Page 1 of 6
[atomic] Openvas 4.x Updates
Posted: Thu Feb 24, 2011 1:36 pm
by scott
This is the latest in the Openvas series of updates, the goal is to get the installation of OpenVAS down to a few basic steps starting with Fedora 14, and then backport that process to CentOS/RHEL. As it stands right now that is for the most part complete on Fedora 14, and 85% of the way on CentOS/RHEL.
Changelog:
* openvas-libraries 4.0.2
* openvas-scanner 3.2.2
* openvas-manager 2.0.1
* openvas-administrator 1.1.1
* openvas-cli 1.1.1
* GSD (Desktop Client) 1.1.0
* GSAD (Web Client) 2.0.0
Installation:
1) wget -q -O -
http://www.atomicorp.com/installers/atomic |sh
2) yum install openvas
3) openvas-nvt-sync-cron
4) openvas-adduser
5) Log in!
https://127.0.0.1:9392
Re: [atomic] Openvas 4.x Updates
Posted: Wed Mar 23, 2011 12:39 pm
by organicspider
Attempted to install and GSAD does not start. On checking in gsad.log I see
Code: Select all
gsad main:CRITICAL:2011-03-23 16h37.28 utc :30903: main: MHD_start_daemon failed!
and port 9392 is never bound to. The only other message I see was
Code: Select all
Starting greenbone-security-assistant: MHD HTTPS option 8 passed to MHD compiled without HTTPS support
Re: [atomic] Openvas 4.x Updates
Posted: Wed Mar 23, 2011 2:43 pm
by scott
What distro and architecture is that on?
Re: [atomic] Openvas 4.x Updates
Posted: Wed Mar 23, 2011 3:10 pm
by organicspider
Code: Select all
[root@gateway openvas]# cat /etc/redhat-release
CentOS release 5.5 (Final)
[root@gateway openvas]# uname -r -v -m -p -i
2.6.18-194.3.1.el5 #1 SMP Thu May 13 13:09:10 EDT 2010 i686 i686 i386
Re: [atomic] Openvas 4.x Updates
Posted: Thu Mar 24, 2011 1:53 pm
by organicspider
Any thoughts Scott ?
Re: [atomic] Openvas 4.x Updates
Posted: Thu Mar 24, 2011 2:16 pm
by scott
Not yet, I havent been able to reproduce what you're seeing.
I did run across an sqlite incompatibility with openvas-manager, and a missing xslt dependency for gsad (just updated).
Re: [atomic] Openvas 4.x Updates
Posted: Thu Mar 24, 2011 4:10 pm
by organicspider
Scott, would you be able to post a list of the pertinent RPMs you have installed ? I can then check them against my system and see if there is a difference.
Re: [atomic] Openvas 4.x Updates
Posted: Thu Mar 24, 2011 4:47 pm
by scott
They're all wrapped up into one meta-package, called "openvas". yum install openvas should get everything for you. If you'd already done that then "yum upgrade" should get you the the updated gsad & openvas-manager packages.
I dont want to get into package by package instructions since that will get very unmaintainable very fast. It would also be completely different across distros and probably even architectures. Let yum do the work here
Re: [atomic] Openvas 4.x Updates
Posted: Fri Mar 25, 2011 4:24 am
by organicspider
Ran yum update and greenbone-security-assistant and openvas-manager were updated. Still not dice on starting GSAD though
Re: [atomic] Openvas 4.x Updates
Posted: Fri Apr 22, 2011 12:33 pm
by paulv_ap
I am on the following machine:
Code: Select all
[root@app3 ~]# uname -a
Linux app3.angelpoints.com 2.6.9-67.0.22.ELsmp #1 SMP Fri Jul 11 10:37:57 EDT 2008 x86_64 x86_64 x86_64 GNU/Linux
Here is my installation:
Code: Select all
[root@app3 ~]# wget -q -O - http://www.atomicorp.com/installers/atomic |sh
Atomic Archive installer, version 1.4
BY INSTALLING THIS SOFTWARE AND BY USING ANY AND ALL SOFTWARE
PROVIDED BY ATOMICORP LIMITED YOU ACKNOWLEDGE AND AGREE:
THIS SOFTWARE AND ALL SOFTWARE PROVIDED IN THIS REPOSITORY IS
PROVIDED BY ATOMICORP LIMITED AS IS, IS UNSUPPORTED AND ANY
EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL ATOMICORP LIMITED, THE
COPYRIGHT OWNER OR ANY CONTRIBUTOR TO ANY AND ALL SOFTWARE PROVIDED
BY OR PUBLISHED IN THIS REPOSITORY BE LIABLE FOR ANY DIRECT,
INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
(INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
OF THE POSSIBILITY OF SUCH DAMAGE.
Do you agree to these terms (yes/no): yes
Configuring the [atomic] yum archive for this system
Installing the Atomic GPG key: OK
Downloading atomic-release-1.0-13.el4.art.noarch.rpm: OK
The Atomic Rocket Turtle archive has now been installed and configured for your system
The following channels are available:
atomic - [ACTIVATED] - contains the stable tree of ART packages
atomic-testing - [DISABLED] - contains the testing tree of ART packages
atomic-bleeding - [DISABLED] - contains the development tree of ART packages
[root@app3 ~]# yum install openvas
Setting up Install Process
Setting up repositories
atomic 100% |=========================| 1.9 kB 00:00
Reading repository metadata in from local files
Parsing package install arguments
No Match for argument: openvas
Nothing to do
[root@app3 ~]# yum list openvas
Setting up repositories
Reading repository metadata in from local files
[root@app3 ~]
As you can see it can't find the package. Any ides what might be going on here? Pardon me if there is something remedial about this. Not super experienced with yum or openvas.
Thanks in advance for any help anyone can provide.
Re: [atomic] Openvas 4.x Updates
Posted: Fri Apr 22, 2011 2:06 pm
by scott
For 4.x branch I recommend using at least EL5 (CentOS/RHEL) or if you can, EL6. Unfortunately it doesn't look like much of openvas will be something upstream can handle in the EL4 environments.
Re: [atomic] Openvas 4.x Updates
Posted: Fri Apr 22, 2011 4:13 pm
by paulv_ap
Thanks for answering.
Sorry if I don't quite understand the response. Are you saying that I should not install openvas on RHEL4 or that I need to take special configurations to do so?
If I need special configurations to do so, could you provide a link to such instructions? Should I be installing an older version of openvas?
Thanks,
Paul
Re: [atomic] Openvas 4.x Updates
Posted: Fri Apr 22, 2011 5:32 pm
by scott
Thats correct, OpenVAS 4.x has broken compatibility with EL4 environments. If there is enough community interest I can try and take a stab at building compatibility packages for it again, but at this time your other option is to use EL5 or EL6.
Re: [atomic] Openvas 4.x Updates
Posted: Fri Apr 22, 2011 6:56 pm
by paulv_ap
Okay. I have identified a machine and installed openvas (let's call this machine 1), however this machine can't be the one to do the actual scanning since it only has limited access to the data center.
I have identified an EL5 machine (machine 2) in the data center that I can install the scanner on but not the UI or webUI, etc,.
I am hoping I can install minimum scanning components for scanning on machine 2 and connect the ui portions from machine 1 to machine 2.
So how would I do the partial install on the EL5 machine? ie how would I modify the commands for minimal components?
Re: [atomic] Openvas 4.x Updates
Posted: Sat Apr 23, 2011 12:08 pm
by scott
Just run yum install openvas on your scanner box, and turn off gsad. Its only a client really, you can connect to remote scanners from inside of gsad