DebianThis forum is for the discussion of Debian Linux.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
I've got a problem when my Kali installation updated OpenVAS to v7:
Code:
apt-get update && apt-get upgrade
My admin username for the web service stopped working.
I have tried everything I can think of to fix this (deleting all OpenVAS users, adding "admin" again, deleting the .db manually, a purge and reinstall) but to no avail. I now get this on openvas-check-setup:
Code:
Step 2: Checking OpenVAS Manager ...
OK: OpenVAS Manager is present in version 5.0.2.
OK: OpenVAS Manager client certificate is present as /var/lib/openvas/CA/clientcert.pem.
OK: OpenVAS Manager database found in /var/lib/openvas/mgr/tasks.db.
OK: Access rights for the OpenVAS Manager database are correct.
OK: sqlite3 found, extended checks of the OpenVAS Manager installation enabled.
OK: OpenVAS Manager database is at revision 123.
OK: OpenVAS Manager expects database at revision 123.
OK: Database schema is up to date.
ERROR: The number of NVTs in the OpenVAS Manager database is too low.
FIX: Make sure OpenVAS Scanner is running with an up-to-date NVT collection and run 'openvasmd --rebuild'.
WARNING: OpenVAS Scanner is NOT running!
SUGGEST: Start OpenVAS Scanner (openvassd).
normally it takes a while for the scanner to start but on this occasion it isn't starting at all.
Checking the Scanner log shows an error that I need to rebuild/update and if I try starting the manager with --update or --rebuild the manager log gives this message:
Code:
Failed to receive data: A TLS packet with unexpected length was received.
I'm happy to remove OpenVAS and completely reinstall it if anyone can advise? Thanks a lot in advance!
Last edited by TimewarpUK; 12-04-2014 at 10:32 AM.
This is intended for use, as is, on an optical disk or a usb stick. It is not intended for installation on a hard drive at all.
To go online with such an install, in single user mode, is similar to having your windows box set up for auto login as Administrator. This is simply a very stupid thing to do.
Are cookies on your web browser, for example, with root permissions a good idea?
If you even think about that question longer than it took to read it you have no business even using Kali on a stick.
Thanks, I'm aware of what Kali is. This is in fact a pen testing VM where OpenVAS stopped working. I have another machine where Kali was installed onto the metal and OpenVAS works fine on here as it was updated before OpenVAS was setup.
Don't worry, these machines are used for penetration testing only where none of my online account or personal details are used so cookies would be of little value. Being an information security officer, I take the correct precautions.
Distribution: Debian Testing, Stable, Sid and Manjaro, Mageia 3, LMDE
Posts: 2,628
Rep:
Well if you read the documentation you will find how to make a custom ISO image including packages you want and the newest upgrades to the system. This would be your best route.
You do not let on how the thing is installed. This might be of some use.
What hardware you are trying to run it on could be useful.
There is a possibility that a persistent partition on the stick might work if you are wanting to go that way. The fact that this is not in any recommendation from the folks at Kali makes me doubt that it is a good idea.
# tail /var/log/openvas/openvasmd.log
md main: INFO:2014-12-05 11h29.21 utc:5383: OpenVAS Manager
md main: INFO:2014-12-05 11h29.22 utc:5384: Set to connect to address 127.0.0.1 port 9391
md main: INFO:2014-12-05 11h29.22 utc:5384: Updating NVT cache.
Code:
# tail /var/log/openvas/openvassd.messages
[Fri Dec 5 11:30:45 2014][5386] Communication closed by client
[Fri Dec 5 11:30:45 2014][5386] Client not present
Now I can successfully log into the web interface and use OpenVAS.
To go online with such an install, in single user mode, is similar to having your windows box set up for auto login as Administrator. This is simply a very stupid thing to do.
Are cookies on your web browser, for example, with root permissions a good idea?
If you even think about that question longer than it took to read it you have no business even using Kali on a stick.
TimewarpUK, i tried your solution but it didn't work for me. On "openvasmd --progress --rebuild -v" step i got "Rebuilding NVT cache... failed." message.
I noticed that says "You will have to copy them by hand" after running "openvas-mkcert-client -n om -i". Where should i copy files created by "openvas-mkcert-client -n om -i" ?
TimewarpUK, i tried your solution but it didn't work for me. On "openvasmd --progress --rebuild -v" step i got "Rebuilding NVT cache... failed." message.
I noticed that says "You will have to copy them by hand" after running "openvas-mkcert-client -n om -i". Where should i copy files created by "openvas-mkcert-client -n om -i" ?
Says
Failed to shake hands with peer: A TLS packet with unexpected length was received.
serve_client: failed to attach client session to socket 1
Failed to gnutls_bye: GnuTLS internal error.
I'm digging up this old thread because the solutions I've found online to this problem never worked for me.
In my case openvasmd --rebuild was hanging forever on a brand new Ubuntu VM designated for scanning. An strace showed that a GnuPG process was waiting for entropy.
I ran:
apt-get install rng-tools
apt-get install haveged
This produced enough entropy for the GnuPG process to finish and the rebuild completed in a few seconds. I hope this helps others who run into this problem.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.
