[Openvas-discuss] CVE tests not running

Discussion:

Reinis Nartiss

2017-07-11 08:30:04 UTC

Hallo, comunity!

We have set up OpenVAS to CentOS 7, changed nmap to 5.51 and
# openvas-check-setup --v9

finishes with: It seems like your OpenVAS-9 installation is OK with some .
Log file (/tmp/openvas-check-setup.log) is attached.

The problem is with running CVE tests, they all finishes with:
---------------------------
The report is empty. This can happen for the following reasons:

The target hosts could be regarded dead.
You could change the Alive Test method of the target. However, if the
targets are indeed dead, the scan duration might increase significantly.
(Click here to edit the target)
----------------------------
Alive test is "Consider alive"

Ping is going with no problems and "OpenVAS Default" scan also works on
same machines.

Please advice where to look for problem!

Thank You,
Reinis Nartiss

TMC

2017-07-11 08:39:23 UTC

Permalink

Hi there

did you run openvas feed update?

Post by Reinis Nartiss
Hallo, comunity!
We have set up OpenVAS to CentOS 7, changed nmap to 5.51 and
# openvas-check-setup --v9
finishes with: It seems like your OpenVAS-9 installation is OK with some .
Log file (/tmp/openvas-check-setup.log) is attached.
---------------------------
The target hosts could be regarded dead.
You could change the Alive Test method of the target. However, if the
targets are indeed dead, the scan duration might increase significantly.
(Click here to edit the target)
----------------------------
Alive test is "Consider alive"
Ping is going with no problems and "OpenVAS Default" scan also works on
same machines.
Please advice where to look for problem!
Thank You,
Reinis Nartiss
_______________________________________________
Openvas-discuss mailing list
https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss

--
--
GPG key fingerprint: 07DF B95B DB58 57B6 9656 682E 830A D092 288E F017
GPG public key available on pgp(dot)net key server

Reinis Nartiss

2017-07-11 10:20:25 UTC

Permalink

Hi, thnx for reply!

Run this:openvasmd --rebuild --progress --verbose
Rebuilding NVT cache... done.

did also: openvasmd --update && openvasmd --rebuild
service openvas-scanner restart

-----------------------
ps aux | grep openvas
root 1120 0.1 4.2 373608 86384 ? SL Jul10 1:29 openvasmd
root 1269 0.0 0.4 184584 8480 ? Ss Jul10 0:16
openvassd: Waiting for incoming connections
root 2365 0.0 4.1 370488 84580 ? S Jul10 0:02 openvasmd
root 10040 0.3 0.4 184584 8528 ? Ss 11:50 0:13
openvassd: Waiting for incoming connections
root 10046 0.2 0.4 184584 8536 ? Ss 11:50 0:10
openvassd: Waiting for incoming connections
root 10375 5.3 0.4 184588 8492 ? Ss 13:03 0:09
openvassd: Waiting for incoming connections
root 10386 0.0 0.0 114692 968 pts/0 S+ 13:07 0:00 grep
--color=auto openvas
------------------------

in:
---------------------
tail /var/log/openvas/openvasmd.log
md main:MESSAGE:2017-07-11 09h23.29 utc:10315: OpenVAS Manager
version 7.0.1 (DB revision 184)
md main: INFO:2017-07-11 09h23.29 utc:10315:
rebuild_nvt_cache_retry: Reloading NVT cache
md main: INFO:2017-07-11 09h23.29 utc:10316:
update_or_rebuild_nvt_cache: Rebuilding NVT cache
base gpgme:MESSAGE:2017-07-11 09h23.29 utc:10316: Setting GnuPG dir to
'/var/lib/openvas/openvasmd/gnupg'
base gpgme:MESSAGE:2017-07-11 09h23.29 utc:10316: Using OpenPGP engine
version '2.0.22'
md main: INFO:2017-07-11 09h23.30 utc:10316: Updating NVT cache.
----------------------------
Process finishes, but not sure if update is done

On the other hand regarding DB it looks quite full:
[***@openvas ~]# ls -lah /var/lib/openvas/mgr/tasks.db
104M Jul 11 12:23 /var/lib/openvas/mgr/tasks.db

Only thing I haven't done is
WARNING: Signature checking of NVTs is not enabled in OpenVAS
Scanner.
SUGGEST: Enable signature checking (see
http://www.openvas.org/trusted-nvts.html).
But not sure if it is Obligatory, as " openvas-check-setup --v9" says it
is OK.

Best regards,
Reinis

Post by TMC
Hi there
did you run openvas feed update?
Hallo, comunity!
We have set up OpenVAS to CentOS 7, changed nmap to 5.51 and
# openvas-check-setup --v9
finishes with: It seems like your OpenVAS-9 installation is OK with some .
Log file (/tmp/openvas-check-setup.log) is attached.
---------------------------
The target hosts could be regarded dead.
You could change the Alive Test method of the target. However, if
the targets are indeed dead, the scan duration might increase
significantly. (Click here to edit the target)
----------------------------
Alive test is "Consider alive"
Ping is going with no problems and "OpenVAS Default" scan also
works on same machines.
Please advice where to look for problem!
Thank You,
Reinis Nartiss
_______________________________________________
Openvas-discuss mailing list
https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss
<https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss>
--
--
GPG key fingerprint: 07DF B95B DB58 57B6 9656 682E 830A D092 288E F017
GPG public key available on pgp(dot)net key server

TMC

2017-07-11 11:15:51 UTC

Permalink

try running openvas-feed-update and then openvasmd --rebuild --progress
--verbose

THis should re download and re-index all the NVT's/CVEs

Post by Reinis Nartiss
Hi, thnx for reply!
Run this: openvasmd --rebuild --progress --verbose
Rebuilding NVT cache... done.
did also: openvasmd --update && openvasmd --rebuild
service openvas-scanner restart
-----------------------
ps aux | grep openvas
root 1120 0.1 4.2 373608 86384 ? SL Jul10 1:29 openvasmd
root 1269 0.0 0.4 184584 8480 ? Ss Jul10 0:16
openvassd: Waiting for incoming connections
root 2365 0.0 4.1 370488 84580 ? S Jul10 0:02 openvasmd
root 10040 0.3 0.4 184584 8528 ? Ss 11:50 0:13
openvassd: Waiting for incoming connections
root 10046 0.2 0.4 184584 8536 ? Ss 11:50 0:10
openvassd: Waiting for incoming connections
root 10375 5.3 0.4 184588 8492 ? Ss 13:03 0:09
openvassd: Waiting for incoming connections
root 10386 0.0 0.0 114692 968 pts/0 S+ 13:07 0:00 grep
--color=auto openvas
------------------------
---------------------
tail /var/log/openvas/openvasmd.log
md main:MESSAGE:2017-07-11 09h23.29 utc:10315: OpenVAS Manager
version 7.0.1 (DB revision 184)
Reloading NVT cache
update_or_rebuild_nvt_cache: Rebuilding NVT cache
base gpgme:MESSAGE:2017-07-11 09h23.29 utc:10316: Setting GnuPG dir to
'/var/lib/openvas/openvasmd/gnupg'
base gpgme:MESSAGE:2017-07-11 09h23.29 utc:10316: Using OpenPGP engine
version '2.0.22'
md main: INFO:2017-07-11 09h23.30 utc:10316: Updating NVT cache.
----------------------------
Process finishes, but not sure if update is done
104M Jul 11 12:23 /var/lib/openvas/mgr/tasks.db
Only thing I haven't done is
WARNING: Signature checking of NVTs is not enabled in OpenVAS
Scanner.
SUGGEST: Enable signature checking (see http://www.openvas.org/
trusted-nvts.html).
But not sure if it is Obligatory, as " openvas-check-setup --v9" says it
is OK.
Best regards,
Reinis
Hi there
did you run openvas feed update?

--
--
GPG key fingerprint: 07DF B95B DB58 57B6 9656 682E 830A D092 288E F017
GPG public key available on pgp(dot)net key server

Reinis Nartiss

2017-07-11 11:34:38 UTC

Permalink

Did all that, but nothing changed.

I can run the Task, it completes momentously.
When I enter report it says:
-----------------------------
Report: Results
(0 of 0)
The report is empty. This can happen for the following reasons:

The target hosts could be regarded dead.
------------------------------

But host is alive and I can run other tasks except CVE test on it...

Also my CVEs database has CVEs (91610 of 91610)

So sync with CVE database should be fine...

Br,
Reinis

Post by TMC
try running openvas-feed-update and then openvasmd --rebuild
--progress --verbose
THis should re download and re-index all the NVT's/CVEs
Hi, thnx for reply!
Run this:openvasmd --rebuild --progress --verbose
Rebuilding NVT cache... done.
did also: openvasmd --update && openvasmd --rebuild
service openvas-scanner restart
-----------------------
ps aux | grep openvas
root 1120 0.1 4.2 373608 86384 ? SL Jul10 1:29
openvasmd
root 1269 0.0 0.4 184584 8480 ? Ss Jul10 0:16
openvassd: Waiting for incoming connections
root 2365 0.0 4.1 370488 84580 ? S Jul10 0:02
openvasmd
root 10040 0.3 0.4 184584 8528 ? Ss 11:50 0:13
openvassd: Waiting for incoming connections
root 10046 0.2 0.4 184584 8536 ? Ss 11:50 0:10
openvassd: Waiting for incoming connections
root 10375 5.3 0.4 184588 8492 ? Ss 13:03 0:09
openvassd: Waiting for incoming connections
root 10386 0.0 0.0 114692 968 pts/0 S+ 13:07 0:00
grep --color=auto openvas
------------------------
---------------------
tail /var/log/openvas/openvasmd.log
md main:MESSAGE:2017-07-11 09h23.29 utc:10315: OpenVAS
Manager version 7.0.1 (DB revision 184)
rebuild_nvt_cache_retry: Reloading NVT cache
update_or_rebuild_nvt_cache: Rebuilding NVT cache
base gpgme:MESSAGE:2017-07-11 09h23.29 utc:10316: Setting GnuPG
dir to '/var/lib/openvas/openvasmd/gnupg'
base gpgme:MESSAGE:2017-07-11 09h23.29 utc:10316: Using OpenPGP
engine version '2.0.22'
md main: INFO:2017-07-11 09h23.30 utc:10316: Updating NVT cache.
----------------------------
Process finishes, but not sure if update is done
104M Jul 11 12:23 /var/lib/openvas/mgr/tasks.db
Only thing I haven't done is
WARNING: Signature checking of NVTs is not enabled in
OpenVAS Scanner.
SUGGEST: Enable signature checking (see
http://www.openvas.org/trusted-nvts.html
<http://www.openvas.org/trusted-nvts.html>).
But not sure if it is Obligatory, as " openvas-check-setup --v9"
says it is OK.
Best regards,
Reinis

Post by TMC
Hi there
did you run openvas feed update?
Hallo, comunity!
We have set up OpenVAS to CentOS 7, changed nmap to 5.51 and
# openvas-check-setup --v9
finishes with: It seems like your OpenVAS-9 installation is
OK with some .
Log file (/tmp/openvas-check-setup.log) is attached.
---------------------------
The target hosts could be regarded dead.
You could change the Alive Test method of the target.
However, if the targets are indeed dead, the scan duration
might increase significantly. (Click here to edit the target)
----------------------------
Alive test is "Consider alive"
Ping is going with no problems and "OpenVAS Default" scan
also works on same machines.
Please advice where to look for problem!
Thank You,
Reinis Nartiss
_______________________________________________
Openvas-discuss mailing list
https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss
<https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss>
--
--
GPG key fingerprint: 07DF B95B DB58 57B6 9656 682E 830A D092 288E F017
GPG public key available on pgp(dot)net key server

--
--
GPG key fingerprint: 07DF B95B DB58 57B6 9656 682E 830A D092 288E F017
GPG public key available on pgp(dot)net key server

Christian Fischer

2017-07-12 18:53:14 UTC

Permalink

Hi,

works here with the current OpenVAS9 releases as expected:

1. Create a target / target range
2. Create a new task which includes the target definition from 1. and
use the "OpenVAS Default" as scanner type
3. Run and finish this task
4. Check on Assets -> Hosts (Classic) that your scanned hosts has some
found applications (like e.g. cpe:/a:apache:http_server:2.4.10)
5. Create a new task which includes the target definition from 1. and
use the "CVE Scanner" as scanner type
6. Run and finish this new task
7. See that results like CVE-2015-3185 or CVE-2014-3583 are coming in

Note: As long as you don't get any severity at Assets -> Hosts (Classic)
shown in the "Prognosis" column you also won't get any results for your
finished task.

Post by Reinis Nartiss
Thank You,
Reinis Nartiss

Reinis Nartiss

2017-07-17 08:30:20 UTC

Permalink

Hi, Christian!

Thank You for help, like this it works!
I taught that during CVE test, system does needed discovery tests, but
it does not.

Great advice!

Br,
Reinis Nartišs

Post by Christian Fischer
Hi,

1. Create a target / target range
2. Create a new task which includes the target definition from 1. and
use the "OpenVAS Default" as scanner type
3. Run and finish this task
4. Check on Assets -> Hosts (Classic) that your scanned hosts has some
found applications (like e.g. cpe:/a:apache:http_server:2.4.10)
5. Create a new task which includes the target definition from 1. and
use the "CVE Scanner" as scanner type
6. Run and finish this new task
7. See that results like CVE-2015-3185 or CVE-2014-3583 are coming in
Note: As long as you don't get any severity at Assets -> Hosts (Classic)
shown in the "Prognosis" column you also won't get any results for your
finished task.

Post by Reinis Nartiss
Thank You,
Reinis Nartiss

Regards,
--
Christian Fischer | PGP Key: 0x54F3CE5B76C597AD
Greenbone Networks GmbH | http://greenbone.net
Neumarkt 12, 49074 Osnabrück, Germany | AG Osnabrück, HR B 202460
Geschäftsführer: Lukas Grunwald, Dr. Jan-Oliver Wagner
_______________________________________________
Openvas-discuss mailing list
https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss

Christian Fischer

2017-07-18 09:46:17 UTC

Permalink

Post by Christian Fischer
Hi,

1. Create a target / target range
2. Create a new task which includes the target definition from 1. and
use the "OpenVAS Default" as scanner type

Adding to this make sure that you have set "Add results to Assets" to
"yes" in this newly created task.

Post by Christian Fischer
3. Run and finish this task
4. Check on Assets -> Hosts (Classic) that your scanned hosts has some
found applications (like e.g. cpe:/a:apache:http_server:2.4.10)
5. Create a new task which includes the target definition from 1. and
use the "CVE Scanner" as scanner type
6. Run and finish this new task
7. See that results like CVE-2015-3185 or CVE-2014-3583 are coming in
Note: As long as you don't get any severity at Assets -> Hosts (Classic)
shown in the "Prognosis" column you also won't get any results for your
finished task.

Post by Reinis Nartiss
Thank You,
Reinis Nartiss

Regards,

--
Christian Fischer | PGP Key: 0x54F3CE5B76C597AD
Greenbone Networks GmbH | http://greenbone.net
Neumarkt 12, 49074 Osnabrück, Germany | AG Osnabrück, HR B 202460
Geschäftsführer: Lukas Grunwald, Dr. Jan-Oliver Wagner