Home Page

Openvas v8 on Ubuntu 14.04: Login failed. OMP service is down

Recently I suddently couldn't log into Openvas v8 running on Ubuntu 14.04 anymore. Nothing had changed about the machine (as far as I knew), but I got the following message when trying to log in with any account:

Login failed. OMP service is down

The logs (/var/log/openvas/openvasmd.log) showed the following message:

lib  serv:WARNING:2016-01-19 15h52.12 utc:21760: Failed to shake hands with peer: The signature algorithm is not supported.
lib  serv:WARNING:2016-01-19 15h52.22 utc:21775: Failed to shake hands with peer: A TLS packet with unexpected length was received.
md   main:CRITICAL:2016-01-19 15h52.22 utc:21775: serve_client: failed to attach client session to socket 12
lib  serv:WARNING:2016-01-19 15h52.22 utc:21775:    Failed to gnutls_bye: GnuTLS internal error.
lib auth:   INFO:2016-01-19 15h53.56 utc:25472: Authentication configuration not found.

Turns out the libgnutls library was updated and it turned off support for downgrading signature algorithms.

If you got your Openvas installation from the Mrazavi Launchpad source, you can fix the problem by simply updating and upgrading:

sudo apt-get update && sudo apt-get upgrade

Ansible-cmdb v1.11: Generate a host overview of Ansible facts.

I've just released ansible-cmdb v1.11. Ansible-cmdb takes the output of Ansible's fact gathering and converts it into a static HTML overview page containing system configuration information. It supports multiple templates and extending information gathered by Ansible with custom data.

This release includes the following bugfixes and feature improvements:

Get the new release from the Github releases page.

Ansible-cmdb v1.10 released

I've just released ansible-cmdb v1.10. Ansible-cmdb takes the output of Ansible's fact gathering and converts it into a static HTML overview page containing system configuration information. It supports multiple templates and extending information gathered by Ansible with custom data.

This is a feature and bugfix release, including the following changes:

Screenshot:

ansible-cmdb-v1.10

Get the new release from the Github releases page.

Introducing ScriptForm: Stand-alone webserver that generates forms to serve as frontends to scripts

I've just releases v1.0 of ScriptForm.

ScriptForm is a stand-alone webserver that automatically generates forms from JSON to serve as frontends to scripts. It takes a JSON file which contains form definitions, constructs web forms from this JSON and serves these to users over HTTP. The user can select a form and fill it out. When the user submits the form, it is validated and the associated script is called. Data entered in the form is passed to the script through the environment. See the Example to learn more about how it works.

I wrote ScriptForm to quickly give non-technical users the ability to perform restricted actions through a friendly web interface. Some use-cases I've used it for so far:

Some features it includes are:

ScriptForm is Free Software / Open Source software released under the GNU GPL v3.

Some links for further information:

Github repository / sourcehttps://github.com/fboender/scriptform
Download releaseshttps://github.com/fboender/scriptform/releases, packages are available for Debian, Redhat and other Linux-bases systems.
Screenshotshttps://github.com/fboender/scriptform/tree/master/doc/screenshots
Tutorialhttps://github.com/fboender/scriptform/blob/master/doc/MANUAL.md#tutorial
Manualhttps://github.com/fboender/scriptform/blob/master/doc/MANUAL.md

Ansible-cmdb v1.8: Bugfixes and new columns

I've just released ansible-cmdb v1.9. Ansible-cmdb takes the output of Ansible's fact gathering and converts it into a static HTML overview page containing system configuration information. It supports multiple templates and extending information gathered by Ansible with custom data.

This is a feature and bugfix release, including the following changes:

Here's a screenshot showing some of the new columns:

ansible

Get the new release from the Github releases page.

Bexec v0.9 has been released

Bexec is a vim plugin that allows the user to execute the current buffer. Version 0.9 has just been released.

This version changes Bexec so it's autoloaded on demand, rather than always. This reduces Vim startup times if you're not going to use Bexec. Many thanks to Lucas Hoffmann for this change.

The new version can be found on the Vim scripts page.

Ansible-cmdb v1.7: New columns and togglable columns

I've just released ansible-cmdb v1.7. Ansible-cmdb takes the output of Ansible's fact gathering and converts it into a static HTML overview page containing system configuration information. It supports multiple templates and extending information gathered by Ansible with custom data.

This is a feature and bugfix release, including the following changes:

Get the new release from the Github releases page.

Screenshot showing the output of ansible-cmdb -c name,fqdn,main_ipv4,os,kernel

ansible17

Interesting links: October 4th 2015

Here's a bunch of links I found interesting in the last few weeks:

Batch create new users on Linux

A while ago I had to create many new users on a Linux machine. Since I'm lazy, I opted to automate this process. The newusers command combined with pwgen (to generate new passwords) was the solution.

First I installed pwgen, a utility to automatically generate passwords:

$ sudo apt-get install pwgen

I created a file with the new user names to create.

$ cat newusers.txt
jjohnson
ppeterson
ccalrson

A simple shell one-liner generates a new file from this in the right format for the newusers tool:

$ for USER in $(cat newusers.txt); do 
  echo "$USER:$(pwgen 12 -n1)::::/home/$USER:/bin/bash" >> newusers.created.txt;
done

Finally, we create the new users:

$ sudo newusers newusers.created.txt

The newusers.created.txt file was handed over to the person in charge of notifying the users about their new account.

Auto-mount external USB disk on a server

Althought modern Linux desktops generally automatically mount external USB disks when plugged in, servers usually don't do this. When I replaced my home server desktop model with a Raspberry Pi 2 (running Raspbian), I wanted it to automatically mount USB drives and, more importantly, make the same USB drive available at the same path at all times.

Enter usbmount

The USBmount Debian package automatically mounts USB mass storage devices (typically USB pens) when they are plugged in, and unmounts them when they are removed. The mountpoints (/media/usb[0-7] by default), filesystem types to consider, and mount options are configurable. When multiple devices are plugged in, the first available mountpoint is automatically selected. If the device provides a model name, a symlink /var/run/usbmount/MODELNAME pointing to the mountpoint is automatically created.

Just what I needed.

root@rasp# sudo apt-get install usbmount
# Plug in USB drive
root@rasp# ls -la /var/run/usbmount/
total 0
lrwxrwxrwx 1 root root 11 Oct  4 10:30 Seagate_Expansion_1 -> /media/usb0
lrwxrwxrwx 1 root root 11 Oct  4 10:30 ST4000DM_000-1F2168_1 -> /media/usb1

Great. Now I wanted the "Seagate_Expansion_1" disk to always become available at /storage. I could have created a symlink from /storage to  /var/run/usbmount/Seagate_Expansion_1, but I ran into a problem with SSHfs when trying to mount a server-side symlink on my client machine:

user@client$ sshfs -o transform_symlinks -o follow_symlinks 192.168.0.16:/storage Shares/timmy-storage/
192.168.0.16:/storage: Not a directory

So a symlink was out of the question. The binding option of 'mount' however, worked just fine:

# On the server
root@rasp# rm /storage
root@rasp# mkdir /storage
root@rasp# mount --bind /var/run/usbmount/Seagate_Expansion_1 /storage

# On the client
user@client$ sshfs 192.168.0.16:/storage Shares/timmy-storage/
user@client$ ls -l Shares/timmy-storage
total 72
drwxr-xr-x 1 1002 1003 4096 Sep 17 13:58 apps
drwxr-xr-x 1 root root 4096 Aug 24 09:15 backup

So I modified /etc/usbmount/mount.d/00_create_model_symlink and added the following code:

if [ "$name" = "Seagate_Expansion_1" ]; then
    mount --bind "/var/run/usbmount/$name" /storage
fi

This is not a very clean solution, but it serves its purpose just fine. A nicer implementation would create a new file "01_mount_bind" which reads a config file to determine which model names to mount –bind where. That implementation is left as a reader exercise ;-)

With this setup the /storage path will automatically become available at boot-time or when the correct USB drive is plugged in. I can use SSHfs to mount the remote /storage on my Linux machine. Samba takes care of the Windows users.