When posting you should provide information about your environment using the following template:
GVM versions
gsad: (‘21.4.5’)
gvmd:
Greenbone Vulnerability Manager 21.4.5~dev1~git-58b99303-stable
GIT revision 58b99303-stable
Manager DB revision 242
openvas-scanner:
OpenVAS 21.4.4~dev1~git-896481a9-stable
GIT revision ~git-896481a9-stable
gvm-libs 21.4.4~dev1
Environment
Operating system: Debian Buster
Kernel: Linux gvm-scanner-vlan201 4.19.0-18-amd64 #1 SMP Debian 4.19.208-1 (2021-09-29) x86_64 GNU/Linux
Installation method / source: git an compile
Hi
I’ve updated my scan environment from 20.08.2 to 21.4.5.
under 20.08.2 i’ve Configured a remote Scanner and everything works fine
after Update i could not connect to the remote scanner but everythink looks fine
Slave Side:
gvmd --version
Greenbone Vulnerability Manager 21.4.5~dev1~git-58b99303-stable
GIT revision 58b99303-stable
Manager DB revision 242
Copyright (C) 2009-2021 Greenbone Networks GmbH
License: AGPL-3.0-or-later
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.
root@gvm-scanner-vlan201:/opt/gvm# systemctl status ospd-openvas.service
● ospd-openvas.service - Job that runs the ospd-openvas daemon
Loaded: loaded (/etc/systemd/system/ospd-openvas.service; enabled; vendor preset: enabled)
Active: active (running) since Sun 2021-11-28 09:33:04 CET; 3h 54min ago
Docs: man:gvm
Main PID: 4669 (python)
Tasks: 4 (limit: 4695)
Memory: 625.7M
CGroup: /system.slice/ospd-openvas.service
├─4669 /opt/gvm/bin/ospd-scanner/bin/python /opt/gvm/bin/ospd-scanner/bin/ospd-openvas --pid-file /opt/gvm/var/run/ospd-openvas.pid --unix-socket=
└─4671 /opt/gvm/bin/ospd-scanner/bin/python /opt/gvm/bin/ospd-scanner/bin/ospd-openvas --pid-file /opt/gvm/var/run/ospd-openvas.pid --unix-socket=
Nov 28 09:33:02 gvm-scanner-vlan201 systemd[1]: Starting Job that runs the ospd-openvas daemon...
Nov 28 09:33:04 gvm-scanner-vlan201 systemd[1]: Started Job that runs the ospd-openvas daemon.
root@gvm-scanner-vlan201:/opt/gvm# systemctl status gvmd
● gvmd.service - Open Vulnerability Assessment System Manager Daemon
Loaded: loaded (/etc/systemd/system/gvmd.service; enabled; vendor preset: enabled)
Active: active (running) since Sat 2021-11-27 22:29:54 CET; 14h ago
Docs: man:gvmd(8)
https://www.greenbone.net
Main PID: 21658 (gvmd)
Tasks: 1 (limit: 4695)
Memory: 90.6M
CGroup: /system.slice/gvmd.service
└─21658 gvmd: Waiting for incoming connections
Nov 27 22:29:38 gvm-scanner-vlan201 systemd[1]: Starting Open Vulnerability Assessment System Manager Daemon...
Nov 27 22:29:38 gvm-scanner-vlan201 systemd[1]: gvmd.service: Can't open PID file /opt/gvm/var/run/gvmd.pid (yet?) after start: No such file or directory
Nov 27 22:29:54 gvm-scanner-vlan201 systemd[1]: Started Open Vulnerability Assessment System Manager Daemon.
root@gvm-scanner-vlan201:/opt/gvm# cat /etc/systemd/system/gvmd.service
[Unit]
Description=Open Vulnerability Assessment System Manager Daemon
Documentation=man:gvmd(8) https://www.greenbone.net
Wants=postgresql.service ospd-openvas.service
After=postgresql.service ospd-openvas.service
[Service]
Type=forking
User=gvm
Group=gvm
PIDFile=/opt/gvm/var/run/gvmd.pid
WorkingDirectory=/opt/gvm
#ExecStart=/opt/gvm/sbin/gvmd --osp-vt-update=/opt/gvm/var/run/ospd.sock
ExecStart=/opt/gvm/sbin/gvmd --osp-vt-update=/opt/gvm/var/run/ospd.sock --listen=0.0.0.0 --port=9391
ExecReload=/bin/kill -HUP
KillMode=mixed
Restart=on-failure
RestartSec=2min
KillMode=process
KillSignal=SIGINT
GuessMainPID=no
PrivateTmp=true
[Install]
WantedBy=multi-user.target
root@gvm-scanner-vlan201:/opt/gvm# cat /etc/systemd/system/ospd-openvas.service
[Unit]
Description=Job that runs the ospd-openvas daemon
Documentation=man:gvm
After=network.target redis-server@openvas.service
Wants=redis-server@openvas.service
[Service]
Environment=PATH=/opt/gvm/bin/ospd-scanner/bin:/opt/gvm/bin:/opt/gvm/sbin:/opt/gvm/.local/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
Type=forking
User=gvm
Group=gvm
WorkingDirectory=/opt/gvm
PIDFile=/opt/gvm/var/run/ospd-openvas.pid
ExecStart=/opt/gvm/bin/ospd-scanner/bin/python /opt/gvm/bin/ospd-scanner/bin/ospd-openvas --pid-file /opt/gvm/var/run/ospd-openvas.pid --unix-socket=/opt/gvm /var/run/ospd.sock --log-file /opt/gvm/var/log/gvm/ospd-scanner.log --lock-file-dir /opt/gvm/var/run/ospd/
Restart=on-failure
RestartSec=2min
KillMode=process
KillSignal=SIGINT
GuessMainPID=no
PrivateTmp=true
[Install]
WantedBy=multi-user.target
root@gvm-scanner-vlan201:/opt/gvm# ss -lta
State Recv-Q Send-Q Local Address:Port Peer Address:Port
LISTEN 0 1024 127.0.0.1:6788 0.0.0.0:*
LISTEN 0 1024 127.0.0.1:6789 0.0.0.0:*
LISTEN 0 511 127.0.0.1:6379 0.0.0.0:*
LISTEN 0 512 0.0.0.0:9391 0.0.0.0:*
LISTEN 0 128 0.0.0.0:sunrpc 0.0.0.0:*
LISTEN 0 128 0.0.0.0:38259 0.0.0.0:*
LISTEN 0 128 0.0.0.0:ssh 0.0.0.0:*
LISTEN 0 224 127.0.0.1:postgresql 0.0.0.0:*
LISTEN 0 20 127.0.0.1:smtp 0.0.0.0:*
LISTEN 0 128 0.0.0.0:6010 0.0.0.0:*
ESTAB 0 0 127.0.0.1:6789 127.0.0.1:47184
ESTAB 0 0 10.20.1.221:34376 10.20.2.8:8220
ESTAB 0 0 127.0.0.1:34298 127.0.0.1:6789
ESTAB 0 0 127.0.0.1:34296 127.0.0.1:6789
ESTAB 0 0 10.20.1.221:58302 10.20.2.2:9200
ESTAB 0 0 127.0.0.1:34244 127.0.0.1:6789
ESTAB 0 0 127.0.0.1:6789 127.0.0.1:34270
ESTAB 0 0 127.0.0.1:47184 127.0.0.1:6789
TIME-WAIT 0 0 10.20.1.221:53454 10.20.1.2:http
ESTAB 0 0 10.20.1.221:41372 192.168.178.252:ldap
ESTAB 0 0 10.20.1.221:58306 10.20.2.2:9200
ESTAB 0 0 127.0.0.1:6789 127.0.0.1:34244
TIME-WAIT 0 0 10.20.1.221:41152 13.227.133.83:http
ESTAB 0 0 10.20.1.221:1008 192.168.178.252:nfs
ESTAB 0 0 10.20.1.221:ssh 192.168.178.41:65334
TIME-WAIT 0 0 10.20.1.221:56760 199.232.190.132:http
ESTAB 0 0 10.20.1.221:53630 192.168.178.252:ldap
ESTAB 0 0 10.20.1.221:41990 10.20.2.2:9200
TIME-WAIT 0 0 10.20.1.221:53456 10.20.1.2:http
ESTAB 0 0 127.0.0.1:6789 127.0.0.1:34298
ESTAB 0 0 127.0.0.1:34270 127.0.0.1:6789
ESTAB 0 0 127.0.0.1:6789 127.0.0.1:34214
ESTAB 0 0 127.0.0.1:34214 127.0.0.1:6789
ESTAB 0 0 127.0.0.1:6789 127.0.0.1:34296
LISTEN 0 128 [::]:39939 [::]:*
LISTEN 0 128 [::]:sunrpc [::]:*
LISTEN 0 128 *:6556 *:*
TIME-WAIT 0 0 [::ffff:10.20.1.221]:6556 [::ffff:10.20.1.3]:37404
Master side:
root@gvm-portal:/opt/gvm# gvmd --version
Greenbone Vulnerability Manager 21.4.5~dev1~git-58b99303-stable
GIT revision 58b99303-stable
Manager DB revision 242
Copyright (C) 2009-2021 Greenbone Networks GmbH
License: AGPL-3.0-or-later
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.
root@gvm-portal:/opt/gvm# systemctl status ospd-openvas.service
● ospd-openvas.service - Job that runs the ospd-openvas daemon
Loaded: loaded (/etc/systemd/system/ospd-openvas.service; enabled; vendor preset: enabled)
Active: active (running) since Sun 2021-11-28 10:57:39 CET; 2h 34min ago
Docs: man:gvm
Main PID: 18425 (python)
Tasks: 4 (limit: 4695)
Memory: 424.4M
CGroup: /system.slice/ospd-openvas.service
├─18425 /opt/gvm/bin/ospd-scanner/bin/python /opt/gvm/bin/ospd-scanner/bin/ospd-openvas --pid-file /opt/gvm/var/run/ospd-openvas.pid --unix-socket
└─18427 /opt/gvm/bin/ospd-scanner/bin/python /opt/gvm/bin/ospd-scanner/bin/ospd-openvas --pid-file /opt/gvm/var/run/ospd-openvas.pid --unix-socket
Nov 28 10:57:36 gvm-portal systemd[1]: Starting Job that runs the ospd-openvas daemon...
Nov 28 10:57:39 gvm-portal systemd[1]: Started Job that runs the ospd-openvas daemon.
root@gvm-portal:/opt/gvm# systemctl status gvmd
● gvmd.service - Open Vulnerability Assessment System Manager Daemon
Loaded: loaded (/etc/systemd/system/gvmd.service; enabled; vendor preset: enabled)
Active: active (running) since Sun 2021-11-28 12:35:20 CET; 56min ago
Docs: man:gvmd(8)
https://www.greenbone.net
Main PID: 13532 (gvmd)
Tasks: 2 (limit: 4695)
Memory: 118.0M
CGroup: /system.slice/gvmd.service
├─10776 gpg-agent --homedir /opt/gvm/var/lib/gvm/gvmd/gnupg --use-standard-socket --daemon
└─13532 gvmd: Waiting for incoming connections
Nov 28 12:35:15 gvm-portal systemd[1]: Starting Open Vulnerability Assessment System Manager Daemon...
Nov 28 12:35:16 gvm-portal systemd[1]: gvmd.service: Can't open PID file /opt/gvm/var/run/gvmd.pid (yet?) after start: No such file or directory
Nov 28 12:35:20 gvm-portal systemd[1]: Started Open Vulnerability Assessment System Manager Daemon.
root@gvm-portal:/opt/gvm# cat /etc/systemd/system/gvmd.service
[Unit]
Description=Open Vulnerability Assessment System Manager Daemon
Documentation=man:gvmd(8) https://www.greenbone.net
Wants=postgresql.service ospd-openvas.service
After=network.target networking.service postgresql.service ospd-openvas.service
ConditionKernelCommandLine=!recovery
[Service]
Type=forking
User=gvm
Group=gvm
PIDFile=/opt/gvm/var/run/gvmd.pid
WorkingDirectory=/opt/gvm
RuntimeDirectory=gvm
RuntimeDirectoryMode=2775
Environment=PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/usr/games:/usr/local/games:/opt/gvm/bin:/opt/gvm/sbin
ExecStart=/opt/gvm/sbin/gvmd --osp-vt-update=/opt/gvm/var/run/ospd.sock --listen-group=gvm
ExecReload=/bin/kill -HUP
KillMode=mixed
Restart=on-failure
RestartSec=2min
KillMode=process
KillSignal=SIGINT
GuessMainPID=no
PrivateTmp=true
[Install]
WantedBy=multi-user.target
root@gvm-portal:/opt/gvm# cat /etc/systemd/system/ospd-openvas.service
[Unit]
Description=Job that runs the ospd-openvas daemon
Documentation=man:gvm
After=network.target redis-server@openvas.service
Wants=redis-server@openvas.service
[Service]
Environment=PATH=/opt/gvm/bin/ospd-scanner/bin:/opt/gvm/bin:/opt/gvm/sbin:/opt/gvm/.local/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
Type=forking
User=gvm
Group=gvm
WorkingDirectory=/opt/gvm
PIDFile=/opt/gvm/var/run/ospd-openvas.pid
ExecStart=/opt/gvm/bin/ospd-scanner/bin/python /opt/gvm/bin/ospd-scanner/bin/ospd-openvas --pid-file /opt/gvm/var/run/ospd-openvas.pid --unix-socket=/opt/gvm/var/run/ospd.sock --log-file /opt/gvm/var/log/gvm/ospd-scanner.log --lock-file-dir /opt/gvm/var/run/ospd/
Restart=on-failure
RestartSec=2min
KillMode=process
KillSignal=SIGINT
GuessMainPID=no
PrivateTmp=true
[Install]
WantedBy=multi-user.target
when i check “verify scanner” the in the gsa i receive : Error Service unavailable
In the Log on Master side (also GSA Installed) i see only
md manage:WARNING:2021-11-28 13h36.03 CET:5540: Could not connect to Scanner at 10.20.1.221:9391
when i perform a scan on the remote scanner i receive the following in the gvmd.log of the master :
event task:MESSAGE:2021-11-28 13h41.27 CET:10538: Status of task Discovery Systemmanagement (fad210f0-08b5-42b4-b37d-399c999994e4) has changed to Requested
event task:MESSAGE:2021-11-28 13h41.27 CET:10538: Task Discovery Systemmanagement (fad210f0-08b5-42b4-b37d-399c999994e4) has been requested to start by admin
md manage:WARNING:2021-11-28 13h41.34 CET:10552: Could not connect to Scanner at 10.20.1.221:9391
md manage:WARNING:2021-11-28 13h41.34 CET:10552: OSP start_scan 507032ec-7460-40ca-82af-94122577a13f: Could not connect to Scanner
event task:MESSAGE:2021-11-28 13h41.34 CET:10552: Status of task Discovery Systemmanagement (fad210f0-08b5-42b4-b37d-399c999994e4) has changed to Done
event task:MESSAGE:2021-11-28 13h41.34 CET:10552: Status of task Discovery Systemmanagement (fad210f0-08b5-42b4-b37d-399c999994e4) has changed to Interrupted
I’ve checked the Firewall in between. I could not see any packet witch are going from master to slave also i’ve open all Ports in between no packet
so it seems that the gvmd on master side will not send out any packet.
- What debug configuration i’ve to do so see more details in the log?
- do i something wrong during compile do i need additional compile switches
Scanning on the local scanner on the System installed gvmd and GSA works fine. (compile/sonfig is identical to the slave only different is the gvmd.service)
regards
Uli