Bug#871955: openvas-scanner: invalid UNIX socket location (/tmp/redis.sock)

Sat, 12 Aug 2017 15:37:04 -0700 

Package: openvas-scanner

Version: 5.1.1-2
opevas-check-setup is not able to detect if openvas-scanner is running (listening) or not. it uses simple but not very reliable procedure for this: 

   if [ $HAVE_NETSTAT -eq 1 ]
   then
      netstat -A inet -A inet6 -ntlp 2> /dev/null >> $LOG
      OPENVASSD_HOST=`netstat -A inet -A inet6 -ntlp 2> /dev/null |
   grep openvassd | awk -F\  '{print $4}' | awk -F: 'sub(FS $NF,x)'`
      OPENVASSD_PORT=`netstat -A inet -A inet6 -ntlp 2> /dev/null |
   grep openvassd | awk -F\  '{print $4}' | awk -F: '{print $NF}'`
      OPENVASMD_HOST=`netstat -A inet -A inet6 -ntlp 2> /dev/null |
   grep openvasmd | awk -F\  '{print $4}' | awk -F: 'sub(FS $NF,x)'`
      OPENVASMD_PORT=`netstat -A inet -A inet6 -ntlp 2> /dev/null |
   grep openvasmd | awk -F\  '{print $4}' | awk -F: '{print $NF}'`
      OPENVASAD_HOST=`netstat -A inet -A inet6 -ntlp 2> /dev/null |
   grep openvasad | awk -F\  '{print $4}' | awk -F: 'sub(FS $NF,x)'`
      OPENVASAD_PORT=`netstat -A inet -A inet6 -ntlp 2> /dev/null |
   grep openvasad | awk -F\  '{print $4}' | awk -F: '{print $NF}'`
      GSAD_HOST=`netstat -A inet -A inet6 -ntlp 2> /dev/null | grep
   gsad | awk -F\  '{print $4}' | awk -F: 'sub(FS $NF,x)'`
      GSAD_PORT=`netstat -A inet -A inet6 -ntlp 2> /dev/null | grep
   gsad | awk -F\  '{print $4}' | awk -F: '{print $NF}' | tail -1`

      if [ $VER -ge 9 ]
      then
        OPENVASSD_SOCKET_FOUND=0
        if netstat -A unix -nlp 2> /dev/null | grep "openvassd\.sock" >
   /dev/null
        then
          OPENVASSD_SOCKET_FOUND=1
        fi
        if [ $OPENVASSD_SOCKET_FOUND -eq 1 ]
        then
          log_and_print "OK: OpenVAS Scanner is running and listening
   on a Unix domain socket."
          OPENVASSD_PORT=1 ;
        else
          log_and_print "ERROR: OpenVAS Scanner is NOT running!"
          log_and_print "FIX: Start OpenVAS Scanner (openvassd)."
          OPENVASSD_PORT=-1 ;
        fi
      else
since openvassd have no inet listening options (only file and socket for --listen-mode) proper detection of it's UNIX socket becomes important. notice "openvassd\.sock" expression, yet openvas-scanner package configured with /tmp/redis.sock for socket location which i believe is invalid. probably should be something similar to /var/lib/openvas/openvassd.sock to comply 

/etc/default/openvas-scanner contains:

   SCANNER_SOCKET=/tmp/redis.sock

/lib/systemd/system/openvas-scanner.service contains:

   ExecStart=/usr/sbin/openvassd --unix-socket=/tmp/redis.sock

--
Vladislav Artemyev

Reply via email to