I installed openvas on my raspberrypi4 following the guide that is linked at the bottom of the post
When done I ran the command sudo openvas-start and I attempted to open the web interface with the addresses and port combinations:
127.0.0.1:9392, 9390, and 443
0.0.0.0:9392, 9390, and 443
localhost:9392, 9390, and 443
10.0.0.90:9392, 9390, and 443 (Static address for the Raspberrypi)
Every address and port gives me an ERR_CONNECTION_REFUSED error.
This has also affected my pihole web interface with the same error.
I will assume this issue may exist because something happened to the Lighttpd Daemon service because I’m not able to start it manually.
The only command that has given me some useful information is this: (Spaces are to bypass the hyperlink block)
wget --verbose localhost
–2020-02-14 18:41:55-- h t t p : / / l o c a l h o s t /
Resolving localhost (localhost)… 127.0.0.1
Connecting to localhost (localhost)|127.0.0.1|:80… connected.
HTTP request sent, awaiting response… 303 See Other
Location: h t t p s : / / l o c a l h o s t : 9 3 9 2 / l o g i n / l o g i n . h t m l [following]
–2020-02-14 18:41:55-- h t t p s : / / l o c a l h o s t : 9 3 9 2 / l o g i n / l o g i n . h t m l
Connecting to localhost (localhost)|127.0.0.1|:9392… connected.
ERROR: The certificate of ‘localhost’ is not trusted.
ERROR: The certificate of ‘localhost’ doesn’t have a known issuer.
The certificate’s owner does not match hostname ‘localhost’
gsa: (‘7.0.3’) gvm: (‘Command not found’) openvas-scanner: (‘5.1.3’) gvm-libs: Command not found
I actually have Splunk running on one of my other Servers on port 443. I’m not sure how to change that one.
But speaking of Splunk, one of the sensors does tell me that HTTP Port 80 is refusing connection as well on the Pi.
Since you mentioned both of those ports, maybe there’s a port conflict?
So maybe I should try another port for the web interface with -r , –rport= PORT ?
As for one of your suggestions listed I tried Running gsad on http only. But got the error:
Warning: MHD_USE_THREAD_PER_CONNECTION must be used only with MHD_USE_INTERNAL_POLLING_THREAD. Flag MHD_USE_INTERNAL_POLLING_THREAD was added. Consider setting MHD_USE_INTERNAL_POLLING_THREAD explicitly.
Let wget ignore the TLS cert validation (insecure)
Make wget aware of the TLS cert chain (certs are a bit complicated)
Run gsad on http only (insecure but ok at least for local connections)
Run gsad with a non self signed cert (get a cert from a well known authority)
I have done the first and third option you’ve suggested (with some warnings), I cannot figure out how to do the other options. I’m not exactly a Linux pro, but I know how to navigate it and do basic things.
In this case you really should use our GCE VM! If you are not familiar with unix and configuring services on linux based systems it doesn’t make sense to talk about this issue, sorry. To fix this issue you need some understanding how SSL/TLS certificates work and howto configure the http client and our http server gsad.