When I run gvm-check-setup the below error is presented.
sudo gvm-check-setup
gvm-check-setup 22.5.0
Test completeness and readiness of GVM-22.5.0
Step 1: Checking OpenVAS (Scanner)...
OK: OpenVAS Scanner is present in version 22.7.3.
OK: Notus Scanner is present in version 22.5.0.
OK: Server CA Certificate is present as /var/lib/gvm/CA/servercert.pem.
Checking permissions of /var/lib/openvas/gnupg/*
OK: _gvm owns all files in /var/lib/openvas/gnupg
OK: redis-server is present.
OK: scanner (db_address setting) is configured properly using the redis-server socket: /var/run/redis-openvas/redis-server.sock
OK: the mqtt_server_uri is defined in /etc/openvas/openvas.conf
ERROR: Directories containing the NVT collection not found.
FIX: Run the NVT synchronization script greenbone-feed-sync.
sudo greenbone-feed-sync --type nvt
ERROR: Your GVM-22.5.0 installation is not yet complete!
Please follow the instructions marked with FIX above and run this
script again.
When I run greenbone-feed-sync I receive the following errors:
─$ sudo greenbone-feed-sync
Running as root. Switching to user '_gvm' and group '_gvm'.
Trying to acquire lock on /var/lib/openvas/feed-update.lock
Acquired lock on /var/lib/openvas/feed-update.lock
â Ľ Downloading Notus files from rsync://feed.community.greenbone.net/community/vulnerability-feed/22.04/vt-data/notus/ to /var/lib/notus
rsync: [Receiver] failed to connect to feed.community.greenbone.net (45.135.106.143): Connection timed out (110)
rsync: [Receiver] failed to connect to feed.community.greenbone.net (2a0e:6b40:20:106:20c:29ff:fe7f:d2ae): Network is unreachable (101)
rsync error: error in socket IO (code 10) at clientserver.c(139) [Receiver=3.2.7]
When I run greenbone-feed-sync --type nvt the same error occurs
I’m running behind a pfsense firewall if that helps. Here are some of the troubleshooting steps along the way I’ve taken:
The sudo traceroute -T -O info 45.135.106.143 -p 873 command clearly shows you cannot reach the destination, in fact, your packets seem they cannot reach even the next host, and certainly they cannot go beyond your local network.
Here is the output of a successful traceroute using the command you used. It shows the packets can reach the gateway (192.168.1.1) and also transit the global internet:
sudo traceroute -T -O info 45.135.106.143 -p 873
traceroute to 45.135.106.143 (45.135.106.143), 30 hops max, 60 byte packets
1 mynetwork (192.168.1.1) 0.410 ms 0.380 ms 0.422 ms
2 lnsm4-toronto63--lo0.net.bell.ca (64.230.11.234) 1.864 ms 1.852 ms *
3 tcore3-toronto63--2/10/0/3--be43.net.bell.ca (64.230.101.144) 22.848 ms 22.836 ms 22.823 ms
4 cr01-toroon63zda-bundle-ether7.net.bell.ca (142.124.127.157) 14.380 ms 15.674 ms *
5 * * *
6 bx9-chicagodt_ae0-0.net.bell.ca (64.230.79.73) 16.891 ms 14.640 ms 14.586 ms
7 * * *
8 ae1.3110.edge4.Frankfurt1.level3.net (4.69.163.106) 111.980 ms 111.930 ms 110.646 ms
9 INTERNET-AG.edge4.Frankfurt1.Level3.net (62.67.19.26) 108.171 ms 109.359 ms 109.324 ms
10 po1-2890.ccr1.whp26.fra.iag.eu (195.34.175.194) 108.387 ms 108.302 ms 109.072 ms
11 * * *
12 45.135.106.143 (45.135.106.143) <syn,ack> 109.183 ms 108.560 ms 105.984 ms
So, seem like your firewall is on the local network side preventing packets from even reaching your gateway router or else you also have a local host firewall. You can try removing the firewall to test if your connection can be established.
But, this is the command that does not specify the rsync port so it does not test whether the port 873 is open on your host/network firewall. The command you posted that does specify the rsync port does show that the packets leave the network. In your post, both of the commands that specify the rsync port commands fail:
My apologies, you are right I missed the port. However, when I run it directly from the Firewall using the WAN port I lose traffic halfway through… I need to see if I can do this from a hotspot some how… I can’t figure out why my allow port rule is not working on the firewall then…
[admin@fw]/root: traceroute -i igc0 -p 873 45.135.106.143
traceroute to 45.135.106.143 (45.135.106.143), 64 hops max, 40 byte packets
1 * * *
2 int.router.rkhlsc.comporium.net (208.104.200.140) 1.425 ms 0.824 ms 0.657 ms
3 38.104.30.226 (38.104.30.226) 0.846 ms 0.850 ms 0.877 ms
4 be6533.rcr21.b003320-1.dca01.atlas.cogentco.com (38.104.30.225) 16.995 ms 17.645 ms 16.773 ms
5 be2213.ccr41.dca01.atlas.cogentco.com (154.54.6.241) 16.816 ms 17.614 ms 17.792 ms
6 be3111.ccr42.par01.atlas.cogentco.com (154.54.89.226) 99.691 ms
be3095.ccr41.par01.atlas.cogentco.com (154.54.89.222) 99.875 ms 100.053 ms
7 be2800.ccr42.fra03.atlas.cogentco.com (154.54.58.237) 107.900 ms
be2799.ccr41.fra03.atlas.cogentco.com (154.54.58.233) 109.436 ms
be2800.ccr42.fra03.atlas.cogentco.com (154.54.58.237) 107.835 ms
8 be2846.rcr22.fra06.atlas.cogentco.com (154.54.37.30) 107.380 ms 108.042 ms 109.230 ms
9 be2844.agr21.fra06.atlas.cogentco.com (130.117.0.30) 109.305 ms 109.351 ms 115.503 ms
10 149.11.20.50 (149.11.20.50) 109.218 ms 107.534 ms 107.540 ms
11 po1-2899.ccr2.whp26.fra.iag.eu (195.34.175.5) 105.031 ms 103.709 ms 103.665 ms
12 * * *
13 * * *
14 * * *
15 * * *
16 * * *
17 * * *
18 * * *
19 * * *
You are not losing traffic halfway through. This shows a successful connection same as your command without the port specified. You can see that the final hop is the same in both outputs.
You can use the online port checker to see that the port is open on Greenbone’s server. You need to specify a custom port and use 873 as the screenshot shows the port is open and connection is OK:
I guess it’s being blocked due to an outgoing rule on the LAN or WAN side of the firewall or on a host firewall. If you have any security software products on the host such as EDR or even many modern “malware scanners” may block the outgoing rsync port because it may easily be used for data exfiltration.
I will have to check but I don’t think Kali comes native with the firewall enable. I will have to check when I get back. I also will try to disable the apps on the firewall just to make sure.
Sorry, I forgot you were using Kali. You are right Kali doesn’t typically come with a firewall installed or enabled. However, I haven’t used Kali Purple yet so I don’t know for sure.
I will let you know after I look tonight but my assumption is it doesn’t. Kali Purple is basically SOC (Security Operations Center) in a box. Basically it is a Kali installer with all the tools preloaded for an SOC to install on hardware or virtual machine… So far the first thing to to is configure Greenbone.
Yes, I have been meaning to test the Greenbone install on Kali Purple, and seems that there is no built-in firewall and I can connect to the rsync server.
I finally got the traceroute to work but not the actual rsync…
sudo traceroute -T -O info 45.135.106.143 -p 873
traceroute to 45.135.106.143 (45.135.106.143), 30 hops max, 60 byte packets
1 45.135.106.143 (45.135.106.143) 0.340 ms 0.307 ms 0.292 ms
2 45.135.106.143 (45.135.106.143) <rst,ack> 0.488 ms 0.475 ms 0.503 ms
I guess this is going to be a baby steps resolution…
└─$ sudo greenbone-feed-sync --type nvt
Running as root. Switching to user '_gvm' and group '_gvm'.
Trying to acquire lock on /var/lib/openvas/feed-update.lock
Acquired lock on /var/lib/openvas/feed-update.lock
â ‹ Downloading Notus files from rsync://feed.community.greenbone.net/community/vulnerability-feed/22.04/vt-data/notus/ to /var/lib/notus
rsync: [Receiver] failed to connect to feed.community.greenbone.net (45.135.106.143): Connection refused (111)
rsync: [Receiver] failed to connect to feed.community.greenbone.net (2a0e:6b40:20:106:20c:29ff:fe7f:d2ae): Network is unreachable (101)
rsync error: error in socket IO (code 10) at clientserver.c(139) [Receiver=3.2.7]
â ‹ Downloading NASL files from rsync://feed.community.greenbone.net/community/vulnerability-feed/22.04/vt-data/nasl/ to /var/lib/openvas/plugins
rsync: [Receiver] failed to connect to feed.community.greenbone.net (45.135.106.143): Connection refused (111)
rsync: [Receiver] failed to connect to feed.community.greenbone.net (2a0e:6b40:20:106:20c:29ff:fe7f:d2ae): Network is unreachable (101)
rsync error: error in socket IO (code 10) at clientserver.c(139) [Receiver=3.2.7]
Releasing lock on /var/lib/openvas/feed-update.lock
