Re: [Openvas-discuss] SCAP and/or CERT database missing on OMP server
Hi, On 21.09.2018 12:54, Luca Racca wrote: > Hi everyone, > I received this error on a fresh new install of gsm version 4.2.20. > All secinfo database are missing. I've tried to sync cert end scap > database from command line but openvas-certdata-sync and > openvas-scapdata-sync commands are not found. have you followed all steps outlined at [1], especially the following ones: > Download Feed: Without a feed you can not do any scans and the SecInfo > section remains empty. So the download is highly recommended, but > requires internet access. and > The feed update now runs in the background and you are on the main > menu of the administration. Via "About" you can have a look at the key > properties of your setup, especially the address of the web interface > and whether there still runs the Feed update as a system operation. and > Only after the feed update completed there will be all information in > the SecInfo area and first scans possible. This could take half an > hour or even longer. As long as the feed updates are not finished / successful (please use only the menu available via SSH and not the command line for this!) you will get no SecInfo database like explained in the first quote. [1] https://www.greenbone.net/en/install_use_gce/ > Thanks for the help. > Luca Regards, -- Christian Fischer | PGP Key: 0x54F3CE5B76C597AD Greenbone Networks GmbH | https://www.greenbone.net Neumarkt 12, 49074 Osnabrück, Germany | AG Osnabrück, HR B 202460 Geschäftsführer: Lukas Grunwald, Dr. Jan-Oliver Wagner ___ Openvas-discuss mailing list Openvas-discuss@wald.intevation.org https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss
[Openvas-discuss] SCAP and/or CERT database missing on OMP server
Hi everyone, I received this error on a fresh new install of gsm version 4.2.20. All secinfo database are missing. I've tried to sync cert end scap database from command line but openvas-certdata-sync and openvas-scapdata-sync commands are not found. Thanks for the help. Luca ___ Openvas-discuss mailing list Openvas-discuss@wald.intevation.org https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss
[Openvas-discuss] SCAP and/or CERT database missing on OMP server
Hi, I have installed Openvas 6 on centos6.5 in greenbone security assistant I have the following messages: Warning: SecInfo Database Missing SCAP and/or CERT database missing on OMP server. I have synchronized with SCAP Feed Cert Feed in the administration menu, but the message still appears. and when I have run the command openvas-scapdata-sync with the following result: # openvas-scapdata-sync [i] This script synchronizes a SCAP data directory with the OpenVAS one. [i] SCAP dir: /var/lib/openvas/scap-data [i] Will use rsync [i] Using rsync: /usr/bin/rsync [i] Configured SCAP data rsync feed: rsync://feed.openvas.org:/scap-data rsync: failed to connect to feed.openvas.org: Connection refused (111) rsync error: error in socket IO (code 10) at clientserver.c(124) [receiver=3.0.6] Error: rsync failed. Your SCAP data might be broken now. this is my log file: openvas-check-setup 2.2.4 Mode: desktop Date: Fri, 09 May 2014 00:49:37 +0100 Checking for old OpenVAS Scanner = 2.0 ... ./openvas-check-setup.sh: line 167: openvasd : commande introuvable Checking presence of OpenVAS Scanner ... OpenVAS Scanner 3.4.1 Nessus origin: (C) 2004 Renaud Deraison derai...@nessus.org Most new code since OpenVAS: (C) 2013 Greenbone Networks GmbH License GPLv2: GNU GPL version 2 This is free software: you are free to change and redistribute it. There is NO WARRANTY, to the extent permitted by law. Checking OpenVAS Scanner version ... OK: OpenVAS Scanner is present in version 3.4.1. plugins_folder = /var/lib/openvas/plugins cache_folder = /var/cache/openvas include_folders = /var/lib/openvas/plugins max_hosts = 30 max_checks = 10 be_nice = no logfile = /var/log/openvas/openvassd.log log_whole_attack = no log_plugins_name_at_load = no dumpfile = /var/log/openvas/openvassd.dump rules = /etc/openvas/openvassd.rules cgi_path = /cgi-bin:/scripts port_range = default optimize_test = yes checks_read_timeout = 5 network_scan = no non_simult_ports = 139, 445 plugins_timeout = 320 safe_checks = yes auto_enable_dependencies = yes silent_dependencies = no use_mac_addr = no save_knowledge_base = no kb_restore = no only_test_hosts_whose_kb_we_dont_have = no only_test_hosts_whose_kb_we_have = no kb_dont_replay_scanners = no kb_dont_replay_info_gathering = no kb_dont_replay_attacks = no kb_dont_replay_denials = no kb_max_age = 864000 slice_network_addresses = no nasl_no_signature_check = yes drop_privileges = no unscanned_closed = yes vhosts = vhosts_ip = report_host_details = yes cert_file = /var/lib/openvas/CA/servercert.pem key_file = /var/lib/openvas/private/CA/serverkey.pem ca_file = /var/lib/openvas/CA/cacert.pem reverse_lookup = no config_file = /etc/openvas/openvassd.conf Checking OpenVAS Scanner CA cert ... OK: OpenVAS Scanner CA Certificate is present as /var/lib/openvas/CA/cacert.pem. Checking NVT collection ... OK: NVT collection in /var/lib/openvas/plugins contains 34955 NVTs. Checking status of signature checking in OpenVAS Scanner ... WARNING: Signature checking of NVTs is not enabled in OpenVAS Scanner. SUGGEST: Enable signature checking (see http://www.openvas.org/trusted-nvts.html). OK: The NVT cache in /var/cache/openvas contains 34955 files for 34955 NVTs. Checking presence of OpenVAS Manager ... OpenVAS Manager 4.0.5 Manager DB revision 74 Copyright (C) 2010-2013 Greenbone Networks GmbH License GPLv2+: GNU GPL version 2 or later This is free software: you are free to change and redistribute it. There is NO WARRANTY, to the extent permitted by law. OK: OpenVAS Manager is present in version 4.0.5. Checking OpenVAS Manager client certificate ... OK: OpenVAS Manager client certificate is present as /var/lib/openvas/CA/clientcert.pem. Checking OpenVAS Manager database ... OK: OpenVAS Manager database found in /var/lib/openvas/mgr/tasks.db. Checking access rights of OpenVAS Manager database ... OK: Access rights for the OpenVAS Manager database are correct. Checking sqlite3 presence ... OK: sqlite3 found, extended checks of the OpenVAS Manager installation enabled. Checking OpenVAS Manager database revision ... OK: OpenVAS Manager database is at revision 74. Checking database revision expected by OpenVAS Manager ... OK: OpenVAS Manager expects database at revision 74. OK: Database schema is up to date. Checking OpenVAS Manager database (NVT data) ... OK: OpenVAS Manager database contains information about 34955 NVTs. Checking OpenVAS SCAP database ... ERROR: No OpenVAS SCAP database found. (Tried: /var/lib/openvas/scap-data/scap.db) FIX: Run a SCAP synchronization script like openvas-scapdata-sync or greenbone-scapda -- *Fatima Zahra EL BOUZRAZIÉlève ingénieur d’État à l'Institut National des Postes et Télécommunications* *Option: Réseaux,Systèmes et Services* *e-mail: fz.elbouzr...@gmail.com fz.elbouzr...@gmail.com*
Re: [Openvas-discuss] SCAP and/or CERT database missing on OMP server
Proxy servers, even transparent proxy servers can do this to the connection as well. On May 8, 2014, at 6:27 PM, Brandon Perry bperry.volat...@gmail.com wrote: Connection refused. Firewall? On 05/08/2014 06:24 PM, Fatima Zahra EL BOUZRAZI wrote: Hi, I have installed Openvas 6 on centos6.5 in greenbone security assistant I have the following messages: Warning: SecInfo Database Missing SCAP and/or CERT database missing on OMP server. I have synchronized with SCAP Feed Cert Feed in the administration menu, but the message still appears. and when I have run the command openvas-scapdata-sync with the following result: # openvas-scapdata-sync [i] This script synchronizes a SCAP data directory with the OpenVAS one. [i] SCAP dir: /var/lib/openvas/scap-data [i] Will use rsync [i] Using rsync: /usr/bin/rsync [i] Configured SCAP data rsync feed: rsync://feed.openvas.org:/scap-data rsync: failed to connect to feed.openvas.org http://feed.openvas.org/: Connection refused (111) rsync error: error in socket IO (code 10) at clientserver.c(124) [receiver=3.0.6] Error: rsync failed. Your SCAP data might be broken now. this is my log file: openvas-check-setup 2.2.4 Mode: desktop Date: Fri, 09 May 2014 00:49:37 +0100 Checking for old OpenVAS Scanner = 2.0 ... ./openvas-check-setup.sh: line 167: openvasd : commande introuvable Checking presence of OpenVAS Scanner ... OpenVAS Scanner 3.4.1 Nessus origin: (C) 2004 Renaud Deraison derai...@nessus.org mailto:derai...@nessus.org Most new code since OpenVAS: (C) 2013 Greenbone Networks GmbH License GPLv2: GNU GPL version 2 This is free software: you are free to change and redistribute it. There is NO WARRANTY, to the extent permitted by law. Checking OpenVAS Scanner version ... OK: OpenVAS Scanner is present in version 3.4.1. plugins_folder = /var/lib/openvas/plugins cache_folder = /var/cache/openvas include_folders = /var/lib/openvas/plugins max_hosts = 30 max_checks = 10 be_nice = no logfile = /var/log/openvas/openvassd.log log_whole_attack = no log_plugins_name_at_load = no dumpfile = /var/log/openvas/openvassd.dump rules = /etc/openvas/openvassd.rules cgi_path = /cgi-bin:/scripts port_range = default optimize_test = yes checks_read_timeout = 5 network_scan = no non_simult_ports = 139, 445 plugins_timeout = 320 safe_checks = yes auto_enable_dependencies = yes silent_dependencies = no use_mac_addr = no save_knowledge_base = no kb_restore = no only_test_hosts_whose_kb_we_dont_have = no only_test_hosts_whose_kb_we_have = no kb_dont_replay_scanners = no kb_dont_replay_info_gathering = no kb_dont_replay_attacks = no kb_dont_replay_denials = no kb_max_age = 864000 slice_network_addresses = no nasl_no_signature_check = yes drop_privileges = no unscanned_closed = yes vhosts = vhosts_ip = report_host_details = yes cert_file = /var/lib/openvas/CA/servercert.pem key_file = /var/lib/openvas/private/CA/serverkey.pem ca_file = /var/lib/openvas/CA/cacert.pem reverse_lookup = no config_file = /etc/openvas/openvassd.conf Checking OpenVAS Scanner CA cert ... OK: OpenVAS Scanner CA Certificate is present as /var/lib/openvas/CA/cacert.pem. Checking NVT collection ... OK: NVT collection in /var/lib/openvas/plugins contains 34955 NVTs. Checking status of signature checking in OpenVAS Scanner ... WARNING: Signature checking of NVTs is not enabled in OpenVAS Scanner. SUGGEST: Enable signature checking (see http://www.openvas.org/trusted-nvts.html). OK: The NVT cache in /var/cache/openvas contains 34955 files for 34955 NVTs. Checking presence of OpenVAS Manager ... OpenVAS Manager 4.0.5 Manager DB revision 74 Copyright (C) 2010-2013 Greenbone Networks GmbH License GPLv2+: GNU GPL version 2 or later This is free software: you are free to change and redistribute it. There is NO WARRANTY, to the extent permitted by law. OK: OpenVAS Manager is present in version 4.0.5. Checking OpenVAS Manager client certificate ... OK: OpenVAS Manager client certificate is present as /var/lib/openvas/CA/clientcert.pem. Checking OpenVAS Manager database ... OK: OpenVAS Manager database found in /var/lib/openvas/mgr/tasks.db. Checking access rights of OpenVAS Manager database ... OK: Access rights for the OpenVAS Manager database are correct. Checking sqlite3 presence ... OK: sqlite3 found, extended checks of the OpenVAS Manager installation enabled. Checking OpenVAS Manager database revision ... OK: OpenVAS Manager database is at revision 74. Checking database revision expected by OpenVAS Manager ... OK: OpenVAS Manager expects database at revision 74. OK: Database schema is up to date. Checking OpenVAS Manager database (NVT data) ... OK: OpenVAS Manager database contains information about 34955 NVTs. Checking OpenVAS SCAP database ... ERROR: No OpenVAS SCAP database found. (Tried: /var/lib/openvas/scap-data/scap.db) FIX: Run a SCAP
[Openvas-discuss] SCAP and/or CERT database missing on OMP server
Hi, Lng way to make OpenVAS working. I am using Xubuntu 13.10 with OpenVAS. Through the web interface SecInfo Management what ever I choose I have: SCAP and/or CERT database missing on OMP server When using the script to check the config: openvas-check-setup --v6 --server Step 1: Checking OpenVAS Scanner ... OK: OpenVAS Scanner is present in version 3.4.0. OK: OpenVAS Scanner CA Certificate is present as /var/lib/openvas/CA/cacert.pem. OK: NVT collection in /var/lib/openvas/plugins contains 34670 NVTs. WARNING: Signature checking of NVTs is not enabled in OpenVAS Scanner. SUGGEST: Enable signature checking (see http://www.openvas.org/trusted-nvts.html). OK: The NVT cache in /var/cache/openvas contains 34670 files for 34670 NVTs. Step 2: Checking OpenVAS Manager ... OK: OpenVAS Manager is present in version 4.0.2. OK: OpenVAS Manager client certificate is present as /var/lib/openvas/CA/clientcert.pem. OK: OpenVAS Manager database found in /var/lib/openvas/mgr/tasks.db. OK: Access rights for the OpenVAS Manager database are correct. OK: sqlite3 found, extended checks of the OpenVAS Manager installation enabled. OK: OpenVAS Manager database is at revision 74. OK: OpenVAS Manager expects database at revision 74. OK: Database schema is up to date. OK: OpenVAS Manager database contains information about 34601 NVTs. OK: OpenVAS SCAP database found in /var/lib/openvas/scap-data/scap.db. OK: OpenVAS CERT database found in /var/lib/openvas/cert-data/cert.db. OK: xsltproc found. Step 3: Checking OpenVAS Administrator ... OK: OpenVAS Administrator is present in version 1.3.0. OK: At least one user exists. OK: At least one admin user exists. OK: The password policy file at /etc/openvas/pwpolicy.conf contains entries. Step 4: Checking Greenbone Security Assistant (GSA) ... OK: Greenbone Security Assistant is present in version 4.0.1. Step 5: Checking OpenVAS CLI ... SKIP: Skipping check for OpenVAS CLI. Step 6: Checking Greenbone Security Desktop (GSD) ... SKIP: Skipping check for Greenbone Security Desktop. Step 7: Checking if OpenVAS services are up and running ... OK: netstat found, extended checks of the OpenVAS services enabled. OK: OpenVAS Scanner is running and listening only on the local interface. OK: OpenVAS Scanner is listening on port 9391, which is the default port. WARNING: OpenVAS Manager is running and listening only on the local interface. This means that you will not be able to access the OpenVAS Manager from the outside using GSD or OpenVAS CLI. SUGGEST: Ensure that OpenVAS Manager listens on all interfaces unless you want a local service only. OK: OpenVAS Manager is listening on port 9390, which is the default port. OK: OpenVAS Administrator is running and listening only on the local interface. OK: OpenVAS Administrator is listening on port 9393, which is the default port. OK: Greenbone Security Assistant is listening on port 9392, which is the default port. Step 8: Checking nmap installation ... WARNING: Your version of nmap is not fully supported: 6.40 SUGGEST: You should install nmap 5.51. Step 9: Checking presence of optional tools ... OK: pdflatex found. OK: PDF generation successful. The PDF report format is likely to work. OK: ssh-keygen found, LSC credential generation for GNU/Linux targets is likely to work. OK: rpm found, LSC credential package generation for RPM based targets is likely to work. OK: alien found, LSC credential package generation for DEB based targets is likely to work. OK: nsis found, LSC credential package generation for Microsoft Windows targets is likely to work. It seems like your OpenVAS-6 installation is OK. And when I try to sync: sent 62 bytes received 551 bytes 1226.00 bytes/sec total size is 8462305 speedup is 13804.74 [i] Major change in internal CERT data structures. [i] Reinitialization of database necessary. [i] This update might take a while.. /usr/sbin/openvas-certdata-sync: 185: /usr/sbin/openvas-certdata-sync: cannot open /usr/share/openvas/cert/cert_db_init.sql: No such file Error: no such table: dfn_cert_advs Error: no such table: meta Error: Inconsistent data. Resetting CERT database. /usr/sbin/openvas-certdata-sync: 220: /usr/sbin/openvas-certdata-sync: cannot open /usr/share/openvas/cert/cert_db_init.sql: No such file [i] Updating /var/lib/openvas/cert-data/dfn-cert-2008.xml warning: failed to load external entity /usr/share/openvas/cert/dfn_cert_update.xsl cannot parse /usr/share/openvas/cert/dfn_cert_update.xsl [i] Updating /var/lib/openvas/cert-data/dfn-cert-2009.xml warning: failed to load external entity /usr/share/openvas/cert/dfn_cert_update.xsl cannot parse
Re: [Openvas-discuss] SCAP and/or CERT database missing on OMP server
Hi, cert_db_init.sql doesn't exist on my system. have you seen this mailinglist thread: http://lists.wald.intevation.org/pipermail/openvas-discuss/2014-April/005947.html containing a follow-up how to fix this? ___ Openvas-discuss mailing list Openvas-discuss@wald.intevation.org https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss
Re: [Openvas-discuss] SCAP and/or CERT database missing on OMP server
Working very well ;) Thx On 14/04/2014 16:49, Chris wrote: Hi, cert_db_init.sql doesn't exist on my system. have you seen this mailinglist thread: http://lists.wald.intevation.org/pipermail/openvas-discuss/2014-April/005947.html containing a follow-up how to fix this? ___ Openvas-discuss mailing list Openvas-discuss@wald.intevation.org https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss ___ Openvas-discuss mailing list Openvas-discuss@wald.intevation.org https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss
