Failed to open ICMPV4 socket

Continuing the discussion from Interrupted at 0% Libgvm boreas failed to open ICMPV4:

Use this category only if you have build the Greenbone Community Edition from sources or if you use packages provided by a 3rdparty repository.

Please read About the Greenbone Source Edition (GSE) and About GVM Architecture before posting.

When posting you should provide information about your environment using the following template:

GVM versions

root@openvas:/usr/local/sbin# ./gsad --version
Greenbone Security Assistant 22.09.0

root@openvas:/usr/local/sbin# ./gvmd --version
Greenbone Vulnerability Manager 23.2.0

root@openvas:/usr/local/sbin# ./openvas -V
OpenVAS 23.0.1
gvm-libs 22.8.0

openvasd is in /usr/local/bin

Environment

Debian GNU/Linux 12 (bookworm)
Kernel: 6.1.0-21-amd64 #1 SMP PREEMPT_DYNAMIC Debian 6.1.90-1 (2024-05-03) x86_64 GNU/Linux
Installation method / source: tarball

visudo secure_path starts with “/usr/local/sbin”
includes lines for both %gvm and gvm ALL = NOPASSWD: /usr/local/sbin/openvas


I’m getting this boreas problem, but the other forum postings haven’t helped me.
As you can see from the details above, this is a simple Debian installaton.
I’ve checked visudo assignments and uninstalled apparmor

root@openvas:/var/log/gvm# tail openvas.log

sd main:MESSAGE:2024-05-31 15h42.13 utc:3137:bfb15cb3-47bc-408b-bf46-52b62e0278f1: openvas 23.0.1 started

sd main:MESSAGE:2024-05-31 15h42.13 utc:3137:bfb15cb3-47bc-408b-bf46-52b62e0278f1: attack_network_init: LSC via openvasd

sd main:MESSAGE:2024-05-31 15h42.17 utc:3137:bfb15cb3-47bc-408b-bf46-52b62e0278f1: Vulnerability scan bfb15cb3-47bc-408b-bf46-52b62e0278f1 started: Target has 1 hosts: 10.15.9.53, with max_hosts = 30 and max_checks = 1

libgvm boreas:WARNING:2024-05-31 15h42.17 utc:3137:bfb15cb3-47bc-408b-bf46-52b62e0278f1: set_socket: failed to open ICMPV4 socket: Operation not permitted

libgvm boreas:WARNING:2024-05-31 15h42.17 utc:3137:bfb15cb3-47bc-408b-bf46-52b62e0278f1: start_alive_detection. Boreas could not initialise alive detection. Boreas was not able to open a new socket. Exit Boreas.

sd main:MESSAGE:2024-05-31 15h42.18 utc:3137:bfb15cb3-47bc-408b-bf46-52b62e0278f1: Vulnerability scan bfb15cb3-47bc-408b-bf46-52b62e0278f1 finished in 5 seconds: 0 alive hosts of 1

I’m still unable to use OpenVAS since reinstalling from tarball source last week. Running on Debian bookworm without Apparmor installed.

I’ve added a lot of stuff to /etc/sudoers in hopes of solving the problem myself:

%gvm ALL = NOPASSWD: /usr/local/sbin/openvas
gvm ALL = NOPASSWD: /usr/local/sbin/openvas
gvm ALL = NOPASSWD: /usr/local/sbin/gsad
gvm ALL = NOPASSWD: /usr/local/sbin/gvmd
gvm ALL = NOPASSWD: /bin/ping

openvas.log shows this error:

sd   main:MESSAGE:2024-06-03 13h16.42 utc:4105:c38e8baa-1615-4630-9095-48f8fb71682e: attack_network_init: LSC via openvasd
sd   main:MESSAGE:2024-06-03 13h16.46 utc:4105:c38e8baa-1615-4630-9095-48f8fb71682e: Vulnerability scan c38e8baa-1615-4630-9095-48f8fb71682e started: Target has 1 hosts: 10.15.9.53, with max_hosts = 30 and max_checks = 1
libgvm boreas:WARNING:2024-06-03 13h16.46 utc:4105:c38e8baa-1615-4630-9095-48f8fb71682e: set_socket: failed to open ICMPV4 socket: Operation not permitted
libgvm boreas:WARNING:2024-06-03 13h16.46 utc:4105:c38e8baa-1615-4630-9095-48f8fb71682e: start_alive_detection. Boreas could not initialise alive detection. Boreas was not able to open a new socket. Exit Boreas.
sd   main:MESSAGE:2024-06-03 13h16.47 utc:4105:c38e8baa-1615-4630-9095-48f8fb71682e: Vulnerability scan c38e8baa-1615-4630-9095-48f8fb71682e finished in 5 seconds: 0 alive hosts of 1

Found a ‘solution’ to my problem by changing ospd-openvas.service to run as root.

[Unit]
Description=OSPd Wrapper for the OpenVAS Scanner (ospd-openvas)
Documentation=man:ospd-openvas(8) man:openvas(8)
After=network.target networking.service redis-server@openvas.service openvasd.service
Wants=redis-server@openvas.service openvasd.service
ConditionKernelCommandLine=!recovery

[Service]
Type=exec
#User=gvm
Group=gvm
Environment="LD_LIBRARY_PATH=$LD_LIBRARY_PATH:/usr/local/lib"
. . .

With all the things that I’ve changed, I’ve probably reduced the security of this server to the point where a hacker would have little trouble using it for their own purposes.

Looks like I’ve got a new problem with WMI support, but I’ll start a new forum thread if I can’t resolve it myself. (The rebuilding of OpenVAS this month has had more bugs than usual.)