[Openvas-discuss] Long delay when adding first credential
bperry.volatile at gmail.com
Thu Jul 16 17:43:28 CEST 2015
If there isn't a lot of entropy during key generation on the system, it can
take a long time to create strong RSA keys for encrypting the credentials
on the system.
On Thu, Jul 16, 2015 at 10:41 AM, Wesley Botham <wesley at semcat.net> wrote:
> I just set up OpenVAS 8 in an Ubuntu 14.04 VM. I ran openvas-check-setup
> 2.3.1 and it looks fine (http://pastebin.com/mjAm2pYu). I also ran an
> immediate scan on 127.0.0.1, which finished quickly and successfully.
> Then I added a key via Configuration -> Targets -> Credentials. After
> clicking Create Credential, the page hangs. It took 16 minutes to finish,
> according to the logs:
> md crypt: INFO:2015-07-16 14h09.41 UTC:25498: starting key generation
> md crypt: INFO:2015-07-16 14h25.30 UTC:25498: OpenPGP key 'OpenVAS
> Credential Encryption' has been generated
> I didn't know what was happening, so I opened another Greenbone tab and
> tried to run an immediate scan, which did not start until after the key
> generation finished.
> While generating the key, openvas-check-setup also hangs upon running
> `openvasmd --get-users`, resulting in the following output:
> openvas-check-setup 2.3.1
> Test completeness and readiness of OpenVAS-8
> (add '--v6' or '--v7' or '--v9'
> if you want to check for another OpenVAS version)
> Please report us any non-detected problems and
> help us to improve this check routine:
> Send us the log-file (/tmp/openvas-check-setup.log) to help analyze the
> Use the parameter --server to skip checks for client tools
> like GSD and OpenVAS-CLI.
> Step 1: Checking OpenVAS Scanner ...
> OK: OpenVAS Scanner is present in version 5.0.3.
> OK: OpenVAS Scanner CA Certificate is present as
> OK: redis-server is present in version v=2.8.4.
> OK: scanner (kb_location setting) is configured properly using the
> redis-server socket: /tmp/redis.sock
> OK: redis-server is running and listening on socket:
> OK: redis-server configuration is OK and redis-server is running.
> OK: NVT collection in /usr/local/var/lib/openvas/plugins contains
> 39767 NVTs.
> WARNING: Signature checking of NVTs is not enabled in OpenVAS
> SUGGEST: Enable signature checking (see
> OK: The NVT cache in /usr/local/var/cache/openvas contains 39767
> files for 39767 NVTs.
> Step 2: Checking OpenVAS Manager ...
> OK: OpenVAS Manager is present in version 6.0.3.
> OK: OpenVAS Manager client certificate is present as
> OK: OpenVAS Manager database found in
> OK: Access rights for the OpenVAS Manager database are correct.
> This happens whenever I set up a new instance of OpenVAS. It only happens
> once; if I add a second credential, it succeeds immediately.
> What could be causing this one-time 16-minute delay? Is there a startup
> process in the background that delays other actions until it finishes? Is
> it (as it seems) triggered by my first attempt to add a credential? Is
> there something I can do to front-load this process or monitor it? (I can
> live with the delay, but ideally I want my bootstrap scripts to handle it
> or at least to make it transparent to the next user of my VM.)
> *-- *
> *Wesley J. Botham* | Software Developer, U.S. Rating
> *Applied Systems, Inc.*
> www.appliedsystems.com | wesley at semcat.net
> Openvas-discuss mailing list
> Openvas-discuss at wald.intevation.org
http://volatile-minds.blogspot.com -- blog
http://www.volatileminds.net -- website
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Openvas-discuss