Virtual Appliance v4.2.24 all scans fail

I have downloaded and installed the GCE v4.2.4 and configured it using the instructions provided here: https://www.greenbone.net/en/install_use_gce/ and installed it on a Vmware ESXi 6.7 server.

Using the most basic settings, all scan tasks result in empty reports. It looks like no NVT tests are being run. I have tried multiple Alive Tests to no avail. I have tried the CVE scanner to n avail.

if I log into the shell of the virtual appliance, a basic nmap -sn ping scan succeeds showing hosts that are alive on the network.

If I look at /var/log/openvas/openvassd.messages, it shows ā€œTestingā€ and ā€œFinished testingā€ messages for the hosts on my network and demonstrates it is resolving the host names properly. Near the bottom of the log message, it shows ā€œClient not presentā€ so I wonder if that is a hint of the root cause?

Hi

did you already read and try the hints from

?

1 Like

Yes I tried all those things.

I verified namp is in the PATH of the root user (note:the guide doesnā€™t say which user to check the PATH forā€¦ It should)

I used nmap -sn, which is the same as an ICMP ECHO test. Iā€™m pretty sure openvas uses that exact command for that type of active test. I used the other tests as well, including the ā€˜assume aliveā€™ variant.

Note: this is a brand new out of the box v4.2.4 virtual appliance install. All the feed syncs are current.

Hi,

few notes:

Are you really running 4.2.4 or is this a typo and youā€™re running 4.2.24?

The GCE is a ready to run appliance, there is absolutely no access to the shell and checks for nmap on the shell required. Please donā€™t use any shell command, especially as root as you might break the base system sooner or later.

Only the ā€œnot shellā€ related steps in the linked thread are something you should check for the GCE.

Which is not absolutely true, quoting from man nmap:

The default host discovery done with -sn consists of an ICMP echo request, TCP SYN to port 443, TCP ACK to port 80, and an ICMP timestamp request by default. When executed by an unprivileged user, only SYN packets are sent (using a connect call) to ports 80 and 443 on the target.

The ā€œaliveā€ test ā€œScan config defaultā€ of the scan configuration is only using nmap -PE which is a ā€œrealā€ ICMP echo request only.

Sorry, typing from mobile phone hereā€¦

Yes it was a typo, the version is 4.2.24

Regarding the shell access, I understand the implications but please keep things in perspectiveā€¦ The troubleshooting steps say check the path, so thatā€™s what I did. And right now the out of the box install is broken for me, so the risk of it getting more broken makes the root shell concern a bit of a moot point.

And yes I understand your point regarding the nmap man page. When running as root (which I did) nmap -sn does do a icmp ECHO, as well as other tests. Iā€™m getting a combatative vibe from your response and itā€™s really not necessary or helping actually solve the problem.

The important question here is, have you installed v4.2.24 and does it work out of the box for you? Do you have suggestions on how to further troubleshoot or remediate the problem?

Hi,

the main problem is that no one currently knows which commands you have already tried on the command line while trying to solve this issue which might have contributed to or even causing this issue (e.g. running greenbone-nvt-sync on the command line instead of via the menu).

Thus the note/warning about root/shell access was given.

Similar the note about the nmap parameter so that this discussion isnā€™t based on incorrect assumptions.

To verify the status of the version 4.2.24 of the GCE (i only had 4.2.20 installed) i had:

  1. downloaded and installed a fresh 4.2.24 ISO image following the instructions posted initially
  2. done a successful first feed sync (no ā€œA system operation is currently runningā€ in the About menu like explained in the initial posted link)
  3. started a new scan against a system answering to ICMP echo requests

The system was detected as ā€œaliveā€ correctly and the results are coming in (e.g. services detected) as expected.

I will see (if time permits) to update Hint: Hosts are not scanned / not shown as "Alive" to make clear that parts of the steps shouldnā€™t be done for the GCE and to add a few additional notes on how to enabling more debugging steps.

For now i suggest the following:

  1. Re-do the installation of the GCE 4.2.24 installation without going to the shell
  2. Wait until the feed was synced successfully (Check the About menu)
  3. Try to enable additional logging within the nmap (NASL wrapper) and Ping Host VTs (e.g. enable nmap logging) to see possible issues
1 Like

I get exactly the same as this with the new install. I did have 4.2.20 installed and working well, and I can roll back to that ok (Veaam restore).

But setting up the 4.2.24 and running that just returns nothing.

I have gone to the shell and done a simple ping and that is ok.

I have also checked the feed status (ok) and I have tried different Alive settings including the last one of assume alive.

I am a Wintel person so have no idea what commands to run in shell so have not done any.