[SOLVED] Two issues with OpenVAS

HarrisEd · November 14, 2015, 01:16:37 AM

Hello!
I am completely new to BackBox, but I found it very efficient and essential and I would like to try.
In BackBox 4.4, my first issues were with OpenVAS. In some guides the command openvasad is suggested to add a user, while in BackBox 4.4 there is not such a command. I had to use openvasmd.
What are the differences between them?
In man openvasmd there is SEE ALSO openvasad( 8 ) but neither man openvas nor man 8 openvas did work.

Second issue was with NVT. When OpenVAS service is started, it asks

Do you want to rebuild NVT cache? [Y/n] >

If I say yes, a never-ending process begins, with high CPU occupation (uptime initially showed a load greater than 3 in a 2-cores virtual machine). Maybe it locks somewhere and after some minutes nor the network, neither the hard disk are accessed: only CPU (with a constant load of 1).
After googling a little bit I made sudo openvas-nvt-sync. But after restarting the service, the NVT cache rebuilding behaves as before.
Is there something else I can do or did I make some mistake?
Thank you anyway!

Ed

ZEROF · November 14, 2015, 12:17:31 PM

OpenVas need 2gb of ram etc., but i can say that you can try to reboot and see how things will go.

HarrisEd · November 15, 2015, 11:17:41 PM

Quote from: ZEROF on November 14, 2015, 12:17:31 PM
OpenVas need 2gb of ram etc., but i can say that you can try to reboot and see how things will go.

My virtual machine was effectively only with 1 GB of RAM. So, I doubled the RAM and rebooted, but nothing changed. It locks after printing

Rebuilding NVT cache... \

(note that the rightmost character should continuously change, becoming \, then -, then /, in a sort of rotation, and it doesn't)

Other ideas?

HarrisEd · November 16, 2015, 11:04:21 AM

Made a fresh install and launched the service OpenVAS.
Launched also the re-building of NVT cache. Still locked at the same point as before!

admirito · November 17, 2015, 04:41:28 PM

You can see the progress of rebuilding in the openvasmd process cmdline. Just issue the following command in the terminal while rebuilding the NVTs:

Code Select

watch -n1 pgrep -fa openvas

if there was a problem restart openvas-scanner and openvas-manager then rebuild the NVT:

Code Select

sudo service openvas-scanner restart
sudo service openvas-manager restart
sudo openvasmd --rebuild --progress

I test it right now on my machine. The rightmost character didn't change ( /-\ )--i don't know why--but the NVT cache has built. You can verify it by looking at /var/cache/openvas. There, must be a lot of files with nvti extension.

HarrisEd · November 23, 2015, 01:17:39 PM

Quote from: admirito on November 17, 2015, 04:41:28 PM
You can see the progress of rebuilding in the openvasmd process cmdline. Just issue the following command in the terminal while rebuilding the NVTs:

Code Select Expand
watch -n1 pgrep -fa openvas

Thank you for your advices. I tried to run the NVT rebuild and then your command about two hours ago and it has not yet completed. The output now is the following

2176 /usr/bin/xfce4-terminal -x sh -c sudo openvas-launch start; ${SHELL:-bash}
2181 sh -c sudo openvas-launch start; ${SHELL:-bash}
2182 sudo openvas-launch start
2183 /bin/sh /usr/bin/openvas-launch start
2205 openvassd: Waiting for incoming connections
2227 openvasmd
2254 openvasmd: Reloading
2255 openvasmd: Rebuilding
2281 watch -n1 pgrep -fa openvas
23452 watch -n1 pgrep -fa openvas
23453 sh -c pgrep -fa openvas

and the load averages from uptime are

load average: 1,19, 1,12, 1,08

Can I suppose that it is still working and that it takes more than 2 hours with a 2 cores virtual machine?
The /var/cache/openvas folder has lots of .nvti files, but there is still no output for ls -l | grep "nov 23 2015".

admirito · December 11, 2015, 10:34:44 AM

Sorry, It might be too late, but I think

Quote2205 openvassd: Waiting for incoming connections
2227 openvasmd
2254 openvasmd: Reloading
2255 openvasmd: Rebuilding

means the cache has already built. you can verify it just by moving the cache folder:

Code Select

mv /var/cache/openvas /var/cache/openvas2

Then,

Code Select

sudo service openvas-scanner restart
sudo service openvas-manager restart
sudo openvasmd --rebuild --progress

At the same time in another terminal:

Code Select

watch -n1 pgrep -fa openvas

the related line is

Code Select

18107 openvassd: Reloaded 2000 of 43955 NVTs (4% / ETA: 01:23)

And, finally the cache files are in the /var/cache/openvas.

cyclex25 · December 18, 2015, 07:51:22 AM

first issue, openvasad is deprecated since quit some while, openvasmd adviced to be used. the process was as simple as: openvasmd --create-user username .... openvas should echo a confirmation stating that it successfully created the user and applied a passphrase you may n0tice to login and change to your needs.
second issue is smth im not sure about. But i can clearly confirm freezing during the rebuilt process. i ran bb 4.4 persistent live installed on ext. Hdd, my machine is a i7 2,2 running 16gbram and a 250ssd. It took considerable amount of time to rebuilt the cache during which the stated sign [\-/] froze on several occassions. i just patiently waited, it did always finish, though taking good amount of time here too. As i left the computer i have not exactly any clue about how long it took,just cann rec0mmend to patiently wait to finish if you decide to rebuild....

Hope kinda helped, cheers