Hello,
I might need help to connect scanner to my main scanner machine.
Setup is :
Both machines uses :
latest Kali linux
Linux AAAAA 5.15.0-kali2-amd64 #1 SMP Debian 5.15.5-2kali2 (2021-12-22) x86_64 GNU/Linux
Linux BBBBB 5.15.0-kali2-amd64 #1 SMP Debian 5.15.5-2kali2 (2021-12-22) x86_64 GNU/Linux
Greenbone Security Assistant 21.4.3
Greenbone Vulnerability Manager 21.4.4
OpenVAS 21.4.3
gvm-libs 21.4.3
telnet BBBBB 9390
Connected to 10.69.35.22 .
Escape character is ‘^]’.
Both passes the gvm-manage-certs -V “OK: Your GVM certificate infrastructure passed validation”
They are installed separately, not cloned.
Main machine is AAAAA.
On AAAAA i’m creating credentials from configuration → credentials .I use clientcer.pem and clientkey.pem from BBBBB.
I continue with adding a scanner on AAAAA, that live on BBBBB, from web interface AAAAA:9392. I use cacert.pem from BBBBB .
As standard, Scanner is created as type OSP Scanner.
From console on AAAAA i change type of scanner with
sudo -H -u _gvm gvmd --modify-scanner=f9e69bd5-d9e1-4c8c-9773-f7d6a672fdd9 --scanner-type=OSP-Sensor --scanner-host=BBBBB --scanner-key-pub=/var/lib/gvm/BBBBB/clientcert.pem --scanner-key-priv=/var/lib/gvm/BBBBB/clientkey.pem --scanner-ca-pub=/var/lib/gvm/BBBBB/cacert.pem --scanner-port=9390
Now in web interface AAAAA:9392 scanner changes type to ‘Greenbone Sensor’ .I Think this is OK.
When i try to ''verify" scanner from AAAA’s web i’ve got "Service unavailable:
Log from AAAAA/gvm/gvmd.log/
libgvm osp:WARNING:2022-01-17 14h56.54 UTC:378023: Erroneous OSP <get_version/> response.
Log from BBBBB/gvm/gvmd.log
md main:WARNING:2022-01-17 14h56.54 utc:4639: read_from_client_tls: failed to read from client: The TLS connection was non-properly terminated.
When i try to verify from console on AAAAA with
sudo -H -u _gvm gvmd --verify-scanner=f9e69bd5-d9e1-4c8c-9773-f7d6a672fdd9 -v
it returns this
free(): invalid pointer
Log from BBBBB is same -
failed to read from client: The TLS connection was non-properly terminated.
Certs and key files are owned by _gvm.
I also added cacert.pem as trusted in my system on AAAAA.
I’ve tested it with gnutls-cli. -
Status: The certificate is trusted.
What im doing wrong ?
Sorry if topic is not in the right place.