search

greenbone / gsa

Greenbone Security Assistant - The web frontend for the Greenbone Community Edition
GNU Affero General Public License v3.0
215 stars 95 forks source link

active overrides diagram show wrong day count #2042

Closed root360-AndreasUlm closed 3 years ago

root360-AndreasUlm commented 4 years ago

Hi,

in our fresh installed GVM-11 the wrong active day count for overrides is shown in the diagram.

Expected behavior

The diagram about active overrides should show correct number of active days.

Actual behavior

Although override as active until 'Mon, Jun 8, 2020 4:14 PM UTC' the diagram shows that the overrides are active for the next 28 days image

Steps to reproduce

  1. install and build main components (except OSPD) of GVM-11 including requirements (e.g. postgresql & redis)
  2. start all GVM daemons
    • gvmd: gvmd --osp-vt-update=/var/run/ospd/ospd.sock --unix-socket /var/run/gvm/gvmd.sock
    • ospd-openvas: /usr/bin/ospd-scanner/bin/python /usr/bin/ospd-scanner/bin/ospd-openvas --pid-file /var/run/ospd/ospd-openvas.pid --unix-socket=/var/run/ospd/ospd.sock --log-file /var/log/gvm/ospd-scanner.log
    • gsad: gsad --drop-privileges=gvm --listen=127.0.0.1 --port=8443 --no-redirect --gnutls-priorities=SECURE128:-AES-128-CBC:-CAMELLIA-128-CBC:-VERS-SSL3.0:-VERS-TLS1.0:-VERS-TLS1.1 --munix-socket=/var/run/gvm/gvmd.sock --secure-cookie
  3. configure a security issue e.g.
    1. install nginx
    2. configure with insecure cookie: 
      server {
listen 80;
add_header Set-Cookie bla="bla";
return 200;
}
  4. run scan against vulnerable nginx
  5. configure override for found vulnerability MissinghttpOnlyCookie Attribute OID: 1.3.6.1.4.1.25623.1.0.105925 to be active for e.g. 90 days
  6. check diagram on https:///overrides

GVM versions

gsa: (gsad --version)

# gsad --version
Greenbone Security Assistant 9.0

gvm: (gvmd --version)

# gvmd --version
Greenbone Vulnerability Manager 9.0.0
Manager DB revision 221
Copyright (C) 2010-2017 Greenbone Networks GmbH
License GPLv2+: GNU GPL version 2 or later
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.

openvas-scanner: (openvassd --version)

# openvas --version
OpenVAS 7.0.0
Most new code since 2005: (C) 2019 Greenbone Networks GmbH
Nessus origin: (C) 2004 Renaud Deraison <deraison@nessus.org>
License GPLv2: GNU GPL version 2
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.

gvm-libs:

# ls -l /usr/lib/libgvm*
lrwxrwxrwx 1 root root     21 Mar 12 18:06 /usr/lib/libgvm-pg-server.so -> libgvm-pg-server.so.0
lrwxrwxrwx 1 root root     25 Mar 12 18:06 /usr/lib/libgvm-pg-server.so.0 -> libgvm-pg-server.so.9.0.0
-rw-r--r-- 1 root root  96816 Mar 12 18:06 /usr/lib/libgvm-pg-server.so.9.0.0
lrwxrwxrwx 1 root root     17 Mar 12 18:06 /usr/lib/libgvm_base.so -> libgvm_base.so.11
lrwxrwxrwx 1 root root     21 Mar 12 18:06 /usr/lib/libgvm_base.so.11 -> libgvm_base.so.11.0.0
-rw-r--r-- 1 root root 202160 Mar 12 18:06 /usr/lib/libgvm_base.so.11.0.0
lrwxrwxrwx 1 root root     16 Mar 12 18:06 /usr/lib/libgvm_gmp.so -> libgvm_gmp.so.11
lrwxrwxrwx 1 root root     20 Mar 12 18:06 /usr/lib/libgvm_gmp.so.11 -> libgvm_gmp.so.11.0.0
-rw-r--r-- 1 root root  58208 Mar 12 18:06 /usr/lib/libgvm_gmp.so.11.0.0
lrwxrwxrwx 1 root root     16 Mar 12 18:06 /usr/lib/libgvm_osp.so -> libgvm_osp.so.11
lrwxrwxrwx 1 root root     20 Mar 12 18:06 /usr/lib/libgvm_osp.so.11 -> libgvm_osp.so.11.0.0
-rw-r--r-- 1 root root  53472 Mar 12 18:06 /usr/lib/libgvm_osp.so.11.0.0
lrwxrwxrwx 1 root root     17 Mar 12 18:06 /usr/lib/libgvm_util.so -> libgvm_util.so.11
lrwxrwxrwx 1 root root     21 Mar 12 18:06 /usr/lib/libgvm_util.so.11 -> libgvm_util.so.11.0.0
-rw-r--r-- 1 root root 284168 Mar 12 18:06 /usr/lib/libgvm_util.so.11.0.0

Environment

Operating system:

# lsb_release -a
No LSB modules are available.
Distributor ID: Ubuntu
Description:    Ubuntu 18.04.4 LTS
Release:        18.04
Codename:       bionic

# uname -a
Linux root360-backend-prod-gvm 5.3.0-40-generic #32~18.04.1-Ubuntu SMP Mon Feb 3 14:05:59 UTC 2020 x86_64 x86_64 x86_64 GNU/Linux

Installation method / source: (packages, source installation) Build from sources based on GVM-11 using: cmake -DCMAKE_INSTALL_PREFIX=/usr -DLOCALSTATEDIR=/var -DSYSCONFDIR=/etc .

Logfiles

I could not find any logs explaining the behaviour. For completeness of this report, here are the last 10 lines of all gvm-logfiles:

# tail /var/log/gvm/*
==> /var/log/gvm/gsad.log <==
gsad main:MESSAGE:2020-03-16 08h23.04 utc:22711: Starting GSAD version 9.0

==> /var/log/gvm/gvmd.log <==
md   main:MESSAGE:2020-03-15 14h58.24 utc:16948:    Greenbone Vulnerability Manager version 9.0.0 (DB revision 221)
md manage:WARNING:2020-03-15 14h58.24 utc:16948: database must be initialised from scanner
util gpgme:MESSAGE:2020-03-15 14h58.24 utc:16948: Setting GnuPG dir to '/var/lib/gvm/gvmd/gnupg'
util gpgme:MESSAGE:2020-03-15 14h58.24 utc:16948: Using OpenPGP engine version '2.2.4'
md   main:MESSAGE:2020-03-16 08h23.04 utc:22709:    Greenbone Vulnerability Manager version 9.0.0 (DB revision 221)
md manage:WARNING:2020-03-16 08h23.05 utc:22709: database must be initialised from scanner
util gpgme:MESSAGE:2020-03-16 08h23.05 utc:22709: Setting GnuPG dir to '/var/lib/gvm/gvmd/gnupg'
util gpgme:MESSAGE:2020-03-16 08h23.05 utc:22709: Using OpenPGP engine version '2.2.4'
md manage:WARNING:2020-03-16 08h23.11 utc:22741: manage_update_nvt_cache_osp: failed to connect to /var/run/ospd/ospd.sock
md manage:WARNING:2020-03-16 08h23.21 utc:22749: manage_update_nvt_cache_osp: failed to connect to /var/run/ospd/ospd.sock

==> /var/log/gvm/openvas.log <==
sd   main:MESSAGE:2020-03-12 16h51.42 utc:25298: The remote host ::1 is dead
lib  nasl:MESSAGE:2020-03-12 16h51.42 utc:25314: [25314](/var/lib/openvas/plugins/nmap.nasl:142) script_get_preference_file_content: could not get  size of file from preference File containing grepable results : 
sd   main:MESSAGE:2020-03-12 16h51.42 utc:25298: Finished testing ::1. Time : 0.08 secs
lib  nasl:MESSAGE:2020-03-12 16h51.46 utc:25371: [25371](/var/lib/openvas/plugins/gb_default_credentials_options.nasl:92) script_get_preference_file_content: could not get  size of file from preference Credentials file:
lib  nasl:MESSAGE:2020-03-12 16h52.28 utc:25962: Function ssh_login called from ssh_proto_version.nasl: Failed to set SSH key type 'rsa-sha2-512': Setting method: no algorithm for method "server host key algo" (rsa-sha2-512)
lib  nasl:MESSAGE:2020-03-12 16h52.28 utc:25962: Function ssh_login called from ssh_proto_version.nasl: Failed to set SSH key type 'rsa-sha2-256': Setting method: no algorithm for method "server host key algo" (rsa-sha2-256)
lib  nasl:MESSAGE:2020-03-12 17h12.30 utc:30281: [30281](/var/lib/openvas/plugins/Policy/gb_policy_cpe.nasl:65) script_get_preference_file_content: could not get  size of file from preference CPE List
sd   main:MESSAGE:2020-03-12 17h12.35 utc:25299: Finished testing 127.0.0.1. Time : 1252.43 secs
sd   main:MESSAGE:2020-03-12 17h12.35 utc:25261: Test complete
sd   main:MESSAGE:2020-03-12 17h12.35 utc:25261: Total time to scan all hosts : 1256 seconds

==> /var/log/gvm/ospd-scanner.log <==
2020-03-12 15:41:51,668 OSPD - openvas: ERROR: (ospd_openvas.daemon) OpenVAS Scanner failed to load NVTs. Command '['openvas', '--update-vt-info']' died with <Signals.SIGABRT: 6>.
2020-03-12 15:48:03,550 OSPD - openvas: ERROR: (ospd_openvas.daemon) OpenVAS Scanner failed to load NVTs. Command '['openvas', '--update-vt-info']' died with <Signals.SIGABRT: 6>.
2020-03-12 16:08:49,960 OSPD - openvas: ERROR: (ospd_openvas.daemon) OpenVAS Scanner failed to load NVTs. Command '['openvas', '--update-vt-info']' died with <Signals.SIGABRT: 6>.

I hope you can reproduce this issue with these information.

Regards, Andreas

root360-AndreasUlm commented 4 years ago

I checked the latest version of branch gsa-9.0 and this issue still exists.

bjoernricks commented 3 years ago

@swaterkamp could you take a look at this?

y0urself commented 3 years ago

@swaterkamp did you take a look at this?

swaterkamp commented 3 years ago

Yes, I looked at this and just didn't come back to you, yet, sorry.

So, from the issue description it's hard to tell "how" wrong the day count is, just from getting a duration (28 days) and an end date (Jun 8), without having a reference day/start day.

Either, the discrepancy is 1 day. If that is the case, it is expected behavior. If I create an override that is active for the next 2 days, it will be listed in the chart being active for 1 day. This is because there are no 2 full days left, but just 1 day plus some hours. This makes sense, because having an override going to deactivate in 5 minutes, but being listed as active for another day, may lead to some obvious issues.

Or, if the discrepancy is something else than one day, please update to a newer version like 21.04 and try again. I tested starting against 20.08 and can't find an issue with this, despite the 1 day described above.

I'm closing this, as I'm not able to reproduce and GSA-9.0 is no longer supported. If you still encounter the problem in 21.04, please open a new issue and provide information about the start date, end date, and duration for which the override should have been active.