Notus-scanner fails / Permission denied, notus-scanner.toml

GVM versions

gsad: Greenbone Security Assistant 22.04.0
gvmd: Greenbone Vulnerability Manager 22.4.0~dev1
openvas-scanner: OpenVAS 22.4.0
gvm-libs: gvm-libs 22.4.0

Environment

Operating system: Ubuntu 20.04.4
Kernel: 5.4.0-124-generic
Installation method / source: Libellux guide at Greenbone Vulnerability Manager | Libellux

I’m having issues starting notus-scanner
PermissionError: [Errno 13] Permission denied: ‘/home/username/.config/notus-scanner.toml’
notus-scanner.service: Control process exited, code=exited, status=1/FAILURE
notus-scanner.service: Failed with result ‘exit-code’.
Failed to start Notus Scanner.

I can confirm there is no such file /home/username/.config/notus-scanner.toml - but I’ve also been unable (via searches here and elsewhere) to determine what needs to be in that .toml file so I can create it.

I should also mention that this issue was not always present. I built the machine on my home network, and it worked perfectly - I was able to scan other machines on that network. I took it into my office network, and that’s when this issue happened.

I knew there would be ramifications from the IP change - so I modified gsad.service to point to the new IP address so the web interface would work correctly and did a daemon reload. That worked without issue. Did the move somehow break notus-scanner? Or is there a resource for what needs to be in the notus-scanner.toml file?

Thanks in advance for your time and assistance!

@Renevant please provide more information from log files.

maybe configuration file is missing?

Eero

@Eero - Here’s what I show:

I agree there are config files missing - specifically, ospd.conf and notus-scanner.toml - these files don’t exist - what I don’t know is:

(a) should they have been created during installation? If so, why weren’t they?
(b) more importantly, can I just create these files? If so, what information must they contain, and what are the required permissions for each?

I’m still researching, but appreciate your guidance. I will update as necessary…

Aug 17 16:25:55 testmachine systemd[1]: ospd-openvas.service: Scheduled restart job, restart counter is at 367.
Aug 17 16:25:55 testmachine systemd[1]: Stopped OSPd Wrapper for the OpenVAS Scanner (ospd-openvas).
Aug 17 16:25:55 testmachine systemd[1]: Starting OSPd Wrapper for the OpenVAS Scanner (ospd-openvas)...
Aug 17 16:25:55 testmachine ospd-openvas[40678]: /usr/lib/python3/dist-packages/requests/__init__.py:89: RequestsDependencyWarning: urllib3 (1.26.11) or chardet (3.0.4) doesn't match a supported version!
Aug 17 16:25:55 testmachine ospd-openvas[40678]:   warnings.warn("urllib3 ({}) or chardet ({}) doesn't match a supported "
Aug 17 16:25:55 testmachine ospd-openvas[40678]: Traceback (most recent call last):
Aug 17 16:25:55 testmachine ospd-openvas[40678]:   File "/usr/local/bin/ospd-openvas", line 8, in <module>
Aug 17 16:25:55 testmachine ospd-openvas[40678]:     sys.exit(main())
Aug 17 16:25:55 testmachine ospd-openvas[40678]:   File "/usr/local/lib/python3.8/dist-packages/ospd_openvas/daemon.py", line 1255, in main
Aug 17 16:25:55 testmachine ospd-openvas[40678]:     daemon_main('OSPD - openvas', OSPDopenvas, NotusParser())
Aug 17 16:25:55 testmachine ospd-openvas[40678]:   File "/usr/local/lib/python3.8/dist-packages/ospd/main.py", line 98, in main
Aug 17 16:25:55 testmachine ospd-openvas[40678]:     args = parser.parse_arguments()
Aug 17 16:25:55 testmachine ospd-openvas[40678]:   File "/usr/local/lib/python3.8/dist-packages/ospd/parser.py", line 278, in parse_arguments
Aug 17 16:25:55 testmachine ospd-openvas[40678]:     self._set_defaults(_args.config)
Aug 17 16:25:55 testmachine ospd-openvas[40678]:   File "/usr/local/lib/python3.8/dist-packages/ospd/parser.py", line 245, in _set_defaults
Aug 17 16:25:55 testmachine ospd-openvas[40678]:     self._config = self._load_config(configfilename)
Aug 17 16:25:55 testmachine ospd-openvas[40678]:   File "/usr/local/lib/python3.8/dist-packages/ospd/parser.py", line 253, in _load_config
Aug 17 16:25:55 testmachine ospd-openvas[40678]:     if not configpath.expanduser().resolve().exists():
Aug 17 16:25:55 testmachine ospd-openvas[40678]:   File "/usr/lib/python3.8/pathlib.py", line 1407, in exists
Aug 17 16:25:55 testmachine ospd-openvas[40678]:     self.stat()
Aug 17 16:25:55 testmachine ospd-openvas[40678]:   File "/usr/lib/python3.8/pathlib.py", line 1198, in stat
Aug 17 16:25:55 testmachine ospd-openvas[40678]:     return self._accessor.stat(self)
Aug 17 16:25:55 testmachine ospd-openvas[40678]: PermissionError: [Errno 13] Permission denied: '/home/sensat0/.config/ospd.conf'
Aug 17 16:25:55 testmachine systemd[1]: ospd-openvas.service: Control process exited, code=exited, status=1/FAILURE
Aug 17 16:25:55 testmachine systemd[1]: ospd-openvas.service: Failed with result 'exit-code'.
Aug 17 16:25:55 testmachine systemd[1]: Failed to start OSPd Wrapper for the OpenVAS Scanner (ospd-openvas).
Aug 17 16:25:55 testmachine sudo[40639]: pam_unix(sudo:session): session closed for user root
Aug 17 16:26:07 testmachine sudo[40704]:  sensat0 : TTY=pts/3 ; PWD=/home/sensat0 ; USER=root ; COMMAND=/usr/bin/systemctl status notus-scanner
Aug 17 16:26:07 testmachine sudo[40704]: pam_unix(sudo:session): session opened for user root by (uid=0)
Aug 17 16:26:14 testmachine sudo[40704]: pam_unix(sudo:session): session closed for user root
Aug 17 16:26:17 testmachine sudo[40712]:  sensat0 : TTY=pts/3 ; PWD=/home/sensat0 ; USER=root ; COMMAND=/usr/bin/systemctl status notus-scanner
Aug 17 16:26:17 testmachine sudo[40712]: pam_unix(sudo:session): session opened for user root by (uid=0)
Aug 17 16:26:19 testmachine systemd[1]: notus-scanner.service: Scheduled restart job, restart counter is at 292.
Aug 17 16:26:19 testmachine systemd[1]: Stopped Notus Scanner.
Aug 17 16:26:19 testmachine systemd[1]: Starting Notus Scanner...
Aug 17 16:26:19 testmachine notus-scanner[40715]: /usr/lib/python3/dist-packages/requests/__init__.py:89: RequestsDependencyWarning: urllib3 (1.26.11) or chardet (3.0.4) doesn't match a supported version!
Aug 17 16:26:19 testmachine notus-scanner[40715]:   warnings.warn("urllib3 ({}) or chardet ({}) doesn't match a supported "
Aug 17 16:26:19 testmachine notus-scanner[40715]: Traceback (most recent call last):
Aug 17 16:26:19 testmachine notus-scanner[40715]:   File "/usr/local/bin/notus-scanner", line 8, in <module>
Aug 17 16:26:19 testmachine notus-scanner[40715]:     sys.exit(main())
Aug 17 16:26:19 testmachine notus-scanner[40715]:   File "/usr/local/lib/python3.8/dist-packages/notus/scanner/daemon.py", line 139, in main
Aug 17 16:26:19 testmachine notus-scanner[40715]:     args = parser.parse_arguments()
Aug 17 16:26:19 testmachine notus-scanner[40715]:   File "/usr/local/lib/python3.8/dist-packages/notus/scanner/cli/parser.py", line 178, in parse_arguments
Aug 17 16:26:19 testmachine notus-scanner[40715]:     self._set_defaults(known_args.config)
Aug 17 16:26:19 testmachine notus-scanner[40715]:   File "/usr/local/lib/python3.8/dist-packages/notus/scanner/cli/parser.py", line 137, in _set_defaults
Aug 17 16:26:19 testmachine notus-scanner[40715]:     config_data = self._load_config(configfilename)
Aug 17 16:26:19 testmachine notus-scanner[40715]:   File "/usr/local/lib/python3.8/dist-packages/notus/scanner/cli/parser.py", line 149, in _load_config
Aug 17 16:26:19 testmachine notus-scanner[40715]:     if path.exists():
Aug 17 16:26:19 testmachine notus-scanner[40715]:   File "/usr/lib/python3.8/pathlib.py", line 1407, in exists
Aug 17 16:26:19 testmachine notus-scanner[40715]:     self.stat()
Aug 17 16:26:19 testmachine notus-scanner[40715]:   File "/usr/lib/python3.8/pathlib.py", line 1198, in stat
Aug 17 16:26:19 testmachine notus-scanner[40715]:     return self._accessor.stat(self)
Aug 17 16:26:19 testmachine notus-scanner[40715]: PermissionError: [Errno 13] Permission denied: '/home/sensat0/.config/notus-scanner.toml'
Aug 17 16:26:19 testmachine systemd[1]: notus-scanner.service: Control process exited, code=exited, status=1/FAILURE
Aug 17 16:26:19 testmachine systemd[1]: notus-scanner.service: Failed with result 'exit-code'.
Aug 17 16:26:19 testmachine systemd[1]: Failed to start Notus Scanner.

@Renevant You probably failed to follow installation steps.

Try from scratch again. its probably the easiest way

Eero

@Eero I don’t find your insulting my intelligence helpful - or warranted.

Rather than blindly restarting the build from scratch, I’d like to understand where the two missing files are created - and why they weren’t. If you don’t know, that’s fine. Perhaps someone else will, and meanwhile I’ll continue to research.

@Renevant its in the documentation. you should read it. please do it again.

Eero

@Eero I read the documentation. I followed the steps. If the solution was in there, we wouldn’t be interacting right now. Again - if you don’t have a solution to offer, that’s fine.

You’re clearly a very educated person with exceptional subject knowledge. Perhaps there’s just a language barrier or other miscommunication.

I digress; at this point, I believe I have a solution that I’ll be implementing, and merely “doing it again” would not improve the situation or fix the problem. Should it work, I’ll report back so that anyone else who encounters a similar issue might find actual advice.

@Renevant

Let me point you to official documentation:

and

and

https://greenbone.github.io/docs/latest/22.4/source-build/index.html

If you want a configuration system-wide you should create it in /etc/gvm/notus-scanner.toml; if you want to use a user specific configuration create it in ~/.config/notus-scanner.toml.

[notus-scanner]
mqtt-broker-address = "localhost"
mqtt-broker-port = "1883"
products-directory = "/var/lib/openvas/plugins/notus/products"
pid-file = "/var/run/notus-scanner/notus-scanner.pid"
log-file = "/var/log/notus-scanner/notus-scanner.log"
log-level = "INFO"
disable-hashsum-verification = false

Official supported version is Debian 11 (bullseye)

From this point, I will not repeat instructions anymore from official documentation.

When starting services look for error messages like:

warnings.warn("urllib3 ({}) or chardet ({}) doesn't match a supported "

It’s not wise to rely third party documentation and also use Linux version that is not used by developers. That antique Ubuntu might contain too old libraries.

Probably the wise solution is to follow official documentation and using Debian 11. It works.

Eero

@Eero

Again, I’ve read all of that. And guess what? That doesn’t fix the problem

I have Python, its dependencies, and mosquitto installed. I had no issue with notus-scanner in regards to the mqtt broker address and port, products directory, PID file, or log file. None of anything you have posted is relevant to the problem I initially posted.

As much as you want to force or constrain people to do things “your way”, that is not the way the world works. My organization uses Ubuntu 20.04, not Debian 11. That is not going to change because you say so. I needed to find a solution for that issue, not to tell hundreds of clients around the United States that they have to completely change the operating system on their vulnerability scanners.

There’s no need or you to reply or comment further at this point, so I’d ask that you kindly cease doing so. You’ve neither provided any assistance, nor answered/addressed the problem at hand.

Probably the wise solution is to understand not everyone can or wants to use Debian 11. Guess what? Ubuntu 20.04 works.

Right, now back to the actual problem at hand: notus-scanner was returning errors on a fresh install of Ubuntu Server 20.04.4 and Kernel 5.4.0-124-generic.

I followed the excellent guide of @libellux at https://libellux.com/openvas/ who provided a superb walkthrough and explanation of the entire process. However, upon starting notus-scanner service, I received errors. Looking back on my notes, I had documented that during the installation process, there were errors during the installation of the tomli module.

Several Python packages, while installed at the start of the build, were not at the correct versions and therefore incompatible with notus-scanner, specifically psutil, python-gnupg, paho-mqtt, deprecated, lxml and redis. One Python package (packaging) was missing completely.

After the initial dependency installations in the guide, I added:

pip install packaging==20.9
python3 -m pip install --upgrade psutil
python3 -m pip install --upgrade python-gnupg
python3 -m pip install --upgrade paho-mqtt
python3 -m pip install --upgrade deprecated
python3 -m pip install --upgrade lxml
python3 -m pip install --upgrade redis

Once i reached the installation of the tomli module, there were no errors, and the build completed without further issue, with notus-scanner starting without any issue.

Important to note that this build was done on Ubuntu 20.04.4 - and while I hope no one else encounters such an error, if you do, I hope this helps you to complete your build.

1 Like

Just for information we now officially support

  • Debian stable (bullseye)
  • Ubuntu 22.04 LTS
  • Fedora 35 and 36
  • CentOS 9 Stream

Always take a look at our own docs at https://greenbone.github.io/docs/.

1 Like