Christian, Yes I agree.
Thijs Stuurman Security Operations Center | KPN Internedservices [email protected] | [email protected] T: +31(0)299476185 | M: +31(0)624366778 PGP Key-ID: 0x16ADC048 (https://pgp.surfnet.nl/) Fingerprint: 2EDB 9B42 D6E8 7D4B 6E02 8BE5 6D46 8007 16AD C048 W: https://www.internedservices.nl | L: http://nl.linkedin.com/in/thijsstuurman -----Oorspronkelijk bericht----- Van: Christian Fischer [mailto:[email protected]] Verzonden: vrijdag 23 juni 2017 15:08 Aan: Thijs Stuurman <[email protected]>; Harsh kapadia <[email protected]> CC: [email protected] Onderwerp: Re: [Openvas-discuss] Scans not executing Hi, On 23.06.2017 15:03, Thijs Stuurman wrote: > Since it follows redhat, I guess it applies to CentOS as well: > https://access.redhat.com/blogs/766093/posts/1976243 > It should be in the init script for the service, not the redis.conf itself. > > On my system: > > root@ivss:/# ls -l > /etc/systemd/system/multi-user.target.wants/redis-server.service > lrwxrwxrwx 1 root root 40 May 9 18:51 > /etc/systemd/system/multi-user.target.wants/redis-server.service -> > /lib/systemd/system/redis-server.service > root@ivss:/# cat /lib/systemd/system/redis-server.service |grep > PrivateTmp PrivateTmp=yes root@ivss:/# i don't think that it is a good idea to disable the PrivateTmp option in the systemds service file. Instead its probably quite better to have redis listen to /var/run/redis/redis.sock and follow my advise to point the openvassd.conf to that location. > Thijs Stuurman > Security Operations Center | KPN Internedservices > [email protected]<mailto:thijs.stuurman@internedservi > ces.nl> | [email protected]<mailto:[email protected]> > T: +31(0)299476185 | M: +31(0)624366778 PGP Key-ID: 0x16ADC048 > (https://pgp.surfnet.nl/) > Fingerprint: 2EDB 9B42 D6E8 7D4B 6E02 8BE5 6D46 8007 16AD C048 > > W: https://www.internedservices.nl<https://www.internedservices.nl/> | > L: http://nl.linkedin.com/in/thijsstuurman > > Van: Harsh kapadia [mailto:[email protected]] > Verzonden: vrijdag 23 juni 2017 14:56 > Aan: Thijs Stuurman <[email protected]> > CC: Christian Fischer <[email protected]>; > [email protected] > Onderwerp: Re: [Openvas-discuss] Scans not executing > > Christian, > > Will the same apply to CentOS as well. Where can i check the redis parameter > of PtivateTmp? Is it the /etc/redis.conf file? > > Thanks! > Harsh > > On Fri, Jun 23, 2017 at 6:12 PM, Thijs Stuurman > <[email protected]<mailto:[email protected]>> > wrote: > Christian, > > Ah so that is what is going on.. sneaky! I created the openvassd.conf and it > works, thanks! > > > Thijs Stuurman > Security Operations Center | KPN Internedservices > [email protected]<mailto:thijs.stuurman@internedservi > ces.nl> | [email protected]<mailto:[email protected]> > T: +31(0)299476185 | M: +31(0)624366778 PGP Key-ID: 0x16ADC048 > (https://pgp.surfnet.nl/) > Fingerprint: 2EDB 9B42 D6E8 7D4B 6E02 8BE5 6D46 8007 16AD C048 > > W: https://www.internedservices.nl | L: > http://nl.linkedin.com/in/thijsstuurman > > > -----Oorspronkelijk bericht----- > Van: Openvas-discuss > [mailto:[email protected]<mailto:openvas-dis > [email protected]>] Namens Christian Fischer > Verzonden: vrijdag 23 juni 2017 14:36 > Aan: > [email protected]<mailto:[email protected] > tion.org> > Onderwerp: Re: [Openvas-discuss] Scans not executing Hi, > > On 23.06.2017 14:28, Thijs Stuurman wrote: >> First check where your redis.sock actually is located; if it exists at all.. >> look at your redis configuration file for the path. >> Then look at where openvas expects it to be.. it should show in the logging. >> >> I run openvas9 on Ubuntu 16.04 and openvas somehow expects it to be in /tmp/ >> but for some (probably good) reason redis refuses or cannot make it in /tmp. >> Haven’t bothered to figure out why, set it back to default >> /var/run/redis/redis.sock and made a symlink in /tmp to it because I >> had to get it working ;p (ln -s /var/run/redis/redis.sock >> /tmp/redis.sock) .. I should recompile openvas to fix the path I >> guess.. someday.. after my vacation ;p > > /tmp won't work because Debian/Ubuntu is using a "PrivateTmp=true" in its > redis systemd script which causes the redis.sock to end up somewhere in: > > /tmp/systemd-private-xyz* > > However you don't need to recompile OpenVAS to change the location > where it is expecting the redis.sock. Just adding the following to > your openvassd.conf (create one in your /path/to/etc/openvas if it > doesn't > exist): > > kb_location = /var/run/redis/redis.sock > >> Thijs Stuurman >> Security Operations Center | KPN Internedservices >> [email protected]<mailto:thijs.stuurman@internedserv >> ices.nl><mailto:thijs.stuurman@internedservi<mailto:thijs.stuurman@in >> ternedservi> ces.nl<http://ces.nl>> | >> [email protected]<mailto:[email protected]><mailto:thijs.st >> [email protected]<mailto:[email protected]>> >> T: +31(0)299476185 | M: +31(0)624366778 PGP Key-ID: 0x16ADC048 >> (https://pgp.surfnet.nl/) >> Fingerprint: 2EDB 9B42 D6E8 7D4B 6E02 8BE5 6D46 8007 16AD C048 >> >> W: https://www.internedservices.nl<https://www.internedservices.nl/> >> | >> L: http://nl.linkedin.com/in/thijsstuurman >> >> Van: Openvas-discuss >> [mailto:[email protected]<mailto:openvas-di >> [email protected]>] Namens Harsh kapadia >> Verzonden: vrijdag 23 juni 2017 14:25 >> Aan: Eero Volotinen >> <[email protected]<mailto:[email protected]>> >> CC: >> [email protected]<mailto:[email protected] >> ation.org> >> Onderwerp: Re: [Openvas-discuss] Scans not executing >> >> Thanks for responding! >> >> Should I move the socket file from /tmp to /run/redis and also modify the >> kb_location path accordingly? >> >> I'm new to openvas and not really sure what needs to be done. >> >> Harsh >> >> On Fri, Jun 23, 2017 at 5:47 PM, Eero Volotinen >> <[email protected]<mailto:[email protected]><mailto:[email protected]<mailto:[email protected]>>> >> wrote: >> sounds like connection to redis it not working. >> >> Eero >> >> 23.6.2017 3.15 ip. "Harsh kapadia" >> <[email protected]<mailto:[email protected]><mailto:[email protected]<mailto:[email protected]>>> >> kirjoitti: >> Hi, >> >> Please see the attached output from openvas-check-setup.log file. >> Everything seems OK but still the scans do not execute: >> >> I do still see the below errors in openvassd.dump file. >> (openvassd:23236): lib kb_redis-CRITICAL **: get_redis_ctx: redis >> connection error: No such file or directory >> >> (openvassd:23236): lib kb_redis-CRITICAL **: get_redis_ctx: redis >> connection error: No such file or directory >> >> (openvassd:23236): lib kb_redis-CRITICAL **: get_redis_ctx: redis >> connection error: No such file or directory >> >> (openvassd:23236): lib kb_redis-CRITICAL **: get_redis_ctx: redis >> connection error: No such file or directory >> >> (openvassd:22085): lib kb_redis-CRITICAL **: get_redis_ctx: redis >> connection error: No such file or directory >> >> (openvassd:22085): lib kb_redis-CRITICAL **: get_redis_ctx: redis >> connection error: No such file or directory >> >> Kindly suggest. SELinux is turned off so it shouldn't be a problem to use >> the socket for redis from /tmp directory. >> >> Thanks! > > Regards, > > -- > > Christian Fischer | PGP Key: 0x54F3CE5B76C597AD Greenbone Networks > GmbH | http://greenbone.net Neumarkt 12, 49074 Osnabrück, Germany | AG > Osnabrück, HR B 202460 > Geschäftsführer: Lukas Grunwald, Dr. Jan-Oliver Wagner > _______________________________________________ > Openvas-discuss mailing list > [email protected]<mailto:[email protected] > tion.org> > https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-dis > cuss _______________________________________________ > Openvas-discuss mailing list > [email protected]<mailto:[email protected] > tion.org> > https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-dis > cuss > -- Christian Fischer | PGP Key: 0x54F3CE5B76C597AD Greenbone Networks GmbH | http://greenbone.net Neumarkt 12, 49074 Osnabrück, Germany | AG Osnabrück, HR B 202460 Geschäftsführer: Lukas Grunwald, Dr. Jan-Oliver Wagner _______________________________________________ Openvas-discuss mailing list [email protected] https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss
