2

在根目录下的 OpenVAS 7 上运行以下命令时(gb_iojs_detect_win.naslOpenVAS 插件之一在哪里。其他插件会导致相同的错误):

openvas-nasl gb_iojs_detect_win.nasl

导致此错误:

base gpgme-Message: Setting GnuPG homedir to '/usr/local/var/lib/openvas/gnupg'
base gpgme-Message: Using OpenPGP engine version '1.4.16'
base gpgme-Message: Setting GnuPG sysconf homedir to '/usr/local/etc/openvas/gnupg'
gb_iojs_detect_win.nasl: bad or missing signature. Will not execute this script

请注意,我确实按照此页面进行了设置nasl_no_signature_check = yes,但此错误仍然存​​在。

谢谢!任何帮助,将不胜感激!

4

5 回答 5

0

我在使用 OpenVAS 9 时遇到了这个问题,但根据 @DW 的说明,我阅读了有关受信任 NVT 的文档,他们提到他们将从 18 年 12 月 1 日开始使用新密钥。

然而,当我跑去openvassd -f查看它在做什么时,我注意到只有一些插件校验和失败了,我认为他们已经用新密钥签署了这些校验和。

checksum for /var/lib/openvas/plugins/gb_electrasoft_32bit_ftp_detect.nasl not matching
checksum for /var/lib/openvas/plugins/gb_atlassian_confluence_detect.nasl not matching
checksum for /var/lib/openvas/plugins/gb_synology_dsm_detect.nasl not matching
checksum for /var/lib/openvas/plugins/gb_quixplorer_detect.nasl not matching
checksum for /var/lib/openvas/plugins/gb_yealink_ip_phone_detect.nasl not matching
checksum for /var/lib/openvas/plugins/secpod_neon_detect.nasl not matching
checksum for /var/lib/openvas/plugins/gb_torrent_trader_classic_detect.nasl not matching
checksum for /var/lib/openvas/plugins/gb_simatic_s7_snmp_detect.nasl not matching
checksum for /var/lib/openvas/plugins/gb_sophos_xg_detect_userportal.nasl not matching
checksum for /var/lib/openvas/plugins/gb_keycloak_detect.nasl not matching
checksum for /var/lib/openvas/plugins/gb_wd_wdtv_detect.nasl not matching
checksum for /var/lib/openvas/plugins/gb_get_http_banner.nasl not matching
checksum for /var/lib/openvas/plugins/gb_orion_nta_detect.nasl not matching
checksum for /var/lib/openvas/plugins/gb_gather_windows_uptime.nasl not matching
checksum for /var/lib/openvas/plugins/gb_teleopti_wfm_detect.nasl not matching
checksum for /var/lib/openvas/plugins/gb_asp_dotnet_core_detect_win.nasl not matching
checksum for /var/lib/openvas/plugins/eggdrop_detect.nasl not matching
checksum for /var/lib/openvas/plugins/gb_f5_linerate_lros_version.nasl not matching
checksum for /var/lib/openvas/plugins/gb_mikrotik_router_routeros_consolidation.nasl not matching

但是,解决方法是只使用相同的指令(必须修改 Ubuntu/Debian 的配置目录的路径),但使用更新的密钥。之后校验和被验证OK:

wget https://www.greenbone.net/GBCommunitySigningKey.asc -P /tmp
gpg --homedir=/etc/openvas/gnupg --import /tmp/GBCommunitySigningKey.asc
gpg --homedir=/etc/openvas/gnupg --list-keys
gpg --homedir=/etc/openvas/gnupg --lsign-key 0ED1E580
systemctl restart openvas-scanner.service
于 2018-08-18T20:07:10.510 回答
0

执行上述操作并更新您的提要插件

于 2016-10-25T13:57:47.530 回答
0

由于文档不足,我也为此苦苦挣扎。

您需要提供-X标志,这意味着身份验证模式,这显然意味着“不要进行签名检查”

于 2017-01-30T20:32:49.740 回答
0

执行以下操作并按照提示进行操作:

gpg --homedir=/usr/local/etc/openvas/gnupg --gen-key

然后执行:

wget http://www.openvas.org/OpenVAS_TI.asc -P /tmp
gpg --homedir=/usr/local/etc/openvas/gnupg --import /tmp/OpenVAS_TI.asc
gpg --homedir=/usr/local/etc/openvas/gnupg --list-keys
gpg --homedir=/usr/local/etc/openvas/gnupg --lsign-key 48DB4530

来源:http ://www.openvas.org/trusted-nvts.html

于 2016-09-20T14:40:05.293 回答
-1

你的命令应该是这样的:

openvas-nasl -Xp gb_iojs_detect_win.nasl #for parsing

openvas-nasl -Xt IP gb_iojs_detect_win.nasl #for exec

注意额外的开关。有关更多详细信息,请访问此链接

于 2016-06-27T20:10:39.237 回答