I tried on Ubuntu 23.04 and in fact, the outcome was different. However, the installation does not seem to be complete. The first time using gvm-check-setup
it reported that CERT data had not synced.
Step 4: Checking data ...
OK: SCAP data found in /var/lib/gvm/scap-data.
ERROR: CERT data are missing.
FIX: Run the CERT synchronization script greenbone-feed-sync.
sudo runuser -u _gvm -- greenbone-feed-sync --type CERT.
ERROR: Your GVM-22.4.1 installation is not yet complete!
After that it complained that gsad
was not configured correctly, which seems to be the issue you are having.
Step 7: Checking if GVM services are up and running ...
OK: ospd-openvas service is active.
OK: gvmd service is active.
Starting gsad service
Waiting for gsad service
ERROR: gsad service did not start.
Please check journalctl -xe and /var/log/gvm/gsad.log
ERROR: Your GVM-22.4.1 installation is not yet complete!
Please follow the instructions marked with FIX above and run this
script again.
Inspecting the gsad.log file, it seems gsad
cannot find the private key for the SSL/TLS connection. YOu can check your own /var/log/gvm/gsad.log
file to confirm the same error.
Starting GSAD version 22.04.1~git
gsad main:CRITICAL:2023-08-23 20h35.04 utc:8852: main: Could not load private SSL key from /var/lib/gvm/private/CA/serverkey.pem: Failed to open file “/var/lib/gvm/private/CA/serverkey.pem”: No such file or directory
gsad main:WARNING:2023-08-23 20h35.04 utc:8853: main: `start_http_daemon` redirect failed!
The certificate is present in that location and has the owner and group _gvm
and the permissions match those in the Kali Linux native installation. The gsad.serivce file also appears to be the same. However, it seems that GSAD cannot access the required files for SSL/TLS connection.
The function start_http_daemon()
refers to the gsad.c file which essentially calls the MHD_start_daemon()
a Microhttpd (MHD) library function, which is gsad’s web server. It seems that although the files are there and the permissions are correct, those files cannot be properly accessed.
The failure happens on line 2599
of gsad.c
file when the g_file_get_contents()
is unable to load the private key. However, I can’t immediately see why not, since its there and the permissions are correct, unless there is something like SELinux blocking access to the file.