.283726 mmap(NULL, 4096, PROT_READ|PROT_WRITE,
> MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f032c2d
> [pid 14169] 14:06:50.283758 read(16, "", 4096) = 0
> [pid 14169] 14:06:50.283799 close(16)   = 0
> [pid 14169] 14:06:50.283828 munmap(0x7f032c2d, 4096) = 0
> [pid 14169] 14:06:50.283869 futex(0x3d37b90f24, FUTEX_WAKE_PRIVATE,
> 2147483647) = 0
> [pid 14169] 14:06:50.283976 socket(PF_INET, SOCK_DGRAM, IPPROTO_IP) = 16
> [pid 14169] 14:06:50.284015 connect(16, {sa_family=AF_INET,
> sin_port=htons(0), sin_addr=inet_addr("127.0.0.1")}, 16) = 0
> [pid 14169] 14:06:50.284053 getsockname(16, {sa_family=AF_INET,
> sin_port=htons(45031), sin_addr=inet_addr("127.0.0.1")}, [16]) = 0
> [pid 14169] 14:06:50.284090 close(16)   = 0
> [pid 14169] 14:06:50.284176 fcntl(11, F_SETLK, {type=F_RDLCK,
> whence=SEEK_SET, start=1073741824, len=1}) = 0
> [pid 14169] 14:06:50.284216 fcntl(11, F_SETLK, {type=F_RDLCK,
> whence=SEEK_SET, start=1073741826, len=510}) = 0
> [pid 14169] 14:06:50.284247 fcntl(11, F_SETLK, {type=F_UNLCK,
> whence=SEEK_SET, start=1073741824, len=1}) = 0
> [pid 14169] 14:06:50.284279
> access("/var/lib/openvas/mgr/tasks.db-journal", F_OK) = -1 ENOENT (No
> such file or directory)
> [pid 14169] 14:06:50.284317 fstat(11, {st_mode=S_IFREG|0600,
> st_size=1404740608, ...}) = 0
> [pid 14169] 14:06:50.284350 lseek(11, 24, SEEK_SET) = 24
> [pid 14169] 14:06:50.284377 read(11,
> "\2\247p\\\0\24\356\251\0\n\200\273\0\10\337l", 16) = 16
> [pid 14169] 14:06:50.284408 fstat(11, {st_mode=S_IFREG|0600,
> st_size=1404740608, ...}) = 0
> [pid 14169] 14:06:50.284438 access("/var/lib/openvas/mgr/tasks.db-wal",
> F_OK) = -1 ENOENT (No such file or directory)
> [pid 14169] 14:06:50.284472 fstat(11, {st_mode=S_IFREG|0600,
> st_size=1404740608, ...}) = 0
> [pid 14169] 14:06:50.284511 lseek(11, 1283979264, SEEK_SET) = 1283979264
> [pid 14169] 14:06:50.284539 read(11,
> "\0\23\"2GMxcGNvcmUt\nbnZ0MDExIDAeBgkq"..., 1024) = 1024
> [pid 14169] 14:06:50.284573 lseek(11, 1284031488, SEEK_SET) = 1284031488
> [pid 14169] 14:06:50.284600 read(11,
> "\0\23\"\237kNlcnRpZmljYXRpb24gQXV0aG9ya"..., 1024) = 1024
> [pid 14169] 14:06:50.284646 fcntl(11, F_SETLK, {type=F_UNLCK,
> whence=SEEK_SET, start=0, len=0}) = 0
> [pid 14169] 14:06:50.285155 fcntl(11, F_SETLK, {type=F_RDLCK,
> whence=SEEK_SET, start=1073741824, len=1}) = 0
> [pid 14169] 14:06:50.285195 fcntl(11, F_SETLK, {type=F_RDLCK,
> whence=SEEK_SET, start=1073741826, len=510}) = 0
> [pid 14169] 14:06:50.285227 fcntl(11, F_SETLK, {type=F_UNLCK,
> whence=SEEK_SET, start=1073741824, len=1}) = 0
> [pid 14169] 14:06:50.285259
> access("/var/lib/openvas/mgr/tasks.db-journal", F_OK) = -1 ENOENT (No
> such file or directory)
> [pid 14169] 14:06:50.285309 fstat(11, {st_mode=S_IFREG|0600,
> st_size=1404740608, ...}) = 0
> [pid 14169]

Re: [Openvas-discuss] OpenVAS -> Sourcefire connector Alert

2016-11-15 Thread Fábio Fernandes 
If there is i can’t find it can you help? I contacted Sourcefire support and 
they said that support for OpenVAS doesn’t exist and that they would create a 
feature request. Maybe they dropped support or only support Greenbone.
It seems strange since Greenbone seems to support this.

Fabio

> No dia 09/11/2016, às 15:15, Jan-Oliver Wagner 
> <jan-oliver.wag...@greenbone.net> escreveu:
> 
> Am Donnerstag, 21. Juli 2016, 00:06:26 schrieb Fábio Fernandes:
>> Hi i am trying to use the source fire connector.
>> I already managed to install sourcefire report format and it works and then
>> i tested the alert but it makes no connection at all. Then i investigated
>> in the source code and found that OpenVAS Manager executes an script called
>> greenbone_sourcefire_connector that is required in the INSTALL from
>> openvas-manager source. Does anyone know where to find this script? I have
>> tried to find it in older sources but without success. Thanks!
> 
> AFAIR a public version used to be available from Sourcefire ...
> 
> The full support however is available with the Greenbone Security Manager
> appliance.
> 
> -- 
> Dr. Jan-Oliver Wagner |  +49-541-335084-0  |  http://www.greenbone.net/
> Greenbone Networks GmbH, Neuer Graben 17, 49074 Osnabrück | AG Osnabrück, HR 
> B 
> 202460
> Geschäftsführer: Lukas Grunwald, Dr. Jan-Oliver Wagner
> ___
> Openvas-discuss mailing list
> Openvas-discuss@wald.intevation.org
> https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss

___
Openvas-discuss mailing list
Openvas-discuss@wald.intevation.org
https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss

Re: [Openvas-discuss] OpenVAS hangs the system while using very few ressources

2016-11-15 Thread Fábio Fernandes 
Maybe use some application to log resource usage over time to disk to monitor 
what happens when the system slows down.

Fabio

> No dia 10/11/2016, às 08:18, Jan-Oliver Wagner 
>  escreveu:
> 
> Am Dienstag, 11. Oktober 2016, 11:51:13 schrieb tatooin:
>> I'm using OpenVAS to scan large networks using default scan profiles. So
>> far so good. However, at some points during the scan, the system becomes
>> unresponsive, while OpenVAS keeps running and scanning. So the system
>> works, but very very very slowly until the scan finish.
>> 
>> Sometimes I can't even ssh into the system anymore. When this happens,
>> if I run a top command; while the command takes ages to succeed, it
>> doesn't show any particular overload. CPU and memory consumption are
>> perfectly normal, and actually even low.
>> 
>> So I suspect a problem of buffer; probably network buffers since this
>> happens only when scanning large networks (/22 or above).
>> 
>> Is there any /proc settings I could tweak to fix the issue ? I'm using
>> Openvas on kali linux.
> 
> Usually if shell the commands take very long, you see 100% CPU loads.
> Maybe your disk IO?
> 
> -- 
> Dr. Jan-Oliver Wagner |  +49-541-335084-0  |  http://www.greenbone.net/
> Greenbone Networks GmbH, Neuer Graben 17, 49074 Osnabrück | AG Osnabrück, HR 
> B 
> 202460
> Geschäftsführer: Lukas Grunwald, Dr. Jan-Oliver Wagner
> ___
> Openvas-discuss mailing list
> Openvas-discuss@wald.intevation.org
> https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss

___
Openvas-discuss mailing list
Openvas-discuss@wald.intevation.org
https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss

Re: [Openvas-discuss] scans take forever - sometimes...

2016-11-15 Thread Fábio Fernandes 
It has happened to me too. Analyzing further with tcpdump and strace i could 
see that the retry speed rate seemed to be lower (maybe due to nmap adapting to 
the conditions of the network like weak connection or firewalls) but the same 
nmap command would finish in 15 to 20 minutes. I tried changing the timing 
options in the nmap portscanning plugin but never could confirm if it 
completely solved the issue as it happened only sometimes.

Fabio
 
> No dia 10/11/2016, às 06:10, Christian Fischer 
>  escreveu:
> 
> Hi,
> 
> On 09.11.2016 22:48, fschnit...@execulink.com wrote:
>> A good understanding
>> of this behaviour would be great.
> 
> the nmap.nasl is just a "wrapper" of nmap and is calling plain nmap so
> you might need to dig into nmap itself to see why it is sometimes faster
> and the other time not.
> 
> Regards,
> 
> -- 
> 
> Christian Fischer | PGP Key: 0x54F3CE5B76C597AD
> Greenbone Networks GmbH | http://greenbone.net
> Neuer Graben 17, 49074 Osnabrück, Germany | AG Osnabrück, HR B 202460
> Geschäftsführer: Lukas Grunwald, Dr. Jan-Oliver Wagner
> ___
> Openvas-discuss mailing list
> Openvas-discuss@wald.intevation.org
> https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss

___
Openvas-discuss mailing list
Openvas-discuss@wald.intevation.org
https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss

Re: [Openvas-discuss] severity N/A

2016-11-05 Thread Fábio Fernandes 
Ubuntu installation?

Fabio

> No dia 05/11/2016, às 04:10, kalin m  escreveu:
> 
>  and dirty scan - the default. the status is changed to "Running" and then 18 
> seconds later to "Done". but nothing is really done. the interface has this 
> column "severity" that reads N/A. and that's it. not much of a scan results...

___
Openvas-discuss mailing list
Openvas-discuss@wald.intevation.org
https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss

Re: [Openvas-discuss] Custom report formats in openvas

2016-10-23 Thread Fábio Fernandes 
Yes i solved it. It seems like you had a problem with signatures but you solved 
it.

Fabio

> No dia 18/10/2016, às 10:34, Ebert, Christian <christian.eb...@qsc.de> 
> escreveu:
> 
> Hi,
>  
> I’m using a modified version of the original HTML roport format, sorted by 
> vulnerability instead of hosts.
>  
> But finally I could solve the problems.
>  
> What kind of report did you use? Did you solve your problems? Maybe I could 
> give some hints.
>  
> Best regards
>  
> Christian
>  
> Von: Fábio Fernandes [mailto:fabiogfernan...@gmail.com] 
> Gesendet: Donnerstag, 13. Oktober 2016 18:13
> An: Ebert, Christian
> Cc: openvas-discuss@wald.intevation.org
> Betreff: Re: [Openvas-discuss] Custom report formats in openvas
>  
> I had some problems importing report formats too. Can you tell what is the 
> report format you are using?
>  
> Fabio
>  
> No dia 13/10/2016, às 15:45, Ebert, Christian <christian.eb...@qsc.de 
> <mailto:christian.eb...@qsc.de>> escreveu:
>  
> Hi everyone,
>  
> did anybody manage to create and install custom report formats in OpenVAS 8.0?
>  
> I’m completely lost.
>  
> I followed the instructions in:
>  
> https://svn.wald.intevation.org/svn/openvas/trunk/openvas-manager/doc/report-format-HOWTO
>  
> <https://svn.wald.intevation.org/svn/openvas/trunk/openvas-manager/doc/report-format-HOWTO>
>  
> and
>  
> http://www.openvas.org/trusted-nvts.html 
> <http://www.openvas.org/trusted-nvts.html>
>  
> The report gets installed, but it is not flagged as trusted. I can activate 
> it, but the report_format does not appear in the drop-down box, when 
> selecting a report format.
>  
> Please help!
>  
> TIA
>  
> Christian Ebert
> Chief Security Analyst, CISM, T.I.S.P.
> Head of Penetration Testing
>  
> QSC AG
> Mathias-Brüggen-Straße 55
> 50829 Köln
>  
> T   +49 221 669-8950
> F   +49 221 669-85950
> M   +49 163 6698950
> christian.eb...@qsc.de 
> http://www.qsc.de <http://www.qsc.de/>
>  
> Besuchen Sie auch unser Blog unter http://blog.qsc.de <http://blog.qsc.de/>
> Bitte finden Sie hier die handelsrechtlichen Pflichtangaben:
> http://www.qsc.de/pflichtangaben <http://www.qsc.de/pflichtangaben>
>  
> ___
> Openvas-discuss mailing list
> Openvas-discuss@wald.intevation.org 
> <mailto:Openvas-discuss@wald.intevation.org>
> https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss 
> <https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss>
___
Openvas-discuss mailing list
Openvas-discuss@wald.intevation.org
https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss

Re: [Openvas-discuss] Custom report formats in openvas

2016-10-13 Thread Fábio Fernandes 
I had some problems importing report formats too. Can you tell what is the 
report format you are using?

Fabio

> No dia 13/10/2016, às 15:45, Ebert, Christian  
> escreveu:
> 
> Hi everyone,
>  
> did anybody manage to create and install custom report formats in OpenVAS 8.0?
>  
> I’m completely lost.
>  
> I followed the instructions in:
>  
> https://svn.wald.intevation.org/svn/openvas/trunk/openvas-manager/doc/report-format-HOWTO
>  
> 
>  
> and
>  
> http://www.openvas.org/trusted-nvts.html 
> 
>  
> The report gets installed, but it is not flagged as trusted. I can activate 
> it, but the report_format does not appear in the drop-down box, when 
> selecting a report format.
>  
> Please help!
>  
> TIA
>  
> Christian Ebert
> Chief Security Analyst, CISM, T.I.S.P.
> Head of Penetration Testing
>  
> QSC AG
> Mathias-Brüggen-Straße 55
> 50829 Köln
>  
> T   +49 221 669-8950
> F   +49 221 669-85950
> M   +49 163 6698950
> christian.eb...@qsc.de 
> http://www.qsc.de 
>  
> Besuchen Sie auch unser Blog unter http://blog.qsc.de 
> Bitte finden Sie hier die handelsrechtlichen Pflichtangaben:
> http://www.qsc.de/pflichtangaben 
>  
> ___
> Openvas-discuss mailing list
> Openvas-discuss@wald.intevation.org 
> 
> https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss 
> 
___
Openvas-discuss mailing list
Openvas-discuss@wald.intevation.org
https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss

Re: [Openvas-discuss] Using OpenVAS in a windows-only environment

2016-10-13 Thread Fábio Fernandes 
Paul i think that there ate 3 points in your question that are creating some 
ambiguity.
First you say that:

> We are a Microsoft shop with windows servers and workstations. I would
> like to try using OpenVAS to scan the network for vulnerabilities

That is possible with OpenVAS or if you need professional support you can 
contract Greenbone that as Jan-Oliver said is the commercial vendor for OpenVAS.

> but
> download links seem to suggest that download is only OMP CLI client.

From this part i suppose you want install it in Windows and that is not 
possible since OpenVAS is a Linux based solution.

> What does this exactly mean? Can OpenVAS could be used for vulnerability
> scanning in a windows-only environment

This means that you need an Linux machine or Linux virtual machine if you only 
have Windows installations to run OpenVAS.
Although i think it will run better if it’s not running in an virtual machine. 
You can install OpenVAS on a separate Linux machine or buy one of Greenbone 
appliances that already have it installed and configured.
Alternatively you can use an Linux virtual machine and install OpenVAS on it 
(or use the one on the site although it is not recommended for production) or 
buy Greenbone virtual machine solution with OpenVAS already configured.
From an OpenVAS installation you can test Windows machines and different 
flavors of Linux for vulnerabilities.

Fabio

> No dia 13/10/2016, às 08:03, Jan-Oliver Wagner 
>  escreveu:
> 
> Am Donnerstag, 13. Oktober 2016, 03:12:26 schrieb Eero Volotinen:
>> it means that you need virtual environment like virtualbox with linux to
>> run openvas.
>> 
>> or buy commercial product like tenable nessus
> 
> I do realize that there is need to better communicate that the commercial
> alternative to OpenVAS is the Greenbone product series, the Greenbone
> Security Manager appliances.
> 
> After all, using OpenVAS as a start and when it comes to professional setup
> not bying Greenbone does not help the OpenVAS community.
> 
> I have a couple of ideas how to improve the visibility of Greenbone as the
> commercial vendor of OpenVAS and at the same time continue to provide a
> transparent GPLed solution to the community. The first idea is to derive a
> "Community Edition" from our GSM ONE to replace the "OpenVAS Demo VM". This
> will make it far easier to try out OpenVAS at no costs and without any
> obligations and at the same time provides a clear hint about the commercial
> option.
> 
> 
> Best regards
> 
> 
> -- 
> Dr. Jan-Oliver Wagner |  +49-541-335084-0  |  http://www.greenbone.net/
> Greenbone Networks GmbH, Neuer Graben 17, 49074 Osnabrück | AG Osnabrück, HR 
> B 
> 202460
> Geschäftsführer: Lukas Grunwald, Dr. Jan-Oliver Wagner
> ___
> Openvas-discuss mailing list
> Openvas-discuss@wald.intevation.org
> https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss

___
Openvas-discuss mailing list
Openvas-discuss@wald.intevation.org
https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss

Re: [Openvas-discuss] INTERNAL ERROR IN GSA

2016-10-11 Thread Fábio Fernandes 
If the task is blocked in requested try this:

Erase OpenVAS data in Redis.

root@kali:/etc/openvas# redis-cli -s /var/lib/redis/redis.sock

redis
/var/lib/redis/redis.sock> keys *
1) "OpenVAS.__GlobalDBIndex"
redis /var/lib/redis/redis.sock> del OpenVAS.__GlobalDBIndex
(integer) 1

Fabio

> No dia 11/10/2016, às 09:52, Παναγιώτης Λεόντιος  
> escreveu:
> 
> Dear Michael,
> 
> Following my last email below, I run a new task with everything left to 
> default (Scan config: discovery) and it stuck to "Requested"; never continued 
> to a percentage.
> Of course, when requested the current report, it produced the known internal 
> error :(
> 
> P.S. One more thing; when I run "openvas-start" in my command line before 
> GSA, it produces an error saying that manager daemon cannot run.
> After running "openvasmd" and then "openvas-start", everything is OK (checked 
> by "openvas-check-setup" and "systemctl status openvas-manager.service").
> 
> Panagiotis Leontios
> Business Engineer | Project Manager | Consultant
> BEng, DIC, MSc, MBA
> 
> M: +30 6977 976269
> E: leonti...@ath.forthnet.gr 
> B: pleontios.wordpress.com 
> L: www.linkedin.com/in/leontios 
> T: @pleontios
> -Original Message-
> From: Παναγιώτης Λεόντιος [mailto:leonti...@ath.forthnet.gr 
> ] 
> Sent: Tuesday, October 11, 2016 11:17 AM
> To: 'michael.eiss...@greenbone.net '
> Cc: 'openvas-discuss@wald.intevation.org 
> '
> Subject: RE: [Openvas-discuss] INTERNAL ERROR IN GSA
> 
> Dear Michael, thanks again for your response.
> 
> Actually, in the screenshot was the error message:
> 
> “INTERNAL ERROR: GET_REPORT:12102 (GSA 6.0.10) ...
> Diagnostics: Failure to receive response from Manager Daemon"
> 
> The target IPs, Portlist, AliveCheck is set to default;  Scan is set to Fast 
> and Full. Actually, just created a new task with defaults; Only Fast and Full 
> was set differently. 
> 
> YES, I run it on Vbox (5.1.6) with default configuration as provided by 
> official .ova file (kali-linux-i686) -ram 2048, 2 CPUs, etc.
> 
> (*) I don’t understand that htop thing though.
> (*) I will try to run the task starting by " Full and Very Deep Ultimate scan 
> configuration " according to your link and let you know.
> (*) I have all the updates, dist-upgrades done, as well as openvas recent 
> install, and check-setup resulted OK.
> 
> Panos
> 
> 
> -Original Message-
> From: michael.eiss...@greenbone.net  
> [mailto:michael.eiss...@greenbone.net ]
> Sent: Monday, October 10, 2016 7:01 PM
> To: Παναγιώτης Λεόντιος
> Cc: openvas-discuss@wald.intevation.org 
> 
> Subject: RE: [Openvas-discuss] INTERNAL ERROR IN GSA
> 
> Dear Panos,
> 
> i am sorry, but unfortunately i am unable to view your screenshots as 
> something (probably on my side, limited environment) breaks them.
> If they contain no further sensitive information, you could maybe upload them 
> at an imagehoster (directupload.net i.e.) and send me the link?
> 
> Just to be clear about that- could you maybe be affected by this
> Problem: https://bugs.kali.org/view.php?id=3055  ?
> If yes, use a different Scanconfig (start minimalistic with "Discovery" 
> for example, then go with "Full and Fast").
> 
> In general, some more details about how you have setup your scan could be of 
> help.
> (i.e. how many target ip's are scanned, what Portlist is being used, what 
> AliveCheck, Scanconfig, etc.).
> 
> Please also provide the following: a screenshot of htop, which has been 
> filtered before to "openvas" (you can filter in htop by hitting the "F4" 
> key).
> 
> If you run this as a VirtualMachine, ensure that you have allocated enough 
> hardware ressources to the vm.
> 
> Kind Regards,
> Michael Eissele.
> 
> 
> 
> 
> On 10.10.2016 17:05, Παναγιώτης Λεόντιος wrote:
>> Thank you Michael.
>> 
>> Yes, I have run "openvas-check-setup" script and it reported OK.
>> 
>> Also, please see below my current state of the problem:
>> 
>> Well, I have successfully completed an installation of Kali 32 in 
>> Vbox, installed openvas, checked its setup and run GSA.
>> 
>> When running my first task, it freezes in requested mode and 
>> additionally, when pressing on the bar to get a report the following 
>> error message is produced
>> 
>> Thank you in advance.
>> 
>> P.S. I have installed kali 32 perfectly OK on a USB (in persistence 
>> mode), and also the demo in the same VB.
>> 
>> But this one……
>> 
>> -Original Message-
>> From: michael.eiss...@greenbone.net
>> [mailto:michael.eiss...@greenbone.net]
>> Sent: Monday, October 10, 2016 6:00 PM
>> To: Παναγιώτης Λεόντιος
>> Cc: openvas-discuss@wald.intevation.org
>> Subject: RE:

Re: [Openvas-discuss] openvasmd --rebuild hangs

2016-10-10 Thread Fábio Fernandes 
It seems the redis issue. Try as Christian said or erase OpenVAS data in Redis.

root@kali:/etc/openvas# redis-cli -s /var/lib/redis/redis.sock

redis
/var/lib/redis/redis.sock> keys *
1) "OpenVAS.__GlobalDBIndex"
redis /var/lib/redis/redis.sock> del OpenVAS.__GlobalDBIndex
(integer) 1

Fabio

> No dia 10/10/2016, às 17:44, Allyn Baskerville  escreveu:
> 
> From openvas-check-setup:
>WARNING: OpenVAS Scanner is NOT running!
>SUGGEST: Start OpenVAS Scanner (openvassd).
> 
> So I tried various switches with openvassd including simply "openvassd" and
> "openvassd --listen=0.0.0.0 --port=9393". It seems to be running:
> 
> [root@scanner ~]# netstat -anp|grep open
> tcp0  0 0.0.0.0:93900.0.0.0:*   LISTEN
> 3239/openvasmd
> tcp0  0 0.0.0.0:93910.0.0.0:*   LISTEN
> 1092/openvassd: Rel
> tcp0  0 0.0.0.0:93930.0.0.0:*   LISTEN
> 2610/openvassd: Rel
> tcp6   0  0 :::9390 :::*LISTEN
> 1133/openvasmd
> 
> but the openvas-check-setup still says it's not running. I've been searching
> for a solution, but I'm stumped. This is for a CentOS 7 system. Thanks
> 
> 
> -Original Message-
> From: Openvas-discuss [mailto:openvas-discuss-boun...@wald.intevation.org]
> On Behalf Of Christian Fischer
> Sent: Monday, October 10, 2016 9:42 AM
> To: openvas-discuss@wald.intevation.org
> Subject: Re: [Openvas-discuss] openvasmd --rebuild hangs
> 
> Hi,
> 
> On 10.10.2016 16:26, Allyn Baskerville wrote:
>> openvas-check-setup 2.3.2
> 
> try to update this to the latest available 2.3.3 first which is available
> here:
> 
> https://svn.wald.intevation.org/svn/openvas/trunk/tools/openvas-check-setup
> 
>> WARNING: OpenVAS Scanner is NOT running!
> 
> The scanner needs to be running if you want to rebuild with the scanner.
> 
>> However, the rebuild hangs indefinitely here:
>> 
>> openvasmd --rebuild --progress --verbose
>> 
>> Rebuilding NVT cache... \
> 
> This sounds like the common redis issue seen quite often in the past.
> Try to edit your redis.conf and comment out all "save" statements.
> Afterwards, stop redis, remove the dump.rdb (e.g. in /var/lib/redis) and
> start redis again.
> 
> Regards,
> 
> -- 
> 
> Christian Fischer | PGP Key: 0x54F3CE5B76C597AD Greenbone Networks GmbH |
> http://greenbone.net Neuer Graben 17, 49074 Osnabrück, Germany | AG
> Osnabrück, HR B 202460
> Geschäftsführer: Lukas Grunwald, Dr. Jan-Oliver Wagner
> ___
> Openvas-discuss mailing list
> Openvas-discuss@wald.intevation.org
> https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss
> ___
> Openvas-discuss mailing list
> Openvas-discuss@wald.intevation.org
> https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss

___
Openvas-discuss mailing list
Openvas-discuss@wald.intevation.org
https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss

Re: [Openvas-discuss] Installing OpenVAS in Kali

2016-10-10 Thread Fábio Fernandes 
It is supposed to work. Something is probably wrong with your kali installation 
or you need to update the repos.

Can you give the output of the error?

Fabio

> No dia 29/09/2016, às 22:28, Niely Boyken  escreveu:
> 
> Hi
> 
> How do I install OpenVAS in Kali Linux?
> This tutorial ain't working because I ge the error the package ain't found:
> https://www.kali.org/penetration-testing/openvas-vulnerability-scanning/ 
> 
> 
> Thanks!
> ___
> Openvas-discuss mailing list
> Openvas-discuss@wald.intevation.org
> https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss

___
Openvas-discuss mailing list
Openvas-discuss@wald.intevation.org
https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss

Re: [Openvas-discuss] OpenVAS Error

2016-10-10 Thread Fábio Fernandes 
HI,

This seems strange to appear in the setup check "log_init():open : Permission 
denied” .

Try running it as root or with sudo.

Check if your installation of sqlite is ok.

Fabio

> No dia 10/10/2016, às 09:19, Jeremiah Pabiona  
> escreveu:
> 
> Dear Madame/Sir,
> 
> Good day. I am trying to setup OpenVAS in a Ubuntu Server. Upon executing the 
> command ./openvas-check-setup --server, I stumbled upon the ERROR: No OpenVAS 
> Manager database found. (Tried: /var/lib/openvas/mgr/tasks.db). 
> 
> To fix this it suggested this line: FIX: Run 'openvasmd --rebuild' while 
> OpenVAS Scanner is running.
> 
> So, I run that command and still the same error appears. 
> 
> Also attached is the log-file under (/tmp/openvas-check-setup.log)
> 
> 
> Looking forward for your response. Thank you. 
> 
> 
> Cheers,
> Jeremiah C. Pabiona
> 
> 
> ___
> Openvas-discuss mailing list
> Openvas-discuss@wald.intevation.org
> https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss

___
Openvas-discuss mailing list
Openvas-discuss@wald.intevation.org
https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss

Re: [Openvas-discuss] how to restart a stopped task in omp cli

2016-10-07 Thread Fábio Fernandes 
Maybe lead to inconsistent database? Sometimes when i stop a task in GSA while 
the machine running OpenVAS is under high load GSA returns error 503. I can 
only solve it by cleaning the scanner Redis database.

Fabio

> No dia 07/10/2016, às 10:14, Eero Volotinen <eero.voloti...@iki.fi> escreveu:
> 
> .. or just killing running openvas processes, but it's a bit brutal way to 
> stop openvas..
> 
> Eero
> 
> 2016-10-07 11:57 GMT+03:00 Fábio Fernandes <fabiogfernan...@gmail.com 
> <mailto:fabiogfernan...@gmail.com>>:
> You need to stop the task then start it. I think there is no direct way to do 
> that because stopping a task takes some time. I think the simplest way is to 
> create a small script that starts by sending the stop command then waits for 
> the state of the task to be stopped.
> 
> Fabio.
> 
>> No dia 07/10/2016, às 09:28, Shreyas M R <shreyas7...@gmail.com 
>> <mailto:shreyas7...@gmail.com>> escreveu:
>> 
>> Hi,
>> I have tried both before and it didnt yield any value for me.
>> 
>> I'm getting bogus command, status=400
>> 
>> regards,
>> Shreyas
>> 
>>  
>> 
>>      
>> Shreyas M R
>> about.me/shreyasmrs
>>  <http://about.me/shreyasmrs?promo=email_sig>
>>  
>> 
>> On Fri, Oct 7, 2016 at 1:18 PM, Gaurav Sharma <gvsha...@gmail.com 
>> <mailto:gvsha...@gmail.com>> wrote:
>> There are 2 things you can do
>> 
>> Restart - Start again and Resume - start from point of pause.
>> 
>>  omp -u  -w  --xml=''
>> 
>>  omp -u  -w  --start-task '
>> 
>> Regards,
>> Gaurav
>> 
>> 
>> On Fri, Oct 7, 2016 at 12:30 PM, Shreyas M R <shreyas7...@gmail.com 
>> <mailto:shreyas7...@gmail.com>> wrote:
>> Hi,
>> 
>> I want to know the command to restart omp cli to restart the task either in 
>> xml or in omp normal format
>> 
>> Thanks and regards,
>>  
>> 
>>      
>> Shreyas M R
>> about.me/shreyasmrs
>>  <http://about.me/shreyasmrs?promo=email_sig>
>>  
>> 
>> ___
>> Openvas-discuss mailing list
>> Openvas-discuss@wald.intevation.org 
>> <mailto:Openvas-discuss@wald.intevation.org>
>> https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss 
>> <https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss>
>> 
>> 
>> ___
>> Openvas-discuss mailing list
>> Openvas-discuss@wald.intevation.org 
>> <mailto:Openvas-discuss@wald.intevation.org>
>> https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss 
>> <https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss>
> 
> ___
> Openvas-discuss mailing list
> Openvas-discuss@wald.intevation.org 
> <mailto:Openvas-discuss@wald.intevation.org>
> https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss 
> <https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss>
___
Openvas-discuss mailing list
Openvas-discuss@wald.intevation.org
https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss

Re: [Openvas-discuss] how to restart a stopped task in omp cli

2016-10-07 Thread Fábio Fernandes 
You need to stop the task then start it. I think there is no direct way to do 
that because stopping a task takes some time. I think the simplest way is to 
create a small script that starts by sending the stop command then waits for 
the state of the task to be stopped.

Fabio.

> No dia 07/10/2016, às 09:28, Shreyas M R  escreveu:
> 
> Hi,
> I have tried both before and it didnt yield any value for me.
> 
> I'm getting bogus command, status=400
> 
> regards,
> Shreyas
> 
>  
> 
>       
> Shreyas M R
> about.me/shreyasmrs
>   
>  
> 
> On Fri, Oct 7, 2016 at 1:18 PM, Gaurav Sharma  > wrote:
> There are 2 things you can do
> 
> Restart - Start again and Resume - start from point of pause.
> 
>  omp -u  -w  --xml=''
> 
>  omp -u  -w  --start-task '
> 
> Regards,
> Gaurav
> 
> 
> On Fri, Oct 7, 2016 at 12:30 PM, Shreyas M R  > wrote:
> Hi,
> 
> I want to know the command to restart omp cli to restart the task either in 
> xml or in omp normal format
> 
> Thanks and regards,
>  
> 
>       
> Shreyas M R
> about.me/shreyasmrs
>   
>  
> 
> ___
> Openvas-discuss mailing list
> Openvas-discuss@wald.intevation.org 
> 
> https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss 
> 
> 
> 
> ___
> Openvas-discuss mailing list
> Openvas-discuss@wald.intevation.org
> https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss

___
Openvas-discuss mailing list
Openvas-discuss@wald.intevation.org
https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss

Re: [Openvas-discuss] Overrides management questions

2016-10-06 Thread Fábio Fernandes 
Nice, it finally worked. Maybe someone can fix the documentation it is 
confusing.

Fabio

> No dia 06/10/2016, às 12:48, tatooin <tato...@free.fr> escreveu:
> 
> Hi Fabio,
> 
> You just saved my day ! :-)
> It works perfectly. I was just missing the apply_overrides attribute !
> 
> Now with this, overrides applied in GSA are effective in the reports
> generated via omp.
> 
> Thank you so much !
> 
> 
> On Thu, 2016-10-06 at 11:56 +0100, Fábio Fernandes wrote:
>> Hi i think i discovered the solution although i’m not using omp. I tested 
>> the command get_reports with the attribute apply_overrides=“1” and the 
>> overrides were applied.
>> What command are you using in omp?
>> 
>> Fabio
>> 
>>> No dia 06/10/2016, às 11:32, tatooin <tato...@free.fr> escreveu:
>>> 
>>> Hi Fabio,
>>> 
>>> Thank you, as indeed this was the right syntax to use ! And the newly
>>> created override is properly seen by GSA.
>>> 
>>> However the problem unfortunately remains. If I generate reports from
>>> omp, the overrides are still not applied in the generated csv files. I
>>> start to believe it's a bug with openvas-manager. Or is there any
>>> specific omp command to force overrides being applied to reports ? 
>>> 
>>> Thanks
>>> 
>>> On Thu, 2016-10-06 at 02:31 +0100, Fábio Fernandes wrote:
>>>> Ok i found how to do it now. Set severity to -1.0.
>>>> 
>>>> Fabio
>>>> 
>>>>> No dia 06/10/2016, às 02:26, Fábio Fernandes <fabiogfernan...@gmail.com> 
>>>>> escreveu:
>>>>> 
>>>>> I tried your example but never managed to set an override with threat 
>>>>> “False Positive”.
>>>>> Try this:
>>>>> 
>>>>> 
>>>>> This is actually of little concern.
>>>>> 
>>>>> 0.0
>>>>> 
>>>>> 
>>>>> 
>>>>> Fabio
>>>>> 
>>>>>> No dia 01/10/2016, às 08:01, tato...@free.fr escreveu:
>>>>>> 
>>>>>> Hello,
>>>>>> 
>>>>>> There is really nobody able to answer the issue below ? I find hard to 
>>>>>> believe that none of the experts in this group don't have a clue on this.
>>>>>> I'm just trying to set an override !!
>>>>>> 
>>>>>> Thanks 
>>>>>> 
>>>>>> - Mail original -
>>>>>> De: tato...@free.fr
>>>>>> À: "Fábio Fernandes" <fabiogfernan...@gmail.com>
>>>>>> Cc: openvas-discuss@wald.intevation.org
>>>>>> Envoyé: Mercredi 28 Septembre 2016 09:17:35
>>>>>> Objet: Re: [Openvas-discuss] Overrides management questions
>>>>>> 
>>>>>> The problem is that the documentation is impossible to understand if 
>>>>>> you're not a developper yourself or an xml expert...
>>>>>> 
>>>>>> I tried with the following xml:
>>>>>> 
>>>>>> 
>>>>>> This is actually of little concern.
>>>>>> 
>>>>>> False Positive
>>>>>> 
>>>>>> 
>>>>>> 
>>>>>> Same error:
>>>>>> 
>>>>>> >>>>> status="500">
>>>>>> 
>>>>>> :-(
>>>>>> 
>>>>>> - Mail original -
>>>>>> De: "Fábio Fernandes" <fabiogfernan...@gmail.com>
>>>>>> À: tato...@free.fr
>>>>>> Cc: "matthew mundell" <matthew.mund...@greenbone.net>, 
>>>>>> openvas-discuss@wald.intevation.org
>>>>>> Envoyé: Mercredi 28 Septembre 2016 01:55:23
>>>>>> Objet: Re: [Openvas-discuss] Overrides management questions
>>>>>> 
>>>>>> There seems to be a problem with your request but the error code seems 
>>>>>> suspicious.
>>>>>> Task should be: >>>>>> status="500">
>>>>>>> 
>>>>>>> tnx
>>>>>>> 
>>>>>>> - Mail original -
>>>>>>> De: tato...@free.fr
>>>>>>> À: "matthew mundell" <matthew.mund...@greenb

Re: [Openvas-discuss] Overrides management questions

2016-10-06 Thread Fábio Fernandes 
Hi i think i discovered the solution although i’m not using omp. I tested the 
command get_reports with the attribute apply_overrides=“1” and the overrides 
were applied.
What command are you using in omp?

Fabio

> No dia 06/10/2016, às 11:32, tatooin <tato...@free.fr> escreveu:
> 
> Hi Fabio,
> 
> Thank you, as indeed this was the right syntax to use ! And the newly
> created override is properly seen by GSA.
> 
> However the problem unfortunately remains. If I generate reports from
> omp, the overrides are still not applied in the generated csv files. I
> start to believe it's a bug with openvas-manager. Or is there any
> specific omp command to force overrides being applied to reports ? 
> 
> Thanks
> 
> On Thu, 2016-10-06 at 02:31 +0100, Fábio Fernandes wrote:
>> Ok i found how to do it now. Set severity to -1.0.
>> 
>> Fabio
>> 
>>> No dia 06/10/2016, às 02:26, Fábio Fernandes <fabiogfernan...@gmail.com> 
>>> escreveu:
>>> 
>>> I tried your example but never managed to set an override with threat 
>>> “False Positive”.
>>> Try this:
>>> 
>>> 
>>> This is actually of little concern.
>>> 
>>> 0.0
>>> 
>>> 
>>> 
>>> Fabio
>>> 
>>>> No dia 01/10/2016, às 08:01, tato...@free.fr escreveu:
>>>> 
>>>> Hello,
>>>> 
>>>> There is really nobody able to answer the issue below ? I find hard to 
>>>> believe that none of the experts in this group don't have a clue on this.
>>>> I'm just trying to set an override !!
>>>> 
>>>> Thanks 
>>>> 
>>>> - Mail original -
>>>> De: tato...@free.fr
>>>> À: "Fábio Fernandes" <fabiogfernan...@gmail.com>
>>>> Cc: openvas-discuss@wald.intevation.org
>>>> Envoyé: Mercredi 28 Septembre 2016 09:17:35
>>>> Objet: Re: [Openvas-discuss] Overrides management questions
>>>> 
>>>> The problem is that the documentation is impossible to understand if 
>>>> you're not a developper yourself or an xml expert...
>>>> 
>>>> I tried with the following xml:
>>>> 
>>>> 
>>>> This is actually of little concern.
>>>> 
>>>> False Positive
>>>> 
>>>> 
>>>> 
>>>> Same error:
>>>> 
>>>> >>> status="500">
>>>> 
>>>> :-(
>>>> 
>>>> - Mail original -
>>>> De: "Fábio Fernandes" <fabiogfernan...@gmail.com>
>>>> À: tato...@free.fr
>>>> Cc: "matthew mundell" <matthew.mund...@greenbone.net>, 
>>>> openvas-discuss@wald.intevation.org
>>>> Envoyé: Mercredi 28 Septembre 2016 01:55:23
>>>> Objet: Re: [Openvas-discuss] Overrides management questions
>>>> 
>>>> There seems to be a problem with your request but the error code seems 
>>>> suspicious.
>>>> Task should be: >>>> status="500">
>>>>> 
>>>>> tnx
>>>>> 
>>>>> - Mail original -
>>>>> De: tato...@free.fr
>>>>> À: "matthew mundell" <matthew.mund...@greenbone.net>
>>>>> Cc: openvas-discuss@wald.intevation.org
>>>>> Envoyé: Lundi 26 Septembre 2016 17:15:26
>>>>> Objet: Re: [Openvas-discuss] Overrides management questions
>>>>> 
>>>>> Well, then I get an "internal error" message...
>>>>> 
>>>>> >>>> status="500">
>>>>> 
>>>>> I tried with your example:
>>>>> 
>>>>> 
>>>>> This is actually of little concern.
>>>>> 
>>>>> False Positive
>>>>> a06cbabd-0cd4-4604-a58d-f831d9c7ec29
>>>>> any
>>>>> 
>>>>> 
>>>>> Please clarify what I am doing wrong, I'm a bit lost with the syntax.
>>>>> 
>>>>> Thanks
>>>>> 
>>>>> - Mail original -
>>>>> De: "mattm" <matthew.mund...@greenbone.net>
>>>>> À: tato...@free.fr
>>>>> Cc: "Fábio Fernandes" <fabiogfernan...@gmail.com>, 
>>>>> openvas-discuss@wald.intevation.org
>>>>> Envoyé: Lundi 26 Septembre 2016 14:50:20
>>>>> Objet: Re: [Openvas-discuss]

Re: [Openvas-discuss] Report Output To Server Location

2016-10-06 Thread Fábio Fernandes 
That solution will work for Jonas i think.

Thanks again Eero.

Fabio

> No dia 06/10/2016, às 09:34, Eero Volotinen <eero.voloti...@iki.fi> escreveu:
> 
> Well, not really. omp works with remote network connection also or just use 
> network mount .. like fuse-ssh
> 
> Eero
> 
> 2016-10-06 11:29 GMT+03:00 Fábio Fernandes <fabiogfernan...@gmail.com 
> <mailto:fabiogfernan...@gmail.com>>:
> Yes but he still needs some kind of application or code to put the report in 
> the remote Linux server filesystem.
> 
> Thanks Eero.
> 
> Fabio
> 
>> No dia 06/10/2016, às 09:25, Eero Volotinen <eero.voloti...@iki.fi 
>> <mailto:eero.voloti...@iki.fi>> escreveu:
>> 
>> Well, just launch task with omp and monitor progress with omp. After task is 
>> finished, just extract raports with omp.
>> 
>> Eero
>> 
>> 2016-10-06 11:18 GMT+03:00 Fábio Fernandes <fabiogfernan...@gmail.com 
>> <mailto:fabiogfernan...@gmail.com>>:
>> Eero i can’t see how you can do this automatically with omp. Can you 
>> describe an example?
>> 
>> Fabio
>> 
>>> No dia 06/10/2016, às 06:42, Eero Volotinen <eero.voloti...@iki.fi 
>>> <mailto:eero.voloti...@iki.fi>> escreveu:
>>> 
>>> Well, you could use omp to do this. 
>>> 
>>> Eero
>>> 
>>> 2016-10-06 4:45 GMT+03:00 Fábio Fernandes <fabiogfernan...@gmail.com 
>>> <mailto:fabiogfernan...@gmail.com>>:
>>> I can only see 2 ways you can do this:
>>> 
>>> Send the report via email and have some script in the server to receive 
>>> emails and extract the attachment.
>>> 
>>> Use the "Send to host” method and have some application in the Linux server 
>>> reading it and putting it in the folder.
>>> 
>>> Never tried “Send to host” method but it seems the simplest.
>>> 
>>> Maybe someone has a simpler idea but i’m only seeing this options.
>>> 
>>> Fabio
>>> 
>>>> No dia 05/10/2016, às 16:21, Turner,Jonas <jotur...@hcr-manorcare.com 
>>>> <mailto:jotur...@hcr-manorcare.com>> escreveu:
>>>> 
>>>> I looked at the alerts to output the report to a folder on the server, but 
>>>> is there any quick documentation or someone can give me the best tip to do 
>>>> this?  I want all the jobs to export their reports in XML format to a 
>>>> folder on the Linux server somewhere.  I can’t seem to get it to work that 
>>>> way.
>>>>  
>>>> 
>>>> CONFIDENTIALITY NOTICE The information contained in this transmission is 
>>>> intended only for the person or entity to which it is addressed and may 
>>>> contain confidential and/or privileged material. If you are not the 
>>>> intended recipient of this information, do not review, retransmit, 
>>>> disclose, disseminate, use, or take any action in reliance upon, this 
>>>> information. If you received this transmission in error, please contact 
>>>> the sender, destroy all printed copies, and delete the material from all 
>>>> computers.   ­­   ___
>>>> Openvas-discuss mailing list
>>>> Openvas-discuss@wald.intevation.org 
>>>> <mailto:Openvas-discuss@wald.intevation.org>
>>>> https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss 
>>>> <https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss>
>>> 
>>> ___
>>> Openvas-discuss mailing list
>>> Openvas-discuss@wald.intevation.org 
>>> <mailto:Openvas-discuss@wald.intevation.org>
>>> https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss 
>>> <https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss>
>>> 
>>> ___
>>> Openvas-discuss mailing list
>>> Openvas-discuss@wald.intevation.org 
>>> <mailto:Openvas-discuss@wald.intevation.org>
>>> https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss 
>>> <https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss>
>> 
> 
> 

___
Openvas-discuss mailing list
Openvas-discuss@wald.intevation.org
https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss

Re: [Openvas-discuss] Report Output To Server Location

2016-10-06 Thread Fábio Fernandes 
Eero i can’t see how you can do this automatically with omp. Can you describe 
an example?

Fabio

> No dia 06/10/2016, às 06:42, Eero Volotinen <eero.voloti...@iki.fi> escreveu:
> 
> Well, you could use omp to do this. 
> 
> Eero
> 
> 2016-10-06 4:45 GMT+03:00 Fábio Fernandes <fabiogfernan...@gmail.com 
> <mailto:fabiogfernan...@gmail.com>>:
> I can only see 2 ways you can do this:
> 
> Send the report via email and have some script in the server to receive 
> emails and extract the attachment.
> 
> Use the "Send to host” method and have some application in the Linux server 
> reading it and putting it in the folder.
> 
> Never tried “Send to host” method but it seems the simplest.
> 
> Maybe someone has a simpler idea but i’m only seeing this options.
> 
> Fabio
> 
>> No dia 05/10/2016, às 16:21, Turner,Jonas <jotur...@hcr-manorcare.com 
>> <mailto:jotur...@hcr-manorcare.com>> escreveu:
>> 
>> I looked at the alerts to output the report to a folder on the server, but 
>> is there any quick documentation or someone can give me the best tip to do 
>> this?  I want all the jobs to export their reports in XML format to a folder 
>> on the Linux server somewhere.  I can’t seem to get it to work that way.
>>  
>> 
>> CONFIDENTIALITY NOTICE The information contained in this transmission is 
>> intended only for the person or entity to which it is addressed and may 
>> contain confidential and/or privileged material. If you are not the intended 
>> recipient of this information, do not review, retransmit, disclose, 
>> disseminate, use, or take any action in reliance upon, this information. If 
>> you received this transmission in error, please contact the sender, destroy 
>> all printed copies, and delete the material from all computers.   ­­   
>> ___
>> Openvas-discuss mailing list
>> Openvas-discuss@wald.intevation.org 
>> <mailto:Openvas-discuss@wald.intevation.org>
>> https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss 
>> <https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss>
> 
> ___
> Openvas-discuss mailing list
> Openvas-discuss@wald.intevation.org 
> <mailto:Openvas-discuss@wald.intevation.org>
> https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss 
> <https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss>
> 
> ___
> Openvas-discuss mailing list
> Openvas-discuss@wald.intevation.org
> https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss

___
Openvas-discuss mailing list
Openvas-discuss@wald.intevation.org
https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss

Re: [Openvas-discuss] Report Output To Server Location

2016-10-05 Thread Fábio Fernandes 
I can only see 2 ways you can do this:

Send the report via email and have some script in the server to receive emails 
and extract the attachment.

Use the "Send to host” method and have some application in the Linux server 
reading it and putting it in the folder.

Never tried “Send to host” method but it seems the simplest.

Maybe someone has a simpler idea but i’m only seeing this options.

Fabio

> No dia 05/10/2016, às 16:21, Turner,Jonas  
> escreveu:
> 
> I looked at the alerts to output the report to a folder on the server, but is 
> there any quick documentation or someone can give me the best tip to do this? 
>  I want all the jobs to export their reports in XML format to a folder on the 
> Linux server somewhere.  I can’t seem to get it to work that way.
>  
> 
> CONFIDENTIALITY NOTICE The information contained in this transmission is 
> intended only for the person or entity to which it is addressed and may 
> contain confidential and/or privileged material. If you are not the intended 
> recipient of this information, do not review, retransmit, disclose, 
> disseminate, use, or take any action in reliance upon, this information. If 
> you received this transmission in error, please contact the sender, destroy 
> all printed copies, and delete the material from all computers.   ­­   
> ___
> Openvas-discuss mailing list
> Openvas-discuss@wald.intevation.org 
> 
> https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss 
> 
___
Openvas-discuss mailing list
Openvas-discuss@wald.intevation.org
https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss

Re: [Openvas-discuss] Overrides management questions

2016-10-05 Thread Fábio Fernandes 
Ok i found how to do it now. Set severity to -1.0.

Fabio

> No dia 06/10/2016, às 02:26, Fábio Fernandes <fabiogfernan...@gmail.com> 
> escreveu:
> 
> I tried your example but never managed to set an override with threat “False 
> Positive”.
> Try this:
> 
> 
>  This is actually of little concern.
>  
>  0.0
>  
> 
> 
> Fabio
> 
>> No dia 01/10/2016, às 08:01, tato...@free.fr escreveu:
>> 
>> Hello,
>> 
>> There is really nobody able to answer the issue below ? I find hard to 
>> believe that none of the experts in this group don't have a clue on this.
>> I'm just trying to set an override !!
>> 
>> Thanks 
>> 
>> - Mail original -
>> De: tato...@free.fr
>> À: "Fábio Fernandes" <fabiogfernan...@gmail.com>
>> Cc: openvas-discuss@wald.intevation.org
>> Envoyé: Mercredi 28 Septembre 2016 09:17:35
>> Objet: Re: [Openvas-discuss] Overrides management questions
>> 
>> The problem is that the documentation is impossible to understand if you're 
>> not a developper yourself or an xml expert...
>> 
>> I tried with the following xml:
>> 
>> 
>>  This is actually of little concern.
>>  
>>  False Positive
>>  
>> 
>> 
>> Same error:
>> 
>> > status="500">
>> 
>> :-(
>> 
>> - Mail original -
>> De: "Fábio Fernandes" <fabiogfernan...@gmail.com>
>> À: tato...@free.fr
>> Cc: "matthew mundell" <matthew.mund...@greenbone.net>, 
>> openvas-discuss@wald.intevation.org
>> Envoyé: Mercredi 28 Septembre 2016 01:55:23
>> Objet: Re: [Openvas-discuss] Overrides management questions
>> 
>> There seems to be a problem with your request but the error code seems 
>> suspicious.
>> Task should be: >> status="500">
>>> 
>>> tnx
>>> 
>>> - Mail original -
>>> De: tato...@free.fr
>>> À: "matthew mundell" <matthew.mund...@greenbone.net>
>>> Cc: openvas-discuss@wald.intevation.org
>>> Envoyé: Lundi 26 Septembre 2016 17:15:26
>>> Objet: Re: [Openvas-discuss] Overrides management questions
>>> 
>>> Well, then I get an "internal error" message...
>>> 
>>> 
>>> 
>>> I tried with your example:
>>> 
>>> 
>>> This is actually of little concern.
>>> 
>>> False Positive
>>> a06cbabd-0cd4-4604-a58d-f831d9c7ec29
>>> any
>>> 
>>> 
>>> Please clarify what I am doing wrong, I'm a bit lost with the syntax.
>>> 
>>> Thanks
>>> 
>>> - Mail original -
>>> De: "mattm" <matthew.mund...@greenbone.net>
>>> À: tato...@free.fr
>>> Cc: "Fábio Fernandes" <fabiogfernan...@gmail.com>, 
>>> openvas-discuss@wald.intevation.org
>>> Envoyé: Lundi 26 Septembre 2016 14:50:20
>>> Objet: Re: [Openvas-discuss] Overrides management questions
>>> 
>>>> I did some research and I tried sending the following xml command to omp 
>>>> to create an override:
>>>> 
>>>> 
>>>> This is actually of little concern.
>>>> 1.3.6.1.4.1.25623.1.0.103239
>>> 
>>> The NVT oid should be an attribute:
>>> 
>>>   
>>> 
>>> See
>>> 
>>> http://www.openvas.org/omp-6-0.html#command_create_override
>>> 
>>> The example is wrong though, I'll update it.
>>> 
>>> --
>>> Greenbone Networks GmbH
>>> Neuer Graben 17, 49074 Osnabrueck, Germany | AG Osnabrueck, HR B 202460
>>> Executive Directors: Lukas Grunwald, Dr. Jan-Oliver Wagner
>>> ___
>>> Openvas-discuss mailing list
>>> Openvas-discuss@wald.intevation.org
>>> https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss
>>> ___
>>> Openvas-discuss mailing list
>>> Openvas-discuss@wald.intevation.org
>>> https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss
>> 
>> ___
>> Openvas-discuss mailing list
>> Openvas-discuss@wald.intevation.org
>> https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss
> 

___
Openvas-discuss mailing list
Openvas-discuss@wald.intevation.org
https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss

Re: [Openvas-discuss] Overrides management questions

2016-10-05 Thread Fábio Fernandes 
I tried your example but never managed to set an override with threat “False 
Positive”.
Try this:


  This is actually of little concern.
  
  0.0
  


Fabio

> No dia 01/10/2016, às 08:01, tato...@free.fr escreveu:
> 
> Hello,
> 
> There is really nobody able to answer the issue below ? I find hard to 
> believe that none of the experts in this group don't have a clue on this.
> I'm just trying to set an override !!
> 
> Thanks 
> 
> - Mail original -
> De: tato...@free.fr
> À: "Fábio Fernandes" <fabiogfernan...@gmail.com>
> Cc: openvas-discuss@wald.intevation.org
> Envoyé: Mercredi 28 Septembre 2016 09:17:35
> Objet: Re: [Openvas-discuss] Overrides management questions
> 
> The problem is that the documentation is impossible to understand if you're 
> not a developper yourself or an xml expert...
> 
> I tried with the following xml:
> 
> 
>   This is actually of little concern.
>   
>   False Positive
>   
> 
> 
> Same error:
> 
>  status="500">
> 
> :-(
> 
> - Mail original -
> De: "Fábio Fernandes" <fabiogfernan...@gmail.com>
> À: tato...@free.fr
> Cc: "matthew mundell" <matthew.mund...@greenbone.net>, 
> openvas-discuss@wald.intevation.org
> Envoyé: Mercredi 28 Septembre 2016 01:55:23
> Objet: Re: [Openvas-discuss] Overrides management questions
> 
> There seems to be a problem with your request but the error code seems 
> suspicious.
> Task should be: > status="500">
>> 
>> tnx
>> 
>> - Mail original -
>> De: tato...@free.fr
>> À: "matthew mundell" <matthew.mund...@greenbone.net>
>> Cc: openvas-discuss@wald.intevation.org
>> Envoyé: Lundi 26 Septembre 2016 17:15:26
>> Objet: Re: [Openvas-discuss] Overrides management questions
>> 
>> Well, then I get an "internal error" message...
>> 
>> 
>> 
>> I tried with your example:
>> 
>> 
>>  This is actually of little concern.
>>  
>>  False Positive
>>  a06cbabd-0cd4-4604-a58d-f831d9c7ec29
>>  any
>> 
>> 
>> Please clarify what I am doing wrong, I'm a bit lost with the syntax.
>> 
>> Thanks
>> 
>> - Mail original -
>> De: "mattm" <matthew.mund...@greenbone.net>
>> À: tato...@free.fr
>> Cc: "Fábio Fernandes" <fabiogfernan...@gmail.com>, 
>> openvas-discuss@wald.intevation.org
>> Envoyé: Lundi 26 Septembre 2016 14:50:20
>> Objet: Re: [Openvas-discuss] Overrides management questions
>> 
>>> I did some research and I tried sending the following xml command to omp to 
>>> create an override:
>>> 
>>> 
>>>  This is actually of little concern.
>>>  1.3.6.1.4.1.25623.1.0.103239
>> 
>> The NVT oid should be an attribute:
>> 
>>
>> 
>> See
>> 
>>  http://www.openvas.org/omp-6-0.html#command_create_override
>> 
>> The example is wrong though, I'll update it.
>> 
>> --
>> Greenbone Networks GmbH
>> Neuer Graben 17, 49074 Osnabrueck, Germany | AG Osnabrueck, HR B 202460
>> Executive Directors: Lukas Grunwald, Dr. Jan-Oliver Wagner
>> ___
>> Openvas-discuss mailing list
>> Openvas-discuss@wald.intevation.org
>> https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss
>> ___
>> Openvas-discuss mailing list
>> Openvas-discuss@wald.intevation.org
>> https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss
> 
> ___
> Openvas-discuss mailing list
> Openvas-discuss@wald.intevation.org
> https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss

___
Openvas-discuss mailing list
Openvas-discuss@wald.intevation.org
https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss

Re: [Openvas-discuss] Service temporarily down

2016-09-29 Thread Fábio Fernandes 
First check if the processes are running.

openvassd
openvasmd
gsad

Then try these solution:

http://plugins.openvas.org/ova_503.txt 

If it is still not scanning try this:

https://forums.kali.org/showthread.php?29682-Openvas-Reloaded-all-the-NVTs-issue
 


> No dia 29/09/2016, às 17:00, Παναγιώτης Λεόντιος  
> escreveu:
> 
> Dear Chris,
> 
> I had exactly the same problem!
> Started with all the 503.txt stuff but no luck.
> I also did all the Debian updates and everything recommended in the OpenVAS
> Demo page.
> I also deleted my first installation and replaced it with a fresh one.
> There were some advice from several guys in here, but nothing seemed to
> work...
> At some point it worked!!!
> Honestly, there is not something specific I did and remember to tell you
> about :(
> But, keep updating everything (OS, NVTs, run 503.txt again) and hopefully it
> will eventually run.
> Alternatively, you can install the Kali packages (OVA file) in VM; it works
> with no problems whatsoever. 
> 
> Panos
> 
> -Original Message-
> From: Openvas-discuss [mailto:openvas-discuss-boun...@wald.intevation.org]
> On Behalf Of Christoph Hodel
> Sent: Thursday, September 29, 2016 6:38 PM
> To: openvas-discuss@wald.intevation.org
> Subject: [Openvas-discuss] Service temporarily down
> 
> Hi all
> 
> I still have the same problem:
> Downloaded vm from homepage with demo installation.
> All works fine, except...
> 
> Running openvas-check-setup returns " It seems like your OpenVAS
> installation is OK."
> Attached the log file of the check.
> 
> But the result for running a task is always:
> "Results of last operation: Start Task: 503 Service temporarily down"
> 
> We have already done these steps:
> http://plugins.openvas.org/ova_503.txt
> 
> Who can help? Thank to all...
> Chris
> 
> ___
> Openvas-discuss mailing list
> Openvas-discuss@wald.intevation.org
> https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss

___
Openvas-discuss mailing list
Openvas-discuss@wald.intevation.org
https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss

Re: [Openvas-discuss] GSA crashes, no log

2016-09-28 Thread Fábio Fernandes 
Try to use a version where it is not upgraded and see if that behavior persists 
maybe it’s a bug in the new version or try the Virtual Appliance from the 
OpenVAS site.

Fabio

> No dia 28/09/2016, às 08:20, tato...@free.fr escreveu:
> 
> Actually the GSAD is still running, but refusing connections to the service, 
> like if the port was no longer open. 
> 
> Tracing the process don't show any activity. It's just stalling... like it's 
> frozen. 
> 
> - Mail original -
> De: "Fábio Fernandes" <fabiogfernan...@gmail.com>
> À: tato...@free.fr
> Cc: "Reindl Harald" <h.rei...@thelounge.net>, 
> openvas-discuss@wald.intevation.org
> Envoyé: Mercredi 28 Septembre 2016 01:25:43
> Objet: Re: [Openvas-discuss] GSA crashes, no log
> 
> I don’t see anything in the log. What kind of crash is it? GSAD terminates or 
> the website gets unresponsive? 
> You said that you upgraded GSAD maybe you can try to use a version where it 
> is not upgraded and see if that behavior persists.
> 
> Fabio.
> 
>> No dia 26/09/2016, às 13:21, tato...@free.fr escreveu:
>> 
>> Hello,
>> 
>> Crash just happened again. Now I have logs but I'm afraid it won't help. 
>> Here are the last lines:
>> 
>> lib  serv:  DEBUG:2016-09-26 13h40.29 CEST:5476:send 65 from 
>> 
>> lib  serv:  DEBUG:2016-09-26 13h40.29 CEST:5476: => done
>> lib   xml:  DEBUG:2016-09-26 13h40.29 CEST:5476:asking for 1048576
>> lib   xml:  DEBUG:2016-09-26 13h40.29 CEST:5476: <= > status="200" status_text="OK">> start="1" max="-1"/>> id="20f3034c-e709-11e1-87e7-406186ea4fc5">Wizard 
>> RowsIf the number of rows in a listing is above this any 
>> wizard be hidden.3> id="20f3034c-e709-11e1-87e7-406186ea4fc5">Wizard 
>> RowsIf the number of rows in a listing is above this any 
>> wizard be 
>> hidden.3462
>> 
>> The crash time and last log time are consistent. But I don't see anything 
>> wrong. 
>> 
>> Any idea ?
>> 
>> Thanks
>> 
>> - Mail original -
>> De: "tatooin" <tato...@free.fr>
>> À: "Reindl Harald" <h.rei...@thelounge.net>
>> Cc: openvas-discuss@wald.intevation.org
>> Envoyé: Mercredi 14 Septembre 2016 16:33:56
>> Objet: Re: [Openvas-discuss] GSA crashes, no log
>> 
>> Thanks Reindl, and actually I agree with you given the number of stupid
>> issues I've struggled with since using Kali. But unfortunately, for
>> pentesting, I don't see any alternatives to kali.
>> 
>> Anyway thanks for posting your scripts, I'm using yours now. For
>> reference, the default logrotate files shipped with kali contains:
>> 
>> 
>> /var/log/openvas/gsad.log {
>> missingok
>> notifempty
>> create 640 root adm
>> daily
>> rotate 7
>> compress
>> postrotate
>>   if [ -s /var/run/gsad.pid ]; then kill -1 `cat /var/run/gsad.pid`;
>> fi
>>   openvaslogs=`ls /var/log/openvas/gsad.log.*`
>>   if [ -n "$openvaslogs" ]; then
>>   chown root:adm $openvaslogs
>>   chmod 640 $openvaslogs
>>   fi
>> endscript
>> }
>> 
>> Same for openvas manager and scanner...
>> 
>> On Wed, 2016-09-14 at 16:14 +0200, Reindl Harald wrote:
>>> 
>>> Am 14.09.2016 um 14:42 schrieb tatooin:
>>>> Yes, I understand that. But the point is; why is this broken logrotate
>>>> script shipped by default with OpenVas (and actually, GSA) on kali ?
>>> 
>>> because "kali" without ever used it seems to be a broken distribution 
>>> when they are even not capable to write a working logrotate script which 
>>> sends a SIGHUP to the process to actually get the filehandle closed
>>> 
>>> [root@openvas:~]$ cat /etc/logrotate.d/openvas-gsa
>>> # logrotate for openvas-manager
>>> /var/log/openvas/openvas-gsa.log {
>>>rotate 4
>>>weekly
>>>compress
>>>delaycompress
>>>missingok
>>>postrotate
>>>/usr/bin/killall -HUP gsad > /dev/null 2>&1 || true
>>>endscript
>>> }
>>> 
>>> [root@openvas:~]$ cat /etc/logrotate.d/openvas-manager
>>> # logrotate for openvas-manager
>>> /var/log/openvas/openvasmd.log {
>>>rotate 4
>>>weekly
>>>compress
>>>delaycompress
>>>missingok
>>>postrotate
>>>/usr/b

Re: [Openvas-discuss] Overrides management questions

2016-09-27 Thread Fábio Fernandes 
There seems to be a problem with your request but the error code seems 
suspicious.
Task should be:  status="500">
> 
> tnx
> 
> - Mail original -
> De: tato...@free.fr
> À: "matthew mundell" <matthew.mund...@greenbone.net>
> Cc: openvas-discuss@wald.intevation.org
> Envoyé: Lundi 26 Septembre 2016 17:15:26
> Objet: Re: [Openvas-discuss] Overrides management questions
> 
> Well, then I get an "internal error" message...
> 
> 
> 
> I tried with your example:
> 
> 
>   This is actually of little concern.
>   
>   False Positive
>   a06cbabd-0cd4-4604-a58d-f831d9c7ec29
>   any
> 
> 
> Please clarify what I am doing wrong, I'm a bit lost with the syntax.
> 
> Thanks
> 
> - Mail original -
> De: "mattm" <matthew.mund...@greenbone.net>
> À: tato...@free.fr
> Cc: "Fábio Fernandes" <fabiogfernan...@gmail.com>, 
> openvas-discuss@wald.intevation.org
> Envoyé: Lundi 26 Septembre 2016 14:50:20
> Objet: Re: [Openvas-discuss] Overrides management questions
> 
>> I did some research and I tried sending the following xml command to omp to 
>> create an override:
>> 
>> 
>>   This is actually of little concern.
>>   1.3.6.1.4.1.25623.1.0.103239
> 
> The NVT oid should be an attribute:
> 
> 
> 
> See
> 
>   http://www.openvas.org/omp-6-0.html#command_create_override
> 
> The example is wrong though, I'll update it.
> 
> --
> Greenbone Networks GmbH
> Neuer Graben 17, 49074 Osnabrueck, Germany | AG Osnabrueck, HR B 202460
> Executive Directors: Lukas Grunwald, Dr. Jan-Oliver Wagner
> ___
> Openvas-discuss mailing list
> Openvas-discuss@wald.intevation.org
> https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss
> ___
> Openvas-discuss mailing list
> Openvas-discuss@wald.intevation.org
> https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss

___
Openvas-discuss mailing list
Openvas-discuss@wald.intevation.org
https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss

Re: [Openvas-discuss] GSA crashes, no log

2016-09-27 Thread Fábio Fernandes 
I don’t see anything in the log. What kind of crash is it? GSAD terminates or 
the website gets unresponsive? 
You said that you upgraded GSAD maybe you can try to use a version where it is 
not upgraded and see if that behavior persists.

Fabio.

> No dia 26/09/2016, às 13:21, tato...@free.fr escreveu:
> 
> Hello,
> 
> Crash just happened again. Now I have logs but I'm afraid it won't help. Here 
> are the last lines:
> 
> lib  serv:  DEBUG:2016-09-26 13h40.29 CEST:5476:send 65 from 
> 
> lib  serv:  DEBUG:2016-09-26 13h40.29 CEST:5476: => done
> lib   xml:  DEBUG:2016-09-26 13h40.29 CEST:5476:asking for 1048576
> lib   xml:  DEBUG:2016-09-26 13h40.29 CEST:5476: <=  status="200" status_text="OK"> start="1" max="-1"/> id="20f3034c-e709-11e1-87e7-406186ea4fc5">Wizard RowsIf 
> the number of rows in a listing is above this any wizard be 
> hidden.3 id="20f3034c-e709-11e1-87e7-406186ea4fc5">Wizard RowsIf 
> the number of rows in a listing is above this any wizard be 
> hidden.3462
> 
> The crash time and last log time are consistent. But I don't see anything 
> wrong. 
> 
> Any idea ?
> 
> Thanks
> 
> - Mail original -
> De: "tatooin" 
> À: "Reindl Harald" 
> Cc: openvas-discuss@wald.intevation.org
> Envoyé: Mercredi 14 Septembre 2016 16:33:56
> Objet: Re: [Openvas-discuss] GSA crashes, no log
> 
> Thanks Reindl, and actually I agree with you given the number of stupid
> issues I've struggled with since using Kali. But unfortunately, for
> pentesting, I don't see any alternatives to kali.
> 
> Anyway thanks for posting your scripts, I'm using yours now. For
> reference, the default logrotate files shipped with kali contains:
> 
> 
> /var/log/openvas/gsad.log {
>  missingok
>  notifempty
>  create 640 root adm
>  daily
>  rotate 7
>  compress
>  postrotate
>if [ -s /var/run/gsad.pid ]; then kill -1 `cat /var/run/gsad.pid`;
> fi
>openvaslogs=`ls /var/log/openvas/gsad.log.*`
>if [ -n "$openvaslogs" ]; then
>chown root:adm $openvaslogs
>chmod 640 $openvaslogs
>fi
>  endscript
> }
> 
> Same for openvas manager and scanner...
> 
> On Wed, 2016-09-14 at 16:14 +0200, Reindl Harald wrote:
>> 
>> Am 14.09.2016 um 14:42 schrieb tatooin:
>>> Yes, I understand that. But the point is; why is this broken logrotate
>>> script shipped by default with OpenVas (and actually, GSA) on kali ?
>> 
>> because "kali" without ever used it seems to be a broken distribution 
>> when they are even not capable to write a working logrotate script which 
>> sends a SIGHUP to the process to actually get the filehandle closed
>> 
>> [root@openvas:~]$ cat /etc/logrotate.d/openvas-gsa
>> # logrotate for openvas-manager
>> /var/log/openvas/openvas-gsa.log {
>> rotate 4
>> weekly
>> compress
>> delaycompress
>> missingok
>> postrotate
>> /usr/bin/killall -HUP gsad > /dev/null 2>&1 || true
>> endscript
>> }
>> 
>> [root@openvas:~]$ cat /etc/logrotate.d/openvas-manager
>> # logrotate for openvas-manager
>> /var/log/openvas/openvasmd.log {
>> rotate 4
>> weekly
>> compress
>> delaycompress
>> missingok
>> postrotate
>> /usr/bin/killall -HUP openvasmd > /dev/null 2>&1 || true
>> endscript
>> }
>> 
>> [root@openvas:~]$ cat /etc/logrotate.d/openvas-scanner
>> # logrotate for openvas
>> /var/log/openvas/openvassd.log {
>> rotate 4
>> weekly
>> compress
>> delaycompress
>> missingok
>> postrotate
>> /usr/bin/killall -HUP openvassd > /dev/null 2>&1 || true
>> endscript
>> }
>> 
>>> Probably a question best posted to Kali forums, though
>> 
>> yes
>> ___
>> Openvas-discuss mailing list
>> Openvas-discuss@wald.intevation.org
>> https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss
> 
> 
> ___
> Openvas-discuss mailing list
> Openvas-discuss@wald.intevation.org
> https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss
> ___
> Openvas-discuss mailing list
> Openvas-discuss@wald.intevation.org
> https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss

___
Openvas-discuss mailing list
Openvas-discuss@wald.intevation.org
https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss

Re: [Openvas-discuss] OpenVAS large PDF export

2016-09-20 Thread Fábio Fernandes 
I never scanned so many hosts but if i were you i would try to download the 
report through openvas-cli or connecting directly with the OpenVAS Manager. 
Also check the GSAD and Manager logs it can give a hint to what is happening 
(remember to raise the log level to max).

Fabio

> No dia 20/09/2016, às 07:19, Eero Volotinen  escreveu:
> 
> This might be memory limit or timeout?
> 
> Eero
> 
> 2016-09-19 14:19 GMT+03:00 Schoemaker, Tijmen 
> >:
> Hello,
>  
> A large PDF export of a /23 subnet with 9971 results is not possible.
>  
> Doing a cat on the report.log from the tmp folder shows:
>  
> 
> sudo cat /tmp/tmp.zGGqzDb0VU/report.log
> This is pdfTeX, Version 3.14159265-2.6-1.40.16 (TeX Live 2015/Debian) 
> (preloaded format=pdflatex 2016.9.15)  19 SEP 2016 08:15
> entering extended mode
> restricted \write18 enabled.
> %&-line parsing enabled.
> **/tmp/tmp.zGGqzDb0VU/report.tex
> (/tmp/tmp.zGGqzDb0VU/report.tex
> LaTeX2e <2016/02/01>
> Babel <3.9q> and hyphenation patterns for 3 language(s) loaded.
> )
> ! Emergency stop.
> <*> /tmp/tmp.zGGqzDb0VU/report.tex
>  
> *** (job aborted, no legal \end found)
>  
>  
> Here is how much of TeX's memory you used:
> 6 strings out of 494953
> 208 string characters out of 6180977
> 45171 words of memory out of 500
> 3390 multiletter control sequences out of 15000+60
> 3640 words of font info for 14 fonts, out of 800 for 9000
> 14 hyphenation exceptions out of 8191
> 5i,0n,1p,1b,8s stack positions out of 5000i,500n,1p,20b,
>  
> 
>  
> The file /tmp/tmp.zGGqzDb0VU/report.tex is 0kb.
>  
> sudo ls -lt /tmp/tmp.zGGqzDb0VU/
> total 4
> -rw--- 1 nobody nogroup 920 Sep 19 10:15 report.log
> -rw--- 1 nobody nogroup   0 Sep 19 10:11 report.tex
>  
> What to do / where to look?
>  
> With kind regards,
>  
> Tijmen Schoemaker
>  
>  
>  
>  
> 
>     
> Disclaimer
> 
> De informatie verzonden met dit e-mailbericht (en bijlagen) is uitsluitend 
> bestemd voor de geadresseerde(n) en zij die van de geadresseerde(n) 
> toestemming hebben dit bericht te lezen. Gebruik door anderen dan 
> geadresseerde(n) is verboden. De informatie in dit e-mailbericht (en de 
> bijlagen) kan vertrouwelijk van aard zijn en kan binnen het bereik vallen van 
> een geheimhoudingsplicht.
> 's Heeren Loo is niet aansprakelijk voor schade ten gevolge van het gebruik 
> van elektronische middelen van communicatie, daaronder begrepen -maar niet 
> beperkt tot- schade ten gevolge van niet aflevering of vertraging bij de 
> aflevering van elektronische berichten, onderschepping of manipulatie van 
> elektronische berichten door derden of door programmatuur/apparatuur gebruikt 
> voor elektronische communicatie en overbrenging van virussen en andere 
> kwaadaardige programmatuur.
> 
> ___
> Openvas-discuss mailing list
> Openvas-discuss@wald.intevation.org 
> 
> https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss 
> 
> 
> ___
> Openvas-discuss mailing list
> Openvas-discuss@wald.intevation.org
> https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss

___
Openvas-discuss mailing list
Openvas-discuss@wald.intevation.org
https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss

Re: [Openvas-discuss] Problem running the OpenvasV8 Demo

2016-09-19 Thread Fábio Fernandes 
It seems like the installation is ok.

First check if the processes are running.

openvassd
openvasmd
gsad

Then try these solution:

http://plugins.openvas.org/ova_503.txt 

If it still is not scanning try this:

https://forums.kali.org/showthread.php?29682-Openvas-Reloaded-all-the-NVTs-issue
 


Fabio

> No dia 19/09/2016, às 23:51, Pedro D  escreveu:
> 
> Hi there,
> After running the openvas-check-setup and fixing all the errors I still can 
> not run a simple scan on one machine.
> 
> I get the :
> 
> Operation: Start Task Status code: 503 Status message: Service temporarily 
> down
> 
> attached the log file.
> 
> Can anyone help me with this issue?
> 
> thank you,
> best regards,
> ___
> Openvas-discuss mailing list
> Openvas-discuss@wald.intevation.org
> https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss

___
Openvas-discuss mailing list
Openvas-discuss@wald.intevation.org
https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss

Re: [Openvas-discuss] Overrides management questions

2016-09-15 Thread Fábio Fernandes 
I have never done that but it should’t be hard check here 
http://www.openvas.org/omp-6-0.html#command_create_override 
<http://www.openvas.org/omp-6-0.html#command_create_override> .

Fabio

> No dia 14/09/2016, às 10:59, tatooin <tato...@free.fr> escreveu:
> 
> Hi Fabio,
> 
> I'm not sure how to actually do this. Could you give an example of such
> command ?
> 
> Thank you !
> 
> On Tue, 2016-09-06 at 15:12 +0100, Fábio Fernandes wrote:
>> That is to enable overrides i was trying to say to add the override
>> with amp CLI but it is just an idea.
>> 
>> http://www.openvas.org/omp-6-0.html#command_create_override
>> 
>> 
>> Fabio
>> 
>>> No dia 06/09/2016, às 13:57, tatooin <tato...@free.fr> escreveu:
>>> 
>>> Hi Fabio,
>>> 
>>> I tried adding the override with omp (this is actually the only way
>>> I
>>> know of), using the command :
>>> 
>>> omp -h 127.0.0.1 -u admin -w "pass" -iX '>> report_id="5c9870b4-2d15-4b97-91ca-8fd6ee0a1b2b"
>>> format_id="c1645568-627a-11e3-a660-406186ea4fc5" overrides="1" />' |
>>> xmlstarlet sel -t -v get_reports_response/report/text\(\) | base64
>>> -i -d
>>>> report.csv
>>> 
>>> But I still don't get the overrides applied. :-(
>>> 
>>> Is there any other way ?
>>> 
>>> Thanks again for your help. 
>>> 
>>> On Mon, 2016-09-05 at 20:55 +0100, Fábio Fernandes wrote:
>>>> I don’t think so maybe someone can help? Have you tried to add the
>>>> override with the omp maybe it will work.
>>>> 
>>>> 
>>>> Fabio
>>>> 
>>>>> No dia 02/09/2016, às 09:24, tatooin <tato...@free.fr> escreveu:
>>>>> 
>>>>> piping an xml file directly to omp ?
>>>>> 
>>>> 
>>>> 
>>> 
>>> 
>>> 
>> 
>> 
> 
> 

___
Openvas-discuss mailing list
Openvas-discuss@wald.intevation.org
https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss

Re: [Openvas-discuss] GSA crashes, no log

2016-09-13 Thread Fábio Fernandes 
I’m not using OpenVAS Kali version anymore but you could try to increase the 
log level at "/etc/openvas/gsad_log.conf”.

[*]
prepend=%t %p
prepend_time_format=%Y-%m-%d %Hh%M.%S %Z
file=/var/log/openvas/gsad.log
level=0

Change level to “level=128” and restart GSAD then see what happens.

Fabio

> No dia 13/09/2016, às 10:21, tatooin  escreveu:
> 
> Hello,
> 
> Since I upgraded to GSA 6.0.10-0kali1, using standard Kali repos, GSA is
> crashing from times to times; in general 2 or 3 times a week. I just
> have to restart the service and it's working again. 
> 
> The logfile is empty. Is there anything I could configure on GSA side to
> check what's going on ? I don't see any particular loggings directives
> nor options if I run the daemon in the foreground with --help.
> 
> Thank you
> 
> ___
> Openvas-discuss mailing list
> Openvas-discuss@wald.intevation.org
> https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss

___
Openvas-discuss mailing list
Openvas-discuss@wald.intevation.org
https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss

Re: [Openvas-discuss] HOWTO - Setting Up Remote Scanner?

2016-09-09 Thread Fábio Fernandes 
Have you checked the Greenbone Security Manager manual present in the site?

Fábio

Em 09/09/2016 19:07, "Turner,Jonas" <jotur...@hcr-manorcare.com> escreveu:

> I did the whole openvas.  I would prefer just a scanner but I wasn't for
> sure how to go about that. :/ I guess I just want a way where I can send
> tasks from the master server to the slave scanner from one portal.
> ____
> From: Fábio Fernandes [fabiogfernan...@gmail.com]
> Sent: Friday, September 09, 2016 11:33 AM
> To: Turner,Jonas
> Cc: openvas-discuss@wald.intevation.org
> Subject: Re: [Openvas-discuss] HOWTO - Setting Up Remote Scanner?
>
> The OpenVAS installed in the test server is the scanner only or the whole
> OpenVAS? Do you want to use OpenVAS Master-Slave or OpenVAS Manager to
> multiple scanners scheme?
>
> Fabio.
>
> > No dia 09/09/2016, às 15:54, Turner,Jonas <jotur...@hcr-manorcare.com>
> escreveu:
> >
> > Are there any good documentation on setting up a remote scanner? I have
> OpenVAS installed on a test server, and I would like to be able to send
> tasks to it from my main server.  I couldn't find any documents online
> right off the get go.
> >
> >
> > ___
> > Openvas-discuss mailing list
> > Openvas-discuss@wald.intevation.org
> > https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/
> openvas-discuss
>
>
>
>
___
Openvas-discuss mailing list
Openvas-discuss@wald.intevation.org
https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss

Re: [Openvas-discuss] HOWTO - Setting Up Remote Scanner?

2016-09-09 Thread Fábio Fernandes 
The OpenVAS installed in the test server is the scanner only or the whole 
OpenVAS? Do you want to use OpenVAS Master-Slave or OpenVAS Manager to multiple 
scanners scheme?

Fabio.

> No dia 09/09/2016, às 15:54, Turner,Jonas  
> escreveu:
> 
> Are there any good documentation on setting up a remote scanner? I have 
> OpenVAS installed on a test server, and I would like to be able to send tasks 
> to it from my main server.  I couldn't find any documents online right off 
> the get go.
> 
> 
> ___
> Openvas-discuss mailing list
> Openvas-discuss@wald.intevation.org
> https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss

___
Openvas-discuss mailing list
Openvas-discuss@wald.intevation.org
https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss

Re: [Openvas-discuss] SCANNING Error Message 503

2016-09-08 Thread Fábio Fernandes 
Can you give me the output of this command?

find / | grep redis

Fabio

> No dia 08/09/2016, às 15:24, Παναγιώτης Λεόντιος <leonti...@ath.forthnet.gr> 
> escreveu:
> 
> OPENVAS -8 DEMO VM 1.0 virtual appliance generated by respective .ova file 
> downloaded from openvas.org <http://openvas.org/>
> Running on VirtualBox (5.1.4 r110228 (Qt5.5.1)) on my Windows Vista, (32) 
> SP2, DELL Laptop 2
>  
> Running in 
>  
> Panos
>  
> From: Fábio Fernandes [mailto:fabiogfernan...@gmail.com] 
> Sent: Thursday, September 08, 2016 4:30 PM
> To: Παναγιώτης Λεόντιος
> Cc: openvas-discuss@wald.intevation.org
> Subject: Re: [Openvas-discuss] SCANNING Error Message 503
>  
> No problem. Can you tell me what is your OpenVAS installation?
>  
> Fabio
>  
>> No dia 08/09/2016, às 13:56, Παναγιώτης Λεόντιος <leonti...@ath.forthnet.gr 
>> <mailto:leonti...@ath.forthnet.gr>> escreveu:
>>  
>> Dear Fabio,
>>  
>> Thanx once again for your help, but I don’t know what kali is and how it’s 
>> related to my installation of openvas.
>> Anyway, don’t wanna bother you anymore.
>>  
>> Thanx again,
>>  
>> Panos
>>  
>> From: Fábio Fernandes [mailto:fabiogfernan...@gmail.com 
>> <mailto:fabiogfernan...@gmail.com>] 
>> Sent: Thursday, September 08, 2016 1:49 PM
>> To: Παναγιώτης Λεόντιος
>> Cc: openvas-discuss@wald.intevation.org 
>> <mailto:openvas-discuss@wald.intevation.org>
>> Subject: Re: [Openvas-discuss] SCANNING Error Message 503
>>  
>> From here: 
>> https://forums.kali.org/showthread.php?29682-Openvas-Reloaded-all-the-NVTs-issue
>>  
>> <https://forums.kali.org/showthread.php?29682-Openvas-Reloaded-all-the-NVTs-issue>
>>  
>> root@kali:/etc/openvas# redis-cli -s /var/lib/redis/redis.sock
>> redis /var/lib/redis/redis.sock> keys *
>> 1) "OpenVAS.__GlobalDBIndex"
>> redis /var/lib/redis/redis.sock> del OpenVAS.__GlobalDBIndex
>> (integer) 1
>>  
>> Fabio
>> 
>> 
>> 
>> No dia 08/09/2016, às 11:44, Παναγιώτης Λεόντιος <leonti...@ath.forthnet.gr 
>> <mailto:leonti...@ath.forthnet.gr>> escreveu:
>> 
>> Thank you Fabio.
>> 
>> How can I do that? Is it recreated automatically?
>> 
>> Panos
>> 
>> -Original Message-
>> From: Fábio Fernandes [mailto:fabiogfernan...@gmail.com 
>> <mailto:fabiogfernan...@gmail.com>] 
>> Sent: Thursday, September 08, 2016 1:40 PM
>> To: Παναγιώτης Λεόντιος
>> Cc: openvas-discuss@wald.intevation.org 
>> <mailto:openvas-discuss@wald.intevation.org>
>> Subject: Re: [Openvas-discuss] SCANNING Error Message 503
>> 
>> Try erasing OpenVAS redis database.
>> 
>> Fabio
>> 
>> 
>> 
>> No dia 08/09/2016, às 08:40, Παναγιώτης Λεόντιος <leonti...@ath.forthnet.gr 
>> <mailto:leonti...@ath.forthnet.gr>> escreveu:
>> 
>> Hi there.
>> 
>> Well, just one more try in case I am lucky...
>> 
>> 1. Installed VirtualBox (5.1.4 r110228 (Qt5.5.1)) on my Windows Vista 
>> (32) SP2, DELL Laptop 2. Installed OPENVAS -8 DEMO VM 1.0 from the 
>> respective .ova file downloaded from openvas.org <http://openvas.org/> 3. 
>> Changed all the passwords as recommended (root, openvas, admin), deleted the 
>> file "/home/openvas/.ssh/authorized_keys" and updated Debian Jessie (64).
>> 4. Run GSA web interface (v. 6.0.3) on my Chrome @192.168.1.x, as 
>> instructed by openvas command line 5. Logged in as admin, and tried to run 
>> an immediate scan an ip4 address (local router 192.168.1.1 and several 
>> public ones).
>>   I GET ALL THE TIME:
>>   Operation: Start Task
>>   Status code: 503
>>   Status message: Service temporarily down 6. After advice on this 
>> channel, I run:
>>   http://plugins.openvas.org/ova_503.txt 
>> <http://plugins.openvas.org/ova_503.txt>
>>   and additionally, the following:
>> 
>> 
>> openvas-certdata-sync openvas-nvt-sync openvas-nvt-sync-cron 
>> openvas-scapdata-sync openvasmd --rebuild killall -s SIGHUP openvassd
>> 
>> BUT NO LUCK SO FAR!!!
>> 
>> ANY MORE IDEAS PLEASE? ANYONE?
>> 
>> Thanx in advance,
>> Panos
>> 
>> 
>> 
>> 
>> -Original Message-
>> From: Openvas-discuss 
>> [mailto:openvas-discuss-boun...@wald.intevation.org 
>> <mailto:openvas-discuss-boun...@wald.intevation.org>] On Behalf Of 
>> Christian Fischer
>> Sent: Monday, September 05, 2016 9:42 AM
>> To: openvas-dis

Re: [Openvas-discuss] SCANNING Error Message 503

2016-09-08 Thread Fábio Fernandes 
No problem. Can you tell me what is your OpenVAS installation?

Fabio

> No dia 08/09/2016, às 13:56, Παναγιώτης Λεόντιος <leonti...@ath.forthnet.gr> 
> escreveu:
> 
> Dear Fabio,
>  
> Thanx once again for your help, but I don’t know what kali is and how it’s 
> related to my installation of openvas.
> Anyway, don’t wanna bother you anymore.
>  
> Thanx again,
>  
> Panos
>  
> From: Fábio Fernandes [mailto:fabiogfernan...@gmail.com] 
> Sent: Thursday, September 08, 2016 1:49 PM
> To: Παναγιώτης Λεόντιος
> Cc: openvas-discuss@wald.intevation.org
> Subject: Re: [Openvas-discuss] SCANNING Error Message 503
>  
> From here: 
> https://forums.kali.org/showthread.php?29682-Openvas-Reloaded-all-the-NVTs-issue
>  
> <https://forums.kali.org/showthread.php?29682-Openvas-Reloaded-all-the-NVTs-issue>
>  
> root@kali:/etc/openvas# redis-cli -s /var/lib/redis/redis.sock
> redis /var/lib/redis/redis.sock> keys *
> 1) "OpenVAS.__GlobalDBIndex"
> redis /var/lib/redis/redis.sock> del OpenVAS.__GlobalDBIndex
> (integer) 1
>  
> Fabio
> 
> 
> No dia 08/09/2016, às 11:44, Παναγιώτης Λεόντιος <leonti...@ath.forthnet.gr 
> <mailto:leonti...@ath.forthnet.gr>> escreveu:
> 
> Thank you Fabio.
> 
> How can I do that? Is it recreated automatically?
> 
> Panos
> 
> -Original Message-
> From: Fábio Fernandes [mailto:fabiogfernan...@gmail.com 
> <mailto:fabiogfernan...@gmail.com>] 
> Sent: Thursday, September 08, 2016 1:40 PM
> To: Παναγιώτης Λεόντιος
> Cc: openvas-discuss@wald.intevation.org 
> <mailto:openvas-discuss@wald.intevation.org>
> Subject: Re: [Openvas-discuss] SCANNING Error Message 503
> 
> Try erasing OpenVAS redis database.
> 
> Fabio
> 
> 
> No dia 08/09/2016, às 08:40, Παναγιώτης Λεόντιος <leonti...@ath.forthnet.gr 
> <mailto:leonti...@ath.forthnet.gr>> escreveu:
> 
> Hi there.
> 
> Well, just one more try in case I am lucky...
> 
> 1. Installed VirtualBox (5.1.4 r110228 (Qt5.5.1)) on my Windows Vista 
> (32) SP2, DELL Laptop 2. Installed OPENVAS -8 DEMO VM 1.0 from the 
> respective .ova file downloaded from openvas.org <http://openvas.org/> 3. 
> Changed all the passwords as recommended (root, openvas, admin), deleted the 
> file "/home/openvas/.ssh/authorized_keys" and updated Debian Jessie (64).
> 4. Run GSA web interface (v. 6.0.3) on my Chrome @192.168.1.x, as 
> instructed by openvas command line 5. Logged in as admin, and tried to run an 
> immediate scan an ip4 address (local router 192.168.1.1 and several public 
> ones).
>   I GET ALL THE TIME:
>   Operation: Start Task
>   Status code: 503
>   Status message: Service temporarily down 6. After advice on this 
> channel, I run:
>   http://plugins.openvas.org/ova_503.txt 
> <http://plugins.openvas.org/ova_503.txt>
>   and additionally, the following:
> 
> openvas-certdata-sync openvas-nvt-sync openvas-nvt-sync-cron 
> openvas-scapdata-sync openvasmd --rebuild killall -s SIGHUP openvassd
> 
> BUT NO LUCK SO FAR!!!
> 
> ANY MORE IDEAS PLEASE? ANYONE?
> 
> Thanx in advance,
> Panos
> 
> 
> 
> 
> -Original Message-
> From: Openvas-discuss 
> [mailto:openvas-discuss-boun...@wald.intevation.org 
> <mailto:openvas-discuss-boun...@wald.intevation.org>] On Behalf Of 
> Christian Fischer
> Sent: Monday, September 05, 2016 9:42 AM
> To: openvas-discuss@wald.intevation.org 
> <mailto:openvas-discuss@wald.intevation.org>
> Subject: Re: [Openvas-discuss] Error Message
> 
> Hi,
> 
> just also noticed this:
> 
> On 09/03/2016 06:01 PM, Reindl Harald wrote:
> 
> openvasmd --rebuild
> killall -s SIGHUP openvassd
> 
> First do a SIGHUP to openvassd so it is reloading the NVTs from disc and then 
> do a rebuild of the manager database.
> 
> Greetings,
> 
> --
> 
> Christian Fischer | Greenbone Networks GmbH | http://greenbone.net 
> <http://greenbone.net/> 
> Neuer Graben 17, 49074 Osnabrück, Germany | AG Osnabrück, HR B 202460
> Geschäftsführer: Lukas Grunwald, Dr. Jan-Oliver Wagner
> 
> 
> ___
> Openvas-discuss mailing list
> Openvas-discuss@wald.intevation.org 
> <mailto:Openvas-discuss@wald.intevation.org>
> https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-dis 
> <https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-dis>
> cuss
> 
> 
> 
> 
> -
> No virus found in this message.
> Checked by AVG - www.avg.com <http://www.avg.com/>
> Version: 2016.0.7752 / Virus Database: 4649/12968 - Release Date: 09/08/16
> 
>  
> No virus found in this message.
> Checked by AVG - www.avg.com <http://www.avg.com/>
> Version: 2016.0.7752 / Virus Database: 4649/12968 - Release Date: 09/08/16

___
Openvas-discuss mailing list
Openvas-discuss@wald.intevation.org
https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss

Re: [Openvas-discuss] SCANNING Error Message 503

2016-09-08 Thread Fábio Fernandes 
From here: 
https://forums.kali.org/showthread.php?29682-Openvas-Reloaded-all-the-NVTs-issue
 
<https://forums.kali.org/showthread.php?29682-Openvas-Reloaded-all-the-NVTs-issue>

root@kali:/etc/openvas# redis-cli -s /var/lib/redis/redis.sock
redis /var/lib/redis/redis.sock> keys *
1) "OpenVAS.__GlobalDBIndex"
redis /var/lib/redis/redis.sock> del OpenVAS.__GlobalDBIndex
(integer) 1

Fabio

> No dia 08/09/2016, às 11:44, Παναγιώτης Λεόντιος <leonti...@ath.forthnet.gr> 
> escreveu:
> 
> Thank you Fabio.
> 
> How can I do that? Is it recreated automatically?
> 
> Panos
> 
> -Original Message-
> From: Fábio Fernandes [mailto:fabiogfernan...@gmail.com] 
> Sent: Thursday, September 08, 2016 1:40 PM
> To: Παναγιώτης Λεόντιος
> Cc: openvas-discuss@wald.intevation.org
> Subject: Re: [Openvas-discuss] SCANNING Error Message 503
> 
> Try erasing OpenVAS redis database.
> 
> Fabio
> 
>> No dia 08/09/2016, às 08:40, Παναγιώτης Λεόντιος <leonti...@ath.forthnet.gr> 
>> escreveu:
>> 
>> Hi there.
>> 
>> Well, just one more try in case I am lucky...
>> 
>> 1. Installed VirtualBox (5.1.4 r110228 (Qt5.5.1)) on my Windows Vista 
>> (32) SP2, DELL Laptop 2. Installed OPENVAS -8 DEMO VM 1.0 from the 
>> respective .ova file downloaded from openvas.org 3. Changed all the 
>> passwords as recommended (root, openvas, admin), deleted the file 
>> "/home/openvas/.ssh/authorized_keys" and updated Debian Jessie (64).
>> 4. Run GSA web interface (v. 6.0.3) on my Chrome @192.168.1.x, as 
>> instructed by openvas command line 5. Logged in as admin, and tried to run 
>> an immediate scan an ip4 address (local router 192.168.1.1 and several 
>> public ones).
>>   I GET ALL THE TIME:
>>   Operation: Start Task
>>   Status code: 503
>>   Status message: Service temporarily down 6. After advice on this 
>> channel, I run:
>>   http://plugins.openvas.org/ova_503.txt
>>   and additionally, the following:
>>> openvas-certdata-sync openvas-nvt-sync openvas-nvt-sync-cron 
>>> openvas-scapdata-sync openvasmd --rebuild killall -s SIGHUP openvassd
>> 
>> BUT NO LUCK SO FAR!!!
>> 
>> ANY MORE IDEAS PLEASE? ANYONE?
>> 
>> Thanx in advance,
>> Panos
>> 
>> 
>> 
>> 
>> -Original Message-
>> From: Openvas-discuss 
>> [mailto:openvas-discuss-boun...@wald.intevation.org] On Behalf Of 
>> Christian Fischer
>> Sent: Monday, September 05, 2016 9:42 AM
>> To: openvas-discuss@wald.intevation.org
>> Subject: Re: [Openvas-discuss] Error Message
>> 
>> Hi,
>> 
>> just also noticed this:
>> 
>> On 09/03/2016 06:01 PM, Reindl Harald wrote:
>>> openvasmd --rebuild
>>> killall -s SIGHUP openvassd
>> 
>> First do a SIGHUP to openvassd so it is reloading the NVTs from disc and 
>> then do a rebuild of the manager database.
>> 
>> Greetings,
>> 
>> --
>> 
>> Christian Fischer | Greenbone Networks GmbH | http://greenbone.net 
>> Neuer Graben 17, 49074 Osnabrück, Germany | AG Osnabrück, HR B 202460
>> Geschäftsführer: Lukas Grunwald, Dr. Jan-Oliver Wagner
>> 
>> 
>> ___
>> Openvas-discuss mailing list
>> Openvas-discuss@wald.intevation.org
>> https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-dis
>> cuss
> 
> 
> 
> 
> -
> No virus found in this message.
> Checked by AVG - www.avg.com
> Version: 2016.0.7752 / Virus Database: 4649/12968 - Release Date: 09/08/16
> 

___
Openvas-discuss mailing list
Openvas-discuss@wald.intevation.org
https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss

Re: [Openvas-discuss] SCANNING Error Message 503

2016-09-08 Thread Fábio Fernandes 
Try erasing OpenVAS redis database.

Fabio

> No dia 08/09/2016, às 08:40, Παναγιώτης Λεόντιος  
> escreveu:
> 
> Hi there.
> 
> Well, just one more try in case I am lucky...
> 
> 1. Installed VirtualBox (5.1.4 r110228 (Qt5.5.1)) on my Windows Vista (32) 
> SP2, DELL Laptop
> 2. Installed OPENVAS -8 DEMO VM 1.0 from the respective .ova file downloaded 
> from openvas.org
> 3. Changed all the passwords as recommended (root, openvas, admin), deleted 
> the file "/home/openvas/.ssh/authorized_keys" and updated Debian Jessie (64).
> 4. Run GSA web interface (v. 6.0.3) on my Chrome @192.168.1.x, as instructed 
> by openvas command line
> 5. Logged in as admin, and tried to run an immediate scan an ip4 address 
> (local router 192.168.1.1 and several public ones).
>I GET ALL THE TIME:
>Operation: Start Task
>Status code: 503
>Status message: Service temporarily down
> 6. After advice on this channel, I run:
>http://plugins.openvas.org/ova_503.txt
>and additionally, the following:
>> openvas-certdata-sync openvas-nvt-sync openvas-nvt-sync-cron 
>> openvas-scapdata-sync openvasmd --rebuild killall -s SIGHUP openvassd
> 
> BUT NO LUCK SO FAR!!!
> 
> ANY MORE IDEAS PLEASE? ANYONE?
> 
> Thanx in advance,
> Panos
> 
> 
> 
> 
> -Original Message-
> From: Openvas-discuss [mailto:openvas-discuss-boun...@wald.intevation.org] On 
> Behalf Of Christian Fischer
> Sent: Monday, September 05, 2016 9:42 AM
> To: openvas-discuss@wald.intevation.org
> Subject: Re: [Openvas-discuss] Error Message
> 
> Hi,
> 
> just also noticed this:
> 
> On 09/03/2016 06:01 PM, Reindl Harald wrote:
>> openvasmd --rebuild
>> killall -s SIGHUP openvassd
> 
> First do a SIGHUP to openvassd so it is reloading the NVTs from disc and then 
> do a rebuild of the manager database.
> 
> Greetings,
> 
> -- 
> 
> Christian Fischer | Greenbone Networks GmbH | http://greenbone.net Neuer 
> Graben 17, 49074 Osnabrück, Germany | AG Osnabrück, HR B 202460
> Geschäftsführer: Lukas Grunwald, Dr. Jan-Oliver Wagner
> 
> 
> ___
> Openvas-discuss mailing list
> Openvas-discuss@wald.intevation.org
> https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss

___
Openvas-discuss mailing list
Openvas-discuss@wald.intevation.org
https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss

Re: [Openvas-discuss] OpenVAS - Unstable

2016-09-07 Thread Fábio Fernandes 
Now i recall i had the same problem as you and i solved it by erasing openvassd 
redis database but i don’t remember the commands but i think Meyer solution 
does the same thing but it erases all databases i think. Did you get the scans 
to work?

Fabio

> No dia 06/09/2016, às 19:13, Turner,Jonas  
> escreveu:
> 
> Hey!! It might have worked!!  Do I have to uncomment those saves later or 
> just leave them alone for now?
> 
> -Original Message-
> From: Openvas-discuss [mailto:openvas-discuss-boun...@wald.intevation.org] On 
> Behalf Of Turner,Jonas
> Sent: Tuesday, September 06, 2016 2:07 PM
> To: Michael Meyer; openvas-discuss@wald.intevation.org
> Subject: Re: [Openvas-discuss] OpenVAS - Unstable
> 
> I only have the /etc/redis.conf.  Is that one sufficient? 
> 
> -Original Message-
> From: Openvas-discuss [mailto:openvas-discuss-boun...@wald.intevation.org] On 
> Behalf Of Michael Meyer
> Sent: Tuesday, September 06, 2016 2:00 PM
> To: openvas-discuss@wald.intevation.org
> Subject: Re: [Openvas-discuss] OpenVAS - Unstable
> 
> *** Turner,Jonas wrote:
> 
>> Well I ran them all, but when doing the ???openvasmd --rebuild??it just 
>> sits there.
> 
> edit /etc/redis/default.conf and comment all lines beginning with "save". 
> Delete the "dump.rdb". Restart redis, restart the scanner.
> Does "--rebuild" works now?
> 
> Micha
> 
> -- 
> Michael Meyer  OpenPGP Key: 0xAF069E9152A6EFA6 
> http://www.greenbone.net/
> Greenbone Networks GmbH, Neuer Graben 17, 49074 Osnabrück | AG Osnabrück, HR 
> B 202460
> Geschäftsführer: Lukas Grunwald, Dr. Jan-Oliver Wagner 
> ___
> Openvas-discuss mailing list
> Openvas-discuss@wald.intevation.org
> https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss
> 
> 
> ___
> Openvas-discuss mailing list
> Openvas-discuss@wald.intevation.org
> https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss
> 
> 
> ___
> Openvas-discuss mailing list
> Openvas-discuss@wald.intevation.org
> https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss

___
Openvas-discuss mailing list
Openvas-discuss@wald.intevation.org
https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss

Re: [Openvas-discuss] OpenVAS - Unstable

2016-09-06 Thread Fábio Fernandes 
Yes try those commands it usually solves the problem. Do you have the CentOS 
version?

Fabio

> No dia 06/09/2016, às 17:26, Ken  escreveu:
> 
> Hi,
> 
> I had a similar issue recently, everything returned to normal after 
> rebuilding the cache .. i.e. openvasmd --rebuild --progress.
> 
> Cheers,
> Ken
> 
> 
> On Tue, Sep 6, 2016, 16:55 Michael Meyer  > wrote:
> *** Turner,Jonas wrote:
> 
> >  > status="503">
> 
> Try http://plugins.openvas.org/ova_503.txt 
> 
> 
> Micha
> 
> --
> Michael Meyer  OpenPGP Key: 0xAF069E9152A6EFA6
> http://www.greenbone.net/ 
> Greenbone Networks GmbH, Neuer Graben 17, 49074 Osnabrück | AG
> Osnabrück, HR B 202460
> Geschäftsführer: Lukas Grunwald, Dr. Jan-Oliver Wagner
> ___
> Openvas-discuss mailing list
> Openvas-discuss@wald.intevation.org 
> 
> https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss 
> 
> ___
> Openvas-discuss mailing list
> Openvas-discuss@wald.intevation.org
> https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss

___
Openvas-discuss mailing list
Openvas-discuss@wald.intevation.org
https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss

Re: [Openvas-discuss] OpenVAS - Unstable

2016-09-06 Thread Fábio Fernandes 
Check OpenVAS processes by executing "ps -xau | grep openvas”.

Fabio

> No dia 06/09/2016, às 15:46, Turner,Jonas <jotur...@hcr-manorcare.com> 
> escreveu:
> 
> It does not.  I push the start button to start the scan and you can see it 
> just spin at the top of the tab instead of refreshing the page letting me 
> know it started.  It also shows on the bottom left that  is says “waiting for 
> 10.10.10.10.”, so it never actually goes through.  I try using OMP to 
> eliminate the GSAD side of it, and it just sits there for a long while and 
> eventually It’ll spit out this message
>  status="503">
>  
> There aren’t any other error messages that screams something is wrong.  It 
> all worked perfectly well until I added the tasks/targets through the script. 
>  It’s almost as if doing it a better way broke it somehow.  Even manually 
> creating the target/task now no longer allows the jobs to be started.  I
>  
> From: Fábio Fernandes [mailto:fabiogfernan...@gmail.com 
> <mailto:fabiogfernan...@gmail.com>] 
> Sent: Tuesday, September 06, 2016 10:42 AM
> To: Turner,Jonas
> Cc: openvas-discuss@wald.intevation.org 
> <mailto:openvas-discuss@wald.intevation.org>
> Subject: Re: [Openvas-discuss] OpenVAS - Unstable
>  
> Does the scan run on the graphical interface (GSA) ?
> No dia 06/09/2016, às 15:35, Turner,Jonas <jotur...@hcr-manorcare.com 
> <mailto:jotur...@hcr-manorcare.com>> escreveu:
>  
> ou should install nmap 5.51 if you plan to use the nmap NSE NVTs.
> Step 10: Checking presence of optional tools ...
>  
> 
> CONFIDENTIALITY NOTICE The information contained in this transmission is 
> intended only for the person or entity to which it is addressed and may 
> contain confidential and/or privileged material. If you are not the intended 
> recipient of this information, do not review, retransmit, disclose, 
> disseminate, use, or take any action in reliance upon, this information. If 
> you received this transmission in error, please contact the sender, destroy 
> all printed copies, and delete the material from all computers.   ­­  

___
Openvas-discuss mailing list
Openvas-discuss@wald.intevation.org
https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss

Re: [Openvas-discuss] OpenVAS - Unstable

2016-09-06 Thread Fábio Fernandes 
Does the scan run on the graphical interface (GSA) ?
> No dia 06/09/2016, às 15:35, Turner,Jonas  
> escreveu:
> 
> ou should install nmap 5.51 if you plan to use the nmap NSE NVTs.
> Step 10: Checking presence of optional tools ...

___
Openvas-discuss mailing list
Openvas-discuss@wald.intevation.org
https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss

Re: [Openvas-discuss] Overrides management questions

2016-09-06 Thread Fábio Fernandes 
That is to enable overrides i was trying to say to add the override with amp 
CLI but it is just an idea.

http://www.openvas.org/omp-6-0.html#command_create_override 
<http://www.openvas.org/omp-6-0.html#command_create_override>

Fabio

> No dia 06/09/2016, às 13:57, tatooin <tato...@free.fr> escreveu:
> 
> Hi Fabio,
> 
> I tried adding the override with omp (this is actually the only way I
> know of), using the command :
> 
> omp -h 127.0.0.1 -u admin -w "pass" -iX ' report_id="5c9870b4-2d15-4b97-91ca-8fd6ee0a1b2b"
> format_id="c1645568-627a-11e3-a660-406186ea4fc5" overrides="1" />' |
> xmlstarlet sel -t -v get_reports_response/report/text\(\) | base64 -i -d
>> report.csv
> 
> But I still don't get the overrides applied. :-(
> 
> Is there any other way ?
> 
> Thanks again for your help. 
> 
> On Mon, 2016-09-05 at 20:55 +0100, Fábio Fernandes wrote:
>> I don’t think so maybe someone can help? Have you tried to add the
>> override with the omp maybe it will work.
>> 
>> 
>> Fabio
>> 
>>> No dia 02/09/2016, às 09:24, tatooin <tato...@free.fr> escreveu:
>>> 
>>> piping an xml file directly to omp ?
>>> 
>> 
>> 
> 
> 

___
Openvas-discuss mailing list
Openvas-discuss@wald.intevation.org
https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss

Re: [Openvas-discuss] OpenVAS - Unstable

2016-09-06 Thread Fábio Fernandes 
Try to check the logs to understand what is happening or check the OpenVAS 
scanner processes.

Fabio

> No dia 06/09/2016, às 13:41, Turner,Jonas <jotur...@hcr-manorcare.com> 
> escreveu:
> 
> I am using the atomic repo and the packages had been perhaps two weeks old at 
> most. :/ Adding the targets and tasks were simple and easy through the Python 
> script.  I went to kick them off and it just spins and spins on the page.  I 
> try and launch it through omp and it just sits there at the CLI and doesn’t 
> do anything.  There are no errors or anything.
>  
> From: Fábio Fernandes [mailto:fabiogfernan...@gmail.com] 
> Sent: Sunday, September 04, 2016 9:31 PM
> To: Turner,Jonas
> Cc: openvas-discuss@wald.intevation.org
> Subject: Re: [Openvas-discuss] OpenVAS - Unstable
>  
> I don’t know about python scripts but i use ruby and it works ok maybe it’s 
> your OpenVAS installation or you are using an old OpenVAS python library?
>  
> Fabio
> No dia 02/09/2016, às 18:58, Turner,Jonas <jotur...@hcr-manorcare.com 
> <mailto:jotur...@hcr-manorcare.com>> escreveu:
>  
> I am not sure if I am the only one that experiences this, but it seems I 
> can’t do anything that involves scripts with OpenVAS.   All I did was create 
> a script to add targets/tasks based on a python script.  After creating them, 
> which it does just fine, I can’t start the task.  It sits there and just 
> spins like it did before.  I even ran it against one host and it does the 
> same thing.
> 
> CONFIDENTIALITY NOTICE The information contained in this transmission is 
> intended only for the person or entity to which it is addressed and may 
> contain confidential and/or privileged material. If you are not the intended 
> recipient of this information, do not review, retransmit, disclose, 
> disseminate, use, or take any action in reliance upon, this information. If 
> you received this transmission in error, please contact the sender, destroy 
> all printed copies, and delete the material from all computers.   ­­  

___
Openvas-discuss mailing list
Openvas-discuss@wald.intevation.org
https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss

Re: [Openvas-discuss] Overrides management questions

2016-09-05 Thread Fábio Fernandes 
I don’t think so maybe someone can help? Have you tried to add the override 
with the omp maybe it will work.

Fabio

> No dia 02/09/2016, às 09:24, tatooin  escreveu:
> 
> piping an xml file directly to omp ?

___
Openvas-discuss mailing list
Openvas-discuss@wald.intevation.org
https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss

Re: [Openvas-discuss] OpenVAS - Unstable

2016-09-04 Thread Fábio Fernandes 
I don’t know about python scripts but i use ruby and it works ok maybe it’s 
your OpenVAS installation or you are using an old OpenVAS python library?

Fabio
> No dia 02/09/2016, às 18:58, Turner,Jonas  
> escreveu:
> 
> I am not sure if I am the only one that experiences this, but it seems I 
> can’t do anything that involves scripts with OpenVAS.   All I did was create 
> a script to add targets/tasks based on a python script.  After creating them, 
> which it does just fine, I can’t start the task.  It sits there and just 
> spins like it did before.  I even ran it against one host and it does the 
> same thing.
>  
> 
> CONFIDENTIALITY NOTICE The information contained in this transmission is 
> intended only for the person or entity to which it is addressed and may 
> contain confidential and/or privileged material. If you are not the intended 
> recipient of this information, do not review, retransmit, disclose, 
> disseminate, use, or take any action in reliance upon, this information. If 
> you received this transmission in error, please contact the sender, destroy 
> all printed copies, and delete the material from all computers.   ­­   
> ___
> Openvas-discuss mailing list
> Openvas-discuss@wald.intevation.org 
> 
> https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss 
> 
___
Openvas-discuss mailing list
Openvas-discuss@wald.intevation.org
https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss

Re: [Openvas-discuss] Error Message

2016-09-02 Thread Fábio Fernandes 
Sorry i didn’t notice you had done that already. Maybe your installation is 
damaged have you tried to check the scanner and manager logs? Maybe increase 
the log level?

Fábio

> No dia 02/09/2016, às 16:31, Reindl Harald  escreveu:
> 
> 
> 
> Am 02.09.2016 um 17:29 schrieb Παναγιώτης Λεόντιος:
>> Hold on, do you mean the command: “openvas-nvt-sync”?
>> 
>> Because if so, I have already run it, along with all the stop/run
>> scanner-manager set, according to “http://plugins.openvas.org/ova_503.txt”
> 
> [root@openvas:~]$ cat /usr/local/bin/openvas-sync
> #!/bin/sh
> openvas-certdata-sync
> openvas-nvt-sync
> openvas-nvt-sync-cron
> openvas-scapdata-sync
> openvasmd --rebuild
> killall -s SIGHUP openvassd
> 
> ___
> Openvas-discuss mailing list
> Openvas-discuss@wald.intevation.org
> https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss

___
Openvas-discuss mailing list
Openvas-discuss@wald.intevation.org
https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss

Re: [Openvas-discuss] Target Limit

2016-09-01 Thread Fábio Fernandes 
I think that there is no limit because there isn’t any mention of it in the OMP 
protocol documentation but since there is no official OpenVAS 8 manual the only 
way to be sure is to check the source.

Fabio

> No dia 01/09/2016, às 17:03, Turner,Jonas  
> escreveu:
> 
> Is there an actual target limit or just a target limit while entering them 
> manually on the website?
>  
> I was able to add a LOT more when using a script over manually and I want to 
> make sure I can still process all those IP addresses even though there was 
> supposed to be a limit.
> 
> CONFIDENTIALITY NOTICE The information contained in this transmission is 
> intended only for the person or entity to which it is addressed and may 
> contain confidential and/or privileged material. If you are not the intended 
> recipient of this information, do not review, retransmit, disclose, 
> disseminate, use, or take any action in reliance upon, this information. If 
> you received this transmission in error, please contact the sender, destroy 
> all printed copies, and delete the material from all computers.   ­­   
> ___
> Openvas-discuss mailing list
> Openvas-discuss@wald.intevation.org 
> 
> https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss 
> 
___
Openvas-discuss mailing list
Openvas-discuss@wald.intevation.org
https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss

Re: [Openvas-discuss] Errors When Creating Tasks and Targets from Terminal and Java API - A TLS packet with unexpected length was received

2016-09-01 Thread Fábio Fernandes 
You have not specified the host (-h). 
> No dia 01/09/2016, às 16:32, Ken  escreveu:
> 
> Hello everyone,
> 
> I have error in my Ubuntu OpenVAS when I try to either create a new task or 
> target from the terminal or using a Java API. For example, 
> 
> omp -u admin -w admin  
> --xml="OfficeCommandLineTestCreated From 
> Command Line id="daba56c8-73ec-11df-a475-002264764cea"/> id="7e7d65a2-3ee0-4587-9572-6b1c04f05736"/> id="08b69003-5fc2-4037-a479-93b440211c73"/>"
> 
> gives the error :" Failed to read response".
> Also in openvasmd.log, I have the following :
> 
> " read_from_client: failed to read from client: A TLS packet with unexpected 
> length was received.
> ".
> 
> 
> Would anyone kindly point me to the right direction.
> I tried the command " openvas-mkcert-client -n om -i " but this didnt change 
> things.
> 
> Many thanks,
> Regards..
> 
> Ken
> 
> 
> 
> 
> ___
> Openvas-discuss mailing list
> Openvas-discuss@wald.intevation.org
> https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss

___
Openvas-discuss mailing list
Openvas-discuss@wald.intevation.org
https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss

Re: [Openvas-discuss] Error Message

2016-09-01 Thread Fábio Fernandes 
I can’t see the whole output but it seems that the OpenVAS Scanner is 
reloading. Try updating NVT, reloading the Manager, and restoring both Manager 
and Scanner.

Fabio
> No dia 01/09/2016, às 14:28, Παναγιώτης Λεόντιος  
> escreveu:
> 
> Thanx for considering:
>  
> 
>  
> Panos
>  
> From: eero.t.voloti...@gmail.com  
> [mailto:eero.t.voloti...@gmail.com ] On 
> Behalf Of Eero Volotinen
> Sent: Thursday, September 01, 2016 4:25 PM
> To: Παναγιώτης Λεόντιος
> Cc: Christian Fischer; openvas-discuss@wald.intevation.org 
> 
> Subject: Re: [Openvas-discuss] Error Message
>  
> what is output of following commands:
>  
> ps aux | grep -i openvas
>  
> Eero
>  
> 2016-09-01 16:15 GMT+03:00 Παναγιώτης Λεόντιος  >:
> Dear Christian,
> 
> Unfortunately, there was no difference after running all the commands in 
> "http://plugins.openvas.org/ova_503.txt 
> "
> 
> A couple of remarks though if I may:
> 1. the uid produced by "openvasmd --get-scanners" is the same with the one in 
> the text.
> 2. after updating scanner and keys, I get the msg: "md main:WARNING 
> :1174:2016-09-01 13h02.49 utc : main: internal error"
> (*) please note that my laptop's time at the time was 3 hours ahead 
> (16h02.49)
> 
> Thank you for your time, anyway.
> 
> Panos
> 
> -Original Message-
> From: Παναγιώτης Λεόντιος [mailto:leonti...@ath.forthnet.gr 
> ]
> Sent: Thursday, September 01, 2016 3:00 PM
> To: 'Christian Fischer'; 'openvas-discuss@wald.intevation.org 
> '
> Subject: RE: [Openvas-discuss] Error Message
> 
> Dear Christian, thank you so much for your response.
> I'll try your suggestion right away.
> 
> Regards,
> Panos
> 
> -Original Message-
> From: Openvas-discuss [mailto:openvas-discuss-boun...@wald.intevation.org 
> ] On Behalf Of Christian 
> Fischer
> Sent: Thursday, September 01, 2016 2:38 PM
> To: openvas-discuss@wald.intevation.org 
> 
> Subject: Re: [Openvas-discuss] Error Message
> 
> Hi,
> 
> On 09/01/2016 08:02 AM, Παναγιώτης Λεόντιος wrote:
> > 503
> >
> > Status message:
> >
> > Service temporarily down
> 
> have a look at the following steps which could fix this issue:
> 
> http://plugins.openvas.org/ova_503.txt 
> 
> 
> --
> 
> Christian Fischer | Greenbone Networks GmbH | http://greenbone.net 
>  Neuer Graben 17, 49074 Osnabrück, Germany | AG 
> Osnabrück, HR B 202460
> Geschäftsführer: Lukas Grunwald, Dr. Jan-Oliver Wagner 
> ___
> Openvas-discuss mailing list
> Openvas-discuss@wald.intevation.org 
> 
> https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss 
> 
> 
> 
> -
> No virus found in this message.
> Checked by AVG - www.avg.com 
> Version: 2016.0.7752 / Virus Database: 4649/12924 - Release Date: 09/01/16
> 
> ___
> Openvas-discuss mailing list
> Openvas-discuss@wald.intevation.org 
> 
> https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss 
> 
>  
> No virus found in this message.
> Checked by AVG - www.avg.com 
> Version: 2016.0.7752 / Virus Database: 4649/12924 - Release Date: 09/01/16
> ___
> Openvas-discuss mailing list
> Openvas-discuss@wald.intevation.org 
> 
> https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss 
> 
___
Openvas-discuss mailing list
Openvas-discuss@wald.intevation.org
https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss

Re: [Openvas-discuss] Overrides management questions

2016-09-01 Thread Fábio Fernandes 
Hi i don’t have OpenVAS 6 but i tried that in OpenVAS 8 and it happens too. It 
is a bug or there is something missing in the request. Maybe someone that uses 
overrides more frequently can help?

Fabio

> No dia 01/09/2016, às 13:10, tato...@free.fr escreveu:
> 
> Hello,
> 
> Anyone can help ? I'm sure the fix is easy but I can't figure out what I am 
> doing wrong !!
> 
> - Mail original -
> De: "tatooin" 
> À: openvas-discuss@wald.intevation.org
> Envoyé: Lundi 29 Août 2016 12:04:47
> Objet: Re: [Openvas-discuss] Overrides management questions
> 
> I tried generating the report with the following omp command:
> 
> omp -h 127.0.0.1 -u admin -w "pass" -iX ' report_id="5c9870b4-2d15-4b97-91ca-8fd6ee0a1b2b"
> format_id="c1645568-627a-11e3-a660-406186ea4fc5" overrides="1" />' |
> xmlstarlet sel -t -v get_reports_response/report/text\(\) | base64 -i -d
>> report.csv
> 
> However the overrides are still not applied in the report.
> 
> What am I doing wrong ?
> 
> Thanks !
> 
> On Mon, 2016-08-29 at 09:56 +0200, tatooin wrote:
>> Hello !
>> 
>> I'm using GSA 6.0.10 with openvas 6.0.8 to manage my campaigns, but
>> using omp command line tool to generate reports (for scripting
>> reasons). 
>> 
>> However I have an issue with overrides. I create overrides in GSA for
>> certain false positives in my reports; but while those FP are managed
>> correctly when generating reports from GSA interface, they are absent if
>> I generate reports directly with omp, so the reports will score those
>> vulnerabilities as HIGH while I scored them as FP in GSA. 
>> 
>> Is there any solution to this ? Any way to have openvas-manager and GSA
>> sync each other for overrides ? 
>> 
>> Thanks in advance !
>> Best,
>> 
>> Vincent
>> 
>> 
>> 
>> ___
>> Openvas-discuss mailing list
>> Openvas-discuss@wald.intevation.org
>> https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss
> 
> 
> ___
> Openvas-discuss mailing list
> Openvas-discuss@wald.intevation.org
> https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss
> ___
> Openvas-discuss mailing list
> Openvas-discuss@wald.intevation.org
> https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss

___
Openvas-discuss mailing list
Openvas-discuss@wald.intevation.org
https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss

[Openvas-discuss] Why OpenVAS does not resume scans properly?

2016-08-26 Thread Fábio Fernandes 
When i need to pause a scan (stop button) it shows the scan progress and in the 
current report there are some intermediate results but when i click resume the 
scan goes back to 1% and the intermediate results disappear as it was doing the 
scan all over again.  I think that this defeats the purpose of the resume 
mechanism. Does anyone knows why this happens? Is this supposed to happen?

Fábio

___
Openvas-discuss mailing list
Openvas-discuss@wald.intevation.org
https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss

Re: [Openvas-discuss] Managing many scanners instead of a master-slave

2016-08-26 Thread Fábio Fernandes 
That chatty communication between manager and scanner is probably the
status and intermediate results messages but i would have to analyse these
interaction to be sure.

Em 19/08/2016 16:00, "Tyler Sable"  escreveu:

> Ben,
>
> I have built the master-scanner architecture, and it works. But, I have
> been disappointed in its performance. The scans run on the external scanner
> seem to take a lot longer than scans run on the same machine. I think the
> communication between the manager and scanner is probably too chatty for it
> master-scanner to perform well.
>
> Dr. Wagner recently recommended the master-slave relationship rather than
> the manager-scanner relationship. I believe the improved performance is the
> reason for using master-slave.
>
> -Tyler
> ___
> Openvas-discuss mailing list
> Openvas-discuss@wald.intevation.org
> https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss
>
___
Openvas-discuss mailing list
Openvas-discuss@wald.intevation.org
https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss

Re: [Openvas-discuss] Managing many scanners instead of a master-slave architecture?

2016-08-18 Thread Fábio Fernandes 
Of course that you have to manually configure what scanner to use for each 
Task. And in terms of performance i don’t know since i never used it 
distributed but it makes sense that it will increase the performance for each 
scan you add.
> No dia 18/08/2016, às 21:36, Fábio Fernandes <fabiogfernan...@gmail.com> 
> escreveu:
> 
> I have never had the need or tested an distributed OpenVAS architecture but i 
> think that it is possible. If you go to the menu Configuration->Slaves you 
> will see that you can add remote slaves. In the Greenbone Manual you can see 
> that you can setup an appliance as Sensor which i think it has the whole 
> package but only uses the scanner because of the way they configure it but it 
> is only my opinion. If i were you i would configure an Master in a machine 
> and then in another machine install OpenVAS but only activate the scanner 
> (openvassd) then in the Manager i would add this scanner and update the 
> Master and then see if the updates appear in the remote scanner.
> 
>> No dia 18/08/2016, às 19:35, LeBlanc Benjamin-Hugo (EXT) 
>> <benjamin-hugo.leblanc-...@ramq.gouv.qc.ca> escreveu:
>> 
>> Hello,
>> 
>> We are seriously considering deploying OpenVAS in our organisation, and we 
>> will most certainly opt for a distributed architecture that matches our 
>> network segmentation. We understand so far that a Master-Slave configuration 
>> involves two instances of OpenVAS, each slave running on its own 
>> Manager-Scanner binome. But since each such Manager "has to take care on its 
>> own to update the feed and release", while the Scanner synchronizes 
>> automatically with its Manager, could we instead use one single Manager, and 
>> bypass the Slave Managers to connect directly to multiple scanner components 
>> of OpenVAS, defined as additonal scanners in the web interface? I.e., 
>> instead of having one OpenVAS, PaloAlto and w3af scanner, running rather 
>> many instances of the OpenVAS one from one single Manager? And if so, how 
>> would that be handled by the Manager, performance-wise?
>> 
>> Thank you,
>> 
>> Ben LeBlanc
>> Nurun Services conseils
>> Quebec, Canada
>> 
>> ___
>> Openvas-discuss mailing list
>> Openvas-discuss@wald.intevation.org
>> https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss
> 

___
Openvas-discuss mailing list
Openvas-discuss@wald.intevation.org
https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss

Re: [Openvas-discuss] Managing many scanners instead of a master-slave architecture?

2016-08-18 Thread Fábio Fernandes 
I have never had the need or tested an distributed OpenVAS architecture but i 
think that it is possible. If you go to the menu Configuration->Slaves you will 
see that you can add remote slaves. In the Greenbone Manual you can see that 
you can setup an appliance as Sensor which i think it has the whole package but 
only uses the scanner because of the way they configure it but it is only my 
opinion. If i were you i would configure an Master in a machine and then in 
another machine install OpenVAS but only activate the scanner (openvassd) then 
in the Manager i would add this scanner and update the Master and then see if 
the updates appear in the remote scanner.

> No dia 18/08/2016, às 19:35, LeBlanc Benjamin-Hugo (EXT) 
>  escreveu:
> 
> Hello,
> 
> We are seriously considering deploying OpenVAS in our organisation, and we 
> will most certainly opt for a distributed architecture that matches our 
> network segmentation. We understand so far that a Master-Slave configuration 
> involves two instances of OpenVAS, each slave running on its own 
> Manager-Scanner binome. But since each such Manager "has to take care on its 
> own to update the feed and release", while the Scanner synchronizes 
> automatically with its Manager, could we instead use one single Manager, and 
> bypass the Slave Managers to connect directly to multiple scanner components 
> of OpenVAS, defined as additonal scanners in the web interface? I.e., instead 
> of having one OpenVAS, PaloAlto and w3af scanner, running rather many 
> instances of the OpenVAS one from one single Manager? And if so, how would 
> that be handled by the Manager, performance-wise?
> 
> Thank you,
> 
> Ben LeBlanc
> Nurun Services conseils
> Quebec, Canada
> 
> ___
> Openvas-discuss mailing list
> Openvas-discuss@wald.intevation.org
> https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss

___
Openvas-discuss mailing list
Openvas-discuss@wald.intevation.org
https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss

Re: [Openvas-discuss] Sourcefire integration

2016-08-18 Thread Fábio Fernandes 
I looked a briefly to the source too and it is very similar to the Nexpose 
Integration with Sourcefire script and with some modifications it could work 
but i am not allowed to test this since the Sourcefire platform is in 
production, i am only allowed to use solutions that are documented to work so 
there is minimal risk of disrupting the service. As recommended by Greenbone i 
contacted Sourcefire support to see if they have and can supply the script.
The xml to csv part is already done by the Sourcefire report format that as i 
stated in the first post is working.
Thanks for the help Eero if i am successful with the support team i will report 
so others can benefit.

> No dia 18/08/2016, às 17:42, Eero Volotinen <eero.voloti...@iki.fi> escreveu:
> 
> I looked the source and it looks very simple xml to csv converter & uploader. 
> It might be possible to add basic support to openvas BUT I don't have access 
> to any sourcefire dc for testing..
> 
> Eero
> 
> 
> 18.8.2016 4.04 ip. "Eero Volotinen" <eero.voloti...@iki.fi 
> <mailto:eero.voloti...@iki.fi>> kirjoitti:
> I think connector might be based on same source. I think it works with 
> openvas with some modifications, if sourcefire dc api is still same. (source 
> code is from year 2014?)
> 
> --
> Eero
> 
> 2016-08-18 14:05 GMT+03:00 Fábio Fernandes <fabiogfernan...@gmail.com 
> <mailto:fabiogfernan...@gmail.com>>:
> Thanks for the tip. This script seems similar to the one used by Rapid7 to 
> integrate Nexpose with Sourcefire. Meanwhile i have contacted Greenbone 
> technical sales and they informed me that i should contact Cisco regarding 
> the connector.
> 
>> No dia 17/08/2016, às 16:36, Eero Volotinen <eero.voloti...@iki.fi 
>> <mailto:eero.voloti...@iki.fi>> escreveu:
>> 
>> If your company is willing to pay, it should be simple to port this nessus 
>> opensource connector to openvas..
>> 
>> https://supportforums.cisco.com/document/12305426/nessus-report-upload-tool-host-input-api
>>  
>> <https://supportforums.cisco.com/document/12305426/nessus-report-upload-tool-host-input-api>
>> 
>> Eero
>> 
>> 2016-08-17 17:18 GMT+03:00 Fábio Fernandes <fabiogfernan...@gmail.com 
>> <mailto:fabiogfernan...@gmail.com>>:
>> I think there is no documentation for OpenVAS in the site they advice to use 
>> the Greenbone Security Manual. 
>> Is the lack of the program greenbone_sourcefire_connector a reason to submit 
>> a bug report?
>> 
>>> No dia 17/08/2016, às 15:15, Eero Volotinen <eero.voloti...@iki.fi 
>>> <mailto:eero.voloti...@iki.fi>> escreveu:
>>> 
>>> You are free to submit fixes to documentation ;)
>>> 
>>> Eero
>>> 
>>> 2016-08-17 16:39 GMT+03:00 Fábio Fernandes <fabiogfernan...@gmail.com 
>>> <mailto:fabiogfernan...@gmail.com>>:
>>> It would be nice that they mentioned what works and what does not on the 
>>> free version. I spent a lot of time for nothing probably :( .
>>> It would be nice if someone with the Greenbone paid version could confirm 
>>> that the connector exists or the greenbone_sourcefire_connector program.
>>> 
>>>> No dia 17/08/2016, às 14:03, Eero Volotinen <eero.voloti...@iki.fi 
>>>> <mailto:eero.voloti...@iki.fi>> escreveu:
>>>> 
>>>> I think that is normal way that opensource works. You usually need to pay 
>>>> for more advanced features like this ;)
>>>> 
>>>> Eero
>>>> 
>>>> 2016-08-17 16:01 GMT+03:00 Fábio Fernandes <fabiogfernan...@gmail.com 
>>>> <mailto:fabiogfernan...@gmail.com>>:
>>>> That is what i think too. But its strange that it appears in the free 
>>>> version and in the INSTALL file of the free version it looks like they use 
>>>> the same version but leave some internal components out or maybe they 
>>>> forgot to put it there because it is an feature not used normally by first 
>>>> time users. Anyway it would be nice if someone with the Greenbone paid 
>>>> version could confirm this.
>>>> 
>>>>> No dia 17/08/2016, às 12:22, Eero Volotinen <eero.voloti...@iki.fi 
>>>>> <mailto:eero.voloti...@iki.fi>> escreveu:
>>>>> 
>>>>> I think it's only available on commercial greenbone version.
>>>>> 
>>>>> So, you should buy greenbone to get connector 
>>>>> 
>>>>> --
>>>>> Eero
>>>>> 
>>>>>

Re: [Openvas-discuss] Sourcefire integration

2016-08-18 Thread Fábio Fernandes 
Thanks for the tip. This script seems similar to the one used by Rapid7 to 
integrate Nexpose with Sourcefire. Meanwhile i have contacted Greenbone 
technical sales and they informed me that i should contact Cisco regarding the 
connector.

> No dia 17/08/2016, às 16:36, Eero Volotinen <eero.voloti...@iki.fi> escreveu:
> 
> If your company is willing to pay, it should be simple to port this nessus 
> opensource connector to openvas..
> 
> https://supportforums.cisco.com/document/12305426/nessus-report-upload-tool-host-input-api
>  
> <https://supportforums.cisco.com/document/12305426/nessus-report-upload-tool-host-input-api>
> 
> Eero
> 
> 2016-08-17 17:18 GMT+03:00 Fábio Fernandes <fabiogfernan...@gmail.com 
> <mailto:fabiogfernan...@gmail.com>>:
> I think there is no documentation for OpenVAS in the site they advice to use 
> the Greenbone Security Manual. 
> Is the lack of the program greenbone_sourcefire_connector a reason to submit 
> a bug report?
> 
>> No dia 17/08/2016, às 15:15, Eero Volotinen <eero.voloti...@iki.fi 
>> <mailto:eero.voloti...@iki.fi>> escreveu:
>> 
>> You are free to submit fixes to documentation ;)
>> 
>> Eero
>> 
>> 2016-08-17 16:39 GMT+03:00 Fábio Fernandes <fabiogfernan...@gmail.com 
>> <mailto:fabiogfernan...@gmail.com>>:
>> It would be nice that they mentioned what works and what does not on the 
>> free version. I spent a lot of time for nothing probably :( .
>> It would be nice if someone with the Greenbone paid version could confirm 
>> that the connector exists or the greenbone_sourcefire_connector program.
>> 
>>> No dia 17/08/2016, às 14:03, Eero Volotinen <eero.voloti...@iki.fi 
>>> <mailto:eero.voloti...@iki.fi>> escreveu:
>>> 
>>> I think that is normal way that opensource works. You usually need to pay 
>>> for more advanced features like this ;)
>>> 
>>> Eero
>>> 
>>> 2016-08-17 16:01 GMT+03:00 Fábio Fernandes <fabiogfernan...@gmail.com 
>>> <mailto:fabiogfernan...@gmail.com>>:
>>> That is what i think too. But its strange that it appears in the free 
>>> version and in the INSTALL file of the free version it looks like they use 
>>> the same version but leave some internal components out or maybe they 
>>> forgot to put it there because it is an feature not used normally by first 
>>> time users. Anyway it would be nice if someone with the Greenbone paid 
>>> version could confirm this.
>>> 
>>>> No dia 17/08/2016, às 12:22, Eero Volotinen <eero.voloti...@iki.fi 
>>>> <mailto:eero.voloti...@iki.fi>> escreveu:
>>>> 
>>>> I think it's only available on commercial greenbone version.
>>>> 
>>>> So, you should buy greenbone to get connector 
>>>> 
>>>> --
>>>> Eero
>>>> 
>>>> 2016-08-17 13:55 GMT+03:00 Fábio Fernandes <fabiogfernan...@gmail.com 
>>>> <mailto:fabiogfernan...@gmail.com>>:
>>>> Strange. If you go to OpenVAS menu Configurations->Alerts and create a new 
>>>> Alert you see an option that says Sourcefire Connector and the 
>>>> configuration fields for it maybe it is not fully implemented.
>>>> Another strange thing as i said in the first post is that in the INSTALL 
>>>> file in the OpenVAS Manager source code it says that it has a Sourcefire 
>>>> Connector but in order for it to work it needs a program that i cannot 
>>>> find anywhere.
>>>> 
>>>> …
>>>> Prerequisites for Sourcefire Connector alert:
>>>> * A program in the PATH called greenbone_sourcefire_connector that takes 
>>>> args
>>>>   IP, port, PKCS12 file and report file in Sourcefire format.
>>>> … 
>>>> 
>>>> I would like to find this program as i think it is the only thing i need 
>>>> to get it working.
>>>> 
>>>>> No dia 17/08/2016, às 08:07, Eero Volotinen <eero.voloti...@iki.fi 
>>>>> <mailto:eero.voloti...@iki.fi>> escreveu:
>>>>> 
>>>>> Well. there is no sourcefire connector for openvas. Only supported format 
>>>>> is sourcefire report that you can manually import to sourcefire system.
>>>>> 
>>>>> ref: 
>>>>> https://svn.wald.intevation.org/svn/openvas/trunk/openvas-manager/report_formats/sourcefire/generate
>>>>>  
>>>>> <https://svn.wald.intevation.org/svn/openvas/trunk/openvas-man

Re: [Openvas-discuss] Sourcefire integration

2016-08-17 Thread Fábio Fernandes 
I think there is no documentation for OpenVAS in the site they advice to use 
the Greenbone Security Manual. 
Is the lack of the program greenbone_sourcefire_connector a reason to submit a 
bug report?

> No dia 17/08/2016, às 15:15, Eero Volotinen <eero.voloti...@iki.fi> escreveu:
> 
> You are free to submit fixes to documentation ;)
> 
> Eero
> 
> 2016-08-17 16:39 GMT+03:00 Fábio Fernandes <fabiogfernan...@gmail.com 
> <mailto:fabiogfernan...@gmail.com>>:
> It would be nice that they mentioned what works and what does not on the free 
> version. I spent a lot of time for nothing probably :( .
> It would be nice if someone with the Greenbone paid version could confirm 
> that the connector exists or the greenbone_sourcefire_connector program.
> 
>> No dia 17/08/2016, às 14:03, Eero Volotinen <eero.voloti...@iki.fi 
>> <mailto:eero.voloti...@iki.fi>> escreveu:
>> 
>> I think that is normal way that opensource works. You usually need to pay 
>> for more advanced features like this ;)
>> 
>> Eero
>> 
>> 2016-08-17 16:01 GMT+03:00 Fábio Fernandes <fabiogfernan...@gmail.com 
>> <mailto:fabiogfernan...@gmail.com>>:
>> That is what i think too. But its strange that it appears in the free 
>> version and in the INSTALL file of the free version it looks like they use 
>> the same version but leave some internal components out or maybe they forgot 
>> to put it there because it is an feature not used normally by first time 
>> users. Anyway it would be nice if someone with the Greenbone paid version 
>> could confirm this.
>> 
>>> No dia 17/08/2016, às 12:22, Eero Volotinen <eero.voloti...@iki.fi 
>>> <mailto:eero.voloti...@iki.fi>> escreveu:
>>> 
>>> I think it's only available on commercial greenbone version.
>>> 
>>> So, you should buy greenbone to get connector 
>>> 
>>> --
>>> Eero
>>> 
>>> 2016-08-17 13:55 GMT+03:00 Fábio Fernandes <fabiogfernan...@gmail.com 
>>> <mailto:fabiogfernan...@gmail.com>>:
>>> Strange. If you go to OpenVAS menu Configurations->Alerts and create a new 
>>> Alert you see an option that says Sourcefire Connector and the 
>>> configuration fields for it maybe it is not fully implemented.
>>> Another strange thing as i said in the first post is that in the INSTALL 
>>> file in the OpenVAS Manager source code it says that it has a Sourcefire 
>>> Connector but in order for it to work it needs a program that i cannot find 
>>> anywhere.
>>> 
>>> …
>>> Prerequisites for Sourcefire Connector alert:
>>> * A program in the PATH called greenbone_sourcefire_connector that takes 
>>> args
>>>   IP, port, PKCS12 file and report file in Sourcefire format.
>>> … 
>>> 
>>> I would like to find this program as i think it is the only thing i need to 
>>> get it working.
>>> 
>>>> No dia 17/08/2016, às 08:07, Eero Volotinen <eero.voloti...@iki.fi 
>>>> <mailto:eero.voloti...@iki.fi>> escreveu:
>>>> 
>>>> Well. there is no sourcefire connector for openvas. Only supported format 
>>>> is sourcefire report that you can manually import to sourcefire system.
>>>> 
>>>> ref: 
>>>> https://svn.wald.intevation.org/svn/openvas/trunk/openvas-manager/report_formats/sourcefire/generate
>>>>  
>>>> <https://svn.wald.intevation.org/svn/openvas/trunk/openvas-manager/report_formats/sourcefire/generate>
>>>>  (source)
>>>> 
>>>> Eero
>>>> 
>>>> 2016-08-17 5:50 GMT+03:00 Fábio Fernandes <fabiogfernan...@gmail.com 
>>>> <mailto:fabiogfernan...@gmail.com>>:
>>>> I think it is supported because it has an specific alert for it and 
>>>> Greenbone appliances use the same version that is available. If it was not 
>>>> supported why there would be an alert for it and why the connector was 
>>>> mentioned in the INSTALL file?
>>>> 
>>>> > I think it is not supported on openvas.
>>>> >
>>>> > Eero
>>>> >
>>>> >
>>>> > 16.8.2016 7.59 ip. "Fábio Fernandes" <fabiogfernan...@gmail.com 
>>>> > <mailto:fabiogfernan...@gmail.com>> kirjoitti:
>>>> > I have been trying to integrate OpenVAS with Sourcefire for sometime now 
>>>> > without success. I have seen in this threads 
>>>> > http://lists.wald.intevation.org/piperm

Re: [Openvas-discuss] Sourcefire integration

2016-08-17 Thread Fábio Fernandes 
It would be nice that they mentioned what works and what does not on the free 
version. I spent a lot of time for nothing probably :( .
It would be nice if someone with the Greenbone paid version could confirm that 
the connector exists or the greenbone_sourcefire_connector program.

> No dia 17/08/2016, às 14:03, Eero Volotinen <eero.voloti...@iki.fi> escreveu:
> 
> I think that is normal way that opensource works. You usually need to pay for 
> more advanced features like this ;)
> 
> Eero
> 
> 2016-08-17 16:01 GMT+03:00 Fábio Fernandes <fabiogfernan...@gmail.com 
> <mailto:fabiogfernan...@gmail.com>>:
> That is what i think too. But its strange that it appears in the free version 
> and in the INSTALL file of the free version it looks like they use the same 
> version but leave some internal components out or maybe they forgot to put it 
> there because it is an feature not used normally by first time users. Anyway 
> it would be nice if someone with the Greenbone paid version could confirm 
> this.
> 
>> No dia 17/08/2016, às 12:22, Eero Volotinen <eero.voloti...@iki.fi 
>> <mailto:eero.voloti...@iki.fi>> escreveu:
>> 
>> I think it's only available on commercial greenbone version.
>> 
>> So, you should buy greenbone to get connector 
>> 
>> --
>> Eero
>> 
>> 2016-08-17 13:55 GMT+03:00 Fábio Fernandes <fabiogfernan...@gmail.com 
>> <mailto:fabiogfernan...@gmail.com>>:
>> Strange. If you go to OpenVAS menu Configurations->Alerts and create a new 
>> Alert you see an option that says Sourcefire Connector and the configuration 
>> fields for it maybe it is not fully implemented.
>> Another strange thing as i said in the first post is that in the INSTALL 
>> file in the OpenVAS Manager source code it says that it has a Sourcefire 
>> Connector but in order for it to work it needs a program that i cannot find 
>> anywhere.
>> 
>> …
>> Prerequisites for Sourcefire Connector alert:
>> * A program in the PATH called greenbone_sourcefire_connector that takes args
>>   IP, port, PKCS12 file and report file in Sourcefire format.
>> … 
>> 
>> I would like to find this program as i think it is the only thing i need to 
>> get it working.
>> 
>>> No dia 17/08/2016, às 08:07, Eero Volotinen <eero.voloti...@iki.fi 
>>> <mailto:eero.voloti...@iki.fi>> escreveu:
>>> 
>>> Well. there is no sourcefire connector for openvas. Only supported format 
>>> is sourcefire report that you can manually import to sourcefire system.
>>> 
>>> ref: 
>>> https://svn.wald.intevation.org/svn/openvas/trunk/openvas-manager/report_formats/sourcefire/generate
>>>  
>>> <https://svn.wald.intevation.org/svn/openvas/trunk/openvas-manager/report_formats/sourcefire/generate>
>>>  (source)
>>> 
>>> Eero
>>> 
>>> 2016-08-17 5:50 GMT+03:00 Fábio Fernandes <fabiogfernan...@gmail.com 
>>> <mailto:fabiogfernan...@gmail.com>>:
>>> I think it is supported because it has an specific alert for it and 
>>> Greenbone appliances use the same version that is available. If it was not 
>>> supported why there would be an alert for it and why the connector was 
>>> mentioned in the INSTALL file?
>>> 
>>> > I think it is not supported on openvas.
>>> >
>>> > Eero
>>> >
>>> >
>>> > 16.8.2016 7.59 ip. "Fábio Fernandes" <fabiogfernan...@gmail.com 
>>> > <mailto:fabiogfernan...@gmail.com>> kirjoitti:
>>> > I have been trying to integrate OpenVAS with Sourcefire for sometime now 
>>> > without success. I have seen in this threads 
>>> > http://lists.wald.intevation.org/pipermail/openvas-discuss/2012-October/004602.html
>>> >  
>>> > <http://lists.wald.intevation.org/pipermail/openvas-discuss/2012-October/004602.html>,
>>> >  
>>> > http://lists.wald.intevation.org/pipermail/openvas-discuss/2012-December/004771.html
>>> >  
>>> > <http://lists.wald.intevation.org/pipermail/openvas-discuss/2012-December/004771.html>
>>> >  that when we import the Sourcefire report format from 
>>> > http://greenbone.net/technology/report_formats.de.html 
>>> > <http://greenbone.net/technology/report_formats.de.html> it returns an 
>>> > HTTP 500 error. I have solved this issue by downloading the source code 
>>> > and retrieving the sourcefire report format files and change them to 
>>> > support gpg signatures t

Re: [Openvas-discuss] Sourcefire integration

2016-08-17 Thread Fábio Fernandes 
That is what i think too. But its strange that it appears in the free version 
and in the INSTALL file of the free version it looks like they use the same 
version but leave some internal components out or maybe they forgot to put it 
there because it is an feature not used normally by first time users. Anyway it 
would be nice if someone with the Greenbone paid version could confirm this.
> No dia 17/08/2016, às 12:22, Eero Volotinen <eero.voloti...@iki.fi> escreveu:
> 
> I think it's only available on commercial greenbone version.
> 
> So, you should buy greenbone to get connector 
> 
> --
> Eero
> 
> 2016-08-17 13:55 GMT+03:00 Fábio Fernandes <fabiogfernan...@gmail.com 
> <mailto:fabiogfernan...@gmail.com>>:
> Strange. If you go to OpenVAS menu Configurations->Alerts and create a new 
> Alert you see an option that says Sourcefire Connector and the configuration 
> fields for it maybe it is not fully implemented.
> Another strange thing as i said in the first post is that in the INSTALL file 
> in the OpenVAS Manager source code it says that it has a Sourcefire Connector 
> but in order for it to work it needs a program that i cannot find anywhere.
> 
> …
> Prerequisites for Sourcefire Connector alert:
> * A program in the PATH called greenbone_sourcefire_connector that takes args
>   IP, port, PKCS12 file and report file in Sourcefire format.
> … 
> 
> I would like to find this program as i think it is the only thing i need to 
> get it working.
> 
>> No dia 17/08/2016, às 08:07, Eero Volotinen <eero.voloti...@iki.fi 
>> <mailto:eero.voloti...@iki.fi>> escreveu:
>> 
>> Well. there is no sourcefire connector for openvas. Only supported format is 
>> sourcefire report that you can manually import to sourcefire system.
>> 
>> ref: 
>> https://svn.wald.intevation.org/svn/openvas/trunk/openvas-manager/report_formats/sourcefire/generate
>>  
>> <https://svn.wald.intevation.org/svn/openvas/trunk/openvas-manager/report_formats/sourcefire/generate>
>>  (source)
>> 
>> Eero
>> 
>> 2016-08-17 5:50 GMT+03:00 Fábio Fernandes <fabiogfernan...@gmail.com 
>> <mailto:fabiogfernan...@gmail.com>>:
>> I think it is supported because it has an specific alert for it and 
>> Greenbone appliances use the same version that is available. If it was not 
>> supported why there would be an alert for it and why the connector was 
>> mentioned in the INSTALL file?
>> 
>> > I think it is not supported on openvas.
>> >
>> > Eero
>> >
>> >
>> > 16.8.2016 7.59 ip. "Fábio Fernandes" <fabiogfernan...@gmail.com 
>> > <mailto:fabiogfernan...@gmail.com>> kirjoitti:
>> > I have been trying to integrate OpenVAS with Sourcefire for sometime now 
>> > without success. I have seen in this threads 
>> > http://lists.wald.intevation.org/pipermail/openvas-discuss/2012-October/004602.html
>> >  
>> > <http://lists.wald.intevation.org/pipermail/openvas-discuss/2012-October/004602.html>,
>> >  
>> > http://lists.wald.intevation.org/pipermail/openvas-discuss/2012-December/004771.html
>> >  
>> > <http://lists.wald.intevation.org/pipermail/openvas-discuss/2012-December/004771.html>
>> >  that when we import the Sourcefire report format from 
>> > http://greenbone.net/technology/report_formats.de.html 
>> > <http://greenbone.net/technology/report_formats.de.html> it returns an 
>> > HTTP 500 error. I have solved this issue by downloading the source code 
>> > and retrieving the sourcefire report format files and change them to 
>> > support gpg signatures that OpenVAS 8 uses. Next i generated gpg keys in 
>> > the OpenVAS homedir and imported the files create_report_import, 
>> > sourcefire.xsl, and generate to the OpenVAS machine and ran 
>> > create_report_import. That generated the correct sourcefire.xml that i 
>> > imported to OpenVAS GSA without error and then i changed the status to 
>> > active. After that i scanned a target and saved the report in Sourcefire 
>> > format and it was correct. (I tested this in Ubuntu, Kali, and CentOS 
>> > versions and for some reason there seems to be a bug in the CentOS version 
>> > because the report saved is empty with 0KB but it works for the other 
>> > versions) After that i tested the connection from the OpenVAS machine to 
>> > the Sourcefire DC 8307 port and it was open, generated the pkcs12 file in 
>> > the Sourcefire DC for Openvas with the correct IP, created the respective 
>> > Alert with th

Re: [Openvas-discuss] Sourcefire integration

2016-08-16 Thread Fábio Fernandes 
I think it is supported because it has an specific alert for it and Greenbone 
appliances use the same version that is available. If it was not supported why 
there would be an alert for it and why the connector was mentioned in the 
INSTALL file?

> I think it is not supported on openvas.
> 
> Eero
> 
> 
> 16.8.2016 7.59 ip. "Fábio Fernandes" <fabiogfernan...@gmail.com> kirjoitti:
> I have been trying to integrate OpenVAS with Sourcefire for sometime now 
> without success. I have seen in this threads 
> http://lists.wald.intevation.org/pipermail/openvas-discuss/2012-October/004602.html,
>  
> http://lists.wald.intevation.org/pipermail/openvas-discuss/2012-December/004771.html
>  that when we import the Sourcefire report format from 
> http://greenbone.net/technology/report_formats.de.html it returns an HTTP 500 
> error. I have solved this issue by downloading the source code and retrieving 
> the sourcefire report format files and change them to support gpg signatures 
> that OpenVAS 8 uses. Next i generated gpg keys in the OpenVAS homedir and 
> imported the files create_report_import, sourcefire.xsl, and generate to the 
> OpenVAS machine and ran create_report_import. That generated the correct 
> sourcefire.xml that i imported to OpenVAS GSA without error and then i 
> changed the status to active. After that i scanned a target and saved the 
> report in Sourcefire format and it was correct. (I tested this in Ubuntu, 
> Kali, and CentOS versions and for some reason there seems to be a bug in the 
> CentOS version because the report saved is empty with 0KB but it works for 
> the other versions) After that i tested the connection from the OpenVAS 
> machine to the Sourcefire DC 8307 port and it was open, generated the pkcs12 
> file in the Sourcefire DC for Openvas with the correct IP, created the 
> respective Alert with the Sourcefire IP and the pkcs12 certificate file. Ran 
> a scan and nothing happened, even listening with tcpdump there was no 
> connection made and the OpenVAS Manager log (raised to level 128) presented 
> the following lines :
> 
> event task:MESSAGE:2016-08-16 16h17.09 UTC:23869: Status of task cyberwatch 
> (b243b1b7-da5c-40fd-b047-59b3ce3fe38b) has changed to Requested
> event task:MESSAGE:2016-08-16 16h17.09 UTC:23869: Task 
> b243b1b7-da5c-40fd-b047-59b3ce3fe38b has been requested to start by admin
> event task:MESSAGE:2016-08-16 16h17.12 UTC:23871: Status of task cyberwatch 
> (b243b1b7-da5c-40fd-b047-59b3ce3fe38b) has changed to Running
> event task:MESSAGE:2016-08-16 16h57.39 UTC:23871: Status of task cyberwatch 
> (b243b1b7-da5c-40fd-b047-59b3ce3fe38b) has changed to Done
> event alert:MESSAGE:2016-08-16 16h57.39 UTC:23871: The alert for task 
> cyberwatch was triggered (Event: Task status changed to 'Done', Condition: 
> Always)
> 
> . After that i investigated what happens when an alert is executed and found 
> out this in the INSTALL file in the OpenVAS Manager source code:
> 
> Prerequisites for Sourcefire Connector alert:
> * A program in the PATH called greenbone_sourcefire_connector that takes args
>   IP, port, PKCS12 file and report file in Sourcefire format.
> 
> And then found that the Sourcefire alert script is called by the OpenVAS 
> Manager and this script present in the installation (path: 
> /usr/share/openvas/openvasmd/global_alert_methods/) executes the 
> greenbone_sourcefire_connector program from PATH.
> I could not find this greenbone_sourcefire_connector program in any of the 
> OpenVAS versions that i installed or even on the Internet. Does someone have 
> this file or it only exists in the Greenbone Appliances as their manual show 
> how to configure this functionality. Can anybody help me with this please?
> 
> 
> ___
> Openvas-discuss mailing list
> Openvas-discuss@wald.intevation.org
> https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss

___
Openvas-discuss mailing list
Openvas-discuss@wald.intevation.org
https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss

[Openvas-discuss] Sourcefire integration

2016-08-16 Thread Fábio Fernandes 
I have been trying to integrate OpenVAS with Sourcefire for sometime now 
without success. I have seen in this threads 
http://lists.wald.intevation.org/pipermail/openvas-discuss/2012-October/004602.html
 
,
 
http://lists.wald.intevation.org/pipermail/openvas-discuss/2012-December/004771.html
 

 that when we import the Sourcefire report format from 
http://greenbone.net/technology/report_formats.de.html 
 it returns an HTTP 500 
error. I have solved this issue by downloading the source code and retrieving 
the sourcefire report format files and change them to support gpg signatures 
that OpenVAS 8 uses. Next i generated gpg keys in the OpenVAS homedir and 
imported the files create_report_import, sourcefire.xsl, and generate to the 
OpenVAS machine and ran create_report_import. That generated the correct 
sourcefire.xml that i imported to OpenVAS GSA without error and then i changed 
the status to active. After that i scanned a target and saved the report in 
Sourcefire format and it was correct. (I tested this in Ubuntu, Kali, and 
CentOS versions and for some reason there seems to be a bug in the CentOS 
version because the report saved is empty with 0KB but it works for the other 
versions) After that i tested the connection from the OpenVAS machine to the 
Sourcefire DC 8307 port and it was open, generated the pkcs12 file in the 
Sourcefire DC for Openvas with the correct IP, created the respective Alert 
with the Sourcefire IP and the pkcs12 certificate file. Ran a scan and nothing 
happened, even listening with tcpdump there was no connection made and the 
OpenVAS Manager log (raised to level 128) presented the following lines :

event task:MESSAGE:2016-08-16 16h17.09 UTC:23869: Status of task cyberwatch 
(b243b1b7-da5c-40fd-b047-59b3ce3fe38b) has changed to Requested
event task:MESSAGE:2016-08-16 16h17.09 UTC:23869: Task 
b243b1b7-da5c-40fd-b047-59b3ce3fe38b has been requested to start by admin
event task:MESSAGE:2016-08-16 16h17.12 UTC:23871: Status of task cyberwatch 
(b243b1b7-da5c-40fd-b047-59b3ce3fe38b) has changed to Running
event task:MESSAGE:2016-08-16 16h57.39 UTC:23871: Status of task cyberwatch 
(b243b1b7-da5c-40fd-b047-59b3ce3fe38b) has changed to Done
event alert:MESSAGE:2016-08-16 16h57.39 UTC:23871: The alert for task 
cyberwatch was triggered (Event: Task status changed to 'Done', Condition: 
Always)

. After that i investigated what happens when an alert is executed and found 
out this in the INSTALL file in the OpenVAS Manager source code:

Prerequisites for Sourcefire Connector alert:
* A program in the PATH called greenbone_sourcefire_connector that takes args
  IP, port, PKCS12 file and report file in Sourcefire format.

And then found that the Sourcefire alert script is called by the OpenVAS 
Manager and this script present in the installation (path: 
/usr/share/openvas/openvasmd/global_alert_methods/) executes the 
greenbone_sourcefire_connector program from PATH.
I could not find this greenbone_sourcefire_connector program in any of the 
OpenVAS versions that i installed or even on the Internet. Does someone have 
this file or it only exists in the Greenbone Appliances as their manual show 
how to configure this functionality. Can anybody help me with this please?

___
Openvas-discuss mailing list
Openvas-discuss@wald.intevation.org
https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss

[Openvas-discuss] OpenVAS -> Sourcefire connector Alert

2016-07-21 Thread Fábio Fernandes 
Hi i am trying to use the source fire connector. 
I already managed to install sourcefire report format and it works and then i 
tested the alert but it makes no connection at all.
Then i investigated in the source code and found that OpenVAS Manager executes 
an script called greenbone_sourcefire_connector that is required in the INSTALL 
from openvas-manager source.
 Does anyone know where to find this script? I have tried to find it in older 
sources but without success. Thanks!

___
Openvas-discuss mailing list
Openvas-discuss@wald.intevation.org
https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss