[Openvas-discuss] My damn fault

Whit Blauvelt whit at transpect.com
Wed Aug 8 01:48:36 CEST 2012


On Tue, Aug 07, 2012 at 06:14:00PM -0400, Alan Tu wrote:
> Oh yes, my scans are finding stuff, generating reports, doing all
> kinds of packet scans.
> 
> Nmap is required.

Ah. Someone else suggested it is optional. Looking at the process table
during a scan, openvassd nicely reports all the IPs and tests, but there's
no sign of nmap being run. Maybe my difference from you is that you had nmap
on the system at compilation time? I far prefer software that refuses to
compile without all dependencies in place, but that must be a run time not a
compile time dependency? When I look at "Scan config details" for the "Full
and fast" scan there are many nmap-related settings, but nothing that looks
like an obvious overall on/off switch switched off. In any case, it's all in
the default state for this. This worked out of the box for you, right?

Assuming "Full and fast" is using nmap for you, and not for me, and it's not
a question of the scan config or nmap being on the system, then where can
this be failing? Whatever component should be seeing that nmap is on the
system and invoking it isn't doing that, and doesn't complain about it
either.

> Three suggestions:
> 
> 1.  Run the check-openvas-setup program and see what it says.

Did that already. It's happy. Was happy with the Fedora 15 version too. 

> 2.  Make sure to update the plugins with openvas nvt sync then
> rebuilding the database.
> 
> openvas-nvt-sync > /dev/null
> openvassd
> openvasmd --rebuild

Did that already too. No difference.

> 3.  On the VM, do a packet capture, specifying your target, and see if
> there are any outbound packets.

There are. Watching it with iptraf, I can see it sending out both TCP and
UDP to ports across the /27 being probed.

> You're close I think. I'm not a C guru and yet built from source. It
> took a whole Saturday to get it working.

Ah, then you're ahead of me. I'm sure I have at least 4 days into this,
spread out over several months. And while I don't write C, I've done many
hundreds of builds from source, not even counting the years when I mostly
ran Gentoo. These things usually cooperate with me ; >

What gets me is that a build from source on Ubuntu 12.04 is failing in very
much the same way that an install from Atomicorp packages on Fedora 15 did.
The only thing they have in common is the test target - but again it's a
target known to have stuff to find, and Nessus run against it finds, from
the same network POV as the Fedora 15 OpenVAS instance that doesn't.

Haven't cranked up the Fedora 15 version again to be sure that nmap just
isn't being run there too. But expect that's likely. Yet nmap is one of the
100 dependencies installed when using the Atomicorp packages. So it was on
that system - unlike the current Ubuntu 12.04 one - from the beginning. And
works from that system, if run directly and pointed at same target.

Whit



More information about the Openvas-discuss mailing list