Gvmd with systemd

Hello,

I am having problems starting the gvmd daemon with systemd. Here is the content of my service script.

[Unit]
Description=Greenbone OpenVAS Manager
After=network.target networking.service postgresql.service ospd-openvas.service
Wants=postgresql.service ospd-openvas.service
ConditionKernelCommandLine=!recovery

[Service]
Type=forking
User=gvm
Group=gvm
RuntimeDirectory=gvm
RuntimeDirectoryMode=2775
PIDFile=/var/run/gvm/gvmd.pid
ExecStart=/usr/sbin/gvmd --osp-vt-update=/run/ospd/ospd.sock
Restart=always
TimeoutStopSec=10

[Install]
WantedBy=multi-user.target

Here the content of the gvmd.log file:

md manage:MESSAGE:2021-09-26 22h06.22 utc:3215472: No CERT database found
libgvm util:MESSAGE:2021-09-26 22h06.23 utc:3215472: Setting GnuPG dir to ‘/var/lib/gvm/gvmd/gnupg’
libgvm util:MESSAGE:2021-09-26 22h06.23 utc:3215472: Using OpenPGP engine version ‘2.2.20’
libgvm base:CRITICAL:2021-09-26 22h06.23 utc:3215472: pidfile_create: failed to open pidfile: Permission denied
md main:MESSAGE:2021-09-26 22h07.53 utc:3215578: Greenbone Vulnerability Manager version 21.4.2 (DB revision 242)
md manage:MESSAGE:2021-09-26 22h07.53 utc:3215579: No SCAP database found
md manage:MESSAGE:2021-09-26 22h07.53 utc:3215579: No CERT database found
libgvm util:MESSAGE:2021-09-26 22h07.53 utc:3215579: Setting GnuPG dir to ‘/var/lib/gvm/gvmd/gnupg’
libgvm util:MESSAGE:2021-09-26 22h07.53 utc:3215579: Using OpenPGP engine version ‘2.2.20’
libgvm base:CRITICAL:2021-09-26 22h07.53 utc:3215579: pidfile_create: failed to open pidfile: Permission denied

So with the limited amount of log message I have, I guess the problem is that gvmd cannot create its pid file under /run/gvm/. Anyone have an idea, maybe I’m missing something to add in gvmd.service?

stat /run/gvm
File: /run/gvm
Size: 140 Blocks: 0 IO Block: 4096 directory
Device: 17h/23d Inode: 43099555 Links: 2
Access: (2775/drwxrwsr-x) Uid: ( 995/ gvm) Gid: ( 992/ gvm)
Access: 2021-09-26 18:23:08.397636924 -0400
Modify: 2021-09-26 18:22:57.459121467 -0400
Change: 2021-09-26 18:22:57.459121467 -0400
Birth: -

GVM versions

gsad: 21.4.2
gvmd: 21.4.2
openvas-scanner: 21.4.2
gvm-libs: 21.4.2

Environment

Operating system: AlmaLinux8.4
Kernel: 4.18.0-305.12.1.el8_4.x86_64
Installation method / source: source

Hi @gmourani,

Can you check the setup and share the result please for precise support with this command: gvm-check-setup

Best

You have a permission problem with your PID file, please check your UID/GID permissions.

1 Like

gvm-check-setup is not available on my installation. Do you know what source code this script comes from?

Yes I know it’s permission problem. /run/gvm is set mode 2775 and owned by user gvm:gvm. Also, I specified in gvmd.service RuntimeDirectory=gvm, RuntimeDirectoryMode=2775, and PIDFile=/var/run/gvm/gvmd.pid. It should be enough to give the process rights to create the pid file in the directory.

Hi @gmourani,

Fot the installation please always prefer to use the official documentation provided by the Greenbone Team https://greenbone.github.io/docs/.

If gvm-check-setup is not available, please try to locate the gvm-check-setup file instead of running the command, in Kali Linux you can find it in this path: /user/bi/gvm-check-setup
If you don’t find in this path try to search for it, and after that you can take screenshot of the configurations and send it.

Note: I saw to issues in your post message.

  1. You’re not able to start the gvmd
  2. No SCAP database found

I have faced the both issues but in Kali Linux after upgrading to gvm 21.4.2, to solve the first one I had to follow this steps Installation issues this was what prevented me to start the gvmd. To solve the second issue just go to this steps SCAP database not found.

I hope it helps you

Best

1 Like

Hello,

I’ve found the problem to be related to the fact that I need to define a “Feed Import Owner” so that gvmd can update missing CERT and SCAP database and GnuPG signature too. Here the steps:

1 - sudo -Hiu gvm /usr/sbin/gvmd --get-users --verbose
Use the output string associated with the admin account for the next step

2 - sudo -Hiu gvm /usr/sbin/gvmd --modify-setting 78eceaec-3385-11ea-b237-28d24461215b --value

3 - Restart the gvmd process : systemctl restart gvmd

1 Like

Sorry, correction for step 2:

sudo -Hiu gvm /usr/sbin/gvmd --modify-setting 78eceaec-3385-11ea-b237-28d24461215b --value the output string associated with the admin

1 Like