Ospd-openvas.service and notus-scanner.service issues

Building from Source and Advanced Topics
1

GVM versions

gsad: 22.04.0
gvmd: 22.4.0-dev1
openvas-scanner: 22.4.0
gvm-libs: 22.4.0

Environment

Operating system: Ubuntu Linux 22.04.1 LTS
Kernel: Linux 5.15.0-48-generic
Installation method / source: Building 22.4 from Source - Greenbone Community Documentation

Until approximately 72 hours ago, we had GVM 22.4 installed and working without issue on Ubuntu Linux 22.04. This morning, an attempt to run a scan failed. Checking the scanners in the web interface showed that a check of the OpenVAS Default scanner returned β€œService Unavailable”

image
image949Γ—381 51.7 KB

I restarted GVMD, GSAD, notus-scanner and ospd-openvas via systemctl restart . GVMD and GSAD restarted without issue. Both notus-scanner and ospd-openvas services failed. Checking systemctl status notus-scanner/ospd-openvas didn’t reveal much beyond the fact the services were Loaded/Activating… so I also ran journalctl -xeu notus-scanner/ospd-openvas. The output of those was as follows:

journalctl -xeu ospd-openvas

]: Traceback (most recent call last):
]:   File "/usr/local/bin/ospd-openvas", line 8, in <module>
]:     sys.exit(main())
]:   File "/usr/local/lib/python3.10/dist-packages/ospd_openvas/daemon.py", line 1243, in main
]:     daemon_main('OSPD - openvas', OSPDopenvas, NotusParser())
]:   File "/usr/local/lib/python3.10/dist-packages/ospd/main.py", line 98, in main
]:     args = parser.parse_arguments()
]:   File "/usr/local/lib/python3.10/dist-packages/ospd/parser.py", line 278, in parse_arguments
]:     self._set_defaults(_args.config)
]:   File "/usr/local/lib/python3.10/dist-packages/ospd/parser.py", line 245, in _set_defaults
]:     self._config = self._load_config(configfilename)
]:   File "/usr/local/lib/python3.10/dist-packages/ospd/parser.py", line 253, in _load_config
]:     if not configpath.expanduser().resolve().exists():
]:   File "/usr/lib/python3.10/pathlib.py", line 1288, in exists
]:     self.stat()
]:   File "/usr/lib/python3.10/pathlib.py", line 1095, in stat
]:     return self._accessor.stat(self, follow_symlinks=follow_symlinks)
]: PermissionError: [Errno 13] Permission denied: '/home/sensat0/.config/ospd.conf'
penvas.service: Control process exited, code=exited, status=1/FAILURE

Subject: Unit process exited
β–‘β–‘ Defined-By: systemd
β–‘β–‘ Support: http://www.ubuntu.com/support
β–‘β–‘ 
β–‘β–‘ An ExecStart= process belonging to unit ospd-openvas.service has exited.
β–‘β–‘ 
β–‘β–‘ The process' exit code is 'exited' and its exit status is 1.
Oct 10 11:16:26 northvalley-vscan systemd[1]: ospd-openvas.service: Failed with result 'exit-code'.
β–‘β–‘ Subject: Unit failed
β–‘β–‘ Defined-By: systemd
β–‘β–‘ Support: http://www.ubuntu.com/support
β–‘β–‘ 
β–‘β–‘ The unit ospd-openvas.service has entered the 'failed' state with result 'exit-code'.
Oct 10 11:16:26 northvalley-vscan systemd[1]: Failed to start OSPd Wrapper for the OpenVAS Scanner (ospd-openvas)
β–‘β–‘ Subject: A start job for unit ospd-openvas.service has failed
β–‘β–‘ Defined-By: systemd
β–‘β–‘ Support: http://www.ubuntu.com/support
β–‘β–‘ 
β–‘β–‘ A start job for unit ospd-openvas.service has finished with a failure.
β–‘β–‘ 
β–‘β–‘ The job identifier is 23629 and the job result is failed.

journalctl -xeu notus-scanner

: Traceback (most recent call last):
:   File "/usr/local/bin/notus-scanner", line 8, in <module>
:     sys.exit(main())
:   File "/usr/local/lib/python3.10/dist-packages/notus/scanner/daemon.py", line 139, in main
:     args = parser.parse_arguments()
:   File "/usr/local/lib/python3.10/dist-packages/notus/scanner/cli/parser.py", line 178, in parse_arguments
:     self._set_defaults(known_args.config)
:   File "/usr/local/lib/python3.10/dist-packages/notus/scanner/cli/parser.py", line line 137, in _set_defaults
:     config_data = self._load_config(configfilename)
:   File "/usr/local/lib/python3.10/dist-packages/notus/scanner/cli/parser.py", line 149, in _load_config
:     if path.exists():
:   File "/usr/lib/python3.10/pathlib.py", line 1288, in exists
:     self.stat()
:   File "/usr/lib/python3.10/pathlib.py", line 1095, in stat
:     return self._accessor.stat(self, follow_symlinks=follow_symlinks)
: PermissionError: [Errno 13] Permission denied: '/home/sensat0/.config/notus-scanner.toml'
: notus-scanner.service: Control process exited, code=exited, status=1/FAILURE

β–‘β–‘ Subject: Unit process exited
β–‘β–‘ Defined-By: systemd
β–‘β–‘ Support: http://www.ubuntu.com/support
β–‘β–‘ 
β–‘β–‘ An ExecStart= process belonging to unit notus-scanner.service has exited.
β–‘β–‘ 
β–‘β–‘ The process' exit code is 'exited' and its exit status is 1.
Oct 10 11:25:34 northvalley-vscan systemd[1]: notus-scanner.service: Failed with result 'exit-code'.
β–‘β–‘ Subject: Unit failed
β–‘β–‘ Defined-By: systemd
β–‘β–‘ Support: http://www.ubuntu.com/support
β–‘β–‘ 
β–‘β–‘ The unit notus-scanner.service has entered the 'failed' state with result 'exit-code'.
Oct 10 11:25:34 northvalley-vscan systemd[1]: Failed to start Notus Scanner.
β–‘β–‘ Subject: A start job for unit notus-scanner.service has failed
β–‘β–‘ Defined-By: systemd
β–‘β–‘ Support: http://www.ubuntu.com/support
β–‘β–‘ 
β–‘β–‘ A start job for unit notus-scanner.service has finished with a failure.
β–‘β–‘ 
β–‘β–‘ The job identifier is 25010 and the job result is failed.

I have tried the following:

  1. Full reboot
  2. systemctl reset-failed
  3. systemctl stop / systemctl disable then systemctl enable / systemctl start

I had seen a similar issue before during my build attempt, but was able to get past it by using the official documentation noted above.

I am most concerned about the two files referenced - notus-scanner.toml and ospd.conf. For the former (notus-scanner.toml) there is no such file present anywhere on the machine. For the latter (ospd.conf) I have an example-ospd.conf in install-path/source/ospd-openvas-22.4.2/docs/example-ospd.conf .

Hoping that someone will be kind enough to provide guidance on how to resolve this and get these services running again.

Also, and I don’t know if this is related - I see there is a new version (22.04.3) of the Greenbone OS. I don’t know if this update needs to be applied as part of the resolution, or if it’s unrelated.

Thank you sincerely for your time and advice - I am happy to provide any additional information you might need.

2

Hi,

your traceback shows that /home/sensat0/ is the home directory of the user running ospd-openvas and notus-scanner. As the default on a Linux distribution is to create a home directory with the user’s name it seems the services are started as a sensat0. If you followed our build from source guide this is clearly wrong and the user should be gvm instead. Therefore please check the installed services files.

The Greenbone OS is only available for our enterprise products. The (bugfix) releases of the Greenbone OS are independent of the Greenbone Community Edition releases.

2 Likes
3

Cool. I did check the permissions on service files and found they were all sensato:sensato for gvmd/gsad/ospd-openvas/notus-scanner, so I chown’ed those files back to gvm: gvm

I also had user gvm set to a home directory of /home/sensat0 (don’t ask why, I don’t think I could give you a good answer!) in /etc/passwd - but between correcting that and the service files, I have all processes running successfully again.

Thanks for your guidance, @bricks !

2 Likes