Well. I think without --listen it tried to bind 0.0.0.0.0 on both ipv4 and ipv6 and it fails on non dual ipvstack machines.
-- Eero 2015-11-30 18:28 GMT+02:00 Daniel Neto <[email protected]>: > Hi Eero, > > Thank you for you quick answer.Now I'll look why my service parameters > such --listen wasn't be loaded in initialization. > > Regards, > > -- > Daniel Neto > > > On Mon, Nov 30, 2015 at 12:52 PM, Eero Volotinen <[email protected]> > wrote: > >> Yes, that is "bug/feature" that if ipv6 is disabled and then you don't >> specify ipv4 address to --listen string, then some of openvas services >> won't start. >> I think it was fixed on some newer versions? >> >> -- >> Eero >> >> 2015-11-30 16:49 GMT+02:00 Daniel Neto <[email protected]>: >> >>> Hi Friends, >>> >>> I'm using Openvas8 stable on my funtoo/gentoo environment. (Official >>> ebuilds). >>> >>> I'm getting the following message when try to start as service: >>> >>> usr # tail -f /var/log/openvas/openvasmd.log >>> md main:WARNING:2015-11-30 12h32.22 utc:31857: Failed to create >>> manager socket: Address family not supported by protocol >>> md main:WARNING:2015-11-30 12h32.46 utc:31887: Failed to create >>> manager socket: Address family not supported by protocol >>> md main:WARNING:2015-11-30 12h34.19 utc:31940: Failed to create >>> manager socket: Address family not supported by protocol >>> md main:WARNING:2015-11-30 12h35.48 utc:32180: Failed to create >>> manager socket: Address family not supported by protocol >>> >>> If I run openvasmd manually with openvasmd --listen=127.0.0.1 its works >>> well, but not as service passing the parameters by conf.d (OpenRC). >>> >>> My main question is: If no conf or openvasmd.conf is passed, where or >>> what is the default settings loaded? Maybe the ipv6 search to bind address? >>> My server have all ipv6 related disabled (custom kernel). >>> >>> In attach my openvas-check-setup: >>> >>> openvas-check-setup 2.2.6 >>> Test completeness and readiness of OpenVAS-8 >>> >>> Please report us any non-detected problems and >>> help us to improve this check routine: >>> http://lists.wald.intevation.org/mailman/listinfo/openvas-discuss >>> >>> Send us the log-file (/tmp/openvas-check-setup.log) to help analyze >>> the problem. >>> >>> Step 1: Checking OpenVAS Scanner ... >>> OK: OpenVAS Scanner is present in version 5.0.4. >>> OK: OpenVAS Scanner CA Certificate is present as >>> /var/lib/openvas/CA/cacert.pem. >>> OK: NVT collection in /var/lib/openvas/plugins contains 44698 >>> NVTs. >>> WARNING: Signature checking of NVTs is not enabled in OpenVAS >>> Scanner. >>> SUGGEST: Enable signature checking (see >>> http://www.openvas.org/trusted-nvts.html). >>> OK: The NVT cache in /var/cache/openvas contains 44698 files for >>> 44698 NVTs. >>> Step 2: Checking OpenVAS Manager ... >>> OK: OpenVAS Manager is present in version 6.0.6. >>> OK: OpenVAS Manager client certificate is present as >>> /var/lib/openvas/CA/clientcert.pem. >>> OK: OpenVAS Manager database found in >>> /var/lib/openvas/mgr/tasks.db. >>> OK: Access rights for the OpenVAS Manager database are correct. >>> OK: sqlite3 found, extended checks of the OpenVAS Manager >>> installation enabled. >>> OK: OpenVAS Manager database is at revision 146. >>> OK: OpenVAS Manager expects database at revision 146. >>> OK: Database schema is up to date. >>> OK: OpenVAS Manager database contains information about 44698 >>> NVTs. >>> OK: OpenVAS SCAP database found in >>> /var/lib/openvas/scap-data/scap.db. >>> OK: OpenVAS CERT database found in >>> /var/lib/openvas/cert-data/cert.db. >>> OK: xsltproc found. >>> Step 3: Checking user configuration ... >>> WARNING: Your password policy is empty. >>> SUGGEST: Edit the /etc/openvas/pwpolicy.conf file to set a >>> password policy. >>> Step 4: Checking Greenbone Security Assistant (GSA) ... >>> OK: Greenbone Security Assistant is present in version 6.0.6. >>> Step 5: Checking OpenVAS CLI ... >>> SKIP: Skipping check for OpenVAS CLI. >>> Step 6: Checking Greenbone Security Desktop (GSD) ... >>> SKIP: Skipping check for Greenbone Security Desktop. >>> Step 7: Checking if OpenVAS services are up and running ... >>> OK: netstat found, extended checks of the OpenVAS services >>> enabled. >>> OK: OpenVAS Scanner is running and listening on all interfaces. >>> OK: OpenVAS Scanner is listening on port 9391, which is the >>> default port. >>> WARNING: OpenVAS Manager is running and listening only on the >>> local interface. >>> This means that you will not be able to access the OpenVAS >>> Manager from the >>> outside using GSD or OpenVAS CLI. >>> SUGGEST: Ensure that OpenVAS Manager listens on all interfaces >>> unless you want >>> a local service only. >>> OK: OpenVAS Manager is listening on port 9390, which is the >>> default port. >>> WARNING: Greenbone Security Assistant is listening on port 443 >>> 80, which is NOT the default port! >>> SUGGEST: Ensure Greenbone Security Assistant is listening on one >>> of the following ports: 80, 443, 9392. >>> /usr/sbin/openvas-check-setup: line 729: [: too many arguments >>> Step 8: Checking nmap installation ... >>> WARNING: Your version of nmap is not fully supported: 6.49BETA6 >>> SUGGEST: You should install nmap 5.51. >>> Step 9: Checking presence of optional tools ... >>> OK: pdflatex found. >>> OK: PDF generation successful. The PDF report format is likely >>> to work. >>> OK: ssh-keygen found, LSC credential generation for GNU/Linux >>> targets is likely to work. >>> WARNING: Could not find rpm binary, LSC credential package >>> generation for RPM and DEB based targets will not work. >>> SUGGEST: Install rpm. >>> WARNING: Could not find makensis binary, LSC credential package >>> generation for Microsoft Windows targets will not work. >>> SUGGEST: Install nsis. >>> >>> >>> >>> Regards, thanks in advance. >>> >>> >>> -- >>> Daniel Neto >>> >>> >>> _______________________________________________ >>> Openvas-discuss mailing list >>> [email protected] >>> >>> https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss >>> >> >> >
_______________________________________________ Openvas-discuss mailing list [email protected] https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss
