Openvas_scanner_connect_unix: Failed to connect to scanner (/var/run/openvassd.sock): Connection refused

jnagaraj82 · August 18, 2019, 1:40pm

HI,

/var/log/gvm/gvmd.log --> log files details:

md main:WARNING:2019-08-18 13h29.46 utc:30192: openvas_scanner_connect_unix: Failed to connect to scanner (/var/run/openvassd.sock): Connection refused
md main:WARNING:2019-08-18 13h30.02 utc:30218: openvas_scanner_connect_unix: Failed to connect to scanner (/var/run/openvassd.sock): Connection refused
md main:WARNING:2019-08-18 13h30.19 utc:30242: openvas_scanner_connect_unix: Failed to connect to scanner (/var/run/openvassd.sock): Connection refused
md main:WARNING:2019-08-18 13h30.37 utc:30272: openvas_scanner_connect_unix: Failed to connect to scanner (/var/run/openvassd.sock): Connection refused
md main:WARNING:2019-08-18 13h30.54 utc:30302: openvas_scanner_connect_unix: Failed to connect to scanner (/var/run/openvassd.sock): Connection refused
md main:WARNING:2019-08-18 13h31.11 utc:30327: openvas_scanner_connect_unix: Failed to connect to scanner (/var/run/openvassd.sock): Connection refused
md main:WARNING:2019-08-18 13h31.28 utc:30355: openvas_scanner_connect_unix: Failed to connect to scanner (/var/run/openvassd.sock): Connection refused
md main:WARNING:2019-08-18 13h31.46 utc:30379: openvas_scanner_connect_unix: Failed to connect to scanner (/var/run/openvassd.sock): Connection refused

Why always the connection gets failure?

Openvassd -s

safe_checks = yes
dumpfile = /var/log/openvas/openvassd.dump
cert_file = @@OPENVAS_CERT@@/CA/servercert.pem
kb_dont_replay_info_gathering = no
max_checks = 10
slice_network_addresses = no
key_file = @@OPENVAS_CERT@@/private/CA/serverkey.pem
unscanned_closed_udp = yes
optimize_test = yes
time_between_request = 0
rules = /etc/openvas/openvassd.rules
nasl_no_signature_check = yes
log_whole_attack = no
only_test_hosts_whose_kb_we_dont_have = no
be_nice = no
drop_privileges = no
expand_vhosts = yes
open_sock_max_attempts = 5
checks_read_timeout = 5
scanner_plugins_timeout = 36000
report_host_details = yes
non_simult_ports = 139, 445
test_empty_vhost = no
plugins_folder = /var/lib/openvas/plugins
silent_dependencies = no
include_folders = /var/lib/openvas/plugins
logfile = /var/log/openvas/openvassd.log
unscanned_closed = yes
kb_restore = no
max_hosts = 30
only_test_hosts_whose_kb_we_have = no
network_scan = no
port_range = default
log_plugins_name_at_load = no
save_knowledge_base = no
plugins_timeout = 320
kb_location = /var/run/redis/redis.sock
cache_folder = /var/cache/openvas
cgi_path = /cgi-bin:/scripts
auto_enable_dependencies = yes
db_address = /var/run/redis/redis.sock
timeout_retry = 3
kb_dont_replay_scanners = no
kb_dont_replay_denials = no
ca_file = @@OPENVAS_CERT@@/CA/cacert.pem
kb_max_age = 864000
kb_dont_replay_attacks = no
use_mac_addr = no
config_file = /etc/openvas/openvassd.conf

Please let me where is the issue has been occurred?

Lukas · August 18, 2019, 3:19pm

Check with netstat or “ss” your sockets and the permissions. Basic Linux know how.

jnagaraj82 · August 18, 2019, 3:19pm

Please let me know which port do I need to check for?

Lukas · August 18, 2019, 3:20pm

It´s a socket not a port, if you don´t know the difference you should not use the source edition !

jnagaraj82 · August 18, 2019, 3:21pm

using netstat command
unix 3 [ ] STREAM CONNECTED 691638 /var/run/redis/redis.sock
unix 3 [ ] STREAM CONNECTED 691629 /var/run/redis/redis.sock
unix 3 [ ] STREAM CONNECTED 691623 /var/run/redis/redis.sock
Multiple times it has been connected.

Lukas · August 18, 2019, 3:22pm

Like stated above you need the socket to the scanner:
/var/run/openvassd.sock

So check permissions and the scanner socket.

jnagaraj82 · August 18, 2019, 3:29pm

In addition to my prevision post

The following socket is running in unix machine.

unix 3 [ ] STREAM CONNECTED 691921 /var/run/openvassd.sock
unix 3 [ ] STREAM CONNECTED 692524 /var/run/openvassd.sock

unix 3 [ ] STREAM unix 3 [ ] STREAM unix 3 [ ] STREAM unix 3 [ ] STREAM unix 3 [ ] STREAM unix 3 [ ] STREAM unix 3 [ ] STREAM unix 3 [ ] STREAM unix 3 [ ] STREAM unix 3 [ ] STREAM unix 3 [ ] STREAM unix 3 [ ] STREAM unix 3 [ ] STREAM unix 3 [ ] STREAM unix 3 [ ] STREAM unix 3 [ ] STREAM unix 3 [ ] STREAM unix 3 [ ] STREAM unix 3 [ ] STREAM unix 3 [ ] STREAM unix 3 [ ] STREAM unix 3 [ ] STREAM unix 3 [ ] STREAM unix 3 [ ] STREAM unix 3 [ ] STREAM unix 3 [ ] STREAM unix 3 [ ] STREAM unix 3 [ ] STREAM CONNECTED 726618 /var/run/redis/redis.sock
CONNECTED 859626 /var/run/redis/redis.sock
CONNECTED 693715 /var/run/redis/redis.sock
CONNECTED 812403 /var/run/redis/redis.sock
CONNECTED 860678 /var/run/redis/redis.sock
CONNECTED 859756 /var/run/redis/redis.sock
CONNECTED 693712 /var/run/redis/redis.sock
CONNECTED 861260 /var/run/redis/redis.sock
CONNECTED 835491 /var/run/redis/redis.sock
CONNECTED 694524 /var/run/redis/redis.sock
CONNECTED 726629 /var/run/redis/redis.sock
CONNECTED 691620 /var/run/redis/redis.sock
CONNECTED 694505 /var/run/redis/redis.sock
CONNECTED 692542 /var/run/redis/redis.sock
CONNECTED 694543 /var/run/redis/redis.sock
CONNECTED 810621 /var/run/redis/redis.sock
CONNECTED 692539 /var/run/redis/redis.sock
CONNECTED 691940 /var/run/redis/redis.sock
CONNECTED 694537 /var/run/redis/redis.sock
CONNECTED 691617 /var/run/redis/redis.sock
CONNECTED 694489 /var/run/redis/redis.sock
CONNECTED 691614 /var/run/redis/redis.sock
CONNECTED 860787 /var/run/redis/redis.sock
CONNECTED 858067 /var/run/redis/redis.sock
CONNECTED 691632 /var/run/redis/redis.sock
CONNECTED 694573 /var/run/redis/redis.sock
CONNECTED 691629 /var/run/redis/redis.sock
CONNECTED 691623 /var/run/redis/redis.sock

Would like to know why the openvas scanner gets failed? When I schedule the IP Address to be scan at particular timings?

cfi · August 19, 2019, 3:15pm

Are you still running the outdated/beta GVM versions as you had shown in another previous topic?