I’ve been using OpenVAS on port 9392, but now I need to use the python-gvm package, which uses port 9390. To do this, I modified gvmd.service with the following line:
ExecStart=/usr/sbin/gvmd --osp-vt-update=/run/ospd/ospd.sock --listen=0.0.0.0 --port=9390 --listen-group=_gvm.
Now, it’s listening on port 9390, but I stopped listening on port 9392. How can I configure OpenVAS to listen on both ports? Please help!
To configure gvmd to listen on both ports 9390 and 9392 simultaneously, you’ll need to create two separate systemd services.The name of the service used in systemctl commands is derived directly from the name of the systemd service file, so you will have to give the second systemd configuration file a different filename.
You are mixing two things up here. gsad our web server listens by default on port 9392 providing a http interface. gvmd our management server providing a gmp interface listens by default on port 9390 if used with TLS. Usually gvmd is not used with TLS and instead it listens on a unix domain socket.
1 Like
I have currently deployed Openvas on a VM, now i want to access this thorough my local machine using gvm-python. What’s best connection type for this, and how to make it listen to 9390 port?
Bricks makes a good point here, but assume you are trying to do what you say you are. I usually move gsad to port 443 anyway which would free up port 9292 for gvmd.
To answer your question from the docs:
While the current appliances use SSH to protect GMP, older appliances used TLS and Port 9390 to transport GMP. The gvm-tools can be used with both the older and the current GOS.
SSHConnection is recommended but python-gvm’s TLSConnection on 9390 is still supported.
You say you have it deployed on a VM, but you didn’t specify your installation method or whether this is the Enterprise VM. For Enterprise - see the docs:
GMP is not remotely accessible via the network by default. The remote GMP service can be activated using the GOS administration menu (see Chapter 7.2.4.2).
For a source code installation, you need to install gvm-tools. For the Community Containers, see the workflow to enable gvm-cli via the gvm-tools container.
There are also two relevant notes about this in [🎉 advance docs to use python-gvm by manuel-sommer · Pull Request #525 · greenbone/docs · GitHub]:
It uses the TCP connection for gvmd which is not supported nor tested from our side.
and
The unix socket. This is tested and we ensure that it works. That’s how gsad and gvmd are connected by default too. The remote access could be done by forwarding a SSH connection to the unix socket.