[Openvas-discuss] Long delay when adding first credential

Brandon Perry bperry.volatile at gmail.com
Thu Jul 16 17:43:28 CEST 2015


If there isn't a lot of entropy during key generation on the system, it can
take a long time to create strong RSA keys for encrypting the credentials
on the system.

On Thu, Jul 16, 2015 at 10:41 AM, Wesley Botham <wesley at semcat.net> wrote:

>  I just set up OpenVAS 8 in an Ubuntu 14.04 VM. I ran openvas-check-setup
> 2.3.1 and it looks fine (http://pastebin.com/mjAm2pYu). I also ran an
> immediate scan on 127.0.0.1, which finished quickly and successfully.
>
> Then I added a key via Configuration -> Targets -> Credentials. After
> clicking Create Credential, the page hangs. It took 16 minutes to finish,
> according to the logs:
>
> md  crypt:   INFO:2015-07-16 14h09.41 UTC:25498: starting key generation
> ...
> md  crypt:   INFO:2015-07-16 14h25.30 UTC:25498: OpenPGP key 'OpenVAS
> Credential Encryption' has been generated
>
> I didn't know what was happening, so I opened another Greenbone tab and
> tried to run an immediate scan, which did not start until after the key
> generation finished.
>
> While generating the key, openvas-check-setup also hangs upon running
> `openvasmd --get-users`, resulting in the following output:
>
> openvas-check-setup 2.3.1
>  Test completeness and readiness of OpenVAS-8
>  (add '--v6' or '--v7' or '--v9'
>   if you want to check for another OpenVAS version)
>  Please report us any non-detected problems and
>  help us to improve this check routine:
>  http://lists.wald.intevation.org/mailman/listinfo/openvas-discuss
>  Send us the log-file (/tmp/openvas-check-setup.log) to help analyze the
> problem.
>  Use the parameter --server to skip checks for client tools
>  like GSD and OpenVAS-CLI.
> Step 1: Checking OpenVAS Scanner ...
>        OK: OpenVAS Scanner is present in version 5.0.3.
>        OK: OpenVAS Scanner CA Certificate is present as
> /usr/local/var/lib/openvas/CA/cacert.pem.
>        OK: redis-server is present in version v=2.8.4.
>        OK: scanner (kb_location setting) is configured properly using the
> redis-server socket: /tmp/redis.sock
>        OK: redis-server is running and listening on socket:
> /tmp/redis.sock.
>        OK: redis-server configuration is OK and redis-server is running.
>        OK: NVT collection in /usr/local/var/lib/openvas/plugins contains
> 39767 NVTs.
>        WARNING: Signature checking of NVTs is not enabled in OpenVAS
> Scanner.
>        SUGGEST: Enable signature checking (see
> http://www.openvas.org/trusted-nvts.html).
>        OK: The NVT cache in /usr/local/var/cache/openvas contains 39767
> files for 39767 NVTs.
> Step 2: Checking OpenVAS Manager ...
>        OK: OpenVAS Manager is present in version 6.0.3.
>        OK: OpenVAS Manager client certificate is present as
> /usr/local/var/lib/openvas/CA/clientcert.pem.
>        OK: OpenVAS Manager database found in
> /usr/local/var/lib/openvas/mgr/tasks.db.
>        OK: Access rights for the OpenVAS Manager database are correct.
>
> This happens whenever I set up a new instance of OpenVAS. It only happens
> once; if I add a second credential, it succeeds immediately.
>
> What could be causing this one-time 16-minute delay? Is there a startup
> process in the background that delays other actions until it finishes? Is
> it (as it seems) triggered by my first attempt to add a credential? Is
> there something I can do to front-load this process or monitor it? (I can
> live with the delay, but ideally I want my bootstrap scripts to handle it
> or at least to make it transparent to the next user of my VM.)
>
> Thanks!
>
> *-- *
> *Wesley J. Botham* | Software Developer, U.S. Rating
> *Applied Systems, Inc.*
> www.appliedsystems.com | wesley at semcat.net
>
>
> _______________________________________________
> Openvas-discuss mailing list
> Openvas-discuss at wald.intevation.org
> https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss
>



-- 
http://volatile-minds.blogspot.com -- blog
http://www.volatileminds.net -- website
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.wald.intevation.org/pipermail/openvas-discuss/attachments/20150716/967cbb57/attachment.html>


More information about the Openvas-discuss mailing list