Gvmd.sock connection refused

Hello everyone,

i am dealing with the problem that i cant login into my GSA.
It always gives me the following error:
The Greenbone Vulnerability Manager service is not responding. This could be due to system maintenanceIn my gsad.log i found something whoch could be the cuase oif this behaviour

Failed to connect to server at /opt/gvm/var/run/gvmd.sock: Connection refused

all the services are up and running, i dont see any problems with permisson for the gvmd.sock
What can i do?
I use Greenbone Vulneravility Manager 20.08

best regards,
alessio

Did you check if gvmd is listening on this unix socket path?

Hi,
i couldnt determine if gvmd is listening on this socket path. In gvm-tools.conf in section [unixsocket]
my socketpath is /opt/gvm/var/run/gvmd.sock

With ss -tulpn | grep LISTEN i see that gvmd is listening on 9390
tcp LISTEN 0 512 0.0.0.0:9390 0.0.0.0:* users:(("gvmd",pid=137277,fd=4))

The status of my gmvd service says:
gvmd.service: Can't open PID file /opt/gvm/var/run/gvmd.pid (yet?) after start: Operation not permitted
The owner in /opt/gvm/var/run is the non privileged user gvm, additionally i set the permissions to 755.

Is there anything else i could check?

Is there nothing else i can do? I am afraid i need to install everything again

Hi,
has someone an idea? This problem is really bugging me

best regards

You need to ensure the permissions here as well.
It might be better to follow LSB https://refspecs.linuxfoundation.org/FHS_3.0/fhs/ch04s09.html

and still use /var/run from the system.

Installing software from the source without setting up a package & repository might be complicated. As well you need to deal with the permissions starting from the “/” fs-root.

1 Like

It seems you are building using some guide from the internet to build from source. It is best to use https://greenbone.github.io/docs/ instead.

1 Like

Just a small hint from another topic in this forum the gvm user needs read (and execute permissions for directories) for the whole path to /opt/gvm/var/run.

1 Like

Hi,
thank you for the answers. I checked the paths and set permissions to 755 (whole path starting from root).
Here a screen of the content in /opt/gvm/var/run/
grafik

Still, the gsad.log says the gvmd.socket refuses the connection.
What i forgot to mention is, this happens since i needed to reboot the server due to new certificates.

best regards

had some time to deal wiht this problem again. I figured out that gvmd refuses any connectuons because of parameter -a in this line of my gvmd service unit:
ExecStart=/opt/gvm/sbin/gvmd -a 0.0.0.0--osp-vt-update=/opt/gvm/var/run/ospd.sock
Without this line it works like a charm but my TLS connection does not work anymore, unfortunately i need TLS to use gmp remotely.

Can anyone help?

AFAIK if you’re changing gvmd to listen on a TCP socket instead of an Unix socket you need to also tell gsad to connect via a TCP socket and not via Unix socket (which is the default). Otherwise the The Greenbone Vulnerability Manager service is not responding. is showing up while logging in.

This could help:

$ gsad --help | egrep "m(listen|port)"

  --mlisten=<address>                    Manager address.
  -m, --mport=<number>                   Use manager port number <number>.

Hi,
currently my gvmd.service starts with:
ExecStart=/opt/gvm/sbin/gvmd --osp-vt-update=/opt/gvm/var/run/ospd.sock --port=9390 -a 0.0.0.0

so its listening on port 9390 for every ip adress.

my gsad.service runs with
ExecStart=/opt/gvm/sbin/gsad --mlisten=<ip_of_gvm> --mport=9390 --drop-privileges=gvm --ssl-private-key=/opt/gvm/sbin/certs/private.pem --ssl-certificate=/opt/gvm/sbin/certs/certificate.pem --timeout=3600

Heres my gvm-tools.conf for gmp authorization and my unixsocket

[gmp]
username=<...>
password=<...>

[unixsocket]
socketpath=/opt/gvm/var/run/gvmd.sock

My TLS works but my gvmd is not responding if i try to login. If i remove in my gvmd.service the listen address and the port, my TLS does not work anymore but i am able to login and my gvmd responds.

Did i miss something?

If it helps, heres my netstat of my listening ports

netstat -tulpn | grep LISTEN
tcp        0      0 127.0.0.1:6379          0.0.0.0:*               LISTEN      934/redis-server 12
tcp        0      0 0.0.0.0:9390            0.0.0.0:*               LISTEN      370943/gvmd: Waitin
tcp        0      0 127.0.0.53:53           0.0.0.0:*               LISTEN      856/systemd-resolve
tcp        0      0 0.0.0.0:22              0.0.0.0:*               LISTEN      919/sshd: /usr/sbin
tcp        0      0 127.0.0.1:5432          0.0.0.0:*               LISTEN      973/postgres
tcp6       0      0 :::443                  :::*                    LISTEN      946/gsad
tcp6       0      0 ::1:6379                :::*                    LISTEN      934/redis-server 12
tcp6       0      0 :::9392                 :::*                    LISTEN      1916/gsad
tcp6       0      0 :::22                   :::*                    LISTEN      919/sshd: /usr/sbin