I have downloaded and installed the GCE v4.2.4 and configured it using the instructions provided here: https://www.greenbone.net/en/install_use_gce/ and installed it on a Vmware ESXi 6.7 server.
Using the most basic settings, all scan tasks result in empty reports. It looks like no NVT tests are being run. I have tried multiple Alive Tests to no avail. I have tried the CVE scanner to n avail.
if I log into the shell of the virtual appliance, a basic nmap -sn ping scan succeeds showing hosts that are alive on the network.
If I look at /var/log/openvas/openvassd.messages, it shows āTestingā and āFinished testingā messages for the hosts on my network and demonstrates it is resolving the host names properly. Near the bottom of the log message, it shows āClient not presentā so I wonder if that is a hint of the root cause?
I verified namp is in the PATH of the root user (note:the guide doesnāt say which user to check the PATH forā¦ It should)
I used nmap -sn, which is the same as an ICMP ECHO test. Iām pretty sure openvas uses that exact command for that type of active test. I used the other tests as well, including the āassume aliveā variant.
Note: this is a brand new out of the box v4.2.4 virtual appliance install. All the feed syncs are current.
Are you really running 4.2.4 or is this a typo and youāre running 4.2.24?
The GCE is a ready to run appliance, there is absolutely no access to the shell and checks for nmap on the shell required. Please donāt use any shell command, especially as root as you might break the base system sooner or later.
Only the ānot shellā related steps in the linked thread are something you should check for the GCE.
Which is not absolutely true, quoting from man nmap:
The default host discovery done with -sn consists of an ICMP echo request, TCP SYN to port 443, TCP ACK to port 80, and an ICMP timestamp request by default. When executed by an unprivileged user, only SYN packets are sent (using a connect call) to ports 80 and 443 on the target.
The āaliveā test āScan config defaultā of the scan configuration is only using nmap -PE which is a ārealā ICMP echo request only.
Regarding the shell access, I understand the implications but please keep things in perspectiveā¦ The troubleshooting steps say check the path, so thatās what I did. And right now the out of the box install is broken for me, so the risk of it getting more broken makes the root shell concern a bit of a moot point.
And yes I understand your point regarding the nmap man page. When running as root (which I did) nmap -sn does do a icmp ECHO, as well as other tests. Iām getting a combatative vibe from your response and itās really not necessary or helping actually solve the problem.
The important question here is, have you installed v4.2.24 and does it work out of the box for you? Do you have suggestions on how to further troubleshoot or remediate the problem?
the main problem is that no one currently knows which commands you have already tried on the command line while trying to solve this issue which might have contributed to or even causing this issue (e.g. running greenbone-nvt-sync on the command line instead of via the menu).
Thus the note/warning about root/shell access was given.
Similar the note about the nmap parameter so that this discussion isnāt based on incorrect assumptions.
To verify the status of the version 4.2.24 of the GCE (i only had 4.2.20 installed) i had:
downloaded and installed a fresh 4.2.24 ISO image following the instructions posted initially
done a successful first feed sync (no āA system operation is currently runningā in the About menu like explained in the initial posted link)
started a new scan against a system answering to ICMP echo requests
The system was detected as āaliveā correctly and the results are coming in (e.g. services detected) as expected.
I will see (if time permits) to update Hint: Hosts are not scanned / not shown as "Alive" to make clear that parts of the steps shouldnāt be done for the GCE and to add a few additional notes on how to enabling more debugging steps.
For now i suggest the following:
Re-do the installation of the GCE 4.2.24 installation without going to the shell
Wait until the feed was synced successfully (Check the About menu)
Try to enable additional logging within the nmap (NASL wrapper) and Ping Host VTs (e.g. enable nmap logging) to see possible issues