[Openvas-users-de] openvasmd --rebuild --progress --> Rebuilding NVT cache... failed.

Torsten Barg torsten.barg at ksk-stade.com
Mo Jan 18 16:38:27 CET 2016


Hallo zusammen,

wir setze ein OpenVAS v7 auf einem Ubuntu Server v14.04.3 LTS ein. 

Anfang Januar 2016 haben wir turnusmässig die aktuellen Update des Ubuntu
Servers (apt-get update / apt-get upgrade) auf dem System installiert. Als
nächstes haben wir die aktuellen Feeds für OpenVAS heruntergeladen:


#sudo su -

#service openvas-manager stop && service openvas-scanner stop

#/usr/local/sbin/openvas-nvt-sync --wget
#/usr/local/sbin/openvas-scapdata-sync
#/usr/local/sbin/openvas-certdata-sync

#openvassd 

Anschließend wurde der REBUILD für die NVT's angestoßen
# openvasmd --rebuild --progress
… 
Rebuilding NVT cache... |
Rebuilding NVT cache... failed.
Der Rebuild wird mit einem Fehler abgebrochen.


Darauhin haben wir einen Check über die vorhandene Installation laufen lassen.
Alles OK.
++++++++++++++++++++++++
#./openvas-check-setup --v7 –server
  openvas-check-setup 2.2.6
  Test completeness and readiness of OpenVAS-7
  (add '--v4', '--v5', '--v6' or '--v8'
   if you want to check for another OpenVAS version)

  Please report us any non-detected problems and
  help us to improve this check routine:
  http://lists.wald.intevation.org/mailman/listinfo/openvas-discuss

  Send us the log-file (/tmp/openvas-check-setup.log) to help analyze the
problem.

Step 1: Checking OpenVAS Scanner ...
        OK: OpenVAS Scanner is present in version 4.0.5.
        OK: OpenVAS Scanner CA Certificate is present as
/usr/local/var/lib/openvas/CA/cacert.pem.
        OK: NVT collection in /usr/local/var/lib/openvas/plugins contains 45245
NVTs.
        OK: Signature checking of NVTs is enabled in OpenVAS Scanner.
        OK: The NVT cache in /usr/local/var/cache/openvas contains 45245 files
for 45245 NVTs.
Step 2: Checking OpenVAS Manager ...
        OK: OpenVAS Manager is present in version 5.0.8.
        OK: OpenVAS Manager client certificate is present as
/usr/local/var/lib/openvas/CA/clientcert.pem.
        OK: OpenVAS Manager database found in
/usr/local/var/lib/openvas/mgr/tasks.db.
        OK: Access rights for the OpenVAS Manager database are correct.
        OK: sqlite3 found, extended checks of the OpenVAS Manager installation
enabled.
        OK: OpenVAS Manager database is at revision 123.
        OK: OpenVAS Manager expects database at revision 123.
        OK: Database schema is up to date.
        OK: OpenVAS Manager database contains information about 44737 NVTs.
        OK: OpenVAS SCAP database found in
/usr/local/var/lib/openvas/scap-data/scap.db.
        OK: OpenVAS CERT database found in
/usr/local/var/lib/openvas/cert-data/cert.db.
        OK: xsltproc found.
Step 3: Checking user configuration ...
        grep: /usr/local/etc/openvas: Ist ein Verzeichnis
        OK: The password policy file at /usr/local/etc/openvas
/usr/local/etc/openvas/pwpolicy.conf contains entries.
Step 4: Checking Greenbone Security Assistant (GSA) ...
        OK: Greenbone Security Assistant is present in version 5.0.5.
Step 5: Checking OpenVAS CLI ...
        SKIP: Skipping check for OpenVAS CLI.
Step 6: Checking Greenbone Security Desktop (GSD) ...
        SKIP: Skipping check for Greenbone Security Desktop.
Step 7: Checking if OpenVAS services are up and running ...
        OK: netstat found, extended checks of the OpenVAS services enabled.
        OK: OpenVAS Scanner is running and listening on all interfaces.
        OK: OpenVAS Scanner is listening on port 9391, which is the default
port.
        OK: OpenVAS Manager is running and listening on all interfaces.
        OK: OpenVAS Manager is listening on port 9390, which is the default
port.
        OK: Greenbone Security Assistant is running and listening on all
interfaces.
        OK: Greenbone Security Assistant is listening on port 443, which is the
default port.
Step 8: Checking nmap installation ...
        OK: nmap is present in version 5.51.6.
Step 9: Checking presence of optional tools ...
        OK: pdflatex found.
        OK: PDF generation successful. The PDF report format is likely to work.
        OK: ssh-keygen found, LSC credential generation for GNU/Linux targets is
likely to work.
        OK: rpm found, LSC credential package generation for RPM based targets
is likely to work.
        OK: alien found, LSC credential package generation for DEB based targets
is likely to work.
        OK: nsis found, LSC credential package generation for Microsoft Windows
targets is likely to work.

It seems like your OpenVAS-7 installation is OK.
++++++++++++++++++++++++



Das brachte uns somit nicht weiter, also haben wir den CACHE und die FEEDS
gelöscht und den Download erneut duchgeführt.

1. Cache löschen
   #rm -r /usr/local/var/cache/openvas
2. Feeds löschen
   #cd /usr/local/var/lib/openvas
   #rm -r cert-data
   #rm -r plugins
   #rm -r scap-data
3. Ordner scap-data/private wieder erstellen
   #mkdir /usr/local/var/lib/openvas/scap-data
   #mkdir /usr/local/var/lib/openvas/scap-data/private
4. Feeds neu downloaden
   #/usr/local/sbin/openvas-nvt-sync –wget
      [i] Download complete
      [i] Checking dir: ok
      [i] Checking MD5 checksum: ok
   #/usr/local/sbin/openvas-scapdata-sync
      [i] Updating user defined data
      [i] Updating user OVAL definitions
      [i] No user defined OVAL files found
      [i] Cleaning up user OVAL data
      [i] Updating CVSS scores and CVE counts for CPEs
      [i] Updating CVSS scores for OVAL definitions
   #/usr/local/sbin/openvas-certdata-sync
      sent 499 bytes  received 10,724,002 bytes  143,953.03 bytes/sec
      total size is 10,720,948  speedup is 1.00
      [i] Initializing CERT advisory database
      [i] Updating /usr/local/var/lib/openvas/cert-data/dfn-cert-2008.xml
      [i] Updating /usr/local/var/lib/openvas/cert-data/dfn-cert-2009.xml
      [i] Updating /usr/local/var/lib/openvas/cert-data/dfn-cert-2010.xml
      [i] Updating /usr/local/var/lib/openvas/cert-data/dfn-cert-2011.xml
      [i] Updating /usr/local/var/lib/openvas/cert-data/dfn-cert-2012.xml
      [i] Updating /usr/local/var/lib/openvas/cert-data/dfn-cert-2013.xml
      [i] Updating /usr/local/var/lib/openvas/cert-data/dfn-cert-2014.xml
      [i] Updating /usr/local/var/lib/openvas/cert-data/dfn-cert-2015.xml
      [i] Updating /usr/local/var/lib/openvas/cert-data/dfn-cert-2016.xml
      [i] Updating Max CVSS for DFN-CERT
   5. #openvassd && htop
   6. #openvasmd --rebuild –progress
      Rebuilding NVT cache... failed.

Der Rebuild bricht wieder mit ein einem Fehler ab.

In der OPENVASMD.LOG steht folgendes:
...
lib  serv:WARNING:2016-01-18 14h13.28 utc:11635: Failed to shake hands with
peer: The signature algorithm is not supported.
md   main:CRITICAL:2016-01-18 14h13.28 utc:11635: update_or_rebuild_nvt_cache:
failed to connect to scanner
lib  serv:WARNING:2016-01-18 14h13.28 utc:11635:    Failed to gnutls_bye: GnuTLS
internal error.



Kennt jemand die Ursache des Problems und kann mir sagen, wie ich das Problem
beheben kann?


Danke und viele Grüße
T. Barg


Mehr Informationen über die Mailingliste Openvas-users-de