Error 503 Service temporarily down timeout issue or cert. error?

Archive Greenbone Community Edition
1

Hi
Recently updated the Parrot OS after an win update, shutdown my VM - Logging into openVAS iam not able to continue with scans that are halted. i get Error 503.
I am able to log in fine, but i can not start a new task or resume.

I tried different methods from the community, like cert. ( i could not get openvas-mkcert :command not found)
But i tried w/ openvas-manage-cert w/ -E and -L. updated the scanner. But still there are some issues.

I have been looking at the issue and looking to the different methods, but nothing is going “my way”

what i have pulled out from starting the service

Starting service:
“Job for openvas-scanner.service failed because a timeout was exceeded.”
“See “systemctl status openvas-scanner.service” and “journalctl -xe” for details”
“Dec 02 11:34:53 parrot systemd[1]: Failed to start Open Vulnerability Assessment System Scanner Daemon.”
“ERROR: OpenVAS Scanner is NOT running!”
“FIX: Start OpenVAS Scanner (openvassd).” how do you do that ?

gsad.log
sad main:WARNING:2019-12-02 10h02.36 CET:1874: MHD: Error: received handshake message out of context
gsad main:WARNING:2019-12-02 10h02.36 CET:1874: MHD: Error: received handshake message out of context

systemctl status:
openvas-manager.service - Open Vulnerability Assessment System Manager Daemon
Loaded: loaded (/lib/systemd/system/openvas-manager.service; static; vendor preset: disabled)
Active: active (running) since Mon 2019-12-02 11:33:23 CET; 25min ago
Docs: man:openvasmd(8)

Process: 13309 ExecStart=/usr/sbin/openvasmd --listen=127.0.0.1 --port=9390 --database=/var/lib/openvas/mgr/tasks.db (code=exited, status=0/SUCCESS)
Main PID: 13311 (openvasmd)
Tasks: 1 (limit: 4645)
Memory: 121.5M
CGroup: /system.slice/openvas-manager.service
└─13311 openvasmd

Dec 02 11:33:23 parrot systemd[1]: Starting Open Vulnerability Assessment System Manager Daemon…
Dec 02 11:33:23 parrot systemd[1]: openvas-manager.service: Can’t open PID file /run/openvasmd.pid (yet?) after start: No such file or directory
Dec 02 11:33:23 parrot systemd[1]: Started Open Vulnerability Assessment System Manager Daemon.

openvas-scanner.service - Open Vulnerability Assessment System Scanner Daemon
Loaded: loaded (/lib/systemd/system/openvas-scanner.service; static; vendor preset: disabled)
Active: failed (Result: timeout) since Mon 2019-12-02 11:34:53 CET; 24min ago
Docs: man:openvassd(8)

Process: 13310 ExecStart=/usr/sbin/openvassd --unix-socket=/var/run/openvassd.sock (code=killed, signal=TERM)

Dec 02 11:33:23 parrot systemd[1]: Starting Open Vulnerability Assessment System Scanner Daemon…
Dec 02 11:34:53 parrot systemd[1]: openvas-scanner.service: start operation timed out. Terminating.
Dec 02 11:34:53 parrot systemd[1]: openvas-scanner.service: Failed with result ‘timeout’.
Dec 02 11:34:53 parrot systemd[1]: Failed to start Open Vulnerability Assessment System Scanner Daemon.

i dont know if this is an oudated version of openVAS and iam not sure how to update it in Parrot OS.

Greenbone Security Assistant 7.0.3
gvm: (‘gvmd --version’) could not get this
OpenVAS Scanner 5.1.3
gvm-libs:

Linux parrot 5.3.0-3parrot3-amd64 #1 SMP Parrot 5.3.9-3parrot3 (2019-11-23) x86_64 GNU/Linux

2

Thank you for bringing Parrot OS to my attention.
Program renewals in Parrot work via apt because it also is a debian system. Of course, it only works if the Parrot maintainers do a good job.
I suppose I bug filed here: https://community.parrotlinux.org/c/support/ might do some good to other people who might have similar problems, because it could signal something to the relevant maintainers.
(They also seem to use the Discourse forum software, so no change to this forum.)
You could look around a bit on this site to find out the current versions, there is a lot of development going on. The search function might help to quickly locate the current info.
I suppose that Parrot as a security services minded distribution is for people who have a minimum of basic networking, distributions and software development knowledge, so finding one’s way around is a very useful faculty to acquire oneself.

3

This is since versions no longer supported. Right now you need only a certificate for the GSA to speak HTTPS the rest is using file sockets for security reasons and no longer TCP/IP Sockets.

I guess the best way is to contact your package maintainer from your OS and ask him how to do this on your distribution.

4

Thanks. i have tried to post on the community, but at lass there seems to be no response.
kali here i come…

5

Not that Kali seems to shipping an outdated / end of life version of GVM (GVM-9) as well which also has a few known bugs already fixed in newer GVM releases.

6

ubuntu here i come…:slight_smile:

7

Same https://packages.ubuntu.com/search?keywords=greenbone-security-assistant :frowning:

8

What might be the reasons for all these distros not updating?

Fachkräftemangel [lack of devs] everywhere?
Or people using virtual machines everywhere?
Or some other reason linked to this project?
Or just plain old laziness?
Where are we headed with global IT if this is how it “works”?

9

oh man! i got it working on ubuntu w/ custom apt from a guy.
mrazavi…i think it was.

10

I won’t hold my breath, because I read about that one in this forum before.

A separate thread for tracking the uncoordinated integrations might be interesting.

Might be interesting to see if they will update at the next security issue. Although nobody can hope for one. An API change for the free feed might also do the trick. But well, the next botnets are certainly waiting for such an event. Nobody with due diligence might want to go down such a path. There must be better methods to secure things community-wise.

11

not ideal, but working. (ppa:mrazavi/gvm) was this the apt that you read about in the forum before ?

12

Looks like it, but I didn’t diff that site against possibly older versions.
You could very well be lucky with it, if you know what you’re doing and can fill the gaps (in case there are gaps).

13

used the apt, and i can use v9.

Screenshot from 2020-01-21 12-36-40
Screenshot from 2020-01-21 12-36-401213×997 173 KB

14

The demon seems to be running …

15

not as automatic as parrot os- Must create scripts for feed update and misc. but targes can be deployed and started. unlike parrot os w/ Error 503.

16

a little uncertain, is greenbone “free” anymore or is it commercial ? or just unsupported version below 10

17

It’s both, but the cut is not in the version number but between the flavors.
There is a free feed and a commercial feed. (for the .nasl scripts)
There is free source code on github, but not every build is free: some are commercial, and they provide a free VA, but you can build (and configure) your own from the source – if you have the required knowledge. That’s what the distros do (or not, as you saw).

18

All code of the Greenbone Source Edition is free software/open source. See

Additionally we provide a free to use virtual machine of our Greenbone OS derived from our products which is called Greenbone Community Edition VM.

For the vulnerability tests we support two different feeds the GSF (commercial) and the GCF (free software).

2 Likes