Report outdated / end-of-life Scan Engine / Environment for version 21.4.3

[yu210148]

Hi all,

Noticed a message about the EOL of scan engine 21.4.3 in my results this morning. I'll test out a fix for the script to get it to pull the "Latest available openvas-scanner version: 21.4.4" and merge it in once I get a chance.

kev.

[yu210148]

Quick update: seems this is not as simple as updating the version numbers in the script. When I do the install step for gvm-libs fails with permission denied on /var/run. Seems the flag to install it to the different directory is no longer being respected for some reason that I haven't had a chance to investigate yet. Of course, with gvm-libs failing to install the other builds trust depend on it are failing.

I'll keep this thread updated as I work on this.

[yu210148]

Switched the builds to do their make install step as root and they seem to compile now in the issue 69 branch but the configure openvas step of the script is now failing. I'll need to do more investigation to find a fix for this.

[yu210148]

Ugg, okay, so got the above configure working again but it looks like the installation instructions for gsa suggest it's been changed considerably for version 21.4.4 from 21.4.3.

[yu210148]

How a change like this can be in a point release is beyond me.... 🙂

[yu210148]

This is going to take me some time to work out. I need to work out the new yarn based install for gsa. Preliminary testing shows it's a yarn command then a yarn build, then copy some files. With family commitments I don't have the time to devote to this that I'd like. If anyone smarter than me can take a look at the issue69 branch and send (a) pull request(s) that would be welcome. Otherwise I'll keep at it and post when I have more to share.

[yu210148]

Okay, looks like I've got yarn building gsa now in the issue69 branch. I get the following warnings (see below) during 'yarn build' but they don't seem to be fatal to the build process. I'm not particularly confident that this is going to work when it's done without more tweaking but it's certainly not going to work if it doesn't build so this is progress.

Next up there seems to be permission trouble running /opt/gvm/bin/gvm-manage-certs -a as the gvm user. Not sure if it would be better to run it as root or change the permissions/ownership of the directories but I wanted to note it here.

Here are the warning messages yarn build is showing me: warning "@greenbone/ui-components > bootstrap@4.6.0" has unmet peer dependency "jquery@1.9.1 - 3". warning "@greenbone/ui-components > bootstrap@4.6.0" has unmet peer dependency "popper.js@^1.16.1". warning "@greenbone/ui-components > styled-components@5.2.1" has unmet peer dependency "react-is@>= 16.8.0". warning " > babel-loader@8.1.0" has unmet peer dependency "webpack@>=2". warning "react-scripts > @typescript-eslint/eslint-plugin > tsutils@3.17.1" has unmet peer dependency "typescript@>=2.8.0 || >= 3.2.0-dev || >= 3.3.0-dev || >= 3.4.0-dev || >= 3.5.0-dev || >= 3.6.0-dev || >= 3.6.0-beta || >= 3.7.0-dev || >= 3.7.0-beta". warning "@storybook/react > react-docgen-typescript-plugin@0.6.2" has unmet peer dependency "typescript@>= 3.x". warning "@storybook/react > react-docgen-typescript-plugin > react-docgen-typescript@1.20.5" has unmet peer dependency typescript@>= 3.x". warning "@storybook/react > react-docgen-typescript-plugin > react-docgen-typescript-loader@3.7.2" has unmet peer dependency "typescript@*". warning " > @testing-library/user-event@13.1.9" has unmet peer dependency "@testing-library/dom@>=7.21.4". warning " > eslint-config-prettier@8.3.0" has unmet peer dependency "eslint@>=7.0.0".

[yu210148]

I suspect I'll need to add in the nodejs install as per the README at https://github.com/greenbone/gsa

Just want to note this for when I'm looking at why things aren't working later ;)

[GORGES]

Kevin, I just want to give you encouragement that your script is GREAT and I look forward to your excellent work in fixing it for 21.4.4. I tried myself to work around the /var/run/ directory problem, but it did not work, so I will again rely on your expertise. I did a blog article based on your script a year ago (https://gorges.us/blog/greenbone-vulnerability-scanner-setup/) referring to your script. Kudos!

[yu210148]

Thanks Matthew,

Hopefully I can get it sorted soon.

Kev.

On Tue, Mar 22, 2022, 6:33 PM Matthew Clark @.***> wrote:

Kevin, I just want to give you encouragement that your script is GREAT and I look forward to your excellent work in fixing it for 21.4.4. I tried myself to work around the /var/run/ directory problem, but it did not work, so I will again rely on your expertise. I did a blog article based on your script a year ago ( https://gorges.us/blog/greenbone-vulnerability-scanner-setup/) referring to your script. Kudos!

— Reply to this email directly, view it on GitHub https://github.com/yu210148/gvm_install/issues/69#issuecomment-1075713718, or unsubscribe https://github.com/notifications/unsubscribe-auth/AAKFY4NLP5LUIJ3QU4WHKRLVBJDDDANCNFSM5RDYP6CQ . You are receiving this because you authored the thread.Message ID: @.***>

[yu210148]

The script in the issue69 branch now completes up to the "Start OpenVAS Scanner, GSA and GVM services" bit which I'm having a look at. There's still more to do but at least it's building now.

[yu210148]

Ya, faliing in the "Start OpenVAS Scanner, GSA and GVM services" section with:

Successfully built ospd-openvas Installing collected packages: redis, paramiko, lxml, pyparsing, packaging, ospd-openvas Attempting uninstall: paramiko Found existing installation: paramiko 2.6.0 Not uninstalling paramiko at /usr/lib/python3/dist-packages, outside environment /usr Can't uninstall 'paramiko'. No files were found to uninstall. Attempting uninstall: lxml Found existing installation: lxml 4.5.0 Not uninstalling lxml at /usr/lib/python3/dist-packages, outside environment /usr Can't uninstall 'lxml'. No files were found to uninstall. Successfully installed lxml-4.8.0 ospd-openvas-21.4.4 packaging-20.9 paramiko-2.10.3 pyparsing-3.0.7 redis-3.5.3 export PYTHONPATH=/opt/gvm/lib/python3.8/site-packages /usr/bin/python3 /opt/gvm/bin/ospd-openvas --pid-file /opt/gvm/var/run/ospd-openvas.pid --log-file /opt/gvm/var/log/gvm/ospd-openvas.log --lock-file-dir /opt/gvm/var/run -u /opt/gvm/var/run/ospd.sock /opt/gvm/sbin/gvmd --osp-vt-update=/opt/gvm/var/run/ospd.sock sudo /opt/gvm/sbin/gsad sleep 10 Traceback (most recent call last): File "/opt/gvm/bin/ospd-openvas", line 8, in <module> sys.exit(main()) File "/opt/gvm/lib/python3.8/site-packages/ospd_openvas/daemon.py", line 1386, in main daemon_main('OSPD - openvas', OSPDopenvas) File "/opt/gvm/lib/python3.8/site-packages/ospd/main.py", line 103, in main init_logging( File "/opt/gvm/lib/python3.8/site-packages/ospd/logger.py", line 98, in init_logging fileConfig(config, disable_existing_loggers=False) File "/usr/lib/python3.8/logging/config.py", line 79, in fileConfig handlers = _install_handlers(cp, formatters) File "/usr/lib/python3.8/logging/config.py", line 145, in _install_handlers h = klass(*args, **kwargs) File "/usr/lib/python3.8/logging/__init__.py", line 1147, in __init__ StreamHandler.__init__(self, self._open()) File "/usr/lib/python3.8/logging/__init__.py", line 1176, in _open return open(self.baseFilename, self.mode, encoding=self.encoding) FileNotFoundError: [Errno 2] No such file or directory: '/opt/gvm/var/log/gvm/ospd-openvas.log' sudo: /opt/gvm/sbin/gsad: command not found

[yu210148]

Something odd when trying to start GVM in the script the /opt/gvm/sbin path doesn't exist. I'll need to check into this further.

[yu210148]

Dealt with an issue in my testing environment this morning where /tmp had been removed. Got that sorted.

The latest seems to be that the line that executes: /usr/bin/python3 /opt/gvm/bin/ospd-openvas --pid-file /opt/gvm/var/run/ospd-openvas.pid --log-file /opt/gvm/var/log/gvm/ospd-openvas.log --lock-file-dir /opt/gvm/var/run -u /opt/gvm/var/run/ospd.sock

is failing with: ModuleNotFoundError: No module named 'ospd_openvas'

[yu210148]

Looks like this may have something to do with $PYTHONPATH not being exported. When I did it manually it still fails but with something different:

Traceback (most recent call last): File "/opt/gvm/bin/ospd-openvas", line 8, in sys.exit(main()) File "/opt/gvm/lib/python3.8/site-packages/ospd_openvas/daemon.py", line 1386, in main daemon_main('OSPD - openvas', OSPDopenvas) File "/opt/gvm/lib/python3.8/site-packages/ospd/main.py", line 103, in main init_logging( File "/opt/gvm/lib/python3.8/site-packages/ospd/logger.py", line 98, in init_logging fileConfig(config, disable_existing_loggers=False) File "/usr/lib/python3.8/logging/config.py", line 79, in fileConfig handlers = _install_handlers(cp, formatters) File "/usr/lib/python3.8/logging/config.py", line 145, in _install_handlers h = klass(*args, **kwargs) File "/usr/lib/python3.8/logging/init.py", line 1147, in init StreamHandler.init(self, self._open()) File "/usr/lib/python3.8/logging/init.py", line 1176, in _open return open(self.baseFilename, self.mode, encoding=self.encoding) FileNotFoundError: [Errno 2] No such file or directory: '/opt/gvm/var/log/gvm/ospd-openvas.log'

[yu210148]

If I manually create that file/path it fails with the following:

gvm@gvm21:~/var/log/gvm$ /usr/bin/python3 /opt/gvm/bin/ospd-openvas --pid-file /opt/gvm/var/run/ospd-openvas.pid --log-file /opt/gvm/var/log/gvm/ospd-openvas.log --lock-file-dir /opt/gvm/var/run -u /opt/gvm/var/run/ospd.sock Error in atexit._run_exitfuncs: Traceback (most recent call last): File "/opt/gvm/lib/python3.8/site-packages/ospd/main.py", line 83, in exit_cleanup server.close() File "/opt/gvm/lib/python3.8/site-packages/ospd/server.py", line 231, in close super().close() File "/opt/gvm/lib/python3.8/site-packages/ospd/server.py", line 149, in close self.server.shutdown() AttributeError: 'NoneType' object has no attribute 'shutdown'

[yu210148]

I suspect the answer to this may be in https://github.com/greenbone/ospd-openvas. I'll investigate when I can.

[GORGES]

Kevin, I'm monitoring your progress, and appreciate your work!! Thank you!!

[schneemass]

Hi, maybe two links that will help you: https://greenbone.github.io/docs/gvm-21.04/index.html#ospd-openvas -- the complete manual installation works fine :-)

https://community.greenbone.net/t/gvm-release-version-21-4-4/11506 -- Current version numbers of the source code releases and repository links: gsa v21.4.4 gsad v21.4.4 gvmd v21.4.5 gvm-libs v21.4.4 openvas-scanner v21.4.4 ospd-openvas v21.4.4

Best greetings from Allgäu

[fpfbabes]

I suspect the answer to this may be in https://github.com/greenbone/ospd-openvas. I'll investigate when I can.

Hi Kevin, I'm monitoring your progress, and appreciate your work!! im stuck with this new build as well

Thank you!!

[yu210148]

I've updated the gvmd version and added in additional package dependencies that were listed in the greenbone repositories. Also fixed a few other bugs that I introduced while doing that; however, the original issue with the python traceback persists. I'll continue reading and troubleshooting as time permits. Just wanted to note that I haven't given up on this yet. Oh, I also added a note in the readme. Hopefully anyone finding this will see it before they end up installing an EOL version :)

[yu210148]

Just rebuilt the thing manually this morning using the steps at https://greenbone.github.io/docs/gvm-21.04/index.html--Thanks schneemass, and while it doesn't have an encrypted https connection to the web interface it does work. It's not immediately clear to me what is different between what this script is doing and what I did manually however, it does give me something to go on. I'm thinking what I'll do is re-write the thing based on those instructions. It'll break the version 20 install but I doubt anyone would want to use that anyway.

If I can manage to get it working that way I'll then see if I can sort out what's involved to get it to use https. If anyone has any thoughts on that and can post them that would be helpful.

Thanks everyone.

kev.

[GORGES]

Hi - I listed the steps that I took to add an SSL certificate to the community install in a blog article a year ago:

https://gorges.us/blog/greenbone-vulnerability-scanner-setup/

Thank you for your hard work, Kev! I will probably attempt the manual install within a week or so.

[yu210148]

Thanks Matt,

Yes, I was a bit surprised at how relatively straightforward the manual install was. I pretty much just copied and pasted the commands from the guide and it went smoothly aside from a couple of spots (postgres 12 rather than 11 for example).

Kev.

On Mon, Mar 28, 2022, 1:53 PM Matthew Clark @.***> wrote:

Hi - I listed the steps that I took to add an SSL certificate to the community install in a blog article a year ago:

https://gorges.us/blog/greenbone-vulnerability-scanner-setup/

Thank you for your hard work, Kev! I will probably attempt the manual install within a week or so.

— Reply to this email directly, view it on GitHub https://github.com/yu210148/gvm_install/issues/69#issuecomment-1080964430, or unsubscribe https://github.com/notifications/unsubscribe-auth/AAKFY4OQZJ6NQCVZHGMTVMTVCHWZ5ANCNFSM5RDYP6CQ . You are receiving this because you were assigned.Message ID: @.***>

[fpfbabes]

Started over from scratch.

I found this errors Reading state information... Done E: Unable to locate package postgresql-server-dev-11 Let me try with Postgres12, I just replaced it with sudo apt install -y postgresql that seemed to get me going but got stuck bellow

-- No package 'libical' found CMake Error at /usr/share/cmake-3.16/Modules/FindPkgConfig.cmake:463 (message): A required package was not found Call Stack (most recent call first): /usr/share/cmake-3.16/Modules/FindPkgConfig.cmake:643 (_pkg_check_modules_internal) src/CMakeLists.txt:35 (pkg_check_modules)

-- Configuring incomplete, errors occurred! See also "/home/fferreira/build/gvmd/CMakeFiles/CMakeOutput.log". See also "/home/fferreira/build/gvmd/CMakeFiles/CMakeError.log".

---

From: Kevin Lucas @.> Sent: March 28, 2022 8:45 PM To: yu210148/gvm_install @.> Cc: fpfbabes @.>; Comment @.> Subject: Re: [yu210148/gvm_install] Report outdated / end-of-life Scan Engine / Environment for version 21.4.3 (Issue #69)

Thanks Matt,

Yes, I was a bit surprised at how relatively straightforward the manual install was. I pretty much just copied and pasted the commands from the guide and it went smoothly aside from a couple of spots (postgres 12 rather than 11 for example).

Kev.

On Mon, Mar 28, 2022, 1:53 PM Matthew Clark @.***> wrote:

Hi - I listed the steps that I took to add an SSL certificate to the community install in a blog article a year ago:

https://gorges.us/blog/greenbone-vulnerability-scanner-setup/

Thank you for your hard work, Kev! I will probably attempt the manual install within a week or so.

— Reply to this email directly, view it on GitHub https://github.com/yu210148/gvm_install/issues/69#issuecomment-1080964430, or unsubscribe https://github.com/notifications/unsubscribe-auth/AAKFY4OQZJ6NQCVZHGMTVMTVCHWZ5ANCNFSM5RDYP6CQ . You are receiving this because you were assigned.Message ID: @.***>

— Reply to this email directly, view it on GitHubhttps://github.com/yu210148/gvm_install/issues/69#issuecomment-1081125159, or unsubscribehttps://github.com/notifications/unsubscribe-auth/AWTZBGGKBLY2VXQBFAOEFHDVCIK75ANCNFSM5RDYP6CQ. You are receiving this because you commented.Message ID: @.***>

[Chris-P-BirdDog]

Hi Kevin - Thank you for all your work on this - It is most appreciated! Wondering if this could help for installing Postgres 11 - As opposed to getting 12 to work : https://www.howtodojo.com/install-postgresql-11-on-ubuntu-20-04/

Cheers.

[yu210148]

Hi all,

I don't think I ran into the 'libical' issue above and it seemed to work for me manually with posgresql 12 in my testing environment when I did it manually. I've had a bit of time this morning and done a re-write in the branch for this issue. I'm just testing it for the first time in a VM. There are a couple of bugs so far involving the 'su'ing' to different users.

kev.

[fpfbabes]

Wait I think I found it

Installing Greenbone for Vulnerability Assessment Scanning | GORGES Webhttps://gorges.us/blog/greenbone-vulnerability-scanner-setup/

OMG what a drastic change I still won't know if it works, I'm getting ready to start all over again.

---

From: FPF Babes @.> Sent: March 29, 2022 5:11 PM To: yu210148/gvm_install @.>; yu210148/gvm_install @.> Cc: Comment @.> Subject: Re: [yu210148/gvm_install] Report outdated / end-of-life Scan Engine / Environment for version 21.4.3 (Issue #69)

Yeah, I know what happened. it had to do with the me not using the postgres dev.

I managed to get this installed, but ran into this.

1. issue but didn't seem to impact me is an optional
2. I couldn't install python-impacket.
3. this is an option package for openvas-scanner
4. The other was with "Systemd service file for gsad"
5. At first i left this as is * cat << EOF > $BUILD_DIR/gsad.service [Unit] Description=Greenbone Security Assistant daemon (gsad) Documentation=man:gsad(8) https://www.greenbone.net After=network.target gvmd.service Wants=gvmd.service

[Service] Type=forking User=gvm Group=gvm RuntimeDirectory=gsad RuntimeDirectoryMode=2775 PIDFile=/run/gsad/gsad.pid ExecStart=/usr/local/sbin/gsad --listen=127.0.0.1 --port=9392 --http-only Restart=always TimeoutStopSec=10

[Install] WantedBy=multi-user.target Alias=greenbone-security-assistant.service EOF

6. when this would let me connect from another pc using a browser, I changed the gsad.service file so it was listening on the servers IP. After I started the service, at first everything was good, but after it just stopped working.

When I mean stopped, to the point that we can't ssh back to the server. Back to starting over again.

For others computers to connect did you have to change gsad.service?

---

From: Kevin Lucas @.> Sent: March 29, 2022 2:56 PM To: yu210148/gvm_install @.> Cc: fpfbabes @.>; Comment @.> Subject: Re: [yu210148/gvm_install] Report outdated / end-of-life Scan Engine / Environment for version 21.4.3 (Issue #69)

Hi all,

I don't think I ran into the 'libical' issue above and it seemed to work for me manually with posgresql 12 in my testing environment when I did it manually. I've had a bit of time this morning and done a re-write in the branch for this issue. I'm just testing it for the first time in a VM. There are a couple of bugs so far involving the 'su'ing' to different users.

kev.

— Reply to this email directly, view it on GitHubhttps://github.com/yu210148/gvm_install/issues/69#issuecomment-1081976346, or unsubscribehttps://github.com/notifications/unsubscribe-auth/AWTZBGHGSAMKEI6XOMQKLWDVCMK3NANCNFSM5RDYP6CQ. You are receiving this because you commented.Message ID: @.***>

[yu210148]

Ya, this is a mess. I'll keep at it but anyone who needs this in a hurry should just do a manual build as best they can IMHO.

Kev.

On Tue, Mar 29, 2022, 1:30 PM fpfbabes @.***> wrote:

Wait I think I found it

Installing Greenbone for Vulnerability Assessment Scanning | GORGES Web< https://gorges.us/blog/greenbone-vulnerability-scanner-setup/>

OMG what a drastic change I still won't know if it works, I'm getting ready to start all over again.

---

From: FPF Babes @.> Sent: March 29, 2022 5:11 PM To: yu210148/gvm_install @.>; yu210148/gvm_install @.> Cc: Comment @.> Subject: Re: [yu210148/gvm_install] Report outdated / end-of-life Scan Engine / Environment for version 21.4.3 (Issue #69)

Yeah, I know what happened. it had to do with the me not using the postgres dev.

I managed to get this installed, but ran into this.

1. issue but didn't seem to impact me is an optional
2. I couldn't install python-impacket.
3. this is an option package for openvas-scanner
4. The other was with "Systemd service file for gsad"
5. At first i left this as is * cat << EOF > $BUILD_DIR/gsad.service [Unit] Description=Greenbone Security Assistant daemon (gsad) Documentation=man:gsad(8) https://www.greenbone.net After=network.target gvmd.service Wants=gvmd.service

[Service] Type=forking User=gvm Group=gvm RuntimeDirectory=gsad RuntimeDirectoryMode=2775 PIDFile=/run/gsad/gsad.pid ExecStart=/usr/local/sbin/gsad --listen=127.0.0.1 --port=9392 --http-only Restart=always TimeoutStopSec=10

[Install] WantedBy=multi-user.target Alias=greenbone-security-assistant.service EOF

6. when this would let me connect from another pc using a browser, I changed the gsad.service file so it was listening on the servers IP. After I started the service, at first everything was good, but after it just stopped working.

When I mean stopped, to the point that we can't ssh back to the server. Back to starting over again.

For others computers to connect did you have to change gsad.service?

---

From: Kevin Lucas @.> Sent: March 29, 2022 2:56 PM To: yu210148/gvm_install @.> Cc: fpfbabes @.>; Comment @.> Subject: Re: [yu210148/gvm_install] Report outdated / end-of-life Scan Engine / Environment for version 21.4.3 (Issue #69)

Hi all,

I don't think I ran into the 'libical' issue above and it seemed to work for me manually with posgresql 12 in my testing environment when I did it manually. I've had a bit of time this morning and done a re-write in the branch for this issue. I'm just testing it for the first time in a VM. There are a couple of bugs so far involving the 'su'ing' to different users.

kev.

— Reply to this email directly, view it on GitHub< https://github.com/yu210148/gvm_install/issues/69#issuecomment-1081976346>, or unsubscribe< https://github.com/notifications/unsubscribe-auth/AWTZBGHGSAMKEI6XOMQKLWDVCMK3NANCNFSM5RDYP6CQ

. You are receiving this because you commented.Message ID: @.***>

— Reply to this email directly, view it on GitHub https://github.com/yu210148/gvm_install/issues/69#issuecomment-1082170502, or unsubscribe https://github.com/notifications/unsubscribe-auth/AAKFY4M6KNGLWGOSRGNNTADVCM42XANCNFSM5RDYP6CQ . You are receiving this because you were assigned.Message ID: @.***>

[brettahaines]

@fpfbabes If you are installing manually, check out the link below since the official directions look to have typos around postgresql 11 to 13 on Debian 11 and also python-impacket to python3-impacket

https://community.greenbone.net/t/discussion-gvm-release-version-21-4-4/11785/21

[yu210148]

Yes, thanks! I had forgotten about python-impacket vs. python3-impacket in the script re-write.

kev.

On Tue, Mar 29, 2022 at 2:49 PM brettahaines @.***> wrote:

@fpfbabes https://github.com/fpfbabes If you are installing manually, check out the link below since the official directions look to have typos around postgresql 11 to 13 on Debian 11 and also python-impacket to python3-impacket

https://community.greenbone.net/t/discussion-gvm-release-version-21-4-4/11785/21

— Reply to this email directly, view it on GitHub https://github.com/yu210148/gvm_install/issues/69#issuecomment-1082252169, or unsubscribe https://github.com/notifications/unsubscribe-auth/AAKFY4LHOMCZFGFND32J7N3VCNGE5ANCNFSM5RDYP6CQ . You are receiving this because you were assigned.Message ID: @.***>

[fpfbabes]

Kevin

I figured out how to get https working This is what you need to do

I did the following right after synchronizing the feeds

https://www.libellux.com/openvas/#generate-gvm-certificatesGenerate GVM certificates

Once you've finished the feed synchronisation, generate GVM certificates.

sudo -u gvm gvm-manage-certs -a

change the "x.x.x.x" to reflect the ip of the server This is what the gsad.service file should look like

cat << EOF > $BUILD_DIR/gsad.service [Unit] Description=Greenbone Security Assistant daemon (gsad) Documentation=man:gsad(8) https://www.greenbone.net After=network.target gvmd.service Wants=gvmd.service

[Service] Type=forking User=gvm Group=gvm RuntimeDirectory=gsad RuntimeDirectoryMode=2775 PIDFile=/run/gsad/gsad.pid ExecStart=/usr/local/sbin/gsad --listen=x.x.x.x --port=9392 Resestart=always TimeoutStopSec=10

[Install] WantedBy=multi-user.target EOF

Hope this helps folks The unfortunate is it doesn't seem to work with the FQDN for the server.

Because this is working, I'm not going to play anymore with this.

---

From: Kevin Lucas @.> Sent: March 29, 2022 7:22 PM To: yu210148/gvm_install @.> Cc: fpfbabes @.>; Mention @.> Subject: Re: [yu210148/gvm_install] Report outdated / end-of-life Scan Engine / Environment for version 21.4.3 (Issue #69)

Yes, thanks! I had forgotten about python-impacket vs. python3-impacket in the script re-write.

kev.

On Tue, Mar 29, 2022 at 2:49 PM brettahaines @.***> wrote:

@fpfbabes https://github.com/fpfbabes If you are installing manually, check out the link below since the official directions look to have typos around postgresql 11 to 13 on Debian 11 and also python-impacket to python3-impacket

https://community.greenbone.net/t/discussion-gvm-release-version-21-4-4/11785/21

— Reply to this email directly, view it on GitHub https://github.com/yu210148/gvm_install/issues/69#issuecomment-1082252169, or unsubscribe https://github.com/notifications/unsubscribe-auth/AAKFY4LHOMCZFGFND32J7N3VCNGE5ANCNFSM5RDYP6CQ . You are receiving this because you were assigned.Message ID: @.***>

— Reply to this email directly, view it on GitHubhttps://github.com/yu210148/gvm_install/issues/69#issuecomment-1082286109, or unsubscribehttps://github.com/notifications/unsubscribe-auth/AWTZBGE5PXKZUYSUNUWDKKDVCNKAJANCNFSM5RDYP6CQ. You are receiving this because you were mentioned.Message ID: @.***>

[yu210148]

Cool, I think Alex may have worked this out. I've merged his pull request and ran it earlier this afternoon. I'm in the waiting period now to see if it all sorts itself out. The builds looked good so my fingers are crossed.

Kev.

On Wed, Mar 30, 2022, 6:59 PM fpfbabes @.***> wrote:

Kevin

I figured out how to get https working This is what you need to do

I did the following right after synchronizing the feeds

https://www.libellux.com/openvas/#generate-gvm-certificatesGenerate

GVM certificates

Once you've finished the feed synchronisation, generate GVM certificates.

sudo -u gvm gvm-manage-certs -a

change the "x.x.x.x" to reflect the ip of the server This is what the gsad.service file should look like

cat << EOF > $BUILD_DIR/gsad.service [Unit] Description=Greenbone Security Assistant daemon (gsad) Documentation=man:gsad(8) https://www.greenbone.net After=network.target gvmd.service Wants=gvmd.service

[Service] Type=forking User=gvm Group=gvm RuntimeDirectory=gsad RuntimeDirectoryMode=2775 PIDFile=/run/gsad/gsad.pid ExecStart=/usr/local/sbin/gsad --listen=x.x.x.x --port=9392 Resestart=always TimeoutStopSec=10

[Install] WantedBy=multi-user.target EOF

Hope this helps folks The unfortunate is it doesn't seem to work with the FQDN for the server.

Because this is working, I'm not going to play anymore with this.

---

From: Kevin Lucas @.> Sent: March 29, 2022 7:22 PM To: yu210148/gvm_install @.> Cc: fpfbabes @.>; Mention @.> Subject: Re: [yu210148/gvm_install] Report outdated / end-of-life Scan Engine / Environment for version 21.4.3 (Issue #69)

Yes, thanks! I had forgotten about python-impacket vs. python3-impacket in the script re-write.

kev.

On Tue, Mar 29, 2022 at 2:49 PM brettahaines @.***> wrote:

@fpfbabes https://github.com/fpfbabes If you are installing manually, check out the link below since the official directions look to have typos around postgresql 11 to 13 on Debian 11 and also python-impacket to python3-impacket

https://community.greenbone.net/t/discussion-gvm-release-version-21-4-4/11785/21

— Reply to this email directly, view it on GitHub < https://github.com/yu210148/gvm_install/issues/69#issuecomment-1082252169 , or unsubscribe < https://github.com/notifications/unsubscribe-auth/AAKFY4LHOMCZFGFND32J7N3VCNGE5ANCNFSM5RDYP6CQ

. You are receiving this because you were assigned.Message ID: @.***>

— Reply to this email directly, view it on GitHub< https://github.com/yu210148/gvm_install/issues/69#issuecomment-1082286109>, or unsubscribe< https://github.com/notifications/unsubscribe-auth/AWTZBGE5PXKZUYSUNUWDKKDVCNKAJANCNFSM5RDYP6CQ

. You are receiving this because you were mentioned.Message ID: @.***>

— Reply to this email directly, view it on GitHub https://github.com/yu210148/gvm_install/issues/69#issuecomment-1083721706, or unsubscribe https://github.com/notifications/unsubscribe-auth/AAKFY4NU4CJ53VLHR454XOTVCTMERANCNFSM5RDYP6CQ . You are receiving this because you were assigned.Message ID: @.***>

[Chris-P-BirdDog]

Hi - Tested the new script and it worked - Was playing Def Leppard at the time - Not sure if that helped the build, but just in case it did :)

Ran a test scan and it completed without the nagging "EoL" vuln. Do think its strange that from the UI / Help / About, it lists the version as: Version 21.4.3 Also - Within UI / Admin / Feed Status, the GVMD_DATA feed is Too Old, 20220128T1556 (over 60 days old) - The rest of the feeds are current.

Thanks again, Kevin!

[yu210148]

Good to know. I've been caught up with other things this evening so haven't been able to check it out. Tell me though was it "On Through The Night" you were playing it or something 'newer' like "Retro Active"? If it was 'X' I might be inclined to leave it in a non-working state. 🙂

Kev.

On Wed, Mar 30, 2022, 7:32 PM Chris-P-BirdDog @.***> wrote:

Hi - Tested the new script and it worked - Was playing Def Leppard at the time - Not sure if that helped the build, but just in case it did :)

Ran a test scan and it completed without the nagging "EoL" vuln. Do think its strange that from the UI / Help / About, it lists the version as: Version 21.4.3 Also - Within UI / Admin / Feed Status, the GVMD_DATA feed is Too Old, 20220128T1556 (over 60 days old) - The rest of the feeds are current.

Thanks again, Kevin!

— Reply to this email directly, view it on GitHub https://github.com/yu210148/gvm_install/issues/69#issuecomment-1083767931, or unsubscribe https://github.com/notifications/unsubscribe-auth/AAKFY4MWKTEGQJMGMPQFN3DVCTQABANCNFSM5RDYP6CQ . You are receiving this because you were assigned.Message ID: @.***>

[Chris-P-BirdDog]

It was mostly the Hysteria / Pyromania time range.

Chris

[yu210148]

I ran into Issue 26 again with the new setup so I had to create a new scan config but otherwise, it appears to be working. Thanks alexmateescu Going to close this off we can re-open it if needed down the road.

[fpfbabes]

HI Kevin, I'm confused, you said you followed the instructions and it worked.

I'm getting the following error message when I get to gvm-libshttps://greenbone.github.io/docs/gvm-21.04/index.html#id95 executing the following comand tar -C $SOURCE_DIR -xvzf $SOURCE_DIR/gvm-libs-$GVM_LIBS_VERSION.tar.gz tar: You must specify one of the '-Acdtrux', '--delete' or '--test-label' options Try 'tar --help' or 'tar --usage' for more information.

---

From: Kevin Lucas @.> Sent: March 28, 2022 5:20 PM To: yu210148/gvm_install @.> Cc: fpfbabes @.>; Comment @.> Subject: Re: [yu210148/gvm_install] Report outdated / end-of-life Scan Engine / Environment for version 21.4.3 (Issue #69)

Just rebuilt the thing manually this morning using the steps at [url]https://greenbone.github.io/docs/gvm-21.04/index.html--Thanks schneemass, and while it doesn't have an encrypted https connection to the web interface it does work. It's not immediately clear to me what is different between what this script is doing and what I did manually however, it does give me something to go on. I'm thinking what I'll do is re-write the thing based on those instructions. It'll break the version 20 install but I doubt anyone would want to use that anyway.

If I can manage to get it working that way I'll then see if I can sort out what's involved to get it to use https. If anyone has any thoughts on that and can post them that would be helpful.

Thanks everyone.

kev.

— Reply to this email directly, view it on GitHubhttps://github.com/yu210148/gvm_install/issues/69#issuecomment-1080934368, or unsubscribehttps://github.com/notifications/unsubscribe-auth/AWTZBGAEVZ4MDSVOAZGQH7DVCHS5HANCNFSM5RDYP6CQ. You are receiving this because you commented.Message ID: @.***>

[yu210148]

Thanks, I'll have a look at those.

Kev.

On Fri, Mar 25, 2022, 12:26 PM schneemass @.***> wrote:

Hi, maybe two links that will help you: https://greenbone.github.io/docs/gvm-21.04/index.html#ospd-openvas -- the manual installation works fine https://community.greenbone.net/t/gvm-release-version-21-4-4/11506 -- Current version numbers of the source code releases and repository links: gsa v21.4.4 67 gsad v21.4.4 18 gvmd v21.4.5 26 gvm-libs v21.4.4 14 openvas-scanner v21.4.4 68 ospd-openvas v21.4.4 22

Best greetings from Allgäu

— Reply to this email directly, view it on GitHub https://github.com/yu210148/gvm_install/issues/69#issuecomment-1079192927, or unsubscribe https://github.com/notifications/unsubscribe-auth/AAKFY4JUHHMRCL6WRUS3HDLVBXSNBANCNFSM5RDYP6CQ . You are receiving this because you were assigned.Message ID: @.***>

[yu210148]

Thanks Matt, my kid ensures that I only get a bit of time each day to work on it but I feel like I'm making progress. This latest thing with the Python traceback is troubling though.

Kev.

On Fri, Mar 25, 2022, 9:07 AM Matthew Clark @.***> wrote:

Kevin, I'm monitoring your progress, and appreciate your work!! Thank you!!

— Reply to this email directly, view it on GitHub https://github.com/yu210148/gvm_install/issues/69#issuecomment-1079010187, or unsubscribe https://github.com/notifications/unsubscribe-auth/AAKFY4KXAYIVBEHDK5CVPIDVBW27TANCNFSM5RDYP6CQ . You are receiving this because you were assigned.Message ID: @.***>

[fpfbabes]

Yeah, I know what happened. it had to do with the me not using the postgres dev.

I managed to get this installed, but ran into this.

1. issue but didn't seem to impact me is an optional
2. I couldn't install python-impacket.
3. this is an option package for openvas-scanner
4. The other was with "Systemd service file for gsad"
5. At first i left this as is * cat << EOF > $BUILD_DIR/gsad.service [Unit] Description=Greenbone Security Assistant daemon (gsad) Documentation=man:gsad(8) https://www.greenbone.net After=network.target gvmd.service Wants=gvmd.service

[Service] Type=forking User=gvm Group=gvm RuntimeDirectory=gsad RuntimeDirectoryMode=2775 PIDFile=/run/gsad/gsad.pid ExecStart=/usr/local/sbin/gsad --listen=127.0.0.1 --port=9392 --http-only Restart=always TimeoutStopSec=10

[Install] WantedBy=multi-user.target Alias=greenbone-security-assistant.service EOF

6. when this would let me connect from another pc using a browser, I changed the gsad.service file so it was listening on the servers IP. After I started the service, at first everything was good, but after it just stopped working.

When I mean stopped, to the point that we can't ssh back to the server. Back to starting over again.

For others computers to connect did you have to change gsad.service?

---

From: Kevin Lucas @.> Sent: March 29, 2022 2:56 PM To: yu210148/gvm_install @.> Cc: fpfbabes @.>; Comment @.> Subject: Re: [yu210148/gvm_install] Report outdated / end-of-life Scan Engine / Environment for version 21.4.3 (Issue #69)

Hi all,

I don't think I ran into the 'libical' issue above and it seemed to work for me manually with posgresql 12 in my testing environment when I did it manually. I've had a bit of time this morning and done a re-write in the branch for this issue. I'm just testing it for the first time in a VM. There are a couple of bugs so far involving the 'su'ing' to different users.

kev.

— Reply to this email directly, view it on GitHubhttps://github.com/yu210148/gvm_install/issues/69#issuecomment-1081976346, or unsubscribehttps://github.com/notifications/unsubscribe-auth/AWTZBGHGSAMKEI6XOMQKLWDVCMK3NANCNFSM5RDYP6CQ. You are receiving this because you commented.Message ID: @.***>