Scans from OpenVAS interrupted at 0% for every host

Hi everyone,

I recently installed OpenVAS on a Kali Linux VM. I followed these instructions

https://www.ceos3c.com/security/install-openvas-kali-linux/#step-3-running-your-first-scan

When I run “sudo gvm-check-setup”, I get this result

gvm-check-setup 22.4.1
Test completeness and readiness of GVM-22.4.1
Step 1: Checking OpenVAS (Scanner)…
OK: OpenVAS Scanner is present in version 22.4.1.
OK: Notus Scanner is present in version 22.4.4.
OK: Server CA Certificate is present as /var/lib/gvm/CA/servercert.pem.
Checking permissions of /var/lib/openvas/gnupg/*
OK: _gvm owns all files in /var/lib/openvas/gnupg
OK: redis-server is present.
OK: scanner (db_address setting) is configured properly using the redis-server socket: /var/run/redis-openvas/redis-server.sock
OK: redis-server is running and listening on socket: /var/run/redis-openvas/redis-server.sock.
OK: redis-server configuration is OK and redis-server is running.
OK: the mqtt_server_uri is defined in /etc/openvas/openvas.conf
OK: _gvm owns all files in /var/lib/openvas/plugins
OK: NVT collection in /var/lib/openvas/plugins contains 84680 NVTs.
OK: The notus directory /var/lib/notus/products contains 397 NVTs.
Checking that the obsolete redis database has been removed
OK: No old Redis DB
OK: ospd-OpenVAS is present in version 22.4.6.
Step 2: Checking GVMD Manager …
OK: GVM Manager (gvmd) is present in version 22.4.2.
Step 3: Checking Certificates …
OK: GVM client certificate is valid and present as /var/lib/gvm/CA/clientcert.pem.
OK: Your GVM certificate infrastructure passed validation.
Step 4: Checking data …
OK: SCAP data found in /var/lib/gvm/scap-data.
OK: CERT data found in /var/lib/gvm/cert-data.
Step 5: Checking Postgresql DB and user …
OK: Postgresql version and default port are OK.
gvmd | _gvm | UTF8 | en_US.UTF-8 | en_US.UTF-8 | | libc |
16435|pg-gvm|10|2200|f|22.4.0||
OK: At least one user exists.
Step 6: Checking Greenbone Security Assistant (GSA) …
OK: Greenbone Security Assistant is present in version 22.04.1~git.
Step 7: Checking if GVM services are up and running …
OK: ospd-openvas service is active.
OK: gvmd service is active.
OK: gsad service is active.
Step 8: Checking few other requirements…
OK: nmap is present.
OK: ssh-keygen found, LSC credential generation for GNU/Linux targets is likely to work.
WARNING: Could not find makensis binary, LSC credential package generation for Microsoft Windows targets will not work.
SUGGEST: Install nsis.
OK: xsltproc found.
WARNING: Your password policy is empty.
SUGGEST: Edit the /etc/gvm/pwpolicy.conf file to set a password policy.
Step 9: Checking greenbone-security-assistant…
OK: greenbone-security-assistant is installed

It seems like your GVM-22.4.1 installation is OK.

When I run, “status redis-server@openvas.service”, I get this result,

redis-server@openvas.service - Advanced key-value store (openvas)
Loaded: loaded (/lib/systemd/system/redis-server@.service; disabled; preset: disabled)
Active: active (running) since Mon 2023-03-20 09:08:49 EDT; 1h 31min ago
Docs: http://redis.io/documentation,
man:redis-server(1)
Main PID: 3453 (redis-server)
Status: “Ready to accept connections”
Tasks: 5 (limit: 4609)
Memory: 98.6M
CPU: 9min 44.782s
CGroup: /system.slice/system-redis\x2dserver.slice/redis-server@openvas.service
└─3453 “/usr/bin/redis-server unixsocket:/run/redis-openvas/redis-server.sock”

Mar 20 09:08:49 KaliVas.XX.XXXXXX.XX.XX systemd[1]: Starting redis-server@openvas.service - Advanced key-value store (openvas)…
Mar 20 09:08:49 KaliVas.XX.XXXXXX.XX.XX redis-server[3453]: Supervised by systemd. Please make sure you set appropriate values for TimeoutStartSec and TimeoutStopSec in your service unit.
Mar 20 09:08:49 KaliVas.XX.XXXXXX.XX.XX redis-server[3453]: oO0OoO0OoO0Oo Redis is starting oO0OoO0OoO0Oo
Mar 20 09:08:49 KaliVas.XX.XXXXXX.XX.XX redis-server[3453]: Redis version=7.0.7, bits=64, commit=00000000, modified=0, pid=3453, just started
Mar 20 09:08:49 KaliVas.XX.XXXXXX.XX.XX redis-server[3453]: Configuration loaded
Mar 20 09:08:49 KaliVas.XX.XXXXXX.XX.XX redis[3453]: monotonic clock: POSIX clock_gettime
Mar 20 09:08:49 KaliVas.XX.XXXXXX.XX.XX redis[3453]: .
.-__ ''-._ _.- . . ‘’-._ Redis 7.0.7 (00000000/0) 64 bit
.- .-```. ```\/ _.,_ ''-._ ( ' , .-` | `, ) Running in standalone mode |`-._`-...-` __...-.-.|'_.-'| Port: 0 | -. ._ / _.-' | PID: 3453 -._ -._ -./ .-’ .-’
|-._-.
-.__.-' _.-'_.-'| | -.
-._ _.-'_.-' | https://redis.io -._ -._-..-'.-’ .-’
|-._-.
-.__.-' _.-'_.-'| | -.
-._ _.-'_.-' | -._ -._-.
.-‘_.-’ _.-’
-._ -..-’ _.-’
-._ _.-' -.
.-’
Mar 20 09:08:49 KaliVas.XX.XXXXXX.XX.XX redis[3453]: Server initialized
Mar 20 09:08:49 KaliVas.XX.XXXXXX.XX.XX redis[3453]: The server is now ready to accept connections at /run/redis-openvas/redis-server.sock
Mar 20 09:08:49 KaliVas.XX.XXXXXX.XX.XX systemd[1]: Started redis-server@openvas.service - Advanced key-value store (openvas).

I found this thread
https://github.com/greenbone/openvas-scanner/issues/166

And tried running the command, “sudo redis-cli -s /var/run/redis-openvas/redis-server.sock flushall”. The result returned was, “OK”, but it didn’t change anything.

When I log into OpenVAS, navigate to Scans, then tasks, then task wizard and input an IP ot hostname, the scan also fails with the interrupted at 0% message. When I go to the scan’s errors, this is the result,

NVTI cache initialization failed
Scan process Failure
Scan process Failure
Task interrupted unexpectedly

Still doing research on this. Thanks for any help!

1 Like

Same issue here except I used the trail ova.
I was hoping Greenbone OpenVAS OVA would work out-of-the-box.
Installation went just fine, but I can’t scan anything.

Got it fixed. Firewall blocked port tcp 24 outgoing so OpenVAS wasn’t able to update the NVT feed.
Updating the NVT feed also took a while. (approx 45 minutes)
After the update I was able to scan.

2 Likes

Thank you, that was it :slight_smile:

2 Likes