Set socket: failed to open ICMPV4 socket: operation not permitted

Hello!
Rescently i configured GVM using this guide https://greenbone.github.io/docs/latest/22.4/source-build/index.html
Evrething is working fine but scans won’t start: “Interrupted at 0 %”
Log file says: set socket: failed to open ICMPV4 socket: operation not permitted. boreas could not initialise alive detection. Boreas was not able to open a new socket

I checked visudo:

User privilege specification

root ALL=(ALL:ALL) ALL

Members of the admin group may gain root privileges

%admin ALL=(ALL) ALL

Allow members of group sudo to execute any command

%sudo ALL=(ALL:ALL) ALL

allow users of the gvm group run openvas

%gvm ALL = NOPASSWD: /usr/local/sbin/openvas

Checked PATH:
echo “$PATH”
/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/usr/games:/usr/local/games:/snap/bin

OS is Ubuntu 22.04 LTS

Can someone help me?

Hello and welcome to this community forums.

This reads quite similar to Interrupted at 0% Libgvm boreas failed to open ICMPV4 with a possible solution provided in:

In this specific case it should be made sure that a sane default secure_path is included via visudo / in /etc/sudoers and that this hasn’t been deleted previously. On a Debian system the default looks like:

Defaults        secure_path="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"

Thank you for reply. Already checked that topic and recommendations

Tryed different combinations in sudousers and nothing seems to work, current config is in screenshot:

GVM files are installed in: /usr/local/sbin

Also make sure that no other files in /etc/sudoers.d/* are defining a secure_path. IIRC anything additionally configured for secure_path within such files are overwriting a previous defined secure_path.

Yes i’ve checked it already and it’s empty, even commented that string from sudousers

Unfortunately i’m running out of specific ideas so hopefully some one more familiar with this topic will jump in the future.

There is only a more generic suggestion to check for e.g.

  • specific hardening on the host around sudo and/or socket handling
  • the IPv4 setup (not sure if Boreas is e.g. always expecting an enabled IPv4, …)

Did you find any solution?
I also have it on a fresh install of 22.04 on Debian 11

Yes the securepath is defined, yes gvm ALL is in the visudo file, yes I followed 100% the documentation

==> /var/log/gvm/openvas.log <==
sd main:MESSAGE:2023-01-13 20h36.41 utc:4923: openvas 22.4.1 started
sd main:MESSAGE:2023-01-13 20h36.41 utc:4923: attack_network_init: INIT MQTT: SUCCESS
sd main:MESSAGE:2023-01-13 20h36.51 utc:4923: Vulnerability scan b65a0b0d-6f2f-415a-a9ca-176ec26ae1db started: Target has 254 hosts: 192.168.1.0/24, with max_hosts = 20 and max_checks = 4
libgvm boreas:WARNING:2023-01-13 20h36.51 utc:4923: set_socket: failed to open ICMPV4 socket: Operation not permitted
libgvm boreas:WARNING:2023-01-13 20h36.51 utc:4923: start_alive_detection. Boreas could not initialise alive detection. Boreas was not able to open a new socket. Exit Boreas.
sd main:MESSAGE:2023-01-13 20h36.52 utc:4923: Vulnerability scan b65a0b0d-6f2f-415a-a9ca-176ec26ae1db finished in 11 seconds: 0 alive hosts of 254

As the OP is using Ubuntu the following is to track a possible solution here (because there are still multiple topics open about the same message, @moderation team: Maybe we should really close a few?) a community user identified AppArmor on Ubuntu as being a problematic component blocking the usage of the ICMPv4 socket operation required by Boreas:

(for future discussion, please see)