GVM Master-Slave Setup not working

GVM versions

gsa: Greenbone Security Assistant 9.0
gvm: Greenbone Vulnerability Manager 9.0.0
ospd-openvas: OSP Server for openvas: 1.0.0
openvas: OpenVAS 7.0.0

Environment

Operating system: Ubuntu 18.04.3 LTS
Kernel: Linux node2 4.15.0-70-generic

Hi guys,

I have trouble setting up a maser-slave setting.
I allready googled a lot and read the topics here:



https://blog.haardiek.org/setup-openvas-as-master-and-slave.html

But did not come up with a working solution…

What i did:
slave:

  • added user
    gvmd --create-user=slave --password=12345 --role=Admin

  • gvmd listening on 0.0.0.0?
    tcp 0 0 0.0.0.0:9391 0.0.0.0:* LISTEN 0 29372 1214/gvmd: Waiting

  • copied /var/lib/gvm/CA/cacert.pem to master

master:

  • created credentials with user ‘slave’ and password ‘12345’ and ‘allow insecure use’

  • create GMP scanner with my credentials.

  • add cacert of slave to scanner
    gvmd --modify-scanner=‘70ec1f74-5521-44bf-bad3-601313f3433b’ --scanner-ca-pub=/root/cacert.pem

I tried a lot more, but basically i think it should work with this…

Tested the verify scanner option:
GVMD-LOG ON MASTER:
md main: DEBUG:2019-11-21 15h45.36 CET:4133: <= client “<verify_scanner scanner_id=“70ec1f74-5521-44bf-bad3-601313f3433b”/>”
lib serv: DEBUG:2019-11-21 15h45.36 CET:4133: Connected to server ‘192.168.28.157’ port 9391.
lib serv: DEBUG:2019-11-21 15h45.36 CET:4133: Shook hands with server ‘192.168.28.157’ port 9391.
lib serv:WARNING:2019-11-21 15h45.36 CET:4133: gvm_server_verify: the certificate is not trusted
lib serv:WARNING:2019-11-21 15h45.36 CET:4133: gvm_server_verify: the certificate hasn’t got a known issuer
md main: DEBUG:2019-11-21 15h45.36 CET:4133: -> client: <verify_scanner_response status=“503” status_text=“Service unavailable”/>

So it looks like a certificate problem, but not sure how to fix this?
If i look in the postgresql db i can see the cacert.pem of the scanner, but if i try to download it in gsa, i get a file with ‘undefined’ written in it… is this a bug?

GVMD-LOG ON SLAVE:

lib serv: DEBUG:2019-11-21 14h49.45 utc:2924: Shook hands with peer.
md main: DEBUG:2019-11-21 14h49.45 utc:2924: Serving GMP
md main:WARNING:2019-11-21 14h49.45 utc:2924: read_from_client_tls: failed to read from client: The TLS connection was non-properly terminated.
md main: DEBUG:2019-11-21 14h49.45 utc:2924: Cleaning up
md main: DEBUG:2019-11-21 14h49.45 utc:2924: Exiting

SCAN TEST:
i also tried to scan with the slave.
The master is able to send the task to the slave and it is actually doing some scanning, but no results are received by the master. It stucks at 1%, no logfiles nothing.

I would realy appreciate some help, since i wasted hours without progress on this…

Does not anybody has an idea how to solve this problem?

To me, your problem report looks contradictory.

At 14.49 the slave log reports in <1 second that the connection didn’t work.
An hour later 15.45 the master log reports in <1 second that the slave didn’t provide a trusted certificate, issued by some trusted CA (certificate authority). So you should look into your certificate / certificate infrastructure, there are certainly relevant chapters in the documentation.

You said the scan started, but this doesn’t look possible with said error reports.
So either the “1%” is not really correct, or something changed in between.

Why don’t you ask a question on the ubuntu help forums? They are friendly and helpful over there, and if you run it on ubuntu, that seems a logical thing to do. If I understand the gb policies correctly, they supply the GCE in order to have a clearly defined and correctly configured system base so they support that and know every relevant detail, but they don’t want to learn the integration and configuration details of every linux OS under the sun, which sounds reasonable to me, so the ubuntu forum looks like a good place to ask (unless you installed from source yourself, then you might want to learn how to do a working integration yourself).