GVM 11 installation problems

So everything about installing GVM 11 on Ubuntu 18.04 LTS is failing. Followed every instruction at https://launchpad.net/~mrazavi/+archive/ubuntu/gvm, no errors during install, but when it came to sync, the script don’t have access to the plugin folder, since you don’t do sudo for that, I had to go and change permissions, after that everything finished installing, but no NVTs show up in the gui and the ospd service doesn’t seem to want to start, for no special reason

I have two problems with this installation, 1) ospd-openvas scanner doesn’t seem to be available, and 2) no NVT available in the GUI.

With regards to ospd, I have this in the service status

systemctl status ospd-openvas
● ospd-openvas.service - LSB: OSP server to allow GVM to control an OpenVAS Scanner
Loaded: loaded (/etc/init.d/ospd-openvas; generated)
Active: active (exited) since Fri 2019-11-22 20:18:38 UTC; 14min ago
Docs: man:systemd-sysv-generator(8)
Process: 3930 ExecStop=/etc/init.d/ospd-openvas stop (code=exited, status=0/SUCCESS)
Process: 3965 ExecStart=/etc/init.d/ospd-openvas start (code=exited, status=0/SUCCESS)
Nov 22 20:18:37 gvm111 systemd[1]: Stopped LSB: OSP server to allow GVM to control an OpenVAS Scanner.
Nov 22 20:18:37 gvm111 systemd[1]: Starting LSB: OSP server to allow GVM to control an OpenVAS Scanner…
Nov 22 20:18:38 gvm111 systemd[1]: Started LSB: OSP server to allow GVM to control an OpenVAS Scanner.
Nov 22 20:19:03 gvm111 ospd-openvas[3990]: Traceback (most recent call last):
File “/usr/bin/ospd-openvas”, line 11, in
load_entry_point(‘ospd-openvas==1.0.0’, ‘console_scripts’, ‘ospd-openvas’)()
File “/usr/lib/python3/dist-packages/ospd_openvas/daemon.py”, line 1454, in main
daemon_main(‘OSPD - openvas’, OSPDopenvas)
File “/usr/lib/python3/dist-packages/ospd/main.py”, line 159, in main
File “/usr/lib/python3/dist-packages/ospd_openvas/daemon.py”, line 283, in init
File “/usr/lib/python3/dist-packages/ospd_openvas/db.py”, line 139, in db_init
File “/usr/lib/python3/dist-packages/ospd_openvas/db.py”, line 117, in max_db_index
ctx = self.kb_connect()
File “/usr/lib/python3/dist-packages/ospd_openvas/db.py”, line 195, in kb_connect
‘Redis Error: Not possible to connect to the kb.’
ospd_openvas.errors.OspdOpenvasError: Redis Error: Not possible to connect to the kb.

And this is in the log files for the gmvd service.

tail gvmd.log
md manage:WARNING:2019-11-22 20h33.10 utc:4768: manage_update_nvt_cache_osp: failed to connect to /var/run/ospd/ospd.sock
md manage:WARNING:2019-11-22 20h33.20 utc:4775: manage_update_nvt_cache_osp: failed to connect to /var/run/ospd/ospd.sock
md manage:WARNING:2019-11-22 20h33.30 utc:4781: manage_update_nvt_cache_osp: failed to connect to /var/run/ospd/ospd.sock
md manage:WARNING:2019-11-22 20h33.41 utc:4788: manage_update_nvt_cache_osp: failed to connect to /var/run/ospd/ospd.sock

And before you ask, there’s this.
‘/var/run/ospd/ospd.sock’: No such file or directory

I have to say that I recently installed GVM-10 (a few weeks ago) and everything was super smooth, so I’m not sure whats happening with this new release.

GVM versions

gsad --version
Greenbone Security Assistant 9.0

gvmd --version
Greenbone Vulnerability Manager 9.0.0

ospd-openvas --version
OSP Server for openvas: 1.0.0
OSP: 1.2
OSPd: 2.0.0

uname -a
Linux gvm111 4.15.0-70-generic #79-Ubuntu SMP Tue Nov 12 10:36:11 UTC 2019 x86_64 x86_64 x86_64 GNU/Linux

Please go back to the creator of this uncoordinated integration we can’t help you with broken 3rd party packages, you can use the GCE.

1 Like

I think you really should file a bug with

He might be happy to find out with your help why his installation instructions don’t work or improve them so that misunderstandings are resolved.

You could point him to this thread to quicker file your/his bug.
If you wonder why this happened, you might find some indications here for gvmd, e.g. the tools are under heavy development, so the integrator might have missed some details in his installation instructions, as regards different systems. Please also note that the software is developed and tested on a seemingly pure debian distribution while you are running it on a derivative which introduces it’s own changes of places of files, etc.:

Please note: The reference system used by most of the developers is Debian GNU/Linux ‘Stretch’ 9. The build might fail on any other system. Also, it is necessary to install dependent development packages.

IMPORTANT NOTICE: This version changes quite a number of locations and names compared to the previous version. It is highly recommended to consider the section "Migrating to Version 8.0", unless you do not have an old setup on your system.

You’re absolutely right, thanks.

@remillan Did you find a reliable solution? If so, would you mind share it with me pretty please?

I am still struggling to find proper installation steps to install a scanner on my Debian.

Since I was thinking that there was something wrong with GVM 11 being so new and everything, I took the lazy route and installed GVM 10 on ubuntu, from source, using the instructions here: https://sadsloth.net/post/install-gvm10-src/.

Just a note, this is a totally insecure installation, as the author warns, but it worked and solved the immediate problem that I had. I still have to test GVM 11 installation, using the official guide; I’ll try to give a try in a virtual box vm, as soon as I can.

Hi @remillan.
There is a “newer” gvm11-src on the same site.
It you want to take it out for a testrun. (all my “howtos” there are of course unofficial" :slight_smile:

Regards Falk

1 Like

Have spent over a week getting GVM11 to install via the mrazavi PPA, slowly working through apparently missing instructions for adding groups to users, setting ownership of directories, etc. I FINALLY now have it running and updating all the security info (NVTs, SCAP, etc.) and it will run scan tasks on targets, however, it is unable to skip over missing targets in a scan range and immediately indicates 100% done with an error and no usable scan report. Have tried all alive tests available in the GVM 11 web UI. Anyone know of a way to set up targets and scan tasks to allow missing targets (non-responsive targets) so that at least those targets that are successfully scanned have scan results in the scan report? I only get results (identified vulnerabilities) when ALL targets can be scanned in the specified range. I have been unable to build from source or even run the virtual machine on windows hyper-v successfully (won’t use community feed) that can be downloaded from the GCE download page on the community site. Have been using OpenVAS 9 on hyper-v for a couple of years. Unable to contact Mohammad - the creator of the PPA

If you have trouble with a uncoordinated integration and you are not able to install it from the source, please try the Greenbone Community Edition that is supported here. The rest of your questions is already answered here at the forum or documented at http://docs.greenbone.net .

1 Like

Have GOS 6 iso installed and running as a VM under KVM / QEMU on Ubuntu 18.04 LTS also on Windows 10 Prof Hyper-V. Both installations successful with 2+ hour load / parse time for all SecInfo similar to a native Ubuntu install SecInfo load. Ran some test scans and am finding them to take significantly longer for responsive targets than for a native GVM 11 install on Ubuntu 18.04 install using the razavi PPA. Need to check on some of the various settings in the standard GCE GOS 6 VM using the support mode shell access provided for in the GUI, however the admin@gsm account is not fully privileged so I can’t review redis and other settings to increase performance to where scanning should be with a 10-20% virtualization overhead. Is the admin password available for the VM so that I can verify / improve the redis settings and / or analyze the performance of postgresql? In OpenVAS 9 proper redis settings could provide 2X-6X increase in scanning speed when scanning /24 segment targets. I am very suspicious that the redis settings in the GCE GOS 6 VM are wrong as it seems to be performing similar to the OpenVAS 9 before adjustments. If the admin password is not available (not sure why - all we can impact is our own VM), can someone supporting the GCE at least provide the settings currently in redis.conf file to help verify? Any help would be appreciated. Thanks

8 posts were split to a new topic: Setup problems with OpenVAS on GVM-11

hi gsconye,

I installed gvm 11 with PPA MARZAVI I had the same problem as you, I solved it by creating an ‘ospd’ folder
in mkdir / var / run / ospd

so openvas connects to that folder

let me know how you are put so maybe I can help you, however shortly public an ovf file for virtualbox already packaged

once created restart gvm
systemctl restart ospd-openvas # scanner
systemctl restart gvmd # manager
systemctl restart gsad # web ui

Please take a look at https://github.com/greenbone/openvas/blob/master/config/redis-openvas.conf for or default redis config. If you are aware of settings to improve our performance please create a pull request. Afterwards I could discuss the settings internally and we can adjust the settings in our GCE too.

1 Like