Notus scanner won't start

Andrey_Gorin · April 17, 2024, 3:54pm

Job for notus-scanner.service failed because the control process exited with error code.
See “systemctl status notus-scanner.service” and “journalctl -xeu notus-scanner.service” for details.
Failed to start Notus Scanner.

The file “/usr/local/bin/notus-scanner” is missing. However, I am confident that I did not miss any steps in building from source.

I also see numerous errors in ospd-openvas.log:

OSPD[44704] 2024-04-17 15:52:39,273: WARNING: (ospd_openvas.messaging.mqtt) Could not connect to MQTT broker, error was: [Errno 111] Connection refused. Trying again in 10s.

also the /var/log/gvm/notus-scanner.log file is missing

Andrey_Gorin · April 18, 2024, 7:42am

Once upon a time I already installed a scanner, and as far as I remember there were such commands in the terminal for installation:

cd notus-scanner
python3 -m pip install . --prefix=/usr/local --no-warn-script-location
cd ..

however, now they are not in the instructions for building from source, could it be that this is the problem?

rippledj · April 18, 2024, 11:56am

Yes, seems the instructions to install notus-scanner have been removed from the source code install instructions. I’m not sure why. Perhaps someone else can inform about this.

Here are the previous instructions from the official documentation:

sudo apt install -y python3 python3-pip python3-setuptools python3-paho-mqtt python3-psutil python3-gnupg

export NOTUS_VERSION=22.4.4

curl -f -L https://github.com/Greenbone/notus-scanner/archive/refs/tags/v$NOTUS_VERSION.tar.gz -o $SOURCE_DIR/notus-scanner-$NOTUS_VERSION.tar.gz

curl -f -L https://github.com/Greenbone/notus-scanner/releases/download/v$NOTUS_VERSION/notus-scanner-$NOTUS_VERSION.tar.gz.asc -o $SOURCE_DIR/notus-scanner-$NOTUS_VERSION.tar.gz.asc

gpg --verify $SOURCE_DIR/notus-scanner-$NOTUS_VERSION.tar.gz.asc $SOURCE_DIR/notus-scanner-$NOTUS_VERSION.tar.gz

tar -C $SOURCE_DIR -xvzf $SOURCE_DIR/notus-scanner-$NOTUS_VERSION.tar.gz

cd $SOURCE_DIR/notus-scanner-$NOTUS_VERSION

mkdir -p $INSTALL_DIR/notus-scanner

sudo cp -rv $INSTALL_DIR/notus-scanner/* /

Andrey_Gorin · April 18, 2024, 12:38pm

It seems to me that you missed something, because after:
sudo cp -rv $INSTALL_DIR/notus-scanner/* /

I get:
cp: cannot stat ‘/root/install/notus-scanner/*’: No such file or directory

Perhaps you need to add an assembly stage? BUILD_DIR, INSTALL_DIR

I also want to note that the mosquitto installation step has disappeared from the instructions. Is this how it should be?

AndreasK · April 18, 2024, 1:53pm

I have the same error messages with my previously running gvm instance and found the following post:

So in my case the update to paho-mqtt 2.0.0 broke the notus scanner.

cfi · April 18, 2024, 2:16pm

Looks like this is on purpose as notus-scanner seems to be deprecated and shouldn’t be installed anymore:

github.com/greenbone/docs

Add: openvas logs, openvasd; Remove: notus-scanner, mqtt

greenbone:main ← greenbone:updating-openvas-23

opened 11:23AM - 11 Apr 24 UTC

nichtsfrei

+156 -156

Add: openvas logs To be able to see openvas logs more easily a new service `o…penvas` is added. This service tails over `/var/log/openvas/openvas.log`. Additionally an configuration step `configure-openvas` is added. This sets the openvas log level to 128 and changes to log output to `/var/log/openvas/openvas.log` instead of `/var/log/gvm/openvas.log`. To change the log level you can replace the `128` to the desired log level. Add: openvasd Remove: notus With https://github.com/greenbone/openvas-scanner/pull/1519 notus is deprecated in favour of openvasd/notus endpoint. For more details see: https://greenbone.github.io/scanner-api/ for a general overview of the API implemented by openvasd. This removes the dependencies of a mqtt broker as well as notus service. Doc: remove notus-scanner and explain openvasd installation To test it I used: - https://github.com/greenbone/scanner-lab and spawned a vulnerable slackware version by executing: ``` make deploy-slackware ``` got the ip via: ``` kubectl get pods -A ``` and created a target with the ssh credentials: `gvm:gvm` and run `full and fast` configuration. In the report vulnerable packages should show up.

rippledj · April 18, 2024, 2:35pm

Oh, well that makes sense!

bricks · April 19, 2024, 6:24am

The removal of notus-scanner is also mentioned in the changelog of the docs

Andrey_Gorin · April 19, 2024, 7:05am

Thank you, is there any way to get rid of these errors?

OSPD[81617] 2024-04-19 07:03:45,863: WARNING: (ospd_openvas.messaging.mqtt) Could not connect to MQTT broker, error was: [Errno 111] Connection refused. Trying again in 10s.
OSPD[81617] 2024-04-19 07:03:55,874: WARNING: (ospd_openvas.messaging.mqtt) Could not connect to MQTT broker, error was: [Errno 111] Connection refused. Trying again in 10s.
OSPD[81617] 2024-04-19 07:04:05,885: WARNING: (ospd_openvas.messaging.mqtt) Could not connect to MQTT broker, error was: [Errno 111] Connection refused. Trying again in 10s.
OSPD[81617] 2024-04-19 07:04:15,896: WARNING: (ospd_openvas.messaging.mqtt) Could not connect to MQTT broker, error was: [Errno 111] Connection refused. Trying again in 10s.
OSPD[81617] 2024-04-19 07:04:25,907: WARNING: (ospd_openvas.messaging.mqtt) Could not connect to MQTT broker, error was: [Errno 111] Connection refused. Trying again in 10s.

bricks · April 19, 2024, 8:52am

It requires to change the ospd-openvas service file and remove the mqtt parameters.

wwwiesel · April 24, 2024, 8:55am

sorry but which parameters?

i removed them, but issue still exist:
OSPD[1172] 2024-04-24 08:51:32,796: WARNING: (ospd_openvas.messaging.mqtt) Could not connect to MQTT broker, error was: [Errno 111] Connection refused. Trying again in 10s.

[Unit]
Description=OSPd Wrapper for the OpenVAS Scanner (ospd-openvas)
Documentation=man:ospd-openvas(8) man:openvas(8)
After=network.target networking.service redis-server@openvas.service
Wants=redis-server@openvas.service
ConditionKernelCommandLine=!recovery

[Service]
Type=exec
User=gvm
Group=gvm
RuntimeDirectory=ospd
RuntimeDirectoryMode=2775
PIDFile=/run/ospd/ospd-openvas.pid
ExecStart=/usr/local/bin/ospd-openvas --foreground --unix-socket /run/ospd/ospd-openvas.sock --pid-file /run/ospd/ospd-openvas.pid --log-file /var/log/gvm/ospd-openvas.log --lock-file-dir /var/lib/op>SuccessExitStatus=SIGKILL
Restart=always
RestartSec=60

[Install]
WantedBy=multi-user.target