What I’m looking for are troubleshooting steps. [root@centos7vm openvas]# openvas-check-setup --v9 openvas-check-setup 2.3.7 Test completeness and readiness of OpenVAS-9
Please report us any non-detected problems and help us to improve this check routine: http://lists.wald.intevation.org/mailman/listinfo/openvas-discuss Send us the log-file (/tmp/openvas-check-setup.log) to help analyze the problem. Use the parameter --server to skip checks for client tools like GSD and OpenVAS-CLI. Step 1: Checking OpenVAS Scanner ... OK: OpenVAS Scanner is present in version 5.1.1. OK: redis-server is present in version v=3.2.10. OK: scanner (kb_location setting) is configured properly using the redis-server socket: /tmp/redis.sock OK: redis-server is running and listening on socket: /tmp/redis.sock. OK: redis-server configuration is OK and redis-server is running. OK: NVT collection in /var/lib/openvas/plugins contains 54694 NVTs. WARNING: Signature checking of NVTs is not enabled in OpenVAS Scanner. SUGGEST: Enable signature checking (see http://www.openvas.org/trusted-nvts.html). WARNING: The initial NVT cache has not yet been generated. SUGGEST: Start OpenVAS Scanner for the first time to generate the cache. Step 2: Checking OpenVAS Manager ... OK: OpenVAS Manager is present in version 7.0.2. OK: OpenVAS Manager database found in /var/lib/openvas/mgr/tasks.db. OK: Access rights for the OpenVAS Manager database are correct. OK: sqlite3 found, extended checks of the OpenVAS Manager installation enabled. OK: OpenVAS Manager database is at revision 184. OK: OpenVAS Manager expects database at revision 184. OK: Database schema is up to date. ERROR: The number of NVTs in the OpenVAS Manager database is too low. FIX: Make sure OpenVAS Scanner is running with an up-to-date NVT collection and run 'openvasmd --rebuild'. WARNING: OpenVAS Scanner is NOT running! SUGGEST: Start OpenVAS Scanner (openvassd). ERROR: Your OpenVAS-9 installation is not yet complete! Of course, the first thing I tried to do is to initialize the NVT cache. I can delete and download a fresh set of NVTs with greenbone-nvt-sync - that works fine. But openvasmd —update, —rebuild both hang up. The two key symptoms of the non-working installation are a failure of openvas-scanner to startup and failure of openvas-manager to update or rebuild the NVT cache due to inability to communicate with the scanner. [root@centos7vm openvas]# openvasmd --get-scanners 08b69003-5fc2-4037-a479-93b440211c73 OpenVAS Default 6acd0832-df90-11e4-b9d5-28d24461215b CVE but the scanner is stalled [root@centos7vm openvas]# systemctl status openvas-scanner ● openvas-scanner.service - OpenVAS Scanner Loaded: loaded (/usr/lib/systemd/system/openvas-scanner.service; enabled; vendor preset: disabled) Active: activating (start) since Mon 2018-02-26 06:47:37 EST; 4min 20s ago Control: 34118 (openvassd) CGroup: /system.slice/openvas-scanner.service └─34118 /usr/sbin/openvassd [root@centos7vm openvas]# ps -elf | grep openvassd F S UID PID PPID C PRI NI ADDR SZ WCHAN STIME TTY TIME CMD 4 S root 34118 1 0 80 0 - 44101 hrtime 06:47 ? 00:00:00 /usr/sbin/openvassd If I kill the scanner process, it just respawns, same status. I have uninstalled everything and manually deleted the /var/lib/openvas, /var/cache/openvas, /usr/share/openvas, /usr/include/openvas, /etc/openvas and /etc/pki/openvas directories before reinstalling. I’ve tried to install v8 from epel (same symptom) and v9 from atomic, both as an upgrade and as a first time install. > On Feb 25, 2018, at 5:03 PM, Eero Volotinen <eero.voloti...@iki.fi> wrote: > > well. It usually works fine. installed it on centos 7 a couple weeks ago. > > Eero > > 25.2.2018 23.41 "Gerald Lotto" <jerrylo...@gmail.com> kirjoitti: > Yes > > On Feb 25, 2018 4:17 PM, "Eero Volotinen" <eero.voloti...@iki.fi> wrote: > did you installed it from atomic corp rpm repository? > > eero > > 25.2.2018 23.04 "Jerry Lotto" <jerrylo...@gmail.com> kirjoitti: > Running around in circles. Removed, replaced, reinstalled, downgraded 8 / > upgraded 9. Everything leads to this: > > > > Checking OpenVAS Manager database (NVT data) ... > > ERROR: The number of NVTs in the OpenVAS Manager database is too low. > > FIX: Make sure OpenVAS Scanner is running with an up-to-date NVT > collect > > ion and run 'openvasmd --rebuild'. > > WARNING: OpenVAS Scanner is NOT running! > > SUGGEST: Start OpenVAS Scanner (openvassd). > > > > So I’ve got a chicken and egg problem. > > > > Scanner won’t start: > > > > [root@centos7vm /]# systemctl status openvas-scanner -l > > ● openvas-scanner.service - OpenVAS Scanner > > Loaded: loaded (/usr/lib/systemd/system/openvas-scanner.service; enabled; > vendor preset: disabled) > > Active: activating (start) since Sun 2018-02-25 15:46:30 EST; 13min ago > > Control: 18590 (openvassd) > > CGroup: /system.slice/openvas-scanner.service > > └─18590 /usr/sbin/openvassd > > > > Feb 25 15:46:30 centos7vm.lotto.net systemd[1]: Starting OpenVAS Scanner... > > Feb 25 15:46:30 centos7vm.lotto.net systemd[1]: Starting OpenVAS Scanner... > > > > Everything else is up: > > > > [root@centos7vm /]# systemctl status openvas-manager -l > > ● openvas-manager.service - OpenVAS Manager > > Loaded: loaded (/usr/lib/systemd/system/openvas-manager.service; enabled; > vendor preset: disabled) > > Active: active (running) since Sun 2018-02-25 13:26:18 EST; 2h 29min ago > > Main PID: 9986 (openvasmd) > > CGroup: /system.slice/openvas-manager.service > > └─9986 openvasmd > > > > Feb 25 13:26:18 centos7vm.lotto.net systemd[1]: Starting OpenVAS Manager... > > Feb 25 13:26:18 centos7vm.lotto.net systemd[1]: Started OpenVAS Manager. > > > > [root@centos7vm /]# systemctl status redis -l > > ● redis.service - Redis persistent key-value database > > Loaded: loaded (/usr/lib/systemd/system/redis.service; enabled; vendor > preset: disabled) > > Drop-In: /etc/systemd/system/redis.service.d > > └─limit.conf > > Active: active (running) since Sun 2018-02-25 12:20:23 EST; 3h 35min ago > > Main PID: 4744 (redis-server) > > CGroup: /system.slice/redis.service > > └─4744 /usr/bin/redis-server 127.0.0.1:6379 > > > > [root@centos7vm /]# systemctl status gsad -l > > ● gsad.service - OpenVAS Manager > > Loaded: loaded (/usr/lib/systemd/system/gsad.service; enabled; vendor > preset: disabled) > > Active: active (running) since Sun 2018-02-25 15:06:25 EST; 55min ago > > Main PID: 16626 (gsad) > > CGroup: /system.slice/gsad.service > > ├─16626 /usr/sbin/gsad --listen 0.0.0.0 --port 9392 > > └─16627 /usr/sbin/gsad --listen 0.0.0.0 --port 9392 > > > > Feb 25 15:06:25 centos7vm.lotto.net systemd[1]: Starting OpenVAS Manager... > > Feb 25 15:06:25 centos7vm.lotto.net systemd[1]: Started OpenVAS Manager. > > > > Scanner logs ogs say: > > [Sun Feb 25 15:02:52 2018][51446] NVT with duplicate OID > 1.3.6.1.4.1.25623.1.0.890841 will be replaced with 2017/deb_dla_841.nasl > > [Sun Feb 25 16:52:19 2018][1317] Failed to initialize nvti cache. > > (repeats) > > > > But NVT update or rebuild won’t succeed without scanner running. > > > > md manage:WARNING:2018-02-25 20h12.30 utc:17040: database must be initialised > from scanner (with --update or --rebuild) > > md main:MESSAGE:2018-02-25 20h12.30 utc:17041: OpenVAS Manager version > 7.0.2 (DB revision 184) > > md main: INFO:2018-02-25 20h12.30 utc:17041: rebuild_nvt_cache_retry: > Reloading NVT cache > > md main: INFO:2018-02-25 20h12.30 utc:17042: update_or_rebuild_nvt_cache: > Rebuilding NVT cache > > base gpgme:MESSAGE:2018-02-25 20h12.30 utc:17042: Setting GnuPG dir to > '/var/lib/openvas/openvasmd/gnupg' > > base gpgme:MESSAGE:2018-02-25 20h12.30 utc:17042: Using OpenPGP engine > version '2.0.22' > > md main: INFO:2018-02-25 20h12.30 utc:17042: Updating NVT cache. > > md main:WARNING:2018-02-25 20h26.27 utc:17042: openvas_scanner_read: Failed > to read from scanner: Connection reset by peer > > > > I’ve deleted the cache, the database, the scap data, the certs – regenerated > everything from scratch – spinning my wheels. > > > > Where is the smoking gun? > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > Ru > > > _______________________________________________ > Openvas-discuss mailing list > Openvas-discuss@wald.intevation.org > https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss
signature.asc
Description: Message signed with OpenPGP
_______________________________________________ Openvas-discuss mailing list Openvas-discuss@wald.intevation.org https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss
