Re: [Openvas-discuss] OpenVAS HTTP test OPTIONS requests

[Xinhuan Zheng]

Hi Christian,

For some reason, our target host returns content as if they were getting
GET requests, not returning Allow: header. I thought it may be redirect
can cause that. I have to figure out how to change target host
configuration to disabling OPTIONS requests.
Thanks,

- xinhuan

On 8/22/18, 12:43 PM, "Christian Fischer"
 wrote:

>Hi,
>
>On 17.08.2018 18:08, Xinhuan Zheng wrote:
>> Hello,
>> 
>> In our recent OpenVAS scan, our host has HTTP service running so the
>> scanning software tests a lot of URLs. However, in the target host
>>access
>> log, we saw tons of OPTIONS requests being issued by scanning software.
>> Per some research, OPTIONS is a type of HTTP request that is pre-flight
>>in
>> Cross-origin resource. The normal GET request would return a document
>>with
>> bunch of objects, like json, images, etc. Can I limit OpenVAS not
>>issuing
>> OPTIONS requests?
>> Thank you,
>
>there is no such possibility included in OpenVAS besides excluding the
>NVT(s) doing those OPTIONS requests from your scan configuration.
>
>Could you elaborate why you want to limit OpenVAS not issuing OPTIONS
>requests?
>
>Regards,
>
>--
>
>Christian Fischer | PGP Key: 0x54F3CE5B76C597AD
>Greenbone Networks GmbH | https://www.greenbone.net
>Neumarkt 12, 49074 Osnabrück, Germany | AG Osnabrück, HR B 202460
>Geschäftsführer: Lukas Grunwald, Dr. Jan-Oliver Wagner

___
Openvas-discuss mailing list
Openvas-discuss@wald.intevation.org
https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss

[Openvas-discuss] OpenVAS HTTP test OPTIONS requests

[Xinhuan Zheng]

Hello,

In our recent OpenVAS scan, our host has HTTP service running so the
scanning software tests a lot of URLs. However, in the target host access
log, we saw tons of OPTIONS requests being issued by scanning software.
Per some research, OPTIONS is a type of HTTP request that is pre-flight in
Cross-origin resource. The normal GET request would return a document with
bunch of objects, like json, images, etc. Can I limit OpenVAS not issuing
OPTIONS requests?
Thank you,

- Xinhuan Zheng

___
Openvas-discuss mailing list
Openvas-discuss@wald.intevation.org
https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss

Re: [Openvas-discuss] openvasmd 100% CPU utilization

[Xinhuan Zheng]

Daniel,

Since you run nightly scans, check /etc/cron.d the openvas scheduled cron jobs. 
They probably need to be re-scheduled when the system is quiet, i.e., no scan 
running. If you re-schedule the cron jobs and leave the scan running nightly, 
would you see the same thing happens?

- Xinhuan

From: Openvas-discuss 
mailto:openvas-discuss-boun...@wald.intevation.org>>
 on behalf of Daniel Bray 
mailto:db...@satcomdirect.com>>
Date: Wednesday, June 13, 2018 at 10:23 AM
To: 
"openvas-discuss@wald.intevation.org<mailto:openvas-discuss@wald.intevation.org>"
 
mailto:openvas-discuss@wald.intevation.org>>
Subject: Re: [Openvas-discuss] openvasmd 100% CPU utilization

Xinhuan,

Thanks for the reply. I’ve done that, daily, and every day after our nightly 
scans run the same thing happens. The scans finish, I come in the next morning 
to review, and I notice the CPU is back up to 100% utilization, and it’s 
openvasmd.


Daniel Bray
Office: +1 321-525-8081
Mobile: +1 321-213-8360

From: Xinhuan Zheng mailto:xzh...@christianbook.com>>
Sent: Wednesday, June 13, 2018 10:21 AM
To: Daniel Bray mailto:db...@satcomdirect.com>>; 
openvas-discuss@wald.intevation.org<mailto:openvas-discuss@wald.intevation.org>
Subject: Re: [Openvas-discuss] openvasmd 100% CPU utilization

Hello Daniel,

It appears the openvasmd process is stuck and placed into CPU run queue but not 
able to proceed. Because your system overall CPU idle is 87.2%, that shows you 
have enough CPU capacity on the system. I think you should kill the current 
openvasmd process and restart openvas service.

- Xinhuan

From: Openvas-discuss 
mailto:openvas-discuss-boun...@wald.intevation.org>>
 on behalf of Daniel Bray 
mailto:db...@satcomdirect.com>>
Date: Tuesday, June 12, 2018 at 3:56 PM
To: 
"openvas-discuss@wald.intevation.org<mailto:openvas-discuss@wald.intevation.org>"
 
mailto:openvas-discuss@wald.intevation.org>>
Subject: [Openvas-discuss] openvasmd 100% CPU utilization

Recently, I’ve noticed the web interface a bit sluggish. Upon examination of 
the server, I noticed the openvasmd process stuck at 100% CPU. There was no 
active scan going on, and I’m the only one that uses this server. Nothing 
should have been utilizing the CPU like that. Here is some of the specifics I 
noticed:

CentOS 7 (latest patches)
8x vCPU and 16 GB RAM

Results of top:

Tasks: 254 total, 2 running, 252 sleeping, 0 stopped, 0 zombie
%Cpu(s): 5.6 us, 7.2 sy, 0.0 ni, 87.2 id, 0.0 wa, 0.0 hi, 0.0 si, 0.0 st
KiB Mem : 16249820 total, 8476724 free, 1105044 used, 6668052 buff/cache
KiB Swap: 4063228 total, 4063228 free, 0 used. 14679544 avail Mem

PID USER PR NI VIRT RES SHR S %CPU %MEM TIME+ COMMAND
69700 root 20 0 445832 152984 1820 R 100.0 0.9 5329:38 openvasmd: Updating


Output from :sudo /usr/bin/openvas-check-setup --v9

Step 2: Checking OpenVAS Manager ...
OK: OpenVAS Manager is present in version 7.0.2.
OK: OpenVAS Manager database found in /var/lib/openvas/mgr/tasks.db.
OK: Access rights for the OpenVAS Manager database are correct.
OK: sqlite3 found, extended checks of the OpenVAS Manager installation enabled.
OK: OpenVAS Manager database is at revision 184.
OK: OpenVAS Manager expects database at revision 184.
OK: Database schema is up to date.
OK: OpenVAS Manager database contains information about 45368 NVTs.
OK: At least one user exists.
OK: OpenVAS SCAP database found in /var/lib/openvas/scap-data/scap.db.
OK: OpenVAS CERT database found in /var/lib/openvas/cert-data/cert.db.
OK: xsltproc found.


/var/log/openvas/openvasmd.log

md omp:WARNING:2018-06-12 02h56.43 utc:37560: Authentication failure for 
'sadmin' from ::
md omp:WARNING:2018-06-12 02h56.46 utc:37567: Authentication failure for 
'admin' from ::
md omp:WARNING:2018-06-12 02h56.47 utc:37583: Authentication failure for 
'admin' from ::
md main:MESSAGE:2018-06-12 16h47.05 utc:68214: OpenVAS Manager version 7.0.2 
(DB revision 184)
md manage: INFO:2018-06-12 16h47.05 utc:68214: Getting users.


Database size:
-rw--- 1 root root 217M Jun  9 01:39 /var/lib/openvas/mgr/tasks.db


I was curious if I should openvas-migrate-to-postgres would be a path to fix 
this issue. Nothing in the log files show any issue, so I’m not really sure 
what openvasmd is stuck “Updating”.

Any suggestions?


Daniel Bray
Office: +1 321-525-8081
Mobile: +1 321-213-8360

___
Openvas-discuss mailing list
Openvas-discuss@wald.intevation.org
https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss

Re: [Openvas-discuss] openvasmd 100% CPU utilization

[Xinhuan Zheng]

Hello Daniel,

It appears the openvasmd process is stuck and placed into CPU run queue but not 
able to proceed. Because your system overall CPU idle is 87.2%, that shows you 
have enough CPU capacity on the system. I think you should kill the current 
openvasmd process and restart openvas service.

- Xinhuan

From: Openvas-discuss 
mailto:openvas-discuss-boun...@wald.intevation.org>>
 on behalf of Daniel Bray 
mailto:db...@satcomdirect.com>>
Date: Tuesday, June 12, 2018 at 3:56 PM
To: 
"openvas-discuss@wald.intevation.org"
 
mailto:openvas-discuss@wald.intevation.org>>
Subject: [Openvas-discuss] openvasmd 100% CPU utilization

Recently, I’ve noticed the web interface a bit sluggish. Upon examination of 
the server, I noticed the openvasmd process stuck at 100% CPU. There was no 
active scan going on, and I’m the only one that uses this server. Nothing 
should have been utilizing the CPU like that. Here is some of the specifics I 
noticed:

CentOS 7 (latest patches)
8x vCPU and 16 GB RAM

Results of top:

Tasks: 254 total, 2 running, 252 sleeping, 0 stopped, 0 zombie
%Cpu(s): 5.6 us, 7.2 sy, 0.0 ni, 87.2 id, 0.0 wa, 0.0 hi, 0.0 si, 0.0 st
KiB Mem : 16249820 total, 8476724 free, 1105044 used, 6668052 buff/cache
KiB Swap: 4063228 total, 4063228 free, 0 used. 14679544 avail Mem

PID USER PR NI VIRT RES SHR S %CPU %MEM TIME+ COMMAND
69700 root 20 0 445832 152984 1820 R 100.0 0.9 5329:38 openvasmd: Updating


Output from :sudo /usr/bin/openvas-check-setup --v9

Step 2: Checking OpenVAS Manager ...
OK: OpenVAS Manager is present in version 7.0.2.
OK: OpenVAS Manager database found in /var/lib/openvas/mgr/tasks.db.
OK: Access rights for the OpenVAS Manager database are correct.
OK: sqlite3 found, extended checks of the OpenVAS Manager installation enabled.
OK: OpenVAS Manager database is at revision 184.
OK: OpenVAS Manager expects database at revision 184.
OK: Database schema is up to date.
OK: OpenVAS Manager database contains information about 45368 NVTs.
OK: At least one user exists.
OK: OpenVAS SCAP database found in /var/lib/openvas/scap-data/scap.db.
OK: OpenVAS CERT database found in /var/lib/openvas/cert-data/cert.db.
OK: xsltproc found.


/var/log/openvas/openvasmd.log

md omp:WARNING:2018-06-12 02h56.43 utc:37560: Authentication failure for 
'sadmin' from ::
md omp:WARNING:2018-06-12 02h56.46 utc:37567: Authentication failure for 
'admin' from ::
md omp:WARNING:2018-06-12 02h56.47 utc:37583: Authentication failure for 
'admin' from ::
md main:MESSAGE:2018-06-12 16h47.05 utc:68214: OpenVAS Manager version 7.0.2 
(DB revision 184)
md manage: INFO:2018-06-12 16h47.05 utc:68214: Getting users.


Database size:
-rw--- 1 root root 217M Jun  9 01:39 /var/lib/openvas/mgr/tasks.db


I was curious if I should openvas-migrate-to-postgres would be a path to fix 
this issue. Nothing in the log files show any issue, so I’m not really sure 
what openvasmd is stuck “Updating”.

Any suggestions?


Daniel Bray
Office: +1 321-525-8081
Mobile: +1 321-213-8360

___
Openvas-discuss mailing list
Openvas-discuss@wald.intevation.org
https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss

Re: [Openvas-discuss] No OpenVAS SCAP database found

[Xinhuan Zheng]

I created this directory under /var/lib/openvas:
mkdir -p scap-download
Ran greenbone-scapdata-sync, still getting the same error.
Where is supposed to be /scap-download directory created?
Thanks,
- xinhuan

On 5/17/18, 3:50 PM, "Openvas-discuss on behalf of Reindl Harald"
<openvas-discuss-boun...@wald.intevation.org on behalf of
h.rei...@thelounge.net> wrote:

>
>receiving incremental file list
>rsync: opendir "/scap-download" (in scap-data) failed: Permission denied
>(13)
>IO error encountered -- skipping file deletion
>
>Am 17.05.2018 um 21:48 schrieb Xinhuan Zheng:
>> Hello,
>> 
>> Today when I set up a brand new OpenVAS server on CentOS 7 system, after
>> running openvas-setup, I received below error when logging into GUI:
>> 
>> Warning: SecInfo Database Missing
>> 
>> I ran openvas-check-setup -v9. There is errors:
>> 
>> Step 2: Checking OpenVAS Manager ...
>> OK: OpenVAS Manager is present in version 7.0.2.
>> OK: OpenVAS Manager database found in
>>/var/lib/openvas/mgr/tasks.db.
>> OK: Access rights for the OpenVAS Manager database are correct.
>> OK: sqlite3 found, extended checks of the OpenVAS Manager
>> installation enabled.
>> OK: OpenVAS Manager database is at revision 184.
>> OK: OpenVAS Manager expects database at revision 184.
>> OK: Database schema is up to date.
>> OK: OpenVAS Manager database contains information about 45004
>>NVTs.
>> OK: At least one user exists.
>> ERROR: No OpenVAS SCAP database found. (Tried:
>> /var/lib/openvas/scap-data/scap.db)
>> FIX: Run a SCAP synchronization script like
>>greenbone-scapdata-sync.
>> 
>>  ERROR: Your OpenVAS-9 installation is not yet complete!
>> 
>> However, when I tried to run /usr/sbin/greenbone-scapdata-sync, I
>> received below errors:
>> 
>> #  /usr/sbin/greenbone-scapdata-sync
>> OpenVAS community feed server - http://www.openvas.org/
>> This service is hosted by Greenbone Networks - http://www.greenbone.net/
>> 
>> All transactions are logged.
>> 
>> If you have any questions, please use the OpenVAS mailing lists
>> or the OpenVAS IRC chat. See http://www.openvas.org/ for details.
>> 
>> By using this service you agree to our terms and conditions.
>> 
>> Only one sync per time, otherwise the source ip will be blocked.
>> 
>> receiving incremental file list
>> timestamp
>>  13 100%   12.70kB/s0:00:00 (xfr#1, to-chk=0/1)
>> 
>> sent 43 bytes  received 105 bytes  98.67 bytes/sec
>> total size is 13  speedup is 0.09
>> OpenVAS community feed server - http://www.openvas.org/
>> This service is hosted by Greenbone Networks - http://www.greenbone.net/
>> 
>> All transactions are logged.
>> 
>> If you have any questions, please use the OpenVAS mailing lists
>> or the OpenVAS IRC chat. See http://www.openvas.org/ for details.
>> 
>> By using this service you agree to our terms and conditions.
>> 
>> Only one sync per time, otherwise the source ip will be blocked.
>> 
>> receiving incremental file list
>> rsync: opendir "/scap-download" (in scap-data) failed: Permission denied
>> (13)
>> IO error encountered -- skipping file deletion
>> ./
>> timestamp
>>  13 100%   12.70kB/s0:00:00 (xfr#1, to-chk=102/162)
>> 
>> sent 99 bytes  received 4,236 bytes  2,890.00 bytes/sec
>> total size is 1,866,433,683  speedup is 430,549.87
>> rsync error: some files/attrs were not transferred (see previous errors)
>> (code 23) at main.c(1650) [generator=3.1.2]
>> 
>> Can someone please help?
>___
>Openvas-discuss mailing list
>Openvas-discuss@wald.intevation.org
>https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss

___
Openvas-discuss mailing list
Openvas-discuss@wald.intevation.org
https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss

[Openvas-discuss] No OpenVAS SCAP database found

[Xinhuan Zheng]

Hello,

Today when I set up a brand new OpenVAS server on CentOS 7 system, after 
running openvas-setup, I received below error when logging into GUI:

Warning: SecInfo Database Missing

I ran openvas-check-setup -v9. There is errors:

Step 2: Checking OpenVAS Manager ...
OK: OpenVAS Manager is present in version 7.0.2.
OK: OpenVAS Manager database found in /var/lib/openvas/mgr/tasks.db.
OK: Access rights for the OpenVAS Manager database are correct.
OK: sqlite3 found, extended checks of the OpenVAS Manager installation 
enabled.
OK: OpenVAS Manager database is at revision 184.
OK: OpenVAS Manager expects database at revision 184.
OK: Database schema is up to date.
OK: OpenVAS Manager database contains information about 45004 NVTs.
OK: At least one user exists.
ERROR: No OpenVAS SCAP database found. (Tried: 
/var/lib/openvas/scap-data/scap.db)
FIX: Run a SCAP synchronization script like greenbone-scapdata-sync.

 ERROR: Your OpenVAS-9 installation is not yet complete!

However, when I tried to run /usr/sbin/greenbone-scapdata-sync, I received 
below errors:

#  /usr/sbin/greenbone-scapdata-sync
OpenVAS community feed server - http://www.openvas.org/
This service is hosted by Greenbone Networks - http://www.greenbone.net/

All transactions are logged.

If you have any questions, please use the OpenVAS mailing lists
or the OpenVAS IRC chat. See http://www.openvas.org/ for details.

By using this service you agree to our terms and conditions.

Only one sync per time, otherwise the source ip will be blocked.

receiving incremental file list
timestamp
 13 100%   12.70kB/s0:00:00 (xfr#1, to-chk=0/1)

sent 43 bytes  received 105 bytes  98.67 bytes/sec
total size is 13  speedup is 0.09
OpenVAS community feed server - http://www.openvas.org/
This service is hosted by Greenbone Networks - http://www.greenbone.net/

All transactions are logged.

If you have any questions, please use the OpenVAS mailing lists
or the OpenVAS IRC chat. See http://www.openvas.org/ for details.

By using this service you agree to our terms and conditions.

Only one sync per time, otherwise the source ip will be blocked.

receiving incremental file list
rsync: opendir "/scap-download" (in scap-data) failed: Permission denied (13)
IO error encountered -- skipping file deletion
./
timestamp
 13 100%   12.70kB/s0:00:00 (xfr#1, to-chk=102/162)

sent 99 bytes  received 4,236 bytes  2,890.00 bytes/sec
total size is 1,866,433,683  speedup is 430,549.87
rsync error: some files/attrs were not transferred (see previous errors) (code 
23) at main.c(1650) [generator=3.1.2]

Can someone please help?

- xinhuan
___
Openvas-discuss mailing list
Openvas-discuss@wald.intevation.org
https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss

[Openvas-discuss] openvas plugin update problem

[Xinhuan Zheng]

Hello,

Good morning everyone.

I was trying to update our openvas plugin, I.e., NVT feeds. I ran
openvas-nvt-sync command successfully. Then I ran openvasmd --update and
openvasmd --rebuild. Both commands are done without any errors. Then I
restarted openvas-administrator, openvas-manager, openvas-scanner and gsad
daemons. Plugins appear to be loaded successfully. It is ~42K plugins are
loaded. However, when I looked at my admin GUI, in SecInfos Management ‹>
NVTs, it only shows ~6K NVTs are loaded. Then I tried to scan a host, then
report shows below:

Total: 0 0 0 0 0 0
Vendor security updates are not trusted.

Overrides are on. When a result has an override, this report uses the
threat of the override.
Notes are included in the report.
This report might not show details of all issues that were found.
It only lists hosts that produced issues.
Issues with the threat level "Debug" are not shown.
This report contains 0 results.


There isn¹t anything shown in report. I feel something is wrong and don¹t
know what it was. Can this be caused by old version of software or
something else? I plan to rebuild into new scanning server, but would like
to hear your advise about what most recent OS should be and what is
current stable version I should go with?

Thanks,

- xinhuan

 


___
Openvas-discuss mailing list
Openvas-discuss@wald.intevation.org
https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss

Re: [Openvas-discuss] Openvas-discuss Digest, Vol 92, Issue 43

[Xinhuan Zheng]

Hello,

Today I am trying to get the latest bash shellshock vulnerability plugin
via openvas rsync feed but I don¹t see it in my system.

# ls -l *bash*
-rw-r--r-- 1 root root 2579 Nov 14  2013 account_bash.nasl
-rw-r--r-- 1 root root  198 Nov 14  2013 account_bash.nasl.asc
-rw-r--r-- 1 root root 5805 Nov 14  2013
gb_CESA-2011_1073_bash_centos5_i386.nasl
-rw-r--r-- 1 root root  198 Nov 14  2013
gb_CESA-2011_1073_bash_centos5_i386.nasl.asc
-rw-r--r-- 1 root root 5809 Nov 14  2013
gb_CESA-2011_1073_bash_centos5_x86_64.nasl
-rw-r--r-- 1 root root  198 Nov 14  2013
gb_CESA-2011_1073_bash_centos5_x86_64.nasl.asc
-rw-r--r-- 1 root root 4912 Nov 14  2013 gb_RHSA-2011_0261-01_bash.nasl
-rw-r--r-- 1 root root  198 Nov 14  2013 gb_RHSA-2011_0261-01_bash.nasl.asc
-rw-r--r-- 1 root root 5970 Nov 14  2013 gb_RHSA-2011_1073-01_bash.nasl
-rw-r--r-- 1 root root  198 Nov 14  2013 gb_RHSA-2011_1073-01_bash.nasl.asc

I ran /usr/local/scripts/openvas-nvt-sync.sh. How do I get this plugin?

Thanks,
- xinhuan

___
Openvas-discuss mailing list
Openvas-discuss@wald.intevation.org
https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss

Re: [Openvas-discuss] Heartblee plugin

[Xinhuan Zheng]

Hello OpenVAS discussion group,

We are using OpenVAS the recent version (6). What is the procedure to get
updated plugin, Heartblee plugin?

Thanks,
Xinhuan Zheng 

___
Openvas-discuss mailing list
Openvas-discuss@wald.intevation.org
https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss

Re: [Openvas-discuss] Range header DoS vulnerability Apache HTTPD 1.3/2.x

[Xinhuan Zheng]

Hi Veerendra,

I found this NVT in my scan config. The strange thing is it didn't detect
our web server this vulnerability. Our web server is using apache 1.3.42.
It is detected by another scanning tool but not by OpenVAS.


Thanks,
- xinhuan 

On 9/20/12 8:15 AM, Veerendra Ganiger veerendr...@secpod.com wrote:

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

Hello Xinhuan,

We already have the NVT for that
secpod_apache_http_srv_range_header_dos_vuln.nasl.


Thanks!
Veerendra

On Wednesday 19 September 2012 09:38 PM, Xinhuan Zheng wrote:
 Hi,
 
 We use latest OpenVAS tool version 5 to do internal scan in our company.
 However, recently we found that there is one particular apache
 vulnerability not caught by this tool. This vulnerability is documented
in
 this link: 
 
 
http://mail-archives.apache.org/mod_mbox/httpd-announce/201108.mbox/%3C20
11
 0824161640.122d38...@minotaur.apache.org%3E
 
 To make this tool more useful, can openvas community work on this issue
 and add appropriate plugin for this vulnerability?
 
 Thanks,
 Xinhuan Zheng
 
 ___
 Openvas-discuss mailing list
 Openvas-discuss@wald.intevation.org
 
http://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss
 
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.10 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://www.enigmail.net/

iQEcBAEBAgAGBQJQWwj2AAoJEFdbOg70fJia7XkH/3Yz5UQeJQhGE+ZIX01WT8rf
/CWTJd4/LhxtsGY3QCtgorjhc/LU1szY8+Vovw9K4z84VgXzaXH7dfGrplnGEg/a
wMdXlfsihg4U8DE+LERkEGDGt6haJZznXaZ8Di536xuU1EL1Fdho7tbph/GW7D00
agjs9lRf3ZKwuynMHt9sefkv98Cn6QfulTcqW4eoQaFYutJEpRj9kUzvvJXJAWd7
IfcUi18pRcDreeNlx2eLhAjr23uh9zQZUXVeMjRpSic6XXlWJq5CDYVygHhzejlq
cADIXS/MmFRiK8reAVRLaReOD24x57Zn6ve4CkmMmbupEXtenm4r47DgbXtu6cU=
=Desq
-END PGP SIGNATURE-

___
Openvas-discuss mailing list
Openvas-discuss@wald.intevation.org
http://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss

[Openvas-discuss] Range header DoS vulnerability Apache HTTPD 1.3/2.x

[Xinhuan Zheng]

Hi,

We use latest OpenVAS tool version 5 to do internal scan in our company.
However, recently we found that there is one particular apache
vulnerability not caught by this tool. This vulnerability is documented in
this link: 

http://mail-archives.apache.org/mod_mbox/httpd-announce/201108.mbox/%3C2011
0824161640.122d38...@minotaur.apache.org%3E

To make this tool more useful, can openvas community work on this issue
and add appropriate plugin for this vulnerability?

Thanks,
Xinhuan Zheng

___
Openvas-discuss mailing list
Openvas-discuss@wald.intevation.org
http://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss

Re: [Openvas-discuss] Questions about openvas client in batch mode

[Xinhuan Zheng]

Can you please show me some usage examples of omp-cli command for version 3? 
The web site you are referring to has no such information and I've tried all 
kinds commands with no luck.

Thanks,

- xinhuan

-Original Message-
From: matthew.mund...@greenbone.net [mailto:matthew.mund...@greenbone.net] 
Sent: Friday, May 20, 2011 2:36 AM
To: Xinhuan Zheng
Cc: openvas-discuss@wald.intevation.org
Subject: Re: [Openvas-discuss] Questions about openvas client in batch mode

 I am not using latest version of openvas. Our version is 3. In this
 version, what is omp-cli command used for?

omp-cli is still recommended for version 3.

 Is my OpenVAS-Client command correct to get PDF format report?

Looking at the OpenVAS-Client manual you should be using -T tex instead
of -T pdf, and your output file should be results_${DATE}_$$.tex.
Presumably, you should then call pdflatex on results_${DATE}_$$.tex.

--
Greenbone Networks GmbH
Neuer Graben 17, 49074 Osnabrueck, Germany | AG Osnabrueck, HR B 202460
Executive Directors: Lukas Grunwald, Dr. Jan-Oliver Wagner
___
Openvas-discuss mailing list
Openvas-discuss@wald.intevation.org
http://lists.wald.intevation.org/mailman/listinfo/openvas-discuss

Re: [Openvas-discuss] Questions about openvas client in batch mode

[Xinhuan Zheng]

Good to know. Will try out the new version.

-Original Message-
From: matthew.mund...@greenbone.net [mailto:matthew.mund...@greenbone.net] 
Sent: Friday, May 20, 2011 10:38 AM
To: Xinhuan Zheng
Cc: openvas-discuss@wald.intevation.org
Subject: Re: [Openvas-discuss] Questions about openvas client in batch mode

 omp-cli --version
 OMP Command Line Interface (omp-cli) 0.0.1 for Linux

The 3.1 release is at CLI 1.0.1.  How about installing OpenVAS 4?

--
Greenbone Networks GmbH
Neuer Graben 17, 49074 Osnabrueck, Germany | AG Osnabrueck, HR B 202460
Executive Directors: Lukas Grunwald, Dr. Jan-Oliver Wagner
___
Openvas-discuss mailing list
Openvas-discuss@wald.intevation.org
http://lists.wald.intevation.org/mailman/listinfo/openvas-discuss

[Openvas-discuss] Questions about openvas client in batch mode

[Xinhuan Zheng]

Hi,

I am trying to accomplish the following things using openvas client in batch 
mode:


1)  What is omp-cli command used for? Show some examples for its usage

2)  Can I use the following command to generate pdf format report?

/usr/bin/OpenVAS-Client  -c  $OPENVASRC  -T pdf -qx  localhost  9390  user 
secretword $TARGET  results_${DATE}_$$.html

Thanks,


-  xinhuan
___
Openvas-discuss mailing list
Openvas-discuss@wald.intevation.org
http://lists.wald.intevation.org/mailman/listinfo/openvas-discuss