LinuxQuestions.org
Review your favorite Linux distribution.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Distributions > Debian
User Name
Password
Debian This forum is for the discussion of Debian Linux.

Notices


Reply
  Search this Thread
Old 12-03-2014, 03:53 PM   #1
TimewarpUK
Member
 
Registered: Dec 2014
Posts: 33

Rep: Reputation: Disabled
OpenVAS 7 Not working


Hi,

I've got a problem when my Kali installation updated OpenVAS to v7:

Code:
apt-get update && apt-get upgrade
My admin username for the web service stopped working.

I have tried everything I can think of to fix this (deleting all OpenVAS users, adding "admin" again, deleting the .db manually, a purge and reinstall) but to no avail. I now get this on openvas-check-setup:

Code:
Step 2: Checking OpenVAS Manager ... 
        OK: OpenVAS Manager is present in version 5.0.2.
        OK: OpenVAS Manager client certificate is present as /var/lib/openvas/CA/clientcert.pem.
        OK: OpenVAS Manager database found in /var/lib/openvas/mgr/tasks.db.
        OK: Access rights for the OpenVAS Manager database are correct.
        OK: sqlite3 found, extended checks of the OpenVAS Manager installation enabled.
        OK: OpenVAS Manager database is at revision 123.
        OK: OpenVAS Manager expects database at revision 123.
        OK: Database schema is up to date.
        ERROR: The number of NVTs in the OpenVAS Manager database is too low.
        FIX: Make sure OpenVAS Scanner is running with an up-to-date NVT collection and run 'openvasmd --rebuild'.
        WARNING: OpenVAS Scanner is NOT running!
        SUGGEST: Start OpenVAS Scanner (openvassd).
If I try starting the scanner I get

Code:
root@kali:/var/log/openvas# openvas-start
Starting OpenVas Services
Starting Greenbone Security Assistant: ERROR.
Starting OpenVAS Scanner: ERROR.
Starting OpenVAS Manager: ERROR.
normally it takes a while for the scanner to start but on this occasion it isn't starting at all.

Checking the Scanner log shows an error that I need to rebuild/update and if I try starting the manager with --update or --rebuild the manager log gives this message:

Code:
Failed to receive data: A TLS packet with unexpected length was received.
I'm happy to remove OpenVAS and completely reinstall it if anyone can advise? Thanks a lot in advance!

Last edited by TimewarpUK; 12-04-2014 at 11:32 AM.
 
Old 12-03-2014, 08:42 PM   #2
widget
Senior Member
 
Registered: Oct 2008
Location: S.E. Montana
Distribution: Debian Testing, Stable, Sid and Manjaro, Mageia 3, LMDE
Posts: 2,628

Rep: Reputation: 496Reputation: 496Reputation: 496Reputation: 496Reputation: 496
I really think you should read this;
http://docs.kali.org/introduction/sh...use-kali-linux

This is intended for use, as is, on an optical disk or a usb stick. It is not intended for installation on a hard drive at all.

To go online with such an install, in single user mode, is similar to having your windows box set up for auto login as Administrator. This is simply a very stupid thing to do.

Are cookies on your web browser, for example, with root permissions a good idea?

If you even think about that question longer than it took to read it you have no business even using Kali on a stick.
 
Old 12-04-2014, 05:10 AM   #3
TimewarpUK
Member
 
Registered: Dec 2014
Posts: 33

Original Poster
Rep: Reputation: Disabled
Thanks, I'm aware of what Kali is. This is in fact a pen testing VM where OpenVAS stopped working. I have another machine where Kali was installed onto the metal and OpenVAS works fine on here as it was updated before OpenVAS was setup.

Don't worry, these machines are used for penetration testing only where none of my online account or personal details are used so cookies would be of little value. Being an information security officer, I take the correct precautions.

So, back to my topic. How can I fix OpenVAS?
 
Old 12-04-2014, 10:28 PM   #4
widget
Senior Member
 
Registered: Oct 2008
Location: S.E. Montana
Distribution: Debian Testing, Stable, Sid and Manjaro, Mageia 3, LMDE
Posts: 2,628

Rep: Reputation: 496Reputation: 496Reputation: 496Reputation: 496Reputation: 496
Well if you read the documentation you will find how to make a custom ISO image including packages you want and the newest upgrades to the system. This would be your best route.

You do not let on how the thing is installed. This might be of some use.

What hardware you are trying to run it on could be useful.

There is a possibility that a persistent partition on the stick might work if you are wanting to go that way. The fact that this is not in any recommendation from the folks at Kali makes me doubt that it is a good idea.
 
Old 12-05-2014, 07:04 AM   #5
TimewarpUK
Member
 
Registered: Dec 2014
Posts: 33

Original Poster
Rep: Reputation: Disabled
Solved. I had to run

Code:
openvas-mkcert-client -n om -i
which I found from this post - this was a different issue but the same error message.

Then I could rebuild the NVT cache:

Code:
# openvasmd --progress --rebuild -v
Rebuilding NVT cache... done.
Checking the log now shows it is successful:

Code:
# tail /var/log/openvas/openvasmd.log 
md   main:   INFO:2014-12-05 11h29.21 utc:5383:    OpenVAS Manager
md   main:   INFO:2014-12-05 11h29.22 utc:5384:    Set to connect to address 127.0.0.1 port 9391
md   main:   INFO:2014-12-05 11h29.22 utc:5384:    Updating NVT cache.
Code:
# tail /var/log/openvas/openvassd.messages
[Fri Dec  5 11:30:45 2014][5386] Communication closed by client 
[Fri Dec  5 11:30:45 2014][5386] Client not present
Now I can successfully log into the web interface and use OpenVAS.
 
Old 12-17-2014, 04:58 AM   #6
TimewarpUK
Member
 
Registered: Dec 2014
Posts: 33

Original Poster
Rep: Reputation: Disabled
Quote:
Originally Posted by widget View Post
I really think you should read this;

To go online with such an install, in single user mode, is similar to having your windows box set up for auto login as Administrator. This is simply a very stupid thing to do.

Are cookies on your web browser, for example, with root permissions a good idea?

If you even think about that question longer than it took to read it you have no business even using Kali on a stick.
http://xkcd.com/1200/
 
Old 02-11-2016, 09:56 AM   #7
usr2033
LQ Newbie
 
Registered: Feb 2016
Posts: 2

Rep: Reputation: Disabled
Hi,

TimewarpUK, i tried your solution but it didn't work for me. On "openvasmd --progress --rebuild -v" step i got "Rebuilding NVT cache... failed." message.


I noticed that says "You will have to copy them by hand" after running "openvas-mkcert-client -n om -i". Where should i copy files created by "openvas-mkcert-client -n om -i" ?
 
Old 02-12-2016, 07:55 AM   #8
TimewarpUK
Member
 
Registered: Dec 2014
Posts: 33

Original Poster
Rep: Reputation: Disabled
Quote:
Originally Posted by usr2033 View Post
Hi,

TimewarpUK, i tried your solution but it didn't work for me. On "openvasmd --progress --rebuild -v" step i got "Rebuilding NVT cache... failed." message.


I noticed that says "You will have to copy them by hand" after running "openvas-mkcert-client -n om -i". Where should i copy files created by "openvas-mkcert-client -n om -i" ?
What does /var/log/openvas/openvasmd.log say?
 
Old 02-15-2016, 09:35 AM   #9
usr2033
LQ Newbie
 
Registered: Feb 2016
Posts: 2

Rep: Reputation: Disabled
Quote:
Originally Posted by TimewarpUK View Post
What does /var/log/openvas/openvasmd.log say?
Says
Failed to shake hands with peer: A TLS packet with unexpected length was received.
serve_client: failed to attach client session to socket 1
Failed to gnutls_bye: GnuTLS internal error.
 
Old 08-18-2017, 05:10 PM   #10
elbandito
LQ Newbie
 
Registered: Aug 2017
Posts: 1

Rep: Reputation: Disabled
I'm digging up this old thread because the solutions I've found online to this problem never worked for me.

In my case openvasmd --rebuild was hanging forever on a brand new Ubuntu VM designated for scanning. An strace showed that a GnuPG process was waiting for entropy.

I ran:

apt-get install rng-tools
apt-get install haveged

This produced enough entropy for the GnuPG process to finish and the rebuild completed in a few seconds. I hope this helps others who run into this problem.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
OpenVas 5 Centos 6 ??? gdizzle Linux - Software 1 12-11-2012 11:49 AM
openvas librairies iby Linux - Newbie 4 08-01-2012 12:31 PM
openvas-scanner szboardstretcher Linux - Software 3 08-10-2011 01:11 PM
OpenVas j0eh4x Linux - Software 1 02-16-2011 02:17 AM
Openvas-manager & openvas-cli Minky Linux - Software 1 04-26-2010 07:59 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - Distributions > Debian

All times are GMT -5. The time now is 06:32 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration