How exactly do you start GSA? gvm-start doesn't work, but gvm-check-setup does

I am experiencing some weird issues when it comes to launching GSA. Sometimes the service starts, sometimes it doesn’t. I have a very simply installation process so I’m not quite sure why it’s inconsistent.

I simply instlal openvas using apt install postgresql openvas, and then I run the setup with gvm-setup. Since the installation is unattended, there’s nothing really for me to do here. When it comes to starting the service, I’m under the impression that I just simply need to run gvm-start. This is where things start to fall apart.

As you can see below, I ran gvm-start, but it’s not actually listening on the port:

__# gvm-start
[*] Please wait for the GVM / OpenVAS services to start.
[*] You might need to refresh your browser once it opens.
[*]  Web UI (Greenbone Security Assistant):

__# netstat -antp | grep -i listen
tcp        0      0*               LISTEN      -                   
tcp        0      0  *               LISTEN      19/sshd: /usr/sbin/ 
tcp6       0      0 :::2222                 :::*                    LISTEN      19/sshd: /usr/sbin/ 

If I run gvm-check-setup, then it seems like everything is installed properly and works fine:

__# gvm-check-setup
gvm-check-setup 21.4.0
  Test completeness and readiness of GVM-21.4.0
Step 1: Checking OpenVAS (Scanner)... 
        OK: OpenVAS Scanner is present in version 21.4.0.
        OK: Server CA Certificate is present as /var/lib/gvm/CA/servercert.pem.
Checking permissions of /var/lib/openvas/gnupg/*
        OK: _gvm owns all files in /var/lib/openvas/gnupg
        OK: redis-server is present.
        OK: scanner (db_address setting) is configured properly using the redis-server socket: /var/run/redis-openvas/redis-server.sock
        OK: redis-server is running and listening on socket: /var/run/redis-openvas/redis-server.sock.
        OK: redis-server configuration is OK and redis-server is running.
        OK: _gvm owns all files in /var/lib/openvas/plugins
        OK: NVT collection in /var/lib/openvas/plugins contains 71033 NVTs.
Checking that the obsolete redis database has been removed
        OK: No old Redis DB
        OK: ospd-OpenVAS is present in version 21.4.0.
Step 2: Checking GVMD Manager ... 
        OK: GVM Manager (gvmd) is present in version 21.4.0.
Step 3: Checking Certificates ... 
        OK: GVM client certificate is valid and present as /var/lib/gvm/CA/clientcert.pem.
        OK: Your GVM certificate infrastructure passed validation.
Step 4: Checking data ... 
        OK: SCAP data found in /var/lib/gvm/scap-data.
        OK: CERT data found in /var/lib/gvm/cert-data.
Step 5: Checking Postgresql DB and user ... 
        Starting postgresql service
        OK: Postgresql version and default port are OK.
 gvmd      | _gvm     | UTF8     | C.UTF-8 | C.UTF-8 | 
        OK: At least one user exists.
Step 6: Checking Greenbone Security Assistant (GSA) ... 
Oops, secure memory pool already initialized
        OK: Greenbone Security Assistant is present in version 21.04.0~git.
Step 7: Checking if GVM services are up and running ... 
        Starting ospd-openvas service
        Waiting for ospd-openvas service
        OK: ospd-openvas service is active.
        OK: gvmd service is active.
        Starting greenbone-security-assistant service
        Waiting for greenbone-security-assistant service
        OK: greenbone-security-assistant service is active.
Step 8: Checking few other requirements...
        OK: nmap is present in version 21.04.0~git.
        OK: ssh-keygen found, LSC credential generation for GNU/Linux targets is likely to work.
        WARNING: Could not find makensis binary, LSC credential package generation for Microsoft Windows targets will not work.
        SUGGEST: Install nsis.
        OK: xsltproc found.
        WARNING: Your password policy is empty.
        SUGGEST: Edit the /etc/gvm/pwpolicy.conf file to set a password policy.

It seems like your GVM-21.4.0 installation is OK.

__# netstat -antp | grep -i listen
tcp        0      0*               LISTEN      -                   
tcp        0      0  *               LISTEN      19/sshd: /usr/sbin/ 
tcp        0      0*               LISTEN      -                   
tcp        0      0  *               LISTEN      -                   
tcp6       0      0 :::2222                 :::*                    LISTEN      19/sshd: /usr/sbin/ 

So I guess my question is what exactly is the proper procedure for starting GSA? Do I need to “check my setup” to start GSA or should gvm-start have actually done the trick? It seems like the issue is ospd-openvas doesn’t actually start when gvm-start is run, but for whatever reason it works fine when running gvm-check-setup

I guess you are using Kali Linux. gvm-start is an extra script that just calls systemd at the end (see So you can start the webserver gsad with systemctl start greenbone-security-assistant manually. Don’t know why it didn’t work with gvm-start.

Disclaimer: Greenbone is not involved in the gvm-start nor the gvm-check-setup scripts development. I’ve just taken a look at the sources.

1 Like

Ahh, I gotcha! Thanks so much @bricks! Much appreciated for the clarification!