gsad: (‘gsad --version’) Greenbone Security Assistant 22.04.0
gvmd: (‘gvmd --version’) Greenbone Vulnerability Manager 22.4.0~dev1 / Manager DB revision 250
openvas-scanner: (‘openvas --version’) OpenVAS 22.4.1~dev1
gvm-libs: gvm-libs 22.4.1~dev1
Operating system: Ubuntu 22.04 (AWS)
Kernel: (‘uname -a’) Linux 5.15.0-1017-aws #21-Ubuntu SMP Fri Aug 5 11:10:45 UTC 2022 x86_64 x86_64 x86_64 GNU/Linux
Installation method / source: docker-compose via guide
Hi - have installed all the latest docker images/feeds from the guide - checking all logs yet the
- disabling apparmour
- disabling ufw
- rebooted whole server (had to manually start the
notus-scanner containers post reboot…)
- assume alive is on
- tried diff ports (top 100)
same issue - doesn’t appear to actually DO the scanning… no errors - only see info about the target no actual SSLs/ports/CVEs etc
I cannot see the notus-scanner docker actually DO anything during a scan - I’ve setup a scan of a single server that has vulnerabilities picked up on the old OpenVAS server (which has the “out of date engine” message hence new server) - still nothing - below are the logs
Log from the command
docker-compose -f $DOWNLOAD_DIR/docker-compose.yml -p greenbone-community-edition logs -f is:
gsa_1 | gsad gmp:MESSAGE:2022-08-16 10h26.02 GMT:13: Authentication success for 'admin' from 172.18.0.1
gvmd_1 | md gmp: INFO:2022-08-16 10h26.03 UTC:5827: Failed to parse client XML: Command Unavailable
gvmd_1 | event task:MESSAGE:2022-08-16 10h26.06 UTC:5851: Status of task SINGLESERVER (99f29c29-eda1-4f6a-8c4d-7c0547cade4b) has changed to Requested
gvmd_1 | event task:MESSAGE:2022-08-16 10h26.06 UTC:5851: Task SINGLESERVER (99f29c29-eda1-4f6a-8c4d-7c0547cade4b) has been requested to start by admin
ospd-openvas_1 | OSPD 2022-08-16 10:26:33,860: INFO: (ospd.command.command) Scan cabccf17-fbb7-4946-ab90-10862b245ad4 added to the queue in position 1.
gvmd_1 | event task:MESSAGE:2022-08-16 10h26.33 UTC:5853: Status of task SINGLESERVER (99f29c29-eda1-4f6a-8c4d-7c0547cade4b) has changed to Queued
ospd-openvas_1 | OSPD 2022-08-16 10:26:40,240: INFO: (ospd.ospd) Currently 1 queued scans.
ospd-openvas_1 | OSPD 2022-08-16 10:26:40,402: INFO: (ospd.ospd) Starting scan cabccf17-fbb7-4946-ab90-10862b245ad4.
gvmd_1 | event task:MESSAGE:2022-08-16 10h26.43 UTC:5853: Status of task SINGLESERVER (99f29c29-eda1-4f6a-8c4d-7c0547cade4b) has changed to Running
mqtt-broker_1 | 1660645662: New connection from 172.18.0.9:41556 on port 1883.
mqtt-broker_1 | 1660645663: New client connected from 172.18.0.9:41556 as 658d0803-e294-4272-b636-cb886febba9f (p5, c1, k0).
mqtt-broker_1 | 1660645759: New connection from 172.18.0.9:41558 on port 1883.
mqtt-broker_1 | 1660645759: New client connected from 172.18.0.9:41558 as 46438a14-5267-4dcc-afc6-5df61e72be3a (p5, c1, k0).
mqtt-broker_1 | 1660645759: Client 46438a14-5267-4dcc-afc6-5df61e72be3a closed its connection.
mqtt-broker_1 | 1660645760: Client 658d0803-e294-4272-b636-cb886febba9f closed its connection.
ospd-openvas_1 | OSPD 2022-08-16 10:29:21,861: INFO: (ospd.ospd) cabccf17-fbb7-4946-ab90-10862b245ad4: Host scan finished.
ospd-openvas_1 | OSPD 2022-08-16 10:29:21,864: INFO: (ospd.ospd) cabccf17-fbb7-4946-ab90-10862b245ad4: Scan finished.
gvmd_1 | event task:MESSAGE:2022-08-16 10h29.25 UTC:5853: Status of task SINGLESERVER (99f29c29-eda1-4f6a-8c4d-7c0547cade4b) has changed to Done
Only issue I can see from logs is
When restarting the redis server - is that normal?
does the report contain any log results or even errors? Can you check the openvas log file via
docker-compose -f $DOWNLOAD_DIR/docker-compose.yml -p greenbone-community-edition exec ospd-openvas cat /var/log/gvm/openvas.log? Is the target host reachable from within the docker containers?
notus-scanner will only be started if the installed software of a host has been gathered via the
Nope, no errors in the report - does contain 4 “log” findings…
- Nmap (NASL wrapper) 0.0 (Log) 80 %
- OS Detection Consolidation and Reporting 0.0 (Log) 80 %
- Traceroute 0.0 (Log) 80 %
- Hostname Determination Reporting 0.0 (Log) 80 %
(redacted) Log file requested is:
sd main:MESSAGE:2022-08-16 10h27.42 utc:5509: openvas 22.4.1~dev1 started
sd main:MESSAGE:2022-08-16 10h27.43 utc:5509: attack_network_init: INIT MQTT: SUCCESS
sd main:MESSAGE:2022-08-16 10h27.47 utc:5509: Vulnerability scan cabccf17-fbb7-4946-ab90-10862b245ad4 started: Target has 1 hosts: X.X.X.X, with max_hosts = 15 and max_checks = 1
libgvm boreas:MESSAGE:2022-08-16 10h27.47 utc:5509: Alive scan cabccf17-fbb7-4946-ab90-10862b245ad4 started: Target has 1 hosts
libgvm boreas:MESSAGE:2022-08-16 10h27.47 utc:5509: Alive scan cabccf17-fbb7-4946-ab90-10862b245ad4 finished in 0 seconds: 1 alive hosts of 1.
sd main:MESSAGE:2022-08-16 10h27.48 utc:5517: Vulnerability scan cabccf17-fbb7-4946-ab90-10862b245ad4 started for host: X.X.X.X (Vhosts: X-X-X-X.eu-central-1.compute.amazonaws.com)
sd main:MESSAGE:2022-08-16 10h29.19 utc:5517: Running LSC via Notus for X.X.X.X
sd main:MESSAGE:2022-08-16 10h29.19 utc:5517: Vulnerability scan cabccf17-fbb7-4946-ab90-10862b245ad4 finished for host X.X.X.X in 91.86 seconds
sd main:MESSAGE:2022-08-16 10h29.20 utc:5509: Vulnerability scan cabccf17-fbb7-4946-ab90-10862b245ad4 finished in 97 seconds: 1 alive hosts of 1
Not sure on if reachable from the docker (which one(s)?) as there’s no curl/ping/nc etc in the dockers to test with - can reach from main OS ok
Installed nmap on the notus docker…
# apt update; apt install nmap
The following NEW packages will be installed:
libblas3 liblinear4 liblua5.3-0 libpcap0.8 libssh2-1 lua-lpeg nmap nmap-common
# nmap X.X.X.X
Starting Nmap 7.80 ( https://nmap.org ) at 2022-08-16 12:02 UTC
Nmap scan report for X-X-X-X.eu-central-1.compute.amazonaws.com (X.X.X.X)
Host is up (0.024s latency).
Not shown: 998 filtered ports
PORT STATE SERVICE
80/tcp open http
443/tcp open https
Just wanted to add on to this post and say I’m having the exact same issue (latest docker feeds + images, following the docker instructions, clean and fresh install of Ubuntu 22.04) and my logs nearly identical to @merlian 's.
To add a bit of info: When I run a scan from within the web client, it produces a report where it shows it saw the hosts I was attempting to scan, but 0 ports “Ports (0 of 0)”
All help would be much appreciated.
Edit: What seems to be part of the issue is that the mqtt-broker sees two new clients connect, but then both those clients close the connection immediately after. ospd-openvas then immediately says host scan finished and scan finished.
I am not sure why no additional VTs are started by openvas-scanner. Are you using the default scan config? For debugging purposes it would be nice to
- get the output of the “OS Detection Consolidation and Reporting 0.0 (Log)” result of the report
- check the report if it contains errors in the errors tab
- change notus scanner to log debug messages by setting the
NOTUS_SCANNER_LOG_FILE environment variable in the compose file to
For notus scanner is suspect you are affected by Fix mqtt connection by Kraemii · Pull Request #239 · greenbone/notus-scanner · GitHub but that’s just a guess.
I ended up solving my issue. I am running Ubuntu 22.04.1, when I login on the fresh install I get this update pop-up:
When I select “remind me later” instead of installing them, I am able to avoid the issue @merlian
and I previously had. I also did not run the command “sudo apt upgrade” on the fresh Ubuntu (of course I did run"sudo apt update").
These were the only differences in my installation method and ended up fixing the problem. I suspect there is a conflict between OpenVAS’s ability to run and one of these updates.