gsa: Greenbone Security Assistant 9.0
gvm: Greenbone Vulnerability Manager 9.0.0
ospd-openvas: OSP Server for openvas: 1.0.0
openvas: OpenVAS 7.0.0
Operating system: Ubuntu 18.04.3 LTS
Kernel: Linux node2 4.15.0-70-generic
I have trouble setting up a maser-slave setting.
I allready googled a lot and read the topics here:
But did not come up with a working solution…
What i did:
gvmd --create-user=slave --password=12345 --role=Admin
gvmd listening on 0.0.0.0?
tcp 0 0 0.0.0.0:9391 0.0.0.0:* LISTEN 0 29372 1214/gvmd: Waiting
copied /var/lib/gvm/CA/cacert.pem to master
created credentials with user ‘slave’ and password ‘12345’ and ‘allow insecure use’
create GMP scanner with my credentials.
add cacert of slave to scanner
gvmd --modify-scanner=‘70ec1f74-5521-44bf-bad3-601313f3433b’ --scanner-ca-pub=/root/cacert.pem
I tried a lot more, but basically i think it should work with this…
Tested the verify scanner option:
GVMD-LOG ON MASTER:
md main: DEBUG:2019-11-21 15h45.36 CET:4133: <= client “<verify_scanner scanner_id=“70ec1f74-5521-44bf-bad3-601313f3433b”/>”
lib serv: DEBUG:2019-11-21 15h45.36 CET:4133: Connected to server ‘192.168.28.157’ port 9391.
lib serv: DEBUG:2019-11-21 15h45.36 CET:4133: Shook hands with server ‘192.168.28.157’ port 9391.
lib serv:WARNING:2019-11-21 15h45.36 CET:4133: gvm_server_verify: the certificate is not trusted
lib serv:WARNING:2019-11-21 15h45.36 CET:4133: gvm_server_verify: the certificate hasn’t got a known issuer
md main: DEBUG:2019-11-21 15h45.36 CET:4133: -> client: <verify_scanner_response status=“503” status_text=“Service unavailable”/>
So it looks like a certificate problem, but not sure how to fix this?
If i look in the postgresql db i can see the cacert.pem of the scanner, but if i try to download it in gsa, i get a file with ‘undefined’ written in it… is this a bug?
GVMD-LOG ON SLAVE:
lib serv: DEBUG:2019-11-21 14h49.45 utc:2924: Shook hands with peer.
md main: DEBUG:2019-11-21 14h49.45 utc:2924: Serving GMP
md main:WARNING:2019-11-21 14h49.45 utc:2924: read_from_client_tls: failed to read from client: The TLS connection was non-properly terminated.
md main: DEBUG:2019-11-21 14h49.45 utc:2924: Cleaning up
md main: DEBUG:2019-11-21 14h49.45 utc:2924: Exiting
i also tried to scan with the slave.
The master is able to send the task to the slave and it is actually doing some scanning, but no results are received by the master. It stucks at 1%, no logfiles nothing.
I would realy appreciate some help, since i wasted hours without progress on this…