Is ospd-openvas -s command line option used at all?

Hi,

On a testing plateform, I’m trying to have both gvm-9 and gvm-11 co-existing for testing purposes. So I have created a specific redis installation for gvm-11, and one for gvm-9.

Problem: I can’t see anyway to actually tells ospd-openvas to talk to a specific redis socket. I’m using the following command:

/opt/gvm/bin/ospd-scanner/bin/python3.6 /opt/gvm/bin/ospd-scanner/bin/ospd-openvas --pid-file /opt/gvm/var/run/ospd-openvas.pid -s /opt/gvm/etc/openvas/openvas.conf --log-level debug -f

Which gives the following error:

2020-03-03 06:17:32,585 OSPD - openvas: DEBUG: (ospd_openvas.db) Redis connection lost: Error 13 connecting to unix socket: /run/redis/redis.sock. Permission denied… Trying again in 5 seconds.

The problem is ospd-openvas is not suppose to talk to /run/redis/redis.sock but to /var/run/redis/redis-gvm.sock, as specified in the config file /opt/gvm/etc/openvas/openvas.conf which reads:

[OSPD - openvas]
db_address=/var/run/redis/redis-gvm.sock

Whatever I put in this file seems completely ignored by the ospd-openvas command. So is the “-s” or “–config” flag actually used ? If so, what’s wrong with my file so it gets completely ignored ?

Thanks a lot

After digging out the docs directory in the source installation of ospd-openvas, I actually foud out there is no longer an option to specify where the redis socket is. However, the source code read:

>  def _parse_openvas_db_address(result):
>         """ Return the path to the redis socket.
>         Arguments:
>             result (bytes) Output of `openvas -s`
>         Return redis unix socket path.
>         """
>         path = None;
>         result = result.decode('ascii')
>         for conf in result.split('\n'):
>             if conf.find('db_address') == 0:
>                 path = conf.split('=')
>                 break
> 
>         if not path:
>             raise OspdOpenvasError(
>                 'Redis Error: Not possible to '
>                 'find the path to the redis socket.'
>             )
>         return path[1].strip()

So there is no longer an hard coded option, but according to the ospd-openvas/db.py source file, the process looks for db_address line and return out the value if found. So that should work.

What am I missing here ?

That’s not the config file for ospd-openvas. That’s the config for openvas.

Some background: ospd-openvas is a daemon providing an osp protocol interface for openvas. openvas is not a daemon anymore. It is just an executable for running scans against a target. ospd-openvas and openvas a communicating via redis server for the scan data.

To be able to communicate with the same redis server ospd-openvas reads the socket setting from the output of openvas -s.

3 Likes

OK, thanks for clarifying. But back to my original question; where can we change the redis socket path used by both openvas & ospd-openvas ?

In $INSTALL_PREFIX/etc/openvas/openvas.conf

> cat $INSTALL_PREFIX/etc/openvas/openvas.conf 
db_address = /run/redis-openvas/redis.sock
2 Likes

I’m confused; as I explained originally that’s the file I modified in the first place. And in this file I have the right redis path, but still openvas continue using the default value. The file is owned by the gvm user and has the right permissions. And If I remove the header [OSPD-Openvas] ospd-openvas won’t start complaining the file is missing that header…

I really don’t know what you are doing. I’ve pasted the content of my personal openvas.conf file. Maybe you are trying to use the openvas.conf as config file for ospd-openvas? That wont work. You need to use two different files. The one for openvas must only contain key = value pairs. No section.

2 Likes

My bad ! The openvas.conf file actually contained the OSPD header, since it was being used by OSPD too, so it didn’t work as expected. I was actually very confused between OSPD and OpenVAS, so thanks to your explaination everything works fine now. Thank you ! :sunny:

1 Like