Latest docker images + feeds but no actual scanning happening

GVM versions

gsad: (‘gsad --version’) Greenbone Security Assistant 22.04.0
gvmd: (‘gvmd --version’) Greenbone Vulnerability Manager 22.4.0~dev1 / Manager DB revision 250
openvas-scanner: (‘openvas --version’) OpenVAS 22.4.1~dev1
gvm-libs: gvm-libs 22.4.1~dev1

Environment

Operating system: Ubuntu 22.04 (AWS)
Kernel: (‘uname -a’) Linux 5.15.0-1017-aws #21-Ubuntu SMP Fri Aug 5 11:10:45 UTC 2022 x86_64 x86_64 x86_64 GNU/Linux
Installation method / source: docker-compose via guide

Hi - have installed all the latest docker images/feeds from the guide - checking all logs yet the

Have tried:

• disabling apparmour
• disabling ufw
• rebooted whole server (had to manually start the ospd-openvas and notus-scanner containers post reboot…)
• assume alive is on
• tried diff ports (top 100)

same issue - doesn’t appear to actually DO the scanning… no errors - only see info about the target no actual SSLs/ports/CVEs etc

I cannot see the notus-scanner docker actually DO anything during a scan - I’ve setup a scan of a single server that has vulnerabilities picked up on the old OpenVAS server (which has the “out of date engine” message hence new server) - still nothing - below are the logs

Log from the command docker-compose -f $DOWNLOAD_DIR/docker-compose.yml -p greenbone-community-edition logs -f is:

gsa_1            | gsad  gmp:MESSAGE:2022-08-16 10h26.02 GMT:13: Authentication success for 'admin' from 172.18.0.1
gvmd_1           | md    gmp:   INFO:2022-08-16 10h26.03 UTC:5827:    Failed to parse client XML: Command Unavailable
gvmd_1           | event task:MESSAGE:2022-08-16 10h26.06 UTC:5851: Status of task SINGLESERVER (99f29c29-eda1-4f6a-8c4d-7c0547cade4b) has changed to Requested
gvmd_1           | event task:MESSAGE:2022-08-16 10h26.06 UTC:5851: Task SINGLESERVER (99f29c29-eda1-4f6a-8c4d-7c0547cade4b) has been requested to start by admin
ospd-openvas_1   | OSPD[1] 2022-08-16 10:26:33,860: INFO: (ospd.command.command) Scan cabccf17-fbb7-4946-ab90-10862b245ad4 added to the queue in position 1.
gvmd_1           | event task:MESSAGE:2022-08-16 10h26.33 UTC:5853: Status of task SINGLESERVER (99f29c29-eda1-4f6a-8c4d-7c0547cade4b) has changed to Queued
ospd-openvas_1   | OSPD[1] 2022-08-16 10:26:40,240: INFO: (ospd.ospd) Currently 1 queued scans.
ospd-openvas_1   | OSPD[1] 2022-08-16 10:26:40,402: INFO: (ospd.ospd) Starting scan cabccf17-fbb7-4946-ab90-10862b245ad4.
gvmd_1           | event task:MESSAGE:2022-08-16 10h26.43 UTC:5853: Status of task SINGLESERVER (99f29c29-eda1-4f6a-8c4d-7c0547cade4b) has changed to Running
mqtt-broker_1    | 1660645662: New connection from 172.18.0.9:41556 on port 1883.
mqtt-broker_1    | 1660645663: New client connected from 172.18.0.9:41556 as 658d0803-e294-4272-b636-cb886febba9f (p5, c1, k0).
mqtt-broker_1    | 1660645759: New connection from 172.18.0.9:41558 on port 1883.
mqtt-broker_1    | 1660645759: New client connected from 172.18.0.9:41558 as 46438a14-5267-4dcc-afc6-5df61e72be3a (p5, c1, k0).
mqtt-broker_1    | 1660645759: Client 46438a14-5267-4dcc-afc6-5df61e72be3a closed its connection.
mqtt-broker_1    | 1660645760: Client 658d0803-e294-4272-b636-cb886febba9f closed its connection.
ospd-openvas_1   | OSPD[1] 2022-08-16 10:29:21,861: INFO: (ospd.ospd) cabccf17-fbb7-4946-ab90-10862b245ad4: Host scan finished.
ospd-openvas_1   | OSPD[1] 2022-08-16 10:29:21,864: INFO: (ospd.ospd) cabccf17-fbb7-4946-ab90-10862b245ad4: Scan finished.
gvmd_1           | event task:MESSAGE:2022-08-16 10h29.25 UTC:5853: Status of task SINGLESERVER (99f29c29-eda1-4f6a-8c4d-7c0547cade4b) has changed to Done

Only issue I can see from logs is

When restarting the redis server - is that normal?

Any ideas?

Hi,

does the report contain any log results or even errors? Can you check the openvas log file via
docker-compose -f $DOWNLOAD_DIR/docker-compose.yml -p greenbone-community-edition exec ospd-openvas cat /var/log/gvm/openvas.log? Is the target host reachable from within the docker containers?

notus-scanner will only be started if the installed software of a host has been gathered via the openvas-scanner.

Hi Bricks

Nope, no errors in the report - does contain 4 “log” findings…

• Nmap (NASL wrapper) 0.0 (Log) 80 %
• OS Detection Consolidation and Reporting 0.0 (Log) 80 %
• Traceroute 0.0 (Log) 80 %
• Hostname Determination Reporting 0.0 (Log) 80 %

(redacted) Log file requested is:

sd   main:MESSAGE:2022-08-16 10h27.42 utc:5509: openvas 22.4.1~dev1 started
sd   main:MESSAGE:2022-08-16 10h27.43 utc:5509: attack_network_init: INIT MQTT: SUCCESS
sd   main:MESSAGE:2022-08-16 10h27.47 utc:5509: Vulnerability scan cabccf17-fbb7-4946-ab90-10862b245ad4 started: Target has 1 hosts: X.X.X.X, with max_hosts = 15 and max_checks = 1
libgvm boreas:MESSAGE:2022-08-16 10h27.47 utc:5509: Alive scan cabccf17-fbb7-4946-ab90-10862b245ad4 started: Target has 1 hosts
libgvm boreas:MESSAGE:2022-08-16 10h27.47 utc:5509: Alive scan cabccf17-fbb7-4946-ab90-10862b245ad4 finished in 0 seconds: 1 alive hosts of 1.
sd   main:MESSAGE:2022-08-16 10h27.48 utc:5517: Vulnerability scan cabccf17-fbb7-4946-ab90-10862b245ad4 started for host: X.X.X.X (Vhosts: X-X-X-X.eu-central-1.compute.amazonaws.com)
sd   main:MESSAGE:2022-08-16 10h29.19 utc:5517: Running LSC via Notus for X.X.X.X
sd   main:MESSAGE:2022-08-16 10h29.19 utc:5517: Vulnerability scan cabccf17-fbb7-4946-ab90-10862b245ad4 finished for host X.X.X.X in 91.86 seconds
sd   main:MESSAGE:2022-08-16 10h29.20 utc:5509: Vulnerability scan cabccf17-fbb7-4946-ab90-10862b245ad4 finished in 97 seconds: 1 alive hosts of 1

Not sure on if reachable from the docker (which one(s)?) as there’s no curl/ping/nc etc in the dockers to test with - can reach from main OS ok

Installed nmap on the notus docker…

# apt update; apt install nmap
...
The following NEW packages will be installed:
  libblas3 liblinear4 liblua5.3-0 libpcap0.8 libssh2-1 lua-lpeg nmap nmap-common
...
# nmap X.X.X.X
Starting Nmap 7.80 ( https://nmap.org ) at 2022-08-16 12:02 UTC
Nmap scan report for X-X-X-X.eu-central-1.compute.amazonaws.com (X.X.X.X)
Host is up (0.024s latency).
Not shown: 998 filtered ports
PORT    STATE SERVICE
80/tcp  open  http
443/tcp open  https
#

@bricks - any ideas?

Just wanted to add on to this post and say I’m having the exact same issue (latest docker feeds + images, following the docker instructions, clean and fresh install of Ubuntu 22.04) and my logs nearly identical to @merlian 's.

To add a bit of info: When I run a scan from within the web client, it produces a report where it shows it saw the hosts I was attempting to scan, but 0 ports “Ports (0 of 0)”

All help would be much appreciated.

Edit: What seems to be part of the issue is that the mqtt-broker sees two new clients connect, but then both those clients close the connection immediately after. ospd-openvas then immediately says host scan finished and scan finished.

Hi,

I am not sure why no additional VTs are started by openvas-scanner. Are you using the default scan config? For debugging purposes it would be nice to

• get the output of the “OS Detection Consolidation and Reporting 0.0 (Log)” result of the report
• check the report if it contains errors in the errors tab
• change notus scanner to log debug messages by setting the NOTUS_SCANNER_LOG_FILE environment variable in the compose file to debug

For notus scanner is suspect you are affected by Fix mqtt connection by Kraemii · Pull Request #239 · greenbone/notus-scanner · GitHub but that’s just a guess.

I ended up solving my issue. I am running Ubuntu 22.04.1, when I login on the fresh install I get this update pop-up:

When I select “remind me later” instead of installing them, I am able to avoid the issue @merlian and I previously had. I also did not run the command “sudo apt upgrade” on the fresh Ubuntu (of course I did run"sudo apt update").

These were the only differences in my installation method and ended up fixing the problem. I suspect there is a conflict between OpenVAS’s ability to run and one of these updates.