Hi all, I have installed Greenbone CE with the Docker compose from the docs (with remote access and SSL/TLS). Docker is hosted on a CentOS Stream 9 VM.
I ran a scan on some hosts with AlmaLinux 9.3 and in the report got the error “Unable to launch table driven lsc”
/var/log/gvm/openvas.log in the ospd-openvas reports:
Running Notus for 10.138.X.Y
run_table_driven_lsc: Unable to retrieve status message from notus. Timeout after 60 s
attack_host: Unable to launch table driven LSC
Although the notus-scanner container is up&running, /var/log/faillog and /var/log/lastlog are empty.
Any suggestion on where could I look?
docker ps
IMAGE COMMAND CREATED STATUS PORTS NAMES
greenbone/gsa:stable "/usr/local/bin/entrypoint /usr/local/bin/start-gsad" 2 days ago Up 2 days 0.0.0.0:443->443/tcp, :::443->443/tcp greenbone-community-edition-gsa-1
greenbone/gvmd:stable "/usr/local/bin/entrypoint /usr/local/bin/start-gvmd" 2 days ago Up 2 days greenbone-community-edition-gvmd-1
greenbone/ospd-openvas:stable "/usr/bin/tini -- /usr/local/bin/entrypoint ospd-openvas -f --config /etc/gvm/ospd-openvas.conf --mqtt-broker-address mqtt-broker --notus-feed-dir /var/lib/notus/advisories -m 666" 2 days ago Up 2 days greenbone-community-edition-ospd-openvas-1
greenbone/notus-scanner:stable "/usr/local/bin/entrypoint notus-scanner -f -b broker" 2 days ago Up 2 days greenbone-community-edition-notus-scanner-1
greenbone/pg-gvm:stable "/usr/local/bin/entrypoint /usr/local/bin/start-postgresql" 2 days ago Up 2 days greenbone-community-edition-pg-gvm-1
greenbone/mqtt-broker "/bin/sh -c 'mosquitto -c /etc/mosquitto.conf'" 2 days ago Up 2 days greenbone-community-edition-mqtt-broker-1
greenbone/redis-server "/bin/sh -c 'rm -f /run/redis/redis.sock && redis-server /etc/redis/redis.conf'" 2 days ago Up 2 days greenbone-community-edition-redis-server-1
If your installation is critical, I would wait for a second opinion, otherwise, you could try to update all the containers by pulling them again. Checkout the workflow here.
It looks like the error message is misleading - the messages do in fact arrive, but the notus files are not found:
$ docker compose -f docker-compose.yml -p greenbone-community-edition logs -f ospd-openvas
ospd-openvas-1 | OSPD[7] 2024-02-13 07:23:00,854: INFO: (ospd.main) Starting OSPd OpenVAS version 22.6.2.
ospd-openvas-1 | OSPD[7] 2024-02-13 07:23:00,859: INFO: (ospd_openvas.messaging.mqtt) Successfully connected to MQTT broker
ospd-openvas-1 | OSPD[7] 2024-02-13 07:23:10,910: INFO: (ospd_openvas.daemon) Loading VTs. Scans will be [requested|queued] until VTs are loaded. This may take a few minutes, please wait...
ospd-openvas-1 | OSPD[7] 2024-02-13 07:24:08,737: INFO: (ospd_openvas.daemon) Finished loading VTs. The VT cache has been updated from version 202402120557 to 202402130613.
ospd-openvas-1 | OSPD[7] 2024-02-13 07:28:25,067: INFO: (ospd.command.command) Scan f1b5d4ed-daf9-4e7c-bf65-22acf8aaf91c added to the queue in position 2.
ospd-openvas-1 | OSPD[7] 2024-02-13 07:28:29,992: INFO: (ospd.ospd) Currently 1 queued scans.
ospd-openvas-1 | OSPD[7] 2024-02-13 07:28:30,178: INFO: (ospd.ospd) Starting scan f1b5d4ed-daf9-4e7c-bf65-22acf8aaf91c.
ospd-openvas-1 | OSPD[7] 2024-02-13 07:47:37,712: WARNING: (ospd_openvas.daemon) Invalid VT oid for a result
ospd-openvas-1 | OSPD[7] 2024-02-13 07:48:39,410: WARNING: (ospd_openvas.daemon) Invalid VT oid for a result
ospd-openvas-1 | OSPD[7] 2024-02-13 07:48:40,412: INFO: (ospd.ospd) f1b5d4ed-daf9-4e7c-bf65-22acf8aaf91c: Host scan finished.
ospd-openvas-1 | OSPD[7] 2024-02-13 07:48:40,414: INFO: (ospd.ospd) f1b5d4ed-daf9-4e7c-bf65-22acf8aaf91c: Scan finished.
$ docker compose -f docker-compose.yml -p greenbone-community-edition logs -f notus-scanner
notus-scanner-1 | 2024-02-13 07:22:52,651 notus-scanner: INFO: (notus.scanner.daemon) Starting notus-scanner version 22.6.2.
notus-scanner-1 | 2024-02-13 07:46:37,484 notus-scanner: WARNING: (notus.scanner.loader.json) Could not load advisories from /var/lib/notus/products/almalinux_9.notus. File does not exist.
notus-scanner-1 | 2024-02-13 07:46:37,484 notus-scanner: ERROR: (notus.scanner.scanner) Unable to start scan for 10.138.0.14: No advisories for OS-release AlmaLinux 9 found. Check if the OS-release is correct and the corresponding advisories are given.
notus-scanner-1 | 2024-02-13 07:47:38,360 notus-scanner: WARNING: (notus.scanner.loader.json) Could not load advisories from /var/lib/notus/products/almalinux_9.notus. File does not exist.
notus-scanner-1 | 2024-02-13 07:47:38,360 notus-scanner: ERROR: (notus.scanner.scanner) Unable to start scan for 10.138.0.21: No advisories for OS-release AlmaLinux 9 found. Check if the OS-release is correct and the corresponding advisories are given.
In a related topic, there is a link to the docs where AlmaLinux is listed between the available LSC VT families, but in the ospd-openvas container in /var/lib/notus/products there are only files for Debian, EulerOS, Slackware, Suse, Ubuntu. Same in the Community Feed Rsync. So is AlmaLinux an enterprise grade product with regard to the feed comparison?
Yes, AlmaLinux is only part of our enterprise feed. Nevertheless the error is misleading in this case but you can just ignore it. I wasn’t aware of this problem.
Thank you, in the beginning I thought that something went wrong
Just a last question: is it possible to get a list of the products included in the enterprise feed and potentially buy access to enterprise feed for a self-hosted GCE instance?
As a general advice: Please use / create a new thread for each new question not related to the initial topic / problem, this is usually best practice in most discussion platforms.