Re: [Openvas-discuss] Scans not executing

[Thijs Stuurman]

Since it follows redhat, I guess it applies to CentOS as well: 
https://access.redhat.com/blogs/766093/posts/1976243
It should be in the init script for the service, not the redis.conf itself.

On my system:

root@ivss:/# ls -l 
/etc/systemd/system/multi-user.target.wants/redis-server.service
lrwxrwxrwx 1 root root 40 May  9 18:51 
/etc/systemd/system/multi-user.target.wants/redis-server.service -> 
/lib/systemd/system/redis-server.service
root@ivss:/# cat /lib/systemd/system/redis-server.service |grep PrivateTmp
PrivateTmp=yes
root@ivss:/#

Thijs Stuurman
Security Operations Center | KPN Internedservices
thijs.stuur...@internedservices.nl<mailto:thijs.stuur...@internedservices.nl> | 
thijs.stuur...@kpn.com<mailto:thijs.stuur...@kpn.com>
T: +31(0)299476185 | M: +31(0)624366778
PGP Key-ID: 0x16ADC048 (https://pgp.surfnet.nl/)
Fingerprint: 2EDB 9B42 D6E8 7D4B 6E02 8BE5 6D46 8007 16AD C048

W: https://www.internedservices.nl<https://www.internedservices.nl/> | L: 
http://nl.linkedin.com/in/thijsstuurman

Van: Harsh kapadia [mailto:harsh9...@gmail.com]
Verzonden: vrijdag 23 juni 2017 14:56
Aan: Thijs Stuurman <thijs.stuur...@internedservices.nl>
CC: Christian Fischer <christian.fisc...@greenbone.net>; 
openvas-discuss@wald.intevation.org
Onderwerp: Re: [Openvas-discuss] Scans not executing

Christian,

Will the same apply to CentOS as well. Where can i check the redis parameter of 
PtivateTmp? Is it the /etc/redis.conf file?

Thanks!
Harsh

On Fri, Jun 23, 2017 at 6:12 PM, Thijs Stuurman 
<thijs.stuur...@internedservices.nl<mailto:thijs.stuur...@internedservices.nl>> 
wrote:
Christian,

Ah so that is what is going on.. sneaky! I created the openvassd.conf and it 
works, thanks!


Thijs Stuurman
Security Operations Center | KPN Internedservices
thijs.stuur...@internedservices.nl<mailto:thijs.stuur...@internedservices.nl> | 
thijs.stuur...@kpn.com<mailto:thijs.stuur...@kpn.com>
T: +31(0)299476185 | M: +31(0)624366778
PGP Key-ID: 0x16ADC048 (https://pgp.surfnet.nl/)
Fingerprint: 2EDB 9B42 D6E8 7D4B 6E02 8BE5 6D46 8007 16AD C048

W: https://www.internedservices.nl | L: http://nl.linkedin.com/in/thijsstuurman


-----Oorspronkelijk bericht-----
Van: Openvas-discuss 
[mailto:openvas-discuss-boun...@wald.intevation.org<mailto:openvas-discuss-boun...@wald.intevation.org>]
 Namens Christian Fischer
Verzonden: vrijdag 23 juni 2017 14:36
Aan: 
openvas-discuss@wald.intevation.org<mailto:openvas-discuss@wald.intevation.org>
Onderwerp: Re: [Openvas-discuss] Scans not executing
Hi,

On 23.06.2017 14:28, Thijs Stuurman wrote:
> First check where your redis.sock actually is located; if it exists at all.. 
> look at your redis configuration file for the path.
> Then look at where openvas expects it to be.. it should show in the logging.
>
> I run openvas9 on Ubuntu 16.04 and openvas somehow expects it to be in /tmp/ 
> but for some (probably good) reason redis refuses or cannot make it in /tmp.
> Haven’t bothered to figure out why, set it back to default
> /var/run/redis/redis.sock and made a symlink in /tmp to it because I
> had to get it working ;p (ln -s /var/run/redis/redis.sock
> /tmp/redis.sock) .. I should recompile openvas to fix the path I
> guess.. someday.. after my vacation ;p

/tmp won't work because Debian/Ubuntu is using a "PrivateTmp=true" in its redis 
systemd script which causes the redis.sock to end up somewhere in:

/tmp/systemd-private-xyz*

However you don't need to recompile OpenVAS to change the location where it is 
expecting the redis.sock. Just adding the following to your openvassd.conf 
(create one in your /path/to/etc/openvas if it doesn't
exist):

kb_location = /var/run/redis/redis.sock

> Thijs Stuurman
> Security Operations Center | KPN Internedservices
> thijs.stuur...@internedservices.nl<mailto:thijs.stuur...@internedservices.nl><mailto:thijs.stuurman@internedservi<mailto:thijs.stuurman@internedservi>
> ces.nl<http://ces.nl>> | 
> thijs.stuur...@kpn.com<mailto:thijs.stuur...@kpn.com><mailto:thijs.stuur...@kpn.com<mailto:thijs.stuur...@kpn.com>>
> T: +31(0)299476185 | M: +31(0)624366778 PGP Key-ID: 0x16ADC048
> (https://pgp.surfnet.nl/)
> Fingerprint: 2EDB 9B42 D6E8 7D4B 6E02 8BE5 6D46 8007 16AD C048
>
> W: https://www.internedservices.nl<https://www.internedservices.nl/> |
> L: http://nl.linkedin.com/in/thijsstuurman
>
> Van: Openvas-discuss
> [mailto:openvas-discuss-boun...@wald.intevation.org<mailto:openvas-discuss-boun...@wald.intevation.org>]
>  Namens Harsh
> kapadia
> Verzonden: vrijdag 23 juni 2017 14:25
> Aan: Eero Volotinen <eero.voloti...@iki.fi<mailto:eero.voloti...@iki.fi>>
> CC: 
> openvas-discuss@wald.intevation.org<mailto:openvas-discuss@wald.intevation.org>
> Onderwerp: Re: [Openvas-discuss] Scans not executing
>
> Thanks for responding!
>
> Should I move the socket file from /tmp to /run/redis and also modify the 
> kb_location path accordingly?
>
> I'm new to openvas and not really sure what needs to be done.
>
> Harsh
>
> On Fri, Jun 23, 2017 at 5:47 PM, Eero Volotinen 
> <eero.voloti...@iki.fi<mailto:eero.voloti...@iki.fi><mailto:eero.voloti...@iki.fi<mailto:eero.voloti...@iki.fi>>>
>  wrote:
> sounds like connection to redis it not working.
>
> Eero
>
> 23.6.2017 3.15 ip. "Harsh kapadia" 
> <harsh9...@gmail.com<mailto:harsh9...@gmail.com><mailto:harsh9...@gmail.com<mailto:harsh9...@gmail.com>>>
>  kirjoitti:
> Hi,
>
> Please see the attached output from openvas-check-setup.log file.  Everything 
> seems OK but still the scans do not execute:
>
> I do still see the below errors in openvassd.dump file.
> (openvassd:23236): lib  kb_redis-CRITICAL **: get_redis_ctx: redis
> connection error: No such file or directory
>
> (openvassd:23236): lib  kb_redis-CRITICAL **: get_redis_ctx: redis
> connection error: No such file or directory
>
> (openvassd:23236): lib  kb_redis-CRITICAL **: get_redis_ctx: redis
> connection error: No such file or directory
>
> (openvassd:23236): lib  kb_redis-CRITICAL **: get_redis_ctx: redis
> connection error: No such file or directory
>
> (openvassd:22085): lib  kb_redis-CRITICAL **: get_redis_ctx: redis
> connection error: No such file or directory
>
> (openvassd:22085): lib  kb_redis-CRITICAL **: get_redis_ctx: redis
> connection error: No such file or directory
>
> Kindly suggest. SELinux is turned off so it shouldn't be a problem to use the 
> socket for redis from /tmp directory.
>
> Thanks!

Regards,

--

Christian Fischer | PGP Key: 0x54F3CE5B76C597AD Greenbone Networks GmbH | 
http://greenbone.net Neumarkt 12, 49074 Osnabrück, Germany | AG Osnabrück, HR B 
202460
Geschäftsführer: Lukas Grunwald, Dr. Jan-Oliver Wagner 
_______________________________________________
Openvas-discuss mailing list
Openvas-discuss@wald.intevation.org<mailto:Openvas-discuss@wald.intevation.org>
https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss
_______________________________________________
Openvas-discuss mailing list
Openvas-discuss@wald.intevation.org<mailto:Openvas-discuss@wald.intevation.org>
https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss


_______________________________________________
Openvas-discuss mailing list
Openvas-discuss@wald.intevation.org
https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss