[prev in list] [next in list] [prev in thread] [next in thread]
List: openvas-discuss
Subject: Re: [Openvas-discuss] "Client not present" error in OpenVAS 8
From: Brian Thompson <bthompson () wyetechllc ! com>
Date: 2015-06-19 12:09:01
Message-ID: 1528916113.207853.1434715742117.JavaMail.open-xchange () oxuslxltgw10 ! lxa ! perfora ! net
[Download RAW message or body]
[Attachment #2 (text/html)]
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" \
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml"><head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8"/>
</head><body><p>I was able to solve the issue - thanks all those that helped.  \
</p><p><br></p><p>Note, it turned out it had nothing to do with CentOS 6 - OpenVAS 8 \
should work just fine installed on CentOS 6 so long as you build the libraries in \
/usr/local/... and not /usr/...<br></p><p><br></p><p>Here's the problem / \
solution:<br></p><p><br></p><p>Problem: I was not getting reports from my scans - the \
scans were working (I knew this because of the length of time they were taking and \
the fact that I was seeing "results" - just not "reports" or \
"hosts" in the Asset Management).<br></p><p><br></p><p>Detail: It turns out \
that the report generation code is installed into /share/openvas/.  The /share \
directory (and all sub-directories) are chmod 700.  That seems OK since I'm \
logged in as root and running the "omp" commands as root.  However, the \
report generation process is kicked off as user "99" (AKA: "nobody") \
and that user does not have permissions to access the /share directory tree.  \
<br></p><p><br></p><p>Solution: My solution is low tech (perhaps a developer can \
adjust the build scripts...) all I did was chmod the directory so that others can \
access it:<br></p><p>find /share -type d -exec chmod 755 {} \;<br></p><p>find /share \
-type f -exec chmod og+rX {} \;</p><p>NOTE: once I did this I was able to access the \
reports via "omp" command AND vie the GSA GUI - I didn't even need to \
re-run the scans :)<br></p><p><br></p><p>Those commands open up the /share directory \
structure so that anyone can access the report generation code.  \
<br></p><p><br></p><p>Possible development changes:<br></p><p>- move report code out \
of /share/openvas and into the /var/lib/openvas<br></p><p>- set a mask so that when \
/share is created and files are written into it they have the proper chmod so that \
"nobody" can access them<br></p><p><br></p><p>Brian<br></p><blockquote \
type="cite">On June 16, 2015 at 2:46 PM Eero Volotinen \
<eero.volotinen@iki.fi> wrote:<br><br><div dir="ltr">Redhat uses technique \
called backporting, so hand compling libraries from sources usually breaks system \
totally, if done without proper knowledge as it looks.<div><br></div><div>Please do \
as we told and use centos 7.1 or older version of \
openvas.</div><div><br></div><div>--</div><div>Eero</div></div><div \
class="gmail_extra"><br><div class="gmail_quote">2015-06-16 20:58 GMT+03:00 Brian \
Thompson <<a href="mailto:bthompson@wyetechllc.com" \
target="_blank">bthompson@wyetechllc.com</a>>:<br><blockquote><span \
style="text-decoration: underline;"></span><div><p>That will be my last resort.  \
Our entire shop is CentOS 6, I'd rather not introduce an exception to the \
environment unless I have no other choice.  \
<br></p><p><br></p><p>Brian<br></p><div><div class="h5"><blockquote type="cite">On \
June 16, 2015 at 9:53 AM Eero Volotinen <<a href="mailto:eero.volotinen@iki.fi" \
target="_blank">eero.volotinen@iki.fi</a>> wrote:<br><br><div dir="ltr">How about \
using centos 7 instead of blindy compiling libraries by \
hand.<div><br></div><div>Openvas8 works fine on centos \
7.1<br><div><br></div><div>--</div><div>Eero</div></div></div><div \
class="gmail_extra"><br><div class="gmail_quote">2015-06-16 16:27 GMT+03:00 Brian \
Thompson <<a href="mailto:bthompson@wyetechllc.com" \
target="_blank">bthompson@wyetechllc.com</a>>:<br><blockquote><div><p>When I try \
and attach to an old report I see the following in the \
*md.log<br></p><p><br></p><p>report_severity: max(severity)=0.0<br></p><p>command: \
/bin/sh /share/openvas/openvasmd/global_report_formats/a994b278-1f62-11e1-96ac-406186ea4fc5/generate \
/tmp/openvasmd_T3aKoY/report.xml > /tmp/openvasmd_T3sKoY/report.out 2> \
/dev/null<br></p><p><br></p><p>If I start a new scan I \
see:<br></p><p><br></p><p>Connected to server on socket 15.<br></p><p>Status of task \
Immediate scan of IP openv (<uuid>) has changed to Requested<br></p><p>Task \
<uuid> has been requested to start by admin<br></p><p>Status of task \
Immediate scan of IP openv (UUID) has changed to Running<br></p><p>Failed to shake \
hands with peer: The TLS connection was non-properly \
terminated. </p><p>serve_client: failed to attach client session to socket \
9<br></p><p>Failed to gnutls_bye: GnuTLS internal error.<br></p><p>(Then a bunch of \
"Shook hands with peer." until the job finishes)<br></p><p>Failed to shake \
hands with peer: The TLS connection was non-properly \
terminated.<br></p><p>server_client: failed to attach client session to socket \
9<br></p><p>Failed to gnutls_bye: GnuTLS internal error.<br></p><p>Status of task \
Immediate scan of IP openv (UUID) has changed to Done<br></p><p><br></p><p>I think \
were on to something.  I'm using gnutls-3.2.14 which I compiled myself since \
the CentOS 6 supplied version was too old (2.8.5), but based on the errors above it \
looks like there is something wrong with either the build or the version...Any \
ideas?  Perhaps it's just a linking/path problem (perhaps it's finding \
the older version when it should be finding the compiled files)?<span style="color: \
#888888;"><br></span></p><p><br></p><p>Brian<br></p><div><div><blockquote \
type="cite"><p>On June 16, 2015 at 3:14 AM Michael Meyer <<a \
href="mailto:michael.meyer@greenbone.net" \
target="_blank">michael.meyer@greenbone.net</a>> wrote:<br><br><br>*** Brian \
Thompson wrote:<br><br>> But still no reports generated.<br><br>Set all \
"level" to 128 in "/etc/openvas/openvasmd_log.conf" and \
start<br>manager with "-v". Watch "/var/log/openvas/openvasmd.log" \
when<br>accessing a report. Maybe you'll see something that \
helps.<br><br>Micha<br><br><br>-- <br>Michael Meyer OpenPGP Key: 0xAF069E9152A6EFA6 \
<br><a href="http://www.greenbone.net/" \
target="_blank">http://www.greenbone.net/</a><br>Greenbone Networks GmbH, Neuer \
Graben 17, 49074 Osnabrück | AG<br>Osnabrück, HR B \
202460<br>Geschäftsführer: Lukas Grunwald, Dr. Jan-Oliver \
Wagner<br>_______________________________________________<br>Openvas-discuss mailing \
list<br><a href="mailto:Openvas-discuss@wald.intevation.org" \
target="_blank">Openvas-discuss@wald.intevation.org</a><br><a \
href="https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss" \
target="_blank">https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-dis \
cuss</a><br></p></blockquote></div></div></div><br>_______________________________________________<br> \
Openvas-discuss mailing list<br> <a href="mailto:Openvas-discuss@wald.intevation.org" \
target="_blank">Openvas-discuss@wald.intevation.org</a><br> <a \
href="https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss" \
target="_blank">https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-dis \
cuss</a><br></blockquote></div><br></div></blockquote><p><br> </p></div></div></div></blockquote></div><br></div></blockquote><p><br> </p></body></html>
_______________________________________________
Openvas-discuss mailing list
Openvas-discuss@wald.intevation.org
https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic