Migration Openvas 5 => 7 Kali Linux
Bonjour à tous, Un petit article en passant … Quand j’ai mis à jour Kali Linux j’ai vu que le paquet Openvas7 était disponible ! Pour rappel ou information Openvas est un scanneur de vulnérabilités (fork de l’excellent Nessus) open-source et gratuit. Pourquoi s’en priver ? :D Openvas 7 rajoute pas mal de nouvelles fonctionnalités comme une interface différente lors de la navigation dans les résultats, l’ajout de groupes d’accès, des nouvelles actions prédéfinies … Les changements complets se trouvent ici : Lien
Pour entrer dans le vif du sujet :
Tout commence par un :
apt-get update
Suivi par un :
apt-get upgrade
La mise à jour se déroule sans soucis, juste à un moment il risque à vous demander si vous voulez mettre à jour le fichier de conf du Greenbone assistant :
update-rc.d: warning: default start runlevel arguments (2 3 4 5) do not match openvas-scanner Default-Start values (none)
insserv: warning: current stop runlevel(s) (0 6) of script `openvas-scanner' overrides LSB defaults (0 1 6).
Setting up greenbone-security-assistant (5.0.1-0kali3) ...
Configuration file `/etc/default/greenbone-security-assistant'
==> Modified (by you or by a script) since installation.
==> Package distributor has shipped an updated version.
What would you like to do about it ? Your options are:
Y or I : install the package maintainer's version
N or O : keep your currently-installed version
D : show the differences between the versions
Z : start a shell to examine the situation
The default action is to keep your current version.
*** greenbone-security-assistant (Y/I/N/O/D/Z) [default=N] ? D
Configuration file `/etc/default/greenbone-security-assistant'
==> Modified (by you or by a script) since installation.
==> Package distributor has shipped an updated version.
What would you like to do about it ? Your options are:
Y or I : install the package maintainer's version
N or O : keep your currently-installed version
D : show the differences between the versions
Z : start a shell to examine the situation
The default action is to keep your current version.
*** greenbone-security-assistant (Y/I/N/O/D/Z) [default=N] ?
Installing new version of config file /etc/init.d/greenbone-security-assistant ...
J’ai regardé le diff il n’y a pas grands chose qui change mais si vous avez tweaké vous même la configuration : mieux vaut faire attention …
Une fois tout ça terminé vient le moment ou on relance les services …. et là PAF !
root@kali-server:~# openvas-start
Starting OpenVas Services
Starting Greenbone Security Assistant: gsad.
Starting OpenVAS Scanner: ERROR.
Starting OpenVAS Manager: ERROR.
root@kali-server:~# openvas-stop
Stopping OpenVas Services
Stopping Greenbone Security Assistant: gsad.
Stopping OpenVAS Scanner: openvassd.
Stopping OpenVAS Manager: openvasmd.
root@kali-server:~# openvas-start
Starting OpenVas Services
Starting Greenbone Security Assistant: gsad.
Starting OpenVAS Scanner: openvassd.
Starting OpenVAS Manager: ERROR.
Bon ca sent pas bon, un tour dans les logs et il m’indique une erreur de database.
Je lance l’utilitaire openvas-check-setup :
root@kali-server:~# openvas-check-setup
openvas-check-setup 2.2.5
Test completeness and readiness of OpenVAS-7
(add '--v4', '--v5', '--v6' or '--v8'
if you want to check for another OpenVAS version)
Please report us any non-detected problems and
help us to improve this check routine:
http://lists.wald.intevation.org/mailman/listinfo/openvas-discuss
Send us the log-file (/tmp/openvas-check-setup.log) to help analyze the problem.
Use the parameter --server to skip checks for client tools
like GSD and OpenVAS-CLI.
Step 1: Checking OpenVAS Scanner ...
OK: OpenVAS Scanner is present in version 4.0.2.
OK: OpenVAS Scanner CA Certificate is present as /var/lib/openvas/CA/cacert.pem.
OK: NVT collection in /var/lib/openvas/plugins contains 36139 NVTs.
WARNING: Signature checking of NVTs is not enabled in OpenVAS Scanner.
SUGGEST: Enable signature checking (see http://www.openvas.org/trusted-nvts.html).
OK: The NVT cache in /var/cache/openvas contains 36140 files for 36139 NVTs.
Step 2: Checking OpenVAS Manager ...
OK: OpenVAS Manager is present in version 5.0.2.
OK: OpenVAS Manager client certificate is present as /var/lib/openvas/CA/clientcert.pem.
OK: OpenVAS Manager database found in /var/lib/openvas/mgr/tasks.db.
OK: Access rights for the OpenVAS Manager database are correct.
OK: sqlite3 found, extended checks of the OpenVAS Manager installation enabled.
OK: OpenVAS Manager database is at revision 74.
OK: OpenVAS Manager expects database at revision 123.
ERROR: Database schema is out of date.
FIX: Run 'openvasmd --migrate'.
ERROR: Your OpenVAS-7 installation is not yet complete!
Please follow the instructions marked with FIX above and run this
script again.
If you think this result is wrong, please report your observation
and help us to improve this check routine:
http://lists.wald.intevation.org/mailman/listinfo/openvas-discuss
Please attach the log-file (/tmp/openvas-check-setup.log) to help us analyze the problem.
Et la solution apparait enfin, alleluia !
openvasmd --migrate
Pour obtenir enfin :
root@kali-server:~# openvas-start
Starting OpenVas Services
Starting Greenbone Security Assistant: gsad.
Starting OpenVAS Scanner: openvassd.
Starting OpenVAS Manager: openvasmd.
Et voilà !
i have the same problem but when i do openvasmd –migrate -v i have :
md main: DEBUG:21132:2014-10-26 23h08.26 CET: sql: ATTACH DATABASE ‘/var/lib/openvas/scap-data/scap.db’ AS scap;
md main: DEBUG:21132:2014-10-26 23h08.26 CET: sql: ATTACH DATABASE ‘/var/lib/openvas/cert-data/cert.db’ AS cert;
md main: DEBUG:21132:2014-10-26 23h08.26 CET: sql_x: SELECT count (*) FROM main.sqlite_master WHERE type = ‘table’ AND name = ‘meta’;
md main: DEBUG:21132:2014-10-26 23h08.26 CET: sql_x end
md main: DEBUG:21132:2014-10-26 23h08.26 CET: sql_x: SELECT value FROM main.meta WHERE name = ‘database_version’ LIMIT 1;
md main: DEBUG:21132:2014-10-26 23h08.26 CET: sql_x end
and nothing change….
always ERROR: Database schema is out of date.
what i can do?
Hello,
On which platform are you trying to update Openvas ?
Did you try a « killall openv* » then « openvas –rebuild » then « openvas –update » then « openvas –migrate » ?
Did you check the syslog, dmesg or messages log ?
Regards,