Openvas-scanner Failed to start task: Service temporarily down

gvm-9
solved

#1

Hello all,
Openvas9 installed on Ubuntu 18.04.1 LTS
openvas-scanner: 5.1.1-3
openvas-manager: 7.0.2-2

I’m able to login, but, when I try to use the tasks wizard, the server reports “Failed to start task: Service temporarily down” Status code 503…this is because the openvas-scanner seems not running, but:

/etc/openvas# systemctl status openvas-*
● openvas-manager.service - Open Vulnerability Assessment System Manager Daemon
Loaded: loaded (/lib/systemd/system/openvas-manager.service; enabled; vendor preset: enabled)
Active: active (running) since Fri 2018-10-12 12:09:52 CEST; 9min ago
Docs: man:openvasmd(8)
Main PID: 3085 (openvasmd)
Tasks: 1 (limit: 4915)
CGroup: /system.slice/openvas-manager.service
└─3085 openvasmd

ott 12 12:09:52 f10 systemd[1]: Starting Open Vulnerability Assessment System Manager Daemon…
ott 12 12:09:52 f10 systemd[1]: openvas-manager.service: Can’t open PID file /var/run/openvasmd.pid (yet?) after start: No such
ott 12 12:09:52 f10 systemd[1]: Started Open Vulnerability Assessment System Manager Daemon.

● openvas-scanner.service - Open Vulnerability Assessment System Scanner Daemon
Loaded: loaded (/lib/systemd/system/openvas-scanner.service; enabled; vendor preset: enabled)
Active: active (running) since Fri 2018-10-12 12:13:14 CEST; 6min ago
Docs: man:openvassd(8)
Main PID: 3220 (openvassd)
Tasks: 1 (limit: 4915)
CGroup: /system.slice/openvas-scanner.service
└─3220 openvassd: Waiting for incoming connections

ott 12 12:13:13 f10 systemd[1]: Starting Open Vulnerability Assessment System Scanner Daemon…
ott 12 12:13:14 f10 systemd[1]: Started Open Vulnerability Assessment System Scanner Daemon.

Here is the /tmp/openvas-check-setup.log:
openvas-check-setup 2.3.7
Mode: desktop
Date: Fri, 12 Oct 2018 12:13:31 +0200

Checking for old OpenVAS Scanner <= 2.0 …
/usr/bin/openvas-check-setup: 172: /usr/bin/openvas-check-setup: openvasd: not found

Checking presence of OpenVAS Scanner …
OpenVAS Scanner 5.1.1
Most new code since 2005: © 2016 Greenbone Networks GmbH
Nessus origin: © 2004 Renaud Deraison deraison@nessus.org
License GPLv2: GNU GPL version 2
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.

Checking OpenVAS Scanner version …

    OK: OpenVAS Scanner is present in version 5.1.1.

plugins_folder = /var/lib/openvas/plugins
cache_folder = /var/cache/openvas
include_folders = /var/lib/openvas/plugins
max_hosts = 30
max_checks = 10
be_nice = no
logfile = /var/log/openvas/openvassd.messages
log_whole_attack = no
log_plugins_name_at_load = no
dumpfile = /var/log/openvas/openvassd.dump
cgi_path = /cgi-bin:/scripts
optimize_test = yes
checks_read_timeout = 5
network_scan = no
non_simult_ports = 139, 445
plugins_timeout = 320
scanner_plugins_timeout = 36000
safe_checks = yes
auto_enable_dependencies = yes
use_mac_addr = no
nasl_no_signature_check = yes
drop_privileges = no
unscanned_closed = yes
unscanned_closed_udp = yes
vhosts =
vhosts_ip =
report_host_details = yes
kb_location = /var/run/redis/redis.sock
timeout_retry = 3
config_file = /etc/openvas/openvassd.conf
Checking presence of redis …
OK: redis-server is present in version v=4.0.9.

Checking if redis-server is configured properly to run with openVAS …
OK: scanner (kb_location setting) is configured properly using the redis-server socket: /var/run/redis/redis.sock
Checking if redis-server is running …
OK: redis-server is running and listening on socket: /var/run/redis/redis.sock.
OK: redis-server configuration is OK and redis-server is running.

Checking NVT collection …

    OK: NVT collection in /var/lib/openvas/plugins contains 47703 NVTs.

Checking status of signature checking in OpenVAS Scanner …
WARNING: Signature checking of NVTs is not enabled in OpenVAS Scanner.
SUGGEST: Enable signature checking (see http://www.openvas.org/trusted-nvts.html).

    OK: The NVT cache in /var/cache/openvas contains 47703 files for 47703 NVTs.

Checking presence of OpenVAS Manager …
OpenVAS Manager 7.0.2
Manager DB revision 184
Copyright © 2010-2016 Greenbone Networks GmbH
License GPLv2+: GNU GPL version 2 or later
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.

    OK: OpenVAS Manager is present in version 7.0.2.

Checking OpenVAS Manager database …

    OK: OpenVAS Manager database found in /var/lib/openvas/mgr/tasks.db.

Checking access rights of OpenVAS Manager database …

    OK: Access rights for the OpenVAS Manager database are correct.

Checking sqlite3 presence …
OK: sqlite3 found, extended checks of the OpenVAS Manager installation enabled.

Checking OpenVAS Manager database revision …
OK: OpenVAS Manager database is at revision 184.
Checking database revision expected by OpenVAS Manager …
OK: OpenVAS Manager expects database at revision 184.
OK: Database schema is up to date.
Checking OpenVAS Manager database (NVT data) …
OK: OpenVAS Manager database contains information about 47685 NVTs.
Checking if users exist …
OK: At least one user exists.

Checking OpenVAS SCAP database …

    OK: OpenVAS SCAP database found in /var/lib/openvas/scap-data/scap.db.

Checking OpenVAS CERT database …

    OK: OpenVAS CERT database found in /var/lib/openvas/cert-data/cert.db.

Checking xsltproc presence …
OK: xsltproc found.

Checking status of password policy …
WARNING: Your password policy is empty.
SUGGEST: Edit the /etc/openvas/pwpolicy.conf file to set a password policy.

Checking presence of Greenbone Security Assistant …
Greenbone Security Assistant 7.0.2
Copyright © 2010-2016 Greenbone Networks GmbH
License GPLv2+: GNU GPL version 2 or later
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.

    OK: Greenbone Security Assistant is present in version 7.0.2.

Verifying certificate infrastructure …
OK: Directory for keys (/var/lib/openvas/private/CA) exists.
OK: Directory for certificates (/var/lib/openvas/CA) exists.
OK: CA key found in /var/lib/openvas/private/CA/cakey.pem
OK: CA certificate found in /var/lib/openvas/CA/cacert.pem
OK: CA certificate verified.
OK: Certificate /var/lib/openvas/CA/servercert.pem verified.
OK: Certificate /var/lib/openvas/CA/clientcert.pem verified.

OK: Your OpenVAS certificate infrastructure passed validation.

    OK: Your OpenVAS certificate infrastructure passed validation.

Checking presence of OpenVAS CLI …
OMP Command Line Interface 1.4.5
Copyright © 2010-2016 Greenbone Networks GmbH
License GPLv2+: GNU GPL version 2 or later
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.

    OK: OpenVAS CLI version 1.4.5.
    SKIP: Skipping check for Greenbone Security Desktop.

Checking netstat presence …
OK: netstat found, extended checks of the OpenVAS services enabled.

Connessioni Internet attive (solo server)
Proto CodaRic CodaInv Indirizzo locale Indirizzo remoto Stato PID/Program name
tcp 0 0 127.0.0.53:53 0.0.0.0:* LISTEN 687/systemd-resolve
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 948/sshd
tcp 0 0 127.0.0.1:631 0.0.0.0:* LISTEN 818/cupsd
tcp 0 0 0.0.0.0:445 0.0.0.0:* LISTEN 1365/smbd
tcp 0 0 0.0.0.0:8834 0.0.0.0:* LISTEN 1344/nessusd
tcp 0 0 0.0.0.0:139 0.0.0.0:* LISTEN 1365/smbd
tcp 0 0 127.0.0.1:9390 0.0.0.0:* LISTEN 3085/openvasmd
tcp 0 0 127.0.0.1:9392 0.0.0.0:* LISTEN 802/gsad
tcp 0 0 127.0.0.1:80 0.0.0.0:* LISTEN 880/gsad
tcp6 0 0 :::22 :::* LISTEN 948/sshd
tcp6 0 0 ::1:631 :::* LISTEN 818/cupsd
tcp6 0 0 :::445 :::* LISTEN 1365/smbd
tcp6 0 0 :::8834 :::* LISTEN 1344/nessusd
tcp6 0 0 :::139 :::* LISTEN 1365/smbd
ERROR: OpenVAS Scanner is NOT running!
FIX: Start OpenVAS Scanner (openvassd).
WARNING: OpenVAS Manager is running and listening only on the local interface.
This means that you will not be able to access the OpenVAS Manager from the
outside using GSD or OpenVAS CLI.
SUGGEST: Ensure that OpenVAS Manager listens on all interfaces unless you want
a local service only.
OK: Greenbone Security Assistant is listening on port 80, which is the default port.

Any help?

Thanks in advance

Stefano


#2

Hi,

if you compare this versions with the ones of the recent GVM-9 (stable, initial release 2017-03-07) versions those are quite outdated.

Please update to more recent versions first and try again.


#3

Working after the update.
Many thanks for your help.


#4

Hi, What apt repo did you use to update? Or did you install from source?


#5

Olá pessoal.

I solved this problem and I sharing on my blog: