From sujith at poornam.com Thu Sep 3 10:43:43 2009 From: sujith at poornam.com (Sujith Mohan) Date: Thu, 3 Sep 2009 14:13:43 +0530 Subject: [Openvas-discuss] SLAD + OpenVAS In-Reply-To: <15848B079660444CABD1CDA2E7FA5C4A@geoffPC> References: <15848B079660444CABD1CDA2E7FA5C4A@geoffPC> Message-ID: <200909031413.43227.sujith@poornam.com> Yes Geoff, I am using it . Actually, i was working on SLAD for few days and i got it working with latest versions of Openvas-Server and Openvas-Client. Regards, -- Sujith Mohan "Technical Skill is the mastery of complexity, while Creativity is the master of presence of mind" On Monday 31 August 2009, Geoff Galitz wrote: > Hi, > > > > I'm working on an OpenVAS article and am looking at the SLAD routines. I'm > really just wondering if people are using SLAD? > > > > -geoff > > > > --------------------------------- > Geoff Galitz > Blankenheim NRW, Germany > http://www.galitz.org/ > http://german-way.com/blog/ DISCLAIMER : This email and any files transmitted with it are property of Poornam Info Vision Pvt. Ltd. This email contains confidential information intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the sender immediately and delete this e-mail from your system. If you are not the intended recipient you are notified that disclosing, copying, distributing or taking any action in reliance on the contents of this information is strictly prohibited. Warning: Although the company has taken reasonable precautions to ensure no viruses are present in this email, the company cannot accept responsibility for any loss or damage arising from the use of this email or attachments. -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.wald.intevation.org/pipermail/openvas-discuss/attachments/20090903/44fadb1e/attachment.htm From ewgenijjeck at yahoo.de Fri Sep 11 12:38:17 2009 From: ewgenijjeck at yahoo.de (Ewgenij Zharovsky) Date: Fri, 11 Sep 2009 03:38:17 -0700 (PDT) Subject: [Openvas-discuss] Missleading messages about opened SSH-Port (22) Message-ID: <423873.68903.qm@web23404.mail.ird.yahoo.com> Hello everybody, I'm new to this list. I did some security scans with OpenVAS for my employer and ran into the following problem: OpenVAS reports the SSH port (22) to be opened almost on every run. Even in a run over a range of IPs, it gives me an opened SSH port for ips where actually no machine is running. As well as for machines, where the 22nd port is blocked by the firewall... My question is, is this a bug or a feature and if there is a possibility to determine _reliably_ if the SSH port is opened or closed on a certain machine. And if it is possible, then what configuration shall I try for the OpenVAS? Thanks in advance, Evgeniy From geoff at galitz.org Fri Sep 11 14:05:06 2009 From: geoff at galitz.org (Geoff Galitz) Date: Fri, 11 Sep 2009 14:05:06 +0200 Subject: [Openvas-discuss] Missleading messages about opened SSH-Port (22) In-Reply-To: <423873.68903.qm@web23404.mail.ird.yahoo.com> References: <423873.68903.qm@web23404.mail.ird.yahoo.com> Message-ID: Hi there. What portscanners are you using? Are you sure your target selection is correct? Incorrect network values in the target selection can result in some pretty behavior. -geoff --------------------------------- Geoff Galitz Blankenheim NRW, Germany http://www.galitz.org/ http://german-way.com/blog/ > -----Original Message----- > From: openvas-discuss-bounces at wald.intevation.org [mailto:openvas-discuss- > bounces at wald.intevation.org] On Behalf Of Ewgenij Zharovsky > Sent: Freitag, 11. September 2009 12:38 > To: openvas-discuss at wald.intevation.org > Subject: [Openvas-discuss] Missleading messages about opened SSH-Port (22) > > Hello everybody, > I'm new to this list. I did some security scans with OpenVAS for my > employer and ran into the following problem: > OpenVAS reports the SSH port (22) to be opened almost on every run. Even > in a run over a range of IPs, it gives me an opened SSH port for ips where > actually no machine is running. As well as for machines, where the 22nd > port is blocked by the firewall... My question is, is this a bug or a > feature and if there is a possibility to determine _reliably_ if the SSH > port is opened or closed on a certain machine. And if it is possible, then > what configuration shall I try for the OpenVAS? > Thanks in advance, > Evgeniy > > > > > _______________________________________________ > Openvas-discuss mailing list > Openvas-discuss at wald.intevation.org > http://lists.wald.intevation.org/mailman/listinfo/openvas-discuss From lists at securityspace.com Fri Sep 11 16:41:11 2009 From: lists at securityspace.com (Thomas Reinke) Date: Fri, 11 Sep 2009 10:41:11 -0400 Subject: [Openvas-discuss] Missleading messages about opened SSH-Port (22) In-Reply-To: <423873.68903.qm@web23404.mail.ird.yahoo.com> References: <423873.68903.qm@web23404.mail.ird.yahoo.com> Message-ID: <4AAA6187.2060304@securityspace.com> Ewgenij Zharovsky wrote: > Hello everybody, I'm new to this list. I did some security scans with > OpenVAS for my employer and ran into the following problem: OpenVAS > reports the SSH port (22) to be opened almost on every run. Even in a > run over a range of IPs, it gives me an opened SSH port for ips where > actually no machine is running. As well as for machines, where the ^^^^^^^^^^^^^^^^^^^^^ That sounds like someone (firewall?) is intercepting traffic and responding on behalf of the nonexistant IP. > 22nd port is blocked by the firewall... My question is, is this a bug > or a feature and if there is a possibility to determine _reliably_ if > the SSH port is opened or closed on a certain machine. And if it is > possible, then what configuration shall I try for the OpenVAS? Thanks > in advance, Evgeniy Are you scanning through a firewall? As an aside, beware, there can be a lot of problems with that. We've seen plenty of cases where an open port was missed for one reason or another (network hiccups - as in mini-outages, latency issues exceeding timeout limits, etc.) but we've never seen a case where a scanner would report an open port where none was open. Everytime that issue has arisen, some piece of equipment, answering to the IP address in question, really did open up the socket connection on the given port. It would help if you could let us know a) which tests are tripping positive; b) was any signature reported for the port in question (such as a version of SSH running) You may also want to investigate a packet capture utility. A trace on port 22 would be very interesting to see. tcpdump/wireshark are your friends here. Thomas From Timothy.Wilkinson at alegent.org Fri Sep 11 15:40:41 2009 From: Timothy.Wilkinson at alegent.org (Wilkinson,Timothy R) Date: Fri, 11 Sep 2009 08:40:41 -0500 Subject: [Openvas-discuss] Problems connecting to server with client Message-ID: <681E13894F30124DA3ECCE0A05C6159001B0C60F3D6F@EXCHMBC2.ad.ah.local> I have the OpenVAS server and client (2.0.3) on the same system currently. I was able to connect with the client one time but since updating plugins on the server using the openvas-nvt-sync command, I now receive the following errors every time I try to connect: Invalid PLUGIN_INFO response from server Error while updating the cached plugin information Login failed I'm connecting to the 127.0.0.1 over 9390. I'm sure it's a server side issue because I've tried multiple clients, (linux and windows versions), with the same results. The operating environment is Ubuntu. I've looked through the archives but have not found an answer. Tim Wilkinson ________________________________ Sponsored by Catholic Health Initiatives and Immanuel Health Systems, Alegent Health is faithful to the healing ministry of Jesus Christ, providing high quality care for the body, mind and spirit of every person. The information contained in this communication, including attachments, is confidential and private and intended only for the use of the addressees. Unauthorized use, disclosure, distribution or copying is strictly prohibited and may be unlawful. If you received this communication in error, please inform us of the erroneous delivery by return e-mail message from your computer. Additionally, although all attachments have been scanned at the source for viruses, the recipient should check any attachments for the presence of viruses before opening. Alegent Health accepts no liability for any damage caused by any virus transmitted by this e-mail. Thank you for your cooperation. -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.wald.intevation.org/pipermail/openvas-discuss/attachments/20090911/b6091fa3/attachment.html From mime at gmx.de Sat Sep 12 12:42:00 2009 From: mime at gmx.de (Michael Meyer) Date: Sat, 12 Sep 2009 12:42:00 +0200 Subject: [Openvas-discuss] Problems connecting to server with client In-Reply-To: <681E13894F30124DA3ECCE0A05C6159001B0C60F3D6F@EXCHMBC2.ad.ah.local> References: <681E13894F30124DA3ECCE0A05C6159001B0C60F3D6F@EXCHMBC2.ad.ah.local> Message-ID: <20090912104200.GA3315@komma-nix.de> *** Wilkinson,Timothy R wrote: > I have the OpenVAS server and client (2.0.3) on the same system > currently. I was able to connect with the client one time but since > updating plugins on the server using the openvas-nvt-sync command, I > now receive the following errors every time I try to connect: > > Invalid PLUGIN_INFO response from server > Error while updating the cached plugin information > Login failed Please delete '/var/cache/openvas/*' (path depends on your installation), do a 'openvas-nvt-sync', start the server and try again. Does it help? Micha From michael.wiegand at intevation.de Mon Sep 14 08:32:00 2009 From: michael.wiegand at intevation.de (Michael Wiegand) Date: Mon, 14 Sep 2009 08:32:00 +0200 Subject: [Openvas-discuss] [Openvas-distro-deb] installation for debian etch failed In-Reply-To: <005301ca320a$3fb0e5e0$bf12b1a0$@com> References: <200909091207.12672.felix.wolfsteller@intevation.de> <005301ca320a$3fb0e5e0$bf12b1a0$@com> Message-ID: <20090914063200.GD28881@intevation.de> * Narkissos Goldmund [10. Sep 2009]: > Thank's for the advise! Since installation for lenny or etch seems to > require anyway partially compilation according to > http://www.openvas.org/openvas-server.html, I decided to try compiling > everything. Be aware that the description on the OpenVAS website is somewhat outdated. For lenny, you can use the Debian Backports repository as described on the website. The only module missing is openvas-plugins, which is available from the OpenSuSE build service, for example: http://software.opensuse.org/search?baseproject=Debian%3A5.0&p=1&q=openvas-plugins > I started with openvas-libraries. > ./configure stopped at: > configure: error: "glib >= 2.6.0 not found" > > I looked with "dpkg -l | grep ^i|grep glib", and found: > ii libavahi-glib1 0.6.16-3etch2 > Avahi glib integration library > ii libdbus-glib-1-2 0.71-3 > simple interprocess messaging system (GLib-b > ii libglib-perl 1.140-1 > Perl interface to the GLib and GObject libra > ii libglib2.0-0 2.12.4-2+etch1 > The GLib library of C routines > ii libglibmm-2.4-1c2a 2.12.0-1 > C++ wrapper for the GLib toolkit (shared lib > ii libnm-glib0 0.6.4-6 > network management framework (GLib shared li > ii libpoppler0c2-glib 0.4.5-5.1etch3 > PDF rendering library (GLib-based shared lib > > I looked again with "dpkg --status libglib2.0-0", and found: > Version: 2.12.4-2+etch1 Please be aware that you need the development libraries for compiling. In your case, "apt-get install libglib2.0-dev" will install the necessary package. Please keep further discussion on openvas-discuss, there are more people on that list who might be able to help you. Regards, Michael -- Michael Wiegand | OpenPGP: D7D049EC | Intevation GmbH - www.intevation.de Neuer Graben 17, 49074 Osnabr?ck, Germany | AG Osnabr?ck, HR B 18998 Gesch?ftsf?hrer: Frank Koormann, Bernhard Reiter, Dr. Jan-Oliver Wagner -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 198 bytes Desc: not available Url : http://lists.wald.intevation.org/pipermail/openvas-discuss/attachments/20090914/fecfd066/attachment.pgp From waja at cyconet.org Mon Sep 14 09:30:48 2009 From: waja at cyconet.org (Jan Wagner) Date: Mon, 14 Sep 2009 09:30:48 +0200 Subject: [Openvas-discuss] [Openvas-distro-deb] installation for debian etch failed In-Reply-To: <20090914063200.GD28881@intevation.de> References: <005301ca320a$3fb0e5e0$bf12b1a0$@com> <20090914063200.GD28881@intevation.de> Message-ID: <200909140930.51795.waja@cyconet.org> Hi, On Monday 14 September 2009 08:32:00 Michael Wiegand wrote: > Be aware that the description on the OpenVAS website is somewhat > outdated. For lenny, you can use the Debian Backports repository as > described on the website. The only module missing is openvas-plugins, > which is available from the OpenSuSE build service, for example: > http://software.opensuse.org/search?baseproject=Debian%3A5.0&p=1&q=openvas- >plugins since last saterday there is a openvas-server package on backports.org available, which ships openvas-nvt-sync. So no plugin package is needed anymore (for the cases where you are able to fetch the whole plugin feed via internet). With kind regards, Jan. -- Never write mail to , you have been warned! -----BEGIN GEEK CODE BLOCK----- Version: 3.1 GIT d-- s+: a- C+++ UL++++ P+ L+++ E- W+++ N+++ o++ K++ w--- O M V- PS PE Y++ PGP++ t-- 5 X R tv- b+ DI- D++ G++ e++ h-- r+++ y+++ ------END GEEK CODE BLOCK------ -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 189 bytes Desc: This is a digitally signed message part. Url : http://lists.wald.intevation.org/pipermail/openvas-discuss/attachments/20090914/94886bb5/attachment.pgp From ixhd at rogers.com Fri Sep 18 04:17:09 2009 From: ixhd at rogers.com (Isabella Disley) Date: Thu, 17 Sep 2009 19:17:09 -0700 (PDT) Subject: [Openvas-discuss] Problem with OpenVAS 2.0.3 Message-ID: <690357.49658.qm@web88301.mail.re4.yahoo.com> Greetings, Just upgraded OpenVAS on my Fedora 8 machine.? All packages and libraries compiled without any errors.? Server drops the connection as soon after I start a scan using the CLI with this error; Communication closed by server OpenVAS-Client: The server abruptly shut the communication down - the test may be incomplete openvasd.dump records this entry; openvasd: serving 127.0.0.1: symbol lookup error: openvasd: serving 127.0.0.1: undefined symbol: plug_get_mandatory_keys openvasd.messages records this entry; [Thu Sep 17 13:36:50 2009][29871] connection from 127.0.0.1 [Thu Sep 17 13:36:50 2009][29894] Client requested protocol < OTP/1.0 >. [Thu Sep 17 13:36:50 2009][29894] successful login of scanner20 from 127.0.0.1 System is Linux 2.6.26.8-57.fc8 #1 SMP Thu Dec 18 18:50:02 EST 2008 i686 i686 i386GNU/LinuxAny thoughts? Please and Thanks Mark -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.wald.intevation.org/pipermail/openvas-discuss/attachments/20090917/abb56822/attachment.htm From bchandra at secpod.com Fri Sep 18 07:12:52 2009 From: bchandra at secpod.com (Chandrashekhar B) Date: Fri, 18 Sep 2009 10:42:52 +0530 Subject: [Openvas-discuss] Problem with OpenVAS 2.0.3 In-Reply-To: <690357.49658.qm@web88301.mail.re4.yahoo.com> References: <690357.49658.qm@web88301.mail.re4.yahoo.com> Message-ID: <084CB6C0D4B84037AA495A82B7FC22B9@bchandra> Mark, Can you try with openvas-libraries-2.0.4 (2.0.3 has plug_get_mandatory_keys missing). Thanks, Chandra. ________________________________________ From: openvas-discuss-bounces at wald.intevation.org [mailto:openvas-discuss-bounces at wald.intevation.org] On Behalf Of Isabella Disley Sent: Friday, September 18, 2009 7:47 AM To: openvas-discuss at wald.intevation.org Subject: [Openvas-discuss] Problem with OpenVAS 2.0.3 Greetings, Just upgraded OpenVAS on my Fedora 8 machine.? All packages and libraries compiled without any errors.? Server drops the connection as soon after I start a scan using the CLI with this error; Communication closed by server OpenVAS-Client: The server abruptly shut the communication down - the test may be incomplete openvasd.dump records this entry; openvasd: serving 127.0.0.1: symbol lookup error: openvasd: serving 127.0.0.1: undefined symbol: plug_get_mandatory_keys openvasd.messages records this entry; [Thu Sep 17 13:36:50 2009][29871] connection from 127.0.0.1 [Thu Sep 17 13:36:50 2009][29894] Client requested protocol < OTP/1.0 >. [Thu Sep 17 13:36:50 2009][29894] successful login of scanner20 from 127.0.0.1 System is Linux 2.6.26.8-57.fc8 #1 SMP Thu Dec 18 18:50:02 EST 2008 i686 i686 i386GNU/Linux Any thoughts? Please and Thanks Mark From ixhd at rogers.com Fri Sep 18 14:47:39 2009 From: ixhd at rogers.com (Isabella Disley) Date: Fri, 18 Sep 2009 05:47:39 -0700 (PDT) Subject: [Openvas-discuss] Problem with OpenVAS 2.0.3 In-Reply-To: <084CB6C0D4B84037AA495A82B7FC22B9@bchandra> Message-ID: <829687.24230.qm@web88304.mail.re4.yahoo.com> Hi Chandra, I am using 2.0.4. These are the packages I installed; -rw-r--r-- 1 root root 1955840 Sep 11 14:09 openvas-server-2.0.3.tar -rw-r--r-- 1 root root 55930880 Sep 11 14:09 openvas-plugins-1.0.7.tar -rw-r--r-- 1 root root 2467840 Sep 11 14:09 openvas-libraries-2.0.4.tar -rw-r--r-- 1 root root 2549760 Sep 11 14:09 openvas-libnasl-2.0.2.tar -rw-r--r-- 1 root root 3942400 Sep 11 14:09 openvas-client-2.0.5.tar Contents of my "lib" directory; /opt/openvas2/lib -rwxrwxrwx 1 root openvas 715560 Sep 16 11:57 libopenvasnasl.a -rwxrwxrwx 1 root openvas 1026 Sep 16 11:57 libopenvasnasl.la lrwxrwxrwx 1 root openvas 23 Sep 16 11:57 libopenvasnasl.so -> libopenvasnasl.so.2.0.2 lrwxrwxrwx 1 root openvas 23 Sep 16 11:57 libopenvasnasl.so.2 -> libopenvasnasl.so.2.0.2 -rwxrwxrwx 1 root openvas 543714 Sep 16 11:57 libopenvasnasl.so.2.0.2 -rwxrwxrwx 1 root openvas 21508 Sep 16 11:23 libopenvas_hg.a -rwxrwxrwx 1 root openvas 920 Sep 16 11:23 libopenvas_hg.la lrwxrwxrwx 1 root openvas 22 Sep 16 11:23 libopenvas_hg.so -> libopenvas_hg.so.2.0.4 lrwxrwxrwx 1 root openvas 22 Sep 16 11:23 libopenvas_hg.so.2 -> libopenvas_hg.so.2.0.4 -rwxrwxrwx 1 root openvas 21961 Sep 16 11:23 libopenvas_hg.so.2.0.4 -rwxrwxrwx 1 root openvas 412562 Sep 16 11:23 libopenvas.a -rwxrwxrwx 1 root openvas 910 Sep 16 11:23 libopenvas.la lrwxrwxrwx 1 root openvas 19 Sep 16 11:23 libopenvas.so -> libopenvas.so.2.0.4 lrwxrwxrwx 1 root openvas 19 Sep 16 11:23 libopenvas.so.2 -> libopenvas.so.2.0.4 -rwxrwxrwx 1 root openvas 552678 Sep 16 11:23 libopenvas.so.2.0.4 Cheers, Mark --- On Fri, 9/18/09, Chandrashekhar B wrote: From: Chandrashekhar B Subject: RE: [Openvas-discuss] Problem with OpenVAS 2.0.3 To: "'Isabella Disley'" , openvas-discuss at wald.intevation.org Received: Friday, September 18, 2009, 1:12 AM Mark, Can you try with openvas-libraries-2.0.4 (2.0.3 has plug_get_mandatory_keys missing). Thanks, Chandra. ________________________________________ From: openvas-discuss-bounces at wald.intevation.org [mailto:openvas-discuss-bounces at wald.intevation.org] On Behalf Of Isabella Disley Sent: Friday, September 18, 2009 7:47 AM To: openvas-discuss at wald.intevation.org Subject: [Openvas-discuss] Problem with OpenVAS 2.0.3 Greetings, Just upgraded OpenVAS on my Fedora 8 machine.? All packages and libraries compiled without any errors.? Server drops the connection as soon after I start a scan using the CLI with this error; Communication closed by server OpenVAS-Client: The server abruptly shut the communication down - the test may be incomplete openvasd.dump records this entry; openvasd: serving 127.0.0.1: symbol lookup error: openvasd: serving 127.0.0.1: undefined symbol: plug_get_mandatory_keys openvasd.messages records this entry; [Thu Sep 17 13:36:50 2009][29871] connection from 127.0.0.1 [Thu Sep 17 13:36:50 2009][29894] Client requested protocol < OTP/1.0 >. [Thu Sep 17 13:36:50 2009][29894] successful login of scanner20 from 127.0.0.1 System is? Linux 2.6.26.8-57.fc8 #1 SMP Thu Dec 18 18:50:02 EST 2008 i686 i686 i386GNU/Linux Any thoughts? Please and Thanks Mark -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.wald.intevation.org/pipermail/openvas-discuss/attachments/20090918/7f469273/attachment.htm From geoff at galitz.org Fri Sep 18 14:57:25 2009 From: geoff at galitz.org (Geoff Galitz) Date: Fri, 18 Sep 2009 14:57:25 +0200 Subject: [Openvas-discuss] Problem with OpenVAS 2.0.3 In-Reply-To: <829687.24230.qm@web88304.mail.re4.yahoo.com> References: <084CB6C0D4B84037AA495A82B7FC22B9@bchandra> <829687.24230.qm@web88304.mail.re4.yahoo.com> Message-ID: <02D09A0607B74EC698F3A714D2AECE46@geoffPC> Did you update your libtool settings (if needed) after the upgrade? -geoff --------------------------------- Geoff Galitz Blankenheim NRW, Germany http://www.galitz.org/ http://german-way.com/blog/ _____ From: openvas-discuss-bounces at wald.intevation.org [mailto:openvas-discuss-bounces at wald.intevation.org] On Behalf Of Isabella Disley Sent: Freitag, 18. September 2009 14:48 To: Chandrashekhar B Cc: openvas-discuss at wald.intevation.org Subject: Re: [Openvas-discuss] Problem with OpenVAS 2.0.3 Hi Chandra, I am using 2.0.4. These are the packages I installed; -rw-r--r-- 1 root root 1955840 Sep 11 14:09 openvas-server-2.0.3.tar -rw-r--r-- 1 root root 55930880 Sep 11 14:09 openvas-plugins-1.0.7.tar -rw-r--r-- 1 root root 2467840 Sep 11 14:09 openvas-libraries-2.0.4.tar -rw-r--r-- 1 root root 2549760 Sep 11 14:09 openvas-libnasl-2.0.2.tar -rw-r--r-- 1 root root 3942400 Sep 11 14:09 openvas-client-2.0.5.tar Contents of my "lib" directory; /opt/openvas2/lib -rwxrwxrwx 1 root openvas 715560 Sep 16 11:57 libopenvasnasl.a -rwxrwxrwx 1 root openvas 1026 Sep 16 11:57 libopenvasnasl.la lrwxrwxrwx 1 root openvas 23 Sep 16 11:57 libopenvasnasl.so -> libopenvasnasl.so.2.0.2 lrwxrwxrwx 1 root openvas 23 Sep 16 11:57 libopenvasnasl.so.2 -> libopenvasnasl.so.2.0.2 -rwxrwxrwx 1 root openvas 543714 Sep 16 11:57 libopenvasnasl.so.2.0.2 -rwxrwxrwx 1 root openvas 21508 Sep 16 11:23 libopenvas_hg.a -rwxrwxrwx 1 root openvas 920 Sep 16 11:23 libopenvas_hg.la lrwxrwxrwx 1 root openvas 22 Sep 16 11:23 libopenvas_hg.so -> libopenvas_hg.so.2.0.4 lrwxrwxrwx 1 root openvas 22 Sep 16 11:23 libopenvas_hg.so.2 -> libopenvas_hg.so.2.0.4 -rwxrwxrwx 1 root openvas 21961 Sep 16 11:23 libopenvas_hg.so.2.0.4 -rwxrwxrwx 1 root openvas 412562 Sep 16 11:23 libopenvas.a -rwxrwxrwx 1 root openvas 910 Sep 16 11:23 libopenvas.la lrwxrwxrwx 1 root openvas 19 Sep 16 11:23 libopenvas.so -> libopenvas.so.2.0.4 lrwxrwxrwx 1 root openvas 19 Sep 16 11:23 libopenvas.so.2 -> libopenvas.so.2.0.4 -rwxrwxrwx 1 root openvas 552678 Sep 16 11:23 libopenvas.so.2.0.4 Cheers, Mark --- On Fri, 9/18/09, Chandrashekhar B wrote: From: Chandrashekhar B Subject: RE: [Openvas-discuss] Problem with OpenVAS 2.0.3 To: "'Isabella Disley'" , openvas-discuss at wald.intevation.org Received: Friday, September 18, 2009, 1:12 AM Mark, Can you try with openvas-libraries-2.0.4 (2.0.3 has plug_get_mandatory_keys missing). Thanks, Chandra. ________________________________________ From: openvas-discuss-bounces at wald.intevation.org [mailto:openvas-discuss-bounces at wald.intevation.org] On Behalf Of Isabella Disley Sent: Friday, September 18, 2009 7:47 AM To: openvas-discuss at wald.intevation.org Subject: [Openvas-discuss] Problem with OpenVAS 2.0.3 Greetings, Just upgraded OpenVAS on my Fedora 8 machine. All packages and libraries compiled without any errors. Server drops the connection as soon after I start a scan using the CLI with this error; Communication closed by server OpenVAS-Client: The server abruptly shut the communication down - the test may be incomplete openvasd.dump records this entry; openvasd: serving 127.0.0.1: symbol lookup error: openvasd: serving 127.0.0.1: undefined symbol: plug_get_mandatory_keys openvasd.messages records this entry; [Thu Sep 17 13:36:50 2009][29871] connection from 127.0.0.1 [Thu Sep 17 13:36:50 2009][29894] Client requested protocol < OTP/1.0 >. [Thu Sep 17 13:36:50 2009][29894] successful login of scanner20 from 127.0.0.1 System is Linux 2.6.26.8-57.fc8 #1 SMP Thu Dec 18 18:50:02 EST 2008 i686 i686 i386GNU/Linux Any thoughts? Please and Thanks Mark -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.wald.intevation.org/pipermail/openvas-discuss/attachments/20090918/6539e4c4/attachment.html From bchandra at secpod.com Fri Sep 18 17:27:10 2009 From: bchandra at secpod.com (Chandrashekhar B) Date: Fri, 18 Sep 2009 20:57:10 +0530 Subject: [Openvas-discuss] Problem with OpenVAS 2.0.3 In-Reply-To: <829687.24230.qm@web88304.mail.re4.yahoo.com> References: <084CB6C0D4B84037AA495A82B7FC22B9@bchandra> <829687.24230.qm@web88304.mail.re4.yahoo.com> Message-ID: <5389F8FC028F4164BB2E32F23EB70E81@bchandra> Mark, This is looking good, don't see a problem. I am wondering if there are old libs in the path somewhere. Is it possible to remove the libs and rebuild once again? Chandra. ________________________________________ From: Isabella Disley [mailto:ixhd at rogers.com] Sent: Friday, September 18, 2009 6:18 PM To: Chandrashekhar B Cc: openvas-discuss at wald.intevation.org Subject: RE: [Openvas-discuss] Problem with OpenVAS 2.0.3 Hi Chandra, I am using 2.0.4. These are the packages I installed; -rw-r--r-- 1 root root 1955840 Sep 11 14:09 openvas-server-2.0.3.tar -rw-r--r-- 1 root root 55930880 Sep 11 14:09 openvas-plugins-1.0.7.tar -rw-r--r-- 1 root root 2467840 Sep 11 14:09 openvas-libraries-2.0.4.tar -rw-r--r-- 1 root root 2549760 Sep 11 14:09 openvas-libnasl-2.0.2.tar -rw-r--r-- 1 root root 3942400 Sep 11 14:09 openvas-client-2.0.5.tar Contents of my "lib" directory; /opt/openvas2/lib -rwxrwxrwx 1 root openvas 715560 Sep 16 11:57 libopenvasnasl.a -rwxrwxrwx 1 root openvas 1026 Sep 16 11:57 libopenvasnasl.la lrwxrwxrwx 1 root openvas 23 Sep 16 11:57 libopenvasnasl.so -> libopenvasnasl.so.2.0.2 lrwxrwxrwx 1 root openvas 23 Sep 16 11:57 libopenvasnasl.so.2 -> libopenvasnasl.so.2.0.2 -rwxrwxrwx 1 root openvas 543714 Sep 16 11:57 libopenvasnasl.so.2.0.2 -rwxrwxrwx 1 root openvas 21508 Sep 16 11:23 libopenvas_hg.a -rwxrwxrwx 1 root openvas 920 Sep 16 11:23 libopenvas_hg.la lrwxrwxrwx 1 root openvas 22 Sep 16 11:23 libopenvas_hg.so -> libopenvas_hg.so.2.0.4 lrwxrwxrwx 1 root openvas 22 Sep 16 11:23 libopenvas_hg.so.2 -> libopenvas_hg.so.2.0.4 -rwxrwxrwx 1 root openvas 21961 Sep 16 11:23 libopenvas_hg.so.2.0.4 -rwxrwxrwx 1 root openvas 412562 Sep 16 11:23 libopenvas.a -rwxrwxrwx 1 root openvas 910 Sep 16 11:23 libopenvas.la lrwxrwxrwx 1 root openvas 19 Sep 16 11:23 libopenvas.so -> libopenvas.so.2.0.4 lrwxrwxrwx 1 root openvas 19 Sep 16 11:23 libopenvas.so.2 -> libopenvas.so.2.0.4 -rwxrwxrwx 1 root openvas 552678 Sep 16 11:23 libopenvas.so.2.0.4 Cheers, Mark --- On Fri, 9/18/09, Chandrashekhar B wrote: From: Chandrashekhar B Subject: RE: [Openvas-discuss] Problem with OpenVAS 2.0.3 To: "'Isabella Disley'" , openvas-discuss at wald.intevation.org Received: Friday, September 18, 2009, 1:12 AM Mark, Can you try with openvas-libraries-2.0.4 (2.0.3 has plug_get_mandatory_keys missing). Thanks, Chandra. ________________________________________ From: openvas-discuss-bounces at wald.intevation.org [mailto:openvas-discuss-bounces at wald.intevation.org] On Behalf Of Isabella Disley Sent: Friday, September 18, 2009 7:47 AM To: openvas-discuss at wald.intevation.org Subject: [Openvas-discuss] Problem with OpenVAS 2.0.3 Greetings, Just upgraded OpenVAS on my Fedora 8 machine.? All packages and libraries compiled without any errors.? Server drops the connection as soon after I start a scan using the CLI with this error; Communication closed by server OpenVAS-Client: The server abruptly shut the communication down - the test may be incomplete openvasd.dump records this entry; openvasd: serving 127.0.0.1: symbol lookup error: openvasd: serving 127.0.0.1: undefined symbol: plug_get_mandatory_keys openvasd.messages records this entry; [Thu Sep 17 13:36:50 2009][29871] connection from 127.0.0.1 [Thu Sep 17 13:36:50 2009][29894] Client requested protocol < OTP/1.0 >. [Thu Sep 17 13:36:50 2009][29894] successful login of scanner20 from 127.0.0.1 System is? Linux 2.6.26.8-57.fc8 #1 SMP Thu Dec 18 18:50:02 EST 2008 i686 i686 i386GNU/Linux Any thoughts? Please and Thanks Mark From Jan-Oliver.Wagner at greenbone.net Fri Sep 18 19:57:44 2009 From: Jan-Oliver.Wagner at greenbone.net (Jan-Oliver Wagner) Date: Fri, 18 Sep 2009 19:57:44 +0200 Subject: [Openvas-discuss] Problem with OpenVAS 2.0.3 In-Reply-To: <829687.24230.qm@web88304.mail.re4.yahoo.com> References: <829687.24230.qm@web88304.mail.re4.yahoo.com> Message-ID: <200909181957.45031.Jan-Oliver.Wagner@greenbone.net> On Friday 18 September 2009 14:47:39 Isabella Disley wrote: > I am using 2.0.4. > These are the packages I installed; you can use ldd to check which libs are linked. $ ldd openvasd If you don't rember where it is instsalled, this might work on your system: $ ldd `which openvasd` Best Jan -- Dr. Jan-Oliver Wagner | ++49-541-335084-0 | http://www.greenbone.net/ Greenbone Networks GmbH, Neuer Graben 17, 49074 Osnabr?ck AG Osnabr?ck, HR B 202460 | Gesch?ftsf?hrer: Lukas Grunwald, Dr. Jan-Oliver Wagner From ixhd at rogers.com Sat Sep 19 16:54:09 2009 From: ixhd at rogers.com (Isabella Disley) Date: Sat, 19 Sep 2009 07:54:09 -0700 (PDT) Subject: [Openvas-discuss] Problem with OpenVAS 2.0.3 In-Reply-To: <200909181957.45031.Jan-Oliver.Wagner@greenbone.net> Message-ID: <374052.46389.qm@web88306.mail.re4.yahoo.com> OK, good tip!? Your idea brought me indirectly to dumping the openvasd cofnig. I did; ./openvasd -d which showed me the new version of the OpenVAS daemon was using? libraries from an older version of OpenVAS (2.0.1). That in turn got me looking at my ld.so.conf file, in which I had a path to the older version of OpenVAS.? Once I removed the older references it now works like a charm. Thanks to all who responded. Cheers, Mark --- On Fri, 9/18/09, Jan-Oliver Wagner wrote: From: Jan-Oliver Wagner Subject: Re: [Openvas-discuss] Problem with OpenVAS 2.0.3 To: openvas-discuss at wald.intevation.org Received: Friday, September 18, 2009, 1:57 PM On Friday 18 September 2009 14:47:39 Isabella Disley wrote: > I am using 2.0.4. > These are the packages I installed; you can use ldd to check which libs are linked. $ ldd openvasd If you don't rember where it is instsalled, this might work on your system: $ ldd `which openvasd` Best ??? Jan -- Dr. Jan-Oliver Wagner |? ++49-541-335084-0? |? http://www.greenbone.net/ Greenbone Networks GmbH, Neuer Graben 17, 49074 Osnabr?ck AG Osnabr?ck, HR B 202460 | Gesch?ftsf?hrer: Lukas Grunwald, Dr. Jan-Oliver Wagner _______________________________________________ Openvas-discuss mailing list Openvas-discuss at wald.intevation.org http://lists.wald.intevation.org/mailman/listinfo/openvas-discuss -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.wald.intevation.org/pipermail/openvas-discuss/attachments/20090919/d1094361/attachment.html From jfs at computer.org Sun Sep 20 10:38:34 2009 From: jfs at computer.org (Javier =?iso-8859-1?Q?Fern=E1ndez-Sanguino_Pe=F1a?=) Date: Sun, 20 Sep 2009 10:38:34 +0200 Subject: [Openvas-discuss] Web based Reporter tool In-Reply-To: <200906291106.45892.felix.wolfsteller@intevation.de> References: <1240517487.10188.16.camel@LADY> <20090624232203.GC16138@javifsp.no-ip.org> <200906291106.45892.felix.wolfsteller@intevation.de> Message-ID: <20090920083833.GA13144@javifsp.no-ip.org> On Mon, Jun 29, 2009 at 11:06:45AM +0200, Felix Wolfsteller wrote: > I do not know the state of nessus as of 2005 but I guess that OpenVAS is > heading in a different direction than what nessus was headed to back than. The patches probably can be forward ported easily. But I have not tried. > > However I think these patches could be of good value, so please keep them hot. > > Do you have any document describing what should have been done? It's there in the patches :) There's some accompanying documentation on how it works, but the changes to the Nessus code are not really describe thoroughly. Basicly whenever a plugin dives a result the information that would go to the knowledge base goes also into a database. The patch includes the database code (which probably can be reused "as is") as well as the hooks in the Nessus code. Regards Javier -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 189 bytes Desc: Digital signature Url : http://lists.wald.intevation.org/pipermail/openvas-discuss/attachments/20090920/8bcb9428/attachment.pgp From jfs at computer.org Sun Sep 20 11:01:25 2009 From: jfs at computer.org (Javier =?iso-8859-1?Q?Fern=E1ndez-Sanguino_Pe=F1a?=) Date: Sun, 20 Sep 2009 11:01:25 +0200 Subject: [Openvas-discuss] first post In-Reply-To: <200908281129.07538.felix.wolfsteller@intevation.de> References: <200908280810.17729.Jan-Oliver.Wagner@greenbone.net> <200908281020.44765.timb@openvas.org> <200908281129.07538.felix.wolfsteller@intevation.de> Message-ID: <20090920090125.GB13144@javifsp.no-ip.org> On Fri, Aug 28, 2009 at 11:29:07AM +0200, Felix Wolfsteller wrote: > Hi John, > great offer! > Just came to my mind: > > * Jan mentioned the manpage for openvas-nvt-sync is missing (not really sure > if we need one). I wrote one already yesterday for the Debian package. Please review the attached file. If it's to everybody's pleasure feel free to commit it to SVN or ask me to do it. IMHO I do believe one is needed since people will probably turn to it when they're having issues downloading updates through rsync Regards Javier -------------- next part -------------- .\" Hey, EMACS: -*- nroff -*- .TH OPENVAS-NVT-SYNC 8 "Septmeber 2008" "The OpenVAS Project" "User Manuals" .SH NAME openvas-nvt-sync \- updates the OpenVAS security checks .SH SYNOPSIS .B openvas-nvt-sync .SH DESCRIPTION The .B OpenVAS Security Scanner performs several security checks, each of them being coded as an external plugin coded in NASL. As new security holes are published every day, new plugins appear on the OpenVAS site (www.openvas.org) .br The script .B openvas-nvt-sync will fetch all the newest security checks for you and install them at the proper location. Once this is done you will need to restart openvas-server(8) s so that it loads them and uses them for new security scans. .br .B openvas-nvt-sync uses rsync(1) and md5sum(1) to do its job. In order to download the new plugins the machine where the script runs needs to have access to rsync.openvas.org using the rsync protocol (TCP/UDP port 873). If you are behind a web proxy you can configure rsync to use it through the use of the RSYNC_PROXY environment variable. For more information see rsync(1). .SH SECURITY NOTES .B openvas-nvt-sync uses rsync(1) to retrieve the archive of the new plugins. The scripts provided by the OpenVAS project might .B not be signed \. Consequently, if somewhere where to poison your DNS server and force this script to retrieve NASL plugins on another site he would force your OpenVAS server to execute NASL scripts when running security tests. Even if this might not do much harm (see the NASL reference guide for more information on that subject) you should be very careful when doing this. .SH SEE ALSO For more information see: .BR rsync(1), .BR openvasd(8) .BR openvas-client(1). .br There is more information available at .B /usr/share/doc/openvas-plugins on Debian systems. .PP You can find additional information about the OpenVAS project in http://www.openvas.org .SH AUTHOR This manual page was written by Javier Fern\['a]ndez-Sanguino Pe\[~n]a for the Debian GNU/Linux system (but may be used on other systems). .PP The .B openvas-nvt-sync script was written by DN-Systems Enterprise Internet Solutions GmbH. -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 189 bytes Desc: Digital signature Url : http://lists.wald.intevation.org/pipermail/openvas-discuss/attachments/20090920/7f818d84/attachment.pgp From Jan-Oliver.Wagner at greenbone.net Tue Sep 22 00:30:34 2009 From: Jan-Oliver.Wagner at greenbone.net (Jan-Oliver Wagner) Date: Tue, 22 Sep 2009 00:30:34 +0200 Subject: [Openvas-discuss] first post In-Reply-To: <20090920090125.GB13144@javifsp.no-ip.org> References: <200908281129.07538.felix.wolfsteller@intevation.de> <20090920090125.GB13144@javifsp.no-ip.org> Message-ID: <200909220030.34355.Jan-Oliver.Wagner@greenbone.net> Hi Javier, On Sunday 20 September 2009 11:01:25 Javier Fern?ndez-Sanguino Pe?a wrote: > I wrote one already yesterday for the Debian package. Please review the > attached file. If it's to everybody's pleasure feel free to commit it to SVN > or ask me to do it. thanks a lot for writing this man page! I just commited with only slight changes (fix date, typo and naming). Please feel free to improve it directly in SVN. All the best Jan -- Dr. Jan-Oliver Wagner | ++49-541-335084-0 | http://www.greenbone.net/ Greenbone Networks GmbH, Neuer Graben 17, 49074 Osnabr?ck AG Osnabr?ck, HR B 202460 | Gesch?ftsf?hrer: Lukas Grunwald, Dr. Jan-Oliver Wagner