14:23:46 2016][9141] Total time to scan all hosts : 63 seconds
I already set the "Alive Test" to "considered alive", but I'm still
getting no results.
--
Ralf Hildebrandt Charite Universitätsmedizin Berlin
ralf.hildebra...@charite.deC
the nmap NSE
NVTs.
Is the dependency on this age-old version of nmap really an issue?
--
Ralf Hildebrandt Charite Universitätsmedizin Berlin
ralf.hildebra...@charite.deCampus Benjamin Franklin
http://www.charite.de Hindenburgdamm 30, 12203 Berlin
r is NOT running!
SUGGEST: Start OpenVAS Scanner (openvassd).
ERROR: Your OpenVAS-8 installation is not yet complete!
I'm then running:
# openvasmd --rebuild
# echo $?
1
And after that I'm getting the same result as above.
I cannot start openvassd. But why?
--
Ralf
* Michael Meyer :
> *** Ralf Hildebrandt wrote:
>
> >WARNING: OpenVAS Scanner is NOT running!
> >SUGGEST: Start OpenVAS Scanner (openvassd).
In the meantime it's running, but
# openvasmd --rebuild
is hanging. It's beeing running since:
root
* Ralf Hildebrandt :
> # ls -l /var/lib/openvas/scap-data/scap.db
> -rw-r--r-- 1 root root 282370048 Apr 6 00:00
> /var/lib/openvas/scap-data/scap.db
>
> # lsof |grep scap.db
> openvasmd 24686 root8u REG9,2 282370048
> 117463496 /var/
* Michael Meyer :
> *** Ralf Hildebrandt wrote:
>
> > And the number of NVTs is 46542. So why is it "too low"?
>
> You didn't run "openvasmd --rebuild"?
>
> 1. Kill all running openvas services.
> 2. Delete /var/lib/openvas/plugins/*
> 3.
* Ralf Hildebrandt :
> I think it's time to ramp up the logging as you suggested.
Logging from level=128 (openvasmd.log) is attached.
# openvasmd --rebuild --progress --verbose
Rebuilding NVT cache... /
still hangs
--
Ralf Hildebrandt Charite Universitätsmedizi
* Michael Meyer :
> *** Ralf Hildebrandt wrote:
>
> > root 32756 44.6 0.0 163740 32256 ?Ss 13:23 1:15 openvassd:
> > Reloaded all the NVTs.
>
> Still missing the "openvassd: Waiting for incoming connections" state.
Indeed. this state is never
* Ralf Hildebrandt :
> # strace -p 4949
> strace: Process 4949 attached
> restart_syscall(<... resuming interrupted nanosleep ...>) = 0
> write(6, "*4\r\n$6\r\nHSETNX\r\n$23\r\nOpenVAS.__G"..., 60) = 60
> read(6, ":0\r\n", 16384)= 4
> wr
* Michael Meyer :
> *** Ralf Hildebrandt wrote:
>
> > # strace -p 4949
> > strace: Process 4949 attached
> > restart_syscall(<... resuming interrupted nanosleep ...>) = 0
> > write(6, "*4\r\n$6\r\nHSETNX\r\n$23\r\nOpenVAS.__G"..., 60) = 60
>
&g
ep time is 0
lib serv: DEBUG:2016-04-11 13h55.17 utc:21705:Shook hands with peer.
md main: DEBUG:2016-04-11 13h55.17 utc:21705:sql_open: db open, max
retry sleep time is 0
lib serv: DEBUG:2016-04-11 13h55.38 utc:22380:Shook hands with peer.
md main: DEBUG:2016-04-11 13h55.38
https://wiki.openvas.org/
says "Cannot contact the database server"
--
Ralf Hildebrandt Charite Universitätsmedizin Berlin
ralf.hildebra...@charite.deCampus Benjamin Franklin
http://www.charite.de Hindenburgdamm 30, 12203 Berlin
Geschäftsberei
Can I run the openvas-scapdata-sync etc. during a scan? Or will that
cause inconsistencies in the scan?
--
Ralf Hildebrandt Charite Universitätsmedizin Berlin
ralf.hildebra...@charite.deCampus Benjamin Franklin
http://www.charite.de Hindenburgdamm 30, 12203
* Ralf Hildebrandt :
> https://wiki.openvas.org/
> says "Cannot contact the database server"
Still broken...
--
Ralf Hildebrandt Charite Universitätsmedizin Berlin
ralf.hildebra...@charite.deCampus Benjamin Franklin
http://www.charite.de H
I have several periodic tasks configured, and until recently all of
those had these handy "trend indicator" arrows.
These are gone now :( -- and I have no idea why... The column "Trend"
is empty.
I'm using "openvas 6.0.8-2xenial"
--
Ralf Hi
* Ralf Hildebrandt :
> I have several periodic tasks configured, and until recently all of
> those had these handy "trend indicator" arrows.
>
> These are gone now :( -- and I have no idea why... The column "Trend"
> is empty.
>
> I'm using &q
* Ralf Hildebrandt :
> > I have several periodic tasks configured, and until recently all of
> > those had these handy "trend indicator" arrows.
> >
> > These are gone now :( -- and I have no idea why... The column "Trend"
> > is empty.
They d
When using "./openvas-check-setup --v9", it's hanging when executing
the "openvassd -s" command.
I'm running openvas9 beta 3 from
https://launchpad.net/~mrazavi/+archive/ubuntu/openvas
--
Ralf Hildebrandt Charite Universitätsmedizin Berl
* Ralf Hildebrandt :
> When using "./openvas-check-setup --v9", it's hanging when executing
> the "openvassd -s" command.
>
> I'm running openvas9 beta 3 from
> https://launchpad.net/~mrazavi/+archive/ubuntu/openvas
Oh, it seems to work when t
I have several periodic tasks (running weekly on the weekend). Is
there a simple way of running those "now"?
Currently, I need to change the task, remove the schedule, run it by
clicking on the "play" button.
--
Ralf Hildebrandt Charite Univer
w-r--r-- 1 root root 1700 Jul 21 12:29 ./CA/servercert.pem
-rw--- 1 root root 8289 Jul 21 12:29 ./private/CA/cakey.pem
-rw--- 1 root root 8282 Jul 21 12:29 ./private/CA/clientkey.pem
-rw--- 1 root root 8295 Jul 21 12:29 ./private/CA/serverkey.pem
--
Ralf Hildebrandt Ch
but the package collection seems
> to mix several version of OpenVAS. And please remind that OpenVAS-9 is
> not supported yet.
I can tell you that the openvas from
https://launchpad.net/~mrazavi/+archive/ubuntu/openvas
works like a charm (I tried both 8 and 9beta3)
--
Ral
* Turner,Jonas :
> The openvasmd --rebuild just doesn’t seem to want to work. I think if I can
> rebuild that…I think it would fix itself. :/
This happened to me when I had old database files lying around.
I had to deinstall, remove all files, install again.
--
Ralf Hilde
password).
Alas, they can log into GSAD, but they cannot see anything (no
reports, no tasks).
Is this intentional?
--
Ralf Hildebrandt Charite Universitätsmedizin Berlin
ralf.hildebra...@charite.deCampus Benjamin Franklin
http://www.charite.de H
User Tags" -- in openvas8 this gave me all findings for that host
instead.
How do I get the old behaviour back?
--
Ralf Hildebrandt Charite Universitätsmedizin Berlin
ralf.hildebra...@charite.deCampus Benjamin Franklin
http://www.charite.de Hindenburgd
t fails?
(I can create a non-empty TXT report as well as a PDF report!)
--
Ralf Hildebrandt Charite Universitätsmedizin Berlin
ralf.hildebra...@charite.deCampus Benjamin Franklin
http://www.charite.de Hindenburgdamm 30, 12203 Berlin
Geschäftsbereich IT,
* Eero Volotinen :
> You are possibly missing some binaries. Check out local generate script and
> install needed tools.
Thanks.
# apt-cache search xmlstarlet
xmlstarlet - XML-Werkzeugsatz für die Kommandozeile
was missing. I would have expected to find this in the log, though.
--
Some of the NVTs perform email checks. Now one colleague mentioned,
that example.com is a reserved domain (for examples, that is) -- and
at the same time mentioned the existence of the .test TLD --
explicitly designed for testing.
Where/how can example.com be changed into example.test ?
--
Ralf
* Christian Fischer :
> Hi,
>
> On 18.11.2016 13:31, Ralf Hildebrandt wrote:
> > Where/how can example.com be changed into example.test ?
>
> this behavior can be changed within the following settings of your scan
> configuration:
>
> SMTP settings From addres
How can I specify which HTTP Credentials to use during a scan?
I see SMB, ESXi and SSH credentials, but can't seem to find HTTP basic
auth credentials anywhere.
--
Ralf Hildebrandt Charite Universitätsmedizin Berlin
ralf.hildebra...@charite.deCampus Benjamin Fra
.231.251
gsad main:WARNING:2016-12-28 11h55.30 utc:1673: Authentication failure for
'admin' from 141.42.231.251
gsad main:WARNING:2016-12-28 12h03.08 utc:1673: Authentication failure for
'admin' from 141.42.231.251
--
Ralf Hildebrandt Charite Universitätsmedi
here. It *used* to work in the last
version, it doesn't work now. Once I removed it, I could authenticate
again.
--
Ralf Hildebrandt Charite Universitätsmedizin Berlin
ralf.hildebra...@charite.deCampus Benjamin Franklin
http://www.charite.de Hindenburgd
KB (redis-server)
PID=4990 swapped 65000 KB (vmtoolsd)
PID=66579 swapped 85799 KB (openvasmd)
PID=66363 swapped 86211 KB (openvasmd)
PID=100816 swapped 87612 KB (openvasmd)
PID=69131 swapped 3908328 KB (gsad)
Is gsad maybe leaking memory?
--
Ralf Hildebrandt
d France).
>
> Just can tell you that the issue you're so aggressively talking about
> has been already fixed and is available in a current feed version.
How can I check which version of the feed I have installed and which
version is available (to check if I'm up-to-date)
* Ralf Hildebrandt :
> Prio to my recent update of openvas-9 I checked my machine (159 days of
> uptime, with weekly schedules scans in openvas) and found all swap being
> used.
>
> Naturally, I wanted to find out which programs used most swap and
> found:
>
> PID=1
pting skills?
--
Ralf Hildebrandt Charite Universitätsmedizin Berlin
ralf.hildebra...@charite.deCampus Benjamin Franklin
http://www.charite.de Hindenburgdamm 30, 12203 Berlin
Geschäftsbereich IT, Abt. Netzwerk fon: +49-30-450.57
ng incremental file list
plugin_feed_info.inc
1,226 100%1.17MB/s0:00:00 (xfr#1, to-chk=0/1)
sent 43 bytes received 1,330 bytes 915.33 bytes/sec
total size is 1,226 speedup is 0.89
# echo $?
0
--
Ralf Hildebrandt Charite Universitätsmedizin Berlin
ralf.
t; Vulnerabili... (OID: 1.3.6.1.4.1.25623.1.0.802406)
--
Ralf Hildebrandt Charite Universitätsmedizin Berlin
ralf.hildebra...@charite.deCampus Benjamin Franklin
http://www.charite.de Hindenburgdamm 30, 12203 Berlin
Geschäftsbereich IT, Abt. Netzwerk f
-864a-158c4dd67754
--
Ralf Hildebrandt Charite Universitätsmedizin Berlin
ralf.hildebra...@charite.deCampus Benjamin Franklin
https://www.charite.de Hindenburgdamm 30, 12203 Berlin
Geschäftsbereich IT, Abt. Netzwerk fon: +49-30-450.57
:1.3.6.1.4.1.25623.1.0.901202:category"
8945 "SRANDMEMBER" "login/SSH/success"
10668 "SRANDMEMBER" "HostDetails/OS/cpe:/o:fedoraproject:fedora"
23307 "SRANDMEMBER" "oid:1.3.6.1.4.1.25623.1.0.18183:category"
48151 "SRANDMEMB
a way to confirm the latest available version? Also, how far behind
> are the NVT updates for free version vs the enterprise?
http://plugins.openvas.org/
says "Plugin Set: 201705050549"
--
Ralf Hildebrandt Charite Universitätsmedizin Berlin
ralf.hildebra...@charite
7
> write(5, "*2\r\n$11\r\nSRANDMEMBER\r\n$41\r\noid:1"..., 70) = 70
> read(5, "$1\r\n3\r\n", 16384) = 7
> write(5, "*2\r\n$11\r\nSRANDMEMBER\r\n$40\r\noid:1"..., 69) = 69
> ...
> """
>
> Both redis and openvas
* Shreyas M R :
> How often Openvas NVT are updated? Red Hat reports security bugs on daily
> basis, how new Red Hat bugs are included to NVD database and OpenVAS NVT
> feed?
About once per week
--
Ralf Hildebrandt Charite Universitätsmedizin Berlin
ralf.hildebra...@c
* Shreyas M R :
> Is there any prrof of it? Like a link where I can verify that it updates
> once every week
http://plugins.openvas.org/
check for "Last update"
--
Ralf Hildebrandt Charite Universitätsmedizin Berlin
ralf.hildebra...@charite.deCampus B
/sbin/greenbone-nvt-sync --feedversion
201707260553
--
Ralf Hildebrandt Charite Universitätsmedizin Berlin
ralf.hildebra...@charite.deCampus Benjamin Franklin
https://www.charite.de Hindenburgdamm 30, 12203 Berlin
Geschäftsbereich IT,
from redis. That's like nuking the
entire site from orbit.
--
Ralf Hildebrandt Charite Universitätsmedizin Berlin
ralf.hildebra...@charite.deCampus Benjamin Franklin
https://www.charite.de Hindenburgdamm 30, 12203 Berlin
Geschäftsbereich IT, Abt. Netz
GSA 7.0.3?
/usr/sbin/gsad --allow-header-host=xxx -c /root/certificates/xxx.pem -k
/root/certificates/privkey.pem --port=443 --no-redirect
"--allow-header-host=xxx"
--
Ralf Hildebrandt Charite Universitätsmedizin Berlin
ralf.hildebra...@charite.deCampus B
ui somethimes bails
out with:
Internal error: exec_omp_get:3113 (GSA 7.0.3)
An internal error occurred. Diagnostics: Could not authenticate to
manager daemon.
The ui then offers a "assumed sane state" link and one can continue.
--
Ralf Hildebrandt Charite Universitätsmedi
e PPA are not postgres enabled.
--
Ralf Hildebrandt Charite Universitätsmedizin Berlin
ralf.hildebra...@charite.deCampus Benjamin Franklin
https://www.charite.de Hindenburgdamm 30, 12203 Berlin
Geschäftsbereich IT, Abt. Netzwerk fon: +49-30-450.570.155
signatur
* Ralf Hildebrandt :
> * Roger Davies :
> > Ralf
> >
> > Not seen that. I use Postgres and haven't seen that error, although my
> > manager instance is still on the older 7.0.1 version (compiled).
>
> Definitely occured with the recent update from Moh
e of sqlite3_step is SQLITE_INTERRUPT
(https://www.sqlite.org/rescode.html#interrupt)
sqlite3_interrupt() can cause this (see function sql_cancel_internal() )
but I don't see where that function is being used.
--
Ralf Hildebrandt Charite Universitätsmedizin Berlin
ralf.
it.d/openvas-manager start
lso check the logs at /var/log/openvas/openvasmd.log
--
Ralf Hildebrandt Charite Universitätsmedizin Berlin
ralf.hildebra...@charite.deCampus Benjamin Franklin
https://www.charite.de Hindenburgdamm 30, 12203 Berlin
Geschäftsbereich IT, A
Detection Method
Details: 1.3.6.1.4.1.25623.1.0.140803 (OID: 1.3.6.1.4.1.25623.1.0.140803)
Version used: $Revision: 9758 $
Product Detection Result
Product: cpe:/a:acme:mini_httpd:1.23
Method: mini_httpd Detection (OID: 1.3.6.1.4.1.25623.1.0.140802)
Log:View details of product detection
How can I fix th
* Ralf Hildebrandt :
> In my openvas installation the vulnerability
> "1.3.6.1.4.1.25623.1.0.140803" doesn't have a proper title. It's
> listed under it's OID:
Argh, a NVT Update fixed those :/
--
Ralf Hildebrandt Charite Universitätsmedizin
54 matches
Mail list logo