store | blogs | forums | twitter | facebook | wiki | downloads | support portal
Atomic Secure Linux
It is currently Mon Nov 24, 2014 9:31 pm

» Feed - Atomicorp

All times are UTC - 5 hours [ DST ]




Post new topic Reply to topic  [ 82 posts ]  Go to page Previous  1, 2, 3, 4, 5, 6  Next
Author Message
 Post subject: Re: [atomic] Openvas 4.x Updates
Unread postPosted: Tue May 10, 2011 12:52 pm 
Offline
Atomicorp Staff - Site Admin
Atomicorp Staff - Site Admin

Joined: Wed Dec 31, 1969 8:00 pm
Posts: 7957
Location: earth
Right, its not something that can be built on el5


Top
 Profile  
 
 Post subject: Re: [atomic] Openvas 4.x Updates
Unread postPosted: Tue May 10, 2011 3:05 pm 
Offline
Forum User
Forum User

Joined: Thu Nov 12, 2009 9:01 am
Posts: 42
Allright, got some better results:

- sqlite is now actually giving me back some results:
[root@vps500 mgr]# sqlite3 tasks.db "select count(*) from nvts;"
21256
[root@vps500 m

-I can run a scan but do I have to create a slave or not? I created a slave and if I create a new scan, the scan name called test fails but the slave scan does work.

The results from the slave scan are a little bit broken, I got results like:

Name: 082ff479-f1cc-4935-a900-30bdba64c1eb
Comment: Slave task created by Master
Config: 082ff479-f1cc-4935-a900-30bdba64c1eb
Escalator:
Schedule: (Next due: over)
Target: 082ff479-f1cc-4935-a900-30bdba64c1eb
Slave:
Status:
Done
Reports: 1 (Finished: 1)

An no mathe what I click it will give an error.
On the server I saw the openvas scan run so it did do something but now I can not view the results :(

Almost there :)


Top
 Profile  
 
 Post subject: Re: [atomic] Openvas 4.x Updates
Unread postPosted: Tue May 10, 2011 3:11 pm 
Offline
Atomicorp Staff - Site Admin
Atomicorp Staff - Site Admin

Joined: Wed Dec 31, 1969 8:00 pm
Posts: 7957
Location: earth
if everything is running on the same system, then no you don't have to create a slave since it will assume localhost. If you're running GSAD or GSD on a different box, then yes you'd make the slave the other system(s) and associate those with a specific task.


Top
 Profile  
 
 Post subject: Re: [atomic] Openvas 4.x Updates
Unread postPosted: Tue May 10, 2011 3:55 pm 
Offline
Forum User
Forum User

Joined: Thu Nov 12, 2009 9:01 am
Posts: 42
Ok ,that makes sense. :)
I now created a new task and removed the slave, the task is scheduled but keeps on 'Requested' state.

The logfile shows:
ad admin:UNKNOWN:2011-05-10 20h39.48 CEST:6362: file /builddir/build/BUILD/openvas-administrator-1.1.1/src/admin.c: line 921 (openvas_get_sync_script_description): assertion failed: (*description)

==> /var/log/openvas/openvasmd.log <==
event auth:MESSAGE:2011-05-10 19h48.35 utc :10598: Authentication success for user admin (b2316fa2-1cac-4023-a26e-f8d10407e5e6)
event auth:MESSAGE:2011-05-10 19h48.50 utc :10601: Authentication success for user admin (b2316fa2-1cac-4023-a26e-f8d10407e5e6)
event task:MESSAGE:2011-05-10 19h48.50 utc :10601: Status of task (ace59c1c-29b4-4f9c-a17a-1cf0d32bc556) has changed to New
event task:MESSAGE:2011-05-10 19h48.57 utc :10601: Task ace59c1c-29b4-4f9c-a17a-1cf0d32bc556 has been created
event auth:MESSAGE:2011-05-10 19h50.01 utc :10676: Authentication success for user admin (b2316fa2-1cac-4023-a26e-f8d10407e5e6)
event auth:MESSAGE:2011-05-10 19h50.13 utc :10681: Authentication success for user admin (b2316fa2-1cac-4023-a26e-f8d10407e5e6)
event task:MESSAGE:2011-05-10 19h50.13 utc :10681: Status of task test2 (ace59c1c-29b4-4f9c-a17a-1cf0d32bc556) has changed to Requested
event task:MESSAGE:2011-05-10 19h50.23 utc :10681: Task ace59c1c-29b4-4f9c-a17a-1cf0d32bc556 has been requested to start
lib serv:WARNING:2011-05-10 19h50.23 utc :10681: Failed to gnutls_bye: Error in the push function.


==> /var/log/openvas/openvassd.log <==
[Tue May 10 16:30:50 2011][2129] received the TERM signal
[Tue May 10 16:48:41 2011][4551] openvassd 3.2.3 started
[Tue May 10 20:47:04 2011][6414] user om starts a new scan. Target(s) : www.info.nl, with max_hosts = 20 and max_checks = 4
[Tue May 10 20:47:04 2011][6414] user om : testing 80.79.193.95 (::ffff:80.79.193.95) [6554]
[Tue May 10 20:47:04 2011][6554] user om : new KB will be saved as /var/lib/openvas/users/om/kbs/80.79.193.95
[Tue May 10 20:53:10 2011][6554] Finished testing 80.79.193.95. Time : 365.75 secs
[Tue May 10 20:53:10 2011][6414] user om : test complete
[Tue May 10 20:53:10 2011][6414] Total time to scan all hosts : 367 seconds
[Tue May 10 20:53:10 2011][6414] user om : Kept alive connection
[Tue May 10 20:53:10 2011][6414] Communication closed by client



==> /var/log/openvas/openvasmd.log <==
event auth:MESSAGE:2011-05-10 19h52.36 utc :10704: Authentication success for user admin (b2316fa2-1cac-4023-a26e-f8d10407e5e6)
event auth:MESSAGE:2011-05-10 19h52.47 utc :10707: Authentication success for user admin (b2316fa2-1cac-4023-a26e-f8d10407e5e6)
event auth:MESSAGE:2011-05-10 19h52.59 utc :10710: Authentication success for user admin (b2316fa2-1cac-4023-a26e-f8d10407e5e6)
event auth:MESSAGE:2011-05-10 19h53.15 utc :10724: Authentication success for user admin (b2316fa2-1cac-4023-a26e-f8d10407e5e6)


Top
 Profile  
 
 Post subject: Re: [atomic] Openvas 4.x Updates
Unread postPosted: Tue May 10, 2011 3:59 pm 
Offline
Forum User
Forum User

Joined: Thu Nov 12, 2009 9:01 am
Posts: 42
Ah the scan is running, does it normally take 5 minutes or so to run directly?
Everything until now is running fine :)


Top
 Profile  
 
 Post subject: Re: [atomic] Openvas 4.x Updates
Unread postPosted: Tue May 10, 2011 5:05 pm 
Offline
Atomicorp Staff - Site Admin
Atomicorp Staff - Site Admin

Joined: Wed Dec 31, 1969 8:00 pm
Posts: 7957
Location: earth
Yeah it can take a while, Ive seen it take as long as 10 minutes to pick up a new task if the box is doing a lot of things.


Top
 Profile  
 
 Post subject: Re: [atomic] Openvas 4.x Updates
Unread postPosted: Tue May 10, 2011 5:08 pm 
Offline
Forum User
Forum User

Joined: Thu Nov 12, 2009 9:01 am
Posts: 42
Ok, now I am having problems viewing the report or download the XML report and see the report results.
The scan finishes just fine.


Top
 Profile  
 
 Post subject: Re: [atomic] Openvas 4.x Updates
Unread postPosted: Wed May 11, 2011 4:56 am 
Offline
Forum User
Forum User

Joined: Thu Nov 12, 2009 9:01 am
Posts: 42
The reason why I can not download the report is:

md main:WARNING:2011-05-11 08h54.42 utc :24624: manage_send_report: No such file or directory
But the scan runs normally, do I have to set the path where it should download the reports to or perhaps a temporary directory?


Top
 Profile  
 
 Post subject: Re: [atomic] Openvas 4.x Updates
Unread postPosted: Wed May 11, 2011 6:04 am 
Offline
Forum User
Forum User

Joined: Thu Nov 12, 2009 9:01 am
Posts: 42
Allright, found it is a known bug on CentOS/RedHat:
http://www.linux.hr/openvas/archive/ind ... 2011-04-21

I gave the nobody user /bin/sh (I am not assigning this user to any service), the reports now work.
Now I have the following problem: pdf download gives me a 0 byte downloaded file :/

PS other formats work fine :)


Top
 Profile  
 
 Post subject: Re: [atomic] Openvas 4.x Updates
Unread postPosted: Fri May 13, 2011 4:19 am 
Offline
Forum User
Forum User

Joined: Thu Nov 12, 2009 9:01 am
Posts: 42
Sorry for filling up this thread but I am having problems with saving a custom scan profile.
I ran a Nessus scan and an OpenVAS scan and I see I am missing things in OpenVAS with teh default fast and full scan.
Stuff like weak SSL Ciphers, so that is why I want to create a custom scan with SSL cipher checks and for OWASP/XSS/SQL injection checks with Nikto, Wapiti and such.
baiscally: check everyhting but DONT detroy the server :)
Does anyopne have such a scan template (XML) or can I choose a default one?

And another question: I run the NVT-SYNC-CROn script every night but do I also have to update the tasks.db file?
SQLite shows an increase in NVT's but the webinterface does not, do I have to run openvasmd -u or --rebuild every night?

I also am having problems with importing my custom XML scan format..it takes forever and I see nothing happening in the logfiles or qua load. :(


Top
 Profile  
 
 Post subject: Re: [atomic] Openvas 4.x Updates
Unread postPosted: Mon May 16, 2011 9:28 am 
Offline
Forum User
Forum User

Joined: Thu Nov 12, 2009 9:01 am
Posts: 42
Anyone? :)
I want to propose Openvas + GSA as a replacement for Nessus at my company but I want to show them a good OpenVAS scan.
With the default fast + full it shows not that many information and Nessus does, it shows the SSLv2 vulnerability problem and OpenVAS doesn't because it does not check for it with the default settings.


Top
 Profile  
 
 Post subject: Re: [atomic] Openvas 4.x Updates
Unread postPosted: Mon May 16, 2011 10:29 am 
Offline
Atomicorp Staff - Site Admin
Atomicorp Staff - Site Admin

Joined: Wed Dec 31, 1969 8:00 pm
Posts: 7957
Location: earth
I believe part of that might be due to nmap 5.51, which jan & co. are aware of. So there will be an update for that forthcoming.


Top
 Profile  
 
 Post subject: Re: [atomic] Openvas 4.x Updates
Unread postPosted: Mon May 16, 2011 10:35 am 
Offline
Forum User
Forum User

Joined: Thu Nov 12, 2009 9:01 am
Posts: 42
Hi Scott,

you mean nmap causes errors with SSLv2 checking or is nmap the reason I can not export and import and scan XML file?

Michiel


Top
 Profile  
 
 Post subject: Re: [atomic] Openvas 4.x Updates
Unread postPosted: Mon May 16, 2011 11:34 am 
Offline
Atomicorp Staff - Site Admin
Atomicorp Staff - Site Admin

Joined: Wed Dec 31, 1969 8:00 pm
Posts: 7957
Location: earth
well the nmap version is definitely affecting SSL checks. XML is a different issue.


Top
 Profile  
 
 Post subject: Re: [atomic] Openvas 4.x Updates
Unread postPosted: Mon May 16, 2011 11:48 am 
Offline
Forum User
Forum User

Joined: Thu Nov 12, 2009 9:01 am
Posts: 42
Ok, then I have to wait for the nmap fix. Do you know if I can create a scan without uding gsa? And do I only have to run the openvas-nvt-sync-cron or do I also need to update the tadk.db file?


Top
 Profile  
 
Display posts from previous:  Sort by  
Post new topic Reply to topic  [ 82 posts ]  Go to page Previous  1, 2, 3, 4, 5, 6  Next

» Feed - Atomicorp

All times are UTC - 5 hours [ DST ]


Who is online

Users browsing this forum: No registered users and 0 guests


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Search for:
Jump to:  
Powered by phpBB © 2000, 2002, 2005, 2007 phpBB Group