try rebuilding nvt caches? Eero
2017-08-28 16:57 GMT+03:00 Trent Townsend < [email protected]>: > Eero, > > Let me backup just a moment. Now I can’t seem to get the scanner to > start: > > > > [root@ggc-scan cron.d]# systemctl status openvas-scanner > > ● openvas-scanner.service - OpenVAS Scanner > > Loaded: loaded (/usr/lib/systemd/system/openvas-scanner.service; > enabled; vendor preset: disabled) > > Active: activating (start) since Mon 2017-08-28 08:46:07 CDT; 52s ago > > Control: 4056 (openvassd) > > CGroup: /system.slice/openvas-scanner.service > > └─4056 /usr/sbin/openvassd > > > > Aug 28 08:46:07 ggc-scan systemd[1]: Starting OpenVAS Scanner... > > > > > > The openvassd.log file doesn’t show much except: > > > > [Mon Aug 28 13:11:52 2017][3090] Failed to initialize nvti cache. > > > > How can I determine what is going on with my scanner? I’d like to avoid > rebuilding the entire system. > > > > Thank you very much in advance, > > Trent > > > > *From:* [email protected] [mailto:[email protected]] *On > Behalf Of *Eero Volotinen > *Sent:* Monday, August 28, 2017 2:23 AM > *To:* Trent Townsend <[email protected]> > *Cc:* [email protected] > *Subject:* Re: [Openvas-discuss] Scans stop at 1% > > > > check out that redis is configured and working. > > > > Eero > > > > 2017-08-28 5:14 GMT+03:00 Trent Townsend <trent_townsend@ > nextstepinnovation.com>: > > I know this has been asked many times over the years but I am at a loss. > I keep getting the scans “Stopped at 1%” message and I cannot find anywhere > in the logs that would tell me why. I did get one scan to run today but I > cannot repeat that success. How does one find what is causing this > problem? Is it possible this is tied to memory or CPU? > > > > Thanks in advance. > > > > openvas-check-setup log below > > > > Trent > > > > ----------------------------------------------- > > > > openvas-check-setup 2.3.7 > > Test completeness and readiness of OpenVAS-9 > > > > Please report us any non-detected problems and > > help us to improve this check routine: > > http://lists.wald.intevation.org/mailman/listinfo/openvas-discuss > > > > Send us the log-file (/tmp/openvas-check-setup.log) to help analyze the > problem. > > > > Use the parameter --server to skip checks for client tools > > like GSD and OpenVAS-CLI. > > > > Step 1: Checking OpenVAS Scanner ... > > OK: OpenVAS Scanner is present in version 5.1.1. > > OK: redis-server is present in version v=3.2.3. > > OK: scanner (kb_location setting) is configured properly using the > redis-server socket: /tmp/redis.sock > > OK: redis-server is running and listening on socket: > /tmp/redis.sock. > > OK: redis-server configuration is OK and redis-server is running. > > OK: NVT collection in /var/lib/openvas/plugins contains 54814 NVTs. > > WARNING: Signature checking of NVTs is not enabled in OpenVAS > Scanner. > > SUGGEST: Enable signature checking (see http://www.openvas.org/ > trusted-nvts.html). > > OK: The NVT cache in /var/cache/openvas contains 54814 files for > 54814 NVTs. > > Step 2: Checking OpenVAS Manager ... > > OK: OpenVAS Manager is present in version 7.0.2. > > OK: OpenVAS Manager database found in > /var/lib/openvas/mgr/tasks.db. > > OK: Access rights for the OpenVAS Manager database are correct. > > OK: sqlite3 found, extended checks of the OpenVAS Manager > installation enabled. > > OK: OpenVAS Manager database is at revision 184. > > OK: OpenVAS Manager expects database at revision 184. > > OK: Database schema is up to date. > > OK: OpenVAS Manager database contains information about 54814 NVTs. > > OK: At least one user exists. > > OK: OpenVAS SCAP database found in /var/lib/openvas/scap-data/ > scap.db. > > OK: OpenVAS CERT database found in /var/lib/openvas/cert-data/ > cert.db. > > OK: xsltproc found. > > Step 3: Checking user configuration ... > > WARNING: Your password policy is empty. > > SUGGEST: Edit the /etc/openvas/pwpolicy.conf file to set a > password policy. > > Step 4: Checking Greenbone Security Assistant (GSA) ... > > OK: Greenbone Security Assistant is present in version 7.0.2. > > OK: Your OpenVAS certificate infrastructure passed validation. > > Step 5: Checking OpenVAS CLI ... > > OK: OpenVAS CLI version 1.4.5. > > Step 6: Checking Greenbone Security Desktop (GSD) ... > > SKIP: Skipping check for Greenbone Security Desktop. > > Step 7: Checking if OpenVAS services are up and running ... > > OK: netstat found, extended checks of the OpenVAS services enabled. > > OK: OpenVAS Scanner is running and listening on a Unix domain > socket. > > OK: OpenVAS Manager is running and listening on a Unix domain > socket. > > OK: Greenbone Security Assistant is listening on port 80, which is > the default port. > > Step 8: Checking nmap installation ... > > WARNING: Your version of nmap is not fully supported: 6.47 > > SUGGEST: You should install nmap 5.51 if you plan to use the nmap > NSE NVTs. > > Step 10: Checking presence of optional tools ... > > OK: pdflatex found. > > WARNING: PDF generation failed, most likely due to missing LaTeX > packages. The PDF report format will not work. > > SUGGEST: Install required LaTeX packages. > > OK: ssh-keygen found, LSC credential generation for GNU/Linux > targets is likely to work. > > OK: rpm found, LSC credential package generation for RPM based > targets is likely to work. > > WARNING: Could not find alien binary, LSC credential package > generation for DEB based targets will not work. > > SUGGEST: Install alien. > > OK: nsis found, LSC credential package generation for Microsoft > Windows targets is likely to work. > > OK: SELinux is disabled. > > > > It seems like your OpenVAS-9 installation is OK. > > > > If you think it is not OK, please report your observation > > and help us to improve this check routine: > > http://lists.wald.intevation.org/mailman/listinfo/openvas-discuss > > Please attach the log-file (/tmp/openvas-check-setup.log) to help us > analyze the problem. > > > > [root@ggc-scan openvas]# cat /tmp/openvas-check-setup.log > > openvas-check-setup 2.3.7 > > Mode: desktop > > Date: Sun, 27 Aug 2017 21:03:41 -0500 > > > > Checking for old OpenVAS Scanner <= 2.0 ... > > /bin/openvas-check-setup: line 172: openvasd: command not found > > > > Checking presence of OpenVAS Scanner ... > > OpenVAS Scanner 5.1.1 > > Most new code since 2005: (C) 2016 Greenbone Networks GmbH > > Nessus origin: (C) 2004 Renaud Deraison <[email protected]> > > License GPLv2: GNU GPL version 2 > > This is free software: you are free to change and redistribute it. > > There is NO WARRANTY, to the extent permitted by law. > > > > > > Checking OpenVAS Scanner version ... > > > > OK: OpenVAS Scanner is present in version 5.1.1. > > plugins_folder = /var/lib/openvas/plugins > > cache_folder = /var/cache/openvas > > include_folders = /var/lib/openvas/plugins > > max_hosts = 30 > > max_checks = 10 > > be_nice = no > > logfile = /var/log/openvas/openvassd.log > > log_whole_attack = no > > log_plugins_name_at_load = no > > dumpfile = /var/log/openvas/openvassd.dump > > cgi_path = /cgi-bin:/scripts > > optimize_test = yes > > checks_read_timeout = 5 > > network_scan = no > > non_simult_ports = 139, 445 > > plugins_timeout = 320 > > scanner_plugins_timeout = 36000 > > safe_checks = yes > > auto_enable_dependencies = yes > > use_mac_addr = no > > nasl_no_signature_check = yes > > drop_privileges = no > > unscanned_closed = yes > > unscanned_closed_udp = yes > > vhosts = > > vhosts_ip = > > report_host_details = yes > > kb_location = /tmp/redis.sock > > timeout_retry = 3 > > rules = /etc/openvas/openvassd.rules > > port_range = default > > silent_dependencies = no > > save_knowledge_base = no > > kb_restore = no > > only_test_hosts_whose_kb_we_dont_have = no > > only_test_hosts_whose_kb_we_have = no > > kb_dont_replay_scanners = no > > kb_dont_replay_info_gathering = no > > kb_dont_replay_attacks = no > > kb_dont_replay_denials = no > > kb_max_age = 864000 > > slice_network_addresses = no > > cert_file = /var/lib/openvas/CA/servercert.pem > > key_file = /var/lib/openvas/private/CA/serverkey.pem > > ca_file = /var/lib/openvas/CA/cacert.pem > > config_file = /etc/openvas/openvassd.conf > > Checking presence of redis ... > > OK: redis-server is present in version v=3.2.3. > > > > Checking if redis-server is configured properly to run with openVAS ... > > OK: scanner (kb_location setting) is configured properly using the > redis-server socket: /tmp/redis.sock > > Checking if redis-server is running ... > > OK: redis-server is running and listening on socket: > /tmp/redis.sock. > > OK: redis-server configuration is OK and redis-server is running. > > > > Checking NVT collection ... > > > > OK: NVT collection in /var/lib/openvas/plugins contains 54814 NVTs. > > Checking status of signature checking in OpenVAS Scanner ... > > WARNING: Signature checking of NVTs is not enabled in OpenVAS > Scanner. > > SUGGEST: Enable signature checking (see http://www.openvas.org/ > trusted-nvts.html). > > > > OK: The NVT cache in /var/cache/openvas contains 54814 files for > 54814 NVTs. > > > > Checking presence of OpenVAS Manager ... > > OpenVAS Manager 7.0.2 > > Manager DB revision 184 > > Copyright (C) 2010-2016 Greenbone Networks GmbH > > License GPLv2+: GNU GPL version 2 or later > > This is free software: you are free to change and redistribute it. > > There is NO WARRANTY, to the extent permitted by law. > > > > > > > > OK: OpenVAS Manager is present in version 7.0.2. > > Checking OpenVAS Manager database ... > > > > OK: OpenVAS Manager database found in > /var/lib/openvas/mgr/tasks.db. > > Checking access rights of OpenVAS Manager database ... > > > > OK: Access rights for the OpenVAS Manager database are correct. > > Checking sqlite3 presence ... > > OK: sqlite3 found, extended checks of the OpenVAS Manager > installation enabled. > > > > Checking OpenVAS Manager database revision ... > > OK: OpenVAS Manager database is at revision 184. > > Checking database revision expected by OpenVAS Manager ... > > OK: OpenVAS Manager expects database at revision 184. > > OK: Database schema is up to date. > > Checking OpenVAS Manager database (NVT data) ... > > OK: OpenVAS Manager database contains information about 54814 NVTs. > > Checking if users exist ... > > OK: At least one user exists. > > > > Checking OpenVAS SCAP database ... > > > > OK: OpenVAS SCAP database found in /var/lib/openvas/scap-data/ > scap.db. > > Checking OpenVAS CERT database ... > > > > OK: OpenVAS CERT database found in /var/lib/openvas/cert-data/ > cert.db. > > Checking xsltproc presence ... > > OK: xsltproc found. > > > > Checking status of password policy ... > > WARNING: Your password policy is empty. > > SUGGEST: Edit the /etc/openvas/pwpolicy.conf file to set a > password policy. > > > > Checking presence of Greenbone Security Assistant ... > > Greenbone Security Assistant 7.0.2 > > Copyright (C) 2010-2016 Greenbone Networks GmbH > > License GPLv2+: GNU GPL version 2 or later > > This is free software: you are free to change and redistribute it. > > There is NO WARRANTY, to the extent permitted by law. > > > > > > > > OK: Greenbone Security Assistant is present in version 7.0.2. > > Verifying certificate infrastructure ... > > OK: Directory for keys (/var/lib/openvas/private/CA) exists. > > OK: Directory for certificates (/var/lib/openvas/CA) exists. > > OK: CA key found in /var/lib/openvas/private/CA/cakey.pem > > OK: CA certificate found in /var/lib/openvas/CA/cacert.pem > > OK: CA certificate verified. > > OK: Certificate /var/lib/openvas/CA/servercert.pem verified. > > OK: Certificate /var/lib/openvas/CA/clientcert.pem verified. > > > > OK: Your OpenVAS certificate infrastructure passed validation. > > > > OK: Your OpenVAS certificate infrastructure passed validation. > > Checking presence of OpenVAS CLI ... > > OMP Command Line Interface 1.4.5 > > Copyright (C) 2010-2016 Greenbone Networks GmbH > > License GPLv2+: GNU GPL version 2 or later > > This is free software: you are free to change and redistribute it. > > There is NO WARRANTY, to the extent permitted by law. > > > > > > > > OK: OpenVAS CLI version 1.4.5. > > SKIP: Skipping check for Greenbone Security Desktop. > > Checking netstat presence ... > > OK: netstat found, extended checks of the OpenVAS services enabled. > > > > Active Internet connections (only servers) > > Proto Recv-Q Send-Q Local Address Foreign Address > State PID/Program name > > tcp 0 0 127.0.0.1:6379 0.0.0.0:* > LISTEN 1060/redis-server 1 > > tcp 0 0 127.0.0.1:9390 0.0.0.0:* > LISTEN 2544/openvasmd > > tcp 0 0 0.0.0.0:9392 0.0.0.0:* > LISTEN 2227/gsad > > tcp 0 0 0.0.0.0:80 0.0.0.0:* > LISTEN 2229/gsad > > tcp 0 0 0.0.0.0:22 0.0.0.0:* > LISTEN 1059/sshd > > tcp 0 0 127.0.0.1:25 0.0.0.0:* > LISTEN 1877/master > > tcp6 0 0 :::22 :::* > LISTEN 1059/sshd > > tcp6 0 0 ::1:25 :::* > LISTEN 1877/master > > OK: OpenVAS Scanner is running and listening on a Unix domain > socket. > > OK: OpenVAS Manager is running and listening on a Unix domain > socket. > > OK: Greenbone Security Assistant is listening on port 80, which is > the default port. > > Checking presence of nmap ... > > WARNING: Your version of nmap is not fully supported: 6.47 > > SUGGEST: You should install nmap 5.51 if you plan to use the nmap > NSE NVTs. > > > > Checking presence of pdflatex ... > > OK: pdflatex found. > > > > Checking presence of LaTeX packages required for PDF report generation ... > > WARNING: PDF generation failed, most likely due to missing LaTeX > packages. The PDF report format will not work. > > SUGGEST: Install required LaTeX packages. > > This is pdfTeX, Version 3.1415926-2.5-1.40.14 (TeX Live 2013) > (format=pdflatex 2017.8.24) 27 AUG 2017 21:04 > > entering extended mode > > restricted \write18 enabled. > > %&-line parsing enabled. > > **/tmp/openvas-check-setup-tmp.wAAVQxBD9W/test.tex > > (/tmp/openvas-check-setup-tmp.wAAVQxBD9W/test.tex > > LaTeX2e <2011/06/27> > > Babel <v3.8m> and hyphenation patterns for english, dumylang, > nohyphenation, lo > > aded. > > (/usr/share/texlive/texmf-dist/tex/latex/base/article.cls > > Document Class: article 2007/10/19 v1.4h Standard LaTeX document class > > (/usr/share/texlive/texmf-dist/tex/latex/base/size10.clo > > File: size10.clo 2007/10/19 v1.4h Standard LaTeX file (size option) > > ) > > \c@part=\count79 > > \c@section=\count80 > > \c@subsection=\count81 > > \c@subsubsection=\count82 > > \c@paragraph=\count83 > > \c@subparagraph=\count84 > > \c@figure=\count85 > > \c@table=\count86 > > \abovecaptionskip=\skip41 > > \belowcaptionskip=\skip42 > > \bibindent=\dimen102 > > ) (/usr/share/texlive/texmf-dist/tex/latex/tools/tabularx.sty > > Package: tabularx 1999/01/07 v2.07 `tabularx' package (DPC) > > (/usr/share/texlive/texmf-dist/tex/latex/tools/array.sty > > Package: array 2008/09/09 v2.4c Tabular extension package (FMi) > > \col@sep=\dimen103 > > \extrarowheight=\dimen104 > > \NC@list=\toks14 > > \extratabsurround=\skip43 > > \backup@length=\skip44 > > ) > > \TX@col@width=\dimen105 > > \TX@old@table=\dimen106 > > \TX@old@col=\dimen107 > > \TX@target=\dimen108 > > \TX@delta=\dimen109 > > \TX@cols=\count87 > > \TX@ftn=\toks15 > > ) (/usr/share/texlive/texmf-dist/tex/latex/geometry/geometry.sty > > Package: geometry 2010/09/12 v5.6 Page Geometry > > (/usr/share/texlive/texmf-dist/tex/latex/graphics/keyval.sty > > Package: keyval 1999/03/16 v1.13 key=value parser (DPC) > > \KV@toks@=\toks16 > > ) (/usr/share/texlive/texmf-dist/tex/generic/oberdiek/ifpdf.sty > > Package: ifpdf 2011/01/30 v2.3 Provides the ifpdf switch (HO) > > Package ifpdf Info: pdfTeX in PDF mode is detected. > > ) (/usr/share/texlive/texmf-dist/tex/generic/oberdiek/ifvtex.sty > > Package: ifvtex 2010/03/01 v1.5 Detect VTeX and its facilities (HO) > > Package ifvtex Info: VTeX not detected. > > ) (/usr/share/texlive/texmf-dist/tex/generic/ifxetex/ifxetex.sty > > Package: ifxetex 2010/09/12 v0.6 Provides ifxetex conditional > > ) > > \Gm@cnth=\count88 > > \Gm@cntv=\count89 > > \c@Gm@tempcnt=\count90 > > \Gm@bindingoffset=\dimen110 > > \Gm@wd@mp=\dimen111 > > \Gm@odd@mp=\dimen112 > > \Gm@even@mp=\dimen113 > > \Gm@layoutwidth=\dimen114 > > \Gm@layoutheight=\dimen115 > > \Gm@layouthoffset=\dimen116 > > \Gm@layoutvoffset=\dimen117 > > \Gm@dimlist=\toks17 > > ) > > > > ! LaTeX Error: File `comment.sty' not found. > > > > Type X to quit or <RETURN> to proceed, > > or enter new name. (Default extension: sty) > > > > Enter file name: > > ! Emergency stop. > > <read *> > > > > l.8 \usepackage > > {longtable}^^M > > *** (cannot \read from terminal in nonstop modes) > > > > > > Here is how much of TeX's memory you used: > > 815 strings out of 495063 > > 11112 string characters out of 3182201 > > 60410 words of memory out of 3000000 > > 4062 multiletter control sequences out of 15000+200000 > > 3640 words of font info for 14 fonts, out of 3000000 for 9000 > > 14 hyphenation exceptions out of 8191 > > 23i,0n,19p,192b,36s stack positions out of 5000i,500n,10000p,200000b, > 50000s > > ! ==> Fatal error occurred, no output PDF file produced! > > Checking presence of ssh-keygen ... > > OK: ssh-keygen found, LSC credential generation for GNU/Linux > targets is likely to work. > > > > Checking presence of rpm ... > > OK: rpm found, LSC credential package generation for RPM based > targets is likely to work. > > > > Checking presence of alien ... > > WARNING: Could not find alien binary, LSC credential package > generation for DEB based targets will not work. > > SUGGEST: Install alien. > > > > Checking presence of nsis ... > > OK: nsis found, LSC credential package generation for Microsoft > Windows targets is likely to work. > > Checking for SELinux ... > > OK: SELinux is disabled. > > > > > > > > -- > > Trent Townsend, CISSP, CCNA > > > > > > > * ------------------------------ * > > *This email is confidential and intended solely for the use of the > individual to whom it is addressed. Any views or opinions presented are > solely those of the author, and do not necessarily represent those of Next > Step Innovation. If you are not the intended recipient, be advised that you > have received this email in error, and that any use, dissemination, > forwarding, printing or copying of this email is strictly prohibited. If > you have received this email in error, please contact the sender. * > * ------------------------------ * > > > _______________________________________________ > Openvas-discuss mailing list > [email protected] > https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss > > > > > > *------------------------------ This email is confidential and intended > solely for the use of the individual to whom it is addressed. Any views or > opinions presented are solely those of the author, and do not necessarily > represent those of Next Step Innovation. If you are not the intended > recipient, be advised that you have received this email in error, and that > any use, dissemination, forwarding, printing or copying of this email is > strictly prohibited. If you have received this email in error, please > contact the sender. ------------------------------* >
_______________________________________________ Openvas-discuss mailing list [email protected] https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss
