Re: [Openvas-discuss] Error in exporting result "preload" Missing in HSTS Header to CSV Results
Thanks for reporting. > 4)Modify the XSLT-script to substitute the " with "" in the NVT name Done in Manager trunk in r26845. Backported to Manager 7 in r26851 and Manager 6 in r26854. Should be in next Manager releases. -- Greenbone Networks GmbH Neuer Graben 17, 49074 Osnabrueck, Germany | AG Osnabrueck, HR B 202460 Executive Directors: Lukas Grunwald, Dr. Jan-Oliver Wagner ___ Openvas-discuss mailing list Openvas-discuss@wald.intevation.org https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss
Re: [Openvas-discuss] Overrides management questions
> I did some research and I tried sending the following xml command to omp to > create an override: > > >This is actually of little concern. >1.3.6.1.4.1.25623.1.0.103239 The NVT oid should be an attribute: See http://www.openvas.org/omp-6-0.html#command_create_override The example is wrong though, I'll update it. -- Greenbone Networks GmbH Neuer Graben 17, 49074 Osnabrueck, Germany | AG Osnabrueck, HR B 202460 Executive Directors: Lukas Grunwald, Dr. Jan-Oliver Wagner ___ Openvas-discuss mailing list Openvas-discuss@wald.intevation.org https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss
Re: [Openvas-discuss] Why OpenVAS does not resume scans properly?
It is supposed to happen. Any hosts that are complete will not be rescanned. In the past we had a separate pause feature where the actual scanner would pause its execution, but this was too complex and not much used so we took it out. -- Greenbone Networks GmbH Neuer Graben 17, 49074 Osnabrueck, Germany | AG Osnabrueck, HR B 202460 Executive Directors: Lukas Grunwald, Dr. Jan-Oliver Wagner ___ Openvas-discuss mailing list Openvas-discuss@wald.intevation.org https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss
Re: [Openvas-discuss] Managing many scanners instead of a master-slave
> Now we wonder, though, how the NVT/SCAP/CERT Feed updates are managed on each > scanner; in other words, when we click the "Synchronize with Feed now" > button, in the web interface, does the Manager remotely call a syncing action > with feed on *each scanner* defined in the Configuration/Scanners page? And > if so, how can we be sure each scanner has independently performed the sync > successfully? Another solution would be to launch a sync in a script as a > cron job on each scanner machine, but that would be useless if the > "Synchronize with Feed now" button does it all... The sync button results in Manager calling the openvas-nvt-sync script, which only syncs the Scanner that's running on the same machine as the Manager. -- Greenbone Networks GmbH Neuer Graben 17, 49074 Osnabrueck, Germany | AG Osnabrueck, HR B 202460 Executive Directors: Lukas Grunwald, Dr. Jan-Oliver Wagner ___ Openvas-discuss mailing list Openvas-discuss@wald.intevation.org https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss
Re: [Openvas-discuss] login problems
> Should either or both of > openvasmd --admin --new-password=xxx openvasmd --create-user user2 This should be two separate commands. One for --create-user and one for --new-password. But both should tell you if they succeeded or not. Check the logs, may have more info. -- Greenbone Networks GmbH Neuer Graben 17, 49074 Osnabrueck, Germany | AG Osnabrueck, HR B 202460 Executive Directors: Lukas Grunwald, Dr. Jan-Oliver Wagner ___ Openvas-discuss mailing list Openvas-discuss@wald.intevation.org https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss
Re: [Openvas-discuss] get_reports and filters/options to return all results
> Hi, I'm trying to get all the results for a specific report via omp using > the get reports options and I'm having issues getting more than 10 results > returned. I've included the commands I'm using and the result outcome being > returned below. > > 1) When I enter the command below I get just the 10 results returned back > for the specific report id > omp -X " report_filter='apply_overrides=1 notes=1 sort-reverse=severity' />" -h > localhost -p 9390 -u 'enter username here' -w 'enter password here' > > 2) When I enter the command below, I get all results for every report > that's in the system > omp --xml="" -h localhost -p > 9390 -u 'enter username here' -w 'enter password here' The "id='enter report id here'" should be "report_id='enter report id here'". > > 3) What I want is all results for the report id i specify and not the first > 10, and not all results from every report > > Any help would be greatly appreciated. Thanks -T > > #text/html [] ((charset . UTF-8)) > ___ > Openvas-discuss mailing list > Openvas-discuss@wald.intevation.org > https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss -- Greenbone Networks GmbH Neuer Graben 17, 49074 Osnabrueck, Germany | AG Osnabrueck, HR B 202460 Executive Directors: Lukas Grunwald, Dr. Jan-Oliver Wagner ___ Openvas-discuss mailing list Openvas-discuss@wald.intevation.org https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss
Re: [Openvas-discuss] Admin view all information of the user he creates
> Hi, is there a way to make the admin capable of viewing all the info > (targets, reports, etc.) of the user he has created, or of any user in > general? Thanks - T Yes. For the first case, create a "Super" permission. For the second case create a superadmin instead of an admin. -- Greenbone Networks GmbH Neuer Graben 17, 49074 Osnabrueck, Germany | AG Osnabrueck, HR B 202460 Executive Directors: Lukas Grunwald, Dr. Jan-Oliver Wagner ___ Openvas-discuss mailing list Openvas-discuss@wald.intevation.org https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss
Re: [Openvas-discuss] Assets Table - Exception Handling
> hi, > > When i go under the Assets -> Hosts on GSAD I see one of my assets with a > 5.0 severity (due to a single 5.0 vulnerability). If I create an exception > for that vulnerability and make it a 0.0 (false positive), it's not > reflected under the asset table (it still shows up as a 5.0 even if I > re-run the scan). Is this a bug with openvas or am I missing something? > Thanks -T Assets don't take the overrides into account. In trunk we've added a task preference that controls whether overrides are considered when adding reports to assets. -- Greenbone Networks GmbH Neuer Graben 17, 49074 Osnabrueck, Germany | AG Osnabrueck, HR B 202460 Executive Directors: Lukas Grunwald, Dr. Jan-Oliver Wagner ___ Openvas-discuss mailing list Openvas-discuss@wald.intevation.org https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss
Re: [Openvas-discuss] Admin Role (restrictions) & Privileges
> Hi all, when I create two users and assign them an Admin role, lets name > them admin1 and admin2 they can see each others username under > Administration -> Users (in GSA). What privileges can I set to avoid having > the admins see eachothers username? What if I create a new Role similar to > the Admin role, what privileges would I need to assign it to avoid the > above scenario? Any help would be greatly appreciated. Thanks, T If you create the two users while logged in as another admin, then they will not be able to see each other. They will be owned by the logged in admin. If you create using openvasmd --create-user then they will be global users so all the admins will have access to them. -- Greenbone Networks GmbH Neuer Graben 17, 49074 Osnabrueck, Germany | AG Osnabrueck, HR B 202460 Executive Directors: Lukas Grunwald, Dr. Jan-Oliver Wagner ___ Openvas-discuss mailing list Openvas-discuss@wald.intevation.org https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss
Re: [Openvas-discuss] Global Target localhost (undo)
That's not possible. It is defined as global. As a hack you could edit the Localhost target directly in the database and set the owner field to the ID of an existing owner. This may work without problems, but has not been tested. -- Greenbone Networks GmbH Neuer Graben 17, 49074 Osnabrueck, Germany | AG Osnabrueck, HR B 202460 Executive Directors: Lukas Grunwald, Dr. Jan-Oliver Wagner ___ Openvas-discuss mailing list Openvas-discuss@wald.intevation.org https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss
Re: [Openvas-discuss] get_overrides permission
> BTW: > If the User does not have the permission to get_tasks but get_reports and > tries to go to scan management -> reports, it fails because of the get_tasks. > But if i login the start page ist the Reports page with content!?!? Bug? Yes. Should work in r25152. Backported to GSA 6 in r25155, so should be in next stable GSA release. -- Greenbone Networks GmbH Neuer Graben 17, 49074 Osnabrueck, Germany | AG Osnabrueck, HR B 202460 Executive Directors: Lukas Grunwald, Dr. Jan-Oliver Wagner ___ Openvas-discuss mailing list Openvas-discuss@wald.intevation.org https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss
Re: [Openvas-discuss] get_overrides permission
> > This sounds like intended behaviour. Super given to role Tmp on group Test > > gives role Tmp access to everything of the members of group Test. So user2 > > gets access to all of user1, because user1 is in group Test. > > Ok, but it would be very nice, if the super permissions would be limited to > the permissions of that one Role and not to every Permission the User has. That sounds like a good idea, I've made a note, thanks. -- Greenbone Networks GmbH Neuer Graben 17, 49074 Osnabrueck, Germany | AG Osnabrueck, HR B 202460 Executive Directors: Lukas Grunwald, Dr. Jan-Oliver Wagner ___ Openvas-discuss mailing list Openvas-discuss@wald.intevation.org https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss
Re: [Openvas-discuss] get_overrides permission
> I have done: > - create group Test > - insert user1 in Test > - create Role Tmp > - add get_overrides permission > - add New Super Permission for Group Test > - create user2 with role Tmp AND Observer > - login as user2 and see everything from user1 with the Permissions of > Observer > - change the second Role of user2 to Guest and you see only the Overrides > > So it’s not the desired behavior? This sounds like intended behaviour. Super given to role Tmp on group Test gives role Tmp access to everything of the members of group Test. So user2 gets access to all of user1, because user1 is in group Test. Changing the role of user2 to Guest removes this access. Not sure why user2 sees the overrides when given Guest. Perhaps you shared them directly with user2. > If the Permissions of the one Role would only apply to the Super Permissions > of that role, I could accomplish my goal with two Roles. > > BTW: > If the User does not have the permission to get_tasks but get_reports and > tries to go to scan management -> reports, it fails because of the get_tasks. > But if i login the start page ist the Reports page with content!?!? Bug? I'll check, thanks. -- Greenbone Networks GmbH Neuer Graben 17, 49074 Osnabrueck, Germany | AG Osnabrueck, HR B 202460 Executive Directors: Lukas Grunwald, Dr. Jan-Oliver Wagner ___ Openvas-discuss mailing list Openvas-discuss@wald.intevation.org https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss
Re: [Openvas-discuss] get_overrides permission
> No i just can see, modify, start and stop the task with that method but i > can’t see the overrides for the task. And I can’t give the other user the > permission to see every Task and start/stop/modify them. The "Create Multiple Permissions" option does not share any overrides. You'll have to manually share the overrides. This way they will be applied when the other user views the task. Similarly for start/stop/modify permission, you'll have to create them separately. > I thought that i can create a Role with just get_overrides and add a group > (with user1 in it) as super permission. The Problem is, that the super > permission from the one role also applies to the permission of other roles. > Is that intended? Not sure what you mean here. A "Super" permission makes the user effectively the owner of the resource. So it's not usually helpful if you want to share in a limited way with another user/group/role. -- Greenbone Networks GmbH Neuer Graben 17, 49074 Osnabrueck, Germany | AG Osnabrueck, HR B 202460 Executive Directors: Lukas Grunwald, Dr. Jan-Oliver Wagner ___ Openvas-discuss mailing list Openvas-discuss@wald.intevation.org https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss
Re: [Openvas-discuss] tasks creation with OMP question
> I alrady did, otherwise I wouldn't seek the mailing list for help... > I looked at http://www.openvas.org/omp-6-0.html#command_create_task but I > still don't understand how I am suppose to achieve this. There's no NAME in PREFERENCES/PREFERENCE, just SCANNER_NAME. -- Greenbone Networks GmbH Neuer Graben 17, 49074 Osnabrueck, Germany | AG Osnabrueck, HR B 202460 Executive Directors: Lukas Grunwald, Dr. Jan-Oliver Wagner ___ Openvas-discuss mailing list Openvas-discuss@wald.intevation.org https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss
Re: [Openvas-discuss] Group Permissions Options
You can't make it "Global", but you can create a "Super" permission for the group. The Subject of the permission must be the group. The Resource ID must be the group's ID. The Resource Type must be "group". This makes any member of the group effectively the owner of the resources of any other member. > Hi everyone, > > How can I make users of the same group share their reports, schedules, > assets, etc? Is there something I can do on the permissions end to allow > it. I'd like it to be Global so any new group created inherits this setting > for its users. Thanks - T > > #text/html [] ((charset . UTF-8)) > ___ > Openvas-discuss mailing list > Openvas-discuss@wald.intevation.org > https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss -- Greenbone Networks GmbH Neuer Graben 17, 49074 Osnabrueck, Germany | AG Osnabrueck, HR B 202460 Executive Directors: Lukas Grunwald, Dr. Jan-Oliver Wagner ___ Openvas-discuss mailing list Openvas-discuss@wald.intevation.org https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss