Gsad start_http_daemon redirect failed

After finally resolving an issue with the latest kali and realizing that the greenbone-security-assistant service was missing, I’m now having issues trying to start the greenbone-security-assistant service after resolving that issue.

When running systemctl start greenbone-security-assistant, it seems to actually spin up the gsad process and listens on port 9392 as I expect; however, the actual service itself isn’t starting though.

Here’s what I’m seeing:

┌──(root㉿pt)-[~]
└─# netstat -antp | grep -i listen
tcp        0      0 127.0.0.1:2222          0.0.0.0:*               LISTEN      19/sshd: /usr/sbin/
tcp        0      0 127.0.0.53:53           0.0.0.0:*               LISTEN      -
tcp        0      0 0.0.0.0:22              0.0.0.0:*               LISTEN      -
tcp        0      0 127.0.0.1:5432          0.0.0.0:*               LISTEN      1434/postgres
tcp6       0      0 :::22                   :::*                    LISTEN      -
tcp6       0      0 ::1:5432                :::*                    LISTEN      1434/postgres

┌──(root㉿pt)-[~]
└─# systemctl status greenbone-security-assistant
greenbone-security-assistant.service - Greenbone Security Assistant daemon (gsad)
    Loaded: loaded (/usr/lib/systemd/system/greenbone-security-assistant.service, enabled)
    Active: inactive (dead)

┌──(root㉿pt)-[~]
└─# systemctl start greenbone-security-assistant

┌──(root㉿pt)-[~]
└─# systemctl status greenbone-security-assistant
greenbone-security-assistant.service - Greenbone Security Assistant daemon (gsad)
    Loaded: loaded (/usr/lib/systemd/system/greenbone-security-assistant.service, enabled)
    Active: inactive (dead)

┌──(root㉿pt)-[~]
└─# netstat -antp | grep -i listen
tcp        0      0 127.0.0.1:2222          0.0.0.0:*               LISTEN      19/sshd: /usr/sbin/
tcp        0      0 127.0.0.1:9392          0.0.0.0:*               LISTEN      18222/gsad
tcp        0      0 127.0.0.53:53           0.0.0.0:*               LISTEN      -
tcp        0      0 0.0.0.0:22              0.0.0.0:*               LISTEN      -
tcp        0      0 127.0.0.1:5432          0.0.0.0:*               LISTEN      1434/postgres
tcp6       0      0 :::22                   :::*                    LISTEN      -
tcp6       0      0 ::1:5432                :::*                    LISTEN      1434/postgres

As shown above, the port is actually listening, so not quite sure what’s going on here. What I’m noticing in the /var/log/gvm/gsad.log file, however, is this:

┌──(root㉿pt)-[/]
└─# tail -f /var/log/gvm/gsad.log
gsad main:MESSAGE:2022-03-15 02h52.43 utc:18221: Starting GSAD version 21.4.4
gsad main:WARNING:2022-03-15 02h52.43 utc:18223: main: start_http_daemon redirect failed !

Here’s the tail end of my gvm-check-setup (run from the / directory):

Oops, secure memory pool already initialized
        OK: Greenbone Security Assistant is present in version 21.4.4.
Step 7: Checking if GVM services are up and running ...
        OK: ospd-openvas service is active.
        OK: gvmd service is active.
        Starting gsad service
        Waiting for gsad service
        ERROR: gsad service did not start.
        Please check journalctl -xe and /var/log/gvm/gsad.log

 ERROR: Your GVM-21.4.3 installation is not yet complete!

Please follow the instructions marked with FIX above and run this
script again.

Any thoughts on this would be greatly appreciated. I do this process on a daily basis, quite often actually, so I’m pretty sure there was just some weird update in Kali that may have caused this; however, I just wanted to check here as well.

From looking at the code it seems this error is caused here gsad/src/gsad.c at stable · greenbone/gsad · GitHub It just says it can’t start a http listening socket for redirecting to a https socket. You can try --no-redirect to deactivate this feature or even --http-only to just use http (you should not use http only for a production setup because everyone could sniff the user passwords and session tokens).

In addition at least the systemd file posted in Greenbone-security-assistant.service missing - #5 by altjx - Greenbone Community Edition - Greenbone Community Forum has the user User=_gvm defined. As this is a non-root user the user isn’t allowed to bind on ports < 1024 including port 80 used for the redirection from 80 to 9392 which is causing this failure.

In 0007617: Greenbone-security-assistance no longer working - Kali Linux Bug Tracker the following was also mentioned:

I think you will have to remove the file you created /lib/systemd/system/greenbone-security-assistant.service.

As Kali seems to have fixed the missing gsad.service systemd file recently i would follow the suggestion above and see if the problem is already solved in the newer systemd file of Kali.

Unfortunately, removing the /lib/systemd/system/greenbone-security-assistant.service file and attempting to restart the gsad service with systemctl start gsad doesn’t seem to do the trick. The redirect issue still occurs in the gsad.log file.

The User=_gvm being in the service file seems to be present in an older version of Kali as well where it is working properly, so not too sure if this would need to be adjusted.

It does seem like adding --no-redirect to the service file has done the trick for now. Really appreciate this help.

This is something i would try to clarify with the Kali package maintainer.

can you make it more clear i mean tell me command where we use --no-redirect

The --no-redirect would go in the /lib/systemd/system/gsad.service file after the port is specified. So it would look like this:

ExecStart=/usr/sbin/gsad --listen 127.0.0.1 --port 9392 --no-redirect

At least for me, including --no-redirect in the gsad.service file worked fine! I’m running GVM over Kali 2022 installation.