On a testing plateform, I’m trying to have both gvm-9 and gvm-11 co-existing for testing purposes. So I have created a specific redis installation for gvm-11, and one for gvm-9.
Problem: I can’t see anyway to actually tells ospd-openvas to talk to a specific redis socket. I’m using the following command:
2020-03-03 06:17:32,585 OSPD - openvas: DEBUG: (ospd_openvas.db) Redis connection lost: Error 13 connecting to unix socket: /run/redis/redis.sock. Permission denied… Trying again in 5 seconds.
The problem is ospd-openvas is not suppose to talk to /run/redis/redis.sock but to /var/run/redis/redis-gvm.sock, as specified in the config file /opt/gvm/etc/openvas/openvas.conf which reads:
Whatever I put in this file seems completely ignored by the ospd-openvas command. So is the “-s” or “–config” flag actually used ? If so, what’s wrong with my file so it gets completely ignored ?
After digging out the docs directory in the source installation of ospd-openvas, I actually foud out there is no longer an option to specify where the redis socket is. However, the source code read:
> def _parse_openvas_db_address(result):
> """ Return the path to the redis socket.
> Arguments:
> result (bytes) Output of `openvas -s`
> Return redis unix socket path.
> """
> path = None;
> result = result.decode('ascii')
> for conf in result.split('\n'):
> if conf.find('db_address') == 0:
> path = conf.split('=')
> break
>
> if not path:
> raise OspdOpenvasError(
> 'Redis Error: Not possible to '
> 'find the path to the redis socket.'
> )
> return path[1].strip()
So there is no longer an hard coded option, but according to the ospd-openvas/db.py source file, the process looks for db_address line and return out the value if found. So that should work.
That’s not the config file for ospd-openvas. That’s the config for openvas.
Some background: ospd-openvas is a daemon providing an osp protocol interface for openvas. openvas is not a daemon anymore. It is just an executable for running scans against a target. ospd-openvas and openvas a communicating via redis server for the scan data.
To be able to communicate with the same redis server ospd-openvas reads the socket setting from the output of openvas -s.
I’m confused; as I explained originally that’s the file I modified in the first place. And in this file I have the right redis path, but still openvas continue using the default value. The file is owned by the gvm user and has the right permissions. And If I remove the header [OSPD-Openvas] ospd-openvas won’t start complaining the file is missing that header…
I really don’t know what you are doing. I’ve pasted the content of my personal openvas.conf file. Maybe you are trying to use the openvas.conf as config file for ospd-openvas? That wont work. You need to use two different files. The one for openvas must only contain key = value pairs. No section.
My bad ! The openvas.conf file actually contained the OSPD header, since it was being used by OSPD too, so it didn’t work as expected. I was actually very confused between OSPD and OpenVAS, so thanks to your explaination everything works fine now. Thank you !