Hi folks,
Possibly related to [20.8.0] Unexpected interrupted return code · Issue #335 · greenbone/ospd-openvas · GitHub. I don’t know if it’s a bug, so am following the github suggestion to post here first!
I’ve built from source:
OSPd OpenVAS version 22.5.3
Greenbone Security Assistant 22.05.1
Greenbone Vulnerability Manager 22.6.0
Manager DB revision 255
OpenVAS 22.7.3
gvm-libs 22.6.3
I am attempting to scan a single specific domain on a single specific IP.
To do this I’m setting the target included hosts to the domain, and the target exclude_hosts to all the domain’s IPs except the one I want to scan. (This seems convoluted, but I couldn’t figure out a better way.) expand_vhosts=0
The excluded IPs aren’t recognized as belonging to the target, and this causes the progress calculation to be incorrect.
ospd-openvas, scan.py, simplify_exclude_host_count()
treats them as invalid_exc_hosts
rather than counting them, and logs the following to ospd-openvas.log:
Please check the excluded host list. It contains hosts which do not belong to the target. This warning can be ignored if this was done on purpose (e.g. to exclude specific hostname).
I imagine this check is assuming the included host is an IP range and the excluded hosts are individual IPs within it, i.e. it’s confused that I’ve “included” a domain name and “excluded” IPs. I haven’t dug deeper to understand the counting code.
(There might be a work-around to put the IPs in both included and excluded? Or you might have different suggestions for how to achieve my goal…)
I believe the scans are completing fully without error, but because the calculated progress < 100% they are considered Interrupted rather than Done.
For example, with 1 included domain and 2 excluded IPs, ospd-openvas.log:
Host scan finished.
Host scan got interrupted. Progress: 33, Status: RUNNING
Scan interrupted.
Scan process is dead and its progress is 33
I.e. the “invalid” excluded gives a counted total of 3 hosts and means 100% is treated as 33%.
With 1 included domain and 1 excluded IP the result is an Interrupted at 50%.
Since this is all automated, our gvmd client code doesn’t recognize the scans as successfully complete.
My questions:
- Does my understanding seem correct: that the host count being off is causing the problem?
- Can you suggest a work-around/alternative: a way to scan a specific domain and IP pair that avoids this problem?
- Can you suggest a safe way to modify the host count code, e.g. not to consider my excluded hosts as invalid?
Thanks in advance!