[atomic] Openvas 4.x Updates

Atomic repository announcements, new release notifications and other news regarding the atomic yum repository.
scott
Atomicorp Staff - Site Admin
Atomicorp Staff - Site Admin
Posts: 8355
Joined: Wed Dec 31, 1969 8:00 pm
Location: earth
Contact:

Re: [atomic] Openvas 4.x Updates

Unread post by scott »

Right, its not something that can be built on el5
xmichielx
Forum User
Forum User
Posts: 42
Joined: Thu Nov 12, 2009 9:01 am

Re: [atomic] Openvas 4.x Updates

Unread post by xmichielx »

Allright, got some better results:

- sqlite is now actually giving me back some results:
[root@vps500 mgr]# sqlite3 tasks.db "select count(*) from nvts;"
21256
[root@vps500 m

-I can run a scan but do I have to create a slave or not? I created a slave and if I create a new scan, the scan name called test fails but the slave scan does work.

The results from the slave scan are a little bit broken, I got results like:

Name: 082ff479-f1cc-4935-a900-30bdba64c1eb
Comment: Slave task created by Master
Config: 082ff479-f1cc-4935-a900-30bdba64c1eb
Escalator:
Schedule: (Next due: over)
Target: 082ff479-f1cc-4935-a900-30bdba64c1eb
Slave:
Status:
Done
Reports: 1 (Finished: 1)

An no mathe what I click it will give an error.
On the server I saw the openvas scan run so it did do something but now I can not view the results :(

Almost there :)
scott
Atomicorp Staff - Site Admin
Atomicorp Staff - Site Admin
Posts: 8355
Joined: Wed Dec 31, 1969 8:00 pm
Location: earth
Contact:

Re: [atomic] Openvas 4.x Updates

Unread post by scott »

if everything is running on the same system, then no you don't have to create a slave since it will assume localhost. If you're running GSAD or GSD on a different box, then yes you'd make the slave the other system(s) and associate those with a specific task.
xmichielx
Forum User
Forum User
Posts: 42
Joined: Thu Nov 12, 2009 9:01 am

Re: [atomic] Openvas 4.x Updates

Unread post by xmichielx »

Ok ,that makes sense. :)
I now created a new task and removed the slave, the task is scheduled but keeps on 'Requested' state.

The logfile shows:
ad admin:UNKNOWN:2011-05-10 20h39.48 CEST:6362: file /builddir/build/BUILD/openvas-administrator-1.1.1/src/admin.c: line 921 (openvas_get_sync_script_description): assertion failed: (*description)

==> /var/log/openvas/openvasmd.log <==
event auth:MESSAGE:2011-05-10 19h48.35 utc :10598: Authentication success for user admin (b2316fa2-1cac-4023-a26e-f8d10407e5e6)
event auth:MESSAGE:2011-05-10 19h48.50 utc :10601: Authentication success for user admin (b2316fa2-1cac-4023-a26e-f8d10407e5e6)
event task:MESSAGE:2011-05-10 19h48.50 utc :10601: Status of task (ace59c1c-29b4-4f9c-a17a-1cf0d32bc556) has changed to New
event task:MESSAGE:2011-05-10 19h48.57 utc :10601: Task ace59c1c-29b4-4f9c-a17a-1cf0d32bc556 has been created
event auth:MESSAGE:2011-05-10 19h50.01 utc :10676: Authentication success for user admin (b2316fa2-1cac-4023-a26e-f8d10407e5e6)
event auth:MESSAGE:2011-05-10 19h50.13 utc :10681: Authentication success for user admin (b2316fa2-1cac-4023-a26e-f8d10407e5e6)
event task:MESSAGE:2011-05-10 19h50.13 utc :10681: Status of task test2 (ace59c1c-29b4-4f9c-a17a-1cf0d32bc556) has changed to Requested
event task:MESSAGE:2011-05-10 19h50.23 utc :10681: Task ace59c1c-29b4-4f9c-a17a-1cf0d32bc556 has been requested to start
lib serv:WARNING:2011-05-10 19h50.23 utc :10681: Failed to gnutls_bye: Error in the push function.


==> /var/log/openvas/openvassd.log <==
[Tue May 10 16:30:50 2011][2129] received the TERM signal
[Tue May 10 16:48:41 2011][4551] openvassd 3.2.3 started
[Tue May 10 20:47:04 2011][6414] user om starts a new scan. Target(s) : www.info.nl, with max_hosts = 20 and max_checks = 4
[Tue May 10 20:47:04 2011][6414] user om : testing 80.79.193.95 (::ffff:80.79.193.95) [6554]
[Tue May 10 20:47:04 2011][6554] user om : new KB will be saved as /var/lib/openvas/users/om/kbs/80.79.193.95
[Tue May 10 20:53:10 2011][6554] Finished testing 80.79.193.95. Time : 365.75 secs
[Tue May 10 20:53:10 2011][6414] user om : test complete
[Tue May 10 20:53:10 2011][6414] Total time to scan all hosts : 367 seconds
[Tue May 10 20:53:10 2011][6414] user om : Kept alive connection
[Tue May 10 20:53:10 2011][6414] Communication closed by client



==> /var/log/openvas/openvasmd.log <==
event auth:MESSAGE:2011-05-10 19h52.36 utc :10704: Authentication success for user admin (b2316fa2-1cac-4023-a26e-f8d10407e5e6)
event auth:MESSAGE:2011-05-10 19h52.47 utc :10707: Authentication success for user admin (b2316fa2-1cac-4023-a26e-f8d10407e5e6)
event auth:MESSAGE:2011-05-10 19h52.59 utc :10710: Authentication success for user admin (b2316fa2-1cac-4023-a26e-f8d10407e5e6)
event auth:MESSAGE:2011-05-10 19h53.15 utc :10724: Authentication success for user admin (b2316fa2-1cac-4023-a26e-f8d10407e5e6)
xmichielx
Forum User
Forum User
Posts: 42
Joined: Thu Nov 12, 2009 9:01 am

Re: [atomic] Openvas 4.x Updates

Unread post by xmichielx »

Ah the scan is running, does it normally take 5 minutes or so to run directly?
Everything until now is running fine :)
scott
Atomicorp Staff - Site Admin
Atomicorp Staff - Site Admin
Posts: 8355
Joined: Wed Dec 31, 1969 8:00 pm
Location: earth
Contact:

Re: [atomic] Openvas 4.x Updates

Unread post by scott »

Yeah it can take a while, Ive seen it take as long as 10 minutes to pick up a new task if the box is doing a lot of things.
xmichielx
Forum User
Forum User
Posts: 42
Joined: Thu Nov 12, 2009 9:01 am

Re: [atomic] Openvas 4.x Updates

Unread post by xmichielx »

Ok, now I am having problems viewing the report or download the XML report and see the report results.
The scan finishes just fine.
xmichielx
Forum User
Forum User
Posts: 42
Joined: Thu Nov 12, 2009 9:01 am

Re: [atomic] Openvas 4.x Updates

Unread post by xmichielx »

The reason why I can not download the report is:

md main:WARNING:2011-05-11 08h54.42 utc :24624: manage_send_report: No such file or directory
But the scan runs normally, do I have to set the path where it should download the reports to or perhaps a temporary directory?
xmichielx
Forum User
Forum User
Posts: 42
Joined: Thu Nov 12, 2009 9:01 am

Re: [atomic] Openvas 4.x Updates

Unread post by xmichielx »

Allright, found it is a known bug on CentOS/RedHat:
http://www.linux.hr/openvas/archive/ind ... 2011-04-21

I gave the nobody user /bin/sh (I am not assigning this user to any service), the reports now work.
Now I have the following problem: pdf download gives me a 0 byte downloaded file :/

PS other formats work fine :)
xmichielx
Forum User
Forum User
Posts: 42
Joined: Thu Nov 12, 2009 9:01 am

Re: [atomic] Openvas 4.x Updates

Unread post by xmichielx »

Sorry for filling up this thread but I am having problems with saving a custom scan profile.
I ran a Nessus scan and an OpenVAS scan and I see I am missing things in OpenVAS with teh default fast and full scan.
Stuff like weak SSL Ciphers, so that is why I want to create a custom scan with SSL cipher checks and for OWASP/XSS/SQL injection checks with Nikto, Wapiti and such.
baiscally: check everyhting but DONT detroy the server :)
Does anyopne have such a scan template (XML) or can I choose a default one?

And another question: I run the NVT-SYNC-CROn script every night but do I also have to update the tasks.db file?
SQLite shows an increase in NVT's but the webinterface does not, do I have to run openvasmd -u or --rebuild every night?

I also am having problems with importing my custom XML scan format..it takes forever and I see nothing happening in the logfiles or qua load. :(
xmichielx
Forum User
Forum User
Posts: 42
Joined: Thu Nov 12, 2009 9:01 am

Re: [atomic] Openvas 4.x Updates

Unread post by xmichielx »

Anyone? :)
I want to propose Openvas + GSA as a replacement for Nessus at my company but I want to show them a good OpenVAS scan.
With the default fast + full it shows not that many information and Nessus does, it shows the SSLv2 vulnerability problem and OpenVAS doesn't because it does not check for it with the default settings.
scott
Atomicorp Staff - Site Admin
Atomicorp Staff - Site Admin
Posts: 8355
Joined: Wed Dec 31, 1969 8:00 pm
Location: earth
Contact:

Re: [atomic] Openvas 4.x Updates

Unread post by scott »

I believe part of that might be due to nmap 5.51, which jan & co. are aware of. So there will be an update for that forthcoming.
xmichielx
Forum User
Forum User
Posts: 42
Joined: Thu Nov 12, 2009 9:01 am

Re: [atomic] Openvas 4.x Updates

Unread post by xmichielx »

Hi Scott,

you mean nmap causes errors with SSLv2 checking or is nmap the reason I can not export and import and scan XML file?

Michiel
scott
Atomicorp Staff - Site Admin
Atomicorp Staff - Site Admin
Posts: 8355
Joined: Wed Dec 31, 1969 8:00 pm
Location: earth
Contact:

Re: [atomic] Openvas 4.x Updates

Unread post by scott »

well the nmap version is definitely affecting SSL checks. XML is a different issue.
xmichielx
Forum User
Forum User
Posts: 42
Joined: Thu Nov 12, 2009 9:01 am

Re: [atomic] Openvas 4.x Updates

Unread post by xmichielx »

Ok, then I have to wait for the nmap fix. Do you know if I can create a scan without uding gsa? And do I only have to run the openvas-nvt-sync-cron or do I also need to update the tadk.db file?
Post Reply