GVM as Root ;(

ayinuha · August 28, 2019, 12:26pm

Hey Ho,

i installed and run the completle setup as root… Cause i forget that its not secure… Now i try to get it work as normal user, with set the path permissions. But if i run this command gvmd —unix-socket=/usr/local/var/run/gvmd.sock
i get this error in the log

md main:MESSAGE:2019-08-28 12h18.04 utc:5051: Greenbone Vulnerability Manager version 8.0.1 (DB revision 205)
md manage:WARNING:2019-08-28 12h18.04 utc:5051: Failed to open lock file ‘/usr/local/var/run/gvm-checking’: Permission denied
md main:CRITICAL:2019-08-28 12h18.04 utc:5051: main: Error trying to get checking lock

i already changed the permissions of gvm-checking and of the socket path…

GVM versions

gsa: 8.0.1
gvm: 8.0.1
openvas-scanner: 6.0.1
gvm-libs: 10.0.1
gvm-tools: 2.0.0.beta1

Environment Greenbone Server

**Operating system: Ubuntu Server 18.4
**Kernel: 4.15.0-58-generic
**Installation method / source: Github

roberto · August 28, 2019, 12:58pm

Hi ayinuha,
It’s seem a linux permission problem.
Stop gvmd and remove /usr/local/var/run/gvm* then try to start from unpriviledge user.
Roberto

ayinuha · August 28, 2019, 1:07pm

Hey,
Thanks for the fast reply!
ive done that, now i got this error:

md main:MESSAGE:2019-08-28 13h01.10 utc:1911: Greenbone Vulnerability Manager version 8.0.1 (DB revision 205)
md manage:WARNING:2019-08-28 13h01.10 utc:1912: sql_open: sqlite3_open failed: unable to open database file
md manage:WARNING:2019-08-28 13h01.10 utc:1912: init_manage_process: sql_open failed

When i wanna start gsad with follow command: gsad -p 9390 --listen=IP.IP.IP.IP
as non privalege user this is in the log:

gsad main:MESSAGE:2019-08-28 13h03.07 utc:2028: Starting GSAD version 8.0.1
gsad main:CRITICAL:2019-08-28 13h03.07 utc:2029: main: Could not write PID file.
gsad main:CRITICAL:2019-08-28 13h03.07 utc:2030: main: Could not write PID file.

and for the openvassd with this command

openvassd —unix-socket=/tmp/redis.sock
i get this error

lib kb:CRITICAL:2019-08-28 13h05.44 utc:2210: get_redis_ctx: redis connection error: Permission denied

roberto · August 28, 2019, 1:12pm

I think your installation path and all subdirectories has the wrong permission rights
Roberto

ayinuha · August 28, 2019, 1:15pm

I think so too… but is there an easier way as find out all path and change it? or is there an clearly list with all path where i need permissions?

roberto · August 28, 2019, 1:20pm

Look in /var/lib and /usr/share for openvas and gvm.
You can use the command
find / -name openvas
and
find / -name gvm
To change permission use:
chown -R user:group path
where:
user is your user for openvas
group is the group of the user
path is the directory of openvas installation
Roberto

ayinuha · August 29, 2019, 5:36am

Hey,

i tried to change all i find with the find comment, but there are still other files who the normal user dont have permissions… but i think its easier to make a completle new setup

ayinuha · August 30, 2019, 10:04am

I’ve make a completle new VM and setup Greenbone completle new. In the first setup i used cmake … so that it was written to the default path in /usr/local/

Now i used this command and installed it in the home Path of the user.
cmake -DCMAKE_INSTALL_PREFIX=/home/user/install …

To update the Path i used this commandos.

export PKG_CONFIG_PATH=/home/user/install/lib/pkgconfig

export PATH=/home/user/install/bin:/home/user/install/sbin:$PATH
Now its work fine

GVM versions

gsa: 8.0.1
gvm: 8.0.1
openvas-scanner: 6.0.1
gvm-libs: 10.0.1
gvm-tools: 2.0.0.beta1

Environment Greenbone Server

**Operating system: Ubuntu Server 18.4
**Kernel: 4.15.0-58-generic
**Installation method / source: Github