Kali ospd-openvas not staring with MQTT broker errors

Hello, I’ve upgraded Kali 2022.4 and after that OpenVAS stopped working.

I tried to remove and reinstall everything with this steps:

Remove old uneeded packages
sudo apt autoremove

Remove the gsad service (removes other dependencies too)
sudo apt remove gsad

Remove the old service file if it still exists
rm /lib/systemd/system/greenbone-security-assistant.service

Reinstall Openvas
sudo apt install openvas

Setup openvas
sudo gvm-setup

Check the setup
sudo gvm-check-setup

Output of gvm-check-setup looks well:

gvm-check-setup 22.4.0
  Test completeness and readiness of GVM-22.4.0
Step 1: Checking OpenVAS (Scanner)...
        OK: OpenVAS Scanner is present in version 22.4.1.
        OK: Notus Scanner is present in version 22.4.2.
        OK: Server CA Certificate is present as /var/lib/gvm/CA/servercert.pem.
Checking permissions of /var/lib/openvas/gnupg/*
        OK: _gvm owns all files in /var/lib/openvas/gnupg
        OK: redis-server is present.
        OK: scanner (db_address setting) is configured properly using the redis-server socket: /var/run/redis-openvas/redis-server.sock
        OK: redis-server is running and listening on socket: /var/run/redis-openvas/redis-server.sock.
        OK: redis-server configuration is OK and redis-server is running.
        OK: the mqtt_server_uri is defined in /etc/openvas/openvas.conf
        OK: _gvm owns all files in /var/lib/openvas/plugins
        OK: NVT collection in /var/lib/openvas/plugins contains 84009 NVTs.
        OK: The notus directory /var/lib/notus/products contains 387 NVTs.
Checking that the obsolete redis database has been removed
        OK: No old Redis DB
        OK: ospd-OpenVAS is present in version 22.4.4.
Step 2: Checking GVMD Manager ...
        OK: GVM Manager (gvmd) is present in version 22.4.2.
Step 3: Checking Certificates ...
        OK: GVM client certificate is valid and present as /var/lib/gvm/CA/clientcert.pem.
        OK: Your GVM certificate infrastructure passed validation.
Step 4: Checking data ...
        OK: SCAP data found in /var/lib/gvm/scap-data.
        OK: CERT data found in /var/lib/gvm/cert-data.
Step 5: Checking Postgresql DB and user ...
        OK: Postgresql version and default port are OK.
 gvmd      | _gvm     | UTF8     | pl_PL.UTF-8 | pl_PL.UTF-8 |            | libc            |
24495|pg-gvm|10|2200|f|22.4.0||
        OK: At least one user exists.
Step 6: Checking Greenbone Security Assistant (GSA) ...
        OK: Greenbone Security Assistant is present in version 22.04.1~git.
Step 7: Checking if GVM services are up and running ...
        OK: ospd-openvas service is active.
        OK: gvmd service is active.
        OK: gsad service is active.
Step 8: Checking few other requirements...
        OK: nmap is present in version 22.04.1~git.
        OK: ssh-keygen found, LSC credential generation for GNU/Linux targets is likely to work.
        OK: nsis found, LSC credential package generation for Microsoft Windows targets is likely to work.
        OK: SELinux is disabled.
        OK: xsltproc found.
        WARNING: Your password policy is empty.
        SUGGEST: Edit the /etc/gvm/pwpolicy.conf file to set a password policy.

It seems like your GVM-22.4.0 installation is OK.

Problem seems to be with ospd-openvas.

Status looks like that:

● ospd-openvas.service - OSPd Wrapper for the OpenVAS Scanner (ospd-openvas)
     Loaded: loaded (/lib/systemd/system/ospd-openvas.service; enabled; preset: disabled)
     Active: activating (auto-restart) (Result: exit-code) since Thu 2023-01-26 21:17:59 CET; 50s ago
       Docs: man:ospd-openvas(8)
             man:openvas(8)
    Process: 13618 ExecStart=/usr/bin/ospd-openvas --config /etc/gvm/ospd-openvas.conf --log-config /etc/gvm/ospd-logging.conf (code=exited, status=0/SUCCESS)
   Main PID: 13620 (code=exited, status=1/FAILURE)
        CPU: 1.379s

in /var/log/gvm/gvmd.log there is repeating:

md manage:   INFO:2023-01-26 20h19.06 UTC:13668: osp_scanner_feed_version: No feed version available yet. OSPd OpenVAS is still starting
md manage:WARNING:2023-01-26 20h19.16 UTC:13678: osp_scanner_feed_version: failed to connect to /run/ospd/ospd.sock
md manage:WARNING:2023-01-26 20h19.26 UTC:13683: osp_scanner_feed_version: failed to connect to /run/ospd/ospd.sock

So I checked also /var/log/gvm/ospd-openvas.log:

OSPD[13696] 2023-01-26 20:20:11,703: INFO: (ospd.main) Starting OSPd OpenVAS version 22.4.4.
OSPD[13696] 2023-01-26 20:20:11,709: WARNING: (ospd_openvas.messaging.mqtt) Could not connect to MQTT broker, error was: [Errno 111] Connection refused. Trying again in 10s.
OSPD[13696] 2023-01-26 20:20:21,721: WARNING: (ospd_openvas.messaging.mqtt) Could not connect to MQTT broker, error was: [Errno 111] Connection refused. Trying again in 10s.
OSPD[13696] 2023-01-26 20:20:21,797: INFO: (ospd_openvas.daemon) Loading VTs. Scans will be [requested|queued] until VTs are loaded. This may take a few minutes, please wait...
OSPD[13696] 2023-01-26 20:20:22,032: WARNING: (gnupg) potential problem: ERROR: add_keyblock_resource 33587201
OSPD[13696] 2023-01-26 20:20:22,033: WARNING: (gnupg) potential problem: ERROR: keydb_search 33554445
OSPD[13696] 2023-01-26 20:20:22,033: WARNING: (gnupg) potential problem: ERROR: keydb_search 33554445
OSPD[13696] 2023-01-26 20:20:22,033: WARNING: (gnupg) gpg returned a non-zero error code: 2
OSPD[13696] 2023-01-26 20:20:22,044: INFO: (ospd.main) Shutting-down server ...

Anyone have idea what might be wrong?
Thanks.

Hi,

this seems to be an issue within Kali. Could you please report at https://bugs.kali.org to let the packagers know about an issue with the GPG signature validation of the VTs from the Greenbone feed. The issue was already reported by another user yesterday and here is a link to circumvent the problem

2 Likes

Hello, I also run mosquitto service so there are now only errors about gnupg:

└─# systemctl status mosquitto                                                                                                                                                                                                         130 ⨯
● mosquitto.service - Mosquitto MQTT Broker
     Loaded: loaded (/lib/systemd/system/mosquitto.service; disabled; preset: disabled)
     Active: active (running) since Fri 2023-01-27 07:30:57 CET; 1min 4s ago
       Docs: man:mosquitto.conf(5)
             man:mosquitto(8)
    Process: 34256 ExecStartPre=/bin/mkdir -m 740 -p /var/log/mosquitto (code=exited, status=0/SUCCESS)
    Process: 34257 ExecStartPre=/bin/chown mosquitto /var/log/mosquitto (code=exited, status=0/SUCCESS)
    Process: 34258 ExecStartPre=/bin/mkdir -m 740 -p /run/mosquitto (code=exited, status=0/SUCCESS)
    Process: 34259 ExecStartPre=/bin/chown mosquitto /run/mosquitto (code=exited, status=0/SUCCESS)
   Main PID: 34260 (mosquitto)
      Tasks: 1 (limit: 38462)
     Memory: 2.0M
        CPU: 49ms
     CGroup: /system.slice/mosquitto.service
             └─34260 /usr/sbin/mosquitto -c /etc/mosquitto/mosquitto.conf

sty 27 07:30:57 kali systemd[1]: Starting Mosquitto MQTT Broker...
sty 27 07:30:57 kali systemd[1]: Started Mosquitto MQTT Broker.

Here is ospd-openvas log:

OSPD[34391] 2023-01-27 06:32:33,203: INFO: (ospd.main) Starting OSPd OpenVAS version 22.4.4.
OSPD[34391] 2023-01-27 06:32:33,211: INFO: (ospd_openvas.messaging.mqtt) Successfully connected to MQTT broker
OSPD[34391] 2023-01-27 06:32:43,297: INFO: (ospd_openvas.daemon) Loading VTs. Scans will be [requested|queued] until VTs are loaded. This may take a few minutes, please wait...
OSPD[34391] 2023-01-27 06:32:43,535: WARNING: (gnupg) potential problem: ERROR: add_keyblock_resource 33587201
OSPD[34391] 2023-01-27 06:32:43,535: WARNING: (gnupg) potential problem: ERROR: keydb_search 33554445
OSPD[34391] 2023-01-27 06:32:43,535: WARNING: (gnupg) potential problem: ERROR: keydb_search 33554445
OSPD[34391] 2023-01-27 06:32:43,536: WARNING: (gnupg) gpg returned a non-zero error code: 2
OSPD[34391] 2023-01-27 06:32:43,546: INFO: (ospd.main) Shutting-down server ...

I put that setting into config and run ospd-openvas again:

OSPD[35542] 2023-01-27 07:04:23,594: INFO: (ospd.main) Starting OSPd OpenVAS version 22.4.4.
OSPD[35542] 2023-01-27 07:04:23,601: INFO: (ospd_openvas.messaging.mqtt) Successfully connected to MQTT broker
OSPD[35542] 2023-01-27 07:04:33,689: INFO: (ospd_openvas.daemon) Loading VTs. Scans will be [requested|queued] until VTs are loaded. This may take a few minutes, please wait...
OSPD[35542] 2023-01-27 07:04:33,771: INFO: (ospd_openvas.notus) hashsum verification is disabled
OSPD[35542] 2023-01-27 07:06:42,412: INFO: (ospd_openvas.daemon) VTs were up to date. Feed version is 202301261013.

And gvmd.log:

md manage:   INFO:2023-01-27 07h07.26 UTC:35795: osp_scanner_feed_version: No feed version available yet. OSPd OpenVAS is still starting
md manage:   INFO:2023-01-27 07h07.43 UTC:35821: OSP service has different VT status (version 202301261013) from database (version 202301161012, 83853 VTs). Starting update ...
md manage:   INFO:2023-01-27 07h09.18 utc:35821: Updating VTs in database ... 167 new VTs, 2231 changed VTs
md manage:WARNING:2023-01-27 07h09.19 utc:35821: update_nvts_from_vts: SHA-256 hash of the VTs in the database (1d6df9ece0fc8df495f4da75371290c8db9c0bde14f9432c1b054c0fde7d301f) does not match the one from the scanner (0e1ab8c675749b01d2d1badbccc9460153dfbacdf81d3e45708ee3eeb04e0c92).
md manage:   INFO:2023-01-27 07h20.08 utc:35821: Updating VTs in database ... 116327 new VTs, 0 changed VTs
md manage:   INFO:2023-01-27 07h20.11 utc:35821: Updating VTs in database ... done (116327 VTs).

Looks like it’s starting but will it work properly now?

What do you mean exactly?

Will you be able to run a vulnerability scan? If there aren’t any other errors, yes.

Can you be completely safe that the feed data hasn’t been manipulated by a third party and you are only running VTs from Greenbone? No, because the signature validation has been disabled.

2 Likes

Yes looks like scan is starting. Thanks!

1 Like

I worked through this a little further. I used the latest RPi build of Kali and experienced the same issues on a Pi3/Pi4 with a fresh install. I was not able to find anything on the Kali side to indicate that a bug report has been opened for this.

The sums match:

┌──(kali㉿kali-raspberry-pi)-[/var/lib/notus/advisories]
└─$ sha256sum ./*               
5a43fab9095bd0a180a1750e1253cff228aab1a1e1218f153fbcd65056d78513  ./euleros.notus
bb8d232dcbffc28a0699dca6800a4704e612ef8369d7715af456b4500362fc81  ./mageia.notus
b0fe657df823a64e32f2bb2ad59db41f49f6139be77e035227be2150c1c5d34f  ./sha256sums
acb7df6641ba46e72b1d63e0753cc3b979e80ddbeb3c15f891eb80771839bb44  ./sha256sums.asc
2e12772ec614d85f3a878584bf77786a98a4ba82eda4401fb27b8ac1d948cbcf  ./slackware.notus
e30d8f136aca8d109ddbd1afb73bb70fd3715077bc952e22e711c6f56dfd493e  ./suse.notus
9824aee897f1d9709d2b0f06287ae1550eb995f0e6d88c9b331e02ede31c3935  ./ubuntu.notus
                                                                                                                                                                     
┌──(kali㉿kali-raspberry-pi)-[/var/lib/notus/advisories]
└─$ cat sha256sums              
5a43fab9095bd0a180a1750e1253cff228aab1a1e1218f153fbcd65056d78513  euleros.notus
bb8d232dcbffc28a0699dca6800a4704e612ef8369d7715af456b4500362fc81  mageia.notus
2e12772ec614d85f3a878584bf77786a98a4ba82eda4401fb27b8ac1d948cbcf  slackware.notus
e30d8f136aca8d109ddbd1afb73bb70fd3715077bc952e22e711c6f56dfd493e  suse.notus
9824aee897f1d9709d2b0f06287ae1550eb995f0e6d88c9b331e02ede31c3935  ubuntu.notus

By enabling debug output (editing /etc/openvas/openvas.conf) I was able to see a little more info. Specifically when the notus signatures are checked, you see:

OSPD[17844] 2023-02-20 00:37:22,128: INFO: (ospd_openvas.daemon) Loading VTs. Scans will be [requested|queued] until VTs are loaded. This may take a few minutes, please wait...
OSPD[17844] 2023-02-20 00:37:22,382: DEBUG: (gnupg) verify_file: <_io.BufferedReader name='/var/lib/notus/advisories/sha256sums.asc'>, '/var/lib/notus/advisories/sha256sums'
OSPD[17844] 2023-02-20 00:37:22,382: DEBUG: (gnupg) Handling detached verification
OSPD[17844] 2023-02-20 00:37:22,384: DEBUG: (gnupg) Wrote to temp file: b'-----BEGIN PGP SIGNATURE-----\n\niQIzBAABCgAdFiEEiuS+QptgpZsxHC5zmCP6pg7R5YAFAmPu/FsACgkQmCP6pg7R\n5YCdbw//SOhRR9mGLseG1aOfjc819xBF05IVXZkSYGuy3DWsK76+nOTtx4SzKhuS\nApr+Q5domPDF+EyZQhoWmWq4/BWQ4iJMc+j5w6Ia7Ifl/LhhQx9sLdR8B3OdaObb\nxplXaOg4TOUE9elbqlukKh5KvwbQE2EI/rP5qPHLK0ofDwM6O4UNzDW0oZUn5hMO\ngXjn9TlMq727H5sPz/5ZyitlF2pxRuIGQwD1IVbnrrsUPGuo8TR1GL4FBSoW8blV\n7eIk/NCCH89WAGCf32et0uL7eGpqLd6NNKW2JWlS88icvfgIpUcNZMuZuddEybSw\nGDH4EdnXo+xUONgCv6ao+bn3ZtGmhQ4dp2lySRTBgk0eEqZuiH+qyTrwtU6fC7NO\nmL7zTDRR/mt6DucKwfDhs9GXwSrKi6260n1hrw3tlJOHTcZKZemZ67dOZ6OM05Fy\nxoZ45Wr5iOI8ORTE0ooHFS1wx/PJKF+7XtpGlo5Vret9kDYiwg3ABjnkdJGI9ji0\nY+BfSBh5FdnV2eQvx5sIn+Lfte4XwMXuw2gjkE1zkn0opIIxxoBLpoiVVJERnhyg\nv/tOMS/b5e6p+g5yBypwVhNdhbksDBR1vKpHR+5i4pyiE0vHg5CcQa0O8WeCzizk\n592mJow2kZAUPjOgr54R49abC6soT045AuFS8yp3Dz5RddepPNY=\n=q8u+\n-----END PGP SIGNATURE-----\n'
OSPD[17844] 2023-02-20 00:37:22,386: DEBUG: (gnupg) 20553: gpg --status-fd 2 --no-tty --no-verbose --fixed-list-mode --batch --with-colons --homedir /etc/openvas/gnupg --verify /tmp/pygpgb856_vuq /var/lib/notus/advisories/sha256sums
OSPD[17844] 2023-02-20 00:37:22,386: DEBUG: (gnupg) stderr reader: <Thread(Thread-396 (_read_response), initial daemon)>
OSPD[17844] 2023-02-20 00:37:22,387: DEBUG: (gnupg) stdout reader: <Thread(Thread-397 (_read_data), initial daemon)>
OSPD[17844] 2023-02-20 00:37:22,401: DEBUG: (gnupg) gpg: WARNING: unsafe ownership on homedir '/etc/openvas/gnupg'
**OSPD[17844] 2023-02-20 00:37:22,401: DEBUG: (gnupg) gpg: failed to create temporary file '/etc/openvas/gnupg/.#lk0x023ad5f0.kali-raspberry-pi.20553': Permission denied**
**OSPD[17844] 2023-02-20 00:37:22,401: DEBUG: (gnupg) gpg: keyblock resource '/etc/openvas/gnupg/pubring.kbx': Permission denied**
OSPD[17844] 2023-02-20 00:37:22,402: DEBUG: (gnupg) [GNUPG:] ERROR add_keyblock_resource 33587201
OSPD[17844] 2023-02-20 00:37:22,402: WARNING: (gnupg) potential problem: ERROR: add_keyblock_resource 33587201
OSPD[17844] 2023-02-20 00:37:22,402: DEBUG: (gnupg) [GNUPG:] NEWSIG
OSPD[17844] 2023-02-20 00:37:22,402: DEBUG: (gnupg) message ignored: NEWSIG, 
OSPD[17844] 2023-02-20 00:37:22,402: DEBUG: (gnupg) gpg: Signature made Fri 17 Feb 2023 04:02:35 AM UTC
OSPD[17844] 2023-02-20 00:37:22,403: DEBUG: (gnupg) gpg:                using RSA key 8AE4BE429B60A59B311C2E739823FAA60ED1E580
OSPD[17844] 2023-02-20 00:37:22,403: DEBUG: (gnupg) [GNUPG:] ERROR keydb_search 33554445
OSPD[17844] 2023-02-20 00:37:22,403: WARNING: (gnupg) potential problem: ERROR: keydb_search 33554445
OSPD[17844] 2023-02-20 00:37:22,403: DEBUG: (gnupg) [GNUPG:] ERROR keydb_search 33554445
OSPD[17844] 2023-02-20 00:37:22,403: WARNING: (gnupg) potential problem: ERROR: keydb_search 33554445
OSPD[17844] 2023-02-20 00:37:22,404: DEBUG: (gnupg) [GNUPG:] ERRSIG 9823FAA60ED1E580 1 10 00 1676606555 9 8AE4BE429B60A59B311C2E739823FAA60ED1E580
OSPD[17844] 2023-02-20 00:37:22,404: DEBUG: (gnupg) [GNUPG:] NO_PUBKEY 9823FAA60ED1E580
**OSPD[17844] 2023-02-20 00:37:22,404: DEBUG: (gnupg) gpg: Can't check signature: No public key**
OSPD[17844] 2023-02-20 00:37:22,405: WARNING: (gnupg) gpg returned a non-zero error code: 2

I changed the ownership of the /etc/openvas/gnupg folder to _gvm:_gvm and the permission errors shown above went away:

OSPD[17844] 2023-02-20 00:40:53,075: INFO: (ospd_openvas.daemon) Loading VTs. Scans will be [requested|queued] until VTs are loaded. This may take a few minutes, please wait...
OSPD[17844] 2023-02-20 00:40:53,386: DEBUG: (gnupg) verify_file: <_io.BufferedReader name='/var/lib/notus/advisories/sha256sums.asc'>, '/var/lib/notus/advisories/sha256sums'
OSPD[17844] 2023-02-20 00:40:53,386: DEBUG: (gnupg) Handling detached verification
OSPD[17844] 2023-02-20 00:40:53,387: DEBUG: (gnupg) Wrote to temp file: b'-----BEGIN PGP SIGNATURE-----\n\niQIzBAABCgAdFiEEiuS+QptgpZsxHC5zmCP6pg7R5YAFAmPu/FsACgkQmCP6pg7R\n5YCdbw//SOhRR9mGLseG1aOfjc819xBF05IVXZkSYGuy3DWsK76+nOTtx4SzKhuS\nApr+Q5domPDF+EyZQhoWmWq4/BWQ4iJMc+j5w6Ia7Ifl/LhhQx9sLdR8B3OdaObb\nxplXaOg4TOUE9elbqlukKh5KvwbQE2EI/rP5qPHLK0ofDwM6O4UNzDW0oZUn5hMO\ngXjn9TlMq727H5sPz/5ZyitlF2pxRuIGQwD1IVbnrrsUPGuo8TR1GL4FBSoW8blV\n7eIk/NCCH89WAGCf32et0uL7eGpqLd6NNKW2JWlS88icvfgIpUcNZMuZuddEybSw\nGDH4EdnXo+xUONgCv6ao+bn3ZtGmhQ4dp2lySRTBgk0eEqZuiH+qyTrwtU6fC7NO\nmL7zTDRR/mt6DucKwfDhs9GXwSrKi6260n1hrw3tlJOHTcZKZemZ67dOZ6OM05Fy\nxoZ45Wr5iOI8ORTE0ooHFS1wx/PJKF+7XtpGlo5Vret9kDYiwg3ABjnkdJGI9ji0\nY+BfSBh5FdnV2eQvx5sIn+Lfte4XwMXuw2gjkE1zkn0opIIxxoBLpoiVVJERnhyg\nv/tOMS/b5e6p+g5yBypwVhNdhbksDBR1vKpHR+5i4pyiE0vHg5CcQa0O8WeCzizk\n592mJow2kZAUPjOgr54R49abC6soT045AuFS8yp3Dz5RddepPNY=\n=q8u+\n-----END PGP SIGNATURE-----\n'
OSPD[17844] 2023-02-20 00:40:53,390: DEBUG: (gnupg) 20989: gpg --status-fd 2 --no-tty --no-verbose --fixed-list-mode --batch --with-colons --homedir /etc/openvas/gnupg --verify /tmp/pygpg6_p6l458 /var/lib/notus/advisories/sha256sums
OSPD[17844] 2023-02-20 00:40:53,390: DEBUG: (gnupg) stderr reader: <Thread(Thread-427 (_read_response), initial daemon)>
OSPD[17844] 2023-02-20 00:40:53,391: DEBUG: (gnupg) stdout reader: <Thread(Thread-428 (_read_data), initial daemon)>
**OSPD[17844] 2023-02-20 00:40:53,408: DEBUG: (gnupg) gpg: WARNING: unsafe permissions on homedir '/etc/openvas/gnupg'**
**OSPD[17844] 2023-02-20 00:40:53,409: DEBUG: (gnupg) gpg: keybox '/etc/openvas/gnupg/pubring.kbx' created**
OSPD[17844] 2023-02-20 00:40:53,409: DEBUG: (gnupg) [GNUPG:] NEWSIG
OSPD[17844] 2023-02-20 00:40:53,410: DEBUG: (gnupg) message ignored: NEWSIG, 
OSPD[17844] 2023-02-20 00:40:53,410: DEBUG: (gnupg) gpg: Signature made Fri 17 Feb 2023 04:02:35 AM UTC
OSPD[17844] 2023-02-20 00:40:53,411: DEBUG: (gnupg) gpg:                using RSA key 8AE4BE429B60A59B311C2E739823FAA60ED1E580
OSPD[17844] 2023-02-20 00:40:53,412: DEBUG: (gnupg) [GNUPG:] ERRSIG 9823FAA60ED1E580 1 10 00 1676606555 9 8AE4BE429B60A59B311C2E739823FAA60ED1E580
OSPD[17844] 2023-02-20 00:40:53,412: DEBUG: (gnupg) [GNUPG:] NO_PUBKEY 9823FAA60ED1E580
**OSPD[17844] 2023-02-20 00:40:53,413: DEBUG: (gnupg) gpg: Can't check signature: No public key**
OSPD[17844] 2023-02-20 00:40:53,413: WARNING: (gnupg) gpg returned a non-zero error code: 2

It looks like the add_keyblock_resource error was related to permissions (unable to create temp files or add to pubring.kbx). The keydb_search errors are caused because the pubring.kbx file wasn’t present.

I think the issue for me at this point is that gnupg is missing some certs/data/key. The folder was empty when I started and after the permission changes it looks like a pubring.kbx file has been added. Undoubtedly some data is missing from the gnupg folder due to the previous permissions issue.

Is there some way to restore the missing files/cert/key data? Any idea what the permissions and ownership should actually used be for the /etc/openvas/gnpg folder?

I haven’t had any luck with the config setting that was added to ignore the notus signatures. I also checked a few other commits that were related to similar issues to verify that those code changes were present in the build I was using ( ospd-openvas/kali-rolling,now 22.4.5-1 all [installed,automatic] ).

Thanks,
Rob

Seems the feed validation key is missing in the keychain. https://greenbone.github.io/docs/latest/22.4/source-build/index.html#feed-validation describes how to import the key. Just change the user and group gvm to _gvm for Kali.

1 Like

Quick and dirty steps to re-create the feed validation key:

cd /tmp
wget https://www.greenbone.net/GBCommunitySigningKey.asc
echo "8AE4BE429B60A59B311C2E739823FAA60ED1E580:6:" > /tmp/ownertrust.txt
export GNUPGHOME=/tmp/openvas-gnupg
mkdir -p $GNUPGHOME
gpg --import /tmp/GBCommunitySigningKey.asc
gpg --import-ownertrust < /tmp/ownertrust.txt
export OPENVAS_GNUPG_HOME=/etc/openvas/gnupg
sudo mkdir -p $OPENVAS_GNUPG_HOME
sudo cp -r /tmp/openvas-gnupg/* $OPENVAS_GNUPG_HOME/
sudo chown -R _gvm:_gvm $OPENVAS_GNUPG_HOME

Output:

--2023-02-20 14:45:29--  https://www.greenbone.net/GBCommunitySigningKey.asc
Resolving www.greenbone.net (www.greenbone.net)... 84.39.109.181, 2a01:b1c0:21c:0:20ca:ff:fef0:d01
Connecting to www.greenbone.net (www.greenbone.net)|84.39.109.181|:443... connected.
HTTP request sent, awaiting response... 200 OK
Length: 1652 (1.6K) [application/octet-stream]
Saving to: ‘GBCommunitySigningKey.asc’

GBCommunitySigningKey.asc                 100%[==================================================================================>]   1.61K  --.-KB/s    in 0s      

2023-02-20 14:45:29 (9.99 MB/s) - ‘GBCommunitySigningKey.asc’ saved [1652/1652]

gpg: WARNING: unsafe permissions on homedir '/tmp/openvas-gnupg'
gpg: keybox '/tmp/openvas-gnupg/pubring.kbx' created
gpg: /tmp/openvas-gnupg/trustdb.gpg: trustdb created
gpg: key 9823FAA60ED1E580: public key "Greenbone Community Feed integrity key" imported
gpg: Total number processed: 1
gpg:               imported: 1
gpg: WARNING: unsafe permissions on homedir '/tmp/openvas-gnupg'
gpg: inserting ownertrust of 6

Folder contents after running:

┌──(root㉿kali-raspberry-pi)-[/tmp]
└─# ls -aml /etc/openvas/gnupg/
total 24
drwxr-xr-x 3 _gvm _gvm 4096 Feb 20 14:45 .
drwxr-xr-x 3 root root 4096 Feb 20 13:52 ..
drwx------ 2 _gvm _gvm 4096 Feb 20 14:45 private-keys-v1.d
-rw-r--r-- 1 _gvm _gvm 1343 Feb 20 14:45 pubring.kbx
-rw------- 1 _gvm _gvm   32 Feb 20 14:45 pubring.kbx~
srwx------ 1 _gvm _gvm    0 Feb 20 14:45 S.gpg-agent
srwx------ 1 _gvm _gvm    0 Feb 20 14:45 S.gpg-agent.browser
srwx------ 1 _gvm _gvm    0 Feb 20 14:45 S.gpg-agent.extra
srwx------ 1 _gvm _gvm    0 Feb 20 14:45 S.gpg-agent.ssh
-rw------- 1 _gvm _gvm 1240 Feb 20 14:45 trustdb.gpg

Updated output from ospd-openvas:

OSPD[1301] 2023-02-20 14:49:44,099: INFO: (ospd_openvas.daemon) Loading VTs. Scans will be [requested|queued] until VTs are loaded. This may take a few minutes, please wait...
OSPD[1301] 2023-02-20 14:49:44,178: DEBUG: (ospd_openvas.gpg_sha_verifier) Using /etc/openvas/gnupg as GnuPG home.
OSPD[1301] 2023-02-20 14:49:44,181: DEBUG: (gnupg) 1335: gpg --status-fd 2 --no-tty --no-verbose --fixed-list-mode --batch --with-colons --homedir /etc/openvas/gnupg --version
OSPD[1301] 2023-02-20 14:49:44,184: DEBUG: (gnupg) stderr reader: <Thread(Thread-5 (_read_response), initial daemon)>
OSPD[1301] 2023-02-20 14:49:44,185: DEBUG: (gnupg) stdout reader: <Thread(Thread-6 (_read_data), initial daemon)>
OSPD[1301] 2023-02-20 14:49:44,188: DEBUG: (gnupg) gpg: WARNING: unsafe permissions on homedir '/etc/openvas/gnupg'
OSPD[1301] 2023-02-20 14:49:44,189: DEBUG: (gnupg) chunk: b'gpg (GnuPG) 2.2.40\nlibgcrypt 1.10.1\nCopyright (C) 2022 g10 Code GmbH\nLicense GNU GPL-3.0-or-later <https://gnu.org/licenses/gpl.html>\nThis is free software: you are free to change and redistribute it.\nThere is NO WARRANTY, to the extent permitted by law.\n\n'
OSPD[1301] 2023-02-20 14:49:44,442: DEBUG: (gnupg) verify_file: <_io.BufferedReader name='/var/lib/notus/advisories/sha256sums.asc'>, '/var/lib/notus/advisories/sha256sums'
OSPD[1301] 2023-02-20 14:49:44,442: DEBUG: (gnupg) Handling detached verification
OSPD[1301] 2023-02-20 14:49:44,444: DEBUG: (gnupg) Wrote to temp file: b'-----BEGIN PGP SIGNATURE-----\n\niQIzBAABCgAdFiEEiuS+QptgpZsxHC5zmCP6pg7R5YAFAmPu/FsACgkQmCP6pg7R\n5YCdbw//SOhRR9mGLseG1aOfjc819xBF05IVXZkSYGuy3DWsK76+nOTtx4SzKhuS\nApr+Q5domPDF+EyZQhoWmWq4/BWQ4iJMc+j5w6Ia7Ifl/LhhQx9sLdR8B3OdaObb\nxplXaOg4TOUE9elbqlukKh5KvwbQE2EI/rP5qPHLK0ofDwM6O4UNzDW0oZUn5hMO\ngXjn9TlMq727H5sPz/5ZyitlF2pxRuIGQwD1IVbnrrsUPGuo8TR1GL4FBSoW8blV\n7eIk/NCCH89WAGCf32et0uL7eGpqLd6NNKW2JWlS88icvfgIpUcNZMuZuddEybSw\nGDH4EdnXo+xUONgCv6ao+bn3ZtGmhQ4dp2lySRTBgk0eEqZuiH+qyTrwtU6fC7NO\nmL7zTDRR/mt6DucKwfDhs9GXwSrKi6260n1hrw3tlJOHTcZKZemZ67dOZ6OM05Fy\nxoZ45Wr5iOI8ORTE0ooHFS1wx/PJKF+7XtpGlo5Vret9kDYiwg3ABjnkdJGI9ji0\nY+BfSBh5FdnV2eQvx5sIn+Lfte4XwMXuw2gjkE1zkn0opIIxxoBLpoiVVJERnhyg\nv/tOMS/b5e6p+g5yBypwVhNdhbksDBR1vKpHR+5i4pyiE0vHg5CcQa0O8WeCzizk\n592mJow2kZAUPjOgr54R49abC6soT045AuFS8yp3Dz5RddepPNY=\n=q8u+\n-----END PGP SIGNATURE-----\n'
OSPD[1301] 2023-02-20 14:49:44,446: DEBUG: (gnupg) 1349: gpg --status-fd 2 --no-tty --no-verbose --fixed-list-mode --batch --with-colons --homedir /etc/openvas/gnupg --verify /tmp/pygpgtronydgn /var/lib/notus/advisories/sha256sums
OSPD[1301] 2023-02-20 14:49:44,446: DEBUG: (gnupg) stderr reader: <Thread(Thread-7 (_read_response), initial daemon)>
OSPD[1301] 2023-02-20 14:49:44,447: DEBUG: (gnupg) stdout reader: <Thread(Thread-8 (_read_data), initial daemon)>
OSPD[1301] 2023-02-20 14:49:44,452: DEBUG: (gnupg) gpg: WARNING: unsafe permissions on homedir '/etc/openvas/gnupg'
OSPD[1301] 2023-02-20 14:49:44,452: DEBUG: (gnupg) [GNUPG:] NEWSIG
OSPD[1301] 2023-02-20 14:49:44,453: DEBUG: (gnupg) message ignored: NEWSIG, 
OSPD[1301] 2023-02-20 14:49:44,453: DEBUG: (gnupg) gpg: Signature made Fri 17 Feb 2023 04:02:35 AM UTC
OSPD[1301] 2023-02-20 14:49:44,454: DEBUG: (gnupg) gpg:                using RSA key 8AE4BE429B60A59B311C2E739823FAA60ED1E580
OSPD[1301] 2023-02-20 14:49:44,454: DEBUG: (gnupg) [GNUPG:] KEY_CONSIDERED 8AE4BE429B60A59B311C2E739823FAA60ED1E580 0
OSPD[1301] 2023-02-20 14:49:44,454: DEBUG: (gnupg) message ignored: KEY_CONSIDERED, 8AE4BE429B60A59B311C2E739823FAA60ED1E580 0
OSPD[1301] 2023-02-20 14:49:44,455: DEBUG: (gnupg) [GNUPG:] SIG_ID wuE5T9sJvD4lXnWwfGV1khdhdGA 2023-02-17 1676606555
OSPD[1301] 2023-02-20 14:49:44,455: DEBUG: (gnupg) [GNUPG:] KEY_CONSIDERED 8AE4BE429B60A59B311C2E739823FAA60ED1E580 0
OSPD[1301] 2023-02-20 14:49:44,455: DEBUG: (gnupg) message ignored: KEY_CONSIDERED, 8AE4BE429B60A59B311C2E739823FAA60ED1E580 0
OSPD[1301] 2023-02-20 14:49:44,455: DEBUG: (gnupg) [GNUPG:] GOODSIG 9823FAA60ED1E580 Greenbone Community Feed integrity key
OSPD[1301] 2023-02-20 14:49:44,455: DEBUG: (gnupg) gpg: Good signature from "Greenbone Community Feed integrity key" [ultimate]
OSPD[1301] 2023-02-20 14:49:44,456: DEBUG: (gnupg) [GNUPG:] VALIDSIG 8AE4BE429B60A59B311C2E739823FAA60ED1E580 2023-02-17 1676606555 0 4 0 1 10 00 8AE4BE429B60A59B311C2E739823FAA60ED1E580
OSPD[1301] 2023-02-20 14:49:44,456: DEBUG: (gnupg) [GNUPG:] KEY_CONSIDERED 8AE4BE429B60A59B311C2E739823FAA60ED1E580 0
OSPD[1301] 2023-02-20 14:49:44,456: DEBUG: (gnupg) message ignored: KEY_CONSIDERED, 8AE4BE429B60A59B311C2E739823FAA60ED1E580 0
OSPD[1301] 2023-02-20 14:49:44,456: DEBUG: (gnupg) [GNUPG:] TRUST_ULTIMATE 0 pgp
OSPD[1301] 2023-02-20 14:49:45,016: DEBUG: (ospd_openvas.lock) Removed lock from file /run/ospd/feed-update.lock.
OSPD[1301] 2023-02-20 14:49:45,053: DEBUG: (ospd.main) Performing exit clean up
OSPD[1301] 2023-02-20 14:49:45,053: DEBUG: (ospd.ospd) All scans stopped and daemon clean and ready to exit
OSPD[1301] 2023-02-20 14:49:45,053: INFO: (ospd.main) Shutting-down server ...
OSPD[1301] 2023-02-20 14:49:45,058: DEBUG: (ospd.main) Finishing daemon process

It cycles through this process over and over.

journalctl -u ospd-openvas shows:

Feb 20 14:53:13 kali-raspberry-pi systemd[1]: Starting ospd-openvas.service - OSPd Wrapper for the OpenVAS Scanner (ospd-openvas)...
Feb 20 14:53:14 kali-raspberry-pi systemd[1]: Started ospd-openvas.service - OSPd Wrapper for the OpenVAS Scanner (ospd-openvas).
Feb 20 14:53:25 kali-raspberry-pi ospd-openvas[1494]: Traceback (most recent call last):
Feb 20 14:53:25 kali-raspberry-pi ospd-openvas[1494]:   File "/usr/lib/python3/dist-packages/redis/client.py", line 1950, in _execute_transaction
Feb 20 14:53:25 kali-raspberry-pi ospd-openvas[1494]:     response = self.parse_response(connection, "_")
Feb 20 14:53:25 kali-raspberry-pi ospd-openvas[1494]:                ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
Feb 20 14:53:25 kali-raspberry-pi ospd-openvas[1494]:   File "/usr/lib/python3/dist-packages/redis/client.py", line 2018, in parse_response
Feb 20 14:53:25 kali-raspberry-pi ospd-openvas[1494]:     result = Redis.parse_response(self, connection, command_name, **options)
Feb 20 14:53:25 kali-raspberry-pi ospd-openvas[1494]:              ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
Feb 20 14:53:25 kali-raspberry-pi ospd-openvas[1494]:   File "/usr/lib/python3/dist-packages/redis/client.py", line 1254, in parse_response
Feb 20 14:53:25 kali-raspberry-pi ospd-openvas[1494]:     response = connection.read_response()
Feb 20 14:53:25 kali-raspberry-pi ospd-openvas[1494]:                ^^^^^^^^^^^^^^^^^^^^^^^^^^
Feb 20 14:53:25 kali-raspberry-pi ospd-openvas[1494]:   File "/usr/lib/python3/dist-packages/redis/connection.py", line 839, in read_response
Feb 20 14:53:25 kali-raspberry-pi ospd-openvas[1494]:     raise response
Feb 20 14:53:25 kali-raspberry-pi ospd-openvas[1494]: redis.exceptions.ExecAbortError: Transaction discarded because of previous errors.
Feb 20 14:53:25 kali-raspberry-pi ospd-openvas[1494]: During handling of the above exception, another exception occurred:
Feb 20 14:53:25 kali-raspberry-pi ospd-openvas[1494]: Traceback (most recent call last):
Feb 20 14:53:25 kali-raspberry-pi ospd-openvas[1494]:   File "/usr/bin/ospd-openvas", line 8, in <module>
Feb 20 14:53:25 kali-raspberry-pi ospd-openvas[1494]:     sys.exit(main())
Feb 20 14:53:25 kali-raspberry-pi ospd-openvas[1494]:              ^^^^^^
Feb 20 14:53:25 kali-raspberry-pi ospd-openvas[1494]:   File "/usr/lib/python3/dist-packages/ospd_openvas/daemon.py", line 1268, in main
Feb 20 14:53:25 kali-raspberry-pi ospd-openvas[1494]:     daemon_main('OSPD - openvas', OSPDopenvas, NotusParser())
Feb 20 14:53:25 kali-raspberry-pi ospd-openvas[1494]:   File "/usr/lib/python3/dist-packages/ospd/main.py", line 164, in main
Feb 20 14:53:25 kali-raspberry-pi ospd-openvas[1494]:     daemon.init(server)
Feb 20 14:53:25 kali-raspberry-pi ospd-openvas[1494]:   File "/usr/lib/python3/dist-packages/ospd_openvas/daemon.py", line 549, in init
Feb 20 14:53:25 kali-raspberry-pi ospd-openvas[1494]:     self.update_vts()
Feb 20 14:53:25 kali-raspberry-pi ospd-openvas[1494]:   File "/usr/lib/python3/dist-packages/ospd_openvas/daemon.py", line 674, in update_vts
Feb 20 14:53:25 kali-raspberry-pi ospd-openvas[1494]:     self.notus.reload_cache()
Feb 20 14:53:25 kali-raspberry-pi ospd-openvas[1494]:   File "/usr/lib/python3/dist-packages/ospd_openvas/notus.py", line 156, in reload_cache
Feb 20 14:53:25 kali-raspberry-pi ospd-openvas[1494]:     self.cache.store_advisory(advisory["oid"], res)
Feb 20 14:53:25 kali-raspberry-pi ospd-openvas[1494]:   File "/usr/lib/python3/dist-packages/ospd_openvas/notus.py", line 86, in store_advisory
Feb 20 14:53:25 kali-raspberry-pi ospd-openvas[1494]:     return OpenvasDB.set_single_item(
Feb 20 14:53:25 kali-raspberry-pi ospd-openvas[1494]:            ^^^^^^^^^^^^^^^^^^^^^^^^^^
Feb 20 14:53:25 kali-raspberry-pi ospd-openvas[1494]:   File "/usr/lib/python3/dist-packages/ospd_openvas/db.py", line 345, in set_single_item
Feb 20 14:53:25 kali-raspberry-pi ospd-openvas[1494]:     pipe.execute()
Feb 20 14:53:25 kali-raspberry-pi ospd-openvas[1494]:   File "/usr/lib/python3/dist-packages/redis/client.py", line 2078, in execute
Feb 20 14:53:25 kali-raspberry-pi ospd-openvas[1494]:     return conn.retry.call_with_retry(
Feb 20 14:53:25 kali-raspberry-pi ospd-openvas[1494]:            ^^^^^^^^^^^^^^^^^^^^^^^^^^^
Feb 20 14:53:25 kali-raspberry-pi ospd-openvas[1494]:   File "/usr/lib/python3/dist-packages/redis/retry.py", line 46, in call_with_retry
Feb 20 14:53:25 kali-raspberry-pi ospd-openvas[1494]:     return do()
Feb 20 14:53:25 kali-raspberry-pi ospd-openvas[1494]:            ^^^^
Feb 20 14:53:25 kali-raspberry-pi ospd-openvas[1494]:   File "/usr/lib/python3/dist-packages/redis/client.py", line 2079, in <lambda>
Feb 20 14:53:25 kali-raspberry-pi ospd-openvas[1494]:     lambda: execute(conn, stack, raise_on_error),
Feb 20 14:53:25 kali-raspberry-pi ospd-openvas[1494]:             ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
Feb 20 14:53:25 kali-raspberry-pi ospd-openvas[1494]:   File "/usr/lib/python3/dist-packages/redis/client.py", line 1953, in _execute_transaction
Feb 20 14:53:25 kali-raspberry-pi ospd-openvas[1494]:     raise errors[0][1]
Feb 20 14:53:25 kali-raspberry-pi ospd-openvas[1494]:   File "/usr/lib/python3/dist-packages/redis/client.py", line 1943, in _execute_transaction
Feb 20 14:53:25 kali-raspberry-pi ospd-openvas[1494]:     self.parse_response(connection, "_")
Feb 20 14:53:25 kali-raspberry-pi ospd-openvas[1494]:   File "/usr/lib/python3/dist-packages/redis/client.py", line 2018, in parse_response
Feb 20 14:53:25 kali-raspberry-pi ospd-openvas[1494]:     result = Redis.parse_response(self, connection, command_name, **options)
Feb 20 14:53:25 kali-raspberry-pi ospd-openvas[1494]:              ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
Feb 20 14:53:25 kali-raspberry-pi ospd-openvas[1494]:   File "/usr/lib/python3/dist-packages/redis/client.py", line 1254, in parse_response
Feb 20 14:53:25 kali-raspberry-pi ospd-openvas[1494]:     response = connection.read_response()
Feb 20 14:53:25 kali-raspberry-pi ospd-openvas[1494]:                ^^^^^^^^^^^^^^^^^^^^^^^^^^
Feb 20 14:53:25 kali-raspberry-pi ospd-openvas[1494]:   File "/usr/lib/python3/dist-packages/redis/connection.py", line 839, in read_response
Feb 20 14:53:25 kali-raspberry-pi ospd-openvas[1494]:     raise response
Feb 20 14:53:25 kali-raspberry-pi ospd-openvas[1494]: redis.exceptions.ResponseError: Command # 1 (DEL internal/notus/advisories/1.3.6.1.4.1.25623.1.1.4.2012.0033.1>
Feb 20 14:53:26 kali-raspberry-pi ospd-openvas[1494]: Exception ignored in atexit callback: <function exit_cleanup at 0xb37a9528>
Feb 20 14:53:26 kali-raspberry-pi ospd-openvas[1494]: Traceback (most recent call last):
Feb 20 14:53:26 kali-raspberry-pi ospd-openvas[1494]:   File "/usr/lib/python3/dist-packages/ospd/main.py", line 86, in exit_cleanup
Feb 20 14:53:26 kali-raspberry-pi ospd-openvas[1494]:     sys.exit()
Feb 20 14:53:26 kali-raspberry-pi ospd-openvas[1494]: SystemExit:
Feb 20 14:53:26 kali-raspberry-pi systemd[1]: ospd-openvas.service: Main process exited, code=exited, status=1/FAILURE
Feb 20 14:53:26 kali-raspberry-pi systemd[1]: ospd-openvas.service: Failed with result 'exit-code'.

It looked like a reboot was going to solve this. Rebooted, ran gvm-start and it looked like it was syncing for a bit:

913:M 20 Feb 2023 15:32:44.526 - DB 0: 1 keys (0 volatile) in 4 slots HT.
913:M 20 Feb 2023 15:32:44.526 - DB 1: 8522 keys (0 volatile) in 16384 slots HT.
913:M 20 Feb 2023 15:32:44.526 - DB 2: 11381 keys (0 volatile) in 16384 slots HT.
913:M 20 Feb 2023 15:32:44.527 . 2 clients connected (0 replicas), 33649616 bytes in use
913:M 20 Feb 2023 15:32:49.552 - DB 0: 1 keys (0 volatile) in 4 slots HT.
913:M 20 Feb 2023 15:32:49.553 - DB 1: 8522 keys (0 volatile) in 16384 slots HT.
913:M 20 Feb 2023 15:32:49.553 - DB 2: 17474 keys (0 volatile) in 49152 slots HT.
913:M 20 Feb 2023 15:32:49.554 . 2 clients connected (0 replicas), 46681208 bytes in use
913:M 20 Feb 2023 15:32:54.583 - DB 0: 1 keys (0 volatile) in 4 slots HT.
913:M 20 Feb 2023 15:32:54.583 - DB 1: 8522 keys (0 volatile) in 16384 slots HT.
913:M 20 Feb 2023 15:32:54.583 - DB 2: 23667 keys (0 volatile) in 32768 slots HT.
913:M 20 Feb 2023 15:32:54.583 . 2 clients connected (0 replicas), 59750192 bytes in use
913:M 20 Feb 2023 15:32:59.605 - DB 0: 1 keys (0 volatile) in 4 slots HT.
913:M 20 Feb 2023 15:32:59.605 - DB 1: 8522 keys (0 volatile) in 16384 slots HT.
913:M 20 Feb 2023 15:32:59.605 - DB 2: 32037 keys (0 volatile) in 32768 slots HT.

But eventually, I’m in the same spot. ospd-openvas crashes over and over:

Feb 20 15:26:22 kali-raspberry-pi ospd-openvas[1323]: redis.exceptions.ResponseError: Command # 1 (DEL internal/notus/advisories/1.3.6.1.4.1.25623.1.1.4.2012.0033.1) of pipeline caused error: MISCONF Redis is configured to save RDB snapshots, but it's currently unable to persist to disk. Commands that may modify the data set are disabled, because this instance is configured to report errors during writes if RDB snapshotting fails (stop-writes-on-bgsave-error option). Please check the Redis logs for details about the RDB error.

I had enabled verbose logging for redis, but it didn’t provide any valuable information regarding what was happening. So I enabled debug logging for redis and rebooted again. No love unfortunately.

ospd-openvas.log

OSPD[926] 2023-02-20 15:32:38,098: DEBUG: (gnupg) [GNUPG:] VALIDSIG 8AE4BE429B60A59B311C2E739823FAA60ED1E580 2023-02-20 1676865761 0 4 0 1 10 00 8AE4BE429B60A59B311C2E739823FAA60ED1E580
OSPD[926] 2023-02-20 15:32:38,099: DEBUG: (gnupg) [GNUPG:] KEY_CONSIDERED 8AE4BE429B60A59B311C2E739823FAA60ED1E580 0
OSPD[926] 2023-02-20 15:32:38,099: DEBUG: (gnupg) message ignored: KEY_CONSIDERED, 8AE4BE429B60A59B311C2E739823FAA60ED1E580 0
OSPD[926] 2023-02-20 15:32:38,100: DEBUG: (gnupg) [GNUPG:] TRUST_ULTIMATE 0 pgp
OSPD[926] 2023-02-20 15:33:00,013: DEBUG: (ospd_openvas.openvas) Loading VTs into Redis DB...
OSPD[926] 2023-02-20 15:33:22,828: DEBUG: (paho.mqtt.client) Sending PINGREQ
OSPD[926] 2023-02-20 15:33:22,829: DEBUG: (paho.mqtt.client) Received PINGRESP
OSPD[926] 2023-02-20 15:34:22,896: DEBUG: (paho.mqtt.client) Sending PINGREQ
OSPD[926] 2023-02-20 15:34:22,897: DEBUG: (paho.mqtt.client) Received PINGRESP
OSPD[926] 2023-02-20 15:35:22,966: DEBUG: (paho.mqtt.client) Sending PINGREQ
OSPD[926] 2023-02-20 15:35:22,967: DEBUG: (paho.mqtt.client) Received PINGRESP
OSPD[926] 2023-02-20 15:36:23,034: DEBUG: (paho.mqtt.client) Sending PINGREQ
OSPD[926] 2023-02-20 15:36:23,035: DEBUG: (paho.mqtt.client) Received PINGRESP
OSPD[926] 2023-02-20 15:36:35,048: DEBUG: (ospd_openvas.openvas) Finished loading VTs into Redis DB
OSPD[926] 2023-02-20 15:36:35,049: INFO: (ospd_openvas.daemon) VTs were up to date. Feed version is 0.
OSPD[926] 2023-02-20 15:36:35,050: DEBUG: (ospd_openvas.daemon) Calculating vts integrity check hash...
OSPD[926] 2023-02-20 15:36:55,561: DEBUG: (ospd_openvas.lock) Removed lock from file /run/ospd/feed-update.lock.
OSPD[926] 2023-02-20 15:37:05,563: DEBUG: (ospd_openvas.daemon) Current feed version: 0
OSPD[926] 2023-02-20 15:37:05,564: DEBUG: (ospd_openvas.daemon) Plugin feed version: 202302201018
OSPD[926] 2023-02-20 15:37:05,565: DEBUG: (ospd_openvas.lock) Created lock file /run/ospd/feed-update.lock.
OSPD[926] 2023-02-20 15:37:05,565: INFO: (ospd_openvas.daemon) Loading VTs. Scans will be [requested|queued] until VTs are loaded. This may take a few minutes, please wait...
OSPD[926] 2023-02-20 15:37:06,372: DEBUG: (ospd_openvas.lock) Removed lock from file /run/ospd/feed-update.lock.
OSPD[926] 2023-02-20 15:37:12,326: DEBUG: (ospd.main) Performing exit clean up
OSPD[926] 2023-02-20 15:37:12,326: DEBUG: (ospd.ospd) All scans stopped and daemon clean and ready to exit
OSPD[926] 2023-02-20 15:37:12,327: INFO: (ospd.main) Shutting-down server ...
OSPD[926] 2023-02-20 15:37:12,584: DEBUG: (ospd.main) Finishing daemon process

journalctl

Feb 20 15:32:19 kali-raspberry-pi systemd[1]: Starting ospd-openvas.service - OSPd Wrapper for the OpenVAS Scanner (ospd-openvas)...
Feb 20 15:32:22 kali-raspberry-pi systemd[1]: Started ospd-openvas.service - OSPd Wrapper for the OpenVAS Scanner (ospd-openvas).
Feb 20 15:37:06 kali-raspberry-pi ospd-openvas[948]: Traceback (most recent call last):
Feb 20 15:37:11 kali-raspberry-pi ospd-openvas[948]:   File "/usr/lib/python3/dist-packages/redis/client.py", line 1950, in _execute_transaction
Feb 20 15:37:11 kali-raspberry-pi ospd-openvas[948]:     response = self.parse_response(connection, "_")
Feb 20 15:37:11 kali-raspberry-pi ospd-openvas[948]:                ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
Feb 20 15:37:11 kali-raspberry-pi ospd-openvas[948]:   File "/usr/lib/python3/dist-packages/redis/client.py", line 2018, in parse_response
Feb 20 15:37:11 kali-raspberry-pi ospd-openvas[948]:     result = Redis.parse_response(self, connection, command_name, **options)
Feb 20 15:37:11 kali-raspberry-pi ospd-openvas[948]:              ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
Feb 20 15:37:11 kali-raspberry-pi ospd-openvas[948]:   File "/usr/lib/python3/dist-packages/redis/client.py", line 1254, in parse_response
Feb 20 15:37:11 kali-raspberry-pi ospd-openvas[948]:     response = connection.read_response()
Feb 20 15:37:11 kali-raspberry-pi ospd-openvas[948]:                ^^^^^^^^^^^^^^^^^^^^^^^^^^
Feb 20 15:37:11 kali-raspberry-pi ospd-openvas[948]:   File "/usr/lib/python3/dist-packages/redis/connection.py", line 839, in read_response
Feb 20 15:37:11 kali-raspberry-pi ospd-openvas[948]:     raise response
Feb 20 15:37:11 kali-raspberry-pi ospd-openvas[948]: redis.exceptions.ExecAbortError: Transaction discarded because of previous errors.
Feb 20 15:37:11 kali-raspberry-pi ospd-openvas[948]: During handling of the above exception, another exception occurred:
Feb 20 15:37:11 kali-raspberry-pi ospd-openvas[948]: Traceback (most recent call last):
Feb 20 15:37:11 kali-raspberry-pi ospd-openvas[948]:   File "/usr/bin/ospd-openvas", line 8, in <module>
Feb 20 15:37:11 kali-raspberry-pi ospd-openvas[948]:     sys.exit(main())
Feb 20 15:37:11 kali-raspberry-pi ospd-openvas[948]:              ^^^^^^
Feb 20 15:37:11 kali-raspberry-pi ospd-openvas[948]:   File "/usr/lib/python3/dist-packages/ospd_openvas/daemon.py", line 1268, in main
Feb 20 15:37:11 kali-raspberry-pi ospd-openvas[948]:     daemon_main('OSPD - openvas', OSPDopenvas, NotusParser())
Feb 20 15:37:11 kali-raspberry-pi ospd-openvas[948]:   File "/usr/lib/python3/dist-packages/ospd/main.py", line 165, in main
Feb 20 15:37:12 kali-raspberry-pi ospd-openvas[948]:     daemon.run()
Feb 20 15:37:12 kali-raspberry-pi ospd-openvas[948]:   File "/usr/lib/python3/dist-packages/ospd/ospd.py", line 1115, in run
Feb 20 15:37:12 kali-raspberry-pi ospd-openvas[948]:     self.scheduler()
Feb 20 15:37:12 kali-raspberry-pi ospd-openvas[948]:   File "/usr/lib/python3/dist-packages/ospd_openvas/daemon.py", line 725, in scheduler
Feb 20 15:37:12 kali-raspberry-pi ospd-openvas[948]:     self.check_feed()
Feb 20 15:37:12 kali-raspberry-pi ospd-openvas[948]:   File "/usr/lib/python3/dist-packages/ospd_openvas/daemon.py", line 707, in check_feed
Feb 20 15:37:12 kali-raspberry-pi ospd-openvas[948]:     self.update_vts()
Feb 20 15:37:12 kali-raspberry-pi ospd-openvas[948]:   File "/usr/lib/python3/dist-packages/ospd_openvas/daemon.py", line 674, in update_vts
Feb 20 15:37:12 kali-raspberry-pi ospd-openvas[948]:     self.notus.reload_cache()
Feb 20 15:37:12 kali-raspberry-pi ospd-openvas[948]:   File "/usr/lib/python3/dist-packages/ospd_openvas/notus.py", line 156, in reload_cache
Feb 20 15:37:12 kali-raspberry-pi ospd-openvas[948]:     self.cache.store_advisory(advisory["oid"], res)
Feb 20 15:37:12 kali-raspberry-pi ospd-openvas[948]:   File "/usr/lib/python3/dist-packages/ospd_openvas/notus.py", line 86, in store_advisory
Feb 20 15:37:12 kali-raspberry-pi ospd-openvas[948]:     return OpenvasDB.set_single_item(
Feb 20 15:37:12 kali-raspberry-pi ospd-openvas[948]:            ^^^^^^^^^^^^^^^^^^^^^^^^^^
Feb 20 15:37:12 kali-raspberry-pi ospd-openvas[948]:   File "/usr/lib/python3/dist-packages/ospd_openvas/db.py", line 345, in set_single_item
Feb 20 15:37:12 kali-raspberry-pi ospd-openvas[948]:     pipe.execute()
Feb 20 15:37:12 kali-raspberry-pi ospd-openvas[948]:   File "/usr/lib/python3/dist-packages/redis/client.py", line 2078, in execute
Feb 20 15:37:12 kali-raspberry-pi ospd-openvas[948]:     return conn.retry.call_with_retry(
Feb 20 15:37:12 kali-raspberry-pi ospd-openvas[948]:            ^^^^^^^^^^^^^^^^^^^^^^^^^^^
Feb 20 15:37:12 kali-raspberry-pi ospd-openvas[948]:   File "/usr/lib/python3/dist-packages/redis/retry.py", line 46, in call_with_retry
Feb 20 15:37:12 kali-raspberry-pi ospd-openvas[948]:     return do()
Feb 20 15:37:12 kali-raspberry-pi ospd-openvas[948]:            ^^^^
Feb 20 15:37:12 kali-raspberry-pi ospd-openvas[948]:   File "/usr/lib/python3/dist-packages/redis/client.py", line 2079, in <lambda>
Feb 20 15:37:12 kali-raspberry-pi ospd-openvas[948]:     lambda: execute(conn, stack, raise_on_error),
Feb 20 15:37:12 kali-raspberry-pi ospd-openvas[948]:             ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
Feb 20 15:37:12 kali-raspberry-pi ospd-openvas[948]:   File "/usr/lib/python3/dist-packages/redis/client.py", line 1953, in _execute_transaction
Feb 20 15:37:12 kali-raspberry-pi ospd-openvas[948]:     raise errors[0][1]
Feb 20 15:37:12 kali-raspberry-pi ospd-openvas[948]:   File "/usr/lib/python3/dist-packages/redis/client.py", line 1943, in _execute_transaction
Feb 20 15:37:12 kali-raspberry-pi ospd-openvas[948]:     self.parse_response(connection, "_")
Feb 20 15:37:12 kali-raspberry-pi ospd-openvas[948]:   File "/usr/lib/python3/dist-packages/redis/client.py", line 2018, in parse_response
Feb 20 15:37:12 kali-raspberry-pi ospd-openvas[948]:     result = Redis.parse_response(self, connection, command_name, **options)
Feb 20 15:37:12 kali-raspberry-pi ospd-openvas[948]:              ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
Feb 20 15:37:12 kali-raspberry-pi ospd-openvas[948]:   File "/usr/lib/python3/dist-packages/redis/client.py", line 1254, in parse_response
Feb 20 15:37:12 kali-raspberry-pi ospd-openvas[948]:     response = connection.read_response()
Feb 20 15:37:12 kali-raspberry-pi ospd-openvas[948]:                ^^^^^^^^^^^^^^^^^^^^^^^^^^
Feb 20 15:37:12 kali-raspberry-pi ospd-openvas[948]:   File "/usr/lib/python3/dist-packages/redis/connection.py", line 839, in read_response
Feb 20 15:37:12 kali-raspberry-pi ospd-openvas[948]:     raise response
Feb 20 15:37:12 kali-raspberry-pi ospd-openvas[948]: redis.exceptions.ResponseError: Command # 1 (DEL internal/notus/advisories/1.3.6.1.4.1.25623.1.1.4.2012.0033.1) of pipeline caused error: MISCONF Redis is configured to save RDB snapshots, but it's currently unable to persist to disk. Commands that may modify the data set are disabled, because this instance is configured to report errors during writes if RDB snapshotting fails (stop-writes-on-bgsave-error option). Please check the Redis logs for details about the RDB error.
Feb 20 15:37:12 kali-raspberry-pi ospd-openvas[948]: Exception ignored in atexit callback: <function exit_cleanup at 0xb3839528>
Feb 20 15:37:12 kali-raspberry-pi ospd-openvas[948]: Traceback (most recent call last):
Feb 20 15:37:12 kali-raspberry-pi ospd-openvas[948]:   File "/usr/lib/python3/dist-packages/ospd/main.py", line 86, in exit_cleanup
Feb 20 15:37:12 kali-raspberry-pi ospd-openvas[948]:     sys.exit()
Feb 20 15:37:12 kali-raspberry-pi ospd-openvas[948]: SystemExit:
Feb 20 15:37:13 kali-raspberry-pi systemd[1]: ospd-openvas.service: Main process exited, code=exited, status=1/FAILURE
Feb 20 15:37:13 kali-raspberry-pi systemd[1]: ospd-openvas.service: Failed with result 'exit-code'.
Feb 20 15:37:13 kali-raspberry-pi systemd[1]: ospd-openvas.service: Consumed 2min 27.559s CPU time.

redis

913:M 20 Feb 2023 15:36:58.458 - DB 0: 1 keys (0 volatile) in 4 slots HT.
913:M 20 Feb 2023 15:36:58.458 - DB 1: 11758 keys (0 volatile) in 16384 slots HT.
913:M 20 Feb 2023 15:36:58.458 - DB 2: 32937 keys (0 volatile) in 65536 slots HT.
913:M 20 Feb 2023 15:36:58.459 . 2 clients connected (0 replicas), 82889264 bytes in use
913:M 20 Feb 2023 15:37:01.073 * 10000 changes in 60 seconds. Saving...
913:M 20 Feb 2023 15:37:01.079 * Background saving started by pid 1185
1185:C 20 Feb 2023 15:37:01.084 - Fork CoW for RDB: current 0 MB, peak 0 MB, average 0 MB
913:M 20 Feb 2023 15:37:01.281 # Background saving terminated by signal 31
913:M 20 Feb 2023 15:37:03.498 - DB 0: 1 keys (0 volatile) in 4 slots HT.
913:M 20 Feb 2023 15:37:03.498 - DB 1: 11758 keys (0 volatile) in 16384 slots HT.
913:M 20 Feb 2023 15:37:03.499 - DB 2: 32937 keys (0 volatile) in 65536 slots HT.
913:M 20 Feb 2023 15:37:03.499 . 2 clients connected (0 replicas), 82888240 bytes in use
913:M 20 Feb 2023 15:37:07.017 * 10000 changes in 60 seconds. Saving...
913:M 20 Feb 2023 15:37:07.027 * Background saving started by pid 1188
1188:C 20 Feb 2023 15:37:07.037 - Fork CoW for RDB: current 0 MB, peak 0 MB, average 0 MB
913:M 20 Feb 2023 15:37:07.229 # Background saving terminated by signal 31
913:M 20 Feb 2023 15:37:08.542 - DB 0: 1 keys (0 volatile) in 4 slots HT.
913:M 20 Feb 2023 15:37:08.542 - DB 1: 11758 keys (0 volatile) in 16384 slots HT.
913:M 20 Feb 2023 15:37:08.543 - DB 2: 32937 keys (0 volatile) in 65536 slots HT.
913:M 20 Feb 2023 15:37:08.543 . 2 clients connected (0 replicas), 82908712 bytes in use
913:M 20 Feb 2023 15:37:13.019 - Client closed connection id=8 addr=/var/run/redis-openvas/redis-server.sock:0 laddr=/var/run/redis-openvas/redis-server.sock:0 fd=8 name= age=280 idle=7 flags=U db=1 sub=0 psub=0 ssub=0 multi=-1 qbuf=0 qbuf-free=20474 argv-mem=0 multi-mem=0 rbs=1024 rbp=0 obl=0 oll=0 omem=0 tot-mem=22144 events=r cmd=lindex user=default redir=-1 resp=2
913:M 20 Feb 2023 15:37:13.020 - Client closed connection id=9 addr=/var/run/redis-openvas/redis-server.sock:0 laddr=/var/run/redis-openvas/redis-server.sock:0 fd=7 name= age=274 idle=6 flags=U db=2 sub=0 psub=0 ssub=0 multi=-1 qbuf=0 qbuf-free=20474 argv-mem=0 multi-mem=0 rbs=1024 rbp=0 obl=0 oll=0 omem=0 tot-mem=22144 events=r cmd=exec user=default redir=-1 resp=2
913:M 20 Feb 2023 15:37:13.069 * 10000 changes in 60 seconds. Saving...
913:M 20 Feb 2023 15:37:13.074 * Background saving started by pid 1194
1194:C 20 Feb 2023 15:37:13.079 - Fork CoW for RDB: current 0 MB, peak 0 MB, average 0 MB
913:M 20 Feb 2023 15:37:13.276 # Background saving terminated by signal 31
913:M 20 Feb 2023 15:37:13.578 - DB 0: 1 keys (0 volatile) in 4 slots HT.
913:M 20 Feb 2023 15:37:13.578 - DB 1: 11758 keys (0 volatile) in 16384 slots HT.
913:M 20 Feb 2023 15:37:13.578 - DB 2: 32937 keys (0 volatile) in 65536 slots HT.
913:M 20 Feb 2023 15:37:13.578 . 0 clients connected (0 replicas), 82884368 bytes in use
913:M 20 Feb 2023 15:37:18.611 - DB 0: 1 keys (0 volatile) in 4 slots HT.
913:M 20 Feb 2023 15:37:18.611 - DB 1: 11758 keys (0 volatile) in 16384 slots HT.
913:M 20 Feb 2023 15:37:18.611 - DB 2: 32937 keys (0 volatile) in 65536 slots HT.
913:M 20 Feb 2023 15:37:18.612 . 0 clients connected (0 replicas), 82884368 bytes in use
913:M 20 Feb 2023 15:37:19.014 * 10000 changes in 60 seconds. Saving...
913:M 20 Feb 2023 15:37:19.022 * Background saving started by pid 1199
1199:C 20 Feb 2023 15:37:19.030 - Fork CoW for RDB: current 0 MB, peak 0 MB, average 0 MB
913:M 20 Feb 2023 15:37:19.224 # Background saving terminated by signal 31

From looking at the redis error, it looks like it can be caused by a lack of memory. 2gb physical w/8gb swap on this device. It’s not eating into swap, but I tried “sysctl vm.overcommit_memory=1” anyway (a suggested fix for this on several redis threads). No luck.

I’m out of ideas, short of manually compiling/installing. Any other ideas/suggestions?

Thanks,
Rob

I was able to resolve this.

I focused on the error from redis:

redis.exceptions.ResponseError: Command # 1 (DEL internal/notus/advisories/1.3.6.1.4.1.25623.1.1.4.2012.0033.1) of pipeline caused error: MISCONF Redis is configured to save RDB snapshots, but it's currently unable to persist to disk. Commands that may modify the data set are disabled, because this instance is configured to report errors during writes if RDB snapshotting fails (stop-writes-on-bgsave-error option). Please check the Redis logs for details about the RDB error.

What was suggested on a stackexchange thread, was to change the stop-writes-on-bgsave-error to = no. This is normally set to yes though (on Kali, as well as the current version of redis-openvast.conf on github). Setting it to no did allow everything to sync, but I didn’t think it was the correct move (as it seems to indicate some data could be dropped from the db).

My assumption was that there was some difference between the redis-config of Kali vs what is distributed with Greenbone, and I was correct. This commit on Github was the fix. It explicitly disables save on redis:
https://github.com/greenbone/openvas-scanner/pull/1199/commits/130a07177804262b0f0e80c72f89eccd473be132

Adding the same value (save “”) to the /etc/redis/redis-openvas.conf resolved the issue.

Step by step, to make get Greenbone to work on Kali (as of 02/20/2023):

cd /tmp
wget https://www.greenbone.net/GBCommunitySigningKey.asc
echo "8AE4BE429B60A59B311C2E739823FAA60ED1E580:6:" > /tmp/ownertrust.txt
export GNUPGHOME=/tmp/openvas-gnupg
mkdir -p $GNUPGHOME
gpg --import /tmp/GBCommunitySigningKey.asc
gpg --import-ownertrust < /tmp/ownertrust.txt
export OPENVAS_GNUPG_HOME=/etc/openvas/gnupg
sudo mkdir -p $OPENVAS_GNUPG_HOME
sudo cp -r /tmp/openvas-gnupg/* $OPENVAS_GNUPG_HOME/
sudo chown -R _gvm:_gvm $OPENVAS_GNUPG_HOME

After that, edit /etc/redis/redis-openvas.conf and around line 221, add:

save ""

The area around this will look like:

#save 900 1
#save 300 10
#save 60 10000
save ""

After these changes, reboot the machine. Run gvm-start and everything will work/sync properly.

After I did this, the logs look good and scans work properly:

OSPD[820] 2023-02-20 23:49:22,087: DEBUG: (paho.mqtt.client) Sending PINGREQ
OSPD[820] 2023-02-20 23:49:22,089: DEBUG: (paho.mqtt.client) Received PINGRESP
OSPD[820] 2023-02-20 23:49:31,869: DEBUG: (ospd_openvas.daemon) Current feed version: 202302201018
OSPD[820] 2023-02-20 23:49:31,869: DEBUG: (ospd_openvas.daemon) Plugin feed version: 202302201018
OSPD[820] 2023-02-20 23:49:41,871: DEBUG: (ospd_openvas.daemon) Current feed version: 202302201018
OSPD[820] 2023-02-20 23:49:41,871: DEBUG: (ospd_openvas.daemon) Plugin feed version: 202302201018
OSPD[820] 2023-02-20 23:49:51,873: DEBUG: (ospd_openvas.daemon) Current feed version: 202302201018
OSPD[820] 2023-02-20 23:49:51,874: DEBUG: (ospd_openvas.daemon) Plugin feed version: 202302201018
OSPD[820] 2023-02-20 23:50:01,876: DEBUG: (ospd_openvas.daemon) Current feed version: 202302201018
OSPD[820] 2023-02-20 23:50:01,877: DEBUG: (ospd_openvas.daemon) Plugin feed version: 202302201018
OSPD[820] 2023-02-20 23:50:11,878: DEBUG: (ospd_openvas.daemon) Current feed version: 202302201018
OSPD[820] 2023-02-20 23:50:11,878: DEBUG: (ospd_openvas.daemon) Plugin feed version: 202302201018
OSPD[820] 2023-02-20 23:50:21,880: DEBUG: (ospd_openvas.daemon) Current feed version: 202302201018
OSPD[820] 2023-02-20 23:50:21,880: DEBUG: (ospd_openvas.daemon) Plugin feed version: 202302201018
OSPD[820] 2023-02-20 23:50:22,158: DEBUG: (paho.mqtt.client) Sending PINGREQ
OSPD[820] 2023-02-20 23:50:22,159: DEBUG: (paho.mqtt.client) Received PINGRESP

I have submitted a bug report with Kali:
https://bugs.kali.org/view.php?id=8186

3 Likes

Thanks a lot for digging into this issue and creating a bug report at the Kali issue tracker!

3 Likes

It seems the Kali team has ironed out the issues with gnupg as well as redis and seems to currently prepare new packages for uploading to Kali and Debian. Let’s see if these uploads will solve the problem.

0008186: Greenbone ospd-openvas service does not start properly - Kali Linux Bug Tracker
I have uploaded openvas-scanner version 22.4.1-2. It fixes the issues you reported.

and:

Prepare for Release (f9c8ca8a) · Commits · Debian Security Tools Packaging Team / openvas-scanner · GitLab
openvas-scanner (22.4.1-2) unstable; urgency=medium

I received the notification from my bug report earlier this morning. Currently working to test with a fresh install of Kali (updating). I’ll confirm back here either way in the next hour or so.

1 Like

Still not solved.

Using: kali-linux-2022.4-raspberry-pi-armhf.img

┌──(kali㉿kali-raspberry-pi)-[~]
└─$ sudo apt update
sudo apt upgrade
sudo apt autoremove
sudo apt install htop gvm nsis

..snip..

Setting up greenbone-security-assistant (22.4.1-1) ...
Setting up htop (3.2.2-1) ...
Setting up nsis-common (3.08-3) ...
Setting up libmicrohttpd12:armhf (0.9.75-5) ...
Setting up gvm-tools (23.2.0-0kali1) ...
Setting up gsad (22.4.1-1) ...
gsad.service is a disabled or a static unit, not starting it.
Setting up nsis (3.08-3) ...
Setting up gvm (22.4.1) ...
Processing triggers for mailcap (3.70+nmu1) ...
Processing triggers for kali-menu (2023.1.0) ...
Processing triggers for desktop-file-utils (0.26-1) ...
Processing triggers for hicolor-icon-theme (0.17-2) ...
Processing triggers for libc-bin (2.36-8) ...
Processing triggers for man-db (2.11.2-1) ...

┌──(kali㉿kali-raspberry-pi)-[~]
└─$ sudo gvm-setup 

[>] Starting PostgreSQL service
[>] Creating GVM's certificate files

..snip..

┌──(kali㉿kali-raspberry-pi)-[/etc/openvas]
└─$ apt list | grep ospd

WARNING: apt does not have a stable CLI interface. Use with caution in scripts.

ospd-openvas/kali-rolling,now 22.4.6-0kali1 all [installed,automatic]

┌──(kali㉿kali-raspberry-pi)-[/etc/openvas]
└─$ ls -aml      
total 28
drwxr-xr-x   3 root root  4096 Feb 23 15:56 .
drwxr-xr-x 177 root root 12288 Feb 23 17:02 ..
drwxr-xr-x   2 root root  4096 Nov  3 13:49 gnupg
-rw-r--r--   1 root root   192 Nov  3 13:49 openvas.conf
-rw-r--r--   1 root root  1016 Nov  3 13:49 openvas_log.conf

┌──(kali㉿kali-raspberry-pi)-[/etc/openvas/gnupg]
└─$ ls -aml
total 8
drwxr-xr-x 2 root root 4096 Nov  3 13:49 .
drwxr-xr-x 3 root root 4096 Feb 23 15:56 ..


┌──(root㉿kali-raspberry-pi)-[/etc/redis]
└─# cat redis-openvas.conf |grep save
#   save <seconds> <changes>
#   Will save the DB if both the given number of seconds and the given
#   In the example below the behaviour will be to save:
#   Note: you can disable saving completely by commenting out all "save" lines.
#   It is also possible to remove all the previously configured save
#   points by adding a save directive with a single empty string argument
#   save ""
#save 900 1
#save 300 10
#save 60 10000
# (at least one save point) and the latest background save failed.
stop-writes-on-bgsave-error yes
# If you want to save some CPU in the saving child set it to 'no' but
# algorithms (in order to save memory), so you can tune it for speed or
# the configured save points).
# saving process (a background save or AOF log background rewriting) is
# Lists are also encoded in a special way to save a lot of space.
# order to save a lot of space. This encoding is only used when the length and


I can confirm that (as of today), doing a fresh install on a clean image works 100% (gnupg keys and Redis config are both fixed).

3 Likes