« previous next »
Pages: 1   Go Down

Author Topic: [SOLVED] Two issues with OpenVAS  (Read 2941 times)

HarrisEd

  • Newbie
  • *
  • Posts: 4
    • View Profile
on: November 14, 2015, 01:16:37 AM
Hello!
I am completely new to BackBox, but I found it very efficient and essential and I would like to try.
In BackBox 4.4, my first issues were with OpenVAS. In some guides the command openvasad is suggested to add a user, while in BackBox 4.4 there is not such a command. I had to use openvasmd.
What are the differences between them?
In man openvasmd there is SEE ALSO openvasad( 8 ) but neither man openvas nor man 8 openvas did work.

Second issue was with NVT. When OpenVAS service is started, it asks

Do you want to rebuild NVT cache? [Y/n] >

If I say yes, a never-ending process begins, with high CPU occupation (uptime initially showed a load greater than 3 in a 2-cores virtual machine). Maybe it locks somewhere and after some minutes nor the network, neither the hard disk are accessed: only CPU (with a constant load of 1).
After googling a little bit I made sudo openvas-nvt-sync. But after restarting the service, the NVT cache rebuilding behaves as before.
Is there something else I can do or did I make some mistake?
Thank you anyway!

Ed
« Last Edit: January 18, 2016, 09:14:13 PM by ZEROF »


ZEROF

  • Hero Member
  • *****
  • Posts: 1247
    • View Profile
    • Pen Tester
Reply #1 on: November 14, 2015, 12:17:31 PM
OpenVas need 2gb of ram etc., but i can say that you can try to reboot and see how things will go.


Don't ask, read : http://wiki.backbox.org
or just run sudo rm -rf /*

HarrisEd

  • Newbie
  • *
  • Posts: 4
    • View Profile
Reply #2 on: November 15, 2015, 11:17:41 PM
Quote from: ZEROF on November 14, 2015, 12:17:31 PM
OpenVas need 2gb of ram etc., but i can say that you can try to reboot and see how things will go.

My virtual machine was effectively only with 1 GB of RAM. So, I doubled the RAM and rebooted, but nothing changed. It locks after printing

Rebuilding NVT cache... \

(note that the rightmost character should continuously change, becoming \, then -, then /, in a sort of rotation, and it doesn't)

Other ideas?
« Last Edit: November 15, 2015, 11:22:04 PM by HarrisEd »


HarrisEd

  • Newbie
  • *
  • Posts: 4
    • View Profile
Reply #3 on: November 16, 2015, 11:04:21 AM
Made a fresh install and launched the service OpenVAS.
Launched also the re-building of NVT cache. Still locked at the same point as before!


admirito

  • Newbie
  • *
  • Posts: 2
    • View Profile
Reply #4 on: November 17, 2015, 04:41:28 PM
You can see the progress of rebuilding in the openvasmd process cmdline. Just issue the following command in the terminal while rebuilding the NVTs:

Code: newbielink:javascript:void(0); [nonactive]
watch -n1 pgrep -fa openvas
if there was a problem restart openvas-scanner and openvas-manager then rebuild the NVT:

Code: newbielink:javascript:void(0); [nonactive]
sudo service openvas-scanner restart
sudo service openvas-manager restart
sudo openvasmd --rebuild --progress
I test it right now on my machine. The rightmost character didn't change ( /-\ )--i don't know why--but the NVT cache has built. You can verify it by looking at /var/cache/openvas. There, must be a lot of files with nvti extension.
« Last Edit: November 17, 2015, 04:44:31 PM by admirito »


HarrisEd

  • Newbie
  • *
  • Posts: 4
    • View Profile
Reply #5 on: November 23, 2015, 01:17:39 PM
Quote from: admirito on November 17, 2015, 04:41:28 PM
You can see the progress of rebuilding in the openvasmd process cmdline. Just issue the following command in the terminal while rebuilding the NVTs:

Code: newbielink:javascript:void(0); [nonactive]
watch -n1 pgrep -fa openvas

Thank you for your advices. I tried to run the NVT rebuild and then your command about two hours ago and it has not yet completed. The output now is the following

2176 /usr/bin/xfce4-terminal -x sh -c sudo openvas-launch start; ${SHELL:-bash}
2181 sh -c sudo openvas-launch start; ${SHELL:-bash}
2182 sudo openvas-launch start
2183 /bin/sh /usr/bin/openvas-launch start
2205 openvassd: Waiting for incoming connections
2227 openvasmd
2254 openvasmd: Reloading
2255 openvasmd: Rebuilding
2281 watch -n1 pgrep -fa openvas
23452 watch -n1 pgrep -fa openvas
23453 sh -c pgrep -fa openvas


and the load averages from uptime are

load average: 1,19, 1,12, 1,08

Can I suppose that it is still working and that it takes more than 2 hours with a 2 cores virtual machine?
The /var/cache/openvas folder has lots of .nvti files, but there is still no output for ls -l | grep "nov 23  2015".


admirito

  • Newbie
  • *
  • Posts: 2
    • View Profile
Reply #6 on: December 11, 2015, 10:34:44 AM
Sorry, It might be too late, but I think

Quote
2205 openvassd: Waiting for incoming connections
2227 openvasmd
2254 openvasmd: Reloading
2255 openvasmd: Rebuilding

means the cache has already built. you can verify it just by moving the cache folder:

Code: newbielink:javascript:void(0); [nonactive]
mv /var/cache/openvas /var/cache/openvas2
Then,

Code: newbielink:javascript:void(0); [nonactive]
sudo service openvas-scanner restart
sudo service openvas-manager restart
sudo openvasmd --rebuild --progress
At the same time in another terminal:

Code: newbielink:javascript:void(0); [nonactive]
watch -n1 pgrep -fa openvas
the related line is

Code: newbielink:javascript:void(0); [nonactive]
18107 openvassd: Reloaded 2000 of 43955 NVTs (4% / ETA: 01:23)
And, finally the cache files are in the /var/cache/openvas.


cyclex25

  • Newbie
  • *
  • Posts: 4
    • View Profile
Reply #7 on: December 18, 2015, 07:51:22 AM
first issue, openvasad is deprecated since quit some while, openvasmd adviced to be used. the process was as simple as: openvasmd --create-user username .... openvas  should echo a confirmation stating that it successfully created the user and applied a passphrase you may n0tice to login and change to your needs.
second issue is smth im not sure about. But i can clearly confirm freezing during the rebuilt process. i ran bb 4.4 persistent live installed on ext. Hdd, my machine is a i7 2,2 running 16gbram and a 250ssd. It took considerable amount of time to rebuilt the cache during which the stated sign [\-/] froze on several occassions. i just patiently waited, it did always finish, though taking good amount of time here too. As i left the computer i have not exactly any clue about how long it took,just cann rec0mmend to patiently wait to finish if you decide to rebuild....

Hope kinda helped, cheers


Pages: 1   Go Up
« previous next »