Hi, On 23.06.2017 15:03, Thijs Stuurman wrote: > Since it follows redhat, I guess it applies to CentOS as well: > https://access.redhat.com/blogs/766093/posts/1976243 > It should be in the init script for the service, not the redis.conf itself. > > On my system: > > root@ivss:/# ls -l > /etc/systemd/system/multi-user.target.wants/redis-server.service > lrwxrwxrwx 1 root root 40 May 9 18:51 > /etc/systemd/system/multi-user.target.wants/redis-server.service -> > /lib/systemd/system/redis-server.service > root@ivss:/# cat /lib/systemd/system/redis-server.service |grep PrivateTmp > PrivateTmp=yes > root@ivss:/#
i don't think that it is a good idea to disable the PrivateTmp option in the systemds service file. Instead its probably quite better to have redis listen to /var/run/redis/redis.sock and follow my advise to point the openvassd.conf to that location. > Thijs Stuurman > Security Operations Center | KPN Internedservices > thijs.stuur...@internedservices.nl<mailto:thijs.stuur...@internedservices.nl> > | thijs.stuur...@kpn.com<mailto:thijs.stuur...@kpn.com> > T: +31(0)299476185 | M: +31(0)624366778 > PGP Key-ID: 0x16ADC048 (https://pgp.surfnet.nl/) > Fingerprint: 2EDB 9B42 D6E8 7D4B 6E02 8BE5 6D46 8007 16AD C048 > > W: https://www.internedservices.nl<https://www.internedservices.nl/> | L: > http://nl.linkedin.com/in/thijsstuurman > > Van: Harsh kapadia [mailto:harsh9...@gmail.com] > Verzonden: vrijdag 23 juni 2017 14:56 > Aan: Thijs Stuurman <thijs.stuur...@internedservices.nl> > CC: Christian Fischer <christian.fisc...@greenbone.net>; > openvas-discuss@wald.intevation.org > Onderwerp: Re: [Openvas-discuss] Scans not executing > > Christian, > > Will the same apply to CentOS as well. Where can i check the redis parameter > of PtivateTmp? Is it the /etc/redis.conf file? > > Thanks! > Harsh > > On Fri, Jun 23, 2017 at 6:12 PM, Thijs Stuurman > <thijs.stuur...@internedservices.nl<mailto:thijs.stuur...@internedservices.nl>> > wrote: > Christian, > > Ah so that is what is going on.. sneaky! I created the openvassd.conf and it > works, thanks! > > > Thijs Stuurman > Security Operations Center | KPN Internedservices > thijs.stuur...@internedservices.nl<mailto:thijs.stuur...@internedservices.nl> > | thijs.stuur...@kpn.com<mailto:thijs.stuur...@kpn.com> > T: +31(0)299476185 | M: +31(0)624366778 > PGP Key-ID: 0x16ADC048 (https://pgp.surfnet.nl/) > Fingerprint: 2EDB 9B42 D6E8 7D4B 6E02 8BE5 6D46 8007 16AD C048 > > W: https://www.internedservices.nl | L: > http://nl.linkedin.com/in/thijsstuurman > > > -----Oorspronkelijk bericht----- > Van: Openvas-discuss > [mailto:openvas-discuss-boun...@wald.intevation.org<mailto:openvas-discuss-boun...@wald.intevation.org>] > Namens Christian Fischer > Verzonden: vrijdag 23 juni 2017 14:36 > Aan: > openvas-discuss@wald.intevation.org<mailto:openvas-discuss@wald.intevation.org> > Onderwerp: Re: [Openvas-discuss] Scans not executing > Hi, > > On 23.06.2017 14:28, Thijs Stuurman wrote: >> First check where your redis.sock actually is located; if it exists at all.. >> look at your redis configuration file for the path. >> Then look at where openvas expects it to be.. it should show in the logging. >> >> I run openvas9 on Ubuntu 16.04 and openvas somehow expects it to be in /tmp/ >> but for some (probably good) reason redis refuses or cannot make it in /tmp. >> Haven’t bothered to figure out why, set it back to default >> /var/run/redis/redis.sock and made a symlink in /tmp to it because I >> had to get it working ;p (ln -s /var/run/redis/redis.sock >> /tmp/redis.sock) .. I should recompile openvas to fix the path I >> guess.. someday.. after my vacation ;p > > /tmp won't work because Debian/Ubuntu is using a "PrivateTmp=true" in its > redis systemd script which causes the redis.sock to end up somewhere in: > > /tmp/systemd-private-xyz* > > However you don't need to recompile OpenVAS to change the location where it > is expecting the redis.sock. Just adding the following to your openvassd.conf > (create one in your /path/to/etc/openvas if it doesn't > exist): > > kb_location = /var/run/redis/redis.sock > >> Thijs Stuurman >> Security Operations Center | KPN Internedservices >> thijs.stuur...@internedservices.nl<mailto:thijs.stuur...@internedservices.nl><mailto:thijs.stuurman@internedservi<mailto:thijs.stuurman@internedservi> >> ces.nl<http://ces.nl>> | >> thijs.stuur...@kpn.com<mailto:thijs.stuur...@kpn.com><mailto:thijs.stuur...@kpn.com<mailto:thijs.stuur...@kpn.com>> >> T: +31(0)299476185 | M: +31(0)624366778 PGP Key-ID: 0x16ADC048 >> (https://pgp.surfnet.nl/) >> Fingerprint: 2EDB 9B42 D6E8 7D4B 6E02 8BE5 6D46 8007 16AD C048 >> >> W: https://www.internedservices.nl<https://www.internedservices.nl/> | >> L: http://nl.linkedin.com/in/thijsstuurman >> >> Van: Openvas-discuss >> [mailto:openvas-discuss-boun...@wald.intevation.org<mailto:openvas-discuss-boun...@wald.intevation.org>] >> Namens Harsh >> kapadia >> Verzonden: vrijdag 23 juni 2017 14:25 >> Aan: Eero Volotinen <eero.voloti...@iki.fi<mailto:eero.voloti...@iki.fi>> >> CC: >> openvas-discuss@wald.intevation.org<mailto:openvas-discuss@wald.intevation.org> >> Onderwerp: Re: [Openvas-discuss] Scans not executing >> >> Thanks for responding! >> >> Should I move the socket file from /tmp to /run/redis and also modify the >> kb_location path accordingly? >> >> I'm new to openvas and not really sure what needs to be done. >> >> Harsh >> >> On Fri, Jun 23, 2017 at 5:47 PM, Eero Volotinen >> <eero.voloti...@iki.fi<mailto:eero.voloti...@iki.fi><mailto:eero.voloti...@iki.fi<mailto:eero.voloti...@iki.fi>>> >> wrote: >> sounds like connection to redis it not working. >> >> Eero >> >> 23.6.2017 3.15 ip. "Harsh kapadia" >> <harsh9...@gmail.com<mailto:harsh9...@gmail.com><mailto:harsh9...@gmail.com<mailto:harsh9...@gmail.com>>> >> kirjoitti: >> Hi, >> >> Please see the attached output from openvas-check-setup.log file. >> Everything seems OK but still the scans do not execute: >> >> I do still see the below errors in openvassd.dump file. >> (openvassd:23236): lib kb_redis-CRITICAL **: get_redis_ctx: redis >> connection error: No such file or directory >> >> (openvassd:23236): lib kb_redis-CRITICAL **: get_redis_ctx: redis >> connection error: No such file or directory >> >> (openvassd:23236): lib kb_redis-CRITICAL **: get_redis_ctx: redis >> connection error: No such file or directory >> >> (openvassd:23236): lib kb_redis-CRITICAL **: get_redis_ctx: redis >> connection error: No such file or directory >> >> (openvassd:22085): lib kb_redis-CRITICAL **: get_redis_ctx: redis >> connection error: No such file or directory >> >> (openvassd:22085): lib kb_redis-CRITICAL **: get_redis_ctx: redis >> connection error: No such file or directory >> >> Kindly suggest. SELinux is turned off so it shouldn't be a problem to use >> the socket for redis from /tmp directory. >> >> Thanks! > > Regards, > > -- > > Christian Fischer | PGP Key: 0x54F3CE5B76C597AD Greenbone Networks GmbH | > http://greenbone.net Neumarkt 12, 49074 Osnabrück, Germany | AG Osnabrück, HR > B 202460 > Geschäftsführer: Lukas Grunwald, Dr. Jan-Oliver Wagner > _______________________________________________ > Openvas-discuss mailing list > Openvas-discuss@wald.intevation.org<mailto:Openvas-discuss@wald.intevation.org> > https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss > _______________________________________________ > Openvas-discuss mailing list > Openvas-discuss@wald.intevation.org<mailto:Openvas-discuss@wald.intevation.org> > https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss > -- Christian Fischer | PGP Key: 0x54F3CE5B76C597AD Greenbone Networks GmbH | http://greenbone.net Neumarkt 12, 49074 Osnabrück, Germany | AG Osnabrück, HR B 202460 Geschäftsführer: Lukas Grunwald, Dr. Jan-Oliver Wagner _______________________________________________ Openvas-discuss mailing list Openvas-discuss@wald.intevation.org https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss
