Re: [Openvas-discuss] How correct vulnerability in own Scanner OpenVAS 9 on Kali Linux 2017
See this thread: http://lists.wald.intevation.org/pipermail/openvas-discuss/2015-April/007730.html I haven't tested it in a while -- those settings may not be good enough anymore. On Fri, Sep 22, 2017 at 2:03 PM, Josemar Masowrote: > Hello Everyone, > > I use OpenVAS 9 in Kali Linux 2017 > > How correct vulnerability medium "SSL/TLS: Report Vulnerable Cipher Suites > for HTTPS" in the proprie in own scanner openvas 9? > > tks. > > Maso, J > > ___ > Openvas-discuss mailing list > Openvas-discuss@wald.intevation.org > https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss > ___ Openvas-discuss mailing list Openvas-discuss@wald.intevation.org https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss
Re: [Openvas-discuss] No reports listed on reports page
Isolated the problem to this changelist: r22349 | mattm | 2015-05-11 07:02:31 -0700 (Mon, 11 May 2015) | 5 lines Backport r22347. * src/manage_sql.c (send_to_sourcefire, send_to_verinice, manage_report) (manage_send_report, manage_schema): Remove /bin/sh from commands, now that all scripts are installed as executable. Ran out of time today to investigate further, but I suspect, from the description, there's a path/permissions/environment problem. From: Openvas-discuss [mailto:openvas-discuss-boun...@wald.intevation.org] On Behalf Of Kent Fritz Sent: Wednesday, July 29, 2015 7:59 PM To: openvas-discuss@wald.intevation.org Subject: Re: [Openvas-discuss] No reports listed on reports page Just ran into this problem myself. Compiled from source on Slackware64 14.1. Downgrading the manager to 6.0.3 allows the reports to be viewed here too. From: Openvas-discuss openvas-discuss-boun...@wald.intevation.orgmailto:openvas-discuss-boun...@wald.intevation.org on behalf of Maarten Broekman maarten.broek...@gmail.commailto:maarten.broek...@gmail.com Sent: Wednesday, July 29, 2015 4:55 AM To: Landry MINOZA Cc: openvas-discuss@wald.intevation.orgmailto:openvas-discuss@wald.intevation.org Subject: Re: [Openvas-discuss] No reports listed on reports page There is a problem with 6.0.4 that prevents the reports from showing up. Even installing from packages, you have to downgrade to the 6.0.3 openvas-manager package to get the reports to show up. They're all there, but 6.0.4 doesn't show them for some reason. This e-mail and any attachments are confidential. If it is not intended for you, please notify the sender, and please erase and ignore the contents. This e-mail and any attachments are confidential. If it is not intended for you, please notify the sender, and please erase and ignore the contents. ___ Openvas-discuss mailing list Openvas-discuss@wald.intevation.org https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss
Re: [Openvas-discuss] No reports listed on reports page
Just ran into this problem myself. Compiled from source on Slackware64 14.1. Downgrading the manager to 6.0.3 allows the reports to be viewed here too. From: Openvas-discuss openvas-discuss-boun...@wald.intevation.org on behalf of Maarten Broekman maarten.broek...@gmail.com Sent: Wednesday, July 29, 2015 4:55 AM To: Landry MINOZA Cc: openvas-discuss@wald.intevation.org Subject: Re: [Openvas-discuss] No reports listed on reports page There is a problem with 6.0.4 that prevents the reports from showing up. Even installing from packages, you have to downgrade to the 6.0.3 openvas-manager package to get the reports to show up. They're all there, but 6.0.4 doesn't show them for some reason. This e-mail and any attachments are confidential. If it is not intended for you, please notify the sender, and please erase and ignore the contents. ___ Openvas-discuss mailing list Openvas-discuss@wald.intevation.org https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss
Re: [Openvas-discuss] Modifying the OpenVAS SSL config
Add the following to your invocation of openvasmd, openvassd, and gsad: --gnutls-priorities=SECURE128:-VERS-SSL3.0 From: Openvas-discuss [openvas-discuss-boun...@wald.intevation.org] on behalf of Christiaan DeVries [christiaan.devr...@hetg.ie] Sent: Tuesday, April 21, 2015 7:04 AM To: openvas-discuss@wald.intevation.org Subject: Re: [Openvas-discuss] Modifying the OpenVAS SSL config Hi all, Just coming back to this one, my system (OpenVAS7 on Fedora 20) still shows up as being prone to POODLE on port 9390 which belongs to openvasmd: [chris@openvas openvas]$ sudo lsof -i:9390 COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME openvasmd 834 root3u IPv4 23286 0t0 TCP *:otp (LISTEN) How can I permanently disable SSLv3 there? Regards, Christiaan de Vries w: +353 1 526 7736 | m: +353 860 234 384 | e: christiaan.devries @hetg.ie | www.DigitalPlanet.ie | www.hetg.ie HIBERNIA HOUSE | Cherrywood Business Park | Loughlinstown | Dublin 18 | Ireland Hibernia Services Ltd. is registered in Ireland, Company Registration No. 170309 © 2014 Digital Planet, part of the HiberniaEvros Technology Group -Original Message- From: Openvas-discuss [mailto:openvas-discuss-boun...@wald.intevation.org] On Behalf Of Chris Sent: 08 December 2014 19:59 To: openvas-discuss@wald.intevation.org Subject: Re: [Openvas-discuss] Modifying the OpenVAS SSL config Hi, For example, the article shows: gsad --gnutls-priorities=SECURE128:-AES-128-CBC:-CAMELLIA-128-CBC:-VERS-SSL3.0:-VERS-TLS1.0 However, in my limited understanding of POODLE, SSLv3 using CBC ciphers are vulnerable to that MITM attack. SSLv3 is disabled via the: -VERS-SSL3.0 string. ___ Openvas-discuss mailing list Openvas-discuss@wald.intevation.org https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss ___ Openvas-discuss mailing list Openvas-discuss@wald.intevation.org https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss This e-mail and any attachments are confidential. If it is not intended for you, please notify the sender, and please erase and ignore the contents. ___ Openvas-discuss mailing list Openvas-discuss@wald.intevation.org https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss
Re: [Openvas-discuss] OpenVAS 8: scans not finishing
More information:: In response to the probe 0x00, 0x00,0x27, 0x29, the port in question returns 0x00, 0x00, which is less than the minimum of 4 bytes requested by the script. If I run the script alone: # openvas-nasl -X -t target -d gb_sap_router_detect.nasl And, on the target, I run: $ ncat -kl 3299 Then the script times out after 5 seconds. But if I press enter on ncat when probed, the script hangs forever. I think this is expected. When running from OpenVAS 7/Greenbone using the Full and fast configuration, the TCP connection is terminated after 120 seconds. I don't know why this times out -- the plugins_timeout is 320 seconds. When running on OpenVAS 8, it never times out, and needs to be stopped manually. I have tcpdumps of both scans, but it doesn't tell much beyond the above. I'll see if I can find a simple way to reproduce this. -Original Message- From: Openvas-discuss [mailto:openvas-discuss-boun...@wald.intevation.org] On Behalf Of Michael Meyer Sent: Tuesday, April 14, 2015 12:03 AM To: openvas-discuss@wald.intevation.org Subject: Re: [Openvas-discuss] OpenVAS 8: scans not finishing *** Kent Fritz wrote: Did the default timeout for recv get changed? I find it's stuck for hours on gb_sap_router_detect.nasl probing a port that's open but probably not responding. I ran the same scan previously on OpenVAS 7 with no problems. If this doesn't sound familiar, I'll run some more experiments and gather some captures. I've never heard about this. Yes, please run some more tests or let me know how i can reproduce this. Micha -- Michael Meyer OpenPGP Key: 0xAF069E9152A6EFA6 http://www.greenbone.net/ Greenbone Networks GmbH, Neuer Graben 17, 49074 Osnabrück | AG Osnabrück, HR B 202460 Geschäftsführer: Lukas Grunwald, Dr. Jan-Oliver Wagner ___ Openvas-discuss mailing list Openvas-discuss@wald.intevation.org https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss This e-mail and any attachments are confidential. If it is not intended for you, please notify the sender, and please erase and ignore the contents. ___ Openvas-discuss mailing list Openvas-discuss@wald.intevation.org https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss
Re: [Openvas-discuss] OpenVAS 8: scans not finishing
Yes, that makes the problem go away, but my bigger concern is that hung scripts are not terminated on OpenVAS 8 based on the plugins_timeout value. I tried (using the original script) with 2 other instances of OpenVAS 7, and they both timed out after 320 seconds, which is what I would expect given the plugins_timeout value. I don't know why I got 120 seconds before. The attached .c file demonstrates this. Just build and run it on your target and run a full and fast scan. (Restart after each scan -- it doesn't reap its zombies). It simulates the behavior of the service that confused the script (a port used by Logitech Media Server). -Original Message- From: Openvas-discuss [mailto:openvas-discuss-boun...@wald.intevation.org] On Behalf Of Michael Meyer Sent: Wednesday, April 15, 2015 10:24 AM To: openvas-discuss@wald.intevation.org Subject: Re: [Openvas-discuss] OpenVAS 8: scans not finishing *** Kent Fritz wrote: More information:: In response to the probe 0x00, 0x00,0x27, 0x29, the port in question returns 0x00, 0x00, which is less than the minimum of 4 bytes requested by the script. If I run the script alone: # openvas-nasl -X -t target -d gb_sap_router_detect.nasl And, on the target, I run: $ ncat -kl 3299 Then the script times out after 5 seconds. But if I press enter on ncat when probed, the script hangs forever. I think this is expected. When running from OpenVAS 7/Greenbone using the Full and fast configuration, the TCP connection is terminated after 120 seconds. I don't know why this times out -- the plugins_timeout is 320 seconds. When running on OpenVAS 8, it never times out, and needs to be stopped manually. I have tcpdumps of both scans, but it doesn't tell much beyond the above. I'll see if I can find a simple way to reproduce this. Does it help to change: buf = recv( socket:soc, min:4, length:4 ); to buf = recv( socket:soc, length:4 ); if( strlen( buf ) 4 ) exit( 0 ); ? Micha -- Michael Meyer OpenPGP Key: 0xAF069E9152A6EFA6 http://www.greenbone.net/ Greenbone Networks GmbH, Neuer Graben 17, 49074 Osnabrück | AG Osnabrück, HR B 202460 Geschäftsführer: Lukas Grunwald, Dr. Jan-Oliver Wagner ___ Openvas-discuss mailing list Openvas-discuss@wald.intevation.org https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss This e-mail and any attachments are confidential. If it is not intended for you, please notify the sender, and please erase and ignore the contents. scanstop.c.gz Description: scanstop.c.gz ___ Openvas-discuss mailing list Openvas-discuss@wald.intevation.org https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss
[Openvas-discuss] OpenVAS 8: scans not finishing
Did the default timeout for recv get changed? I find it's stuck for hours on gb_sap_router_detect.nasl probing a port that's open but probably not responding. I ran the same scan previously on OpenVAS 7 with no problems. If this doesn't sound familiar, I'll run some more experiments and gather some captures. Thanks, Kent. This e-mail and any attachments are confidential. If it is not intended for you, please notify the sender, and please erase and ignore the contents. ___ Openvas-discuss mailing list Openvas-discuss@wald.intevation.org https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss
Re: [Openvas-discuss] Stuck NVT synchronization
Another blocked message. I have a server where the NVT sync through Greenbone failed, so I killed all the daemons and sync'd via the CLI. Now I cannot initiate NVT sync via Greenbone because it thinks that synchronization is in progress. Is there any way to clear this? http://devio.us/~kfritz/stucknvt.png From: Kent Fritz Sent: Wednesday, March 18, 2015 10:23 AM To: openvas-discuss@wald.intevation.org Subject: Stuck NVT synchronization I waited overnight, then killed all the daemons and sync'd via the CLI. Now this won't go away. Is there any way to clear this state? Thanks, Kent. This e-mail and any attachments are confidential. If it is not intended for you, please notify the sender, and please erase and ignore the contents. ___ Openvas-discuss mailing list Openvas-discuss@wald.intevation.org https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss
[Openvas-discuss] Internal error message
[cid:image001.png@01D05BD2.AF1345C0] In case the picture gets stripped: Internal error: get_one:963 (GSA 5.0.6) An internal error occurred while getting a resource. Diagnostics: extra_xml is NULL. I left the session logged in, with refresh every 30 seconds. I think I was in one of the configuration screens. Likely occurred when session timed out (which I have set to 60 minutes). Not a big deal - just reporting it. Thanks, Kent. This e-mail and any attachments are confidential. If it is not intended for you, please notify the sender, and please erase and ignore the contents. ___ Openvas-discuss mailing list Openvas-discuss@wald.intevation.org https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss
Re: [Openvas-discuss] openvas install instructions - debian
Not sure what version you're trying to build, but if you follow the INSTALL file in openvas-libraries-7.0.9.tar.gz, then there is a list of packages for debian at the end of the Prerequisites for openvas-libraries. I'd add build-essential cmake to that list if you're starting from scratch. From: Openvas-discuss [mailto:openvas-discuss-boun...@wald.intevation.org] On Behalf Of Tuley, Brian Sent: Tuesday, March 10, 2015 11:31 AM To: 'Openvas-discuss@wald.intevation.org' Subject: [Openvas-discuss] openvas install instructions - debian Good Day... Does anybody have any up to date install instructions that work? I'm running debian new install 7.8. (wheezy) - it's a basic clean install so I need list of packages. I've tried the following , but they don't work è http://siddou.mynetgear.com/2014/05/install-openvas-7-on-debian-7-wheezy/ - bombs at signature checking è I tried from install doc in source tar but no go there either. è http://lists.wald.intevation.org/pipermail/openvas-devel/2013-March/003165.html non of these sets complete successfully. There's always a step that won't complete. Thanks BT -- Brian Tuley This e-mail and any attachments are confidential. If it is not intended for you, please notify the sender, and please erase and ignore the contents. ___ Openvas-discuss mailing list Openvas-discuss@wald.intevation.org https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss
Re: [Openvas-discuss] (no subject)
I’m running libmicrohttpd 0.9.39 (the latest) with no problems, so I don’t think that’s the problem. From: Openvas-discuss [mailto:openvas-discuss-boun...@wald.intevation.org] On Behalf Of Colin Bruce Sent: Tuesday, February 24, 2015 8:37 AM To: openvas-discuss@wald.intevation.org Subject: [Openvas-discuss] (no subject) Hi, I am at a loss to get OpenVAS to do a scan. No matter what I try I always get the same result. That is nothing. All it does is run for a few seconds and then stop. A search with Google reveals that I am not alone. The log file contains: event task:MESSAGE:2015-02-24 12h12.39 UTC:16937: Task 105955ce-d4bf-4aa1-8f55-30349f7a0e69 has been requested to start by openvasusr event wizard:MESSAGE:2015-02-24 12h12.39 UTC:16937: Wizard quick_first_scan has been run by openvasusr lib serv:WARNING:2015-02-24 12h12.39 UTC:16937:Failed to gnutls_bye: Error in the push function. event task:MESSAGE:2015-02-24 12h12.40 UTC:16942: Status of task Immediate scan of IP 192.168.30.90 (105955ce-d4bf-4aa1-8f55-30349f7a0e69) has changed to Running event task:MESSAGE:2015-02-24 12h12.42 UTC:16942: Status of task Immediate scan of IP 192.168.30.90 (105955ce-d4bf-4aa1-8f55-30349f7a0e69) has changed to Done The advice seems to be to install an old version (around 2010 or 2011 vintage) version of libmicrohttpd. Sadly that version is no longer available. However, having looked at the code I suspect that the Failed to gnutls_bye is not relevant. This is version 7 of OpenVAS. Anyway, is there a fix for this? Best wishes... Colin This e-mail and any attachments are confidential. If it is not intended for you, please notify the sender, and please erase and ignore the contents. ___ Openvas-discuss mailing list Openvas-discuss@wald.intevation.org https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss
Re: [Openvas-discuss] updating scap data fails
I just confirmed that OOM did invoke around the time that the failure occurred for me. From: Openvas-discuss [mailto:openvas-discuss-boun...@wald.intevation.org] On Behalf Of Alexander Rau Sent: Tuesday, February 24, 2015 8:01 PM To: Timo Pollmeier Cc: openvas-discuss@wald.intevation.org Subject: Re: [Openvas-discuss] updating scap data fails Adding a split clip level of 50MB (51200 KB) and copying the xml_split file into /usr/local/share/openvas/scap/ worked for me. Alex On Tue, Feb 24, 2015 at 5:30 AM, Timo Pollmeier timo.pollme...@greenbone.netmailto:timo.pollme...@greenbone.net wrote: Hello, To me, the problem looks like the out-of-memory error Ben described as well. Increasing the amount of memory should help, but if that isn't an option you can use the SPLIT_PART_SIZE setting like he suggested. I mainly wanted to add that for the SPLIT_PART_SIZE setting to work, you need to have the python script xml_split installed. It is currently not installed by default, but it can be found in tools/extra of the manager sources and it has to be copied to [...]/share/openvas/scap/, with [...] being the prefix of the OpenVAS installation (in Alex' case it should be /usr/local). Best regards, Timo On 02/24/2015 09:36 AM, Benoît Allard wrote: I Alex, On 02/23/2015 10:06 PM, Alexander Rau wrote: Hi: I am running openvas-scapdata-sync during initial install and am getting the following error [i] Updating /usr/local/var/lib/openvas/scap-data/nvdcve-2.0-2011.xml Killed -:1217905: parser error : AttValue: ' expected cpe-lang:fact-ref name=c ^ -:1217905: parser error : attributes construct error cpe-lang:fact-ref name=c ^ -:1217905: parser error : Couldn't find end of Start Tag fact-ref line 1217905 cpe-lang:fact-ref name=c ^ -:1217905: parser error : Premature end of data in tag logical-test line 1215810 cpe-lang:fact-ref name=c ^ -:1217905: parser error : Premature end of data in tag vulnerable-configuration line 1215809 cpe-lang:fact-ref name=c ^ -:1217905: parser error : Premature end of data in tag entry line 1215808 cpe-lang:fact-ref name=c ^ -:1217905: parser error : Premature end of data in tag nvd line 2 cpe-lang:fact-ref name=c ^ unable to parse - [e] Update of CVEs failed at file '/usr/local/var/lib/openvas/scap-data/nvdcve-2.0-2011.xml': xsltproc exited with code 137 This is for OpenVAS 8 on Debian 7 I bet that if you look in your kernel logs, you will see the famous OOM killer acting and killing an xslt process. In the SCAP scripts, we introduced a setting to process the huge XML files in chunks. That setting was introduced some time ago already. Look for the SPLIT_PART_SIZE setting on top of the scap-sync script, and set it to a sensible value, this should prevent your problem from happening again. Regards, Ben. -- Timo Pollmeier | Greenbone Networks GmbH | http://www.greenbone.net/ Neuer Graben 17, 49074 Osnabrück, Germany | AG Osnabrück, HR B 202460 Executive Directors: Lukas Grunwald, Dr. Jan-Oliver Wagner ___ Openvas-discuss mailing list Openvas-discuss@wald.intevation.orgmailto:Openvas-discuss@wald.intevation.org https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss This e-mail and any attachments are confidential. If it is not intended for you, please notify the sender, and please erase and ignore the contents. ___ Openvas-discuss mailing list Openvas-discuss@wald.intevation.org https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss
Re: [Openvas-discuss] updating scap data fails
I saw a similar parsing problem on OpenVAS 7. I did not see it after I bumped my VM from 512M/1-CPU to 2G/2-CPU. Lack of memory or CPU may not have been the problem, but when I re-ran after this, I did not see a problem. From: Openvas-discuss [mailto:openvas-discuss-boun...@wald.intevation.org] On Behalf Of Alexander Rau Sent: Monday, February 23, 2015 1:06 PM To: openvas-discuss@wald.intevation.org Subject: [Openvas-discuss] updating scap data fails Hi: I am running openvas-scapdata-sync during initial install and am getting the following error [i] Updating /usr/local/var/lib/openvas/scap-data/nvdcve-2.0-2011.xml Killed -:1217905: parser error : AttValue: ' expected cpe-lang:fact-ref name=c ^ -:1217905: parser error : attributes construct error cpe-lang:fact-ref name=c ^ -:1217905: parser error : Couldn't find end of Start Tag fact-ref line 1217905 cpe-lang:fact-ref name=c ^ -:1217905: parser error : Premature end of data in tag logical-test line 1215810 cpe-lang:fact-ref name=c ^ -:1217905: parser error : Premature end of data in tag vulnerable-configuration line 1215809 cpe-lang:fact-ref name=c ^ -:1217905: parser error : Premature end of data in tag entry line 1215808 cpe-lang:fact-ref name=c ^ -:1217905: parser error : Premature end of data in tag nvd line 2 cpe-lang:fact-ref name=c ^ unable to parse - [e] Update of CVEs failed at file '/usr/local/var/lib/openvas/scap-data/nvdcve-2.0-2011.xml': xsltproc exited with code 137 This is for OpenVAS 8 on Debian 7 Thanks Alex This e-mail and any attachments are confidential. If it is not intended for you, please notify the sender, and please erase and ignore the contents. ___ Openvas-discuss mailing list Openvas-discuss@wald.intevation.org https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss