Openvas 9 Released

Support/Development for OpenVAS
rmueller
New Forum User
New Forum User
Posts: 1
Joined: Wed Aug 16, 2017 5:01 am
Location: Germany

Re: Openvas 9 Released

Unread post by rmueller »

I ran into the same problem after updating OpenVAS.
Someone already reported it to the mailing list (http://lists.wald.intevation.org/piperm ... 03838.html) and it generated this ticket:
https://wald.intevation.org/tracker/?fu ... roup_id=29

It appears that the SQLite version is the problem:
the SQL syntax used in OpenVAS 9 (openvas-manager-7.0) needs SQLite 3.8.3 or above where you are running 3.7.17.

I have created an internal ticket to specify this requirement. For now please either update SQLite to a more recent version or stick on OpenVAS 8 which is still compatible with SQLite 3.7.17.
Not sure how to solve this.
The updated package should probably be removed from the repo until a solution is provided.
JE-atomicorpID
New Forum User
New Forum User
Posts: 2
Joined: Wed Aug 16, 2017 9:11 am
Location: Eastern US

Re: Openvas 9 Released

Unread post by JE-atomicorpID »

Thanks for posting these instructions. There are several issues I've encountered on Centos 7 (CentOS Linux release 7.3.1611 (Core)), including the following:

1. "openvas-check-setup" still defaults to version 8, and will complain that openvassd is too old or too new. "openvas-check-setup --v9" works properly.
2. redis is configured to create its redis.sock file to /tmp; however, it does not have sufficient privileges to do so. Either grant appropriate rights, or choose another location, such as /run/redis/redis.sock. In choosing the latter, the redis.conf file must be updated to reflect that change, as must the openvassd.conf file (by adding an entry "kb_location = /run/redis/redis.sock". In any case, the installation routine adds two unnecessary lines to the end of the redis.conf file, which ought to be commented out / removed altogether.
NOTE: Thanks to Michael Hampton for his post at https://serverfault.com/questions/82192 ... wont-start for the redis information.
3. finally, OpenVAS v9 has changed its SQLite syntax, according to this post at https://lists.wald.intevation.org/piper ... 03839.html, requiring a minimum of v3.8.3; however, v3.7.17 appears to be the highest available version for Centos 7, according to this article http://rpmfind.net/linux/rpm2html/searc ... ntos&arch=.

Other version-related details:
openvasmd --version
OpenVAS Manager 7.0.2
Manager DB revision 184
Copyright (C) 2010-2016 Greenbone Networks GmbH

openvassd --version
OpenVAS Scanner 5.1.1
Most new code since 2005: (C) 2016 Greenbone Networks GmbH
Nessus origin: (C) 2004 Renaud Deraison <deraison@nessus.org>

yum list openvas
openvas.noarch 9.0.0-1244.el7.art @atomic
CurtisFL
New Forum User
New Forum User
Posts: 1
Joined: Wed Aug 16, 2017 11:10 pm
Location: Sanford, FL

Re: Openvas 9 Released

Unread post by CurtisFL »

CentOS Linux release 7.3.1611
The sqlite rpm is 3.7.17-8.el7 but OpenVas v9 requires at least sqllite 3.8.
Using sqlite 3.7 causes scans to fail with an Internal Error and the following errors within /var/log/openvas/openvasmd.log:

sql_prepare_internal: sqlite3_prepare failed: near "(": syntax error
init_iterator: sql_prepare failed
manage_cleanup_process_error: Error exit, setting running task to Internal Error

To work around this requires downloading the sqlite code, compiling and replacing the shared 3.7 sqlite libraries,
with a later version such as 3.20 (https://www.sqlite.org/download.html).

Additional reference:
https://lists.wald.intevation.org/piper ... 03839.html
scott
Atomicorp Staff - Site Admin
Atomicorp Staff - Site Admin
Posts: 8355
Joined: Wed Dec 31, 1969 8:00 pm
Location: earth
Contact:

Re: Openvas 9 Released

Unread post by scott »

atomic-sqlite SCL packages have been added to the repo to handle the newer sqlite requirements.

@JE-atomicorpID Also if you have an update to openvas-setup (please note, there is a newer version out today) send us a patch or the whole file if that works for you. Im not exactly clear on what needs to change there, Im not seeing the same issue you are on an el7 test image so Im not sure where to go with it.

Thanks!
immauss
New Forum User
New Forum User
Posts: 1
Joined: Tue Aug 22, 2017 10:33 pm
Location: Earth

Re: Openvas 9 Released

Unread post by immauss »

As an unfortunate coincidence, my openvassd refused to start around the same time I applied the update that broke things on CenOS 7. As a result, I had to nuke it and start over. I took the steps from the first post here, and created the following:

Code: Select all

#!/bin/bash 
# Openvas 9 install script for CentOS7

#Disable selinux
setenforce 0
sed -i -e "s/^SELINUX.*$/SELINUX=disabled/" /etc/selinux/config
yum -y update
# Install dependant packages
yum install -y redis wget bzip2 texlive net-tools alien gnutls-utils
# Add Atomicorp repo (see https://wiki.atomicorp.com/wiki/index.php/Atomic)
wget -q -O - https://www.atomicorp.com/installers/atomic | sh
# Install OpenVAS 9
yum install openvas -y
# edit /etc/redis.conf
sed -i -e "s/^# unixsocket \/tmp\/redis.sock/unixsocket \/tmp\/redis.sock/" /etc/redis.conf
sed -i -e "s/^# unixsocketperm 700/unixsocketperm 700/" /etc/redis.conf
# Restart Redis
systemctl enable redis && systemctl restart redis
# openvas-setup
openvas-setup

# Open firewall port for tcp/9392
firewall-cmd --permanent --add-port=9392/tcp
firewall-cmd --reload

#To verify your OpenVAS setup, run
openvas-check-setup --v9
I then followed the steps at https://wiki.openvas.org/index.php/Gene ... t#CentOS_7
and used the section for "installation of texlive from the official texlive-mirrors."

Basically:

Code: Select all

wget http://mirror.ctan.org/systems/texlive/tlnet/install-tl-unx.tar.gz
 tar xvzf install-tl-unx.tar.gz
 cd install-tl-*
 ./install-tl
The script starts a console based GUI. Go to the "Options" section. and select "create symlinks (L)".
You will then need to fill in locations for the symlinks as follows:

Code: Select all

 binaries to:  /usr/bin
 manpages to: /usr/share/man
 info to:  /usr/share/info
Now return (R) to the main menu and install (I) texlive

openvas-check-setup --v9

Should tell you all is well including the PDF generation. (After a reboot to completely disable selinux)
JE-atomicorpID
New Forum User
New Forum User
Posts: 2
Joined: Wed Aug 16, 2017 9:11 am
Location: Eastern US

Re: Openvas 9 Released

Unread post by JE-atomicorpID »

scott wrote:atomic-sqlite SCL packages have been added to the repo to handle the newer sqlite requirements.

@JE-atomicorpID Also if you have an update to openvas-setup (please note, there is a newer version out today) send us a patch or the whole file if that works for you. Im not exactly clear on what needs to change there, Im not seeing the same issue you are on an el7 test image so Im not sure where to go with it.

Thanks!
Scott,

The updated sqlite packages successfully addressed the issue on Centos 7; I've now got a fully functional OpenVAS v9 server running and scanning successfully. Thank you very much for the rapid and effective response!
scott
Atomicorp Staff - Site Admin
Atomicorp Staff - Site Admin
Posts: 8355
Joined: Wed Dec 31, 1969 8:00 pm
Location: earth
Contact:

Re: Openvas 9 Released

Unread post by scott »

Thanks for the follow up, its really helpful to have the outside confirmation here!
phydroxide
New Forum User
New Forum User
Posts: 4
Joined: Tue Jan 23, 2018 4:33 pm
Location: Bozeman, Mt

Re: Openvas 9 Released

Unread post by phydroxide »

Support for OEL 7.4 would be beneficial if anybody has already done this. Here are some unresolved dependencies:
Error: Package: OSPd-nmap-1.0b1-2741.el7.art.noarch (atomic)
Requires: python-paramiko
Error: Package: openvas-libraries-9.0.1-2735.el7.art.x86_64 (atomic)
Requires: libksba.so.8(KSBA_0.9)(64bit)
Error: Package: OSPd-1.2.0-2744.el7.art.noarch (atomic)
Requires: python-paramiko
Error: Package: perl-Mail-IMAPClient-3.35-2.el7.art.noarch (atomic)
Requires: perl(Parse::RecDescent)
Error: Package: perl-Mail-Box-2.107-6.el7.art.noarch (atomic)
Requires: perl(File::Remove)
Error: Package: openvas-libraries-9.0.1-2735.el7.art.x86_64 (atomic)
Requires: libksba.so.8()(64bit)

MikeLim wrote:Many thanks to Atomicorp for this.

Here are my updated install notes for OpenVAS 9 on CentOS 7.3.1611 (minimal install).
Hope someone finds it useful. :shock:

1) Disable SELINUX (edit /etc/selinux/config) and reboot
2) Update your CentOS installation and reboot if necessary
yum -y update
3) Install the follow packages
yum install -y wget bzip2 texlive net-tools alien gnutls-utils
4) Add Atomicorp repo (see https://wiki.atomicorp.com/wiki/index.php/Atomic)
wget -q -O - https://www.atomicorp.com/installers/atomic | sh
5) Install OpenVAS 9
yum install openvas -y
6) edit /etc/redis.conf. Add/uncomment the following
unixsocket /tmp/redis.sock
unixsocketperm 700
7) Restart Redis
systemctl enable redis && systemctl restart redis
8) openvas-setup
Follow instructions and remember your admin password. If rsync throws error, check that your network allows outgoing TCP 873 to internet
9) Open firewall port for tcp/9392
firewall-cmd --permanent --add-port=9392/tcp
firewall-cmd --reload
firewall-cmd --list-port

Go to https://<IP-ADDRESS>:9392 and login.


To verify your OpenVAS setup, run
openvas-check-setup --v9
phydroxide
New Forum User
New Forum User
Posts: 4
Joined: Tue Jan 23, 2018 4:33 pm
Location: Bozeman, Mt

Re: PDF generation

Unread post by phydroxide »

MikeLim wrote:If you need to generate PDF from OpenVAS, refer to CentOS 7 instructions at https://wiki.openvas.org/index.php/Gene ... PDF_report
The OpenVas verify setup script says OpenVAS is "too old or too new" I'm on 5.1.1 and it says install 5.0. I don't get it. Why downgrade?
scott
Atomicorp Staff - Site Admin
Atomicorp Staff - Site Admin
Posts: 8355
Joined: Wed Dec 31, 1969 8:00 pm
Location: earth
Contact:

Re: Openvas 9 Released

Unread post by scott »

Ubuntu 16 and Kali linux packages are now also available in the atomic repo. These are still really early stage, so there are some rough edges to work out yet.

Please give them a shot, and let us know how they're working out!
Post Reply