SOLVED: Guidance troubleshooting from log files. ospd service running but not accepting connections

This thread can be closed. The solution was to edit the two services to point to /var/run/ospd/ospd.sock

GVM versions

gsad: 21.4.4
gvmd: 21.4.5
openvas-scanner: OpenVAS 21.4.4
gvm-libs: 21.4.4

Environment

Operating system: rocky-release-8.5-3.el8
Kernel: 4.18.0-348.20.1.el8_5.x86_64
Installation method / source: yum update (atomic repo)

I’ve recently upgraded Centos 8 to Rocky. However there is something wrong with the ospd service not accepting connections.

Can this be troubleshooted via log files as I don’t see anything helpful:

ospd-scanner.log
INFO: (ospd.main) Starting OSPd OpenVAS version 21.4.5.dev1.
(nothing else, just that one line. Nothing to say it has started or why it hasn’t fully started)

gvmd.log
md manage:WARNING:2022-04-07 16h01.57 UTC:3056: osp_scanner_feed_version: failed to connect to /var/run/ospd/ospd-openvas.sock
md manage: INFO:2022-04-07 16h01.57 UTC:3056: osp_scanner_feed_version: failed to get scanner_feed_version. OSPd OpenVAS is still starting
md manage: INFO:2022-04-07 16h02.07 UTC:3063: osp_scanner_feed_version: failed to get scanner_feed_version. OSPd OpenVAS is still starting
This is repeated. Then if I try to run a scan, this is the message logged:
event task:MESSAGE:2022-04-07 15h56.35 UTC:2757: Status of task Scan TEST has changed to Requested
event task:MESSAGE:2022-04-07 15h56.35 UTC:2757: Task Scan TEST has been requested to start by admin
md manage:WARNING:2022-04-07 15h57.10 UTC:2763: Could not connect to Scanner at /var/run/ospd/ospd.sock
md manage:WARNING:2022-04-07 15h57.10 UTC:2763: OSP start_scan: Could not connect to Scanner

openvas.log
libgvm util:MESSAGE:2022-04-07 15h31.27 utc:1987: Updated NVT cache from version 0 to 202204061004

gsad.log
gsad main:MESSAGE:2022-04-07 15h55.24 utc:2651: Starting GSAD version 21.4.4
website loads fine and I can log in.

firewalld is turned off

netstat shows nothing for /var/run/ospd/ospd*.sock indicating it’s not running.

Yet the ospd service shows as running:
sudo systemctl status ospd-openvas
ospd-openvas.service - Job that runs the ospd-openvas daemon
Loaded: loaded (/usr/lib/systemd/system/ospd-openvas.service; enabled; vendor preset: disabled)
Active: active (running) since Thu 2022-04-07 11:55:24 EDT; 37min ago

Is there anywhere to enable verbose logging to find out why the ospd service is not listening for connections?

I’m guessing it’s something to do with gvmd.log referencing both:

  1. /var/run/ospd/ospd-openvas.sock
    and
  2. /var/run/ospd/ospd.sock

No idea why it’s referencing both but the actual socket is: /var/run/ospd/ospd-openvas.sock

I added OPTIONS="–scanner-host=/var/run/ospd/ospd-openvas.sock" to the /etc/sysconfig/gvmd file but it’s the same problem.

1 Like

Got this working.

Edit the two services to point to /var/run/ospd/ospd.sock

/user/lib/systemd/system/gvmd.service

#ExecStart=/usr/sbin/gvmd --osp-vt-update=/var/run/ospd/ospd-openvas.sock $OPTIONS
ExecStart=/usr/sbin/gvmd --osp-vt-update=/var/run/ospd/ospd.sock $OPTIONS

/user/lib/systemd/system/ospd-openvas.service

#PIDFile=/var/run/ospd/ospd-openvas.pid
PIDFile=/var/run/ospd/ospd.pid
#ExecStart=/opt/atomicorp/bin/ospd-openvas --pid-file /var/run/ospd/ospd-openvas.pid --unix-socket=/var/run/ospd/ospd-openvas.sock --log-file /var/log/gvm/ospd-scanner.log --lock-file-dir /var/run/gvm/
ExecStart=/opt/atomicorp/bin/ospd-openvas --pid-file /var/run/ospd/ospd.pid --unix-socket=/var/run/ospd/ospd.sock --log-file /var/log/gvm/ospd-scanner.log --lock-file-dir /var/run/gvm/

Normally it shouldn’t be required to update any .services files, especially if the installation is coming from a package based repository.

If there are problems with these specific packages from atomic it is suggested to raise an issue at Issues · Atomicorp/gvm · GitHub

As an alternative the socket location gvmd is looking for can be updated like described in the documentation available here.

2 Likes

Thanks for that info. It looks like someone has already raised this as a bug with Atomic

1 Like