[atomic] Openvas 4.x Updates
-
- Atomicorp Staff - Site Admin
- Posts: 8355
- Joined: Wed Dec 31, 1969 8:00 pm
- Location: earth
- Contact:
Re: [atomic] Openvas 4.x Updates
Right, its not something that can be built on el5
Re: [atomic] Openvas 4.x Updates
Allright, got some better results:
- sqlite is now actually giving me back some results:
[root@vps500 mgr]# sqlite3 tasks.db "select count(*) from nvts;"
21256
[root@vps500 m
-I can run a scan but do I have to create a slave or not? I created a slave and if I create a new scan, the scan name called test fails but the slave scan does work.
The results from the slave scan are a little bit broken, I got results like:
Name: 082ff479-f1cc-4935-a900-30bdba64c1eb
Comment: Slave task created by Master
Config: 082ff479-f1cc-4935-a900-30bdba64c1eb
Escalator:
Schedule: (Next due: over)
Target: 082ff479-f1cc-4935-a900-30bdba64c1eb
Slave:
Status:
Done
Reports: 1 (Finished: 1)
An no mathe what I click it will give an error.
On the server I saw the openvas scan run so it did do something but now I can not view the results
Almost there
- sqlite is now actually giving me back some results:
[root@vps500 mgr]# sqlite3 tasks.db "select count(*) from nvts;"
21256
[root@vps500 m
-I can run a scan but do I have to create a slave or not? I created a slave and if I create a new scan, the scan name called test fails but the slave scan does work.
The results from the slave scan are a little bit broken, I got results like:
Name: 082ff479-f1cc-4935-a900-30bdba64c1eb
Comment: Slave task created by Master
Config: 082ff479-f1cc-4935-a900-30bdba64c1eb
Escalator:
Schedule: (Next due: over)
Target: 082ff479-f1cc-4935-a900-30bdba64c1eb
Slave:
Status:
Done
Reports: 1 (Finished: 1)
An no mathe what I click it will give an error.
On the server I saw the openvas scan run so it did do something but now I can not view the results
Almost there
-
- Atomicorp Staff - Site Admin
- Posts: 8355
- Joined: Wed Dec 31, 1969 8:00 pm
- Location: earth
- Contact:
Re: [atomic] Openvas 4.x Updates
if everything is running on the same system, then no you don't have to create a slave since it will assume localhost. If you're running GSAD or GSD on a different box, then yes you'd make the slave the other system(s) and associate those with a specific task.
Re: [atomic] Openvas 4.x Updates
Ok ,that makes sense.
I now created a new task and removed the slave, the task is scheduled but keeps on 'Requested' state.
The logfile shows:
ad admin:UNKNOWN:2011-05-10 20h39.48 CEST:6362: file /builddir/build/BUILD/openvas-administrator-1.1.1/src/admin.c: line 921 (openvas_get_sync_script_description): assertion failed: (*description)
==> /var/log/openvas/openvasmd.log <==
event auth:MESSAGE:2011-05-10 19h48.35 utc Authentication success for user admin (b2316fa2-1cac-4023-a26e-f8d10407e5e6)
event auth:MESSAGE:2011-05-10 19h48.50 utc Authentication success for user admin (b2316fa2-1cac-4023-a26e-f8d10407e5e6)
event task:MESSAGE:2011-05-10 19h48.50 utc Status of task (ace59c1c-29b4-4f9c-a17a-1cf0d32bc556) has changed to New
event task:MESSAGE:2011-05-10 19h48.57 utc Task ace59c1c-29b4-4f9c-a17a-1cf0d32bc556 has been created
event auth:MESSAGE:2011-05-10 19h50.01 utc Authentication success for user admin (b2316fa2-1cac-4023-a26e-f8d10407e5e6)
event auth:MESSAGE:2011-05-10 19h50.13 utc Authentication success for user admin (b2316fa2-1cac-4023-a26e-f8d10407e5e6)
event task:MESSAGE:2011-05-10 19h50.13 utc Status of task test2 (ace59c1c-29b4-4f9c-a17a-1cf0d32bc556) has changed to Requested
event task:MESSAGE:2011-05-10 19h50.23 utc Task ace59c1c-29b4-4f9c-a17a-1cf0d32bc556 has been requested to start
lib serv:WARNING:2011-05-10 19h50.23 utc Failed to gnutls_bye: Error in the push function.
==> /var/log/openvas/openvassd.log <==
[Tue May 10 16:30:50 2011][2129] received the TERM signal
[Tue May 10 16:48:41 2011][4551] openvassd 3.2.3 started
[Tue May 10 20:47:04 2011][6414] user om starts a new scan. Target(s) : www.info.nl, with max_hosts = 20 and max_checks = 4
[Tue May 10 20:47:04 2011][6414] user om : testing 80.79.193.95 (::ffff:80.79.193.95) [6554]
[Tue May 10 20:47:04 2011][6554] user om : new KB will be saved as /var/lib/openvas/users/om/kbs/80.79.193.95
[Tue May 10 20:53:10 2011][6554] Finished testing 80.79.193.95. Time : 365.75 secs
[Tue May 10 20:53:10 2011][6414] user om : test complete
[Tue May 10 20:53:10 2011][6414] Total time to scan all hosts : 367 seconds
[Tue May 10 20:53:10 2011][6414] user om : Kept alive connection
[Tue May 10 20:53:10 2011][6414] Communication closed by client
==> /var/log/openvas/openvasmd.log <==
event auth:MESSAGE:2011-05-10 19h52.36 utc Authentication success for user admin (b2316fa2-1cac-4023-a26e-f8d10407e5e6)
event auth:MESSAGE:2011-05-10 19h52.47 utc Authentication success for user admin (b2316fa2-1cac-4023-a26e-f8d10407e5e6)
event auth:MESSAGE:2011-05-10 19h52.59 utc Authentication success for user admin (b2316fa2-1cac-4023-a26e-f8d10407e5e6)
event auth:MESSAGE:2011-05-10 19h53.15 utc Authentication success for user admin (b2316fa2-1cac-4023-a26e-f8d10407e5e6)
I now created a new task and removed the slave, the task is scheduled but keeps on 'Requested' state.
The logfile shows:
ad admin:UNKNOWN:2011-05-10 20h39.48 CEST:6362: file /builddir/build/BUILD/openvas-administrator-1.1.1/src/admin.c: line 921 (openvas_get_sync_script_description): assertion failed: (*description)
==> /var/log/openvas/openvasmd.log <==
event auth:MESSAGE:2011-05-10 19h48.35 utc Authentication success for user admin (b2316fa2-1cac-4023-a26e-f8d10407e5e6)
event auth:MESSAGE:2011-05-10 19h48.50 utc Authentication success for user admin (b2316fa2-1cac-4023-a26e-f8d10407e5e6)
event task:MESSAGE:2011-05-10 19h48.50 utc Status of task (ace59c1c-29b4-4f9c-a17a-1cf0d32bc556) has changed to New
event task:MESSAGE:2011-05-10 19h48.57 utc Task ace59c1c-29b4-4f9c-a17a-1cf0d32bc556 has been created
event auth:MESSAGE:2011-05-10 19h50.01 utc Authentication success for user admin (b2316fa2-1cac-4023-a26e-f8d10407e5e6)
event auth:MESSAGE:2011-05-10 19h50.13 utc Authentication success for user admin (b2316fa2-1cac-4023-a26e-f8d10407e5e6)
event task:MESSAGE:2011-05-10 19h50.13 utc Status of task test2 (ace59c1c-29b4-4f9c-a17a-1cf0d32bc556) has changed to Requested
event task:MESSAGE:2011-05-10 19h50.23 utc Task ace59c1c-29b4-4f9c-a17a-1cf0d32bc556 has been requested to start
lib serv:WARNING:2011-05-10 19h50.23 utc Failed to gnutls_bye: Error in the push function.
==> /var/log/openvas/openvassd.log <==
[Tue May 10 16:30:50 2011][2129] received the TERM signal
[Tue May 10 16:48:41 2011][4551] openvassd 3.2.3 started
[Tue May 10 20:47:04 2011][6414] user om starts a new scan. Target(s) : www.info.nl, with max_hosts = 20 and max_checks = 4
[Tue May 10 20:47:04 2011][6414] user om : testing 80.79.193.95 (::ffff:80.79.193.95) [6554]
[Tue May 10 20:47:04 2011][6554] user om : new KB will be saved as /var/lib/openvas/users/om/kbs/80.79.193.95
[Tue May 10 20:53:10 2011][6554] Finished testing 80.79.193.95. Time : 365.75 secs
[Tue May 10 20:53:10 2011][6414] user om : test complete
[Tue May 10 20:53:10 2011][6414] Total time to scan all hosts : 367 seconds
[Tue May 10 20:53:10 2011][6414] user om : Kept alive connection
[Tue May 10 20:53:10 2011][6414] Communication closed by client
==> /var/log/openvas/openvasmd.log <==
event auth:MESSAGE:2011-05-10 19h52.36 utc Authentication success for user admin (b2316fa2-1cac-4023-a26e-f8d10407e5e6)
event auth:MESSAGE:2011-05-10 19h52.47 utc Authentication success for user admin (b2316fa2-1cac-4023-a26e-f8d10407e5e6)
event auth:MESSAGE:2011-05-10 19h52.59 utc Authentication success for user admin (b2316fa2-1cac-4023-a26e-f8d10407e5e6)
event auth:MESSAGE:2011-05-10 19h53.15 utc Authentication success for user admin (b2316fa2-1cac-4023-a26e-f8d10407e5e6)
Re: [atomic] Openvas 4.x Updates
Ah the scan is running, does it normally take 5 minutes or so to run directly?
Everything until now is running fine
Everything until now is running fine
-
- Atomicorp Staff - Site Admin
- Posts: 8355
- Joined: Wed Dec 31, 1969 8:00 pm
- Location: earth
- Contact:
Re: [atomic] Openvas 4.x Updates
Yeah it can take a while, Ive seen it take as long as 10 minutes to pick up a new task if the box is doing a lot of things.
Re: [atomic] Openvas 4.x Updates
Ok, now I am having problems viewing the report or download the XML report and see the report results.
The scan finishes just fine.
The scan finishes just fine.
Re: [atomic] Openvas 4.x Updates
The reason why I can not download the report is:
md main:WARNING:2011-05-11 08h54.42 utc manage_send_report: No such file or directory
But the scan runs normally, do I have to set the path where it should download the reports to or perhaps a temporary directory?
md main:WARNING:2011-05-11 08h54.42 utc manage_send_report: No such file or directory
But the scan runs normally, do I have to set the path where it should download the reports to or perhaps a temporary directory?
Re: [atomic] Openvas 4.x Updates
Allright, found it is a known bug on CentOS/RedHat:
http://www.linux.hr/openvas/archive/ind ... 2011-04-21
I gave the nobody user /bin/sh (I am not assigning this user to any service), the reports now work.
Now I have the following problem: pdf download gives me a 0 byte downloaded file :/
PS other formats work fine
http://www.linux.hr/openvas/archive/ind ... 2011-04-21
I gave the nobody user /bin/sh (I am not assigning this user to any service), the reports now work.
Now I have the following problem: pdf download gives me a 0 byte downloaded file :/
PS other formats work fine
Re: [atomic] Openvas 4.x Updates
Sorry for filling up this thread but I am having problems with saving a custom scan profile.
I ran a Nessus scan and an OpenVAS scan and I see I am missing things in OpenVAS with teh default fast and full scan.
Stuff like weak SSL Ciphers, so that is why I want to create a custom scan with SSL cipher checks and for OWASP/XSS/SQL injection checks with Nikto, Wapiti and such.
baiscally: check everyhting but DONT detroy the server
Does anyopne have such a scan template (XML) or can I choose a default one?
And another question: I run the NVT-SYNC-CROn script every night but do I also have to update the tasks.db file?
SQLite shows an increase in NVT's but the webinterface does not, do I have to run openvasmd -u or --rebuild every night?
I also am having problems with importing my custom XML scan format..it takes forever and I see nothing happening in the logfiles or qua load.
I ran a Nessus scan and an OpenVAS scan and I see I am missing things in OpenVAS with teh default fast and full scan.
Stuff like weak SSL Ciphers, so that is why I want to create a custom scan with SSL cipher checks and for OWASP/XSS/SQL injection checks with Nikto, Wapiti and such.
baiscally: check everyhting but DONT detroy the server
Does anyopne have such a scan template (XML) or can I choose a default one?
And another question: I run the NVT-SYNC-CROn script every night but do I also have to update the tasks.db file?
SQLite shows an increase in NVT's but the webinterface does not, do I have to run openvasmd -u or --rebuild every night?
I also am having problems with importing my custom XML scan format..it takes forever and I see nothing happening in the logfiles or qua load.
Re: [atomic] Openvas 4.x Updates
Anyone?
I want to propose Openvas + GSA as a replacement for Nessus at my company but I want to show them a good OpenVAS scan.
With the default fast + full it shows not that many information and Nessus does, it shows the SSLv2 vulnerability problem and OpenVAS doesn't because it does not check for it with the default settings.
I want to propose Openvas + GSA as a replacement for Nessus at my company but I want to show them a good OpenVAS scan.
With the default fast + full it shows not that many information and Nessus does, it shows the SSLv2 vulnerability problem and OpenVAS doesn't because it does not check for it with the default settings.
-
- Atomicorp Staff - Site Admin
- Posts: 8355
- Joined: Wed Dec 31, 1969 8:00 pm
- Location: earth
- Contact:
Re: [atomic] Openvas 4.x Updates
I believe part of that might be due to nmap 5.51, which jan & co. are aware of. So there will be an update for that forthcoming.
Re: [atomic] Openvas 4.x Updates
Hi Scott,
you mean nmap causes errors with SSLv2 checking or is nmap the reason I can not export and import and scan XML file?
Michiel
you mean nmap causes errors with SSLv2 checking or is nmap the reason I can not export and import and scan XML file?
Michiel
-
- Atomicorp Staff - Site Admin
- Posts: 8355
- Joined: Wed Dec 31, 1969 8:00 pm
- Location: earth
- Contact:
Re: [atomic] Openvas 4.x Updates
well the nmap version is definitely affecting SSL checks. XML is a different issue.
Re: [atomic] Openvas 4.x Updates
Ok, then I have to wait for the nmap fix. Do you know if I can create a scan without uding gsa? And do I only have to run the openvas-nvt-sync-cron or do I also need to update the tadk.db file?