Sec DevOps
2014-10-16 01:06:27 UTC
Hi
Has anyone been able to get Openvas7 running on Centos7? I had Openvas service running on a Centos 6.4 server and it was great until the last update, then it just stopped working. After trying to fix error after error for hours, I finally gave up, wiped out the server and spun up a brand new Centos server. I followed the instructions here: http://www.itzgeek.com/how-tos/linux/centos-how-tos/install-openvas-on-centos-7-rhel-7.html#axzz3GGUcGEJl and I think it's working? Has anyone seen this before? Is it expected?
[***@Neb ~]# /usr/bin/openvas-check-setup --v7
openvas-check-setup 2.2.1
Test completeness and readiness of OpenVAS-7
Please report us any non-detected problems and
help us to improve this check routine:
http://lists.wald.intevation.org/mailman/listinfo/openvas-discuss
Send us the log-file (/tmp/openvas-check-setup.log) to help analyze the problem.
Use the parameter --server to skip checks for client tools
like GSD and OpenVAS-CLI.
Step 1: Checking OpenVAS Scanner ...
OK: OpenVAS Scanner is present in version 4.0.3.
OK: OpenVAS Scanner CA Certificate is present as /var/lib/openvas/CA/cacert.pem.
OK: NVT collection in /var/lib/openvas/plugins contains 36710 NVTs.
OK: Signature checking of NVTs is enabled in OpenVAS Scanner.
Step 2: Checking OpenVAS Manager ...
OK: OpenVAS Manager is present in version 5.0.4.
OK: OpenVAS Manager client certificate is present as /var/lib/openvas/CA/clientcert.pem.
OK: OpenVAS Manager database found in /var/lib/openvas/mgr/tasks.db.
OK: Access rights for the OpenVAS Manager database are correct.
OK: OpenVAS SCAP database found in /var/lib/openvas/scap-data/scap.db.
OK: OpenVAS CERT database found in /var/lib/openvas/cert-data/cert.db.
OK: sqlite3 found, extended checks of the OpenVAS Manager installation enabled.
OK: OpenVAS Manager database is at revision 123.
OK: OpenVAS Manager expects database at revision 123.
OK: Database schema is up to date.
OK: OpenVAS Manager database contains information about 74911 NVTs.
OK: xsltproc found.
Step 3: Checking OpenVAS Administrator ...
ERROR: No OpenVAS Administrator (openvasad) found.
FIX: Please install OpenVAS Administrator.
ERROR: Your OpenVAS-7 installation is not yet complete!
Please follow the instructions marked with FIX above and run this
script again.
If you think this result is wrong, please report your observation
and help us to improve this check routine:
http://lists.wald.intevation.org/mailman/listinfo/openvas-discuss
Please attach the log-file (/tmp/openvas-check-setup.log) to help us analyze the problem.
[***@Neb ~]# ps -ef |grep openvas
root 391 1 5 20:39 ? 00:00:39 openvassd: Waiting for incoming connections
root 633 1 0 20:39 ? 00:00:01 openvasmd
root 3369 3291 0 20:51 pts/0 00:00:00 grep --color=auto openvas
[***@Neb ~]#
[***@Neb ~]# service openvas-manager status
openvas-manager.service - LSB: start|stop|status|restart|condrestart OpenVAS Manager
Loaded: loaded (/etc/rc.d/init.d/openvas-manager)
Active: active (running) since Wed 2014-10-15 20:39:04 EDT; 12min ago
Process: 613 ExecStart=/etc/rc.d/init.d/openvas-manager start (code=exited, status=0/SUCCESS)
CGroup: /system.slice/openvas-manager.service
└─633 openvasmd
Oct 15 20:39:04 Neb systemd[1]: Starting LSB: start|stop|status|restart|condrestart OpenVAS Manager...
Oct 15 20:39:04 Neb openvas-manager[613]: Starting openvas-manager:
Oct 15 20:39:04 Neb openvas-manager[613]: [ OK ]
Oct 15 20:39:04 Neb systemd[1]: Started LSB: start|stop|status|restart|condrestart OpenVAS Manager.
I can load the Greenbone security assistant and I can run a scan but I get 0 results back. The log shows
[***@Neb ~]# tail -f /var/log/openvas/openvasmd.log
lib serv:WARNING:2014-10-16 01h00.10 UTC:6711: Failed to gnutls_bye: Error in the push function.
event task:MESSAGE:2014-10-16 01h01.44 UTC:7046: Status of task Immediate scan of IP 104.132.106.235 (d6426fc8-472e-4691-92a7-3ac5461035d3) has changed to Running
lib serv: DEBUG:2014-10-16 01h01.44 utc:7050: Shook hands with peer.
lib serv: DEBUG:2014-10-16 01h01.44 utc:7050: Connected to server on socket 10.
lib serv: DEBUG:2014-10-16 01h01.44 utc:7050: Shook hands with peer.
lib serv: DEBUG:2014-10-16 01h01.44 utc:7052: Shook hands with peer.
lib serv: DEBUG:2014-10-16 01h01.44 utc:7052: Connected to server on socket 10.
lib serv: DEBUG:2014-10-16 01h01.44 utc:7052: Shook hands with peer.
md main: DEBUG:2014-10-16 01h01.44 UTC:7052: report_severity: max(severity)=10.0
md main: DEBUG:2014-10-16 01h01.44 UTC:7052: report_severity: max(severity)=7.5
md main: DEBUG:2014-10-16 01h01.44 UTC:7052: report_severity: max(severity)=7.5
md main: DEBUG:2014-10-16 01h01.44 UTC:7052: report_severity: max(severity)=5.8
md main: DEBUG:2014-10-16 01h01.44 UTC:7052: report_severity: max(severity)=0.0
md main: DEBUG:2014-10-16 01h01.44 UTC:7052: report_severity: max(severity)=0.0
md main: DEBUG:2014-10-16 01h01.44 UTC:7052: report_severity: could not get max from cache
md main: DEBUG:2014-10-16 01h01.44 UTC:7052: command: /bin/sh /usr/share/openvas/openvasmd/global_report_formats/a994b278-1f62-11e1-96ac-406186ea4fc5/generate /tmp/openvasmd_EXbtAz/report.xml > /tmp/openvasmd_EXbtAz/report.out 2> /dev/null
md main: DEBUG:2014-10-16 01h01.45 UTC:7052: command: /bin/sh /usr/share/openvas/openvasmd/global_report_formats/a994b278-1f62-11e1-96ac-406186ea4fc5/generate /tmp/openvasmd_U1Tsbl/report.xml > /tmp/openvasmd_U1Tsbl/report.out 2> /dev/null
md main: DEBUG:2014-10-16 01h01.45 UTC:7052: command: /bin/sh /usr/share/openvas/openvasmd/global_report_formats/a994b278-1f62-11e1-96ac-406186ea4fc5/generate /tmp/openvasmd_OMZQp7/report.xml > /tmp/openvasmd_OMZQp7/report.out 2> /dev/null
md main: DEBUG:2014-10-16 01h01.45 UTC:7052: command: /bin/sh /usr/share/openvas/openvasmd/global_report_formats/a994b278-1f62-11e1-96ac-406186ea4fc5/generate /tmp/openvasmd_Sm6FjU/report.xml > /tmp/openvasmd_Sm6FjU/report.out 2> /dev/null
md main: DEBUG:2014-10-16 01h01.45 UTC:7052: command: /bin/sh /usr/share/openvas/openvasmd/global_report_formats/a994b278-1f62-11e1-96ac-406186ea4fc5/generate /tmp/openvasmd_icdIMH/report.xml > /tmp/openvasmd_icdIMH/report.out 2> /dev/null
md main: DEBUG:2014-10-16 01h01.46 UTC:7052: command: /bin/sh /usr/share/openvas/openvasmd/global_report_formats/a994b278-1f62-11e1-96ac-406186ea4fc5/generate /tmp/openvasmd_qAO3Mv/report.xml > /tmp/openvasmd_qAO3Mv/report.out 2> /dev/null
md main: DEBUG:2014-10-16 01h01.46 UTC:7052: command: /bin/sh /usr/share/openvas/openvasmd/global_report_formats/a994b278-1f62-11e1-96ac-406186ea4fc5/generate /tmp/openvasmd_GymSlk/report.xml > /tmp/openvasmd_GymSlk/report.out 2> /dev/null
md main: DEBUG:2014-10-16 01h01.46 UTC:7052: report_severity: could not get max from cache
Any suggestions?
Thanks in advance
Has anyone been able to get Openvas7 running on Centos7? I had Openvas service running on a Centos 6.4 server and it was great until the last update, then it just stopped working. After trying to fix error after error for hours, I finally gave up, wiped out the server and spun up a brand new Centos server. I followed the instructions here: http://www.itzgeek.com/how-tos/linux/centos-how-tos/install-openvas-on-centos-7-rhel-7.html#axzz3GGUcGEJl and I think it's working? Has anyone seen this before? Is it expected?
[***@Neb ~]# /usr/bin/openvas-check-setup --v7
openvas-check-setup 2.2.1
Test completeness and readiness of OpenVAS-7
Please report us any non-detected problems and
help us to improve this check routine:
http://lists.wald.intevation.org/mailman/listinfo/openvas-discuss
Send us the log-file (/tmp/openvas-check-setup.log) to help analyze the problem.
Use the parameter --server to skip checks for client tools
like GSD and OpenVAS-CLI.
Step 1: Checking OpenVAS Scanner ...
OK: OpenVAS Scanner is present in version 4.0.3.
OK: OpenVAS Scanner CA Certificate is present as /var/lib/openvas/CA/cacert.pem.
OK: NVT collection in /var/lib/openvas/plugins contains 36710 NVTs.
OK: Signature checking of NVTs is enabled in OpenVAS Scanner.
Step 2: Checking OpenVAS Manager ...
OK: OpenVAS Manager is present in version 5.0.4.
OK: OpenVAS Manager client certificate is present as /var/lib/openvas/CA/clientcert.pem.
OK: OpenVAS Manager database found in /var/lib/openvas/mgr/tasks.db.
OK: Access rights for the OpenVAS Manager database are correct.
OK: OpenVAS SCAP database found in /var/lib/openvas/scap-data/scap.db.
OK: OpenVAS CERT database found in /var/lib/openvas/cert-data/cert.db.
OK: sqlite3 found, extended checks of the OpenVAS Manager installation enabled.
OK: OpenVAS Manager database is at revision 123.
OK: OpenVAS Manager expects database at revision 123.
OK: Database schema is up to date.
OK: OpenVAS Manager database contains information about 74911 NVTs.
OK: xsltproc found.
Step 3: Checking OpenVAS Administrator ...
ERROR: No OpenVAS Administrator (openvasad) found.
FIX: Please install OpenVAS Administrator.
ERROR: Your OpenVAS-7 installation is not yet complete!
Please follow the instructions marked with FIX above and run this
script again.
If you think this result is wrong, please report your observation
and help us to improve this check routine:
http://lists.wald.intevation.org/mailman/listinfo/openvas-discuss
Please attach the log-file (/tmp/openvas-check-setup.log) to help us analyze the problem.
[***@Neb ~]# ps -ef |grep openvas
root 391 1 5 20:39 ? 00:00:39 openvassd: Waiting for incoming connections
root 633 1 0 20:39 ? 00:00:01 openvasmd
root 3369 3291 0 20:51 pts/0 00:00:00 grep --color=auto openvas
[***@Neb ~]#
[***@Neb ~]# service openvas-manager status
openvas-manager.service - LSB: start|stop|status|restart|condrestart OpenVAS Manager
Loaded: loaded (/etc/rc.d/init.d/openvas-manager)
Active: active (running) since Wed 2014-10-15 20:39:04 EDT; 12min ago
Process: 613 ExecStart=/etc/rc.d/init.d/openvas-manager start (code=exited, status=0/SUCCESS)
CGroup: /system.slice/openvas-manager.service
└─633 openvasmd
Oct 15 20:39:04 Neb systemd[1]: Starting LSB: start|stop|status|restart|condrestart OpenVAS Manager...
Oct 15 20:39:04 Neb openvas-manager[613]: Starting openvas-manager:
Oct 15 20:39:04 Neb openvas-manager[613]: [ OK ]
Oct 15 20:39:04 Neb systemd[1]: Started LSB: start|stop|status|restart|condrestart OpenVAS Manager.
I can load the Greenbone security assistant and I can run a scan but I get 0 results back. The log shows
[***@Neb ~]# tail -f /var/log/openvas/openvasmd.log
lib serv:WARNING:2014-10-16 01h00.10 UTC:6711: Failed to gnutls_bye: Error in the push function.
event task:MESSAGE:2014-10-16 01h01.44 UTC:7046: Status of task Immediate scan of IP 104.132.106.235 (d6426fc8-472e-4691-92a7-3ac5461035d3) has changed to Running
lib serv: DEBUG:2014-10-16 01h01.44 utc:7050: Shook hands with peer.
lib serv: DEBUG:2014-10-16 01h01.44 utc:7050: Connected to server on socket 10.
lib serv: DEBUG:2014-10-16 01h01.44 utc:7050: Shook hands with peer.
lib serv: DEBUG:2014-10-16 01h01.44 utc:7052: Shook hands with peer.
lib serv: DEBUG:2014-10-16 01h01.44 utc:7052: Connected to server on socket 10.
lib serv: DEBUG:2014-10-16 01h01.44 utc:7052: Shook hands with peer.
md main: DEBUG:2014-10-16 01h01.44 UTC:7052: report_severity: max(severity)=10.0
md main: DEBUG:2014-10-16 01h01.44 UTC:7052: report_severity: max(severity)=7.5
md main: DEBUG:2014-10-16 01h01.44 UTC:7052: report_severity: max(severity)=7.5
md main: DEBUG:2014-10-16 01h01.44 UTC:7052: report_severity: max(severity)=5.8
md main: DEBUG:2014-10-16 01h01.44 UTC:7052: report_severity: max(severity)=0.0
md main: DEBUG:2014-10-16 01h01.44 UTC:7052: report_severity: max(severity)=0.0
md main: DEBUG:2014-10-16 01h01.44 UTC:7052: report_severity: could not get max from cache
md main: DEBUG:2014-10-16 01h01.44 UTC:7052: command: /bin/sh /usr/share/openvas/openvasmd/global_report_formats/a994b278-1f62-11e1-96ac-406186ea4fc5/generate /tmp/openvasmd_EXbtAz/report.xml > /tmp/openvasmd_EXbtAz/report.out 2> /dev/null
md main: DEBUG:2014-10-16 01h01.45 UTC:7052: command: /bin/sh /usr/share/openvas/openvasmd/global_report_formats/a994b278-1f62-11e1-96ac-406186ea4fc5/generate /tmp/openvasmd_U1Tsbl/report.xml > /tmp/openvasmd_U1Tsbl/report.out 2> /dev/null
md main: DEBUG:2014-10-16 01h01.45 UTC:7052: command: /bin/sh /usr/share/openvas/openvasmd/global_report_formats/a994b278-1f62-11e1-96ac-406186ea4fc5/generate /tmp/openvasmd_OMZQp7/report.xml > /tmp/openvasmd_OMZQp7/report.out 2> /dev/null
md main: DEBUG:2014-10-16 01h01.45 UTC:7052: command: /bin/sh /usr/share/openvas/openvasmd/global_report_formats/a994b278-1f62-11e1-96ac-406186ea4fc5/generate /tmp/openvasmd_Sm6FjU/report.xml > /tmp/openvasmd_Sm6FjU/report.out 2> /dev/null
md main: DEBUG:2014-10-16 01h01.45 UTC:7052: command: /bin/sh /usr/share/openvas/openvasmd/global_report_formats/a994b278-1f62-11e1-96ac-406186ea4fc5/generate /tmp/openvasmd_icdIMH/report.xml > /tmp/openvasmd_icdIMH/report.out 2> /dev/null
md main: DEBUG:2014-10-16 01h01.46 UTC:7052: command: /bin/sh /usr/share/openvas/openvasmd/global_report_formats/a994b278-1f62-11e1-96ac-406186ea4fc5/generate /tmp/openvasmd_qAO3Mv/report.xml > /tmp/openvasmd_qAO3Mv/report.out 2> /dev/null
md main: DEBUG:2014-10-16 01h01.46 UTC:7052: command: /bin/sh /usr/share/openvas/openvasmd/global_report_formats/a994b278-1f62-11e1-96ac-406186ea4fc5/generate /tmp/openvasmd_GymSlk/report.xml > /tmp/openvasmd_GymSlk/report.out 2> /dev/null
md main: DEBUG:2014-10-16 01h01.46 UTC:7052: report_severity: could not get max from cache
Any suggestions?
Thanks in advance