GSA is too old or too new -- error

Following up to a similar thread (How to update OpenVAS feed during the gvm-setup process?), I am just simply running gvm-setup and then gvm-check-setup, but I am getting a very weird error that causes my docker build to fail. See below:

[*] Checking Default scanner
08b69003-5fc2-4037-a479-93b440211c73  OpenVAS  /var/run/ospd/ospd.sock  0  OpenVAS Default
[+] Done
[*] Please note the password for the admin user
[*] User created with password 'a04b2711-5027-419c-a3c7-3fb5913ee8c4'.
ERROR:systemctl:the service is already running on PID 2726
Starting PostgreSQL 13 database server: main.
gvm-check-setup 21.4.1
  Test completeness and readiness of GVM-21.4.1
Step 1: Checking OpenVAS (Scanner)... 
        OK: OpenVAS Scanner is present in version 21.4.1.
        OK: Server CA Certificate is present as /var/lib/gvm/CA/servercert.pem.
Checking permissions of /var/lib/openvas/gnupg/*
        OK: _gvm owns all files in /var/lib/openvas/gnupg
        OK: redis-server is present.
        OK: scanner (db_address setting) is configured properly using the redis-server socket: /var/run/redis-openvas/redis-server.sock
        OK: redis-server is running and listening on socket: /var/run/redis-openvas/redis-server.sock.
        OK: redis-server configuration is OK and redis-server is running.
        OK: _gvm owns all files in /var/lib/openvas/plugins
        OK: NVT collection in /var/lib/openvas/plugins contains 74525 NVTs.
Checking that the obsolete redis database has been removed
        OK: No old Redis DB
        OK: ospd-OpenVAS is present in version 21.4.1.
Step 2: Checking GVMD Manager ... 
        OK: GVM Manager (gvmd) is present in version 21.4.2.
Step 3: Checking Certificates ... 
        OK: GVM client certificate is valid and present as /var/lib/gvm/CA/clientcert.pem.
        OK: Your GVM certificate infrastructure passed validation.
Step 4: Checking data ... 
        OK: SCAP data found in /var/lib/gvm/scap-data.
        OK: CERT data found in /var/lib/gvm/cert-data.
Step 5: Checking Postgresql DB and user ... 
        OK: Postgresql version and default port are OK.
 gvmd      | _gvm     | UTF8     | C.UTF-8 | C.UTF-8 | 
        OK: At least one user exists.
Step 6: Checking Greenbone Security Assistant (GSA) ... 
Oops, secure memory pool already initialized
        ERROR: Greenbone Security Assistant too old or too new: 21.4.1~dev1
        FIX: Please install Greenbone Security Assistant >= 21.04.
 ERROR: Your GVM-21.4.1 installation is not yet complete!

Any help with this would be greatly appreciated. Not quite sure what this means. The fix is to install a version greater than or equal to 21.04, but an error occurs if it is actually greater than 21.04? Confused.

1 Like

Reminder that script is not maintained by Greenbone nor is any Greenbone developer involved in writing that script.

Nevertheless you can ignore that error because we messed up the version in the GSA 21.4.1 release a bit. It always add ~dev1 to the version despite being a release and not a dev version.

2 Likes

I also encountered this problem in recent days. Anyway, I can’t scan it now
└─$ sudo gvm-check-setup
gvm-check-setup 21.4.1
Test completeness and readiness of GVM-21.4.1
Step 1: Checking OpenVAS (Scanner)…
OK: OpenVAS Scanner is present in version 21.4.1.
OK: Server CA Certificate is present as /var/lib/gvm/CA/servercert.pem.
Checking permissions of /var/lib/openvas/gnupg/*
OK: _gvm owns all files in /var/lib/openvas/gnupg
OK: redis-server is present.
OK: scanner (db_address setting) is configured properly using the redis-server socket: /var/run/redis-openvas/redis-server.sock
OK: redis-server is running and listening on socket: /var/run/redis-openvas/redis-server.sock.
OK: redis-server configuration is OK and redis-server is running.
OK: _gvm owns all files in /var/lib/openvas/plugins
OK: NVT collection in /var/lib/openvas/plugins contains 31906 NVTs.
Checking that the obsolete redis database has been removed
OK: No old Redis DB
OK: ospd-OpenVAS is present in version 21.4.1.
Step 2: Checking GVMD Manager …
OK: GVM Manager (gvmd) is present in version 21.4.2.
Step 3: Checking Certificates …
OK: GVM client certificate is valid and present as /var/lib/gvm/CA/clientcert.pem.
OK: Your GVM certificate infrastructure passed validation.
Step 4: Checking data …
OK: SCAP data found in /var/lib/gvm/scap-data.
OK: CERT data found in /var/lib/gvm/cert-data.
Step 5: Checking Postgresql DB and user …
OK: Postgresql version and default port are OK.
gvmd | _gvm | UTF8 | zh_CN.UTF-8 | zh_CN.UTF-8 |
OK: At least one user exists.
Step 6: Checking Greenbone Security Assistant (GSA) …
Oops, secure memory pool already initialized
ERROR: Greenbone Security Assistant too old or too new: 21.4.1~dev1
FIX: Please install Greenbone Security Assistant >= 21.04.

ERROR: Your GVM-21.4.1 installation is not yet complete!

Please follow the instructions marked with FIX above and run this
script again.

I also encountered this problem in recent days. Anyway, I can’t scan it now

└─$ sudo gvm-check-setup
gvm-check-setup 21.4.1
Test completeness and readiness of GVM-21.4.1
Step 1: Checking OpenVAS (Scanner)…
OK: OpenVAS Scanner is present in version 21.4.1.
OK: Server CA Certificate is present as /var/lib/gvm/CA/servercert.pem.
Checking permissions of /var/lib/openvas/gnupg/*
OK: _gvm owns all files in /var/lib/openvas/gnupg
OK: redis-server is present.
OK: scanner (db_address setting) is configured properly using the redis-server socket: /var/run/redis-openvas/redis-server.sock
OK: redis-server is running and listening on socket: /var/run/redis-openvas/redis-server.sock.
OK: redis-server configuration is OK and redis-server is running.
OK: _gvm owns all files in /var/lib/openvas/plugins
OK: NVT collection in /var/lib/openvas/plugins contains 31906 NVTs.
Checking that the obsolete redis database has been removed
OK: No old Redis DB
OK: ospd-OpenVAS is present in version 21.4.1.
Step 2: Checking GVMD Manager …
OK: GVM Manager (gvmd) is present in version 21.4.2.
Step 3: Checking Certificates …
OK: GVM client certificate is valid and present as /var/lib/gvm/CA/clientcert.pem.
OK: Your GVM certificate infrastructure passed validation.
Step 4: Checking data …
OK: SCAP data found in /var/lib/gvm/scap-data.
OK: CERT data found in /var/lib/gvm/cert-data.
Step 5: Checking Postgresql DB and user …
OK: Postgresql version and default port are OK.
gvmd | _gvm | UTF8 | zh_CN.UTF-8 | zh_CN.UTF-8 |
OK: At least one user exists.
Step 6: Checking Greenbone Security Assistant (GSA) …
Oops, secure memory pool already initialized
ERROR: Greenbone Security Assistant too old or too new: 21.4.1~dev1
FIX: Please install Greenbone Security Assistant >= 21.04.

ERROR: Your GVM-21.4.1 installation is not yet complete!

Please follow the instructions marked with FIX above and run this
script again.

Issue was caused by typo in GSA_MAJOR=“21.04” which must be GSA_MAJOR=“21.4” in script gvm-check-setup

sudo gvm-check-setup
gvm-check-setup 21.4.1
Test completeness and readiness of GVM-21.4.1
Step 1: Checking OpenVAS (Scanner)…
OK: OpenVAS Scanner is present in version 21.4.1.
OK: Server CA Certificate is present as /var/lib/gvm/CA/servercert.pem.
Checking permissions of /var/lib/openvas/gnupg/*
OK: _gvm owns all files in /var/lib/openvas/gnupg
OK: redis-server is present.
OK: scanner (db_address setting) is configured properly using the redis-server socket: /var/run/redis-openvas/redis-server.sock
OK: redis-server is running and listening on socket: /var/run/redis-openvas/redis-server.sock.
OK: redis-server configuration is OK and redis-server is running.
OK: _gvm owns all files in /var/lib/openvas/plugins
OK: NVT collection in /var/lib/openvas/plugins contains 74623 NVTs.
Checking that the obsolete redis database has been removed
OK: No old Redis DB
OK: ospd-OpenVAS is present in version 21.4.1.
Step 2: Checking GVMD Manager …
OK: GVM Manager (gvmd) is present in version 21.4.2.
Step 3: Checking Certificates …
OK: GVM client certificate is valid and present as /var/lib/gvm/CA/clientcert.pem.
OK: Your GVM certificate infrastructure passed validation.
Step 4: Checking data …
OK: SCAP data found in /var/lib/gvm/scap-data.
OK: CERT data found in /var/lib/gvm/cert-data.
Step 5: Checking Postgresql DB and user …
OK: Postgresql version and default port are OK.
gvmd | _gvm | UTF8 | en_US.UTF-8 | en_US.UTF-8 |
OK: At least one user exists.
Step 6: Checking Greenbone Security Assistant (GSA) …
Oops, secure memory pool already initialized
ERROR: Greenbone Security Assistant too old or too new: 21.4.1~dev1
FIX: Please install Greenbone Security Assistant >= 21.04.

ERROR: Your GVM-21.4.1 installation is not yet complete!

Please follow the instructions marked with FIX above and run this
script again.

$ sudo apt-cache show greenbone-security-assistant 1 ⨯
Package: greenbone-security-assistant
Version: 21.4.1-0kali1
Architecture: amd64
Maintainer: Debian Security Tools team+pkg-security@tracker.debian.org
Installed-Size: 453
Depends: lsb-base (>= 3.0-6), greenbone-security-assistant-common (= 21.4.1-0kali1), gvmd, libc6 (>= 2.14), libgcrypt20 (>= 1.8.0), libglib2.0-0 (>= 2.31.8), libgnutls30 (>= 3.7.0), libgvm21 (>= 21.4.1), libmicrohttpd12 (>= 0.9.50), libxml2 (>= 2.7.4)
Homepage: https://www.greenbone.net
Priority: optional
Section: contrib/admin
Filename: pool/contrib/g/greenbone-security-assistant/greenbone-security-assistant_21.4.1-0kali1_amd64.deb
Size: 145004
SHA256: 3c5d924921abde1587452967c801c128e3685c188bd9819fd415abb217127174
SHA1: c66a914c742692fb304920e71066ef4d265185e2
MD5sum: bac5bf74e4c092480a964c3b34d99743
Description: remote network security auditor - web interface
The Greenbone Security Assistant is a web application that
connects to the Greebone Vulnerability Manager and OpenVAS Administrator
to provide for a full-featured user interface for
vulnerability management.
Description-md5: 4e8900ff87d01216f3b24fd7aed24501

The issue was caused by typo in gvm-check-setup (/usr/bin/gvm-check-setup) script line 39

##############################################################################

LOG=/tmp/gvm-check-setup.log
CHECKVERSION=21.4.1

Current default is GVM-21.4.1:

VER=“21.4.1”
SCANNER_MAJOR=“21.4”
MANAGER_MAJOR=“21.4”
GSA_MAJOR=“21.04”

#####################################################
GSA_MAJOR=“21.04” which must be GSA_MAJOR=“21.4”

After changing it, shows no error and running smoothly

$ sudo gvm-check-setup
gvm-check-setup 21.4.1
Test completeness and readiness of GVM-21.4.1
Step 1: Checking OpenVAS (Scanner)…
OK: OpenVAS Scanner is present in version 21.4.1.
OK: Server CA Certificate is present as /var/lib/gvm/CA/servercert.pem.
Checking permissions of /var/lib/openvas/gnupg/*
OK: _gvm owns all files in /var/lib/openvas/gnupg
OK: redis-server is present.
OK: scanner (db_address setting) is configured properly using the redis-server socket: /var/run/redis-openvas/redis-server.sock
OK: redis-server is running and listening on socket: /var/run/redis-openvas/redis-server.sock.
OK: redis-server configuration is OK and redis-server is running.
OK: _gvm owns all files in /var/lib/openvas/plugins
OK: NVT collection in /var/lib/openvas/plugins contains 74623 NVTs.
Checking that the obsolete redis database has been removed
OK: No old Redis DB
OK: ospd-OpenVAS is present in version 21.4.1.
Step 2: Checking GVMD Manager …
OK: GVM Manager (gvmd) is present in version 21.4.2.
Step 3: Checking Certificates …
OK: GVM client certificate is valid and present as /var/lib/gvm/CA/clientcert.pem.
OK: Your GVM certificate infrastructure passed validation.
Step 4: Checking data …
OK: SCAP data found in /var/lib/gvm/scap-data.
OK: CERT data found in /var/lib/gvm/cert-data.
Step 5: Checking Postgresql DB and user …
OK: Postgresql version and default port are OK.
gvmd | _gvm | UTF8 | en_US.UTF-8 | en_US.UTF-8 |
OK: At least one user exists.
Step 6: Checking Greenbone Security Assistant (GSA) …
Oops, secure memory pool already initialized
OK: Greenbone Security Assistant is present in version 21.4.1~dev1.
Step 7: Checking if GVM services are up and running …
OK: ospd-openvas service is active.
OK: gvmd service is active.
OK: greenbone-security-assistant service is active.
Step 8: Checking few other requirements…
OK: nmap is present in version 21.4.1~dev1.
OK: ssh-keygen found, LSC credential generation for GNU/Linux targets is likely to work.
OK: nsis found, LSC credential package generation for Microsoft Windows targets is likely to work.
OK: xsltproc found.
WARNING: Your password policy is empty.
SUGGEST: Edit the /etc/gvm/pwpolicy.conf file to set a password policy.

It seems like your GVM-21.4.1 installation is OK.

1 Like

I had this same error and resolved per your findings. I now get the installation is OK. The problem is when I scan targets I am getting absolutely nothing for results. I can ping from the kali distro where I installed OpenVAS etc and I dont see any scan errors and NVT list is at like 74000 for full and fast scan but again no results where I would expect to see some vulnerabilities

1 Like

For anyone that’s just looking for a one-liner to run and resolve this issue, here you go:

sed -i"" 's/GSA_MAJOR="21.04"/GSA_MAJOR="21.4"/g' $(which gvm-check-setup)

Are there any plans to fix this from the actual source? I have this automated installation process built into a Docker process that spins off every once in a blue moon. Just trying to see if I should be waiting for an official fix or if I need to create a quick sed workaround to replace this.

2 Likes

you need to wait 30 mins to 1 hrs to update all database, it depends on your system , it may take less.

These status should be completed.