OSP - Sensor as second scanner

AyyJYH · January 17, 2022, 3:08pm

Hello,
I might need help to connect scanner to my main scanner machine.
Setup is :
Both machines uses :
latest Kali linux
Linux AAAAA 5.15.0-kali2-amd64 #1 SMP Debian 5.15.5-2kali2 (2021-12-22) x86_64 GNU/Linux
Linux BBBBB 5.15.0-kali2-amd64 #1 SMP Debian 5.15.5-2kali2 (2021-12-22) x86_64 GNU/Linux

Greenbone Security Assistant 21.4.3
Greenbone Vulnerability Manager 21.4.4
OpenVAS 21.4.3
gvm-libs 21.4.3

telnet BBBBB 9390
Connected to 10.69.35.22 .
Escape character is ‘^]’.

Both passes the gvm-manage-certs -V “OK: Your GVM certificate infrastructure passed validation”

They are installed separately, not cloned.
Main machine is AAAAA.
On AAAAA i’m creating credentials from configuration → credentials .I use clientcer.pem and clientkey.pem from BBBBB.
I continue with adding a scanner on AAAAA, that live on BBBBB, from web interface AAAAA:9392. I use cacert.pem from BBBBB .
As standard, Scanner is created as type OSP Scanner.

From console on AAAAA i change type of scanner with

sudo -H -u _gvm gvmd --modify-scanner=f9e69bd5-d9e1-4c8c-9773-f7d6a672fdd9 --scanner-type=OSP-Sensor --scanner-host=BBBBB --scanner-key-pub=/var/lib/gvm/BBBBB/clientcert.pem --scanner-key-priv=/var/lib/gvm/BBBBB/clientkey.pem --scanner-ca-pub=/var/lib/gvm/BBBBB/cacert.pem --scanner-port=9390

Now in web interface AAAAA:9392 scanner changes type to ‘Greenbone Sensor’ .I Think this is OK.
When i try to ''verify" scanner from AAAA’s web i’ve got "Service unavailable:
Log from AAAAA/gvm/gvmd.log/

libgvm osp:WARNING:2022-01-17 14h56.54 UTC:378023: Erroneous OSP <get_version/> response.

Log from BBBBB/gvm/gvmd.log

md main:WARNING:2022-01-17 14h56.54 utc:4639: read_from_client_tls: failed to read from client: The TLS connection was non-properly terminated.

When i try to verify from console on AAAAA with

sudo -H -u _gvm gvmd --verify-scanner=f9e69bd5-d9e1-4c8c-9773-f7d6a672fdd9 -v

it returns this

free(): invalid pointer

Log from BBBBB is same -

failed to read from client: The TLS connection was non-properly terminated.

Certs and key files are owned by _gvm.
I also added cacert.pem as trusted in my system on AAAAA.
I’ve tested it with gnutls-cli. -

Status: The certificate is trusted.

What im doing wrong ?
Sorry if topic is not in the right place.

DeeAnn · January 20, 2022, 10:26am

Hi @AyyJYH and welcome to the forum

It might help us to try to figure it out if we knew what you are trying to achieve and more about your usage scenario. If I understand correctly, you are using two machines and two instances but mixing credentials and keys?

AyyJYH · January 20, 2022, 10:29am

Hello, 10x for reply .
Yes, I’m trying to add external scanner to my main machine.

DeeAnn · January 21, 2022, 11:41am

This documentation looks older and not everything could apply, but if you haven’t seen this yet, try looking here to see if there are any hints: 18. Connecting the Greenbone Security Manager to Other Systems — Greenbone Security Manager (GSM) 5 documentation

AyyJYH · January 21, 2022, 12:27pm

Nothing.
I just want to add external scanner.
18.1
"The open format allows developing custom OSP scanners. Greenbone Networks provides the protocol documentation at https://docs.greenbone.net/API/OSP/osp-1.1.html."
And link doesnt work.

DeeAnn · January 21, 2022, 12:40pm

Sorry about that- here’s more current docs (they didn’t come up in a search so i looked through the manual to find it)

https://docs.greenbone.net/GSM-Manual/gos-21.04/en/connecting-other-systems.html

with a working link to the OSP doc here Tech Doc Portal

I haven’t this up myself with an external so I don’t have any hands-on advice, but hopefully someone who has will see the thread and can jump in.

AyyJYH · January 21, 2022, 1:02pm

"Connecting additional scanners using OSP
The Open Scanner Protocol (OSP) is a standardized interface for different vulnerability scanners. Arbitrary scanners can be integrated seamlessly into the GSM vulnerability management. Controlling the scanners and handling the results works in the same way for all scanners. "

And that’s it. There is nothing that will help you to understand how to do it.

Can you at least try to do it ?
tnx.

DeeAnn · January 21, 2022, 2:19pm

It’s something I plan to do, but do not have the opportunity right now. In the meantime if I find anything about the errors you’re seeing, I will let you know.

fred6121 · January 26, 2022, 8:28am

Hallo,

I have a running AAAA with gsa,gvm and ospd-openvas…
At my BBBB there is no longer a gvm (support for gvm2gvm was removed) - so only ospd-openvas….

The scanner object for BBBB has type “OpenVAS Scanner” - I was unsuccesful with OSPscanner.
A verify is successful.

AyyJYH · January 26, 2022, 2:57pm

Thanks for reply.
ATM it works as you said, only ospd-openvas .

fred6121 · January 27, 2022, 8:26pm

Hallo

sorry forgot my env:

gsad: 21.4.3
gvmd: 21.4.3
openvas-scanner: 21.4.4~dev1
gvm-libs: 21.4.4~dev1

Environment

Operating system: gentoo
Kernel: 5.4.168
Installation method / source: gentoo ebuild from git

DeeAnn · January 31, 2022, 12:05pm

A post was split to a new topic: CVEs and CPEs with score = 0, log and N/A