Hi,
i am running gvm version 21.4.4.
After the setup i added ssl certificates in order to communicate gvm over https.
But gvm is only reachable if i give the whole URL + port e.g. “https://gvm.subdomain.de:9392”
So it speaks https over 9392, but is there a way to reach the url without giving the portnumber?
Found this old configuration I used for OpenVAS 9 or whatever it was. You may use this and re-configure to set up the reverse proxy to work with GVM 21.04 you probably have to adjust it some tho.
Near the bottom, you created a file called gsad.service. That file was copied to /etc/systemd/system. You must modify it and change the port to 443. After saving, run “systemctl daemon-reload” and restart the service.
Morning Joe,
As I indicated before, I have done that.
Anytime I change the port for gsad on the configuration file under /etc/systemd/system/gsad.service (from 9392 to 443 or even 80), the service just doesn’t come back.
systemctl daemon-reload
service gsad restart
Job for gsad.service failed because a timeout was exceeded.
See “systemctl status gsad.service” and “journalctl -xe” for details.
Before the change:
gsad main:WARNING:2022-05-02 13h04.15 utc:232457: main: start_http_daemon redirect failed !
gsad main:MESSAGE:2022-05-02 13h05.45 utc:232539: Starting GSAD version 21.4.4
gsad main:CRITICAL:2022-05-02 13h05.45 utc:232540: main: Could not load private SSL key from /var/lib/gvm/private/CA/serverkey.pem: Failed to open file “/var/lib/gvm/private/CA/serverkey.pem”: No such file or directory
gsad main:WARNING:2022-05-02 13h05.45 utc:232541: main: start_http_daemon redirect failed !
gsad main:MESSAGE:2022-05-02 13h07.16 utc:232621: Starting GSAD version 21.4.4
gsad main:CRITICAL:2022-05-02 13h07.16 utc:232622: main: Could not load private SSL key from /var/lib/gvm/private/CA/serverkey.pem: Failed to open file “/var/lib/gvm/private/CA/serverkey.pem”: No such file or directory
gsad main:WARNING:2022-05-02 13h07.16 utc:232623: main: start_http_daemon redirect failed !
gsad main:MESSAGE:2022-05-02 13h08.46 utc:232703: Starting GSAD version 21.4.4
gsad main:CRITICAL:2022-05-02 13h08.46 utc:232704: main: Could not load private SSL key from /var/lib/gvm/private/CA/serverkey.pem: Failed to open file “/var/lib/gvm/private/CA/serverkey.pem”: No such file or directory
gsad main:WARNING:2022-05-02 13h08.46 utc:232705: main: start_http_daemon redirect failed !
gsad main:MESSAGE:2022-05-02 13h10.17 utc:232938: Starting GSAD version 21.4.4
gsad main:CRITICAL:2022-05-02 13h10.17 utc:232939: main: Could not load private SSL key from /var/lib/gvm/private/CA/serverkey.pem: Failed to open file “/var/lib/gvm/private/CA/serverkey.pem”: No such file or directory
gsad main:WARNING:2022-05-02 13h10.17 utc:232940: main: start_http_daemon redirect failed !
gsad main:MESSAGE:2022-05-02 13h10.17 utc:232941: Starting GSAD version 21.4.4
gsad main:CRITICAL:2022-05-02 13h10.17 utc:232942: main: Could not load private SSL key from /var/lib/gvm/private/CA/serverkey.pem: Failed to open file “/var/lib/gvm/private/CA/serverkey.pem”: No such file or directory
gsad main:WARNING:2022-05-02 13h10.17 utc:232943: main: start_http_daemon redirect failed !
gsad main:MESSAGE:2022-05-02 13h11.47 utc:233036: Starting GSAD version 21.4.4
gsad main:CRITICAL:2022-05-02 13h11.47 utc:233037: main: Could not load private SSL key from /var/lib/gvm/private/CA/serverkey.pem: Failed to open file “/var/lib/gvm/private/CA/serverkey.pem”: No such file or directory
gsad main:WARNING:2022-05-02 13h11.47 utc:233038: main: start_http_daemon redirect failed !
gsad main:MESSAGE:2022-05-02 13h13.18 utc:233140: Starting GSAD version 21.4.4
gsad main:CRITICAL:2022-05-02 13h13.18 utc:233141: main: Could not load private SSL key from /var/lib/gvm/private/CA/serverkey.pem: Failed to open file “/var/lib/gvm/private/CA/serverkey.pem”: No such file or directory
gsad main:WARNING:2022-05-02 13h13.18 utc:233142: main: start_http_daemon redirect failed !
gsad main:MESSAGE:2022-05-02 13h14.48 utc:233223: Starting GSAD version 21.4.4
gsad main:CRITICAL:2022-05-02 13h14.48 utc:233224: main: Could not load private SSL key from /var/lib/gvm/private/CA/serverkey.pem: Failed to open file “/var/lib/gvm/private/CA/serverkey.pem”: No such file or directory
I’m testing this on Debian 11 Bullseye. Kernel 5.10.0-13. Here is what I found.
Debian is not allowing the service to start on ports below 1024. I thought the User= and Group= lines in gsad.service took care of that, but apparently not.
I could only get the service to start with port 443 if I changed the gsad.service lines to…
User=root
Group=root
I also added the --drop-privileges=gvm option to the end of the ExecStart line. This leaves the gsad process running as user gvm.
The service wants ssl certificates, so I had to run …
sudo gvm-manage-certs -a
Give gvm user ownership to the certificates with …
sudo chown -R gvm:gvm /var/lib/gvm
The ExecStart line looks like this…
ExecStart=/usr/local/sbin/gsad --port=443 --no-redirect --drop-privileges=gvm
I am not a developer, so I don’t know why the gsad.service file is not starting the process as root, and then dropping privileges the way it should.
Thank you. That allowed the service to start. I am also curious about the issue. Hopefully one of the developers chime in here and let us know. Thanks again for all your help.
Hi. I was battling this same issue for hours on Friday. I gave up and came back fresh at it today. This led me to this topic where joebeasley clued me into Linux blocking port binding below 1024. Up until this point I thought is was something up with my GVM/GSAD setup…