Scans perpetually running

Hi folks.

I’m running the Greenbone Community Containers 22.4.
Host OS: Ubuntu 22.04
4 Cores, 8GB RAM, 60GB Disk

(The only modification I’ve made is that I have Nginx on the host as a reverse proxy in front of GSA for SSL - I doubt that’s the cause of the problem.)

Everything appeared to be working correctly.
However after updating the containers docker-compose -f docker-compose.yml -p greenbone-community-edition up -d scans are no longer completing and are just stuck “running”.

$ docker ps
CONTAINER ID   IMAGE                            COMMAND                  CREATED       STATUS        PORTS                                       NAMES
f1004c008d24   greenbone/ospd-openvas:stable    "/usr/local/bin/entr…"   2 days ago    Up 24 hours                                               greenbone-community-edition_ospd-openvas_1
ddc321ce7063   greenbone/notus-scanner:stable   "/usr/local/bin/entr…"   2 days ago    Up 2 days                                                 greenbone-community-edition_notus-scanner_1
e98b55424d66   greenbone/gvmd:stable            "/usr/local/bin/entr…"   7 days ago    Up 3 days                                                 greenbone-community-edition_gvmd_1
74985a1540ee   greenbone/gsa:stable             "/usr/local/bin/entr…"   11 days ago   Up 3 days     127.0.0.1:9392->80/tcp                      greenbone-community-edition_gsa_1
9e86e4f91685   greenbone/redis-server           "/bin/sh -c 'rm -f /…"   11 days ago   Up 3 days                                                 greenbone-community-edition_redis-server_1
8edc7223de27   greenbone/mqtt-broker            "/bin/sh -c 'mosquit…"   11 days ago   Up 3 days     0.0.0.0:1883->1883/tcp, :::1883->1883/tcp   greenbone-community-edition_mqtt-broker_1
7a468749a130   greenbone/pg-gvm:stable          "/usr/local/bin/entr…"   5 weeks ago   Up 3 days                                                 greenbone-community-edition_pg-gvm_1

Snippet from ospd-openvas log:

OSPD[6] 2022-11-24 22:00:48,146: INFO: (ospd.ospd) Currently 2 queued scans.
OSPD[6] 2022-11-24 22:00:48,293: INFO: (ospd.ospd) Starting scan 150503d6-df0b-4b89-b302-41a537bcf2c4.
OSPD[6] 2022-11-24 22:00:48,491: INFO: (ospd.ospd) Starting scan 8492ea02-2ad0-46df-8e85-351469b3d027.
OSPD[6] 2022-11-24 22:45:34,944: INFO: (ospd.ospd) 38762c49-ef0e-4487-a026-b9e68a2e3467: Host scan finished.
OSPD[6] 2022-11-24 22:45:34,947: INFO: (ospd.ospd) 38762c49-ef0e-4487-a026-b9e68a2e3467: Scan finished.
OSPD[6] 2022-11-24 23:59:41,595: INFO: (ospd.command.command) Scan fa7c8ed9-7a47-40c3-b2a0-837449d5d1a9 added to the queue in position 1.
OSPD[6] 2022-11-24 23:59:41,626: INFO: (ospd.command.command) Scan f4c49086-61f4-4498-89d5-16359bb716d3 added to the queue in position 1.
OSPD[6] 2022-11-24 23:59:46,319: INFO: (ospd.ospd) Currently 2 queued scans.
OSPD[6] 2022-11-24 23:59:46,447: INFO: (ospd.ospd) Starting scan fa7c8ed9-7a47-40c3-b2a0-837449d5d1a9.
OSPD[6] 2022-11-24 23:59:46,619: INFO: (ospd.ospd) Starting scan f4c49086-61f4-4498-89d5-16359bb716d3.
OSPD[6] 2022-11-25 00:46:02,369: ERROR: (ospd.server) Error sending data to the client. [Errno 32] Broken pipe
OSPD[6] 2022-11-25 00:50:37,246: ERROR: (ospd.server) Error sending data to the client. [Errno 32] Broken pipe

I’m scanning subnets typically /27 or /28 in size, mostly Windows server hosts. All scans are using the default “Full and fast” Scan config. Targets are using the “All IANA assigned TCP” port list - no authenticated scanning.

In openvas.log I’m seeing:

sd   main:MESSAGE:2022-11-25 03h45.46 utc:631677: Vulnerability scan fa7c8ed9-7a47-40c3-b2a0-837449d5d1a9 finished for host <snip> in 10788.43 seconds
sd   main:MESSAGE:2022-11-25 03h51.28 utc:520589: Running LSC via Notus for <snip>
sd   main:MESSAGE:2022-11-25 03h51.38 utc:520589: Vulnerability scan fa7c8ed9-7a47-40c3-b2a0-837449d5d1a9 finished for host <snip> in 12625.63 seconds

The only thing I can think of is that some NVT is taking an excessive amount of time to run or something of that ilk but I’m unsure how to troubleshoot further.

This looks similar to:

It certainly does!

As a fix has been merged I’ve pulled the updated images and I’ve been able to get a couple of scans to complete so it looks like this is resolved.

1 Like

Hmm,

Might not be as resolved as I thought.
A handful of scans completed.
However the majority are still perpetually running with the following:

“Task process exited abnormally (e.g. machine lost power or process was sent SIGKILL). Setting scan status to Interrupted.”

(However the status does not change and stays as “Running”)