Hello everyone,
I am still learning so please forgive my inexperience. I have a freshly installed Ubuntu 22.04 machine running Docker version 20.10.21. I have the latest update pulled (second pull since installing a week ago) using:
docker-compose -f $DOWNLOAD_DIR/docker-compose.yml -p greenbone-community-edition pull
The containers are up and running, and I have an admin user set up. The issue I have is with the feed status. I was unable to update the NVTs. According to the documentation, the commands should be:
docker-compose -f $DOWNLOAD_DIR/docker-compose.yml -p greenbone-community-edition pull notus-data vulnerability-tests scap-data dfn-cert-data cert-bund-data report-formats data-objects
docker-compose -f $DOWNLOAD_DIR/docker-compose.yml -p greenbone-community-edition up -d notus-data vulnerability-tests scap-data dfn-cert-data cert-bund-data report-formats data-objects
I was checking the logs and noticed the updates failing, and then updating to an older version of the NVTs.
docker-compose -f $DOWNLOAD_DIR/docker-compose.yml -p greenbone-community-edition logs -f ospd-openvas
Side note: I believe there is a typo on the documentation, logs worked but log did not.
The output is shown below.
ospd-openvas_1 | OSPD[7] 2023-06-27 20:01:27,174: ERROR: (ospd_openvas.openvas) OpenVAS Scanner failed to load VTs. Command ā[āopenvasā, āāupdate-vt-infoā]ā returned non-zero exit status 1.
ospd-openvas_1 | OSPD[7] 2023-06-27 20:01:27,174: ERROR: (ospd_openvas.daemon) Updating VTs failed.
ospd-openvas_1 | OSPD[7] 2023-06-27 20:02:13,666: INFO: (ospd_openvas.daemon) Loading VTs. Scans will be [requested|queued] until VTs are loaded. This may take a few minutes, please waitā¦
ospd-openvas_1 | OSPD[7] 2023-06-27 20:02:21,838: ERROR: (ospd_openvas.openvas) OpenVAS Scanner failed to load VTs. Command ā[āopenvasā, āāupdate-vt-infoā]ā returned non-zero exit status 1.
ospd-openvas_1 | OSPD[7] 2023-06-27 20:02:21,838: ERROR: (ospd_openvas.daemon) Updating VTs failed.
ospd-openvas_1 | OSPD[7] 2023-06-27 20:03:10,503: INFO: (ospd_openvas.daemon) Loading VTs. Scans will be [requested|queued] until VTs are loaded. This may take a few minutes, please waitā¦
ospd-openvas_1 | OSPD[7] 2023-06-27 20:04:32,562: INFO: (ospd_openvas.daemon) VTs were up to date. Feed version is 202306210559.
I thought to try updating the NVTs manually, so I ran the command:
docker-compose -f $DOWNLOAD_DIR/docker-compose.yml -p greenbone-community-edition
run --rm ospd-openvas greenbone-nvt-sync
The tail-end gave the following errors:
rsync: [receiver] mkstemp ā/var/lib/openvas/plugins/pre2008/.zml_cgi_traversal.nasl.GUqSXpā failed: Permission denied (13)
3,867 100% 12.46kB/s 0:00:00 (xfr#85942, to-chk=5/87229)
rsync: [receiver] mkstemp ā/var/lib/openvas/plugins/pre2008/.zone_alarm_fw_p67.nasl.di6G4pā failed: Permission denied (13)
2,716 100% 8.75kB/s 0:00:00 (xfr#85943, to-chk=4/87229)
rsync: [receiver] mkstemp ā/var/lib/openvas/plugins/pre2008/.zope_path_disclosure.nasl.48ByOrā failed: Permission denied (13)
3,142 100% 10.09kB/s 0:00:00 (xfr#85944, to-chk=3/87229)
rsync: [receiver] mkstemp ā/var/lib/openvas/plugins/pre2008/.zope_zclass.nasl.6nQyztā failed: Permission denied (13)
2,721 100% 8.74kB/s 0:00:00 (xfr#85945, to-chk=2/87229)
rsync: [receiver] mkstemp ā/var/lib/openvas/plugins/pre2008/.zyxel_http_pwd.nasl.4PylErā failed: Permission denied (13)
2,871 100% 9.22kB/s 0:00:00 (xfr#85946, to-chk=1/87229)
rsync: [receiver] mkstemp ā/var/lib/openvas/plugins/pre2008/.zyxel_pwd.nasl.9OkBQtā failed: Permission denied (13)
3,128 100% 10.05kB/s 0:00:00 (xfr#85947, to-chk=0/87229)
sent 4,884,622 bytes received 18,216,874 bytes 669,608.58 bytes/sec
total size is 353,823,588 speedup is 15.32
rsync error: some files/attrs were not transferred (see previous errors) (code 23) at main.c(1819) [generator=3.2.3]
<27>Jun 27 20:38:13 greenbone-nvt-sync: rsync for nasl failed.
There is some kind of permission issue with rsync, and based on the error messages, I believe it may be due to not having permissions to make a temporary file in the plugins directory.
I got a shell into the container
sudo docker exec -it greenbone-community-edition_ospd-openvas_1 /bin/bash
and check that the folders belong to root.
Iām not sure what I did wrong with the set up. I appreciate any help on the matter. If any additional information is needed for troubleshooting, Iāll be happy to see if I can provide it.
Thank you!