I am experiencing some weird issues when it comes to launching GSA. Sometimes the service starts, sometimes it doesn’t. I have a very simply installation process so I’m not quite sure why it’s inconsistent.
I simply instlal openvas using
apt install postgresql openvas, and then I run the setup with
gvm-setup. Since the installation is unattended, there’s nothing really for me to do here. When it comes to starting the service, I’m under the impression that I just simply need to run
gvm-start. This is where things start to fall apart.
As you can see below, I ran
gvm-start, but it’s not actually listening on the port:
___(root__47e0154680ae)-[~] __# gvm-start [*] Please wait for the GVM / OpenVAS services to start. [*] [*] You might need to refresh your browser once it opens. [*] [*] Web UI (Greenbone Security Assistant): https://127.0.0.1:9392 ___(root__47e0154680ae)-[~] __# netstat -antp | grep -i listen tcp 0 0 127.0.0.1:5432 0.0.0.0:* LISTEN - tcp 0 0 0.0.0.0:2222 0.0.0.0:* LISTEN 19/sshd: /usr/sbin/ tcp6 0 0 :::2222 :::* LISTEN 19/sshd: /usr/sbin/
If I run
gvm-check-setup, then it seems like everything is installed properly and works fine:
___(root__47e0154680ae)-[~] __# gvm-check-setup gvm-check-setup 21.4.0 Test completeness and readiness of GVM-21.4.0 Step 1: Checking OpenVAS (Scanner)... OK: OpenVAS Scanner is present in version 21.4.0. OK: Server CA Certificate is present as /var/lib/gvm/CA/servercert.pem. Checking permissions of /var/lib/openvas/gnupg/* OK: _gvm owns all files in /var/lib/openvas/gnupg OK: redis-server is present. OK: scanner (db_address setting) is configured properly using the redis-server socket: /var/run/redis-openvas/redis-server.sock OK: redis-server is running and listening on socket: /var/run/redis-openvas/redis-server.sock. OK: redis-server configuration is OK and redis-server is running. OK: _gvm owns all files in /var/lib/openvas/plugins OK: NVT collection in /var/lib/openvas/plugins contains 71033 NVTs. Checking that the obsolete redis database has been removed OK: No old Redis DB OK: ospd-OpenVAS is present in version 21.4.0. Step 2: Checking GVMD Manager ... OK: GVM Manager (gvmd) is present in version 21.4.0. Step 3: Checking Certificates ... OK: GVM client certificate is valid and present as /var/lib/gvm/CA/clientcert.pem. OK: Your GVM certificate infrastructure passed validation. Step 4: Checking data ... OK: SCAP data found in /var/lib/gvm/scap-data. OK: CERT data found in /var/lib/gvm/cert-data. Step 5: Checking Postgresql DB and user ... Starting postgresql service OK: Postgresql version and default port are OK. gvmd | _gvm | UTF8 | C.UTF-8 | C.UTF-8 | OK: At least one user exists. Step 6: Checking Greenbone Security Assistant (GSA) ... Oops, secure memory pool already initialized OK: Greenbone Security Assistant is present in version 21.04.0~git. Step 7: Checking if GVM services are up and running ... Starting ospd-openvas service Waiting for ospd-openvas service OK: ospd-openvas service is active. OK: gvmd service is active. Starting greenbone-security-assistant service Waiting for greenbone-security-assistant service OK: greenbone-security-assistant service is active. Step 8: Checking few other requirements... OK: nmap is present in version 21.04.0~git. OK: ssh-keygen found, LSC credential generation for GNU/Linux targets is likely to work. WARNING: Could not find makensis binary, LSC credential package generation for Microsoft Windows targets will not work. SUGGEST: Install nsis. OK: xsltproc found. WARNING: Your password policy is empty. SUGGEST: Edit the /etc/gvm/pwpolicy.conf file to set a password policy. It seems like your GVM-21.4.0 installation is OK. ___(root__47e0154680ae)-[~] __# netstat -antp | grep -i listen tcp 0 0 127.0.0.1:5432 0.0.0.0:* LISTEN - tcp 0 0 0.0.0.0:2222 0.0.0.0:* LISTEN 19/sshd: /usr/sbin/ tcp 0 0 127.0.0.1:9392 0.0.0.0:* LISTEN - tcp 0 0 127.0.0.1:80 0.0.0.0:* LISTEN - tcp6 0 0 :::2222 :::* LISTEN 19/sshd: /usr/sbin/
So I guess my question is what exactly is the proper procedure for starting GSA? Do I need to “check my setup” to start GSA or should
gvm-start have actually done the trick? It seems like the issue is
ospd-openvas doesn’t actually start when
gvm-start is run, but for whatever reason it works fine when running