I have problems with the scanner. It stops after enabling signatures, but when consulting the
State has remained active, I leave in detail the whole procedure.
Enable the validation option for verification of signatures
vi /etc/openvas/openvassd.conf
Should consider all the NASL scripts as being signed ? (unsafe if set to ‘yes’)
nasl_no_signature_check = no
Versions of openvasmd and openvassd
openvasmd --versionOpenVAS Manager 7.0.2
Manager DB revision 184openvassd --version
OpenVAS Scanner 5.1.1
Signature process
gpg --homedir=/etc/openvas/gnupg --list-keys
gpg: WARNING: unsafe permissions on homedir `/etc/openvas/gnupg'
/etc/openvas/gnupg/pubring.gpg
pub 1024D/48DB4530 2007-11-05
uid OpenVAS Transfer Integrity
sub 2048g/70610CFB 2007-11-05
gpg --homedir=/etc/openvas/gnupg --list-public-keys
gpg: WARNING: unsafe permissions on homedir `/etc/openvas/gnupg'
/etc/openvas/gnupg/pubring.gpg
pub 1024D/48DB4530 2007-11-05
uid OpenVAS Transfer Integrity
sub 2048g/70610CFB 2007-11-05
gpg --homedir=/etc/openvas/gnupg --list-sigs
gpg: WARNING: unsafe permissions on homedir `/etc/openvas/gnupg'
/etc/openvas/gnupg/pubring.gpg
pub 1024D/48DB4530 2007-11-05
uid OpenVAS Transfer Integrity
sig 3 48DB4530 2007-11-05 OpenVAS Transfer Integrity
sub 2048g/70610CFB 2007-11-05
sig 48DB4530 2007-11-05 OpenVAS Transfer Integrity
-----------------------------
**Downloads Keys**
wget https://www.greenbone.net/GBCommunitySigningKey.asc
gpg --homedir=/etc/openvas/gnupg --import GBCommunitySigningKey.asc
------------------------------------
**import signature of the keys.**
gpg --homedir=/etc/openvas/gnupg --import /etc/openvas/gnupg/48DB4530.key
--------------------------------------
**Sign**
gpg --homedir=/etc/openvas/gnupg --lsign-key 48DB4530
Update feeds
greenbone-nvt-sync
greenbone-certdata-sync
greenbone-scapdata-sync
openvasmd --rebuild
Version System Operator: centos 7
Log /var/openvas/openvassd.log
[Fri Nov 16 16:19:47 2018][8590] /var/lib/openvas/plugins/2018/coremail/gb_coremail_stored_xss_vuln.nasl: Will not execute. Bad or missing signature
[Fri Nov 16 16:19:47 2018][8590] /var/lib/openvas/plugins/2018/coremail/gb_coremail_stored_xss_vuln.nasl: Could not be loaded
[Fri Nov 16 16:19:48 2018][8590] /var/lib/openvas/plugins/2018/lynxtechnology/gb_twonky_server_mult_vuln.nasl: Will not execute. Bad or missing signature
[Fri Nov 16 16:19:48 2018][8590] /var/lib/openvas/plugins/2018/lynxtechnology/gb_twonky_server_mult_vuln.nasl: Could not be loaded
[Fri Nov 16 16:19:48 2018][8590] /var/lib/openvas/plugins/2018/lynxtechnology/gb_twonky_server_mult_vuln_active.nasl: Will not execute. Bad or missing signature
[Fri Nov 16 16:19:48 2018][8590] /var/lib/openvas/plugins/2018/lynxtechnology/gb_twonky_server_mult_vuln_active.nasl: Could not be loaded
[Fri Nov 16 16:19:48 2018][8590] /var/lib/openvas/plugins/2018/opensuse/gb_suse_2018_3754_1.nasl: Will not execute. Bad or missing signature
[Fri Nov 16 16:19:48 2018][8590] /var/lib/openvas/plugins/2018/opensuse/gb_suse_2018_3754_1.nasl: Could not be loaded
[Fri Nov 16 16:19:48 2018][8590] /var/lib/openvas/plugins/2018/dolibarr/gb_dolibarr_7_0_0_mult_vuln.nasl: Will not execute. Bad or missing signature
[Fri Nov 16 16:19:48 2018][8590] /var/lib/openvas/plugins/2018/dolibarr/gb_dolibarr_7_0_0_mult_vuln.nasl: Could not be loaded
[Fri Nov 16 16:19:48 2018][8590] /var/lib/openvas/plugins/2018/lutron/gb_lutron_quantum_integ_device_infor_disc_vuln.nasl: Will not execute. Bad or missing signature
[Fri Nov 16 16:19:48 2018][8590] /var/lib/openvas/plugins/2018/lutron/gb_lutron_quantum_integ_device_infor_disc_vuln.nasl: Could not be loaded
[Fri Nov 16 16:19:48 2018][8590] /var/lib/openvas/plugins/2018/digium/gb_asterisk_AST-2018-010.nasl: Will not execute. Bad or missing signature
[Fri Nov 16 16:19:48 2018][8590] /var/lib/openvas/plugins/2018/digium/gb_asterisk_AST-2018-010.nasl: Could not be loaded
[Fri Nov 16 16:19:48 2018][8590] /var/lib/openvas/plugins/2018/piwigo/gb_piwigo_mult_xss_vuln.nasl: Will not execute. Bad or missing signature
[Fri Nov 16 16:19:48 2018][8590] /var/lib/openvas/plugins/2018/piwigo/gb_piwigo_mult_xss_vuln.nasl: Could not be loaded
[Fri Nov 16 16:19:48 2018][8590] /var/lib/openvas/plugins/2018/fedora/gb_fedora_2018_e8d19367cb_mingw-SDL2_image_fc28.nasl: Will not execute. Bad or missing signature
[Fri Nov 16 16:19:48 2018][8590] /var/lib/openvas/plugins/2018/fedora/gb_fedora_2018_e8d19367cb_mingw-SDL2_image_fc28.nasl: Could not be loaded
[Fri Nov 16 16:19:48 2018][8590] Stopped loading plugins: High number of errors.
Status de openvas-scanner>
systemctl status openvas-scanner
● openvas-scanner.service - OpenVAS Scanner
Loaded: loaded (/usr/lib/systemd/system/openvas-scanner.service; enabled; vendor preset: disabled)
Active: active (running) since Fri 2018-11-16 14:05:23 -03; 468ms ago
Process: 9500 ExecStart=/usr/sbin/openvassd $OPTIONS (code=exited, status=0/SUCCESS)
Main PID: 9501 (openvassd)
CGroup: /system.slice/openvas-scanner.service
├─9501 openvassd: Reloaded 100 of 47880 NVTs (0% / ETA: 00:00)
└─9502 openvassd (Loading Handler)Nov 16 14:05:23 localhost.localdomain systemd[1]: Starting OpenVAS Scanner…
Nov 16 14:05:23 localhost.localdomain systemd[1]: Started OpenVAS Scanner.
Again
Loaded: loaded (/usr/lib/systemd/system/openvas-scanner.service; enabled; vendor preset: disabled)
Active: active (running) since Fri 2018-11-16 14:08:19 -03; 2s ago
Process: 11574 ExecStart=/usr/sbin/openvassd $OPTIONS (code=exited, status=0/SUCCESS)
Main PID: 11575 (openvassd)
CGroup: /system.slice/openvas-scanner.service
├─11575 openvassd: Reloaded 4600 of 47880 NVTs (9% / ETA: 00:18)
└─11576 openvassd (Loading Handler)Nov 16 14:08:19 localhost.localdomain systemd[1]: Starting OpenVAS Scanner…
Nov 16 14:08:19 localhost.localdomain systemd[1]: Started OpenVAS Scanner.
Again
● openvas-scanner.service - OpenVAS Scanner
Loaded: loaded (/usr/lib/systemd/system/openvas-scanner.service; enabled; vendor preset: disabled)
Active: active (running) since Fri 2018-11-16 14:10:46 -03; 1s ago
Process: 13322 ExecStart=/usr/sbin/openvassd $OPTIONS (code=exited, status=0/SUCCESS)
Main PID: 13323 (openvassd)
CGroup: /system.slice/openvas-scanner.service
├─13323 openvassd: Reloaded 550 of 47880 NVTs (1% / ETA: 01:26)
└─13324 openvassd (Loading Handler)Nov 16 14:10:46 localhost.localdomain systemd[1]: Starting OpenVAS Scanner…
Nov 16 14:10:46 localhost.localdomain systemd[1]: Started OpenVAS Scanner.
Again
● openvas-scanner.service - OpenVAS Scanner
Loaded: loaded (/usr/lib/systemd/system/openvas-scanner.service; enabled; vendor preset: disabled)
Active: activating (start) since Fri 2018-11-16 14:11:38 -03; 7ms ago
Main PID: 13872 (code=exited, status=1/FAILURE); : 13930 (openvassd)
CGroup: /system.slice/openvas-scanner.service
└─13930 /usr/sbin/openvassd
Again
● openvas-scanner.service - OpenVAS Scanner
Loaded: loaded (/usr/lib/systemd/system/openvas-scanner.service; enabled; vendor preset: disabled)
Active: active (running) since Fri 2018-11-16 14:12:23 -03; 1s ago
Process: 14475 ExecStart=/usr/sbin/openvassd $OPTIONS (code=exited, status=0/SUCCESS)
Main PID: 14476 (openvassd)
CGroup: /system.slice/openvas-scanner.service
├─14476 openvassd: Reloaded 3550 of 47880 NVTs (7% / ETA: 00:24)
└─14477 openvassd (Loading Handler)Nov 16 14:12:23 localhost.localdomain systemd[1]: Starting OpenVAS Scanner…
Nov 16 14:12:23 localhost.localdomain systemd[1]: Started OpenVAS Scanner.
Deactivating signature validation works without problems