Configuring gvmd for external access (tls)

Building from Source and Advanced Topics
3

Hi @bricks,

I tried changing the ExecStart= line in my gvmd.service file to the following:

ExecStart=/usr/local/sbin/gvmd --foreground --osp-vt-update=/run/ospd/ospd-openvas.sock -a 0.0.0.0 -p 9390

I then restarted and ran systemctl status gvmd.service for the status of gvmd, but the sevice then fails to start:

gvmd.service - Greenbone Vulnerability Manager daemon (gvmd)
     Loaded: loaded (/etc/systemd/system/gvmd.service; enabled; vendor preset: enabled)
     Active: failed (Result: exit-code) since Thu 2023-01-26 16:27:09 UTC; 4min 11s ago
       Docs: man:gvmd(8)
    Process: 1138 ExecStart=/usr/local/sbin/gvmd --foreground --osp-vt-update=/run/ospd/ospd-openvas.sock --listen-group=gvm -a 0.0.0.0 -p 9390 (code=exited, status=1/FAILURE)
   Main PID: 1138 (code=exited, status=1/FAILURE)
        CPU: 562ms

Jan 26 16:27:09 openvas-dev systemd[1]: gvmd.service: Failed with result 'exit-code'.
Jan 26 16:27:09 openvas-dev systemd[1]: gvmd.service: Scheduled restart job, restart counter is at 5.
Jan 26 16:27:09 openvas-dev systemd[1]: Stopped Greenbone Vulnerability Manager daemon (gvmd).
Jan 26 16:27:09 openvas-dev systemd[1]: gvmd.service: Start request repeated too quickly.
Jan 26 16:27:09 openvas-dev systemd[1]: gvmd.service: Failed with result 'exit-code'.
Jan 26 16:27:09 openvas-dev systemd[1]: Failed to start Greenbone Vulnerability Manager daemon (gvmd).

I’ve also tried running -a 0.0.0.0 --port=9390 instead of -a 0.0.0.0 -p 9390 as detailed in another topic, but gvmd then also fails to start. I then also tried removing the line --drop-privileges=gvm from ExecStart in my gsad.service file, but that also didn’t work.

If I change my gvmd.service back to the way it was then gvmd is running correctly on the host, but then also not exposing a TCP port as before.

I’ve also tried adding --listen=0.0.0.0 --port=9390 to my ExecStart= line in my gvmd.service.

I noticed that my gvmd.service file contains --listen-group=gvm, which I haven’t seen in other posts so far (here/elsewhere online). I tried removing it and only have the -a & -p flags but that also resulted in gvmd not starting.

Is there maybe a particular order in which the arguments in the ExecStart= line in gvmd.service should be added?