GMP Scanner

NotMrNod · April 17, 2019, 10:14am

Hi everyone,

I want to make a Master-Sensor setup using the GVM-10. I already did this setup with the GVM-9 using OMP slave and the Sven Haardiek tutorial and it was working.

With the GVM-10, I used the GMP Scanner, but there’s no way to setup the port or the certificat by the GSA interface.

So I changed the listening port on the sensor:

0.0.0.0:9391 0.0.0.0:* LISTEN 591/gvmd: Waiting for incoming connections

Then I created a “slave” user on the sensor and I try my luck starting a scan using my sensor as the scanner:

gvmd.log on master:
gvm_server_verify: the certificate is not trusted
gvm_server_verify: the certificate hasn't got a known issuer
slave_connect: failed to open connection to xxxxx on 9391

gvmd.log on sensor:
read_from_client_tls: failed to read from client: The TLS connection was non-properly terminated.

So I guess that there is a certificate issue, could you please give me an hint ?

NotMrNod

falk · April 22, 2019, 8:10pm

Hi @NotMrNod,

Have you made any progress in this matter?
I’m starting the same journey as you.

–
Regards Falk

gadget · April 23, 2019, 4:29am

I finally managed to solve the problem.

problem 1 :
as soon as I exposed gvmd on port 9391 in listening on 0.0.0.0.0 gsa indicated a GMP down message to solve this you have to start gsad with the following options
--mlisten=0.0.0.0.0.0 --mport=9391

problem 2 :

the GMP master does not work because when creating the GMP scanner in gsa IU the CA certificate is not required. So when we launch the command to the slave it does not authenticate the master
to solve this strangely, I had to do it via the gvmd

gvmd --modify-scanner=scannerID --scanner-ca-pub=/path/of/slave-cacert.pem

note: you must also create a user other than admin with the admin role on the stopover for this to work properly.

gadget · April 23, 2019, 6:19am

By the way, maybe I should make a request on the git so that the addition of the CA certificate of the slave can be added when creating a GMP scanner.

Another thing I noticed as I followed the documentation is that it is not possible with gvmd to create a GMP scanner but rather OpenVAS type scanners or OSP type scanners it is still a pity since it is possible on gsa

gadget · April 23, 2019, 6:20am

Hopefully this will help others to avoid a lot of trouble to set up an openVAS master/slave

NotMrNod · April 23, 2019, 7:00am

Hi @falk

I tried to changed the certificate of the scanner with gvmd --modify-scanner but it failed. I did a tcpdump of the communication between the master and the slave and it confirm that there is a problem of certificate.

Hi @gadget

Thanks a lot for your feedback on this ! I’ll try this asap.
I did not install gsa on the slave as I only need an UI on the master… I don’t really understand why gsad should listen rather that gvmd .
I’ll give you my feedback when it’s setup ! Thanks

gadget · April 23, 2019, 8:34am

It’s true that my English is not very understandable

GSAD is indeed not mandatory it only allowed me to be able to make configurations (creation user) more easily.
The problem is that when you expose gvmd on port 9391 gsad it looks like a deal because gsa is configured to listen on a socket.

And for the scanner it is necessary to have previously created the GMP scanner on gsa
then on the master

gvmd --get-scanners

to retrieve the scanner id

Then Then retrieve the cacert.pem from the slave /var/lib/gvm/CA/cacert.pem on the master and

gvmd --modify-scanner=scannerID --scanner-ca-pub=/path/of/slave-cacert.pem

NotMrNod · April 23, 2019, 8:45am

No problem with your english, don’t worry.

The problem with my setup was the certificate and I did what you said :

gvmd --modify-scanner=scannerID --scanner-ca-pub=/path/of/slave-cacert.pem

And now it’s working like a charm ! Thanks a lot @gadget

falk · April 23, 2019, 8:54am

Thanks guys!

I’m going the same way with my docker setup now.
It’s great to see that the community thrives and helps out in a project like this.

–
Regards Falk

gadget · April 23, 2019, 9:04am

happy to have been able to help

falk · April 23, 2019, 6:46pm

Hi,

I tried to make a fast “before evening, while listening to Hockey Finals” writeup about this topic here. A cleanup and more info will follow later

–
Regards Falk

gadget · April 24, 2019, 6:33am

Hi,
It’s a good job.
I’ll take a look at it as soon as I can.

gadget · April 24, 2019, 6:48am

Hi,

In your README when creating the slave scanner you wrote this:

Create a scanner in GSAD on the MASTER (I will checkout the cli way): Configuration > Scanners > New Scanner:

This is not possible with gvmd because with reference to the documentation it is possible to create only 2 types of scanners:

https://python-gvm.readthedocs.io/en/latest/api/protocols.html

create_scanner ( name , host , port , scanner_type , credential_id , *** , > ca_pub=None , comment=None )

Create a new scanner

Parameters: * name ( str ) – Name of the scanner

host ( str ) – The host of the scanner

port ( int ) – The port of the scanner

scanner_type ( str ) – Type of the scanner. ‘1’ for OSP, ‘2’ for OpenVAS (classic) Scanner.

In short, a good job anyway

Best regard,

NotMrNod · April 25, 2019, 8:21am

Really nice ! I’ll try as a docker later

NotMrNod · April 25, 2019, 8:45am

Now that my GMP Scanner is set, I made few try and I still have a same problem.

When I launch a scan over a /24 network, the scan start and few server and then stop. I don’t see any problem in the log:

SLAVE SIDE:

ps aux:

redis 622 0.1 5.2 147352 107608 ? Ssl Apr24 1:43 /usr/bin/redis-server 127.0.0.1:0
root 630 0.0 0.0 161796 1900 ? SLs Apr24 0:00 openvassd: Waiting for incoming connections
root 2069 0.0 1.1 282284 23728 ? SLs Apr24 0:26 gvmd: Waiting for incoming connections
root 2161 0.0 0.1 164664 2480 ? Ss Apr24 0:01 openvassd: Serving /usr/local/var/run/openvassd.sock
root 2162 0.0 1.5 299576 32244 ? S Apr24 0:20 gvmd: OTP: Handling scan 9a28c37a-8ff4-471e-8d84-c9aa560a9587
root 2164 0.0 0.0 0 0 ? Z Apr24 0:07 [openvassd] <defunct>
root 2165 0.0 0.0 0 0 ? Z Apr24 0:00 [openvassd] <defunct>
root 2166 0.0 0.0 0 0 ? Z Apr24 0:00 [openvassd] <defunct>
root 2167 0.0 0.0 0 0 ? Z Apr24 0:34 [openvassd] <defunct>
root 2168 0.0 0.0 0 0 ? Z Apr24 0:05 [openvassd] <defunct>
root 2169 0.0 0.0 0 0 ? Z Apr24 0:01 [openvassd] <defunct>
root 2170 0.0 0.0 0 0 ? Z Apr24 0:00 [openvassd] <defunct>
root 2171 0.0 0.0 0 0 ? Z Apr24 0:00 [openvassd] <defunct>
root 2172 0.0 0.0 0 0 ? Z Apr24 0:25 [openvassd] <defunct>
root 2173 0.0 0.0 0 0 ? Z Apr24 0:00 [openvassd] <defunct>
root 2176 0.0 0.0 0 0 ? Z Apr24 0:11 [openvassd] <defunct>
root 2178 0.0 0.0 0 0 ? Z Apr24 0:03 [openvassd] <defunct>
root 2184 0.0 0.0 0 0 ? Z Apr24 0:03 [openvassd] <defunct>
root 2185 0.0 0.0 0 0 ? Z Apr24 0:00 [openvassd] <defunct>
root 2663 0.0 1.0 282124 20980 ? S Apr24 0:00 gvmd: Reloading NVTs
root 2678 0.0 1.3 287688 27656 ? S Apr24 0:02 gvmd: Updating NVT cache

gvmd.log

md main:MESSAGE:2019-04-24 14h51.04 utc:2069: Greenbone Vulnerability Manager version 8.0.0 (DB revision 205)
util gpgme:MESSAGE:2019-04-24 14h51.05 utc:2069: Setting GnuPG dir to '/usr/local/var/lib/gvm/gvmd/gnupg'
util gpgme:MESSAGE:2019-04-24 14h51.05 utc:2069: Using OpenPGP engine version '2.1.18'
md manage: INFO:2019-04-24 14h51.05 utc:2087: sync_scap: Updating data from feed
md manage: INFO:2019-04-24 14h51.05 utc:2087: Updating CPEs
event target:MESSAGE:2019-04-24 14h53.26 UTC:2159: Target 686f5650-8ac5-4323-be3f-9b4262b935fc for XXX (41923255-28f0-4501-bbec-da0966131a2f) has been created by slave
event config:MESSAGE:2019-04-24 14h53.27 UTC:2159: Scan config 686f5650-8ac5-4323-be3f-9b4262b935fc for XXX (fc57b609-51fc-40b0-845a-328f269aefab) has been created by slave
event task:MESSAGE:2019-04-24 14h53.27 UTC:2159: Status of task (3d9b1691-c4c8-4c70-a251-14d8cc8bcc68) has changed to New
event task:MESSAGE:2019-04-24 14h53.27 UTC:2159: Task 686f5650-8ac5-4323-be3f-9b4262b935fc for XXX (3d9b1691-c4c8-4c70-a251-14d8cc8bcc68) has been created by slave
event task:MESSAGE:2019-04-24 14h53.27 UTC:2159: Status of task 686f5650-8ac5-4323-be3f-9b4262b935fc for XXX (3d9b1691-c4c8-4c70-a251-14d8cc8bcc68) has changed to Requested
event task:MESSAGE:2019-04-24 14h53.27 UTC:2159: Task 686f5650-8ac5-4323-be3f-9b4262b935fc for XXX (3d9b1691-c4c8-4c70-a251-14d8cc8bcc68) has been requested to start by slave
event task:MESSAGE:2019-04-24 14h53.30 UTC:2162: Status of task 686f5650-8ac5-4323-be3f-9b4262b935fc for XXX (3d9b1691-c4c8-4c70-a251-14d8cc8bcc68) has changed to Running
md manage: INFO:2019-04-24 15h10.09 utc:2087: Updating /usr/local/var/lib/gvm/scap-data/nvdcve-2.0-2015.xml
md manage: INFO:2019-04-24 15h10.29 utc:2087: Updating /usr/local/var/lib/gvm/scap-data/nvdcve-2.0-2008.xml
md manage: INFO:2019-04-24 15h10.45 utc:2087: Updating /usr/local/var/lib/gvm/scap-data/nvdcve-2.0-2010.xml
md manage: INFO:2019-04-24 15h11.18 utc:2087: Updating /usr/local/var/lib/gvm/scap-data/nvdcve-2.0-2005.xml
md manage: INFO:2019-04-24 15h11.28 utc:2087: Updating /usr/local/var/lib/gvm/scap-data/nvdcve-2.0-2018.xml
md manage: INFO:2019-04-24 15h14.57 utc:2087: Updating /usr/local/var/lib/gvm/scap-data/nvdcve-2.0-2006.xml
md manage: INFO:2019-04-24 15h15.10 utc:2087: Updating /usr/local/var/lib/gvm/scap-data/nvdcve-2.0-2012.xml
md manage: INFO:2019-04-24 15h15.47 utc:2087: Updating /usr/local/var/lib/gvm/scap-data/nvdcve-2.0-2009.xml
md manage: INFO:2019-04-24 15h16.08 utc:2087: Updating /usr/local/var/lib/gvm/scap-data/nvdcve-2.0-2004.xml
md manage: INFO:2019-04-24 15h16.14 utc:2087: Updating /usr/local/var/lib/gvm/scap-data/nvdcve-2.0-2003.xml
md manage: INFO:2019-04-24 15h16.17 utc:2087: Updating /usr/local/var/lib/gvm/scap-data/nvdcve-2.0-2007.xml
md manage: INFO:2019-04-24 15h16.27 utc:2087: Updating /usr/local/var/lib/gvm/scap-data/nvdcve-2.0-2013.xml
md manage: INFO:2019-04-24 15h17.01 utc:2087: Updating /usr/local/var/lib/gvm/scap-data/nvdcve-2.0-2002.xml
md manage: INFO:2019-04-24 15h17.10 utc:2087: Updating /usr/local/var/lib/gvm/scap-data/nvdcve-2.0-2011.xml
md manage: INFO:2019-04-24 15h19.15 utc:2087: Updating /usr/local/var/lib/gvm/scap-data/nvdcve-2.0-2019.xml
md manage: INFO:2019-04-24 15h20.00 utc:2087: Updating /usr/local/var/lib/gvm/scap-data/nvdcve-2.0-2014.xml
md manage: INFO:2019-04-24 15h20.29 utc:2087: Updating /usr/local/var/lib/gvm/scap-data/nvdcve-2.0-2016.xml
md manage: INFO:2019-04-24 15h21.03 utc:2087: Updating /usr/local/var/lib/gvm/scap-data/nvdcve-2.0-2017.xml
md manage: INFO:2019-04-24 15h23.50 utc:2087: Updating OVAL data
md manage: INFO:2019-04-24 15h25.17 utc:2087: Updating /usr/local/var/lib/gvm/scap-data/oval/5.10/org.mitre.oval/c/oval.xml
md manage: INFO:2019-04-24 15h25.17 utc:2087: Updating /usr/local/var/lib/gvm/scap-data/oval/5.10/org.mitre.oval/m/oval.xml
md manage: INFO:2019-04-24 15h25.17 utc:2087: Updating /usr/local/var/lib/gvm/scap-data/oval/5.10/org.mitre.oval/v/family/ios.xml
md manage: INFO:2019-04-24 15h25.17 utc:2087: Updating /usr/local/var/lib/gvm/scap-data/oval/5.10/org.mitre.oval/v/family/pixos.xml
md manage: INFO:2019-04-24 15h25.17 utc:2087: Updating /usr/local/var/lib/gvm/scap-data/oval/5.10/org.mitre.oval/p/oval.xml
md manage: INFO:2019-04-24 15h26.59 utc:2087: Updating /usr/local/var/lib/gvm/scap-data/oval/5.10/org.mitre.oval/i/oval.xml
md manage: INFO:2019-04-24 15h27.01 utc:2087: Updating /usr/local/var/lib/gvm/scap-data/oval/5.10/org.mitre.oval/v/family/macos.xml
md manage: INFO:2019-04-24 15h27.01 utc:2087: Updating /usr/local/var/lib/gvm/scap-data/oval/5.10/org.mitre.oval/v/family/unix.xml
md manage: INFO:2019-04-24 15h27.09 utc:2087: Updating /usr/local/var/lib/gvm/scap-data/oval/5.10/org.mitre.oval/v/family/windows.xml
md manage: INFO:2019-04-24 15h27.17 utc:2087: Updating user OVAL definitions.
md manage: INFO:2019-04-24 15h27.17 utc:2087: Updating CVSS scores and CVE counts for CPEs
md manage: INFO:2019-04-24 15h32.36 utc:2087: Updating CVSS scores for OVAL definitions
md manage: INFO:2019-04-24 15h32.40 utc:2087: Updating placeholder CPEs
md manage: INFO:2019-04-24 15h32.52 utc:2087: sync_scap: Updating SCAP info succeeded
md manage:WARNING:2019-04-24 21h22.12 UTC:2159: sql_exec_internal: sqlite3_step failed: interrupted
md manage:WARNING:2019-04-24 21h22.12 UTC:2159: sql_x_internal: sql_exec_internal failed

openvassd.log

sd main:MESSAGE:2019-04-24 14h47.20 utc:630: Finished reloading the scanner.
sd main:MESSAGE:2019-04-24 14h53.29 utc:2161: Starts a new scan. Target(s) : xxx/24, with max_hosts = 20 and max_checks = 4
sd main:MESSAGE:2019-04-24 14h53.29 utc:2165: Testing xxx [2165]
sd main:MESSAGE:2019-04-24 14h53.29 utc:2167: Testing xxx (Vhosts: xxx) [2167]
sd main:MESSAGE:2019-04-24 14h53.29 utc:2166: Testing xxx [2166]
sd main:MESSAGE:2019-04-24 14h53.29 utc:2168: Testing xxx (Vhosts: xxx) [2168]
sd main:MESSAGE:2019-04-24 14h53.29 utc:2171: Testing xxx [2171]
sd main:MESSAGE:2019-04-24 14h53.29 utc:2169: Testing xxx (Vhosts: xxx) [2169]
sd main:MESSAGE:2019-04-24 14h53.29 utc:2164: Testing xxx (Vhosts: xxx) [2164]
sd main:MESSAGE:2019-04-24 14h53.29 utc:2170: Testing xxx [2170]
sd main:MESSAGE:2019-04-24 14h53.29 utc:2173: Testing xxx [2173]
sd main:MESSAGE:2019-04-24 14h53.29 utc:2172: Testing xxx (Vhosts: xxx) [2172]
sd main:MESSAGE:2019-04-24 14h53.29 utc:2178: Testing xxx (Vhosts: xxx) [2178]
sd main:MESSAGE:2019-04-24 14h53.29 utc:2176: Testing xxx (Vhosts: xxx) [2176]
sd main:MESSAGE:2019-04-24 14h53.29 utc:2184: Testing xxx (Vhosts: xxx) [2184]
sd main:MESSAGE:2019-04-24 14h53.29 utc:2185: Testing xxx [2185]
sd main:MESSAGE:2019-04-24 14h53.32 utc:2166: The remote host xxx is dead
sd main:MESSAGE:2019-04-24 14h53.32 utc:2170: The remote host xxx is dead
sd main:MESSAGE:2019-04-24 14h53.32 utc:2185: The remote host xxx is dead
sd main:MESSAGE:2019-04-24 14h53.32 utc:2171: The remote host xxx is dead
sd main:MESSAGE:2019-04-24 14h53.32 utc:2166: Finished testing xxx. Time : 2.89 secs
sd main:MESSAGE:2019-04-24 14h53.32 utc:2173: The remote host xxx is dead
sd main:MESSAGE:2019-04-24 14h53.32 utc:2165: The remote host xxx is dead
sd main:MESSAGE:2019-04-24 14h53.32 utc:2185: Finished testing xxx. Time : 2.84 secs
sd main:MESSAGE:2019-04-24 14h53.32 utc:2171: Finished testing xxx. Time : 2.91 secs
sd main:MESSAGE:2019-04-24 14h53.32 utc:2170: Finished testing xxx. Time : 2.91 secs
sd main:MESSAGE:2019-04-24 14h53.32 utc:2173: Finished testing xxx. Time : 2.92 secs
sd main:MESSAGE:2019-04-24 14h53.32 utc:2165: Finished testing xxx. Time : 2.96 secs
lib nasl:MESSAGE:2019-04-24 14h53.38 utc:2709: Function ssh_login called from ssh_proto_version.nasl: Failed to set SSH key type 'ecdsa-sha2-nistp256': Setting method: no algorithm for method "server host key algo" (ecdsa-sha2-nistp256)
lib nasl:MESSAGE:2019-04-24 14h53.38 utc:2720: Function ssh_login called from ssh_proto_version.nasl: Failed to set SSH key type 'rsa-sha2-512': Setting method: no algorithm for method "server host key algo" (rsa-sha2-512)
lib nasl:MESSAGE:2019-04-24 14h53.38 utc:2720: Function ssh_login called from ssh_proto_version.nasl: Failed to set SSH key type 'rsa-sha2-256': Setting method: no algorithm for method "server host key algo" (rsa-sha2-256)
lib nasl:MESSAGE:2019-04-24 14h53.38 utc:2720: Function ssh_login called from ssh_proto_version.nasl: Failed to set SSH key type 'ecdsa-sha2-nistp256': Setting method: no algorithm for method "server host key algo" (ecdsa-sha2-nistp256)
lib nasl:MESSAGE:2019-04-24 14h53.42 utc:2885: Function ssh_login called from ssh_proto_version.nasl: Failed to set SSH key type 'rsa-sha2-512': Setting method: no algorithm for method "server host key algo" (rsa-sha2-512)
lib nasl:MESSAGE:2019-04-24 14h53.42 utc:2885: Function ssh_login called from ssh_proto_version.nasl: Failed to set SSH key type 'rsa-sha2-256': Setting method: no algorithm for method "server host key algo" (rsa-sha2-256)
lib nasl:MESSAGE:2019-04-24 14h53.42 utc:2885: Function ssh_login called from ssh_proto_version.nasl: Failed to set SSH key type 'ecdsa-sha2-nistp256': Setting method: no algorithm for method "server host key algo" (ecdsa-sha2-nistp256)
sd main:MESSAGE:2019-04-24 14h53.49 utc:2169: Finished testing xxx. Time : 19.99 secs
sd main:MESSAGE:2019-04-24 14h55.05 utc:2178: Finished testing xxx. Time : 96.04 secs
sd main:MESSAGE:2019-04-24 14h55.07 utc:2184: Finished testing xxx. Time : 97.85 secs
sd main:MESSAGE:2019-04-24 14h55.20 utc:2176: Finished testing xxx. Time : 110.92 secs
sd main:MESSAGE:2019-04-24 14h55.36 utc:2168: Finished testing xxx. Time : 127.12 secs
sd main:MESSAGE:2019-04-24 14h56.08 utc:2164: Finished testing xxx. Time : 158.56 secs
sd main:MESSAGE:2019-04-24 14h56.46 utc:2172: Finished testing xxx. Time : 197.22 secs
sd main:MESSAGE:2019-04-24 14h57.08 utc:2167: Finished testing xxx. Time : 218.74 secs

MASTER SIDE:

ps aux

root 590 0.0 1.2 880592 26356 ? SLsl Apr24 0:15 /usr/local/sbin/gsad --foreground
root 617 0.0 0.1 528324 2728 ? Sl Apr24 0:00 /usr/local/sbin/gsad --foreground
redis 634 0.1 3.6 135064 73940 ? Ssl Apr24 1:29 /usr/bin/redis-server 127.0.0.1:0
root 650 0.0 0.3 161796 7044 ? SLs Apr24 0:07 openvassd: Waiting for incoming connections
root 2492 0.0 1.3 282188 28480 ? SLs Apr24 0:41 gvmd: Waiting for incoming connections
root 2666 0.0 1.6 299924 33516 ? S Apr24 0:03 gvmd: OTP: Handling slave scan e9cd3041-3f03-4639-a4c9-060d7d2174a2
root 11636 0.0 0.2 163856 6100 ? Ss 10:39 0:00 openvassd: Serving /usr/local/var/run/openvassd.sock

gvmd.log

event task:MESSAGE:2019-04-24 14h53.26 UTC:2656: Status of task XXX (d94ef228-e95b-465c-abc6-408952f40006) has changed to Requested
event task:MESSAGE:2019-04-24 14h53.26 UTC:2656: Task XXX (d94ef228-e95b-465c-abc6-408952f40006) has been requested to start by XXX
event task:MESSAGE:2019-04-24 14h53.53 UTC:2666: Status of task XXX(d94ef228-e95b-465c-abc6-408952f40006) has changed to Running

I tried a /24 scan with different settings and it ends up always in the same way. The status stay at 1% and nothing happen…

I’m on Debian 9 and I followed every step in the documentation. Did you have this problem too ? Have you any hint about what’s happening there please ?
It work perfectly well when I launch the /24 scan on the master, and it’s also work well if I scan only 1 host with the slave.

falk · April 25, 2019, 9:08am

Hi, I haven’t tried a full /24 from a slave yet.
Hopefully I can do a try this afternoon, or later tonight[tm].

I’ll get back with result from the test.

–
Regards Falk

NotMrNod · April 25, 2019, 9:13am

That would be nice @falk, so I can see if I’m the problem there Thanks!

NotMrNod · April 25, 2019, 1:38pm

Still have the problem with a larger number than 14 hosts in a single task… Is it okay for you ?

falk · April 25, 2019, 7:32pm

Doing a /24 scan now on a subnet.
[edit]
There were ~35 devices on that subnet.
But the scan didn’t stop.
I did a small writeup about the setup https://sadsloth.net/post/gmv10dockermasterslave/
[/edit]

NotMrNod · April 26, 2019, 7:51am

Thanks for the feedback, now I know that I’m the problem… I have the same problem on every install, I’ll try to find the solution.

Nice writeup, but I’m not really familiar with dockers, and I cannot deploy something that I cannot handle from a security point of view.

Thanks again @falk