Hello!
Rescently i configured GVM using this guide https://greenbone.github.io/docs/latest/22.4/source-build/index.html
Evrething is working fine but scans won’t start: “Interrupted at 0 %”
Log file says: set socket: failed to open ICMPV4 socket: operation not permitted. boreas could not initialise alive detection. Boreas was not able to open a new socket
I checked visudo:
User privilege specification
root ALL=(ALL:ALL) ALL
Members of the admin group may gain root privileges
%admin ALL=(ALL) ALL
Allow members of group sudo to execute any command
In this specific case it should be made sure that a sane default secure_path is included via visudo / in /etc/sudoers and that this hasn’t been deleted previously. On a Debian system the default looks like:
Also make sure that no other files in /etc/sudoers.d/* are defining a secure_path. IIRC anything additionally configured for secure_path within such files are overwriting a previous defined secure_path.
Did you find any solution?
I also have it on a fresh install of 22.04 on Debian 11
Yes the securepath is defined, yes gvm ALL is in the visudo file, yes I followed 100% the documentation
==> /var/log/gvm/openvas.log <==
sd main:MESSAGE:2023-01-13 20h36.41 utc:4923: openvas 22.4.1 started
sd main:MESSAGE:2023-01-13 20h36.41 utc:4923: attack_network_init: INIT MQTT: SUCCESS
sd main:MESSAGE:2023-01-13 20h36.51 utc:4923: Vulnerability scan b65a0b0d-6f2f-415a-a9ca-176ec26ae1db started: Target has 254 hosts: 192.168.1.0/24, with max_hosts = 20 and max_checks = 4
libgvm boreas:WARNING:2023-01-13 20h36.51 utc:4923: set_socket: failed to open ICMPV4 socket: Operation not permitted
libgvm boreas:WARNING:2023-01-13 20h36.51 utc:4923: start_alive_detection. Boreas could not initialise alive detection. Boreas was not able to open a new socket. Exit Boreas.
sd main:MESSAGE:2023-01-13 20h36.52 utc:4923: Vulnerability scan b65a0b0d-6f2f-415a-a9ca-176ec26ae1db finished in 11 seconds: 0 alive hosts of 254
As the OP is using Ubuntu the following is to track a possible solution here (because there are still multiple topics open about the same message, @moderation team: Maybe we should really close a few?) a community user identified AppArmor on Ubuntu as being a problematic component blocking the usage of the ICMPv4 socket operation required by Boreas: