tried remaking of certs – the install is about 3 weeks old, had this issue, we
reinstalled because we couldn’t fix it, since we are back at this stage, we
need to find the root cause. Restart of the service still fails, scan still
fails.
Service status – service seems to keep trying to start and failing:
[root@openvasva ~]# systemctl status openvas-scanner.service
● openvas-scanner.service - OpenVAS Scanner
Loaded: loaded (/usr/lib/systemd/system/openvas-scanner.service; enabled;
vendor preset: disabled)
Active: activating (start) since Mon 2017-06-12 09:56:41 EDT; 1min 26s ago
Control: 11191 (openvassd)
CGroup: /system.slice/openvas-scanner.service
└─11191 /usr/sbin/openvassd
Journalctl content:
Jun 12 09:16:38 openvasva.silasg.com systemd[1]: Starting OpenVAS Scanner...
Jun 12 09:36:38 openvasva.silasg.com systemd[1]: openvas-scanner.service start
operation timed out. Terminating.
Jun 12 09:36:38 openvasva.silasg.com systemd[1]: Failed to start OpenVAS
Scanner.
Jun 12 09:36:38 openvasva.silasg.com systemd[1]: Unit openvas-scanner.service
entered failed state.
Jun 12 09:36:38 openvasva.silasg.com systemd[1]: openvas-scanner.service failed.
Jun 12 09:36:39 openvasva.silasg.com systemd[1]: openvas-scanner.service
holdoff time over, scheduling restart.
Jun 12 09:36:39 openvasva.silasg.com systemd[1]: Starting OpenVAS Scanner...
Jun 12 09:56:40 openvasva.silasg.com systemd[1]: openvas-scanner.service start
operation timed out. Terminating.
Jun 12 09:56:40 openvasva.silasg.com systemd[1]: Failed to start OpenVAS
Scanner.
Jun 12 09:56:40 openvasva.silasg.com systemd[1]: Unit openvas-scanner.service
entered failed state.
Jun 12 09:56:40 openvasva.silasg.com systemd[1]: openvas-scanner.service failed.
Jun 12 09:56:41 openvasva.silasg.com systemd[1]: openvas-scanner.service
holdoff time over, scheduling restart.
Jun 12 09:56:41 openvasva.silasg.com systemd[1]: Starting OpenVAS Scanner...
Not sure if Redis log entries mean anything to this, it doesn’t seem so:
1050:M 12 Jun 06:58:45.205 # WARNING: The TCP backlog setting of 511 cannot be
enforced because /proc/sys/net/core/somaxconn is set to the lower value of 128.
1050:M 12 Jun 06:58:45.205 # Server started, Redis version 3.0.7
1050:M 12 Jun 06:58:45.205 # WARNING overcommit_memory is set to 0! Background
save may fail under low memory condition. To fix this issue add
'vm.overcommit_memory = 1' to /etc/sysctl.conf and then reboot or run the
command 'sysctl vm.overcommit_memory=1' for this to take effect.
1050:M 12 Jun 06:58:45.206 # WARNING you have Transparent Huge Pages (THP)
support enabled in your kernel. This will create latency and memory usage
issues with Redis. To fix this issue run the command 'echo never >
/sys/kernel/mm/transparent_hugepage/enabled' as root, and add it to your
/etc/rc.local in order to retain the setting after a reboot. Redis must be
restarted after THP is disabled.
1050:M 12 Jun 06:58:47.006 * DB loaded from disk: 1.800 seconds
1050:M 12 Jun 06:58:47.006 * The server is now ready to accept connections on
port 6379
1050:M 12 Jun 06:58:47.006 * The server is now ready to accept connections at
/tmp/redis.sock
Further troubleshooting, when restarting the scanner service, I updated and
rebuilt the NVT cache again to try to solve the problem, I got the below:
[root@openvasva ~]# openvasmd --update
[root@openvasva ~]# openvasmd --rebuild
[root@openvasva ~]# service openvas-scanner restart
Redirecting to /bin/systemctl restart openvas-scanner.service
Job for openvas-scanner.service failed because a timeout was exceeded. See
"systemctl status openvas-scanner.service" and "journalctl -xe" for details.
Openvasmd.log:
md main:MESSAGE:2017-06-12 12h21.07 utc:7137: OpenVAS Manager version
7.0.1 (DB revision 184)
md main: INFO:2017-06-12 12h21.07 utc:7137: rebuild_nvt_cache_retry:
Reloading NVT cache
md main: INFO:2017-06-12 12h21.07 utc:7138: update_or_rebuild_nvt_cache:
Rebuilding NVT cache
base gpgme:MESSAGE:2017-06-12 12h21.07 utc:7138: Setting GnuPG dir to
'/var/lib/openvas/openvasmd/gnupg'
base gpgme:MESSAGE:2017-06-12 12h21.07 utc:7138: Using OpenPGP engine version
'2.0.22'
md main: INFO:2017-06-12 12h21.08 utc:7138: Updating NVT cache.
md main:WARNING:2017-06-12 12h38.51 utc:7138: openvas_scanner_read: Failed to
read from scanner: Connection reset by peer
nothing new in other logs.
Dan Beal
SILA
M: 571.439.9230
From: Thijs Stuurman [mailto:[email protected]]
Sent: Monday, June 12, 2017 9:51 AM
To: Dan Beal <[email protected]>; Eero Volotinen <[email protected]>
Cc: [email protected]
Subject: RE: [Openvas-discuss] OpenVAS not scanning when check setup appears to
be OK
Are you sure your openvas certificate is OK? Not expired or anything?
Make a backup (if you care for your current certs) and make ‘m again
“openvas-manage-certs -a”.
Thijs Stuurman
Security Operations Center | KPN Internedservices
[email protected]<mailto:[email protected]> |
[email protected]<mailto:[email protected]>
T: +31(0)299476185 | M: +31(0)624366778
PGP Key-ID: 0x16ADC048 (https://pgp.surfnet.nl/)
Fingerprint: 2EDB 9B42 D6E8 7D4B 6E02 8BE5 6D46 8007 16AD C048
W: https://www.internedservices.nl<https://www.internedservices.nl/> | L:
http://nl.linkedin.com/in/thijsstuurman
Van: Dan Beal [mailto:[email protected]]
Verzonden: maandag 12 juni 2017 14:01
Aan: Eero Volotinen <[email protected]<mailto:[email protected]>>;
Thijs Stuurman
<[email protected]<mailto:[email protected]>>
CC:
[email protected]<mailto:[email protected]>
Onderwerp: RE: [Openvas-discuss] OpenVAS not scanning when check setup appears
to be OK
Confirmed these settings are still in redis, from here
https://forums.atomicorp.com/viewtopic.php?f=31&t=8539#p44057 :
6) edit /etc/redis.conf. Add/uncomment the following
unixsocket /tmp/redis.sock
unixsocketperm 700
From File:
# Specify the path for the Unix socket that will be used to listen for
# incoming connections. There is no default, so Redis will not listen
# on a unix socket when not specified.
#
unixsocket /tmp/redis.sock
unixsocketperm 700
The logs have archived, so I rebooted the server and kicked off a scan (error
still occurred)
from the logs – gsad.log:
gsad main:MESSAGE:2017-06-12 11h18.45 utc:3287: Starting GSAD version 7.0.2
gsad xslt:WARNING:2017-06-12 11h18.45 utc:3287: init_language_lists: Failed to
open locale directory "/usr/share/openvas/gsa/locale": No such file or directory
gsad main:WARNING:2017-06-12 11h23.40 utc:3288: MHD: Failed to receive data:
The TLS connection was non-properly terminated.
gsad main:WARNING:2017-06-12 11h23.41 utc:3288: MHD: Failed to receive data:
The TLS connection was non-properly terminated.
gsad main:WARNING:2017-06-12 11h30.34 utc:3288: MHD: Failed to receive data:
The TLS connection was non-properly terminated.
* There are several of the TLS connection message
from the logs – openvasmd.log:
md main:MESSAGE:2017-06-12 11h18.45 utc:3285: OpenVAS Manager version
7.0.1 (DB revision 184)
base gpgme:MESSAGE:2017-06-12 11h18.59 utc:3286: Setting GnuPG dir to
'/var/lib/openvas/openvasmd/gnupg'
base gpgme:MESSAGE:2017-06-12 11h18.59 utc:3286: Using OpenPGP engine version
'2.0.22'
event task:MESSAGE:2017-06-12 11h39.32 UTC:4419: Status of task Localhost
(d40618d9-0bad-4dea-8a03-199375f506a9) has changed to Requested
event task:MESSAGE:2017-06-12 11h39.32 UTC:4419: Task Localhost
(d40618d9-0bad-4dea-8a03-199375f506a9) has been requested to start by [username]
md manage: INFO:2017-06-12 11h39.33 UTC:4420: nvt_selector_plugins: NVTs not
explicitly activated anymore for this config:
1.3.6.1.4.1.25623.1.0.10265;1.3.6.1.4.1.25623.1.0.103914;1.3.6.1.4.1.25623.1.0.103978;1.3.6.1.4.1.25623.1.0.95888;1.3.6.1.4.1.25623.1.0.12241;1.3.6.1.4.1.25623.1.0.11933;1.3.6.1.4.1.25623.1.0.12288;1.3.6.1.4.1.25623.1.0.80010;1.3.6.1.4.1.25623.1.0.810010;1.3.6.1.4.1.25623.1.0.10870;1.3.6.1.4.1.25623.1.0.80011;1.3.6.1.4.1.25623.1.0.103585;1.3.6.1.4.1.25623.1.0.103697;1.3.6.1.4.1.25623.1.0.100509;1.3.6.1.4.1.25623.1.0.80104;1.3.6.1.4.1.25623.1.0.80086;1.3.6.1.4.1.25623.1.0.900238;.
Please adjust the config if you think this is wrong.
md main:WARNING:2017-06-12 11h58.48 UTC:4420: openvas_scanner_read: Failed to
read from scanner: Connection reset by peer
event task:MESSAGE:2017-06-12 11h58.48 UTC:4420: Status of task Localhost
(d40618d9-0bad-4dea-8a03-199375f506a9) has changed to Stopped
from the log – openvassd.log:
[Mon Jun 12 10:58:04 2017][26584] Failed to initialize nvti cache.
– this is the same error I saw last week, I have tried, willing to retry any of
these as needed:
* Restarting the services
* openvasmd --update && openvasmd –rebuild to rebuild the cache – this
seemed to work, however the scanner still seems down, maybe I need to do it
again?
* Updating the server
* openvas-setup – to fix any issues
* confirmed verifying scanner works
Dan Beal
SILA
M: 571.439.9230
From: [email protected]<mailto:[email protected]>
[mailto:[email protected]] On Behalf Of Eero Volotinen
Sent: Monday, June 12, 2017 3:24 AM
To: Dan Beal <[email protected]<mailto:[email protected]>>
Cc:
[email protected]<mailto:[email protected]>
Subject: Re: [Openvas-discuss] OpenVAS not scanning when check setup appears to
be OK
well. that sounds like redis-server is not correctly configured.
Please also check out the logs of openvas.
Eero
2017-06-12 10:17 GMT+03:00 Dan Beal <[email protected]<mailto:[email protected]>>:
Thanks. Jobs will get "stopped at 1%" not just take a while, they get stopped.
Thanks,
Dan
571.439.9230
Sent from my mobile device, please excuse errors and brevity.
On Jun 12, 2017 2:28 AM, Eero Volotinen
<[email protected]<mailto:[email protected]>> wrote:
Scan can take long time depending on scan settings, network, firewall and the
scanner.
run following command on root terminal on openvas:
ps aux |grep -i openvas
and
ps aux |grep -i nmap
If you see multiple lines then scanning is still on processing., just wait
until it's ready.
--
Eero
2017-06-09 22:03 GMT+03:00 Dan Beal <[email protected]<mailto:[email protected]>>:
Good Afternoon,
We are attempting to use OpenVAS for security scanning – scans are not working,
stopping at 1%. The check comes back with everything is ok. I cannot find
anything online about what could be causing this.
Dan Beal
SILA
M: 571.439.9230
<http://www.silasg.com/>
This communication may contain proprietary or other confidential information
intended for a specific individual and purpose, and is protected by law. If you
are not the intended recipient, you should delete this message. Any disclosure,
copying, or distribution of this message, or the taking of any action based on
it, is strictly prohibited.<http://www.silasg.com/>
_______________________________________________
Openvas-discuss mailing list
[email protected]
https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss<http://www.silasg.com/>
This communication may contain proprietary or other confidential information
intended for a specific individual and purpose, and is protected by law. If you
are not the intended recipient, you should delete this message. Any disclosure,
copying, or distribution of this message, or the taking of any action based on
it, is strictly prohibited.<http://www.silasg.com/>
This communication may contain proprietary or other confidential information
intended for a specific individual and purpose, and is protected by law. If you
are not the intended recipient, you should delete this message. Any disclosure,
copying, or distribution of this message, or the taking of any action based on
it, is strictly prohibited.
This communication may contain proprietary or other confidential information
intended for a specific individual and purpose, and is protected by law. If you
are not the intended recipient, you should delete this message. Any disclosure,
copying, or distribution of this message, or the taking of any action based on
it, is strictly prohibited.
_______________________________________________
Openvas-discuss mailing list
[email protected]
https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss
