Yes, you're right. I found the way to makes works. The default services are created as: /etc/init.d/openvamd and conf files is /etc/conf.d/openvas-manager, because this the service don't locate the parameters in conf and loads the default from binary. I rename then, and the parameter (--listen=127.0.0.1) set in /etc/conf.d/openvas-manager now is passed to /etc/init.c/openvas-manager (renamed) and the deamon works fine.
Thank you for support. I'm sending this findings to guys of official portage ebuilds to verify. Regards, -- Daniel Neto On Mon, Nov 30, 2015 at 2:33 PM, Eero Volotinen <[email protected]> wrote: > Well. I think without --listen it tried to bind 0.0.0.0.0 on both ipv4 and > ipv6 and it fails on non dual ipvstack machines. > > -- > Eero > > 2015-11-30 18:28 GMT+02:00 Daniel Neto <[email protected]>: > >> Hi Eero, >> >> Thank you for you quick answer.Now I'll look why my service parameters >> such --listen wasn't be loaded in initialization. >> >> Regards, >> >> -- >> Daniel Neto >> >> >> On Mon, Nov 30, 2015 at 12:52 PM, Eero Volotinen <[email protected]> >> wrote: >> >>> Yes, that is "bug/feature" that if ipv6 is disabled and then you don't >>> specify ipv4 address to --listen string, then some of openvas services >>> won't start. >>> I think it was fixed on some newer versions? >>> >>> -- >>> Eero >>> >>> 2015-11-30 16:49 GMT+02:00 Daniel Neto <[email protected]>: >>> >>>> Hi Friends, >>>> >>>> I'm using Openvas8 stable on my funtoo/gentoo environment. (Official >>>> ebuilds). >>>> >>>> I'm getting the following message when try to start as service: >>>> >>>> usr # tail -f /var/log/openvas/openvasmd.log >>>> md main:WARNING:2015-11-30 12h32.22 utc:31857: Failed to create >>>> manager socket: Address family not supported by protocol >>>> md main:WARNING:2015-11-30 12h32.46 utc:31887: Failed to create >>>> manager socket: Address family not supported by protocol >>>> md main:WARNING:2015-11-30 12h34.19 utc:31940: Failed to create >>>> manager socket: Address family not supported by protocol >>>> md main:WARNING:2015-11-30 12h35.48 utc:32180: Failed to create >>>> manager socket: Address family not supported by protocol >>>> >>>> If I run openvasmd manually with openvasmd --listen=127.0.0.1 its works >>>> well, but not as service passing the parameters by conf.d (OpenRC). >>>> >>>> My main question is: If no conf or openvasmd.conf is passed, where or >>>> what is the default settings loaded? Maybe the ipv6 search to bind address? >>>> My server have all ipv6 related disabled (custom kernel). >>>> >>>> In attach my openvas-check-setup: >>>> >>>> openvas-check-setup 2.2.6 >>>> Test completeness and readiness of OpenVAS-8 >>>> >>>> Please report us any non-detected problems and >>>> help us to improve this check routine: >>>> http://lists.wald.intevation.org/mailman/listinfo/openvas-discuss >>>> >>>> Send us the log-file (/tmp/openvas-check-setup.log) to help analyze >>>> the problem. >>>> >>>> Step 1: Checking OpenVAS Scanner ... >>>> OK: OpenVAS Scanner is present in version 5.0.4. >>>> OK: OpenVAS Scanner CA Certificate is present as >>>> /var/lib/openvas/CA/cacert.pem. >>>> OK: NVT collection in /var/lib/openvas/plugins contains 44698 >>>> NVTs. >>>> WARNING: Signature checking of NVTs is not enabled in OpenVAS >>>> Scanner. >>>> SUGGEST: Enable signature checking (see >>>> http://www.openvas.org/trusted-nvts.html). >>>> OK: The NVT cache in /var/cache/openvas contains 44698 files >>>> for 44698 NVTs. >>>> Step 2: Checking OpenVAS Manager ... >>>> OK: OpenVAS Manager is present in version 6.0.6. >>>> OK: OpenVAS Manager client certificate is present as >>>> /var/lib/openvas/CA/clientcert.pem. >>>> OK: OpenVAS Manager database found in >>>> /var/lib/openvas/mgr/tasks.db. >>>> OK: Access rights for the OpenVAS Manager database are correct. >>>> OK: sqlite3 found, extended checks of the OpenVAS Manager >>>> installation enabled. >>>> OK: OpenVAS Manager database is at revision 146. >>>> OK: OpenVAS Manager expects database at revision 146. >>>> OK: Database schema is up to date. >>>> OK: OpenVAS Manager database contains information about 44698 >>>> NVTs. >>>> OK: OpenVAS SCAP database found in >>>> /var/lib/openvas/scap-data/scap.db. >>>> OK: OpenVAS CERT database found in >>>> /var/lib/openvas/cert-data/cert.db. >>>> OK: xsltproc found. >>>> Step 3: Checking user configuration ... >>>> WARNING: Your password policy is empty. >>>> SUGGEST: Edit the /etc/openvas/pwpolicy.conf file to set a >>>> password policy. >>>> Step 4: Checking Greenbone Security Assistant (GSA) ... >>>> OK: Greenbone Security Assistant is present in version 6.0.6. >>>> Step 5: Checking OpenVAS CLI ... >>>> SKIP: Skipping check for OpenVAS CLI. >>>> Step 6: Checking Greenbone Security Desktop (GSD) ... >>>> SKIP: Skipping check for Greenbone Security Desktop. >>>> Step 7: Checking if OpenVAS services are up and running ... >>>> OK: netstat found, extended checks of the OpenVAS services >>>> enabled. >>>> OK: OpenVAS Scanner is running and listening on all interfaces. >>>> OK: OpenVAS Scanner is listening on port 9391, which is the >>>> default port. >>>> WARNING: OpenVAS Manager is running and listening only on the >>>> local interface. >>>> This means that you will not be able to access the OpenVAS >>>> Manager from the >>>> outside using GSD or OpenVAS CLI. >>>> SUGGEST: Ensure that OpenVAS Manager listens on all interfaces >>>> unless you want >>>> a local service only. >>>> OK: OpenVAS Manager is listening on port 9390, which is the >>>> default port. >>>> WARNING: Greenbone Security Assistant is listening on port 443 >>>> 80, which is NOT the default port! >>>> SUGGEST: Ensure Greenbone Security Assistant is listening on >>>> one of the following ports: 80, 443, 9392. >>>> /usr/sbin/openvas-check-setup: line 729: [: too many arguments >>>> Step 8: Checking nmap installation ... >>>> WARNING: Your version of nmap is not fully supported: 6.49BETA6 >>>> SUGGEST: You should install nmap 5.51. >>>> Step 9: Checking presence of optional tools ... >>>> OK: pdflatex found. >>>> OK: PDF generation successful. The PDF report format is likely >>>> to work. >>>> OK: ssh-keygen found, LSC credential generation for GNU/Linux >>>> targets is likely to work. >>>> WARNING: Could not find rpm binary, LSC credential package >>>> generation for RPM and DEB based targets will not work. >>>> SUGGEST: Install rpm. >>>> WARNING: Could not find makensis binary, LSC credential package >>>> generation for Microsoft Windows targets will not work. >>>> SUGGEST: Install nsis. >>>> >>>> >>>> >>>> Regards, thanks in advance. >>>> >>>> >>>> -- >>>> Daniel Neto >>>> >>>> >>>> _______________________________________________ >>>> Openvas-discuss mailing list >>>> [email protected] >>>> >>>> https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss >>>> >>> >>> >> >
_______________________________________________ Openvas-discuss mailing list [email protected] https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss
