Re: [Openvas-discuss] Problem starting gsa
Dear Harald thanks, I am indeed using Fedora. Matteo -- ETH Zurich, Dr. Matteo Corti, Leiter ID Basisdienste STB H 11.1, Stampfenbachstrasse 69, 8092 Zurich Tel +41 44 63 27944, http://www.id.ethz.ch > On 31 Jan 2017, at 13:43, Reindl Haraldwrote: > > next time mention your operating system and package versions > https://bugzilla.redhat.com/show_bug.cgi?id=1416034 > > a new build is in testing and and then 0.9.52 should work too > > Am 31.01.2017 um 11:56 schrieb Corti Matteo (ID BD): >> give no output with the following entries in the log file >> >>gsad main: DEBUG:2017-01-31 10h49.22 utc:24066: main: gettext >>translation extensions are enabled (using locale "en_US.UTF-8"). >>gsad main: DEBUG:2017-01-31 10h49.22 utc:24066: Forking... >>gsad main: DEBUG:2017-01-31 10h49.22 utc:24067: Forking for redirect... >>gsad main:CRITICAL:2017-01-31 10h49.22 utc:24067: main: >>start_https_daemon failed! > ___ > Openvas-discuss mailing list > Openvas-discuss@wald.intevation.org > https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss smime.p7s Description: S/MIME cryptographic signature ___ Openvas-discuss mailing list Openvas-discuss@wald.intevation.org https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss
Re: [Openvas-discuss] Problem starting gsa
next time mention your operating system and package versions https://bugzilla.redhat.com/show_bug.cgi?id=1416034 a new build is in testing and and then 0.9.52 should work too Am 31.01.2017 um 11:56 schrieb Corti Matteo (ID BD): give no output with the following entries in the log file gsad main: DEBUG:2017-01-31 10h49.22 utc:24066: main: gettext translation extensions are enabled (using locale "en_US.UTF-8"). gsad main: DEBUG:2017-01-31 10h49.22 utc:24066: Forking... gsad main: DEBUG:2017-01-31 10h49.22 utc:24067: Forking for redirect... gsad main:CRITICAL:2017-01-31 10h49.22 utc:24067: main: start_https_daemon failed! ___ Openvas-discuss mailing list Openvas-discuss@wald.intevation.org https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss
Re: [Openvas-discuss] Problem starting gsa
I have seen this same problem on hardened machines with ipv6 stack "disabled" or half-disabled. I cannot remember how I fixed this issue. I think, I just modified gsa source to disable ipv6 binding. -- Eero 2017-01-31 13:33 GMT+02:00 Eero Volotinen: > Is dualstack enabled on your system? > > Is ipv6 incorrectly disabled? > > For test, try to enable ipv6 and try again? > > -- > Eero > > 2017-01-31 13:28 GMT+02:00 Corti Matteo (ID BD) : > >> Dear Christian >> >> Thanks for the hint but >> >> /usr/sbin/gsad --no-redirect --port=9392 --mport=9390 >> --mlisten=127.0.0.1 --gnutls-priorities=SECURE128: >> -AES-128-CBC:-CAMELLIA-128-CBC:-VERS-SSL3.0:-VERS-TLS1.0 -f -vvv >> >> gives no improvement >> >> gsad main: DEBUG:2017-01-31 11h24.01 utc:32463: main: gettext >> translation extensions are enabled (using locale "en_US.UTF-8"). >> gsad main:CRITICAL:2017-01-31 11h24.01 utc:32463: main: >> start_https_daemon failed! >> >> >> Now with --http-only it starts but listens only on IPv6 >> >> $ netstat -anp | grep 372 >> tcp6 0 0 :::9392 :::* >> LISTEN 372/gsad >> >> >> Matteo >> >> >> -- >> ETH Zurich, Dr. Matteo Corti, Leiter ID Basisdienste >> STB H 11.1, Stampfenbachstrasse 69, 8092 Zurich >> Tel +41 44 63 27944, http://www.id.ethz.ch >> >> On 31 Jan 2017, at 12:03, Christian Fischer < >> christian.fisc...@greenbone.net> wrote: >> >> Hi, >> >> On 31.01.2017 11:56, Corti Matteo (ID BD) wrote: >> >> Why is gsad trying to use port 80? >> >> >> i think because of the following: >> >> gsad main: DEBUG:2017-01-31 10h49.22 utc:24067: Forking for redirect... >> gsad main:WARNING:2017-01-31 10h49.22 utc:24068: main: >> >> start_http_daemon redirect failed ! >> >> Have a look at the --no-redirect parameter of gsad which disables this >> behavior: >> >> --no-redirect Don't redirect HTTP to HTTPS. >> >> Regards, >> >> -- >> >> Christian Fischer | PGP Key: 0x54F3CE5B76C597AD >> Greenbone Networks GmbH | http://greenbone.net >> Neumarkt 12, 49074 Osnabrück, Germany | AG Osnabrück, HR B 202460 >> Geschäftsführer: Lukas Grunwald, Dr. Jan-Oliver Wagner >> ___ >> Openvas-discuss mailing list >> Openvas-discuss@wald.intevation.org >> https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/o >> penvas-discuss >> >> >> >> ___ >> Openvas-discuss mailing list >> Openvas-discuss@wald.intevation.org >> https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/o >> penvas-discuss >> > > ___ Openvas-discuss mailing list Openvas-discuss@wald.intevation.org https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss
Re: [Openvas-discuss] Problem starting gsa
Is dualstack enabled on your system? Is ipv6 incorrectly disabled? For test, try to enable ipv6 and try again? -- Eero 2017-01-31 13:28 GMT+02:00 Corti Matteo (ID BD): > Dear Christian > > Thanks for the hint but > > /usr/sbin/gsad --no-redirect --port=9392 --mport=9390 --mlisten=127.0.0.1 > --gnutls-priorities=SECURE128:-AES-128-CBC:-CAMELLIA-128-CBC:-VERS-SSL3.0:-VERS-TLS1.0 > -f -vvv > > gives no improvement > > gsad main: DEBUG:2017-01-31 11h24.01 utc:32463: main: gettext translation > extensions are enabled (using locale "en_US.UTF-8"). > gsad main:CRITICAL:2017-01-31 11h24.01 utc:32463: main: start_https_daemon > failed! > > > Now with --http-only it starts but listens only on IPv6 > > $ netstat -anp | grep 372 > tcp6 0 0 :::9392 :::* > LISTEN 372/gsad > > > Matteo > > > -- > ETH Zurich, Dr. Matteo Corti, Leiter ID Basisdienste > STB H 11.1, Stampfenbachstrasse 69, 8092 Zurich > Tel +41 44 63 27944, http://www.id.ethz.ch > > On 31 Jan 2017, at 12:03, Christian Fischer net> wrote: > > Hi, > > On 31.01.2017 11:56, Corti Matteo (ID BD) wrote: > > Why is gsad trying to use port 80? > > > i think because of the following: > > gsad main: DEBUG:2017-01-31 10h49.22 utc:24067: Forking for redirect... > gsad main:WARNING:2017-01-31 10h49.22 utc:24068: main: > > start_http_daemon redirect failed ! > > Have a look at the --no-redirect parameter of gsad which disables this > behavior: > > --no-redirect Don't redirect HTTP to HTTPS. > > Regards, > > -- > > Christian Fischer | PGP Key: 0x54F3CE5B76C597AD > Greenbone Networks GmbH | http://greenbone.net > Neumarkt 12, 49074 Osnabrück, Germany | AG Osnabrück, HR B 202460 > Geschäftsführer: Lukas Grunwald, Dr. Jan-Oliver Wagner > ___ > Openvas-discuss mailing list > Openvas-discuss@wald.intevation.org > https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss > > > > ___ > Openvas-discuss mailing list > Openvas-discuss@wald.intevation.org > https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss > ___ Openvas-discuss mailing list Openvas-discuss@wald.intevation.org https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss
Re: [Openvas-discuss] Problem starting gsa
Dear Christian Thanks for the hint but /usr/sbin/gsad --no-redirect --port=9392 --mport=9390 --mlisten=127.0.0.1 --gnutls-priorities=SECURE128:-AES-128-CBC:-CAMELLIA-128-CBC:-VERS-SSL3.0:-VERS-TLS1.0 -f -vvv gives no improvement gsad main: DEBUG:2017-01-31 11h24.01 utc:32463: main: gettext translation extensions are enabled (using locale "en_US.UTF-8"). gsad main:CRITICAL:2017-01-31 11h24.01 utc:32463: main: start_https_daemon failed! Now with --http-only it starts but listens only on IPv6 $ netstat -anp | grep 372 tcp6 0 0 :::9392 :::*LISTEN 372/gsad Matteo -- ETH Zurich, Dr. Matteo Corti, Leiter ID Basisdienste STB H 11.1, Stampfenbachstrasse 69, 8092 Zurich Tel +41 44 63 27944, http://www.id.ethz.ch > On 31 Jan 2017, at 12:03, Christian Fischer> wrote: > > Hi, > > On 31.01.2017 11:56, Corti Matteo (ID BD) wrote: >> Why is gsad trying to use port 80? > > i think because of the following: > >> gsad main: DEBUG:2017-01-31 10h49.22 utc:24067: Forking for redirect... >> gsad main:WARNING:2017-01-31 10h49.22 utc:24068: main: > start_http_daemon redirect failed ! > > Have a look at the --no-redirect parameter of gsad which disables this > behavior: > > --no-redirect Don't redirect HTTP to HTTPS. > > Regards, > > -- > > Christian Fischer | PGP Key: 0x54F3CE5B76C597AD > Greenbone Networks GmbH | http://greenbone.net > Neumarkt 12, 49074 Osnabrück, Germany | AG Osnabrück, HR B 202460 > Geschäftsführer: Lukas Grunwald, Dr. Jan-Oliver Wagner > ___ > Openvas-discuss mailing list > Openvas-discuss@wald.intevation.org > https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss smime.p7s Description: S/MIME cryptographic signature ___ Openvas-discuss mailing list Openvas-discuss@wald.intevation.org https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss
Re: [Openvas-discuss] Problem starting gsa
Hi, On 31.01.2017 11:56, Corti Matteo (ID BD) wrote: > Why is gsad trying to use port 80? i think because of the following: > gsad main: DEBUG:2017-01-31 10h49.22 utc:24067: Forking for redirect... > gsad main:WARNING:2017-01-31 10h49.22 utc:24068: main: start_http_daemon redirect failed ! Have a look at the --no-redirect parameter of gsad which disables this behavior: --no-redirect Don't redirect HTTP to HTTPS. Regards, -- Christian Fischer | PGP Key: 0x54F3CE5B76C597AD Greenbone Networks GmbH | http://greenbone.net Neumarkt 12, 49074 Osnabrück, Germany | AG Osnabrück, HR B 202460 Geschäftsführer: Lukas Grunwald, Dr. Jan-Oliver Wagner ___ Openvas-discuss mailing list Openvas-discuss@wald.intevation.org https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss
[Openvas-discuss] Problem starting gsa
Hi Since a couple of days I am no more able to start gsa. For example $ /usr/sbin/gsad --port=9392 --mport=9390 --mlisten=127.0.0.1 --gnutls-priorities=SECURE128:-AES-128-CBC:-CAMELLIA-128-CBC:-VERS-SSL3.0:-VERS-TLS1.0 -vvv give no output with the following entries in the log file gsad main: DEBUG:2017-01-31 10h49.22 utc:24066: main: gettext translation extensions are enabled (using locale "en_US.UTF-8"). gsad main: DEBUG:2017-01-31 10h49.22 utc:24066: Forking... gsad main: DEBUG:2017-01-31 10h49.22 utc:24067: Forking for redirect... gsad main:CRITICAL:2017-01-31 10h49.22 utc:24067: main: start_https_daemon failed! gsad main:WARNING:2017-01-31 10h49.22 utc:24068: MHD: Failed to listen for connections: Address already in use gsad main:WARNING:2017-01-31 10h49.22 utc:24068: main: start_http_daemon redirect failed ! Manager is running and listening to 9390 $ telnet 127.0.0.1 9390 Trying 127.0.0.1... Connected to 127.0.0.1. Escape character is '^]'. ^] telnet> close Connection closed. $ And nothing is already listening on port 9392 $ netstat -anp | grep 9392 $ Executing it with strace I see that it tries to use port 80 with IPv6 [pid 24762] bind(4, {sa_family=AF_INET6, sin6_port=htons(80), inet_pton(AF_INET6, "::", _addr), sin6_flowinfo=htonl(0), sin6_scope_id=0}, 28 Port 80 *is* already used. Why is gsad trying to use port 80? Thanks in advance Matteo -- ETH Zurich, Dr. Matteo Corti, Leiter ID Basisdienste STB H 11.1, Stampfenbachstrasse 69, 8092 Zurich Tel +41 44 63 27944, http://www.id.ethz.ch smime.p7s Description: S/MIME cryptographic signature ___ Openvas-discuss mailing list Openvas-discuss@wald.intevation.org https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss