Re: [Openvas-discuss] [Openvas-plugins] Slave feeds sync
Hi, On 27.12.2016 17:14, kir.bl...@gmail.com wrote: > Hi all, > I use OpenVAS 9 master-slave configuration. > How I can sync feeds on slave from master via omp automaticaly? this question belongs to the openvas-discuss mailing list (openvas-plugins is a list for NVT authors) so CCing the correct ML. Regards, -- Christian Fischer | Greenbone Networks GmbH | http://greenbone.net Neuer Graben 17, 49074 Osnabrück, Germany | AG Osnabrück, HR B 202460 Geschäftsführer: Lukas Grunwald, Dr. Jan-Oliver Wagner ___ Openvas-discuss mailing list Openvas-discuss@wald.intevation.org https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss
[Openvas-discuss] OpenVAS-9 stopping running scan
Hi all. I have openvas9 installed and when I try to stop a scan it remains in the "Stop Requested" state. Is this a bug, or am I doing something wrong. The scan goes into the run state and all I do is click the Stop button on GSAD. Thanks, TN ___ Openvas-discuss mailing list Openvas-discuss@wald.intevation.org https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss
Re: [Openvas-discuss] [openvas-9] "Login failed. Waiting for OMP service to become available."
Hi, On 28.12.2016 13:37, Ralf Hildebrandt wrote: >> root 1673 0.2 0.4 627192 17144 ?Sl 12:52 0:01 >> /usr/sbin/gsad --do-chroot >> --ssl-private-key=/var/lib/openvas/private/CA/serverkey.pem.new >> --ssl-certificate=/var/lib/openvas/CA/servercert.pem.new --no-redirect >> --port=443 > > --do-chroot was the culprit here. It *used* to work in the last > version, it doesn't work now. Once I removed it, I could authenticate > again. might be possible that GSA can't connect to the socket of the manager (introduced in OpenVAS9 ) due to the dropped privileges / the chroot. Checking the access permissions / availability of the openvasmd.sock might help here. Regards, -- Christian Fischer | Greenbone Networks GmbH | http://greenbone.net Neuer Graben 17, 49074 Osnabrück, Germany | AG Osnabrück, HR B 202460 Geschäftsführer: Lukas Grunwald, Dr. Jan-Oliver Wagner ___ Openvas-discuss mailing list Openvas-discuss@wald.intevation.org https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss
Re: [Openvas-discuss] Reg Apache Vulnerabilties
Hi, On 28.12.2016 14:04, Sai Ravi wrote: > To just let you know that this was already fixed in some of the previous > feeds and the same is popping up again in the recent feeds. there is no fix from feed side possible for a linux system providing a banner from a windows system. Regards, -- Christian Fischer | Greenbone Networks GmbH | http://greenbone.net Neuer Graben 17, 49074 Osnabrück, Germany | AG Osnabrück, HR B 202460 Geschäftsführer: Lukas Grunwald, Dr. Jan-Oliver Wagner ___ Openvas-discuss mailing list Openvas-discuss@wald.intevation.org https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss
[Openvas-discuss] [v9] lots of swap used, memory leak in gsad?
Prio to my recent update of openvas-9 I checked my machine (159 days of uptime, with weekly schedules scans in openvas) and found all swap being used. Naturally, I wanted to find out which programs used most swap and found: PID=100791 swapped 17527 KB (openvassd) PID=5546 swapped 24600 KB (redis-server) PID=4990 swapped 65000 KB (vmtoolsd) PID=66579 swapped 85799 KB (openvasmd) PID=66363 swapped 86211 KB (openvasmd) PID=100816 swapped 87612 KB (openvasmd) PID=69131 swapped 3908328 KB (gsad) Is gsad maybe leaking memory? -- Ralf Hildebrandt Charite Universitätsmedizin Berlin ralf.hildebra...@charite.deCampus Benjamin Franklin http://www.charite.de Hindenburgdamm 30, 12203 Berlin Geschäftsbereich IT, Abt. Netzwerk fon: +49-30-450.570.155 ___ Openvas-discuss mailing list Openvas-discuss@wald.intevation.org https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss
Re: [Openvas-discuss] Reg Apache Vulnerabilties
To just let you know that this was already fixed in some of the previous feeds and the same is popping up again in the recent feeds. On Wednesday, 28 December 2016 6:12 PM, Christian Fischerwrote: Hi, On 28.12.2016 12:33, Sai Ravi wrote: > Chris > If you see my previous email i would have already stated that > the server is hosted on linux and not on a windows platform. well the posted banner is showing the opposite and we just can work with the info provided by such banners. Its up to you to research why this scanned system is providing that banner. Regards, -- Christian Fischer | Greenbone Networks GmbH | http://greenbone.net Neuer Graben 17, 49074 Osnabrück, Germany | AG Osnabrück, HR B 202460 Geschäftsführer: Lukas Grunwald, Dr. Jan-Oliver Wagner ___ Openvas-discuss mailing list Openvas-discuss@wald.intevation.org https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss ___ Openvas-discuss mailing list Openvas-discuss@wald.intevation.org https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss
Re: [Openvas-discuss] Reg Apache Vulnerabilties
Hi, On 28.12.2016 12:33, Sai Ravi wrote: > Chris >If you see my previous email i would have already stated that > the server is hosted on linux and not on a windows platform. well the posted banner is showing the opposite and we just can work with the info provided by such banners. Its up to you to research why this scanned system is providing that banner. Regards, -- Christian Fischer | Greenbone Networks GmbH | http://greenbone.net Neuer Graben 17, 49074 Osnabrück, Germany | AG Osnabrück, HR B 202460 Geschäftsführer: Lukas Grunwald, Dr. Jan-Oliver Wagner ___ Openvas-discuss mailing list Openvas-discuss@wald.intevation.org https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss
Re: [Openvas-discuss] [openvas-9] "Login failed. Waiting for OMP service to become available."
> root 1673 0.2 0.4 627192 17144 ?Sl 12:52 0:01 > /usr/sbin/gsad --do-chroot > --ssl-private-key=/var/lib/openvas/private/CA/serverkey.pem.new > --ssl-certificate=/var/lib/openvas/CA/servercert.pem.new --no-redirect > --port=443 --do-chroot was the culprit here. It *used* to work in the last version, it doesn't work now. Once I removed it, I could authenticate again. -- Ralf Hildebrandt Charite Universitätsmedizin Berlin ralf.hildebra...@charite.deCampus Benjamin Franklin http://www.charite.de Hindenburgdamm 30, 12203 Berlin Geschäftsbereich IT, Abt. Netzwerk fon: +49-30-450.570.155 ___ Openvas-discuss mailing list Openvas-discuss@wald.intevation.org https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss
[Openvas-discuss] [openvas-9] "Login failed. Waiting for OMP service to become available."
After upgrading my openvas-9 installation using the mrazavi packages, I was encountering quite a few issues. I had to use: % openvasmd --migrate Then I updated all the feeds, just to be on the safe side. Then "openvassd" would not start. I traced it down to some issue with the data fetched from the redis server (it would issue a query, get some data, sleep for 60s, and start the whole thing again), so I issued a: % redis-cli flushall after which openvassd would start again. Yay. Currently I have these processes running: root 1673 0.2 0.4 627192 17144 ?Sl 12:52 0:01 /usr/sbin/gsad --do-chroot --ssl-private-key=/var/lib/openvas/private/CA/serverkey.pem.new --ssl-certificate=/var/lib/openvas/CA/servercert.pem.new --no-redirect --port=443 root 1675 0.4 2.0 269340 83836 ?SL 12:52 0:02 openvasmd root 2867 4.8 0.2 141820 11988 ?Ss 12:53 0:21 openvassd: Waiting for incoming connections and % openvas-check-setup --v9 reports: openvas-check-setup 2.3.7 Test completeness and readiness of OpenVAS-9 Please report us any non-detected problems and help us to improve this check routine: http://lists.wald.intevation.org/mailman/listinfo/openvas-discuss Send us the log-file (/tmp/openvas-check-setup.log) to help analyze the problem. Use the parameter --server to skip checks for client tools like GSD and OpenVAS-CLI. Step 1: Checking OpenVAS Scanner ... OK: OpenVAS Scanner is present in version 5.1.0. OK: redis-server is present in version v=3.0.6. OK: scanner (kb_location setting) is configured properly using the redis-server socket: /var/run/redis/redis.sock OK: redis-server is running and listening on socket: /var/run/redis/redis.sock. OK: redis-server configuration is OK and redis-server is running. OK: NVT collection in /var/lib/openvas/plugins contains 51201 NVTs. WARNING: Signature checking of NVTs is not enabled in OpenVAS Scanner. SUGGEST: Enable signature checking (see http://www.openvas.org/trusted-nvts.html). OK: The NVT cache in /var/cache/openvas contains 51216 files for 51201 NVTs. Step 2: Checking OpenVAS Manager ... OK: OpenVAS Manager is present in version 7.0.0. OK: OpenVAS Manager database found in /var/lib/openvas/mgr/tasks.db. OK: Access rights for the OpenVAS Manager database are correct. OK: sqlite3 found, extended checks of the OpenVAS Manager installation enabled. OK: OpenVAS Manager database is at revision 184. OK: OpenVAS Manager expects database at revision 184. OK: Database schema is up to date. OK: OpenVAS Manager database contains information about 51201 NVTs. OK: At least one user exists. OK: OpenVAS SCAP database found in /var/lib/openvas/scap-data/scap.db. OK: OpenVAS CERT database found in /var/lib/openvas/cert-data/cert.db. OK: xsltproc found. Step 3: Checking user configuration ... WARNING: Your password policy is empty. SUGGEST: Edit the /etc/openvas/pwpolicy.conf file to set a password policy. Step 4: Checking Greenbone Security Assistant (GSA) ... OK: Greenbone Security Assistant is present in version 7.0.0. OK: Your OpenVAS certificate infrastructure passed validation. Step 5: Checking OpenVAS CLI ... OK: OpenVAS CLI version 1.4.5. Step 6: Checking Greenbone Security Desktop (GSD) ... SKIP: Skipping check for Greenbone Security Desktop. Step 7: Checking if OpenVAS services are up and running ... OK: netstat found, extended checks of the OpenVAS services enabled. OK: OpenVAS Scanner is running and listening on a Unix domain socket. OK: OpenVAS Manager is running and listening on a Unix domain socket. OK: Greenbone Security Assistant is running and listening on all interfaces. OK: Greenbone Security Assistant is listening on port 443, which is the default port. Step 8: Checking nmap installation ... WARNING: Your version of nmap is not fully supported: 7.01 SUGGEST: You should install nmap 5.51 if you plan to use the nmap NSE NVTs. Step 10: Checking presence of optional tools ... OK: pdflatex found. OK: PDF generation successful. The PDF report format is likely to work. OK: ssh-keygen found, LSC credential generation for GNU/Linux targets is likely to work. OK: rpm found, LSC credential package generation for RPM based targets is likely to work. OK: alien found, LSC credential package generation for DEB based targets is likely to work. OK: nsis found, LSC credential package generation for Microsoft Windows targets is likely to work. It seems like your OpenVAS-9 installation is OK. Yet, I cannot login -- I'm getting the message "Login failed. Waiting for OMP service to become available." gsad is logging: gsad main:MESSAGE:2016-12-28 11h52.44 utc:1380:
Re: [Openvas-discuss] Reg Apache Vulnerabilties
Chris If you see my previous email i would have already stated that the server is hosted on linux and not on a windows platform. On Wednesday, 28 December 2016 4:46 PM, Christian Fischerwrote: Hi, On 28.12.2016 12:01, Sai Ravi wrote: > Fr your perusal. > Inline image so this scanned system is running a Microsoft-IIS 8.0 and so the OS of that system is detected as Windows. Regards, -- Christian Fischer | Greenbone Networks GmbH | http://greenbone.net Neuer Graben 17, 49074 Osnabrück, Germany | AG Osnabrück, HR B 202460 Geschäftsführer: Lukas Grunwald, Dr. Jan-Oliver Wagner ___ Openvas-discuss mailing list Openvas-discuss@wald.intevation.org https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss ___ Openvas-discuss mailing list Openvas-discuss@wald.intevation.org https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss
Re: [Openvas-discuss] Reg Apache Vulnerabilties
Hi, On 28.12.2016 12:01, Sai Ravi wrote: > Fr your perusal. > Inline image so this scanned system is running a Microsoft-IIS 8.0 and so the OS of that system is detected as Windows. Regards, -- Christian Fischer | Greenbone Networks GmbH | http://greenbone.net Neuer Graben 17, 49074 Osnabrück, Germany | AG Osnabrück, HR B 202460 Geschäftsführer: Lukas Grunwald, Dr. Jan-Oliver Wagner ___ Openvas-discuss mailing list Openvas-discuss@wald.intevation.org https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss
Re: [Openvas-discuss] Reg Apache Vulnerabilties
Fr your perusal. On Wednesday, 28 December 2016 4:02 PM, Christian Fischerwrote: Hi, On 28.12.2016 10:24, Sai Ravi wrote: > Still getting the same error even after updating the latest feed. please share the result of "HTTP OS Identification (OID: 1.3.6.1.4.1.25623.1.0.111067)" as asked before. Regards, -- Christian Fischer | Greenbone Networks GmbH | http://greenbone.net Neuer Graben 17, 49074 Osnabrück, Germany | AG Osnabrück, HR B 202460 Geschäftsführer: Lukas Grunwald, Dr. Jan-Oliver Wagner ___ Openvas-discuss mailing list Openvas-discuss@wald.intevation.org https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss ___ Openvas-discuss mailing list Openvas-discuss@wald.intevation.org https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss
Re: [Openvas-discuss] Reg Apache Vulnerabilties
Hi, On 28.12.2016 10:24, Sai Ravi wrote: > Still getting the same error even after updating the latest feed. please share the result of "HTTP OS Identification (OID: 1.3.6.1.4.1.25623.1.0.111067)" as asked before. Regards, -- Christian Fischer | Greenbone Networks GmbH | http://greenbone.net Neuer Graben 17, 49074 Osnabrück, Germany | AG Osnabrück, HR B 202460 Geschäftsführer: Lukas Grunwald, Dr. Jan-Oliver Wagner ___ Openvas-discuss mailing list Openvas-discuss@wald.intevation.org https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss
Re: [Openvas-discuss] Weak Signature Algorithm Vulnerability
Hi, On 28.12.2016 07:01, Sai Ravi wrote: > Hi Mich >Thanks for the information.We tried creating the > certificates using the link provided.But still we were not able to do it > successfully.Also if we try to create self signed certificates in IIS we > are not use able to SHA256 as SHA1 seem to default hashing algorithm. > > NOTE : Also tried using latest version of IIS. > > Any suggestions are much appreciated. i think giving setup / administration support for your webserver is out of the scope of this mailing list. Regards, -- Christian Fischer | Greenbone Networks GmbH | http://greenbone.net Neuer Graben 17, 49074 Osnabrück, Germany | AG Osnabrück, HR B 202460 Geschäftsführer: Lukas Grunwald, Dr. Jan-Oliver Wagner ___ Openvas-discuss mailing list Openvas-discuss@wald.intevation.org https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss
Re: [Openvas-discuss] Reg Apache Vulnerabilties
Still getting the same error even after updating the latest feed. On Friday, 16 December 2016 4:21 PM, Christian Fischerwrote: Hi, On 16.12.2016 11:38, Sai Ravi wrote: > Hi Can you please share the NVT ID as i could not see any HTTP OS > Detection. the OID is 1.3.6.1.4.1.25623.1.0.111067. But as you're running a feed which is at least 2 month old you won't get an entry for this NVT. Please update to a current feed and re-run the scan. Regards, -- Christian Fischer | PGP Key: 0x54F3CE5B76C597AD Greenbone Networks GmbH | http://greenbone.net Neuer Graben 17, 49074 Osnabrück, Germany | AG Osnabrück, HR B 202460 Geschäftsführer: Lukas Grunwald, Dr. Jan-Oliver Wagner ___ Openvas-discuss mailing list Openvas-discuss@wald.intevation.org https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss