[Openvas-discuss] openvassd hanging

2016-05-20 Thread Corti Matteo (ID BD)
Hi, I have a problem with openvassd hanging while starting: connect(6, {sa_family=AF_LOCAL, sun_path="/tmp/redis.sock"}, 110) = 0 fcntl64(6, F_GETFL) = 0x802 (flags O_RDWR|O_NONBLOCK) fcntl64(6, F_SETFL, O_RDWR) = 0 write(6, "*3\r\n$6\r\nCONFIG\r\n$3\r\nGET\r\n$9\r

Re: [Openvas-discuss] openvassd hanging

2016-05-20 Thread Corti Matteo (ID BD)
Hi Disabled. $ sestatus SELinux status: disabled Matteo > On 20 May 2016, at 15:35, Eero Volotinen wrote: > > Is the SELinux disabled or in the permissive mode? > > Eero > > 2016-05-20 15:31 GMT+03:00 Corti Matteo (ID BD) <mailto:co...@ethz.c

[Openvas-discuss] Running a script: how to specify a parameter

2016-05-25 Thread Corti Matteo (ID BD)
Hi I would like to run a single test on the command line, for example (http://plugins.openvas.org/nasl.php?oid=803477) openvas-nasl -X -t IP -i /var/lib/openvas/plugins /var/lib/openvas/plugins/2013/gb_miniweb_file_upload_n_dir_trav_vuln.nasl -T - Seems to work but I did not find out how to s

[Openvas-discuss] Which ports

2016-06-24 Thread Corti Matteo (ID BD)
Hi I would like to scan for default Tomcat users and passwords on machines running Tomcat on non-standard ports. When I look at the plugin "Apache Tomcat Default Accounts” (http://plugins.openvas.org/nasl.php?oid=11204) I see port = get_http_port(default:8080); if ( ! port ) exit(0); it seems

[Openvas-discuss] SMB Brute Force Logins With Default Credentials (OID: 1.3.6.1.4.1.25623.1.0.804449)

2016-08-08 Thread Corti Matteo (ID BD)
Hi a recent scan shows a lot of hosts with SMB Brute Force Logins With Default Credentials (OID: 1.3.6.1.4.1.25623.1.0.804449) with the followin

Re: [Openvas-discuss] SMB Brute Force Logins With Default Credentials (OID: 1.3.6.1.4.1.25623.1.0.804449)

2016-08-08 Thread Corti Matteo (ID BD)
Aug 2016, at 16:18, Eero Volotinen wrote: > > Your smbclient syntax looks incorrect. Please check out the manpage.. > > Eero > > > 8.8.2016 5.14 ip. "Corti Matteo (ID BD)" <mailto:co...@ethz.ch>> kirjoitti: > Hi > > a recent scan shows a

Re: [Openvas-discuss] SMB Brute Force Logins With Default Credentials (OID: 1.3.6.1.4.1.25623.1.0.804449)

2016-08-08 Thread Corti Matteo (ID BD)
-35.el6_8] tree connect failed: NT_STATUS_BAD_NETWORK_NAME It is not a problem with the smbclient syntax. I can also try to mount the share with an OS X or Windows machine. Same result. Matteo > > 2016-08-08 17:22 GMT+03:00 Corti Matteo (ID BD) <mailto:co...@ethz.ch>>: > Hi &

Re: [Openvas-discuss] SMB Brute Force Logins With Default Credentials (OID: 1.3.6.1.4.1.25623.1.0.804449)

2016-08-08 Thread Corti Matteo (ID BD)
Hi > On 08 Aug 2016, at 20:55 , Reindl Harald wrote: >> Well. exposing samba protocol to internet without ipsec is not wise >> thing to do. It might be also problem with NVT > > it's not unwise, it's just a *absolute* no-go having samba/nfs/netatalk on a > wan-interface without a secured tunnel

Re: [Openvas-discuss] SMB Brute Force Logins With Default Credentials (OID: 1.3.6.1.4.1.25623.1.0.804449)

2016-08-08 Thread Corti Matteo (ID BD)
ro > > 2016-08-08 21:45 GMT+03:00 Corti Matteo (ID BD) <mailto:co...@ethz.ch>>: > Hi > >> On 08 Aug 2016, at 16:42 , Eero Volotinen > <mailto:eero.voloti...@iki.fi>> wrote: >> >> You are sensoring the input, so it's bit hard to guess the p

Re: [Openvas-discuss] SMB Brute Force Logins With Default Credentials (OID: 1.3.6.1.4.1.25623.1.0.804449)

2016-08-08 Thread Corti Matteo (ID BD)
23:11 GMT+03:00 Eero Volotinen <mailto:eero.voloti...@iki.fi>>: > This plugin is used to detect issue: > > http://plugins.openvas.org/nasl.php?oid=804449 > <http://plugins.openvas.org/nasl.php?oid=804449> > > Looks like it's connecting to IPC$ share. > >

[Openvas-discuss] False positives by pfile Multiple Cross Site Scripting and SQL Injection Vulnerabilities

2016-09-20 Thread Corti Matteo (ID BD)
Hi I get a warning for "pfile Multiple Cross Site Scripting and SQL Injection Vulnerabilities” (http://plugins.openvas.org/nasl.php?oid=103435) The tested server hosts MailCleaner (http://www.mailcleaner.net), an mail filter which does *not* use pfile The plugin tries to access https://mailcl

[Openvas-discuss] Scans go letargic after a while

2016-10-17 Thread Corti Matteo (ID BD)
Hi When I start a scan it goes well for a short while (3%-4%) and then OpenVAS stops doing anything. Load of the machine sinks to almost 0 and ps shows root 881 0.0 0.2 186268 47860 ?SN Oct16 0:00 openvassd: testing 129.132.202.80 root 1006 0.1 0.2 162792 38284 ?

Re: [Openvas-discuss] Scans go letargic after a while

2016-10-17 Thread Corti Matteo (ID BD)
Hi > On 17.10.2016 13:53, Corti Matteo (ID BD) wrote: >> I have to stop redis, delete /var/lib/redis/dump.rdb and restart redis. > > this sounds like the known redis issues which where discussed here at > the ML in the past. See the following ML post for a possible work

[Openvas-discuss] Problem starting gsa

2017-01-31 Thread Corti Matteo (ID BD)
Hi Since a couple of days I am no more able to start gsa. For example $ /usr/sbin/gsad --port=9392 --mport=9390 --mlisten=127.0.0.1 --gnutls-priorities=SECURE128:-AES-128-CBC:-CAMELLIA-128-CBC:-VERS-SSL3.0:-VERS-TLS1.0 -vvv give no output with the following entries in the log file gs

Re: [Openvas-discuss] Problem starting gsa

2017-01-31 Thread Corti Matteo (ID BD)
t; > On 31.01.2017 11:56, Corti Matteo (ID BD) wrote: >> Why is gsad trying to use port 80? > > i think because of the following: > >> gsad main: DEBUG:2017-01-31 10h49.22 utc:24067: Forking for redirect... >> gsad main:WARNING:2017-01-31 10h49.22 utc:24068: main: > s

Re: [Openvas-discuss] Problem starting gsa

2017-01-31 Thread Corti Matteo (ID BD)
operating system and package versions > https://bugzilla.redhat.com/show_bug.cgi?id=1416034 > > a new build is in testing and and then 0.9.52 should work too > > Am 31.01.2017 um 11:56 schrieb Corti Matteo (ID BD): >> give no output with the following entries in the log file >&

[Openvas-discuss] Internal error: get_many:2338 (GSA 7.0.2)

2017-08-15 Thread Corti Matteo (ID BD)
Hi Suddenly while trying to get the task list I get Internal error: get_many:2338 (GSA 7.0.2) An internal error occurred while getting resources list. The current list of resources is not available. Diagnostics: Failure to receive response from manager daemon. Running ./openvas-check-setup --v

[Openvas-discuss] Process XY (OID: XY) seems to have died too early

2017-11-20 Thread Corti Matteo (ID BD)
Hi I am using Openvas 9 and I often (every couple of days) see the following error in the log Process 3457 (OID: 1.3.6.1.4.1.25623.1.0.100871) seems to have died too early After the sudden stop, I am not able to start any scan. I have to: kill the scanner kill the manager stop redis

Re: [Openvas-discuss] Creating new alerts hangs

2018-05-15 Thread Corti Matteo (ID BD)
Hi I just noticed that I can create a task when adding the IPs with a file. But I have the same problem (“Creating…” forever) when creating an email alert Matteo > On 9 May 2018, at 12:14 , Corti Matteo (ID BD) wrote: > > Hi > > When trying to create new alerts Greenbon

[Openvas-discuss] Forcing a deep scan

2018-05-15 Thread Corti Matteo (ID BD)
Hi I have a target configured with a "Full and fast ultimate” config. We now installed a lot of new stuff on the targeted machines but I am not able to tell OpenVAS to *temporarily* ignore the last scans and perform a “very deep” scan. Is there a quick way or creating a new Task is the only way

Re: [Openvas-discuss] Creating new alerts hangs

2018-06-13 Thread Corti Matteo (ID BD)
Hi If anyone is interested: it seems related to Safari on macOS. With Chrome it works … Matteo -- ETH Zurich, Dr. Matteo Corti, Leiter ID Basisdienste STB H 11.1, Stampfenbachstrasse 69, 8092 Zurich Tel +41 44 63 27944, http://www.id.ethz.ch > On 15 May 2018, at 09:08, Corti Matteo (ID