we are running OpenVAS on Kali to automatically scan systems in our network (version details below). Now suddenly, all scheduled and requested tasks simply stop at 1%.
When starting a task openvassd starts serving on a socket and openvasmd starts handling the task (openvasmd: OTP: Handling scan). Approximately 5 seconds later openvasmd reports the warning openvas_scanner_read: Failed to read from scanner: Connection reset by peer and then stops the task. Openvas never tries to contact the hosts to be scanned, everything happens before any network activity.
These are the errors I can find:
# file: /var/log/openvas/openvassd.messages
openvassd: Serving /var/run/openvassd.sock(main+0x37f)[0x560e760d70cf]
# file: /var/log/openvas/openvasmd.log
md main:WARNING:[...]: openvas_scanner_read: Failed to read from scanner: Connection reset by peer
event task:MESSAGE:[...]: Status of task [...] has changed to Stopped
# journalctl -xe
[...] vas greenbone-certdata-sync: Calling openvasmd to check for alerts
[...] vas gsad: xsltFreeStackElem: Unexpected RVT flag (nil)
[...] vas gsad: xsltFreeStackElem: Unexpected RVT flag (nil)
[...] <continues Unexpected RVT flag messages>
[....] vas kernel: perf: interrupt took too long (3148 > 3128), lowering kernel.perf_event_max_sample_rate to 63500
OS and version information:
# lsb_release -a
No LSB modules are available.
Distributor ID: Kali
Description: Kali GNU/Linux Rolling
# uname -a
Linux vas 4.18.0-kali2-amd64 #1 SMP Debian 4.18.10-2kali1 (2018-10-09) x86_64 GNU/Linux
# apt show openvas
Maintainer: Kali Developers <email@example.com>
Installed-Size: 59,4 kB
Depends: openvas-manager (>= 7.0.2-4), openvas-scanner (>= 5.1.1-4), greenbone-security-assistant (>= 7.0.0), openvas-cli (>= 1.4.5)
I tried restarting the services. I tried restarting the machine. I deleted old and created new tasks. Nothing helps. All packages as well as feeds are on the newest version. Nothing else is running on the machine (except openssh-server).
How do you know its a Kali issue? If i ran it on Ubuntu would you tell me to go and speak to them instead? Hard to see how you’ll provide any support on that basis.
Anyway I have two identically built machines both with the same Kali patches apply and one gives me the “xsltFreeStackElem: Unexpected RVT flag” error and the other doesn’t so it seems more likely Openvas database or config related than a Kali problem.
If Openvas had better troubleshooting information it would be much easier to work out where the problems actually lie.
The distributions are packaging different library versions of our software and their dependencies. We can’t ensure that these versions are working as expected. Our reference system is the GCE because if you can reproduce the issue on the GCE we’ll be able to reproduce it too and then it’s most likely an issue in our software. So using the GCE will help us to find the real source of your problem.
here is the result of openvas-check-setup
Step 1: Checking OpenVAS Scanner …
OK: OpenVAS Scanner is present in version 5.1.3.
OK: redis-server is present in version v=5.0.3.
OK: scanner (kb_location setting) is configured properly using the redis-server socket: /var/run/redis-openvas/redis-server.sock
OK: redis-server is running and listening on socket: /var/run/redis-openvas/redis-server.sock.
OK: redis-server configuration is OK and redis-server is running.
OK: NVT collection in /var/lib/openvas/plugins contains 47816 NVTs.
WARNING: Signature checking of NVTs is not enabled in OpenVAS Scanner.
SUGGEST: Enable signature checking (see http://www.openvas.org/trusted-nvts.html).
OK: The NVT cache in /var/cache/openvas contains 60773 files for 47816 NVTs.
Step 2: Checking OpenVAS Manager …
OK: OpenVAS Manager is present in version 7.0.3.
OK: OpenVAS Manager database found in /var/lib/openvas/mgr/tasks.db.
OK: Access rights for the OpenVAS Manager database are correct.
OK: sqlite3 found, extended checks of the OpenVAS Manager installation enabled.
OK: OpenVAS Manager database is at revision 184.
OK: OpenVAS Manager expects database at revision 184.
OK: Database schema is up to date.
OK: OpenVAS Manager database contains information about 60524 NVTs.
OK: At least one user exists.
OK: OpenVAS SCAP database found in /var/lib/openvas/scap-data/scap.db.
OK: OpenVAS CERT database found in /var/lib/openvas/cert-data/cert.db.
OK: xsltproc found.
Step 3: Checking user configuration …
WARNING: Your password policy is empty.
SUGGEST: Edit the /etc/openvas/pwpolicy.conf file to set a password policy.
Step 4: Checking Greenbone Security Assistant (GSA) …
OK: Greenbone Security Assistant is present in version 7.0.3.
OK: Your OpenVAS certificate infrastructure passed validation.
Step 5: Checking OpenVAS CLI …
OK: OpenVAS CLI version 1.4.5.
Step 6: Checking Greenbone Security Desktop (GSD) …
SKIP: Skipping check for Greenbone Security Desktop.
Step 7: Checking if OpenVAS services are up and running …
OK: netstat found, extended checks of the OpenVAS services enabled.
OK: OpenVAS Scanner is running and listening on a Unix domain socket.
WARNING: OpenVAS Manager is running and listening only on the local interface.
This means that you will not be able to access the OpenVAS Manager from the
outside using GSD or OpenVAS CLI.
SUGGEST: Ensure that OpenVAS Manager listens on all interfaces unless you want
a local service only.
OK: Greenbone Security Assistant is listening on port 9392, which is the default port.
Step 8: Checking nmap installation …
OK: nmap is present in version 5.51.
Step 10: Checking presence of optional tools …
OK: pdflatex found.
OK: PDF generation successful. The PDF report format is likely to work.
OK: ssh-keygen found, LSC credential generation for GNU/Linux targets is likely to work.
OK: rpm found, LSC credential package generation for RPM based targets is likely to work.
OK: alien found, LSC credential package generation for DEB based targets is likely to work.
OK: nsis found, LSC credential package generation for Microsoft Windows targets is likely to work.
It seems like your OpenVAS-9 installation is OK.
Any suggestion will be appreciated
PS : in log i’ve got that :
md main:WARNING:2018-12-22 19h19.44 UTC:18760: openvas_scanner_read: Failed to read from scanner: Connection reset by peer
event task:MESSAGE:2018-12-22 19h19.44 UTC:18760: Status of task Immediate scan of IP 192.168.0.3 (910f8126-ad63-4122-b120-8505109de461) has changed to Stopped
Many Thanks Lukas and sorry for the delay…
I’m ok to check my installation but what can i check more than the full reinstall and setup logs ?
Any idea or command to run ?
Sorry but -as I’m not an expert- I’m stuck here