[atomic] Openvas 4.x Updates

Atomic repository announcements, new release notifications and other news regarding the atomic yum repository.
hostingguy
Forum Regular
Forum Regular
Posts: 661
Joined: Mon Oct 29, 2007 6:51 pm

Re: [atomic] Openvas 4.x Updates

Unread post by hostingguy »

Maybe i missed it, but is there a quick quide on how to use this using the CLI intead of a GUI ?
xmichielx
Forum User
Forum User
Posts: 42
Joined: Thu Nov 12, 2009 9:01 am

Re: [atomic] Openvas 4.x Updates

Unread post by xmichielx »

if I get it correctly the client is now the openvas manager? it can give commands to openvas-server and GSA is the web based interface for that.

Question for Scott: if I am correct I can not do the following: change the scanning configuration or do SSL weak cipher checking because of a bug in NMAP ?
Do you know if there is any idea when this will be fixed?
scott
Atomicorp Staff - Site Admin
Atomicorp Staff - Site Admin
Posts: 8330
Joined: Wed Dec 31, 1969 8:00 pm
Location: earth
Contact:

Re: [atomic] Openvas 4.x Updates

Unread post by scott »

if I get it correctly the client is now the openvas manager? it can give commands to openvas-server and GSA is the web based interface for that.
openvas-client was replaced by GSA (web client) and GSD (desktop client). Manager is middleware to handle communications between everything. It acts as both a queue, and a distributed management layer. If you remember nessus and older openvas scans would die if the client detached from the server. This solves that among other problems
Question for Scott: if I am correct I can not do the following: change the scanning configuration or do SSL weak cipher checking because of a bug in NMAP ?
Do you know if there is any idea when this will be fixed?
Its not so much a bug in nmap as my overly-aggressive response to requests to update packages :P Someone pointed out the version of nmap in atomic was 4.x and 5.51 was out, so I just bumped it without testing other applications. It turns ut openvas 4 wasnt up to the new stuff in 5.51 and some of the SSL tests arent working the way they should. So yes, its been fixed in but I don't know when that will be released.
xmichielx
Forum User
Forum User
Posts: 42
Joined: Thu Nov 12, 2009 9:01 am

Re: [atomic] Openvas 4.x Updates

Unread post by xmichielx »

Can I fix it by rpm -e nmap and exclude the nmap package from atomic and install the centos version?
I really need the SSL version/weak ciphers checking working so I can show that OpenVAS easily can compete with Nessus at my company.
Or is there an other way of fixing the SSL checking method?
xmichielx
Forum User
Forum User
Posts: 42
Joined: Thu Nov 12, 2009 9:01 am

Re: [atomic] Openvas 4.x Updates

Unread post by xmichielx »

I am tring oit now with the old centos nmap version..

Another question: when I perform the sqlite command to check how many plugins are in the tasks.db file I get:

[root@vps500 mgr]# sqlite3 tasks.db "select count(*) from nvts;"
21265

When I check how many NVT's there are in /var/lib/openvas/plugins;

[root@vps500 plugins]# ls -l | wc -l
42157

How come it dont match? it the tasks.db file automatically updated with new NVT's?
xmichielx
Forum User
Forum User
Posts: 42
Joined: Thu Nov 12, 2009 9:01 am

Re: [atomic] Openvas 4.x Updates

Unread post by xmichielx »

Hmm also with the old CentOS nmap I get not SSL checking using the Full and Fast :(
Does anyone know how I can fix the SSL checking?
scott
Atomicorp Staff - Site Admin
Atomicorp Staff - Site Admin
Posts: 8330
Joined: Wed Dec 31, 1969 8:00 pm
Location: earth
Contact:

Re: [atomic] Openvas 4.x Updates

Unread post by scott »

each NVT also has a signature that goes along with it, thats why you'll see double the rules in there. I don't have anything to update on nmap yet, you might want to try the irc channel
xmichielx
Forum User
Forum User
Posts: 42
Joined: Thu Nov 12, 2009 9:01 am

Re: [atomic] Openvas 4.x Updates

Unread post by xmichielx »

All is solved now :)
I fixed it by the kind help of the OpenVAS people via IRC, creating a new scan target through the interface and click twice sometimes fixed it for me :)
xmichielx
Forum User
Forum User
Posts: 42
Joined: Thu Nov 12, 2009 9:01 am

Re: [atomic] Openvas 4.x Updates

Unread post by xmichielx »

I have a small question about the plugin wapiti and w3af, both are installed from Atomic but fail to do actual scanning.
Wapiti gives me an error:


[root@vps500 ~]# wapiti
Traceback (most recent call last):
File "/usr/bin/wapiti", line 38, in ?
lan.configure()
File "/usr/lib/python2.4/site-packages/wapiti/language/language.py", line 53, in configure
lang = langCounty[:2] #en
TypeError: unsubscriptable object

And w3af does no actual scanning..how can I solve this so I can do more XSS/SQL injection scanning?
scott
Atomicorp Staff - Site Admin
Atomicorp Staff - Site Admin
Posts: 8330
Joined: Wed Dec 31, 1969 8:00 pm
Location: earth
Contact:

Re: [atomic] Openvas 4.x Updates

Unread post by scott »

yup, it needs the newer python suite which I'm not done with on el5 yet.
hostingguy
Forum Regular
Forum Regular
Posts: 661
Joined: Mon Oct 29, 2007 6:51 pm

Re: [atomic] Openvas 4.x Updates

Unread post by hostingguy »

trying to compile GSD is annoying on how it needs so much stuff that then has to be compiled, and each of those need things - is there anywhere you know of where its already done and compiled into an RPM or something?
scott
Atomicorp Staff - Site Admin
Atomicorp Staff - Site Admin
Posts: 8330
Joined: Wed Dec 31, 1969 8:00 pm
Location: earth
Contact:

Re: [atomic] Openvas 4.x Updates

Unread post by scott »

for Fedora 13 and up yes, its in atomic now. For EL5 its not possible, they based all the internals on newer versions of cairo and gtk.
hostingguy
Forum Regular
Forum Regular
Posts: 661
Joined: Mon Oct 29, 2007 6:51 pm

Re: [atomic] Openvas 4.x Updates

Unread post by hostingguy »

The first 2 things were that the openvas-libraries that are in atomic do not contain all the files that GSD needs - so it needs to be compiled from source, which then require a ton of other things to be installed - some of which needed to be source compiled as well - if I remember right one of them was gnutils v2 or greater which the 1.x branch is in the main distro chanel.
scott
Atomicorp Staff - Site Admin
Atomicorp Staff - Site Admin
Posts: 8330
Joined: Wed Dec 31, 1969 8:00 pm
Location: earth
Contact:

Re: [atomic] Openvas 4.x Updates

Unread post by scott »

GSD on Fedora 13 and above certainly dont need that, I use those now. And like I said before, you will never be able to get it to work on EL5 without major changes. Enough that it would be faster to just use EL6 (which it does work on)
Jimvin
New Forum User
New Forum User
Posts: 1
Joined: Sun Jul 03, 2011 3:14 am
Location: United Kingdom

Re: [atomic] Openvas 4.x Updates

Unread post by Jimvin »

Hi,
There is an issue with PDF generation when installing the OpenVAS/GSD packages from the atomic archive on CentOS 5.x. There is a simple workaround which will fix this.

http://jimhalfpenny.blogspot.com/2011/0 ... urity.html

Regards,
Jim
Post Reply