I have installed GVM 20.08 on Debian, scanning work perfectly but got an error message when I tried to scan UDP ports.
I got no permission to scan this ports range as a non root user.
I’ve tried different solution:
-Adding env variable to allow gvm user to run nmap with --privileged flag. Work in cmd terminal but not with GVM
- Changing user who run services like gvmd/openvas
- Creating a scanner as root user, but failed
Is there a solution to remedy to this problem ?
I believe you need to configure passwordless sudo for the gvm user, so that it can run openvas with elevated privileges.
$ cat /etc/sudoers.d/gvm
gvm ALL = NOPASSWD: /usr/sbin/openvas
Thanks for your reply but already done and no result. I forgot to mention that openvas is installed in /opt/gvm/…
It seems clear to me, from your description, that openvas is not running as a privileged user.
There are two ways to ensure that
openvas is invoked as root:
- Run your
ospd-openvas service as root (probably not the best idea)
- Configure sudo properly (see
ospd_openvas/openvas.py for specifics of how openvas is invoked).
Have you verified what user your
ospd-openvas process is running as? If it doesn’t match your sudo config, then you would not successfully run openvas as root.
In my case (see my example), the user is
gvm. It may be a different user in your case, the path to openvas may differ, etc. You’ve got to make sure that your sudo config matches your environment.
ospd-openvas service is running as user
billybob, and your
openvas executable is in
/opt/gvm/bin/, then you’d want something like:
billybob ALL = NOPASSWD: /opt/gvm/bin/openvas
Hi Guillaume, did you solve the problem? I’m stuck like you