Master - Slave Configuration Troubleshooting

Hi everyone,

I have attempted to deploy a distributed setup, where the OpenVAS manager is creating requests to remote OpenVAS scanners to scan.

Right now, my topology is simple (internal network in Vbox) = Master (10.0.2.8) is directly connected to Slave (10.0.2.9) . They are pingable to one another.

What I have done is:
Slave

  1. nano /etc/init.d/openvas-manager > change the manager IP to 10.0.2.8, manager port to 9390
  2. Create new user > openvasmd --create-user=scanner --role=Admin
  3. openvas-manage-certs > obtain the cacert.pem file for Manager

Master

  1. Create credentials > User + Password
  2. Create scanner > Host > 10.0.2.9, OMP Slave, use cacert.pem, use above credentials
  3. Create Target
  4. Create Task

From the:
tail /var/log/openvas/openvasmd.logs
I can see that connections are being tried but failing to reach the slave. From the GSA GUI, the task is stuck on “Requested”

Hence, can someone help with identifying:
What and How to check in the case of non-connectivity between Master and Slave (eg, are they reachable, are they listening on the port, to actual configuration of OpenVAS)

Thanks in advance!

some notes on this on how to use e.g. netstat to see if the slave is actually listening on the expected port are provided in the blogpost:

https://blog.haardiek.org/setup-openvas-as-master-and-slave.html

i had linked in Setting up Remote Scanners with Centralized Manager

Tools like nmap and similar could help you as well to see if the master is able to reach the expected port on the slave.

Hi cfi,

Thank you for your response and guidance! I think I got it now. For those who want to know how this is done, just take note of the link.

My steps indicated are correct except for the part where I have edited the /etc/init.d/openvas-manager

Instead, I have done this instead > https://superuser.com/questions/977331/how-to-make-openvas-listen-on-an-external-interface

Hope that helps anyone with the same problem!

Cheers

2 Likes

Hi, I don’t have problems to reach the slave, but i have problems with certificates, can you please describe more detailed how do you export/import it? Regardss

Hi Lucianofain,

If you are talking about the certs so that master and slaves can communicate, all you have to do is to find something called the servercert.pem.

Try to do this on the slaves:
find / -name servercert.pem

See where it is located, and when you find it, transfer it to the master, anywhere you want. When you create a slave scanner on the master, there will be a need to upload a cert. This is where you select the certs.

Hope that is what you are looking for!

Cheers!

2 Likes

The error that gives me is the following:

  1. I copy the servercert.pem from the slave to the master, renaming it as sensor.pem
  2. I define the sensor in the GSA of the master as Type OMP Slave
  3. I try to upload the sensor.pem
  4. The GSA issues the message (Status code 400) Operation Save Scanner Failed. Erroneous CA certificate. I also did (chmod 777 sensor.pem)

Any help will be welcome.

Sorry team, it was my mistake. It was difference of dates between master and slave. Thanks for you support.