Hint: Redis setup / configuration for GSE/GVM/OpenVAS

redis
hint

#1

Redis Setup

Note: If you have any questions on this topic please start a new thread for each question and link back to this topic so that it can be updated accordingly.

When running a GSE/GVM/OpenVAS setup build from source please pay special attention on the setup / configuration of Redis for a smooth operation of your whole setup. If you’re facing issues with your scans please see the “Common issues” section below.

The following documentation is guiding you through this setup:

Common issues

Scanning larger target ranges causing the scan to stuck at 1% for longer time

Note: There was a bug in the openvassd causing the same impact. Please make sure that you’re using the latest components announced in GVM-10 (stable, initial release 2019-04-05) and GVM-9 (old stable, initial release 2017-03-07).

This issue might show up if your databases number in your redis.conf is configured with a too low number. Please see the previously linked redis_config.txt how to calculate the database number.

Scanner / openvassd startup is timing out

If your scanner startup (example of systemd) is timing out with one of the following messages:

Redirecting to /bin/systemctl start  openvas-scanner.service.service
Job for openvas-scanner.service failed because a timeout was exceeded.
See "systemctl status openvas-scanner.service" and "journalctl -xe" for details.
systemd[1]: openvas-scanner.service: Start operation timed out. Terminating.
systemd[1]: Failed to start LSB: remote network security auditor - scanner.
systemd[1]: openvas-scanner.service: Unit entered failed state.
systemd[1]: openvas-scanner.service: Failed with result 'timeout'.

revisit your Redis setup with the resources mentioned above. The following steps are known to work and to solve this issue:

  1. Delete the file dump.rdb (Located in e.g. /var/run/redis depending on your setup)
  2. Comment out/remove all save xy z (e.g. save 900 1) from your redis.conf (Located in e.g. /etc/redis depending on your setup)
  3. Optional: Flush your redis database (Depending on your setup, e.g. redis-cli -s /var/run/redis/redis.sock flushall)
  4. Restart redis (Depending on your setup, e.g. service redis-server restart)
  5. Restart the Scanner (openvassd) and try again

Tasks stop at 1%: openvas_scanner_read: Failed to read from scanner: Connection reset by peer
Gvmd stuck at "Reloading NVTs" process "Updating NVT cache" never ends
Openvasmd fails to communicate with openvassd
Failed to start Open Vulnerability Assessment system scanner Daemon
Job for openvas-scanner.service failed because a timeout was exceeded on ubuntu
GVM-10 Problems during scanning
I am not able to run the scan
Openvas-sanner errors
SQLite error and tasks stuck
Openvas cache rebuild doesn't seem to be working
I am not able to run the scan
Scanning subnets results in 1% hanging
NVT cache rebuild FAIL
Failed to start opanvas-scanner.service
Unable to run scans due to status code 503
pinned #2

closed #3