Openvas SCAP and/or CERT database missing on OMP server. [Архив]

Просмотр полной версии : Openvas SCAP and/or CERT database missing on OMP server.

robdollard

30.05.2018, 09:34

Установил Openvas при заходе в админку вылезает такое предупреждение, как я понял не может обновить базу, но решения не нашел.

Warning: SecInfo Database Missing

Выполнил check-setup лог ниже

Код:

openvas-check-setup 2.3.7
Mode: desktop
Date: Wed, 30 May 2018 08:32:02 +0300

Checking for old OpenVAS Scanner
License GPLv2: GNU GPL version 2
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.

Checking OpenVAS Scanner version ...

OK: OpenVAS Scanner is present in version 5.1.1.
plugins_folder = /var/lib/openvas/plugins
cache_folder = /var/cache/openvas
include_folders = /var/lib/openvas/plugins
max_hosts = 30
max_checks = 10
be_nice = no
logfile = /var/log/openvas/openvassd.messages
log_whole_attack = no
log_plugins_name_at_load = no
dumpfile = /var/log/openvas/openvassd.dump
cgi_path = /cgi-bin:/scripts
optimize_test = yes
checks_read_timeout = 5
network_scan = no
non_simult_ports = 139, 445
plugins_timeout = 320
scanner_plugins_timeout = 36000
safe_checks = yes
auto_enable_dependencies = yes
use_mac_addr = no
nasl_no_signature_check = yes
drop_privileges = no
unscanned_closed = yes
unscanned_closed_udp = yes
vhosts =
vhosts_ip =
report_host_details = yes
kb_location = /var/run/redis-openvas/redis-server.sock
timeout_retry = 3
config_file = /etc/openvas/openvassd.conf
Checking presence of redis ...
OK: redis-server is present in version v=4.0.9.

Checking if redis-server is configured properly to run with openVAS ...
OK: scanner (kb_location setting) is configured properly using the redis-server socket: /var/run/redis-openvas/redis-server.sock
Checking if redis-server is running ...
OK: redis-server is running and listening on socket: /var/run/redis-openvas/redis-server.sock.
OK: redis-server configuration is OK and redis-server is running.

Checking NVT collection ...

OK: NVT collection in /var/lib/openvas/plugins contains 45187 NVTs.
Checking status of signature checking in OpenVAS Scanner ...
WARNING: Signature checking of NVTs is not enabled in OpenVAS Scanner.
SUGGEST: Enable signature checking (see http://www.openvas.org/trusted-nvts.html).

OK: The NVT cache in /var/cache/openvas contains 45187 files for 45187 NVTs.

Checking presence of OpenVAS Manager ...
OpenVAS Manager 7.0.2
Manager DB revision 184
Copyright (C) 2010-2016 Greenbone Networks GmbH
License GPLv2+: GNU GPL version 2 or later
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.

OK: OpenVAS Manager is present in version 7.0.2.
Checking OpenVAS Manager database ...

OK: OpenVAS Manager database found in /var/lib/openvas/mgr/tasks.db.
Checking access rights of OpenVAS Manager database ...

OK: Access rights for the OpenVAS Manager database are correct.
Checking sqlite3 presence ...
OK: sqlite3 found, extended checks of the OpenVAS Manager installation enabled.

Checking OpenVAS Manager database revision ...
OK: OpenVAS Manager database is at revision 184.
Checking database revision expected by OpenVAS Manager ...
OK: OpenVAS Manager expects database at revision 184.
OK: Database schema is up to date.
Checking OpenVAS Manager database (NVT data) ...
OK: OpenVAS Manager database contains information about 45183 NVTs.
Checking if users exist ...
OK: At least one user exists.

Checking OpenVAS SCAP database ...
ERROR: No OpenVAS SCAP database found. (Tried: /var/lib/openvas/scap-data/scap.db)
FIX: Run a SCAP synchronization script like greenbone-scapdata-sync.

хотелось бы найти решение без переустановки Openvas, есть ли решение?

pr0phet

30.05.2018, 09:43

robdollard сказал(а):

Установил Openvas при заходе в админку вылезает такое предупреждение, как я понял не может обновить базу, но решения не нашел.

Warning: SecInfo Database Missing

Выполнил check-setup лог ниже

Код:

openvas-check-setup 2.3.7
Mode: desktop
Date: Wed, 30 May 2018 08:32:02 +0300

Checking for old OpenVAS Scanner
License GPLv2: GNU GPL version 2
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.

Checking OpenVAS Scanner version ...

OK: OpenVAS Scanner is present in version 5.1.1.
plugins_folder = /var/lib/openvas/plugins
cache_folder = /var/cache/openvas
include_folders = /var/lib/openvas/plugins
max_hosts = 30
max_checks = 10
be_nice = no
logfile = /var/log/openvas/openvassd.messages
log_whole_attack = no
log_plugins_name_at_load = no
dumpfile = /var/log/openvas/openvassd.dump
cgi_path = /cgi-bin:/scripts
optimize_test = yes
checks_read_timeout = 5
network_scan = no
non_simult_ports = 139, 445
plugins_timeout = 320
scanner_plugins_timeout = 36000
safe_checks = yes
auto_enable_dependencies = yes
use_mac_addr = no
nasl_no_signature_check = yes
drop_privileges = no
unscanned_closed = yes
unscanned_closed_udp = yes
vhosts =
vhosts_ip =
report_host_details = yes
kb_location = /var/run/redis-openvas/redis-server.sock
timeout_retry = 3
config_file = /etc/openvas/openvassd.conf
Checking presence of redis ...
OK: redis-server is present in version v=4.0.9.

Checking if redis-server is configured properly to run with openVAS ...
OK: scanner (kb_location setting) is configured properly using the redis-server socket: /var/run/redis-openvas/redis-server.sock
Checking if redis-server is running ...
OK: redis-server is running and listening on socket: /var/run/redis-openvas/redis-server.sock.
OK: redis-server configuration is OK and redis-server is running.

Checking NVT collection ...

OK: NVT collection in /var/lib/openvas/plugins contains 45187 NVTs.
Checking status of signature checking in OpenVAS Scanner ...
WARNING: Signature checking of NVTs is not enabled in OpenVAS Scanner.
SUGGEST: Enable signature checking (see http://www.openvas.org/trusted-nvts.html).

OK: The NVT cache in /var/cache/openvas contains 45187 files for 45187 NVTs.

Checking presence of OpenVAS Manager ...
OpenVAS Manager 7.0.2
Manager DB revision 184
Copyright (C) 2010-2016 Greenbone Networks GmbH
License GPLv2+: GNU GPL version 2 or later
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.

OK: OpenVAS Manager is present in version 7.0.2.
Checking OpenVAS Manager database ...

OK: OpenVAS Manager database found in /var/lib/openvas/mgr/tasks.db.
Checking access rights of OpenVAS Manager database ...

OK: Access rights for the OpenVAS Manager database are correct.
Checking sqlite3 presence ...
OK: sqlite3 found, extended checks of the OpenVAS Manager installation enabled.

Checking OpenVAS Manager database revision ...
OK: OpenVAS Manager database is at revision 184.
Checking database revision expected by OpenVAS Manager ...
OK: OpenVAS Manager expects database at revision 184.
OK: Database schema is up to date.
Checking OpenVAS Manager database (NVT data) ...
OK: OpenVAS Manager database contains information about 45183 NVTs.
Checking if users exist ...
OK: At least one user exists.

Checking OpenVAS SCAP database ...
ERROR: No OpenVAS SCAP database found. (Tried: /var/lib/openvas/scap-data/scap.db)
FIX: Run a SCAP synchronization script like greenbone-scapdata-sync.

хотелось бы найти решение без переустановки Openvas, есть ли решение?

Вы пробовали делать то,что советует сделать сканер?
greenbone-scapdata-sync

robdollard

30.05.2018, 10:03

Да я выполнил рекомендации, но ошибка остается

https://forum.antichat.xyz/attachments/28989064/img_c46a709ac0.png

pr0phet

30.05.2018, 10:17

robdollard сказал(а):

Да я выполнил рекомендации, но ошибка остается

Так же можно попробовать:
greenbone-certdata-sync
greenbone-scapdata-syn
Если не поможет проще переустановить:
apt-get purge openvas
apt-get install openvas
openvas-setup
Вы ничего не потеряете. Все настройки и сканы сохранятся.

robdollard

30.05.2018, 11:10

p.r0phe.t сказал(а):

Вы пробовали делать то,что советует сделать сканер?
greenbone-scapdata-sync

p.r0phe.t сказал(а):

Так же можно попробовать:
greenbone-certdata-sync
greenbone-scapdata-syn
Если не поможет проще переустановить:
apt-get purge openvas
apt-get install openvas
openvas-setup
Вы ничего не потеряете. Все настройки и сканы сохранятся.

Благодарю, как я понял после выполнения команд которые вы написали база создалась, просто уведомление не исчезает, а так все работает коректно. Спасибо за помощь.

1984

07.09.2020, 13:01

При запуске Openvas на Kali Linux получаю ошибку:

Код:

greenbone-security-assistant.service: Failed with result 'exit-code'.

При этом не удается залогиниться, получаю ошибку: Unknown Error

Лог при запуске команды gvm-check-setup чистый

Код:

gvm-check-setup 1.0.0
Test completeness and readiness of GVM-11
Step 1: Checking OpenVAS (Scanner)...
OK: OpenVAS Scanner is present in version 7.0.1.
OK: Server CA Certificate is present as /var/lib/gvm/CA/servercert.pem.
Checking permissions of /var/lib/openvas/gnupg/*
OK: _gvm owns all files in /var/lib/openvas/gnupg
OK: redis-server is present.
OK: scanner (db_address setting) is configured properly using the redis-server socket: /var/run/redis-openvas/redis-server.sock
OK: redis-server is running and listening on socket: /var/run/redis-openvas/redis-server.sock.
OK: redis-server configuration is OK and redis-server is running.
OK: _gvm owns all files in /var/lib/openvas/plugins
OK: NVT collection in /var/lib/openvas/plugins contains 61819 NVTs.
Checking that the obsolete redis database has been removed
OK: No old Redis DB
OK: OpenVAS Scanner is present in version 1.0.1.
Step 2: Checking GVMD Manager ...
OK: GVM Manager (gvmd) is present in version 9.0.1.
Step 3: Checking Certificates ...
OK: GVM client certificate is valid and present as /var/lib/gvm/CA/clientcert.pem.
OK: Your GVM certificate infrastructure passed validation.
Step 4: Checking data ...
OK: SCAP data found in /var/lib/gvm/scap-data.
OK: CERT data found in /var/lib/gvm/cert-data.
Step 5: Checking Postgresql DB and user ...
OK: Postgresql version and default port are OK.
could not change directory to "/root": Permission denied
gvmd | _gvm | UTF8 | en_US.UTF-8 | en_US.UTF-8 |
OK: At least one user exists.
Step 6: Checking Greenbone Security Assistant (GSA) ...
Oops, secure memory pool already initialized
OK: Greenbone Security Assistant is present in version 9.0.1.
Step 7: Checking if GVM services are up and running ...
Starting ospd-openvas service
Waiting for ospd-openvas service
OK: ospd-openvas service is active.
Starting gvmd service
Waiting for gvmd service
OK: gvmd service is active.
Starting greenbone-security-assistant service
Waiting for greenbone-security-assistant service
OK: greenbone-security-assistant service is active.
Step 8: Checking GVM database ...
could not change directory to "/root": Permission denied
OK: portnames are in database.
Step 9: Checking few other requirements...
OK: nmap is present in version 9.0.1.
OK: ssh-keygen found, LSC credential generation for GNU/Linux targets is likely to work.
OK: nsis found, LSC credential package generation for Microsoft Windows targets is likely to work.
OK: xsltproc found.
OK: The password policy file at /etc/gvm/pwpolicy.conf contains entries.

It seems like your GVM-11 installation is OK.

Может кто сталкивался?

Переустановка не помогла.