Hello!!
I am having some "issues" with Kali and Openvas on my Raspberry Pi 2.
I have Greenbone up and running, however on a known vulnerable system it picks up nothing. It does recognise the OS but nothing else.
Openvas-check-setup
Code:
Test completeness and readiness of OpenVAS-7
(add '--v4', '--v5', '--v6' or '--v8'
if you want to check for another OpenVAS version)
Please report us any non-detected problems and
help us to improve this check routine:
http://lists.wald.intevation.org/mailman/listinfo/openvas-discuss
Send us the log-file (/tmp/openvas-check-setup.log) to help analyze the problem.
Use the parameter --server to skip checks for client tools
like GSD and OpenVAS-CLI.
Step 1: Checking OpenVAS Scanner ...
OK: OpenVAS Scanner is present in version 4.0.2.
OK: OpenVAS Scanner CA Certificate is present as /var/lib/openvas/CA/cacert.pem.
OK: OpenVAS Scanner server certificate is valid and present as /var/lib/openvas/CA/servercert.pem.
OK: NVT collection in /var/lib/openvas/plugins contains 38308 NVTs.
WARNING: Signature checking of NVTs is not enabled in OpenVAS Scanner.
SUGGEST: Enable signature checking (see http://www.openvas.org/trusted-nvts.html).
OK: The NVT cache in /var/cache/openvas contains 38308 files for 38308 NVTs.
Step 2: Checking OpenVAS Manager ...
OK: OpenVAS Manager is present in version 5.0.2.
OK: OpenVAS Manager client certificate is valid and present as /var/lib/openvas/CA/clientcert.pem.
OK: OpenVAS Manager database found in /var/lib/openvas/mgr/tasks.db.
OK: Access rights for the OpenVAS Manager database are correct.
OK: sqlite3 found, extended checks of the OpenVAS Manager installation enabled.
OK: OpenVAS Manager database is at revision 123.
OK: OpenVAS Manager expects database at revision 123.
OK: Database schema is up to date.
OK: OpenVAS Manager database contains information about 38308 NVTs.
OK: OpenVAS SCAP database found in /var/lib/openvas/scap-data/scap.db.
OK: OpenVAS CERT database found in /var/lib/openvas/cert-data/cert.db.
OK: xsltproc found.
Step 3: Checking user configuration ...
dirname: extra operand `/etc/openvas/openvassd.conf'
Try `dirname --help' for more information.
grep: /pwpolicy.conf: No such file or directory
WARNING: Your password policy is empty.
SUGGEST: Edit the /pwpolicy.conf file to set a password policy.
Step 4: Checking Greenbone Security Assistant (GSA) ...
OK: Greenbone Security Assistant is present in version 5.0.1.
Step 5: Checking OpenVAS CLI ...
OK: OpenVAS CLI version 1.3.0.
Step 6: Checking Greenbone Security Desktop (GSD) ...
SKIP: Skipping check for Greenbone Security Desktop.
Step 7: Checking if OpenVAS services are up and running ...
OK: netstat found, extended checks of the OpenVAS services enabled.
OK: OpenVAS Scanner is running and listening on all interfaces.
OK: OpenVAS Scanner is listening on port 9391, which is the default port.
OK: OpenVAS Manager is running and listening on all interfaces.
OK: OpenVAS Manager is listening on port 9390, which is the default port.
WARNING: Greenbone Security Assistant is running and listening only on the local interface.
This means that you will not be able to access the Greenbone Security Assistant from the
outside using a web browser.
SUGGEST: Ensure that Greenbone Security Assistant listens on all interfaces.
OK: Greenbone Security Assistant is listening on port 9392, which is the default port.
Step 8: Checking nmap installation ...
WARNING: Your version of nmap is not fully supported: 6.47
SUGGEST: You should install nmap 5.51.
Step 9: Checking presence of optional tools ...
OK: pdflatex found.
OK: PDF generation successful. The PDF report format is likely to work.
OK: ssh-keygen found, LSC credential generation for GNU/Linux targets is likely to work.
OK: rpm found, LSC credential package generation for RPM based targets is likely to work.
OK: alien found, LSC credential package generation for DEB based targets is likely to work.
OK: nsis found, LSC credential package generation for Microsoft Windows targets is likely to work.
It seems like your OpenVAS-7 installation is OK.
nbstat -tunap gives
Code:
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address Foreign Address State
tcp 0 0 0.0.0.0:9390 0.0.0.0:* LISTEN
tcp 0 0 0.0.0.0:9391 0.0.0.0:* LISTEN
tcp 0 0 127.0.0.1:9392 0.0.0.0:* LISTEN
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN
tcp 45 0 192.168.1.151:40675 173.194.66.95:443 ESTABLISHED
tcp 0 0 192.168.1.151:41794 216.58.209.226:443 ESTABLISHED
tcp 0 0 192.168.1.151:50890 198.50.203.232:443 ESTABLISHED
tcp 45 0 192.168.1.151:45112 216.58.209.225:443 ESTABLISHED
tcp6 0 0 :::22 :::* LISTEN
udp 0 0 0.0.0.0:53585 0.0.0.0:*
udp 0 0 0.0.0.0:62372 0.0.0.0:*
udp 0 0 0.0.0.0:68 0.0.0.0:*
udp 0 0 0.0.0.0:68 0.0.0.0:*
udp6 0 0 :::54768 :::*
udp6 0 0 :::4700 :::*
If I have a look at the logs
Code:
Documents# tail /var/log/openvas/openvasmd.log
lib serv:WARNING:2015-03-24 15h21.06 utc:18468: Failed to gnutls_bye: Error in the push function.
lib auth: INFO:2015-03-24 15h22.54 utc:18551: Authentication configuration not found.
event task:MESSAGE:2015-03-24 15h28.55 UTC:18689: Task f480766f-cfd2-42c5-9faa-4ea66989257d has been deleted by admin
event task:MESSAGE:2015-03-24 15h29.21 UTC:18698: Status of task (2fe21729-dbe2-466a-a671-8bbc896cc859) has changed to New
event task:MESSAGE:2015-03-24 15h29.24 UTC:18698: Task 2fe21729-dbe2-466a-a671-8bbc896cc859 has been created by admin
event task:MESSAGE:2015-03-24 15h29.44 UTC:18707: Status of task unnamed (2fe21729-dbe2-466a-a671-8bbc896cc859) has changed to Requested
event task:MESSAGE:2015-03-24 15h29.51 UTC:18707: Task 2fe21729-dbe2-466a-a671-8bbc896cc859 has been requested to start by admin
lib serv:WARNING:2015-03-24 15h29.51 UTC:18707: Failed to gnutls_bye: Error in the push function.
event task:MESSAGE:2015-03-24 15h30.15 UTC:18712: Status of task unnamed (2fe21729-dbe2-466a-a671-8bbc896cc859) has changed to Running
event task:MESSAGE:2015-03-24 15h35.37 UTC:18712: Status of task unnamed (2fe21729-dbe2-466a-a671-8bbc896cc859) has changed to Done
The bit in red confuses me as well. Are there any other places I should be looking?