- html - 出于某种原因,IE8 对我的 Sass 文件中继承的 html5 CSS 不友好?
- JMeter 在响应断言中使用 span 标签的问题
- html - 在 :hover and :active? 上具有不同效果的 CSS 动画
- html - 相对于居中的 html 内容固定的 CSS 重复背景?
所以我的 Open VAS 安装证书已过期。因此,我在尝试运行扫描时收到以下错误。
操作:启动任务状态代码:503状态消息:服务暂时关闭
我尝试重新创建证书:
me@ovas:~$ sudo /usr/sbin/openvas-mkcert -q -f
[sudo] password for me:
me@ovas:~$ sudo /usr/bin/openvas-mkcert-client -n -i
Generating RSA private key, 4096 bit long modulus
........................++
..................................................................................++
e is 65537 (0x10001)
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [DE]:State or Province Name (full name) [Some-State]:Locality Name (eg, city) []:Organization Name (eg, company) [Internet Widgits Pty Ltd]:Organizational Unit Name (eg, section) []:Common Name (eg, your name or your server's hostname) []:Email Address []:Using configuration from /tmp/openvas-mkcert-client.28853/stdC.cnf
Check that the request matches the signature
Signature ok
The Subject's Distinguished Name is as follows
countryName :PRINTABLE:'DE'
localityName :ASN.1 12:'Berlin'
commonName :ASN.1 12:'om'
Certificate is to be certified until Dec 5 12:38:09 2017 GMT (365 days)
Write out database with 1 new entries
Data Base Updated
me@ovas:~$
然后重新启动...
然后,Web 界面的一个已正确切换,但扫描仪的似乎未正确切换?
这在日志中:
lib serv:警告:2016-12-05 12h41.23 UTC:1533: 无法与对等方握手:TLS 连接未正确终止。事件任务:MESSAGE:2016-12-05 12h41.23 UTC:1533:管理员无法启动 target.me (3aca3163-3de2-4519-92af-f649f6bedd7c) 的任务扫描
检查打开 VAS 脚本输出:
openvas-check-setup 2.3.7
Test completeness and readiness of OpenVAS-8
(add '--v6' or '--v7' or '--v9'
if you want to check for another OpenVAS version)
Please report us any non-detected problems and
help us to improve this check routine:
http://lists.wald.intevation.org/mailman/listinfo/openvas-discuss
Send us the log-file (/tmp/openvas-check-setup.log) to help analyze the problem.
Use the parameter --server to skip checks for client tools
like GSD and OpenVAS-CLI.
Step 1: Checking OpenVAS Scanner ...
OK: OpenVAS Scanner is present in version 5.0.7.
OK: OpenVAS Scanner CA Certificate is present as /var/lib/openvas/CA/cacert.pem.
OK: redis-server is present in version v=3.0.6.
OK: scanner (kb_location setting) is configured properly using the redis-server socket: /var/run/redis/redis.sock
OK: redis-server is running and listening on socket: /var/run/redis/redis.sock.
OK: redis-server configuration is OK and redis-server is running.
OK: NVT collection in /var/lib/openvas/plugins contains 50525 NVTs.
WARNING: Signature checking of NVTs is not enabled in OpenVAS Scanner.
SUGGEST: Enable signature checking (see http://www.openvas.org/trusted-nvts.html).
OK: The NVT cache in /var/cache/openvas contains 50548 files for 50525 NVTs.
Step 2: Checking OpenVAS Manager ...
OK: OpenVAS Manager is present in version 6.0.9.
OK: OpenVAS Manager client certificate is present as /var/lib/openvas/CA/clientcert.pem.
OK: OpenVAS Manager database found in /var/lib/openvas/mgr/tasks.db.
OK: Access rights for the OpenVAS Manager database are correct.
OK: sqlite3 found, extended checks of the OpenVAS Manager installation enabled.
OK: OpenVAS Manager database is at revision 146.
OK: OpenVAS Manager expects database at revision 146.
OK: Database schema is up to date.
OK: OpenVAS Manager database contains information about 49328 NVTs.
OK: At least one user exists.
OK: OpenVAS SCAP database found in /var/lib/openvas/scap-data/scap.db.
OK: OpenVAS CERT database found in /var/lib/openvas/cert-data/cert.db.
OK: xsltproc found.
Step 3: Checking user configuration ...
WARNING: Your password policy is empty.
SUGGEST: Edit the /etc/openvas/pwpolicy.conf file to set a password policy.
Step 4: Checking Greenbone Security Assistant (GSA) ...
OK: Greenbone Security Assistant is present in version 6.0.11.
Step 5: Checking OpenVAS CLI ...
OK: OpenVAS CLI version 1.4.4.
Step 6: Checking Greenbone Security Desktop (GSD) ...
SKIP: Skipping check for Greenbone Security Desktop.
Step 7: Checking if OpenVAS services are up and running ...
OK: netstat found, extended checks of the OpenVAS services enabled.
OK: OpenVAS Scanner is running and listening on all interfaces.
OK: OpenVAS Scanner is listening on port 9391, which is the default port.
OK: OpenVAS Manager is running and listening on all interfaces.
OK: OpenVAS Manager is listening on port 9390, which is the default port.
OK: Greenbone Security Assistant is running and listening on all interfaces.
OK: Greenbone Security Assistant is listening on port 443, which is the default port.
Step 8: Checking nmap installation ...
WARNING: Your version of nmap is not fully supported: 7.01
SUGGEST: You should install nmap 5.51 if you plan to use the nmap NSE NVTs.
Step 10: Checking presence of optional tools ...
OK: pdflatex found.
WARNING: PDF generation failed, most likely due to missing LaTeX packages. The PDF report format will not work.
SUGGEST: Install required LaTeX packages.
OK: ssh-keygen found, LSC credential generation for GNU/Linux targets is likely to work.
OK: rpm found, LSC credential package generation for RPM based targets is likely to work.
OK: alien found, LSC credential package generation for DEB based targets is likely to work.
OK: nsis found, LSC credential package generation for Microsoft Windows targets is likely to work.
It seems like your OpenVAS-8 installation is OK.
If you think it is not OK, please report your observation
and help us to improve this check routine:
http://lists.wald.intevation.org/mailman/listinfo/openvas-discuss
Please attach the log-file (/tmp/openvas-check-setup.log) to help us analyze the problem.
最佳答案
这个答案对于 OP 来说可能有点晚了,但万一 future 的 Google 员工最终来到这里,这对我有用:
当我的 OpenVAS 扫描突然停止运行时,我还得出结论,过期的证书是问题所在。使用 openvas-check-setup 命令告诉我一切都很好,但是当我尝试手动运行扫描时,我会收到相同的 503 服务不可用消息。查看日志(我的位置:/var/log/openvas/openvasmd.log)给了我一些可以遵循的线索,包括:
WARNING:2017-05-16 19h04.51 UTC:3687: Failed to gnutls_bye: Error in the push function. WARNING:2017-05-16 19h04.52 UTC:3686: openvas_server_verify: the certificate is not trusted WARNING:2017-05-16 19h04.52 UTC:3686: openvas_server_verify: the certificate has expired
我首先对 gnutls_bye 消息进行故障排除,因为“错误”一词往往比“警告”更容易引起注意,但最终问题是证书。
我使用了 OP 的 mkcert 命令的变体来生成新证书,但我认为他/她缺少的步骤是使用这些新证书更新扫描仪配置。
因此,我导航到更靠近证书文件位置(cd/var/lib/openvas/)并运行以下命令:
openvasmd --modify-scanner <UUID> --scanner-ca-pub CA/cacert.pem --scanner-key-pub CA/clientcert.pem --scanner-key-priv private/CA/clientkey.pem
您需要替换为您正在修改的扫描仪的实际 UUID。获取扫描仪列表:
openvasmd --get-scanners
作为最终检查,您可以使用验证命令:
openvasmd --verify-scanner <UUID>
虽然它被破坏了,但我得到了非常无益的回应
Failed to verify scanner.
但是,一旦您成功更新了证书并与扫描仪关联(并且您可能需要重新启动相关服务以达到良好的效果,或者像我一样采用惰性/核路线并重新启动服务器),验证命令应该返回类似于
的内容Scanner version: OTP/2.0.
或您正在运行的任何类型/版本。
FWIW,如果您在此处搜索“更新扫描仪证书”,则修改扫描仪步骤深埋在 OpenVAS 文档中:http://www.openvas.org/src-doc/openvas-manager/index.html
希望这对某人有帮助!
关于openvas - Open VAS - 服务暂时关闭(证书已过期),我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/40974546/
OpenAL.org && 创意开发网站已关闭。我选择替代版本 OpenAL Soft .我很担心,因为在 OpenAL Soft 的二进制安装中我找不到 alut.h header 。 alut.h
我使用 Android Studio 已经有一段时间了,但有一天应用程序突然出错了。当我尝试单击我的目录以查找要导入或打开的文件时,应用程序变得异常缓慢并且根本没有响应。当我最终成功切换到存储我的文件
自 Firefox 4 以来,这似乎是一个奇怪的功能变化。在使用 window.open() 打开一个窗口后,当用鼠标中键单击打开的窗口中的链接时(或右键单击并选择“在新窗口中打开”选项卡') 导致链
我无法从 Open::URI 的 rdoc 中得知当我这样做时返回的是什么: result = open(url) URL 返回 XML,但我如何查看/解析 XML? 最佳答案 open 返回一个 I
经常开发asp但对于细致的说法,真实不太清楚,这里简单的介绍下。 一般情况下 读取数据都是用rs.open sql,conn,1,1 修改数据:rs.open sql,conn,1,3 删除
关于 pathlib 标准库中的模块,是 path.open() 方法只是内置 open() 的“包装器”功能? 最佳答案 如果您阅读了 source code的 pathlib.Path.open你
我想将 Open Liberty 运行时的语言更改为 en_US从 Eclipse IDE 中,但我不知道如何。 也尝试使用 JVM 参数的首选项来设置它,但它没有用。 -Duser.language
这是我所拥有的: 参数“opener”未在可能的函数调用参数中列出。这是 PyCharm 错误还是其他原因? PyCharm 2018.3.5 社区版,Windows 7 上的 Python 3.6.
我正在使用 Tinkerpop 的 GraphFactory.open(Configuration 配置) Java 命令来访问 Neo4j 数据库。 一个最低限度的工作示例是: Configurat
这个问题在这里已经有了答案: What is the python "with" statement designed for? (11 个答案) 关闭 7 年前。 我没有使用过 with 语句,但
我正在玩 python 3.5 中的 open 函数。我不明白 opener 参数(最后一个参数)在 open 函数中的用法。根据 python 文档:可以通过将可调用对象作为打开器传递来使用自定义打
关闭。此题需要details or clarity 。目前不接受答案。 想要改进这个问题吗?通过 editing this post 添加详细信息并澄清问题. 已关闭 5 年前。 Improve th
我试图用 Python 来做一些模拟 3D 声音的工作。我试图运行此代码(答案中提供):Python openAL 3D sound类似,两次都收到: ModuleNotFoundError: No
我一直认为 open 和 io.open 可以互换。 显然不是,如果我相信这个片段: import ctypes, io class POINT(ctypes.Structure): _fie
这个问题在这里已经有了答案: What's the difference between io.open() and os.open() on Python? (7 个答案) 关闭 9 年前。 我是
我正在尝试更好地了解 WCF 的一些内部工作原理。我已经做了相当多的环顾四周,但我无法找到关于 ChannelFactory.Open() 与 IClientChannel.Open() 相比的明确解
这个问题在这里已经有了答案: What is the python "with" statement designed for? (11 个答案) 关闭 7 年前。 我知道有很多关于在 python
CFSDN坚持开源创造价值,我们致力于搭建一个资源共享平台,让每一个IT人在这里找到属于你的精彩世界. 这篇CFSDN的博客文章adodb.recordset.open(rs.open)方法参数详解由
不久前我遇到了一个interesting security hole Link 看起来足够无害,但有一个漏洞,因为默认情况下,正在打开的页面允许打开的页面通过 window.opener 回调到它。有
这在我的应用程序上运行良好,但由于某种原因我无法让它在这里正常工作。无论如何,我的问题是,当我单击列表标题时,我想关闭之前打开的列表标题并仅保留事件的列表标题打开。目前它会打开我点击的所有内容,但也会
我是一名优秀的程序员,十分优秀!