[atomic] Openvas 4.x Updates
-
- Forum Regular
- Posts: 661
- Joined: Mon Oct 29, 2007 6:51 pm
Re: [atomic] Openvas 4.x Updates
is openvas-nvt-sync-cron supposed to take a long time?
Its been running for about 20 minutes so far....
Is there also some instructions for CLI usage for scanning and emailing reports for those of us who don't use a GUI or dont want to use a web based manager?
Its been running for about 20 minutes so far....
Is there also some instructions for CLI usage for scanning and emailing reports for those of us who don't use a GUI or dont want to use a web based manager?
-
- Atomicorp Staff - Site Admin
- Posts: 8355
- Joined: Wed Dec 31, 1969 8:00 pm
- Location: earth
- Contact:
Re: [atomic] Openvas 4.x Updates
Yes, its grabbing all the NVT's from upstream. That can take a while, depending on how loaded the servers are.
I havent used omp myself (I use GSA), you'd have to check on the openvas website for more information on that.
I havent used omp myself (I use GSA), you'd have to check on the openvas website for more information on that.
-
- Forum Regular
- Posts: 661
- Joined: Mon Oct 29, 2007 6:51 pm
Re: [atomic] Openvas 4.x Updates
well it was at 2 hours last I checked - its on a server with no cusotmers, no traffic and no load so I expected it to be quite a bit faster starting the scanner.....
-
- Atomicorp Staff - Site Admin
- Posts: 8355
- Joined: Wed Dec 31, 1969 8:00 pm
- Location: earth
- Contact:
Re: [atomic] Openvas 4.x Updates
Yeah but how many people are hitting the openvas update server right now?
-
- Forum Regular
- Posts: 661
- Joined: Mon Oct 29, 2007 6:51 pm
Re: [atomic] Openvas 4.x Updates
If i do it manually it takes for ever loading all the plugins
[edit]
I came back this morning and it had started, but I still do see this never working
So apparently it didnt like that it didnt create the db file, so I created an empty one and now that all is ok
Now the setup verification script is complaining about something else
So it wanted me to install openvas-administrator which didnt auto install with the yum install openvas command previously.
and even though I did this from the start, it now wants me to create a user
it also didnt start the openvas administrator, so I had to start that manually as well.
Now it seems to be "ok" except that it always complains that the GSA is not bound to anything other than the local interface, and says it fixes it, but it says this every time - how can I make that permanent?
[edit]
I came back this morning and it had started, but I still do see this never working
Code: Select all
# ./openvas-check-setup
openvas-check-setup 2.0.6
Test completeness and readiness of OpenVAS-4
Please report us any non-detected problems and
help us to improve this check routine:
http://lists.wald.intevation.org/mailman/listinfo/openvas-discuss
Send us the log-file (/tmp/openvas-check-setup.log) to help analyze the problem.
Use the parameter --server to skip checks for client tools
like GSD and OpenVAS-CLI.
Step 1: Checking OpenVAS Scanner ...
OK: OpenVAS Scanner is present in version 3.2.3.
OK: OpenVAS Scanner CA Certificate is present as /var/lib/openvas/CA/cacert.pem.
OK: NVT collection in /var/lib/openvas/plugins contains 21019 NVTs.
Step 2: Checking OpenVAS Manager ...
OK: OpenVAS Manager is present in version 2.0.3.
OK: OpenVAS Manager client certificate is present as /var/lib/openvas/CA/clientcert.pem.
ERROR: No OpenVAS Manager database found. (Tried: /var/lib/openvas/mgr/tasks.db)
FIX: Run 'openvasmd --rebuild' while OpenVAS Scanner is running.
ERROR: Your OpenVAS-4 installation is not yet complete!
Please follow the instructions marked with FIX above and run this
script again.
If you think this result is wrong, please report your observation
and help us to improve this check routine:
http://lists.wald.intevation.org/mailman/listinfo/openvas-discuss
Please attach the log-file (/tmp/openvas-check-setup.log) to help us analyze the problem.
# openvasmd --rebuild
Aborted
# service openvas-scanner status
openvassd (pid 813200) is running...
# service openvas-manager status
-l is stopped
# service openvas-manager start
Starting openvas-manager:
[ OK ]
# service openvas-manager status
-l is stopped
Code: Select all
# touch /var/lib/openvas/mgr/tasks.db
# openvasmd --backup
# openvasmd --rebuild
# service openvas-manager status
-l is stopped
# service openvas-manager start
Starting openvas-manager:
[ OK ]
# service openvas-manager status
-l (pid 463527) is running...
Code: Select all
# ./openvas-check-setup --server
openvas-check-setup 2.0.6
Test completeness and readiness of OpenVAS-4
Please report us any non-detected problems and
help us to improve this check routine:
http://lists.wald.intevation.org/mailman/listinfo/openvas-discuss
Send us the log-file (/tmp/openvas-check-setup.log) to help analyze the problem.
Step 1: Checking OpenVAS Scanner ...
OK: OpenVAS Scanner is present in version 3.2.3.
OK: OpenVAS Scanner CA Certificate is present as /var/lib/openvas/CA/cacert.pem.
OK: NVT collection in /var/lib/openvas/plugins contains 21019 NVTs.
Step 2: Checking OpenVAS Manager ...
OK: OpenVAS Manager is present in version 2.0.3.
OK: OpenVAS Manager client certificate is present as /var/lib/openvas/CA/clientcert.pem.
OK: OpenVAS Manager database found in /var/lib/openvas/mgr/tasks.db.
OK: Access rights for the OpenVAS Manager database are correct.
OK: sqlite3 found, extended checks of the OpenVAS Manager installation enabled.
OK: OpenVAS Manager database is at revision 41.
OK: OpenVAS Manager expects database at revision 41.
OK: Database schema is up to date.
OK: OpenVAS Manager database contains information about 21019 NVTs.
OK: xsltproc found.
[b]Step 3: Checking OpenVAS Administrator ...
ERROR: No OpenVAS Administrator (openvasad) found.
FIX: Please install OpenVAS Administrator.[/b]
ERROR: Your OpenVAS-4 installation is not yet complete!
Please follow the instructions marked with FIX above and run this
script again.
If you think this result is wrong, please report your observation
and help us to improve this check routine:
http://lists.wald.intevation.org/mailman/listinfo/openvas-discuss
Please attach the log-file (/tmp/openvas-check-setup.log) to help us analyze the problem.
and even though I did this from the start, it now wants me to create a user
Code: Select all
Step 3: Checking OpenVAS Administrator ...
OK: OpenVAS Administrator is present in version 1.1.1.
OK: At least one user exists.
ERROR: No admin user found. You need to create at least one admin user to log in.
FIX: Create a user using 'openvasad -c 'add_user' -n <name> -r Admin'
# openvasad -c 'add_user' -n ovAdmin -r Admin
Enter password:
ad main:MESSAGE:465416:2011-04-26 09h22.41 PDT: No rules file provided, the new user will have no restrictions.
ad main:MESSAGE:465416:2011-04-26 09h22.41 PDT: User ovAdmin has been successfully created.
Now it seems to be "ok" except that it always complains that the GSA is not bound to anything other than the local interface, and says it fixes it, but it says this every time - how can I make that permanent?
Code: Select all
Step 7: Checking if OpenVAS services are up and running ...
OK: netstat found, extended checks of the OpenVAS services enabled.
OK: OpenVAS Scanner is running and listening on all interfaces.
OK: OpenVAS Scanner is listening on port 9391, which is the default port.
OK: OpenVAS Manager is running and listening on all interfaces.
OK: OpenVAS Manager is listening on port 9390, which is the default port.
OK: OpenVAS Administrator is running and listening on all interfaces.
OK: OpenVAS Administrator is listening on port 9393, which is the default port.
[b]WARNING: Greenbone Security Assistant is running and listening only on the local interface. This means that you will not be able to access the Greenbone Security Assistant from the outside using a web browser.
SUGGEST: Ensure that Greenbone Security Assistant listens on all interfaces.
OK: Greenbone Security Assistant is listening on port 9392, which is the default port.[/b]
It seems like your OpenVAS-4 installation is OK.
Code: Select all
# netstat -an | grep 939
tcp 0 0 0.0.0.0:9390 0.0.0.0:* LISTEN
tcp 0 0 0.0.0.0:9391 0.0.0.0:* LISTEN
tcp 0 0 127.0.0.1:9392 0.0.0.0:* LISTEN
tcp 0 0 0.0.0.0:9393 0.0.0.0:* LISTEN
-
- Atomicorp Staff - Site Admin
- Posts: 8355
- Joined: Wed Dec 31, 1969 8:00 pm
- Location: earth
- Contact:
Re: [atomic] Openvas 4.x Updates
The setup check script still needs some work as you see. I'd report that to upstream, since its not even part of the distribution yet. They could definitely use the feedback.
-
- Forum Regular
- Posts: 661
- Joined: Mon Oct 29, 2007 6:51 pm
Re: [atomic] Openvas 4.x Updates
how do I tell it to bind to the private IP on the box instead of 0.0.0.0/127.0.0.1 so I can access the gui from outside of the local machine?
-
- Atomicorp Staff - Site Admin
- Posts: 8355
- Joined: Wed Dec 31, 1969 8:00 pm
- Location: earth
- Contact:
Re: [atomic] Openvas 4.x Updates
it uses the same sysconfig system as other daemons, so you can modify scanner/administrator/gsad/manager from there respective /etc/sysconfig/ files. 0.0.0.0 should be all interfaces though, are there firewall rules blocking it?
-
- Forum Regular
- Posts: 661
- Joined: Mon Oct 29, 2007 6:51 pm
Re: [atomic] Openvas 4.x Updates
I dont think so but its possible. It may be an upstream firewall - I'll check.
Is there a way to initiate a scan from the command line and send the results via email instead of using the web gui?
Is there a way to initiate a scan from the command line and send the results via email instead of using the web gui?
-
- Atomicorp Staff - Site Admin
- Posts: 8355
- Joined: Wed Dec 31, 1969 8:00 pm
- Location: earth
- Contact:
Re: [atomic] Openvas 4.x Updates
I don't know about OMP, but you can create scheduled scans through GSA and create events (called "Escalators") around scans & scan targets. That event can be send an email, execute something, SNMP Trap, etc. So if you're trying to create a regularly scheduled test for your environment Id probably start with that.
Also you do not need to run GSA on the same system you scan from. Its basically just a client to openvas-manager. I run mine on my desktop, and then have it set to connect to remote scanners, which will let you view your reports while the scans are running, stop/start/pause, configure false positives & false negatives, etc.
Also you do not need to run GSA on the same system you scan from. Its basically just a client to openvas-manager. I run mine on my desktop, and then have it set to connect to remote scanners, which will let you view your reports while the scans are running, stop/start/pause, configure false positives & false negatives, etc.
Re: [atomic] Openvas 4.x Updates
Attn hostingguy or Scott
RE: can access the gui from outside of the local machine?
Did you ever get this working? I have installed Openvas on a Centos 5 64bit system and would also like to access it from outside, I have punched a hole in my firewall but nothing works using my server IP on port :9392 so just wondered if you ever got it going and could point me in the right direction as to what might need changing, everything my end so far is as per default installation.
Thanks.
RE: can access the gui from outside of the local machine?
Did you ever get this working? I have installed Openvas on a Centos 5 64bit system and would also like to access it from outside, I have punched a hole in my firewall but nothing works using my server IP on port :9392 so just wondered if you ever got it going and could point me in the right direction as to what might need changing, everything my end so far is as per default installation.
Thanks.
-
- Forum Regular
- Posts: 661
- Joined: Mon Oct 29, 2007 6:51 pm
Re: [atomic] Openvas 4.x Updates
I only spent another 5 minutes on this so far to confirm it wasnt a upstream firewall issue, but after that got sidetracked on other stuff and havent made it back to this yet unfortunately, so I dont think I will be much help in the short term.
-
- Atomicorp Staff - Site Admin
- Posts: 8355
- Joined: Wed Dec 31, 1969 8:00 pm
- Location: earth
- Contact:
Re: [atomic] Openvas 4.x Updates
I didnt have to do anything other than allow that port through the host firewall rules.
Re: [atomic] Openvas 4.x Updates
Hi,
I am having a similair problem with OpenVAS 4.* and gasd.
When I run the '/usr/local/sbin/openvas-check-setup' script I get:
ERROR: The number of NVTs in the OpenVAS Manager database is too low.
FIX: Make sure OpenVAS Scanner is running with an up-to-date NVT collection and run 'openvasmd --rebuild'.
ERROR: Your OpenVAS-4 installation is not yet complete!
I did the following to create the openvas-manager db:
touch /var/lib/openvas/mgr/tasks.db
openvasmd --backup
openvasmd --rebuild
service openvas-manager status
-l is stopped
service openvas-manager start
Starting openvas-manager:
[ OK ]
service openvas-manager status
-l is stopped
Then I check the database:
sqlite3 tasks.db "select count(*) from nvts;"
0
So it seems the NVT's are being uploaded in the database.
I can run the cron script fine and when I run openvas-nvt-sync --wget manually it gets all files.
user is created, new cert has been made.
Distro: CentOS 5.6 64 bit
What can be wrong with putting the NVT in the task.db file?
I am having a similair problem with OpenVAS 4.* and gasd.
When I run the '/usr/local/sbin/openvas-check-setup' script I get:
ERROR: The number of NVTs in the OpenVAS Manager database is too low.
FIX: Make sure OpenVAS Scanner is running with an up-to-date NVT collection and run 'openvasmd --rebuild'.
ERROR: Your OpenVAS-4 installation is not yet complete!
I did the following to create the openvas-manager db:
touch /var/lib/openvas/mgr/tasks.db
openvasmd --backup
openvasmd --rebuild
service openvas-manager status
-l is stopped
service openvas-manager start
Starting openvas-manager:
[ OK ]
service openvas-manager status
-l is stopped
Then I check the database:
sqlite3 tasks.db "select count(*) from nvts;"
0
So it seems the NVT's are being uploaded in the database.
I can run the cron script fine and when I run openvas-nvt-sync --wget manually it gets all files.
user is created, new cert has been made.
Distro: CentOS 5.6 64 bit
What can be wrong with putting the NVT in the task.db file?
-
- Atomicorp Staff - Site Admin
- Posts: 8355
- Joined: Wed Dec 31, 1969 8:00 pm
- Location: earth
- Contact:
Re: [atomic] Openvas 4.x Updates
Ok looks like that is a bug in openvas-manager, its not letting it create the tasks db. Go ahead and upgrade to 2.0.3-3, delete that tasks.db and try running rebuild again.
For new users, just skip all the above and use the documented method:
1. yum install openvas
2. openvas-nvt-sync-cron
3. openvas-adduser
For new users, just skip all the above and use the documented method:
1. yum install openvas
2. openvas-nvt-sync-cron
3. openvas-adduser