Operating system: Ubuntu 22.04 (AWS) Kernel: (‘uname -a’) Linux 5.15.0-1017-aws #21-Ubuntu SMP Fri Aug 5 11:10:45 UTC 2022 x86_64 x86_64 x86_64 GNU/Linux Installation method / source: docker-compose via guide
Hi - have installed all the latest docker images/feeds from the guide - checking all logs yet the
Have tried:
disabling apparmour
disabling ufw
rebooted whole server (had to manually start the ospd-openvas and notus-scanner containers post reboot…)
assume alive is on
tried diff ports (top 100)
same issue - doesn’t appear to actually DO the scanning… no errors - only see info about the target no actual SSLs/ports/CVEs etc
I cannot see the notus-scanner docker actually DO anything during a scan - I’ve setup a scan of a single server that has vulnerabilities picked up on the old OpenVAS server (which has the “out of date engine” message hence new server) - still nothing - below are the logs
Log from the command docker-compose -f $DOWNLOAD_DIR/docker-compose.yml -p greenbone-community-edition logs -f is:
gsa_1 | gsad gmp:MESSAGE:2022-08-16 10h26.02 GMT:13: Authentication success for 'admin' from 172.18.0.1
gvmd_1 | md gmp: INFO:2022-08-16 10h26.03 UTC:5827: Failed to parse client XML: Command Unavailable
gvmd_1 | event task:MESSAGE:2022-08-16 10h26.06 UTC:5851: Status of task SINGLESERVER (99f29c29-eda1-4f6a-8c4d-7c0547cade4b) has changed to Requested
gvmd_1 | event task:MESSAGE:2022-08-16 10h26.06 UTC:5851: Task SINGLESERVER (99f29c29-eda1-4f6a-8c4d-7c0547cade4b) has been requested to start by admin
ospd-openvas_1 | OSPD[1] 2022-08-16 10:26:33,860: INFO: (ospd.command.command) Scan cabccf17-fbb7-4946-ab90-10862b245ad4 added to the queue in position 1.
gvmd_1 | event task:MESSAGE:2022-08-16 10h26.33 UTC:5853: Status of task SINGLESERVER (99f29c29-eda1-4f6a-8c4d-7c0547cade4b) has changed to Queued
ospd-openvas_1 | OSPD[1] 2022-08-16 10:26:40,240: INFO: (ospd.ospd) Currently 1 queued scans.
ospd-openvas_1 | OSPD[1] 2022-08-16 10:26:40,402: INFO: (ospd.ospd) Starting scan cabccf17-fbb7-4946-ab90-10862b245ad4.
gvmd_1 | event task:MESSAGE:2022-08-16 10h26.43 UTC:5853: Status of task SINGLESERVER (99f29c29-eda1-4f6a-8c4d-7c0547cade4b) has changed to Running
mqtt-broker_1 | 1660645662: New connection from 172.18.0.9:41556 on port 1883.
mqtt-broker_1 | 1660645663: New client connected from 172.18.0.9:41556 as 658d0803-e294-4272-b636-cb886febba9f (p5, c1, k0).
mqtt-broker_1 | 1660645759: New connection from 172.18.0.9:41558 on port 1883.
mqtt-broker_1 | 1660645759: New client connected from 172.18.0.9:41558 as 46438a14-5267-4dcc-afc6-5df61e72be3a (p5, c1, k0).
mqtt-broker_1 | 1660645759: Client 46438a14-5267-4dcc-afc6-5df61e72be3a closed its connection.
mqtt-broker_1 | 1660645760: Client 658d0803-e294-4272-b636-cb886febba9f closed its connection.
ospd-openvas_1 | OSPD[1] 2022-08-16 10:29:21,861: INFO: (ospd.ospd) cabccf17-fbb7-4946-ab90-10862b245ad4: Host scan finished.
ospd-openvas_1 | OSPD[1] 2022-08-16 10:29:21,864: INFO: (ospd.ospd) cabccf17-fbb7-4946-ab90-10862b245ad4: Scan finished.
gvmd_1 | event task:MESSAGE:2022-08-16 10h29.25 UTC:5853: Status of task SINGLESERVER (99f29c29-eda1-4f6a-8c4d-7c0547cade4b) has changed to Done
Only issue I can see from logs is
When restarting the redis server - is that normal?
does the report contain any log results or even errors? Can you check the openvas log file via docker-compose -f $DOWNLOAD_DIR/docker-compose.yml -p greenbone-community-edition exec ospd-openvas cat /var/log/gvm/openvas.log? Is the target host reachable from within the docker containers?
notus-scanner will only be started if the installed software of a host has been gathered via the openvas-scanner.
# apt update; apt install nmap
...
The following NEW packages will be installed:
libblas3 liblinear4 liblua5.3-0 libpcap0.8 libssh2-1 lua-lpeg nmap nmap-common
...
# nmap X.X.X.X
Starting Nmap 7.80 ( https://nmap.org ) at 2022-08-16 12:02 UTC
Nmap scan report for X-X-X-X.eu-central-1.compute.amazonaws.com (X.X.X.X)
Host is up (0.024s latency).
Not shown: 998 filtered ports
PORT STATE SERVICE
80/tcp open http
443/tcp open https
#
Just wanted to add on to this post and say I’m having the exact same issue (latest docker feeds + images, following the docker instructions, clean and fresh install of Ubuntu 22.04) and my logs nearly identical to @merlian 's.
To add a bit of info: When I run a scan from within the web client, it produces a report where it shows it saw the hosts I was attempting to scan, but 0 ports “Ports (0 of 0)”
All help would be much appreciated.
Edit: What seems to be part of the issue is that the mqtt-broker sees two new clients connect, but then both those clients close the connection immediately after. ospd-openvas then immediately says host scan finished and scan finished.
When I select “remind me later” instead of installing them, I am able to avoid the issue @merlian and I previously had. I also did not run the command “sudo apt upgrade” on the fresh Ubuntu (of course I did run"sudo apt update").
These were the only differences in my installation method and ended up fixing the problem. I suspect there is a conflict between OpenVAS’s ability to run and one of these updates.