I tried to run openvasmd with strace : $ sudo strace openvasmd --progress --verbose --update [truncated ; full trace at https://zerobin.net/?0d4427b3a875038a#6YMcaDXY+ACD6973QGG3aUMbRiXNMb38t+3GLqnO1Rc=]
fstat(3, {st_mode=S_IFREG|0444, st_size=0, ...}) = 0
mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) =
0x7f72c27d8000
read(3, "nodev\tsysfs\nnodev\trootfs\nnodev\tr"..., 1024) = 325
read(3, "", 1024) = 0
close(3) = 0
munmap(0x7f72c27d8000, 4096) = 0
gettimeofday({1438351393, 525853}, NULL) = 0
futex(0x7f72c02b4400, FUTEX_WAKE_PRIVATE, 2147483647) = 0
rt_sigaction(SIGABRT, {0x423900, ~[RTMIN RT_1], SA_RESTORER, 0x7f72c1cb3340},
NULL, 8) = 0
open("/usr/share/zoneinfo/utc 0", O_RDONLY|O_CLOEXEC) = -1 ENOENT (No such file
or directory)
umask(077) = 022
access("/etc/openvas/openvasmd_log.conf", F_OK) = 0
open("/usr/share/locale/locale.alias", O_RDONLY) = 3
fstat(3, {st_mode=S_IFREG|0644, st_size=2570, ...}) = 0
mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) =
0x7f72c27d8000
read(3, "# Locale name alias data base.\n#"..., 4096) = 2570
read(3, "", 4096) = 0
close(3) = 0
munmap(0x7f72c27d8000, 4096) = 0
open("/etc/openvas/openvasmd_log.conf", O_RDONLY) = 3
fstat(3, {st_mode=S_IFREG|0644, st_size=1183, ...}) = 0
read(3, "# OpenVAS Manager logging config"..., 4096) = 1183
read(3, "", 4096) = 0
close(3) = 0
open("/var/log/openvas/openvasmd.log", O_WRONLY|O_CREAT|O_APPEND, 0666) = 3
fstat(3, {st_mode=S_IFREG|0600, st_size=36806, ...}) = 0
write(3, "md main: INFO:2015-07-31 14h"..., 99) = 99
access("/etc/openvas/pwpolicy.conf", F_OK) = 0
fstat(1, {st_mode=S_IFCHR|0620, st_rdev=makedev(136, 1), ...}) = 0
mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) =
0x7f72c27d8000
write(1, "Updating NVT cache... \\", 23Updating NVT cache... \) = 23
write(3, "md main: INFO:2015-07-31 14h"..., 93) = 93
rt_sigaction(SIGCHLD, {SIG_DFL, [], SA_RESTORER, 0x7f72c1cb3340}, NULL, 8) = 0
clone(child_stack=0, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD,
child_tidptr=0x7f72c27bcb90) = 2586
wait4(2586,\
[hang forever]
2586 is openvasmd
$ ps aux | grep 2586
root 2586 0.0 0.2 164268 8364 pts/1 S+ 14:03 0:00 openvasmd:
Updating
$ ps aux | grep openvas
root 2492 2.5 0.5 143812 21848 ? Ss 14:02 0:27 openvassd:
Reloaded all the NVTs.
root 2581 0.0 0.0 67896 2192 pts/1 S+ 14:03 0:00 sudo strace
openvasmd --progress --verbose --update
root 2582 0.0 0.0 4740 756 pts/1 S+ 14:03 0:00 strace
openvasmd --progress --verbose --update
root 2585 0.0 0.0 161368 3708 pts/1 S+ 14:03 0:00 openvasmd:
Reloading
root 2586 0.0 0.2 164268 8364 pts/1 S+ 14:03 0:00 openvasmd:
Updating
Also, I tried a port scan to ensure there is no firewall issue. All my openvas
stack is on the same host:
$ sudo nmap -Pn -sS -p 443,9000-9400 127.0.0.1
Starting Nmap 6.40 ( http://nmap.org ) at 2015-07-31 14:21 UTC
Nmap scan report for localhost (127.0.0.1)
Host is up (0.0000040s latency).
Not shown: 400 closed ports
PORT STATE SERVICE
443/tcp open https
9391/tcp open unknown
Nmap done: 1 IP address (1 host up) scanned in 2.36 seconds
Thanks for your time. On I side note, I have been able to successfully update
the database and run a scan in the past (a few day before this issue).
Again, any suggestions appreciated
Arthur
Le vendredi 31 juillet 2015, 08:18:09 Ferdinand Goldmann a écrit :
> This might be a shot in the blue, but check your firewall settings. I came
> across an OpenVAS installation recently where openvasmd just hung forever.
> strace indicated some TLS bug, but in the end it was just a firewall
> setting blocking access on the loopback interface.
>
> Cheers,
> Ferdinand
>
> On 30.07.2015, at 17:34, Arthur <calvin...@gmail.com> wrote:
> > The box is an ec2 t2.medium instance on ec2, which have 4gb of ram and
> > some proc.
> >
> > I wiped the current install (apt-get purge openvas && rm -Rvf
> > /var/lib/openvas) then reinstalled it and reconfigured it with the help
> > of openvas-check-set (client certificate generation, user creation)
> >
> > When it comes to running `openvasmd --rebuild --progress`, I observe the
> > exact same behaviour : progress bar stop to move, and last line of log
> > are :
> >
> > $ sudo openvasmd --rebuild --progress --verbose
> > Rebuilding NVT cache... \
> >
> >
> > $ sudo tail /var/log/openvas/openvasmd.log
> > md main: INFO:2015-07-30 15h01.44 utc:7057: OpenVAS Manager version
> > 6.0.1 (DB revision 146) md main: INFO:2015-07-30 15h01.44 utc:7057:
> > rebuild_nvt_cache_retry: Reloading NVT cache md main: INFO:2015-07-30
> > 15h01.44 utc:7058: update_or_rebuild_nvt_cache: Rebuilding NVT cache md
> > main: INFO:2015-07-30 15h01.44 utc:7058: Updating NVT cache. md
> > otp:MESSAGE:2015-07-30 15h01.44 utc:7058: Scanner loading: 3700 / 40087
> > nvts. md main: INFO:2015-07-30 15h01.54 utc:7059:
> > update_or_rebuild_nvt_cache: Rebuilding NVT cache md main:
> > INFO:2015-07-30 15h01.54 utc:7059: Updating NVT cache. md
> > otp:MESSAGE:2015-07-30 15h01.54 utc:7059: Scanner loading: 14550 / 40087
> > nvts. md main: INFO:2015-07-30 15h02.04 utc:7060:
> > update_or_rebuild_nvt_cache: Rebuilding NVT cache md main:
> > INFO:2015-07-30 15h02.04 utc:7060: Updating NVT cache. md
> > otp:MESSAGE:2015-07-30 15h02.04 utc:7060: Scanner loading: 22750 / 40087
> > nvts. md main: INFO:2015-07-30 15h02.14 utc:7061:
> > update_or_rebuild_nvt_cache: Rebuilding NVT cache md main:
> > INFO:2015-07-30 15h02.14 utc:7061: Updating NVT cache. md
> > otp:MESSAGE:2015-07-30 15h02.14 utc:7061: Scanner loading: 29700 / 40087
> > nvts. md main: INFO:2015-07-30 15h02.24 utc:7062:
> > update_or_rebuild_nvt_cache: Rebuilding NVT cache md main:
> > INFO:2015-07-30 15h02.24 utc:7062: Updating NVT cache. md
> > otp:MESSAGE:2015-07-30 15h02.24 utc:7062: Scanner loading: 35800 / 40087
> > nvts. md main: INFO:2015-07-30 15h02.34 utc:7063:
> > update_or_rebuild_nvt_cache: Rebuilding NVT cache md main:
> > INFO:2015-07-30 15h02.35 utc:7063: Updating NVT cache.
> >
> > Half an hour later, the process is still alive and the database is still
> > locked ;
> >
> > $ ps aux | grep openvas
> > root 7054 1.9 0.5 145848 21864 ? Ss 15:01 0:28
> > openvassd: Reloaded all the NVTs. root 7056 0.0 0.0 69960 2204
> > pts/1 S+ 15:01 0:00 sudo openvasmd --rebuild --progress --verbose
> > root 7057 0.0 0.0 163432 3912 pts/1 S+ 15:01 0:00
> > openvasmd: Reloading root 7063 0.0 0.2 166344 8456 pts/1 S+
> > 15:02 0:00 openvasmd: Rebuilding
> >
> >
> > $ echo ".schema" | sudo sqlite3 /var/lib/openvas/mgr/tasks.db
> > Error: database is locked
> >
> > On that host, load is far below 1, and there is more than 1.5gb of free
> > ram, so I doubt it is a hardware issue.
> >
> > I will let the process run and see where it goes.
> > Meanwhile, I appreciate any suggestions.
> >
> > Thanks for your time.
> > Arthur
> >
> > Le jeudi 30 juillet 2015, 09:46:04 Brandon Perry a écrit :
> >> Also, not sure what the specs on your box is. You should have at least
> >> 4gb
> >> RAM and a nice proc to nicely run OpenVAS.
> >>
> >> On Thu, Jul 30, 2015 at 9:16 AM, Brandon Perry
> >> <bperry.volat...@gmail.com>
> >>
> >> wrote:
> >>> Yes, while 30 mins is a bit long, let it sit a bit longer. I don't have
> >>> much experience with the Ubuntu packages however.
> >>>
> >>> Also, don't stop them halfway through with Ctrl+c, I am not sure what
> >>> kind
> >>> of state that leaves openvasmd in. If you have done that, probably
> >>> should
> >>> reinstall and try again.
> >>>
> >>> --rebuild will completely rebuild the openvasmd database. --update
> >>> simply
> >>> takes the difference between what openvas-nvt-sync et al have added and
> >>> updates the sqlite DB to include the new data. You probably do not need
> >>> to
> >>> run --rebuild.
> >>>
> >>> On Thu, Jul 30, 2015 at 9:11 AM, Arthur <calvin...@gmail.com> wrote:
> >>>> Haha good question ; around 30 minutes ? The first time I ran that
> >>>> command, it
> >>>> took at most 5 minutes. Should I wait more ?
> >>>>
> >>>> Also, the animated progress bar (the slashes `/|\-`) do not move
> >>>> anymore
> >>>> when
> >>>> it hangs ; I assume a call is blocking somewhere.
> >>>>
> >>>>
> >>>> On a side note, I am using mrazavi packages for Ubuntu 14.04
> >>>> (https://launchpad.net/~mrazavi/+archive/ubuntu/openvas)
> >>>>
> >>>> Le jeudi 30 juillet 2015 09:05:15, vous avez écrit :
> >>>>> How long is forever?
> >>>>>
> >>>>> On Thu, Jul 30, 2015 at 9:04 AM, Arthur <calvin...@gmail.com> wrote:
> >>>>>> Hello,
> >>>>>>
> >>>>>> As my title say, my problem today is that the command
> >>>>>> `openvasmd --progress --verbose --rebuild` never returns and hangs
> >>>>>> forever,
> >>>>>> locking the sqlite database and preventing any other action
> >>>>>> (including
> >>>>>> `openvas-check-setup` which is locked when trying to find users)
> >>>>>>
> >>>>>> $ sudo openvasmd --progress --verbose --rebuild
> >>>>>> Rebuilding NVT cache... /
> >>>>>> [hangs forever]
> >>>>>>
> >>>>>>
> >>>>>> $ sudo tail -f /var/log/openvas/openvasmd.log
> >>>>>> md main:WARNING:2015-07-30 13h35.46 utc:4045: database must be
> >>>>>> initialised
> >>>>>> from scanner (with --update or --rebuild)
> >>>>>> lib auth: INFO:2015-07-30 13h35.47 utc:4045: Authentication
> >>>>>> configuration
> >>>>>> not found.
> >>>>>> md main: INFO:2015-07-30 13h35.52 utc:4049: OpenVAS Manager
> >>>>
> >>>> version
> >>>>
> >>>>>> 6.0.1 (DB revision 146)
> >>>>
> >>>>>> md main: INFO:2015-07-30 13h35.52 utc:4049:
> >>>> rebuild_nvt_cache_retry:
> >>>>>> Reloading NVT cache
> >>>>>> md main: INFO:2015-07-30 13h35.52 utc:4050:
> >>>>>> update_or_rebuild_nvt_cache:
> >>>>>> Rebuilding NVT cache
> >>>>>> md main: INFO:2015-07-30 13h35.52 utc:4050: Updating NVT
> >>>>>> cache.
> >>>>
> >>>>>> md otp:MESSAGE:2015-07-30 13h35.52 utc:4050: Scanner loading:
> >>>> 16550 /
> >>>>
> >>>>>> 40087
> >>>>>> nvts.
> >>>>>> md main: INFO:2015-07-30 13h36.02 utc:4060:
> >>>>>> update_or_rebuild_nvt_cache:
> >>>>>> Rebuilding NVT cache
> >>>>>> md main: INFO:2015-07-30 13h36.02 utc:4060: Updating NVT
> >>>>>> cache.
> >>>>
> >>>>>> md otp:MESSAGE:2015-07-30 13h36.02 utc:4060: Scanner loading:
> >>>> 25400 /
> >>>>
> >>>>>> 40087
> >>>>>> nvts.
> >>>>>> md main: INFO:2015-07-30 13h36.12 utc:4061:
> >>>>>> update_or_rebuild_nvt_cache:
> >>>>>> Rebuilding NVT cache
> >>>>>> md main: INFO:2015-07-30 13h36.12 utc:4061: Updating NVT
> >>>>>> cache.
> >>>>
> >>>>>> md otp:MESSAGE:2015-07-30 13h36.12 utc:4061: Scanner loading:
> >>>> 32650 /
> >>>>
> >>>>>> 40087
> >>>>>> nvts.
> >>>>>> md main: INFO:2015-07-30 13h36.22 utc:4062:
> >>>>>> update_or_rebuild_nvt_cache:
> >>>>>> Rebuilding NVT cache
> >>>>>> md main: INFO:2015-07-30 13h36.22 utc:4062: Updating NVT
> >>>>>> cache.
> >>>>
> >>>>>> md otp:MESSAGE:2015-07-30 13h36.23 utc:4062: Scanner loading:
> >>>> 38800 /
> >>>>
> >>>>>> 40087
> >>>>>> nvts.
> >>>>>> md main: INFO:2015-07-30 13h36.33 utc:4063:
> >>>>>> update_or_rebuild_nvt_cache:
> >>>>>> Rebuilding NVT cache
> >>>>>> md main: INFO:2015-07-30 13h36.33 utc:4063: Updating NVT
> >>>>>> cache.
> >>>>>> lib auth: INFO:2015-07-30 13h44.38 utc:4225: Authentication
> >>>>>> configuration
> >>>>>> not found.
> >>>>>> [hang forever]
> >>>>>>
> >>>>>>
> >>>>>> I have the exact same problem when update
> >>>>>>
> >>>>>> $ sudo openvasmd --progress --verbose --update
> >>>>>> Updating NVT cache... \
> >>>>>> [hang forever]
> >>>>>>
> >>>>>> $ sudo tail -f /var/log/openvas/openvasmd.log
> >>>>>> md main: INFO:2015-07-30 13h56.11 utc:4298: OpenVAS Manager
> >>>>
> >>>> version
> >>>>
> >>>>>> 6.0.1 (DB revision 146)
> >>>>
> >>>>>> md main: INFO:2015-07-30 13h56.11 utc:4298:
> >>>> rebuild_nvt_cache_retry:
> >>>>>> Reloading NVT cache
> >>>>>> md main: INFO:2015-07-30 13h56.11 utc:4299:
> >>>>>> update_or_rebuild_nvt_cache:
> >>>>>> Updating NVT cache
> >>>>>>
> >>>>>> I tried to move the database (/var/lib/openvas/mgr/tasks.db) and
> >>>>
> >>>> recreate
> >>>>
> >>>>>> it,
> >>>>>> with the same results.
> >>>>>>
> >>>>>>
> >>>>>> Any suggestions ? Is it some server-side issue (maybe an unreachable
> >>>>
> >>>> host
> >>>>
> >>>>>> ?)
> >>>>>> _______________________________________________
> >>>>>> Openvas-discuss mailing list
> >>>>>> Openvas-discuss@wald.intevation.org
> >>>>
> >>>> https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-disc
> >>>> us
> >>>> s
> >>>
> >>> --
> >>> http://volatile-minds.blogspot.com -- blog
> >>> http://www.volatileminds.net -- website
> >
> > _______________________________________________
> > Openvas-discuss mailing list
> > Openvas-discuss@wald.intevation.org
> > https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss
> >
> >> Ferdinand Goldmann
> >> Johannes Kepler University Linz - Information Management
> >> Mail: ferdinand.goldm...@jku.at Phone: +4373224683925 PGP: 0x13EAB993
> >> A lack of planning on your part doesn't constitute an emergency on my
> >> part.
signature.asc
Description: This is a digitally signed message part.
_______________________________________________ Openvas-discuss mailing list Openvas-discuss@wald.intevation.org https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss
