I have a remote Openvas Scanner that keeps interrupting at 98% every time. This scan was on a /24 with several devices (in this scan 3 active). Based on past posts related to the issue, most of them pointed to Redis as the problem and used those as a starting point. However, in previous versions using the same redis settings, we never had an issue. Memory isn’t the issue either, as the scanner is configured with 4 vCPU, 16GB of RAM, and 60 GB of storage. NVT is also fully synced to the latest at the time of posting.
==> /var/log/gvm/ospd-openvas.log <==
OSPD[33] 2022-09-15 20:03:42,469: INFO: (ospd_openvas.daemon) Loading VTs. Scans will be [requested|queued] until VTs are loaded. This may take a few minutes, p lease wait...
==> /var/log/gvm/openvas.log <==
libgvm util:MESSAGE:2022-09-15 20h07.08 utc:58: Updated NVT cache from version 0 to 202209151012
==> /var/log/gvm/ospd-openvas.log <==
OSPD[33] 2022-09-15 20:07:08,883: INFO: (ospd_openvas.daemon) Finished loading VTs. The VT cache has been updated from version 0 to 202209151012.
I’m not sure if there is an underlying issue, but each time the logs show a Buffer Overflow followed by the scan is completed. Listed below is the log along with what is in the docker image:
- Ubuntu 22.04 LTS (AMD 64)
- Contains the following packages, all using the very latest Github MAIN branch (22.04 dev): GVM-libs, Openvas-scanner, Openvas-smb, OSPD-Openvas, Notus-Scanner, latest redis, latest mosqitto
Link to development docker: NetizenCorp/OpenVAS-Docker at dev (github.com)
==> /var/log/gvm/ssh-connection.log <==
2022/09/15 20:26:14 autossh[56]: received SIGALRM (end-of-life 0)
2022/09/15 20:26:14 autossh[56]: check on child 59
2022/09/15 20:26:14 autossh[56]: clear alarm timer (0 secs left)
2022/09/15 20:26:14 autossh[56]: set alarm for 600 secs
*** buffer overflow detected ***: terminated
==> /var/log/gvm/openvas.log <==
sd main:MESSAGE:2022-09-15 20h29.18 utc:61779: Running LSC via Notus for 192.168.10.1
1663273759: Client 517c75da-0934-4592-8178-c06cb5dbcb2d closed its connection.
sd main:MESSAGE:2022-09-15 20h29.19 utc:61745: Vulnerability scan cf188d6f-1249-4ea3-9e1c-2e03ab2f1610 finished in 1902 seconds: 3 alive hosts of 254
==> /var/log/gvm/ospd-openvas.log <==
OSPD[33] 2022-09-15 20:29:20,640: INFO: (ospd.ospd) cf188d6f-1249-4ea3-9e1c-2e03ab2f1610: Host scan finished.
OSPD[33] 2022-09-15 20:29:20,641: INFO: (ospd.ospd) cf188d6f-1249-4ea3-9e1c-2e03ab2f1610: Host scan got interrupted. Progress: 98, Status: RUNNING
OSPD[33] 2022-09-15 20:29:20,641: INFO: (ospd.ospd) cf188d6f-1249-4ea3-9e1c-2e03ab2f1610: Scan interrupted.
OSPD[33] 2022-09-15 20:29:23,656: INFO: (ospd.ospd) cf188d6f-1249-4ea3-9e1c-2e03ab2f1610: Scan process is dead and its progress is 98
OSPD[33] 2022-09-15 20:29:23,657: INFO: (ospd.ospd) cf188d6f-1249-4ea3-9e1c-2e03ab2f1610: Scan interrupted.
OSPD[33] 2022-09-15 20:29:23,832: INFO: (ospd.ospd) cf188d6f-1249-4ea3-9e1c-2e03ab2f1610: Scan process is dead and its progress is 98
OSPD[33] 2022-09-15 20:29:23,833: INFO: (ospd.ospd) cf188d6f-1249-4ea3-9e1c-2e03ab2f1610: Scan interrupted.
OSPD[33] 2022-09-15 20:29:24,229: INFO: (ospd.ospd) cf188d6f-1249-4ea3-9e1c-2e03ab2f1610: Scan process is dead and its progress is 98
OSPD[33] 2022-09-15 20:29:24,229: INFO: (ospd.ospd) cf188d6f-1249-4ea3-9e1c-2e03ab2f1610: Scan interrupted.
OSPD[33] 2022-09-15 20:29:24,353: INFO: (ospd.ospd) cf188d6f-1249-4ea3-9e1c-2e03ab2f1610: Scan process is dead and its progress is 98
OSPD[33] 2022-09-15 20:29:24,355: INFO: (ospd.ospd) cf188d6f-1249-4ea3-9e1c-2e03ab2f1610: Scan interrupted.
Redis Server Config: redis-server --unixsocket /run/redis/redis.sock --unixsocketperm 700 --timeout 0 --databases 65536 --maxclients 4096 --daemonize yes --port 6379 --bind 0.0.0.0
Redis permissions are root:root, but again, no issues regarding this in the past.
Note: This reports to a master system with GVM and all the remaining software on it. The previous software version, 21.4.4, had no issues regarding constant interrupts.