Hello,
It looks like this is common problem, but no real solution.
Problem description:
when connecting to https://my_ip:9392 i am able to negotiate SSL and then always getting response code 404 (tried also /login or /gsa).
Details:
- gvm installation checker shows all is fine
- no more errors in gvm and gsa logs
- all latest versions (on current ubuntu server)
- wireshark showing all as expected: SSL session is fine, getting http response code 404
More details:
root@ubuntu:~# netstat -atcpn | grep "93"
tcp 0 0 0.0.0.0:9392 0.0.0.0:* LISTEN 25104/gsad
tcp 0 0 198.27.76.48:9390 0.0.0.0:* LISTEN 24869/gvmd: Waiting
root@ubuntu:~# gsad --version
Greenbone Security Assistant 22.08.0~git
root@ubuntu:~# gvmd --version
Greenbone Vulnerability Manager 23.1.0
Manager DB revision 255
Copyright (C) 2009-2021 Greenbone AG
License: AGPL-3.0-or-later
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.
Also:
root@ubuntu:~# gvm-check-setup
gvm-check-setup 23.11.0
Test completeness and readiness of GVM-23.11.0
Step 1: Checking OpenVAS (Scanner)...
OK: OpenVAS Scanner is present in version 22.7.9.
OK: Notus Scanner is present in version 22.6.2.
OK: Server CA Certificate is present as /var/lib/gvm/CA/servercert.pem.
Checking permissions of /var/lib/openvas/gnupg/*
OK: _gvm owns all files in /var/lib/openvas/gnupg
OK: redis-server is present.
OK: scanner (db_address setting) is configured properly using the redis-server socket: /var/run/redis-openvas/redis-server.sock
OK: the mqtt_server_uri is defined in /etc/openvas/openvas.conf
OK: _gvm owns all files in /var/lib/openvas/plugins
OK: NVT collection in /var/lib/openvas/plugins contains 93034 NVTs.
OK: The notus directory /var/lib/notus/products contains 472 NVTs.
Checking that the obsolete redis database has been removed
OK: No old Redis DB
OK: ospd-openvas service is active.
OK: ospd-OpenVAS is present in version 22.6.2.
Step 2: Checking GVMD Manager ...
OK: GVM Manager (gvmd) is present in version 23.1.0.
Step 3: Checking Certificates ...
OK: GVM client certificate is valid and present as /var/lib/gvm/CA/clientcert.pem.
OK: Your GVM certificate infrastructure passed validation.
Step 4: Checking data ...
OK: SCAP data found in /var/lib/gvm/scap-data.
OK: CERT data found in /var/lib/gvm/cert-data.
Step 5: Checking Postgresql DB and user ...
OK: Postgresql version and default port are OK.
gvmd | _gvm | UTF8 | libc | en_US.UTF-8 | en_US.UTF-8 | | |
16440|pg-gvm|10|2200|f|22.6||
OK: At least one user exists.
Step 6: Checking Greenbone Security Assistant (GSA) ...
OK: Greenbone Security Assistant is present in version 22.08.0~git.
Step 7: Checking if GVM services are up and running ...
OK: gvmd service is active.
OK: gsad service is active.
Step 8: Checking few other requirements...
OK: nmap is present.
OK: ssh-keygen found, LSC credential generation for GNU/Linux targets is likely to work.
OK: nsis found, LSC credential package generation for Microsoft Windows targets is likely to work.
OK: xsltproc found.
WARNING: Your password policy is empty.
SUGGEST: Edit the /etc/gvm/pwpolicy.conf file to set a password policy.
Step 9: Checking greenbone-security-assistant...
WARNING: the package greenbone-security-assistant is not installed
FIX: install the package greenbone-security-assistant (available in non-free)
It seems like your GVM-23.11.0 installation is OK.
And:
root@ubuntu:~# cat /var/log/gvm/gsad.log | tail -5
gsad main:MESSAGE:2024-12-29 18h00.27 utc:24531: Starting GSAD version 22.08.0~git
gsad main:MESSAGE:2024-12-29 18h04.53 utc:24675: Starting GSAD version 22.08.0~git
gsad main:MESSAGE:2024-12-29 18h11.16 utc:24982: Starting GSAD version 22.08.0~git
gsad main:MESSAGE:2024-12-29 18h12.32 utc:25104: Starting GSAD version 22.08.0~git
And
root@ubuntu:~# cat /lib/systemd/system/gsad.service
[Unit]
Description=Greenbone Security Assistant daemon (gsad)
Documentation=man:gsad(8) https://www.greenbone.net
After=network.target gvmd.service
Wants=gvmd.service
[Service]
Type=exec
User=_gvm
Group=_gvm
RuntimeDirectory=gsad
RuntimeDirectoryMode=2775
PIDFile=/run/gsad/gsad.pid
ExecStart=/usr/sbin/gsad --foreground --listen 0.0.0.0 --port 9392 --mlisten=198.27.76.48 --mport=9390 --no-redirect
Restart=always
TimeoutStopSec=10
[Install]
WantedBy=multi-user.target
Alias=greenbone-security-assistant.service
root@ubuntu:~# cat /lib/systemd/system/gvmd.service
[Unit]
Description=Greenbone Vulnerability Manager daemon (gvmd)
After=network.target networking.service postgresql.service ospd-openvas.service
Wants=postgresql.service ospd-openvas.service
Documentation=man:gvmd(8)
ConditionKernelCommandLine=!recovery
[Service]
Type=forking
User=_gvm
Group=_gvm
PIDFile=/run/gvmd/gvmd.pid
RuntimeDirectory=gvmd
RuntimeDirectoryMode=2775
ExecStart=/usr/sbin/gvmd --osp-vt-update=/run/ospd/ospd.sock --listen-group=_gvm --listen=198.27.76.48 --port=9390
Restart=always
TimeoutStopSec=10
[Install]
WantedBy=multi-user.target
What am i missing ?
Thanks,
Michal