[Openvas-discuss] Long delay when adding first credential

Winfried Neessen neessen at cleverbridge.com
Thu Jul 16 17:45:24 CEST 2015


http://www.issihosts.com/haveged/ can help here. 

> From: "Brandon Perry" <bperry.volatile at gmail.com>
> To: "Wesley Botham" <wesley at semcat.net>
> Cc: "openvas-discuss" <openvas-discuss at wald.intevation.org>
> Sent: Thursday, July 16, 2015 5:43:28 PM
> Subject: Re: [Openvas-discuss] Long delay when adding first credential

> If there isn't a lot of entropy during key generation on the system, it can take
> a long time to create strong RSA keys for encrypting the credentials on the
> system.

> On Thu, Jul 16, 2015 at 10:41 AM, Wesley Botham < wesley at semcat.net > wrote:

>> I just set up OpenVAS 8 in an Ubuntu 14.04 VM. I ran openvas-check-setup 2.3.1
>> and it looks fine ( http://pastebin.com/mjAm2pYu ). I also ran an immediate
>> scan on 127.0.0.1, which finished quickly and successfully.

>> Then I added a key via Configuration -> Targets -> Credentials. After clicking
>> Create Credential, the page hangs. It took 16 minutes to finish, according to
>> the logs:

>>> md crypt: INFO:2015-07-16 14h09.41 UTC:25498: starting key generation ...
>>> md crypt: INFO:2015-07-16 14h25.30 UTC:25498: OpenPGP key 'OpenVAS Credential
>>> Encryption' has been generated

>> I didn't know what was happening, so I opened another Greenbone tab and tried to
>> run an immediate scan, which did not start until after the key generation
>> finished.

>> While generating the key, openvas-check-setup also hangs upon running `openvasmd
>> --get-users`, resulting in the following output:

>>> openvas-check-setup 2.3.1
>>> Test completeness and readiness of OpenVAS-8
>>> (add '--v6' or '--v7' or '--v9'
>>> if you want to check for another OpenVAS version)
>>> Please report us any non-detected problems and
>>> help us to improve this check routine:
>>> http://lists.wald.intevation.org/mailman/listinfo/openvas-discuss
>>> Send us the log-file (/tmp/openvas-check-setup.log) to help analyze the problem.
>>> Use the parameter --server to skip checks for client tools
>>> like GSD and OpenVAS-CLI.
>>> Step 1: Checking OpenVAS Scanner ...
>>> OK: OpenVAS Scanner is present in version 5.0.3.
>>> OK: OpenVAS Scanner CA Certificate is present as
>>> /usr/local/var/lib/openvas/CA/cacert.pem.
>>> OK: redis-server is present in version v=2.8.4.
>>> OK: scanner (kb_location setting) is configured properly using the redis-server
>>> socket: /tmp/redis.sock
>>> OK: redis-server is running and listening on socket: /tmp/redis.sock.
>>> OK: redis-server configuration is OK and redis-server is running.
>>> OK: NVT collection in /usr/local/var/lib/openvas/plugins contains 39767 NVTs.
>>> WARNING: Signature checking of NVTs is not enabled in OpenVAS Scanner.
>>> SUGGEST: Enable signature checking (see http://www.openvas.org/trusted-nvts.html
>>> ).
>>> OK: The NVT cache in /usr/local/var/cache/openvas contains 39767 files for 39767
>>> NVTs.
>>> Step 2: Checking OpenVAS Manager ...
>>> OK: OpenVAS Manager is present in version 6.0.3.
>>> OK: OpenVAS Manager client certificate is present as
>>> /usr/local/var/lib/openvas/CA/clientcert.pem.
>>> OK: OpenVAS Manager database found in /usr/local/var/lib/openvas/mgr/tasks.db.
>>> OK: Access rights for the OpenVAS Manager database are correct.

>> This happens whenever I set up a new instance of OpenVAS. It only happens once;
>> if I add a second credential, it succeeds immediately.

>> What could be causing this one-time 16-minute delay? Is there a startup process
>> in the background that delays other actions until it finishes? Is it (as it
>> seems) triggered by my first attempt to add a credential? Is there something I
>> can do to front-load this process or monitor it? (I can live with the delay,
>> but ideally I want my bootstrap scripts to handle it or at least to make it
>> transparent to the next user of my VM.)

>> Thanks!

>> --
>> Wesley J. Botham | Software Developer, U.S. Rating
>> Applied Systems, Inc.
>> www.appliedsystems.com | wesley at semcat.net

>> _______________________________________________
>> Openvas-discuss mailing list
>> Openvas-discuss at wald.intevation.org
>> https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss

> --
> http://volatile-minds.blogspot.com -- blog
> http://www.volatileminds.net -- website

> _______________________________________________
> Openvas-discuss mailing list
> Openvas-discuss at wald.intevation.org
> https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.wald.intevation.org/pipermail/openvas-discuss/attachments/20150716/902580d4/attachment.html>


More information about the Openvas-discuss mailing list