I was having the same problem, and reading the post accepted as an answer, thought it was done, but if you put the authentication xml in the command line, it will probably work. That is, something like: gvm-cli socket --socketpath=/var/run/openvasmd.sock --xml “admin_useradmin_password<start_task task_id=‘6c6ea627-a908-4129-9ad9-dfce72f4609f’/>”
I’ve done a create_target that wasy as well. The other thing I’ve found is that you have to be root, and you need to put in the socketpath. I installed mine from the Ubuntu Repo, so there may be differences, but those things worked for me (after a lot of head banging)
the socket connection type should be used for GSE based installations usually. The --socketpath argument must point to the socket provided by gvmd/openvasmd. We don’t have this path under control and different distributions use different paths. See for example the following topic
The other connection types are mostly for GOS 3.1 (TLS) and GOS 4 (SSH) on GSMs .
You need normal unix file permissions to be able to access the unix socket of gvmd/openvasmd. Therefore you can adjust the permissions, user and group of the socket via gvmd/openvasmd parameters. You should NOT run any python script as root user only to avoid caring about file permission settings.
Is there a way to control the permissions of the socket at server start? It seems every time the service restarts, the socket comes up with root:root access. It can be changed, but it seems like I would have to put a “sudo chown” at the top before I ran scripts, or run them as root, as my update script restarts the service daily.
Thanx for the pointer, took a couple of tries and reading the comments int he init.d file, but got it. On a side note, first, let me say a huge thank you to all who have made Greenbone/OpenVAS what it is for the community. I wanted to get that out of the way before I commented that I always find it amusing when something MUST NOT be run the way it defaults to run. I don’t disagree with you, that it should not run as root, but the install does nothing to stop it, and you have to have a little skill and do some digging to get there.
It’s a general security advice not to run any daemon as root user. In nearly all cases it isn’t necessary at all. Most of the time it is a misconfiguration of permissions if somebody has to run a daemon as root.
We as Greenbone can’t do much about it. We are not packaging GSE for any distribution besides Greenbone OS. I’ve added a check for gvm-tools but don’t think something like this should be included into the daemons.