Re: [Openvas-discuss] Scanner Master Slave setup
By the way, I do notice your initial mail contains logs with: lib serv: DEBUG:2018-02-22 17h59.10 UTC:22888:Connected to server ‘op4us1opsscan01.domain.net<http://op4us1opsscan01.domain.net/>' port 9393. My master connects to the slaves using OMP (Type: OMP Slave) on port 9390 on which gvmd is listening. I do not see any option in the slave configuration to set secure of insecure… Thijs Stuurman Security Operations Center | KPN Internedservices B.V. thijs.stuur...@internedservices.nl<mailto:thijs.stuur...@internedservices.nl> | thijs.stuur...@kpn.com<mailto:thijs.stuur...@kpn.com> T: +31(0)299476185 | M: +31(0)624366778 PGP Key-ID: 0x16ADC048 (https://pgp.surfnet.nl/) Fingerprint: 2EDB 9B42 D6E8 7D4B 6E02 8BE5 6D46 8007 16AD C048 W: https://www.internedservices.nl<https://www.internedservices.nl/> | L: https://nl.linkedin.com/in/thijsstuurman Van: Louis Bohm [mailto:lo...@systemgeek.net] Verzonden: vrijdag 23 februari 2018 16:05 Aan: Thijs Stuurman <thijs.stuur...@internedservices.nl> CC: openvas-discuss@wald.intevation.org Onderwerp: Re: [Openvas-discuss] Scanner Master Slave setup I got it working but not sure why. So if I use a username/password and set the credential to allow insecure=yes the client comes back with a 200 response but does nothing. If I change the credential to allow insecure=no the client comes back with: md main: DEBUG:2018-02-23 15h01.16 UTC:25782: -> client: but then the scan starts… Very odd. I will have to try the same thing but with the servercert.pem and see if that works. Louis : Louis Bohm - Sr. Systems Engineer Dell TechDirect Certified On Feb 23, 2018, at 9:59 AM, Louis Bohm <lo...@systemgeek.net<mailto:lo...@systemgeek.net>> wrote: That yelled me this on the client but still the scan has not progressed from Requested. Client: lib serv: DEBUG:2018-02-23 14h37.52 utc:25578:Shook hands with peer. md main: DEBUG:2018-02-23 14h37.52 utc:25578:Serving OMP. md main: DEBUG:2018-02-23 14h37.52 utc:25578: <= client Input may contain password, suppressed. mdomp: DEBUG:2018-02-23 14h37.52 utc:25578:XML start: authenticate (0) mdomp: DEBUG:2018-02-23 14h37.52 utc:25578:client state set: 2 mdomp: DEBUG:2018-02-23 14h37.52 utc:25578:XML start: credentials (2) mdomp: DEBUG:2018-02-23 14h37.52 utc:25578:client state set: 3 mdomp: DEBUG:2018-02-23 14h37.52 utc:25578:XML start: username (3) mdomp: DEBUG:2018-02-23 14h37.52 utc:25578:client state set: 5 mdomp: DEBUG:2018-02-23 14h37.52 utc:25578:XML text: admin mdomp: DEBUG:2018-02-23 14h37.52 utc:25578:XMLend: username mdomp: DEBUG:2018-02-23 14h37.52 utc:25578:client state set: 3 mdomp: DEBUG:2018-02-23 14h37.52 utc:25578:XML start: password (3) mdomp: DEBUG:2018-02-23 14h37.52 utc:25578:client state set: 4 mdomp: DEBUG:2018-02-23 14h37.52 utc:25578:XML text: mdomp: DEBUG:2018-02-23 14h37.52 utc:25578:XMLend: password mdomp: DEBUG:2018-02-23 14h37.52 utc:25578:client state set: 3 mdomp: DEBUG:2018-02-23 14h37.52 utc:25578:XMLend: credentials mdomp: DEBUG:2018-02-23 14h37.52 utc:25578:client state set: 2 mdomp: DEBUG:2018-02-23 14h37.52 utc:25578:XMLend: authenticate md main: DEBUG:2018-02-23 14h37.52 UTC:25578: -> client: AdminUTCnist mdomp: DEBUG:2018-02-23 14h37.52 UTC:25578:client state set: 1 md main: DEBUG:2018-02-23 14h37.52 UTC:25578: => client 144 bytes md main: DEBUG:2018-02-23 14h37.52 UTC:25578: => client done I know the username and password are correct. And the slave even sent a 200 response to the master so why is it not working So frustrating. Louis : Louis Bohm - Sr. Systems Engineer Dell TechDirect Certified On Feb 23, 2018, at 7:42 AM, Thijs Stuurman <thijs.stuur...@internedservices.nl<mailto:thijs.stuur...@internedservices.nl>> wrote: Try the /var/lib/openvas/CA/cacert.pem from your slave. Thijs Stuurman Security Operations Center | KPN Internedservices B.V. thijs.stuur...@internedservices.nl<mailto:thijs.stuur...@internedservices.nl> | thijs.stuur...@kpn.com<mailto:thijs.stuur...@kpn.com> T: +31(0)299476185 | M: +31(0)624366778 PGP Key-ID: 0x16ADC048 (https://pgp.surfnet.nl/) Fingerprint: 2EDB 9B42 D6E8 7D4B 6E02 8BE5 6D46 8007 16AD C048 W: https://www.internedservices.nl<https://www.internedservices.nl/> | L: https://nl.linkedin.com/in/thijsstuurman Van: Louis Bohm [mailto:lo...@systemgeek.net] Verzonden: vrijdag 23 februari 2018 13:18 Aan: Thijs Stuurman <thijs.stuur...@internedservices.nl<mailto:thijs.stuur...@internedservices.nl>> CC: openvas-discuss@wald.intevation.org<mailto:openvas-discuss@wald.intevation.org> Onderwerp: Re: [Openvas-discuss] Scanner Master Slave setup According to the doc it says to use
Re: [Openvas-discuss] Scanner Master Slave setup
Somewhere in my old notes I see port 9393 was used by openvasad, perhaps part of OpenVAS 8? I don’t have it anymore. Thijs Stuurman Security Operations Center | KPN Internedservices B.V. thijs.stuur...@internedservices.nl<mailto:thijs.stuur...@internedservices.nl> | thijs.stuur...@kpn.com<mailto:thijs.stuur...@kpn.com> T: +31(0)299476185 | M: +31(0)624366778 PGP Key-ID: 0x16ADC048 (https://pgp.surfnet.nl/) Fingerprint: 2EDB 9B42 D6E8 7D4B 6E02 8BE5 6D46 8007 16AD C048 W: https://www.internedservices.nl<https://www.internedservices.nl/> | L: https://nl.linkedin.com/in/thijsstuurman Van: Openvas-discuss [mailto:openvas-discuss-boun...@wald.intevation.org] Namens Thijs Stuurman Verzonden: vrijdag 23 februari 2018 16:58 Aan: Louis Bohm <lo...@systemgeek.net> CC: openvas-discuss@wald.intevation.org Onderwerp: Re: [Openvas-discuss] Scanner Master Slave setup gvmd is the new name of openvasmd (OpenVAS 9 trunk.. not in the latest on the website). I do use an entire stack on my slaves, just without gsad. > The url says to add a listen=0.0.0.0 port=9393 for openvasmd on the slave. It does not? https://blog.haardiek.org/setup-openvas-as-master-and-slave.html uses 9390 coupled to openvasmd (gvmd in my case, same thing). I have checked my saved credentials for the slaves and “Allow insecure use” is set to No On my slaves I have created one account: gvmd --create-user=slave --role=Admin && gvmd --user=slave --new-password= (or substitute gvmd with openvasmd) That’s the account I added to my master to use though OMP Slave using port 9390. My slaves start openvasmd (gmvd) as: gvmd --rebuild gvmd -p 9390 -a 0.0.0.0 I guess 9393 will work as well but I don’t know where you got that from. Thijs Stuurman Security Operations Center | KPN Internedservices B.V. thijs.stuur...@internedservices.nl<mailto:thijs.stuur...@internedservices.nl> | thijs.stuur...@kpn.com<mailto:thijs.stuur...@kpn.com> T: +31(0)299476185 | M: +31(0)624366778 PGP Key-ID: 0x16ADC048 (https://pgp.surfnet.nl/) Fingerprint: 2EDB 9B42 D6E8 7D4B 6E02 8BE5 6D46 8007 16AD C048 W: https://www.internedservices.nl<https://www.internedservices.nl/> | L: https://nl.linkedin.com/in/thijsstuurman Van: Louis Bohm [mailto:lo...@systemgeek.net] Verzonden: vrijdag 23 februari 2018 16:42 Aan: Thijs Stuurman <thijs.stuur...@internedservices.nl<mailto:thijs.stuur...@internedservices.nl>> CC: openvas-discuss@wald.intevation.org<mailto:openvas-discuss@wald.intevation.org> Onderwerp: Re: [Openvas-discuss] Scanner Master Slave setup The url says to add a listen=0.0.0.0 port=9393 for openvasmd on the slave. The master will then use just the scanner on the slave not the entire OpenVAS stack of the slave (even though you need to install all of it). The Allow Insecure option is on the username/password credential created and assigned to the scanner config on the master. They slave is only setup with the admin account. No other users and/or roles need to be setup there. Louis : Louis Bohm - Sr. Systems Engineer Dell TechDirect Certified ___ Openvas-discuss mailing list Openvas-discuss@wald.intevation.org https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss
Re: [Openvas-discuss] Scanner Master Slave setup
gvmd is the new name of openvasmd (OpenVAS 9 trunk.. not in the latest on the website). I do use an entire stack on my slaves, just without gsad. > The url says to add a listen=0.0.0.0 port=9393 for openvasmd on the slave. It does not? https://blog.haardiek.org/setup-openvas-as-master-and-slave.html uses 9390 coupled to openvasmd (gvmd in my case, same thing). I have checked my saved credentials for the slaves and “Allow insecure use” is set to No On my slaves I have created one account: gvmd --create-user=slave --role=Admin && gvmd --user=slave --new-password= (or substitute gvmd with openvasmd) That’s the account I added to my master to use though OMP Slave using port 9390. My slaves start openvasmd (gmvd) as: gvmd --rebuild gvmd -p 9390 -a 0.0.0.0 I guess 9393 will work as well but I don’t know where you got that from. Thijs Stuurman Security Operations Center | KPN Internedservices B.V. thijs.stuur...@internedservices.nl<mailto:thijs.stuur...@internedservices.nl> | thijs.stuur...@kpn.com<mailto:thijs.stuur...@kpn.com> T: +31(0)299476185 | M: +31(0)624366778 PGP Key-ID: 0x16ADC048 (https://pgp.surfnet.nl/) Fingerprint: 2EDB 9B42 D6E8 7D4B 6E02 8BE5 6D46 8007 16AD C048 W: https://www.internedservices.nl<https://www.internedservices.nl/> | L: https://nl.linkedin.com/in/thijsstuurman Van: Louis Bohm [mailto:lo...@systemgeek.net] Verzonden: vrijdag 23 februari 2018 16:42 Aan: Thijs Stuurman <thijs.stuur...@internedservices.nl> CC: openvas-discuss@wald.intevation.org Onderwerp: Re: [Openvas-discuss] Scanner Master Slave setup The url says to add a listen=0.0.0.0 port=9393 for openvasmd on the slave. The master will then use just the scanner on the slave not the entire OpenVAS stack of the slave (even though you need to install all of it). The Allow Insecure option is on the username/password credential created and assigned to the scanner config on the master. They slave is only setup with the admin account. No other users and/or roles need to be setup there. Louis : Louis Bohm - Sr. Systems Engineer Dell TechDirect Certified ___ Openvas-discuss mailing list Openvas-discuss@wald.intevation.org https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss
Re: [Openvas-discuss] Scanner Master Slave setup
I got it working but not sure why. So if I use a username/password and set the credential to allow insecure=yes the client comes back with a 200 response but does nothing. If I change the credential to allow insecure=no the client comes back with: md main: DEBUG:2018-02-23 15h01.16 UTC:25782: -> client: but then the scan starts… Very odd. I will have to try the same thing but with the servercert.pem and see if that works. Louis : Louis Bohm - Sr. Systems Engineer Dell TechDirect Certified > On Feb 23, 2018, at 9:59 AM, Louis Bohm <lo...@systemgeek.net> wrote: > > That yelled me this on the client but still the scan has not progressed from > Requested. > > Client: > lib serv: DEBUG:2018-02-23 14h37.52 utc:25578:Shook hands with peer. > md main: DEBUG:2018-02-23 14h37.52 utc:25578:Serving OMP. > md main: DEBUG:2018-02-23 14h37.52 utc:25578: <= client Input may contain > password, suppressed. > mdomp: DEBUG:2018-02-23 14h37.52 utc:25578:XML start: authenticate > (0) > mdomp: DEBUG:2018-02-23 14h37.52 utc:25578:client state set: 2 > mdomp: DEBUG:2018-02-23 14h37.52 utc:25578:XML start: credentials > (2) > mdomp: DEBUG:2018-02-23 14h37.52 utc:25578:client state set: 3 > mdomp: DEBUG:2018-02-23 14h37.52 utc:25578:XML start: username (3) > mdomp: DEBUG:2018-02-23 14h37.52 utc:25578:client state set: 5 > mdomp: DEBUG:2018-02-23 14h37.52 utc:25578:XML text: admin > mdomp: DEBUG:2018-02-23 14h37.52 utc:25578:XMLend: username > mdomp: DEBUG:2018-02-23 14h37.52 utc:25578:client state set: 3 > mdomp: DEBUG:2018-02-23 14h37.52 utc:25578:XML start: password (3) > mdomp: DEBUG:2018-02-23 14h37.52 utc:25578:client state set: 4 > mdomp: DEBUG:2018-02-23 14h37.52 utc:25578:XML text: > mdomp: DEBUG:2018-02-23 14h37.52 utc:25578:XMLend: password > mdomp: DEBUG:2018-02-23 14h37.52 utc:25578:client state set: 3 > mdomp: DEBUG:2018-02-23 14h37.52 utc:25578:XMLend: credentials > mdomp: DEBUG:2018-02-23 14h37.52 utc:25578:client state set: 2 > mdomp: DEBUG:2018-02-23 14h37.52 utc:25578:XMLend: authenticate > md main: DEBUG:2018-02-23 14h37.52 UTC:25578: -> client: > status_text="OK">AdminUTCnist > mdomp: DEBUG:2018-02-23 14h37.52 UTC:25578:client state set: 1 > md main: DEBUG:2018-02-23 14h37.52 UTC:25578: => client 144 bytes > md main: DEBUG:2018-02-23 14h37.52 UTC:25578: => client done > I know the username and password are correct. And the slave even sent a 200 > response to the master so why is it not working So frustrating. > > Louis > : > Louis Bohm - Sr. Systems Engineer > Dell TechDirect Certified > >> On Feb 23, 2018, at 7:42 AM, Thijs Stuurman >> <thijs.stuur...@internedservices.nl >> <mailto:thijs.stuur...@internedservices.nl>> wrote: >> >> Try the /var/lib/openvas/CA/cacert.pem from your slave. >> >> Thijs Stuurman >> Security Operations Center | KPN Internedservices B.V. >> thijs.stuur...@internedservices.nl >> <mailto:thijs.stuur...@internedservices.nl> | thijs.stuur...@kpn.com >> <mailto:thijs.stuur...@kpn.com> >> T: +31(0)299476185 | M: +31(0)624366778 >> PGP Key-ID: 0x16ADC048 (https://pgp.surfnet.nl/ <https://pgp.surfnet.nl/>) >> Fingerprint: 2EDB 9B42 D6E8 7D4B 6E02 8BE5 6D46 8007 16AD C048 >> >> W: https://www.internedservices.nl <https://www.internedservices.nl/> | L: >> https://nl.linkedin.com/in/thijsstuurman >> <https://nl.linkedin.com/in/thijsstuurman> >> >> Van: Louis Bohm [mailto:lo...@systemgeek.net <mailto:lo...@systemgeek.net>] >> Verzonden: vrijdag 23 februari 2018 13:18 >> Aan: Thijs Stuurman <thijs.stuur...@internedservices.nl >> <mailto:thijs.stuur...@internedservices.nl>> >> CC: openvas-discuss@wald.intevation.org >> <mailto:openvas-discuss@wald.intevation.org> >> Onderwerp: Re: [Openvas-discuss] Scanner Master Slave setup >> >> According to the doc it says to use: >> ${CMAKE_INSTALL_PREFIX}"/var/lib/openvas/CA/servercert.pem. >> On CentOS 7 that turns out to be: /var/lib/openvas/CA/servercert.pem >> according to openvas-manage-certs -V >> [root@pci-sec02 ~]# openvas-manage-certs -V >> OK: Directory for keys (/var/lib/openvas/private/CA) exists. >> OK: Directory for certificates (/var/lib/openvas/CA) exists. >> OK: CA key found in /var/lib/openvas/private/CA/cakey.pem >> OK: CA certificate found in /var/lib/openvas/CA/cacert.pem >> OK: CA certificat
Re: [Openvas-discuss] Scanner Master Slave setup
I never had an issue with it. Sometimes the initial Requested state takes a minute orso. Often it seems to take a couple before an actual nmap starts and the jobs goes to 1% and later beyond. I cannot help you any further at this point; perhaps I can check something for you on my setup? Let me know. I have 1 master and 4 slaves running… Thijs Stuurman Security Operations Center | KPN Internedservices B.V. thijs.stuur...@internedservices.nl<mailto:thijs.stuur...@internedservices.nl> | thijs.stuur...@kpn.com<mailto:thijs.stuur...@kpn.com> T: +31(0)299476185 | M: +31(0)624366778 PGP Key-ID: 0x16ADC048 (https://pgp.surfnet.nl/) Fingerprint: 2EDB 9B42 D6E8 7D4B 6E02 8BE5 6D46 8007 16AD C048 W: https://www.internedservices.nl<https://www.internedservices.nl/> | L: https://nl.linkedin.com/in/thijsstuurman Van: Louis Bohm [mailto:lo...@systemgeek.net] Verzonden: vrijdag 23 februari 2018 16:00 Aan: Thijs Stuurman <thijs.stuur...@internedservices.nl> CC: openvas-discuss@wald.intevation.org Onderwerp: Re: [Openvas-discuss] Scanner Master Slave setup That yelled me this on the client but still the scan has not progressed from Requested. Client: lib serv: DEBUG:2018-02-23 14h37.52 utc:25578:Shook hands with peer. md main: DEBUG:2018-02-23 14h37.52 utc:25578:Serving OMP. md main: DEBUG:2018-02-23 14h37.52 utc:25578: <= client Input may contain password, suppressed. mdomp: DEBUG:2018-02-23 14h37.52 utc:25578:XML start: authenticate (0) mdomp: DEBUG:2018-02-23 14h37.52 utc:25578:client state set: 2 mdomp: DEBUG:2018-02-23 14h37.52 utc:25578:XML start: credentials (2) mdomp: DEBUG:2018-02-23 14h37.52 utc:25578:client state set: 3 mdomp: DEBUG:2018-02-23 14h37.52 utc:25578:XML start: username (3) mdomp: DEBUG:2018-02-23 14h37.52 utc:25578:client state set: 5 mdomp: DEBUG:2018-02-23 14h37.52 utc:25578:XML text: admin mdomp: DEBUG:2018-02-23 14h37.52 utc:25578:XMLend: username mdomp: DEBUG:2018-02-23 14h37.52 utc:25578:client state set: 3 mdomp: DEBUG:2018-02-23 14h37.52 utc:25578:XML start: password (3) mdomp: DEBUG:2018-02-23 14h37.52 utc:25578:client state set: 4 mdomp: DEBUG:2018-02-23 14h37.52 utc:25578:XML text: mdomp: DEBUG:2018-02-23 14h37.52 utc:25578:XMLend: password mdomp: DEBUG:2018-02-23 14h37.52 utc:25578:client state set: 3 mdomp: DEBUG:2018-02-23 14h37.52 utc:25578:XMLend: credentials mdomp: DEBUG:2018-02-23 14h37.52 utc:25578:client state set: 2 mdomp: DEBUG:2018-02-23 14h37.52 utc:25578:XMLend: authenticate md main: DEBUG:2018-02-23 14h37.52 UTC:25578: -> client: AdminUTCnist mdomp: DEBUG:2018-02-23 14h37.52 UTC:25578:client state set: 1 md main: DEBUG:2018-02-23 14h37.52 UTC:25578: => client 144 bytes md main: DEBUG:2018-02-23 14h37.52 UTC:25578: => client done I know the username and password are correct. And the slave even sent a 200 response to the master so why is it not working So frustrating. Louis : Louis Bohm - Sr. Systems Engineer Dell TechDirect Certified On Feb 23, 2018, at 7:42 AM, Thijs Stuurman <thijs.stuur...@internedservices.nl<mailto:thijs.stuur...@internedservices.nl>> wrote: Try the /var/lib/openvas/CA/cacert.pem from your slave. Thijs Stuurman Security Operations Center | KPN Internedservices B.V. thijs.stuur...@internedservices.nl<mailto:thijs.stuur...@internedservices.nl> | thijs.stuur...@kpn.com<mailto:thijs.stuur...@kpn.com> T: +31(0)299476185 | M: +31(0)624366778 PGP Key-ID: 0x16ADC048 (https://pgp.surfnet.nl/) Fingerprint: 2EDB 9B42 D6E8 7D4B 6E02 8BE5 6D46 8007 16AD C048 W: https://www.internedservices.nl<https://www.internedservices.nl/> | L: https://nl.linkedin.com/in/thijsstuurman Van: Louis Bohm [mailto:lo...@systemgeek.net] Verzonden: vrijdag 23 februari 2018 13:18 Aan: Thijs Stuurman <thijs.stuur...@internedservices.nl<mailto:thijs.stuur...@internedservices.nl>> CC: openvas-discuss@wald.intevation.org<mailto:openvas-discuss@wald.intevation.org> Onderwerp: Re: [Openvas-discuss] Scanner Master Slave setup According to the doc it says to use: ${CMAKE_INSTALL_PREFIX}"/var/lib/openvas/CA/servercert.pem. On CentOS 7 that turns out to be: /var/lib/openvas/CA/servercert.pem according to openvas-manage-certs -V [root@pci-sec02 ~]# openvas-manage-certs -V OK: Directory for keys (/var/lib/openvas/private/CA) exists. OK: Directory for certificates (/var/lib/openvas/CA) exists. OK: CA key found in /var/lib/openvas/private/CA/cakey.pem OK: CA certificate found in /var/lib/openvas/CA/cacert.pem OK: CA certificate verified. OK: Certificate /var/lib/openvas/CA/servercert.pem verified. OK: Certificate /var/lib/openvas/CA/clientcert.pem verified. Is it not the servercert.pem from the slave openvas host that I am supposed to use? Lo
Re: [Openvas-discuss] Scanner Master Slave setup
That yelled me this on the client but still the scan has not progressed from Requested. Client: lib serv: DEBUG:2018-02-23 14h37.52 utc:25578:Shook hands with peer. md main: DEBUG:2018-02-23 14h37.52 utc:25578:Serving OMP. md main: DEBUG:2018-02-23 14h37.52 utc:25578: <= client Input may contain password, suppressed. mdomp: DEBUG:2018-02-23 14h37.52 utc:25578:XML start: authenticate (0) mdomp: DEBUG:2018-02-23 14h37.52 utc:25578:client state set: 2 mdomp: DEBUG:2018-02-23 14h37.52 utc:25578:XML start: credentials (2) mdomp: DEBUG:2018-02-23 14h37.52 utc:25578:client state set: 3 mdomp: DEBUG:2018-02-23 14h37.52 utc:25578:XML start: username (3) mdomp: DEBUG:2018-02-23 14h37.52 utc:25578:client state set: 5 mdomp: DEBUG:2018-02-23 14h37.52 utc:25578:XML text: admin mdomp: DEBUG:2018-02-23 14h37.52 utc:25578:XMLend: username mdomp: DEBUG:2018-02-23 14h37.52 utc:25578:client state set: 3 mdomp: DEBUG:2018-02-23 14h37.52 utc:25578:XML start: password (3) mdomp: DEBUG:2018-02-23 14h37.52 utc:25578:client state set: 4 mdomp: DEBUG:2018-02-23 14h37.52 utc:25578:XML text: mdomp: DEBUG:2018-02-23 14h37.52 utc:25578:XMLend: password mdomp: DEBUG:2018-02-23 14h37.52 utc:25578:client state set: 3 mdomp: DEBUG:2018-02-23 14h37.52 utc:25578:XMLend: credentials mdomp: DEBUG:2018-02-23 14h37.52 utc:25578:client state set: 2 mdomp: DEBUG:2018-02-23 14h37.52 utc:25578:XMLend: authenticate md main: DEBUG:2018-02-23 14h37.52 UTC:25578: -> client: AdminUTCnist mdomp: DEBUG:2018-02-23 14h37.52 UTC:25578:client state set: 1 md main: DEBUG:2018-02-23 14h37.52 UTC:25578: => client 144 bytes md main: DEBUG:2018-02-23 14h37.52 UTC:25578: => client done I know the username and password are correct. And the slave even sent a 200 response to the master so why is it not working So frustrating. Louis : Louis Bohm - Sr. Systems Engineer Dell TechDirect Certified > On Feb 23, 2018, at 7:42 AM, Thijs Stuurman > <thijs.stuur...@internedservices.nl> wrote: > > Try the /var/lib/openvas/CA/cacert.pem from your slave. > > Thijs Stuurman > Security Operations Center | KPN Internedservices B.V. > thijs.stuur...@internedservices.nl > <mailto:thijs.stuur...@internedservices.nl> | thijs.stuur...@kpn.com > <mailto:thijs.stuur...@kpn.com> > T: +31(0)299476185 | M: +31(0)624366778 > PGP Key-ID: 0x16ADC048 (https://pgp.surfnet.nl/ <https://pgp.surfnet.nl/>) > Fingerprint: 2EDB 9B42 D6E8 7D4B 6E02 8BE5 6D46 8007 16AD C048 > > W: https://www.internedservices.nl <https://www.internedservices.nl/> | L: > https://nl.linkedin.com/in/thijsstuurman > <https://nl.linkedin.com/in/thijsstuurman> > > Van: Louis Bohm [mailto:lo...@systemgeek.net] > Verzonden: vrijdag 23 februari 2018 13:18 > Aan: Thijs Stuurman <thijs.stuur...@internedservices.nl> > CC: openvas-discuss@wald.intevation.org > Onderwerp: Re: [Openvas-discuss] Scanner Master Slave setup > > According to the doc it says to use: > ${CMAKE_INSTALL_PREFIX}"/var/lib/openvas/CA/servercert.pem. > On CentOS 7 that turns out to be: /var/lib/openvas/CA/servercert.pem > according to openvas-manage-certs -V > [root@pci-sec02 ~]# openvas-manage-certs -V > OK: Directory for keys (/var/lib/openvas/private/CA) exists. > OK: Directory for certificates (/var/lib/openvas/CA) exists. > OK: CA key found in /var/lib/openvas/private/CA/cakey.pem > OK: CA certificate found in /var/lib/openvas/CA/cacert.pem > OK: CA certificate verified. > OK: Certificate /var/lib/openvas/CA/servercert.pem verified. > OK: Certificate /var/lib/openvas/CA/clientcert.pem verified. > > Is it not the servercert.pem from the slave openvas host that I am supposed > to use? > > Louis > : > Louis Bohm - Sr. Systems Engineer > Dell TechDirect Certified > > On Feb 23, 2018, at 5:09 AM, Thijs Stuurman > <thijs.stuur...@internedservices.nl > <mailto:thijs.stuur...@internedservices.nl>> wrote: > > My best guess is that you didn’t load in the right CA certificate from your > slave at step: > > CA Certificate: The certificate you gathered from the slave > > Thijs Stuurman > Security Operations Center | KPN Internedservices B.V. > thijs.stuur...@internedservices.nl > <mailto:thijs.stuur...@internedservices.nl> | thijs.stuur...@kpn.com > <mailto:thijs.stuur...@kpn.com> > T: +31(0)299476185 | M: +31(0)624366778 > PGP Key-ID: 0x16ADC048 (https://pgp.surfnet.nl/ <https://pgp.surfnet.nl/>) > Fingerprint: 2EDB 9B42 D6E8 7D4B 6E02 8BE5 6D46 8007 16AD C048 > > W: https://www.internedservices.nl &l
Re: [Openvas-discuss] Scanner Master Slave setup
Try the /var/lib/openvas/CA/cacert.pem from your slave. Thijs Stuurman Security Operations Center | KPN Internedservices B.V. thijs.stuur...@internedservices.nl<mailto:thijs.stuur...@internedservices.nl> | thijs.stuur...@kpn.com<mailto:thijs.stuur...@kpn.com> T: +31(0)299476185 | M: +31(0)624366778 PGP Key-ID: 0x16ADC048 (https://pgp.surfnet.nl/) Fingerprint: 2EDB 9B42 D6E8 7D4B 6E02 8BE5 6D46 8007 16AD C048 W: https://www.internedservices.nl<https://www.internedservices.nl/> | L: https://nl.linkedin.com/in/thijsstuurman Van: Louis Bohm [mailto:lo...@systemgeek.net] Verzonden: vrijdag 23 februari 2018 13:18 Aan: Thijs Stuurman <thijs.stuur...@internedservices.nl> CC: openvas-discuss@wald.intevation.org Onderwerp: Re: [Openvas-discuss] Scanner Master Slave setup According to the doc it says to use: ${CMAKE_INSTALL_PREFIX}"/var/lib/openvas/CA/servercert.pem. On CentOS 7 that turns out to be: /var/lib/openvas/CA/servercert.pem according to openvas-manage-certs -V [root@pci-sec02 ~]# openvas-manage-certs -V OK: Directory for keys (/var/lib/openvas/private/CA) exists. OK: Directory for certificates (/var/lib/openvas/CA) exists. OK: CA key found in /var/lib/openvas/private/CA/cakey.pem OK: CA certificate found in /var/lib/openvas/CA/cacert.pem OK: CA certificate verified. OK: Certificate /var/lib/openvas/CA/servercert.pem verified. OK: Certificate /var/lib/openvas/CA/clientcert.pem verified. Is it not the servercert.pem from the slave openvas host that I am supposed to use? Louis : Louis Bohm - Sr. Systems Engineer Dell TechDirect Certified On Feb 23, 2018, at 5:09 AM, Thijs Stuurman <thijs.stuur...@internedservices.nl<mailto:thijs.stuur...@internedservices.nl>> wrote: My best guess is that you didn’t load in the right CA certificate from your slave at step: CA Certificate: The certificate you gathered from the slave Thijs Stuurman Security Operations Center | KPN Internedservices B.V. thijs.stuur...@internedservices.nl<mailto:thijs.stuur...@internedservices.nl> | thijs.stuur...@kpn.com<mailto:thijs.stuur...@kpn.com> T: +31(0)299476185 | M: +31(0)624366778 PGP Key-ID: 0x16ADC048 (https://pgp.surfnet.nl/) Fingerprint: 2EDB 9B42 D6E8 7D4B 6E02 8BE5 6D46 8007 16AD C048 W: https://www.internedservices.nl<https://www.internedservices.nl/> | L: https://nl.linkedin.com/in/thijsstuurman Van: Openvas-discuss [mailto:openvas-discuss-boun...@wald.intevation.org] Namens Louis Bohm Verzonden: donderdag 22 februari 2018 19:11 Aan: openvas-discuss@wald.intevation.org<mailto:openvas-discuss@wald.intevation.org> Onderwerp: [Openvas-discuss] Scanner Master Slave setup I followed the following doc https://blog.haardiek.org/setup-openvas-as-master-and-slave.html to set up the master slave environment with the exception that I am doing this on CentOS 7 with OpenVAS9. On the master I am getting this: lib serv: DEBUG:2018-02-22 17h59.10 UTC:22888:Connected to server ‘op4us1opsscan01.domain.net<http://op4us1opsscan01.domain.net/>' port 9393. lib serv: DEBUG:2018-02-22 17h59.10 UTC:22888:Shook hands with server 'op4us1opsscan01.domain.net<http://op4us1opsscan01.domain.net/>' port 9393. lib serv:WARNING:2018-02-22 17h59.10 UTC:22888: openvas_server_verify: the certificate is not trusted lib serv:WARNING:2018-02-22 17h59.10 UTC:22888: openvas_server_verify: the certificate hasn't got a known issuer On the client I am getting this: lib serv: DEBUG:2018-02-22 18h05.53 utc:20431:Shook hands with peer. md main: DEBUG:2018-02-22 18h05.53 utc:20431:Serving OMP. But in the GUI all I see is Status: Requested and it never changes. Any idea why this is not working? Louis : Louis Bohm - Sr. Systems Engineer Dell TechDirect Certified ___ Openvas-discuss mailing list Openvas-discuss@wald.intevation.org https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss
Re: [Openvas-discuss] Scanner Master Slave setup
According to the doc it says to use: ${CMAKE_INSTALL_PREFIX}"/var/lib/openvas/CA/servercert.pem. On CentOS 7 that turns out to be: /var/lib/openvas/CA/servercert.pem according to openvas-manage-certs -V [root@pci-sec02 ~]# openvas-manage-certs -V OK: Directory for keys (/var/lib/openvas/private/CA) exists. OK: Directory for certificates (/var/lib/openvas/CA) exists. OK: CA key found in /var/lib/openvas/private/CA/cakey.pem OK: CA certificate found in /var/lib/openvas/CA/cacert.pem OK: CA certificate verified. OK: Certificate /var/lib/openvas/CA/servercert.pem verified. OK: Certificate /var/lib/openvas/CA/clientcert.pem verified. Is it not the servercert.pem from the slave openvas host that I am supposed to use? Louis : Louis Bohm - Sr. Systems Engineer Dell TechDirect Certified > On Feb 23, 2018, at 5:09 AM, Thijs Stuurman > <thijs.stuur...@internedservices.nl> wrote: > > My best guess is that you didn’t load in the right CA certificate from your > slave at step: > > CA Certificate: The certificate you gathered from the slave > > Thijs Stuurman > Security Operations Center | KPN Internedservices B.V. > thijs.stuur...@internedservices.nl > <mailto:thijs.stuur...@internedservices.nl> | thijs.stuur...@kpn.com > <mailto:thijs.stuur...@kpn.com> > T: +31(0)299476185 | M: +31(0)624366778 > PGP Key-ID: 0x16ADC048 (https://pgp.surfnet.nl/ <https://pgp.surfnet.nl/>) > Fingerprint: 2EDB 9B42 D6E8 7D4B 6E02 8BE5 6D46 8007 16AD C048 > > W: https://www.internedservices.nl <https://www.internedservices.nl/> | L: > https://nl.linkedin.com/in/thijsstuurman > <https://nl.linkedin.com/in/thijsstuurman> > > Van: Openvas-discuss [mailto:openvas-discuss-boun...@wald.intevation.org] > Namens Louis Bohm > Verzonden: donderdag 22 februari 2018 19:11 > Aan: openvas-discuss@wald.intevation.org > Onderwerp: [Openvas-discuss] Scanner Master Slave setup > > I followed the following doc > https://blog.haardiek.org/setup-openvas-as-master-and-slave.html > <https://blog.haardiek.org/setup-openvas-as-master-and-slave.html> to set up > the master slave environment with the exception that I am doing this on > CentOS 7 with OpenVAS9. > > On the master I am getting this: > lib serv: DEBUG:2018-02-22 17h59.10 UTC:22888:Connected to server > ‘op4us1opsscan01.domain.net <http://op4us1opsscan01.domain.net/>' port 9393. > lib serv: DEBUG:2018-02-22 17h59.10 UTC:22888:Shook hands with server > 'op4us1opsscan01.domain.net <http://op4us1opsscan01.domain.net/>' port 9393. > lib serv:WARNING:2018-02-22 17h59.10 UTC:22888: openvas_server_verify: the > certificate is not trusted > lib serv:WARNING:2018-02-22 17h59.10 UTC:22888: openvas_server_verify: the > certificate hasn't got a known issuer > > On the client I am getting this: > lib serv: DEBUG:2018-02-22 18h05.53 utc:20431:Shook hands with peer. > md main: DEBUG:2018-02-22 18h05.53 utc:20431:Serving OMP. > > But in the GUI all I see is Status: Requested and it never changes. > > Any idea why this is not working? > > Louis > : > Louis Bohm - Sr. Systems Engineer > Dell TechDirect Certified ___ Openvas-discuss mailing list Openvas-discuss@wald.intevation.org https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss
Re: [Openvas-discuss] Scanner Master Slave setup
My best guess is that you didn’t load in the right CA certificate from your slave at step: CA Certificate: The certificate you gathered from the slave Thijs Stuurman Security Operations Center | KPN Internedservices B.V. thijs.stuur...@internedservices.nl<mailto:thijs.stuur...@internedservices.nl> | thijs.stuur...@kpn.com<mailto:thijs.stuur...@kpn.com> T: +31(0)299476185 | M: +31(0)624366778 PGP Key-ID: 0x16ADC048 (https://pgp.surfnet.nl/) Fingerprint: 2EDB 9B42 D6E8 7D4B 6E02 8BE5 6D46 8007 16AD C048 W: https://www.internedservices.nl<https://www.internedservices.nl/> | L: https://nl.linkedin.com/in/thijsstuurman Van: Openvas-discuss [mailto:openvas-discuss-boun...@wald.intevation.org] Namens Louis Bohm Verzonden: donderdag 22 februari 2018 19:11 Aan: openvas-discuss@wald.intevation.org Onderwerp: [Openvas-discuss] Scanner Master Slave setup I followed the following doc https://blog.haardiek.org/setup-openvas-as-master-and-slave.html to set up the master slave environment with the exception that I am doing this on CentOS 7 with OpenVAS9. On the master I am getting this: lib serv: DEBUG:2018-02-22 17h59.10 UTC:22888:Connected to server ‘op4us1opsscan01.domain.net<http://op4us1opsscan01.domain.net>' port 9393. lib serv: DEBUG:2018-02-22 17h59.10 UTC:22888:Shook hands with server 'op4us1opsscan01.domain.net<http://op4us1opsscan01.domain.net>' port 9393. lib serv:WARNING:2018-02-22 17h59.10 UTC:22888: openvas_server_verify: the certificate is not trusted lib serv:WARNING:2018-02-22 17h59.10 UTC:22888: openvas_server_verify: the certificate hasn't got a known issuer On the client I am getting this: lib serv: DEBUG:2018-02-22 18h05.53 utc:20431:Shook hands with peer. md main: DEBUG:2018-02-22 18h05.53 utc:20431:Serving OMP. But in the GUI all I see is Status: Requested and it never changes. Any idea why this is not working? Louis : Louis Bohm - Sr. Systems Engineer Dell TechDirect Certified ___ Openvas-discuss mailing list Openvas-discuss@wald.intevation.org https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss
[Openvas-discuss] Scanner Master Slave setup
I followed the following doc https://blog.haardiek.org/setup-openvas-as-master-and-slave.html to set up the master slave environment with the exception that I am doing this on CentOS 7 with OpenVAS9. On the master I am getting this: lib serv: DEBUG:2018-02-22 17h59.10 UTC:22888:Connected to server ‘op4us1opsscan01.domain.net' port 9393. lib serv: DEBUG:2018-02-22 17h59.10 UTC:22888:Shook hands with server 'op4us1opsscan01.domain.net' port 9393. lib serv:WARNING:2018-02-22 17h59.10 UTC:22888: openvas_server_verify: the certificate is not trusted lib serv:WARNING:2018-02-22 17h59.10 UTC:22888: openvas_server_verify: the certificate hasn't got a known issuer On the client I am getting this: lib serv: DEBUG:2018-02-22 18h05.53 utc:20431:Shook hands with peer. md main: DEBUG:2018-02-22 18h05.53 utc:20431:Serving OMP. But in the GUI all I see is Status: Requested and it never changes. Any idea why this is not working? Louis : Louis Bohm - Sr. Systems Engineer Dell TechDirect Certified ___ Openvas-discuss mailing list Openvas-discuss@wald.intevation.org https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss