By the way, I do notice your initial mail contains logs with: lib serv: DEBUG:2018-02-22 17h59.10 UTC:22888: Connected to server ‘op4us1opsscan01.domain.net<http://op4us1opsscan01.domain.net/>' port 9393.
My master connects to the slaves using OMP (Type: OMP Slave) on port 9390 on which gvmd is listening. I do not see any option in the slave configuration to set secure of insecure… Thijs Stuurman Security Operations Center | KPN Internedservices B.V. thijs.stuur...@internedservices.nl<mailto:thijs.stuur...@internedservices.nl> | thijs.stuur...@kpn.com<mailto:thijs.stuur...@kpn.com> T: +31(0)299476185 | M: +31(0)624366778 PGP Key-ID: 0x16ADC048 (https://pgp.surfnet.nl/) Fingerprint: 2EDB 9B42 D6E8 7D4B 6E02 8BE5 6D46 8007 16AD C048 W: https://www.internedservices.nl<https://www.internedservices.nl/> | L: https://nl.linkedin.com/in/thijsstuurman Van: Louis Bohm [mailto:lo...@systemgeek.net] Verzonden: vrijdag 23 februari 2018 16:05 Aan: Thijs Stuurman <thijs.stuur...@internedservices.nl> CC: openvas-discuss@wald.intevation.org Onderwerp: Re: [Openvas-discuss] Scanner Master Slave setup I got it working but not sure why. So if I use a username/password and set the credential to allow insecure=yes the client comes back with a 200 response but does nothing. If I change the credential to allow insecure=no the client comes back with: md main: DEBUG:2018-02-23 15h01.16 UTC:25782: -> client: <create_credential_response status="400" status_text="Erroneous private key or associated passphrase"/> but then the scan starts… Very odd. I will have to try the same thing but with the servercert.pem and see if that works. Louis ::::: Louis Bohm - Sr. Systems Engineer Dell TechDirect Certified On Feb 23, 2018, at 9:59 AM, Louis Bohm <lo...@systemgeek.net<mailto:lo...@systemgeek.net>> wrote: That yelled me this on the client but still the scan has not progressed from Requested. Client: lib serv: DEBUG:2018-02-23 14h37.52 utc:25578: Shook hands with peer. md main: DEBUG:2018-02-23 14h37.52 utc:25578: Serving OMP. md main: DEBUG:2018-02-23 14h37.52 utc:25578: <= client Input may contain password, suppressed. md omp: DEBUG:2018-02-23 14h37.52 utc:25578: XML start: authenticate (0) md omp: DEBUG:2018-02-23 14h37.52 utc:25578: client state set: 2 md omp: DEBUG:2018-02-23 14h37.52 utc:25578: XML start: credentials (2) md omp: DEBUG:2018-02-23 14h37.52 utc:25578: client state set: 3 md omp: DEBUG:2018-02-23 14h37.52 utc:25578: XML start: username (3) md omp: DEBUG:2018-02-23 14h37.52 utc:25578: client state set: 5 md omp: DEBUG:2018-02-23 14h37.52 utc:25578: XML text: admin md omp: DEBUG:2018-02-23 14h37.52 utc:25578: XML end: username md omp: DEBUG:2018-02-23 14h37.52 utc:25578: client state set: 3 md omp: DEBUG:2018-02-23 14h37.52 utc:25578: XML start: password (3) md omp: DEBUG:2018-02-23 14h37.52 utc:25578: client state set: 4 md omp: DEBUG:2018-02-23 14h37.52 utc:25578: XML text: ******** md omp: DEBUG:2018-02-23 14h37.52 utc:25578: XML end: password md omp: DEBUG:2018-02-23 14h37.52 utc:25578: client state set: 3 md omp: DEBUG:2018-02-23 14h37.52 utc:25578: XML end: credentials md omp: DEBUG:2018-02-23 14h37.52 utc:25578: client state set: 2 md omp: DEBUG:2018-02-23 14h37.52 utc:25578: XML end: authenticate md main: DEBUG:2018-02-23 14h37.52 UTC:25578: -> client: <authenticate_response status="200" status_text="OK"><role>Admin</role><timezone>UTC</timezone><severity>nist</severity></authenticate_response> md omp: DEBUG:2018-02-23 14h37.52 UTC:25578: client state set: 1 md main: DEBUG:2018-02-23 14h37.52 UTC:25578: => client 144 bytes md main: DEBUG:2018-02-23 14h37.52 UTC:25578: => client done I know the username and password are correct. And the slave even sent a 200 response to the master so why is it not working???? So frustrating. Louis ::::: Louis Bohm - Sr. Systems Engineer Dell TechDirect Certified On Feb 23, 2018, at 7:42 AM, Thijs Stuurman <thijs.stuur...@internedservices.nl<mailto:thijs.stuur...@internedservices.nl>> wrote: Try the /var/lib/openvas/CA/cacert.pem from your slave. Thijs Stuurman Security Operations Center | KPN Internedservices B.V. thijs.stuur...@internedservices.nl<mailto:thijs.stuur...@internedservices.nl> | thijs.stuur...@kpn.com<mailto:thijs.stuur...@kpn.com> T: +31(0)299476185 | M: +31(0)624366778 PGP Key-ID: 0x16ADC048 (https://pgp.surfnet.nl/) Fingerprint: 2EDB 9B42 D6E8 7D4B 6E02 8BE5 6D46 8007 16AD C048 W: https://www.internedservices.nl<https://www.internedservices.nl/> | L: https://nl.linkedin.com/in/thijsstuurman Van: Louis Bohm [mailto:lo...@systemgeek.net] Verzonden: vrijdag 23 februari 2018 13:18 Aan: Thijs Stuurman <thijs.stuur...@internedservices.nl<mailto:thijs.stuur...@internedservices.nl>> CC: openvas-discuss@wald.intevation.org<mailto:openvas-discuss@wald.intevation.org> Onderwerp: Re: [Openvas-discuss] Scanner Master Slave setup According to the doc it says to use: ${CMAKE_INSTALL_PREFIX}"/var/lib/openvas/CA/servercert.pem. On CentOS 7 that turns out to be: /var/lib/openvas/CA/servercert.pem according to openvas-manage-certs -V [root@pci-sec02 ~]# openvas-manage-certs -V OK: Directory for keys (/var/lib/openvas/private/CA) exists. OK: Directory for certificates (/var/lib/openvas/CA) exists. OK: CA key found in /var/lib/openvas/private/CA/cakey.pem OK: CA certificate found in /var/lib/openvas/CA/cacert.pem OK: CA certificate verified. OK: Certificate /var/lib/openvas/CA/servercert.pem verified. OK: Certificate /var/lib/openvas/CA/clientcert.pem verified. Is it not the servercert.pem from the slave openvas host that I am supposed to use? Louis ::::: Louis Bohm - Sr. Systems Engineer Dell TechDirect Certified On Feb 23, 2018, at 5:09 AM, Thijs Stuurman <thijs.stuur...@internedservices.nl<mailto:thijs.stuur...@internedservices.nl>> wrote: My best guess is that you didn’t load in the right CA certificate from your slave at step: CA Certificate: The certificate you gathered from the slave Thijs Stuurman Security Operations Center | KPN Internedservices B.V. thijs.stuur...@internedservices.nl<mailto:thijs.stuur...@internedservices.nl> | thijs.stuur...@kpn.com<mailto:thijs.stuur...@kpn.com> T: +31(0)299476185 | M: +31(0)624366778 PGP Key-ID: 0x16ADC048 (https://pgp.surfnet.nl/) Fingerprint: 2EDB 9B42 D6E8 7D4B 6E02 8BE5 6D46 8007 16AD C048 W: https://www.internedservices.nl<https://www.internedservices.nl/> | L: https://nl.linkedin.com/in/thijsstuurman Van: Openvas-discuss [mailto:openvas-discuss-boun...@wald.intevation.org] Namens Louis Bohm Verzonden: donderdag 22 februari 2018 19:11 Aan: openvas-discuss@wald.intevation.org<mailto:openvas-discuss@wald.intevation.org> Onderwerp: [Openvas-discuss] Scanner Master Slave setup I followed the following doc https://blog.haardiek.org/setup-openvas-as-master-and-slave.html to set up the master slave environment with the exception that I am doing this on CentOS 7 with OpenVAS9. On the master I am getting this: lib serv: DEBUG:2018-02-22 17h59.10 UTC:22888: Connected to server ‘op4us1opsscan01.domain.net<http://op4us1opsscan01.domain.net/>' port 9393. lib serv: DEBUG:2018-02-22 17h59.10 UTC:22888: Shook hands with server 'op4us1opsscan01.domain.net<http://op4us1opsscan01.domain.net/>' port 9393. lib serv:WARNING:2018-02-22 17h59.10 UTC:22888: openvas_server_verify: the certificate is not trusted lib serv:WARNING:2018-02-22 17h59.10 UTC:22888: openvas_server_verify: the certificate hasn't got a known issuer On the client I am getting this: lib serv: DEBUG:2018-02-22 18h05.53 utc:20431: Shook hands with peer. md main: DEBUG:2018-02-22 18h05.53 utc:20431: Serving OMP. But in the GUI all I see is Status: Requested and it never changes. Any idea why this is not working? Louis ::::: Louis Bohm - Sr. Systems Engineer Dell TechDirect Certified
_______________________________________________ Openvas-discuss mailing list Openvas-discuss@wald.intevation.org https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss
