Discussion:
Odd Scan Config
Helmut Koers
2014-07-22 12:11:39 UTC
Permalink
Dear list,
I have two systems running OpenVAS 6. Today I recognized that one setting
within the scan configs is set the other way on each system:

Scan Config: Full and fast
Family: Port scanners
NVT: Ping Host
Preference: Mark unrechable Hosts as dead (not scanning)

set to "Yes" on one system and to "No" on the other one, but can not be
changed via the GUI by default. Where are these preferences stored and can
they be changed via another option?

Thank you
Eero Volotinen
2014-07-22 12:13:49 UTC
Permalink
Post by Helmut Koers
Dear list,
I have two systems running OpenVAS 6. Today I recognized that one setting
Scan Config: Full and fast
Family: Port scanners
NVT: Ping Host
Preference: Mark unrechable Hosts as dead (not scanning)
set to "Yes" on one system and to "No" on the other one, but can not be
changed via the GUI by default. Where are these preferences stored and can
they be changed via another option?
I think the default config cannot be changed, so just create clone of
config it and modify it?

--
Eero
Jan-Oliver Wagner
2014-07-22 12:37:27 UTC
Permalink
Post by Eero Volotinen
Post by Helmut Koers
Dear list,
I have two systems running OpenVAS 6. Today I recognized that one setting
Scan Config: Full and fast
Family: Port scanners
NVT: Ping Host
Preference: Mark unrechable Hosts as dead (not scanning)
set to "Yes" on one system and to "No" on the other one, but can not be
changed via the GUI by default. Where are these preferences stored and can
they be changed via another option?
I think the default config cannot be changed, so just create clone of
config it and modify it?
yes, Eero ist correct. Also you can not modify a scan config in use.
You could even clone the entire task and then set a different Scan Config.

However, one of your "Full and Fast" seem to be strange because it is static
and therefore must be the same. Are you sure for both it ist the system default
Full & Fast Scan Config?
--
Dr. Jan-Oliver Wagner | +49-541-335084-0 | http://www.greenbone.net/
Greenbone Networks GmbH, Neuer Graben 17, 49074 Osnabrück | AG Osnabrück, HR B 202460
Geschäftsführer: Lukas Grunwald, Dr. Jan-Oliver Wagner
Helmut Koers
2014-07-22 14:54:11 UTC
Permalink
22.07.2014----14:37:27"Openvas-discuss"
From: "Jan-Oliver Wagner" <Jan-Olive
***@greenbone.net>> To: openvas-discus
***@wald.intevation.org, >
Date: 22.07.2014 14:37> Subject: Re: [Openvas-d
iscuss] Odd Scan Config> Sent by: "Openvas-discuss" <openvas-discuss-bounc
Post by Eero Volotinen
Post by Helmut Koers
Dear list,
I have two systems running OpenVAS 6. Today I recognized that one setting
Scan Config: Full and fast
Family: Port scanners
NVT: Ping Host
Preference: Mark unrechable Hosts as dead (not scanning)
set to "Yes" on one system and to "No" on the other one, but can not be
changed via the GUI by default. Where are these preferences stored and can
they be changed via another option?
I think the default config cannot be changed, so just create clone of
config it and modify it?
yes, Eero ist correct. Also you can not modify a scan config in use.
You could even clone the entire task and then set a different Scan Config.
However, one of your "Full and Fast" seem to be strange because it is static
and therefore must be the same. Are you sure for both it ist the system default
Full & Fast Scan Config?
--
Dr. Jan-Oliver Wagner | +49-541-335084-0 | http://www.greenbone.net/
Greenbone Networks GmbH, Neuer Graben 17, 49074 Osnabrück | AG Osnabrück, HR B 202460
Geschäftsführer: Lukas Grunwald, Dr. Jan-Oliver Wagner
_______________________________________________
Openvas-discuss mailing list
https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss

I have been afraid to receive this kind of answers. As what I do remember
from previous installations, the standard setting should be "Yes" for the
mentioned preference; am I right. I am sure that I am running the default
Full and Fast scan configs, since I have just the 5 default scan configs
on that systems, which can not be changed or deleted.

Any advice to sort that issue out is very welcome. I tried copying the
content of /var/lib/openvas/ and subdirectories from the system which has
the preference set to "No" to a third fresh test system, ending up in
having all tasks, schedules, etc. on that test system, but the preference
changed from "Yes" to "No" as again.
Helmut Koers
2014-07-24 09:09:58 UTC
Permalink
22.07.2014----14:37:27"Openvas-discuss"
From: "Jan-Oliver Wagner" <Jan-Olive
***@greenbone.net>> To: openvas-discus
***@wald.intevation.org, >
Date: 22.07.2014 14:37> Subject: Re: [Openvas-d
iscuss] Odd Scan Config> Sent by: "Openvas-discuss" <openvas-discuss-bounc
Post by Eero Volotinen
Post by Helmut Koers
Dear list,
I have two systems running OpenVAS 6. Today I recognized that one setting
Scan Config: Full and fast
Family: Port scanners
NVT: Ping Host
Preference: Mark unrechable Hosts as dead (not scanning)
set to "Yes" on one system and to "No" on the other one, but can not be
changed via the GUI by default. Where are these preferences stored and can
they be changed via another option?
I think the default config cannot be changed, so just create clone of
config it and modify it?
yes, Eero ist correct. Also you can not modify a scan config in use.
You could even clone the entire task and then set a different Scan Config.
However, one of your "Full and Fast" seem to be strange because it is static
and therefore must be the same. Are you sure for both it ist the system default
Full & Fast Scan Config?
--
Dr. Jan-Oliver Wagner | +49-541-335084-0 | http://www.greenbone.net/
Greenbone Networks GmbH, Neuer Graben 17, 49074 Osnabrück | AG Osnabrück, HR B 202460
Geschäftsführer: Lukas Grunwald, Dr. Jan-Oliver Wagner
_______________________________________________
Openvas-discuss mailing list
https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss


I realized another scan config setting to be different, where these are
the same in all system default scan configs.

Family: Settings
NVT: Login configurations
Preference: NTLMSSP

Family: Port scanners
NVT: Ping Host
Preference: Mark unrechable Hosts as dead (not scanning)

Can anyone confirm the supposed default values of the two settings, so
that I know which of my systems should be the correct installed one?
Is there any way besides re-installing to correct the settings to the
supposed default values?

Thanks
Hani Benhabiles
2014-07-24 09:31:16 UTC
Permalink
Post by Helmut Koers
Is there any way besides re-installing to correct the settings to the
supposed default values?
Not the "correct" way, but given that you don't want to clone and
modify, you can do something quick like this:

$ sqlite3 /usr/var/lib/openvas/mgr/tasks.db # Or whatever the path to
the sqlite DB.

sqlite> UPDATE config_preferences SET value = 'yes' WHERE name LIKE
'Ping Host[checkbox]:Mark unrechable Hosts as dead (not scanning)' and
config = (SELECT id FROM configs WHERE uuid = "YOUR_CONFIG_UUID");

Better backup the DB before doing manual operations like this.

Regards,

Hani.

Loading...