I’m trying to use the 22.4 dockerized version of openvas, but scans when requested after some seconds error state, with status “Interrupted at 0%”.
Checking the logs from the greenbone/gvmd:stable instance I get this error: osp_scanner_feed_version: failed to connect to /run/ospd/ospd-openvas.sock
I see this file on the docker volumes, for exemple:
/data/docker/volumes/greenbone-community-edition_ospd_openvas_socket_vol/_data/ospd-openvas.sock
but it always try to read from this path on /run/ospd that was not created on the deployment of the containers.
I tryed altering manually the gvmd.service files to point it to the docker path, making hard links but yet still no scans run properly, going to 0%
#ExecStart=/usr/local/sbin/gvmd --osp-vt-update=/run/ospd/ospd-openvas.sock --listen-group=gvm
ExecStart=/usr/local/sbin/gvmd --osp-vt-update=/data/docker/volumes/greenbone-community-edition_ospd_openvas_socket_vol/_data/ospd-openvas.sock --listen-group=gvm
Is it possible to use the dockerized version of openvas fully and run scans? or do I need a specific environment to use the community version?
The error osp_scanner_feed_version: failed to connect to /run/ospd/ospd-openvas.sock could mean two things:
ospd-openvas is not running
the file permissions are not correct thus gvmd has no permissions to read or write to the socket
First you should check if the corresponding container is running. For example the output of docker container ls should list the container name greenbone-community-edition_ospd-openvas_1.
If it is not running try to start it again with docker-compose -f $DOWNLOAD_DIR/docker-compose.yml -p greenbone-community-edition up -d and check the ospd-openvas log output with docker-compose -f $DOWNLOAD_DIR/docker-compose.yml -p greenbone-community-edition logs -f ospd-openvas.
I suppose ospd-openvas is shutting down due to not being able to validate the feed content immediately.
Please come back here afterwards with the log output and we’ll address the issue or check the second item.
And btw. this is completely useless. That’s the location of the used docker volume to store the socket. It’s docker internal and you shouldn’t do that. The daemons of the containers in our compose file are configured to not being available from the host. If you want to access the ospd-openvas socket from the host you need to use a bind mount for the container.
Every Linux and even Mac should work as operating system for the host. I can’t say anything about Windows. We support Debian Bullseye and the stable Fedora versions at the moment. That’s also mentioned in the docs. Personally I am running scans via the containers on Ubuntu.
I installed a fresh system with more space on /var and gave up changing the default path from docker to my /data partition, I was losing much time to change the default docker envs
With more time I’ll try again with different aproaches on the composer file and docker configs, thanks anyway
I get the same errors exacty:
gvmd manage:WARNING:2022-08-20 06h13.42 UTC:581: osp_scanner_feed_version: failed to connect to /run/ospd/ospd-openvas.sock
The instructions or script downloads redis-server, gpg-data, pg-gvm, gvmd, gsa, ospd-openvas, mqtt-broker, notus-scanner. However, only greenbone-community-edition_gsa_1 , greenbone-community-edition_mqtt-broker_1 , greenbone-community-edition_gvmd_1, greenbone-community-edition_pg-gvm_1, greenbone-community-edition_redis-server_1 arestarted and runnning ofter install.
I’ve left this for 24 hours too, no joy. Any ideas?
Just adding on from my last reply email some extras…
If I manually restart the conatiners with docker-compose.yml , gpg-data, ospd-openvas and notus-scanners containers all start ok,
After manually starting all containers with docker-compose -f $DOWNLOAD_DIR/docker-compose.yml -p greenbone-community-edition up -d I can successfully complete a test scan.
If I reboot, the above 3 containers must be manually restarted again. Not ideal.
On occasion gpg-data DOES restart automatically after a reboot, but it seems to vary. I can replicate this on two separate Ubutnu systems.
Even though scans complete successfully after manually starting containers is see that Redis.sock is ready to accept connections, but I also see right after Failed opening the RDB file dump.rdb (in server root dir /) for saving: Permission denied in the logs. Not sure of thats relevant to anything as test scans are working with this error.
This has worked for me. Updating the container policy after the container has been created. This can possibly be remediated prior to arriving at this outcome by changing the docker compose file.
Important: Make sure you have the latest feeds installed.
Look for the container ID running greenbone/ospd-openvas:stable
$ docker ps -a
Change policy of the container using it’s ID
$ docker update --restart unless-stopped ->ID<-