OpenVAS Scanner interrupted at 0%

Hi community. I have spend almost a week trying to deploy GVM 21.4.0 without any lucky. After installed all components and succefully run all services (gsad, gvmd, ospd-openvas) and sync the feeds on a local mirror, wich has the same feeds from the GCF, I cant get a simple scan of a target. The scan allways get interrupted at 0%.

I documented all the procedure that I followed and I uploaded to this link:
https://github.com/Franco-Sparrow/franco-repos/blob/master/gvm-21.04%20(v1.3).txt

I hope someone in this forum could help me and others that could have the same issue.

Cheers and hope some feedback

journalctl -f
-- Logs begin at Thu 2021-06-10 17:52:27 CDT. --
Jun 10 18:15:01 gvm CRON[3533]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 10 18:15:01 gvm CRON[3534]: (root) CMD (command -v debian-sa1 > /dev/null && debian-sa1 1 1)
Jun 10 18:15:01 gvm CRON[3533]: pam_unix(cron:session): session closed for user root
Jun 10 18:15:36 gvm sudo[3756]:      gvm : TTY=unknown ; PWD=/opt/gvm ; USER=root ; COMMAND=/opt/gvm/sbin/openvas -s
Jun 10 18:15:36 gvm sudo[3756]: pam_unix(sudo:session): session opened for user root by (uid=0)
Jun 10 18:15:36 gvm sudo[3756]: pam_unix(sudo:session): session closed for user root
Jun 10 18:15:36 gvm sudo[3758]:      gvm : TTY=unknown ; PWD=/opt/gvm ; USER=root ; COMMAND=/opt/gvm/sbin/openvas --scan-start ddf86bab-12e6-446e-ab26-86cf43611b3b
Jun 10 18:15:36 gvm sudo[3758]: pam_unix(sudo:session): session opened for user root by (uid=0)
Jun 10 18:15:37 gvm python[554]: (process:2788): GLib-WARNING (recursed) **: Invalid UTF-8 passed to g_io_channel_write_chars().

/opt/gvm/var/log/gvm/ospd-scanner.log
   250  OSPD[554] 2021-06-10 18:15:21,663: INFO: (ospd.command.command) Scan ddf86bab-12e6-446e-ab26-86cf43611b3b added to the queue in position 1.
   251  OSPD[554] 2021-06-10 18:15:25,367: INFO: (ospd.ospd) Currently 1 queued scans.
   252  OSPD[554] 2021-06-10 18:15:25,384: INFO: (ospd.ospd) Starting scan ddf86bab-12e6-446e-ab26-86cf43611b3b.
   253  OSPD[554] 2021-06-10 18:15:38,247: ERROR: (ospd_openvas.daemon) Task ddf86bab-12e6-446e-ab26-86cf43611b3b was unexpectedly stopped or killed.
   254  OSPD[554] 2021-06-10 18:15:38,251: INFO: (ospd.ospd) ddf86bab-12e6-446e-ab26-86cf43611b3b: Host scan finished.
   255  OSPD[554] 2021-06-10 18:15:38,252: INFO: (ospd.ospd) ddf86bab-12e6-446e-ab26-86cf43611b3b: Host scan finished. Progress: 0, Status: RUNNING
   256  OSPD[554] 2021-06-10 18:15:38,252: INFO: (ospd.ospd) ddf86bab-12e6-446e-ab26-86cf43611b3b: Scan interrupted.
   257  OSPD[554] 2021-06-10 18:15:41,786: INFO: (ospd.ospd) ddf86bab-12e6-446e-ab26-86cf43611b3b: Scan process is dead and its progress is 0
   258  OSPD[554] 2021-06-10 18:15:41,786: INFO: (ospd.ospd) ddf86bab-12e6-446e-ab26-86cf43611b3b: Scan interrupted.
   259  OSPD[554] 2021-06-10 18:15:41,792: INFO: (ospd.ospd) ddf86bab-12e6-446e-ab26-86cf43611b3b: Scan process is dead and its progress is 0
   260  OSPD[554] 2021-06-10 18:15:41,793: INFO: (ospd.ospd) ddf86bab-12e6-446e-ab26-86cf43611b3b: Scan interrupted.
   261  OSPD[554] 2021-06-10 18:15:41,836: INFO: (ospd.ospd) ddf86bab-12e6-446e-ab26-86cf43611b3b: Scan process is dead and its progress is 0
   262  OSPD[554] 2021-06-10 18:15:41,836: INFO: (ospd.ospd) ddf86bab-12e6-446e-ab26-86cf43611b3b: Scan interrupted.
   263  OSPD[554] 2021-06-10 18:15:41,863: INFO: (ospd.ospd) ddf86bab-12e6-446e-ab26-86cf43611b3b: Scan process is dead and its progress is 0
   264  OSPD[554] 2021-06-10 18:15:41,863: INFO: (ospd.ospd) ddf86bab-12e6-446e-ab26-86cf43611b3b: Scan interrupted.

This should be related to OpenVAS Scanner failed to load - Greenbone Community Edition - Greenbone Community Forum (the message wasn’t explicitly posted there) with more background info available here:

2 Likes

Thank you cfi, I will check as soon as possible the link. Right now I am away from my work, so when I get there I will chek the redis configuration. I have noticed that redis socket was not created. Also, the user “gvm” is a member of “redis” group.

1 Like

OK, I made some changes on redis.service configuration. It appears that the pidfile and sockfile werent at the right place. The “db_address = /run/redis-openvas/redis.sock” is specified in the openvas configuration file.

With the following configuration for redis service, I was able to start it succefully:

cat << EOF > /etc/systemd/system/redis.service
[Unit]
Description=Advanced key-value store
After=network.target
Documentation=http://redis.io/documentation, man:redis-server(1)

[Service]
Type=forking
ExecStart=/usr/bin/redis-server /etc/redis/redis.conf
ExecStop=/bin/kill -s TERM $MAINPID
PIDFile=/run/redis-openvas/redis-server.pid
TimeoutStopSec=0
Restart=always
User=redis
Group=redis
RuntimeDirectory=redis
RuntimeDirectoryMode=2755

UMask=007
PrivateTmp=yes
LimitNOFILE=65535
PrivateDevices=yes
ProtectHome=yes
ReadOnlyDirectories=/
ReadWriteDirectories=-/var/lib/redis
ReadWriteDirectories=-/var/log/redis
ReadWriteDirectories=-/var/run/redis-openvas

NoNewPrivileges=true
CapabilityBoundingSet=CAP_SETGID CAP_SETUID CAP_SYS_RESOURCE
MemoryDenyWriteExecute=true
ProtectKernelModules=true
ProtectKernelTunables=true
ProtectControlGroups=true
RestrictRealtime=true
RestrictNamespaces=true
RestrictAddressFamilies=AF_INET AF_INET6 AF_UNIX

# redis-server can write to its own config file when in cluster mode so we
# permit writing there by default. If you are not using this feature, it is
# recommended that you replace the following lines with "ProtectSystem=full".
ProtectSystem=true
ReadWriteDirectories=-/etc/redis

[Install]
WantedBy=multi-user.target
Alias=redis.service
EOF

root@gvm:~# ls -l /run/redis-openvas/
total 4
-rw-rw---- 1 redis redis 4 Jun 11 16:38 redis-server.pid
srwxrwx--- 1 redis redis 0 Jun 11 16:38 redis.sock

But once again, after starting the task scan, it gets interrupted with no information in the logs, more than the posted in the following lines:
ospd-openvas.log

OSPD[636] 2021-06-11 16:38:12,550: INFO: (ospd.main) Starting OSPd OpenVAS version 21.4.0.                                                                                                               │
OS│OSPD[636] 2021-06-11 16:47:21,499: INFO: (ospd.command.command) Scan ba5f6dac-d08c-4ef7-8195-a21a3c6d6daa added to the queue in position 1.                                                              │
OS│OSPD[636] 2021-06-11 16:47:27,217: INFO: (ospd.ospd) Currently 1 queued scans.                                                                                                                           │
OS│OSPD[636] 2021-06-11 16:47:27,248: INFO: (ospd.ospd) Starting scan ba5f6dac-d08c-4ef7-8195-a21a3c6d6daa.                                                                                                 │
OS│OSPD[636] 2021-06-11 16:47:40,042: ERROR: (ospd_openvas.daemon) Task ba5f6dac-d08c-4ef7-8195-a21a3c6d6daa was unexpectedly stopped or killed.                                                            │
OS│OSPD[636] 2021-06-11 16:47:40,044: INFO: (ospd.ospd) ba5f6dac-d08c-4ef7-8195-a21a3c6d6daa: Host scan finished.                                                                                           │
OS│OSPD[636] 2021-06-11 16:47:40,046: INFO: (ospd.ospd) ba5f6dac-d08c-4ef7-8195-a21a3c6d6daa: Host scan finished. Progress: 0, Status: RUNNING                                                              │
OS│OSPD[636] 2021-06-11 16:47:40,046: INFO: (ospd.ospd) ba5f6dac-d08c-4ef7-8195-a21a3c6d6daa: Scan interrupted.                                                                                             │
02│OSPD[636] 2021-06-11 16:47:41,618: INFO: (ospd.ospd) ba5f6dac-d08c-4ef7-8195-a21a3c6d6daa: Scan process is dead and its progress is 0                                                                    │02
sd│OSPD[636] 2021-06-11 16:47:41,620: INFO: (ospd.ospd) ba5f6dac-d08c-4ef7-8195-a21a3c6d6daa: Scan interrupted.                                                                                             │er
ro│OSPD[636] 2021-06-11 16:47:41,626: INFO: (ospd.ospd) ba5f6dac-d08c-4ef7-8195-a21a3c6d6daa: Scan process is dead and its progress is 0                                                                    │
sd│OSPD[636] 2021-06-11 16:47:41,626: INFO: (ospd.ospd) ba5f6dac-d08c-4ef7-8195-a21a3c6d6daa: Scan interrupted.                                                                                             │r
it│OSPD[636] 2021-06-11 16:47:41,678: INFO: (ospd.ospd) ba5f6dac-d08c-4ef7-8195-a21a3c6d6daa: Scan process is dead and its progress is 0                                                                    │
sd│OSPD[636] 2021-06-11 16:47:41,678: INFO: (ospd.ospd) ba5f6dac-d08c-4ef7-8195-a21a3c6d6daa: Scan interrupted.                                                                                             │ p
ar│OSPD[636] 2021-06-11 16:47:41,699: INFO: (ospd.ospd) ba5f6dac-d08c-4ef7-8195-a21a3c6d6daa: Scan process is dead and its progress is 0                                                                    │
sd│OSPD[636] 2021-06-11 16:47:41,699: INFO: (ospd.ospd) ba5f6dac-d08c-4ef7-8195-a21a3c6d6daa: Scan interrupted

gvmd.log

event target:MESSAGE:2021-06-11 16h41.36 CDT:983: Target phpipam-target (3faae28f-6ebc-4bfe-892f-9a323ab68c8a) has been created by admin                                                                 │10
sd│event task:MESSAGE:2021-06-11 16h42.05 CDT:1079: Status of task  (ffd21897-d148-4bf1-b885-726157c1a1e7) has changed to New                                                                               │er
ro│event task:MESSAGE:2021-06-11 16h42.05 CDT:1079: Task phpipam-task (ffd21897-d148-4bf1-b885-726157c1a1e7) has been created by admin                                                                      │
sd│event task:MESSAGE:2021-06-11 16h47.16 CDT:1579: Status of task phpipam-task (ffd21897-d148-4bf1-b885-726157c1a1e7) has changed to Requested                                                             │r
it│event task:MESSAGE:2021-06-11 16h47.16 CDT:1579: Task phpipam-task (ffd21897-d148-4bf1-b885-726157c1a1e7) has been requested to start by admin                                                           │
sd│event task:MESSAGE:2021-06-11 16h47.21 CDT:1585: Status of task phpipam-task (ffd21897-d148-4bf1-b885-726157c1a1e7) has changed to Queued                                                                │ p
ar│event task:MESSAGE:2021-06-11 16h47.31 CDT:1585: Status of task phpipam-task (ffd21897-d148-4bf1-b885-726157c1a1e7) has changed to Running                                                               │
sd│event task:MESSAGE:2021-06-11 16h47.41 CDT:1585: Status of task phpipam-task (ffd21897-d148-4bf1-b885-726157c1a1e7) has changed to Interrupted

openvas.log

main:WARNING:2021-06-11 20h47.39 utc:1760: There was a problem trying to load gb_wmi_access.nasl, a dependency of Tencent FoxMail Detection (Windows SMB Login). This may be due to a parse error, o│54
ut│r it failed to find the dependency. Please check the path to the file.                                                                                                                                   │
ut│sd   main:WARNING:2021-06-11 20h47.39 utc:1760: There was a problem trying to load gb_wmi_access.nasl, a dependency of Adobe DNG Converter Detection (Windows). This may be due to a parse error, or it f│
md│ailed to find the dependency. Please check the path to the file.                                                                                                                                         │
ev│sd   main:WARNING:2021-06-11 20h47.39 utc:1760: There was a problem trying to load gb_wmi_access.nasl, a dependency of Foxit PDF Toolkit Detection. This may be due to a parse error, or it failed to fin│
ev│d the dependency. Please check the path to the file.                                                                                                                                                     │
ev│sd   main:WARNING:2021-06-11 20h47.39 utc:1760: There was a problem trying to load gb_wmi_access.nasl, a dependency of Norton Remove and Reinstall Detection (Windows SMB Login). This may be due to a pa│
ev│rse error, or it failed to find the dependency. Please check the path to the file.                                                                                                                       │
ev│sd   main:WARNING:2021-06-11 20h47.39 utc:1760: There was a problem trying to load gb_desktop_board_bios_info_ssh_login_detect.nasl, a dependency of Intel Desktop Boards SMM Local Privilege Escalation │
ev│Vulnerability (INTEL-SA-00022) - Linux. This may be due to a parse error, or it failed to find the dependency. Please check the path to the file.                                                        │
ev│sd   main:WARNING:2021-06-11 20h47.39 utc:1760: There was a problem trying to load smb_registry_access.nasl, a dependency of Windows Registry Check. This may be due to a parse error, or it failed to fi│
ev│nd the dependency. Please check the path to the file.                                                                                                                                                    │
ev│sd   main:WARNING:2021-06-11 20h47.39 utc:1760: There was a problem trying to load gb_wmi_access.nasl, a dependency of Orangeworm Kwampirs Trojan Detection. This may be due to a parse error, or it fail│
ev│ed to find the dependency. Please check the path to the file.                                                                                                                                            │
ev│sd   main:WARNING:2021-06-11 20h47.39 utc:1760: There was a problem trying to load smb_registry_access.nasl, a dependency of Oilrig / Cleaver Malicious Scheduled Task Detection. This may be due to a pa│
01│rse error, or it failed to find the dependency. Please check the path to the file.                                                                                                                       │54
OS│sd   main:WARNING:2021-06-11 20h47.39 utc:1760: There was a problem trying to load nessus_detect.nasl, a dependency of Java Debug Wire Protocol (JDWP) Service Detection. This may be due to a parse erro│
OS│r, or it failed to find the dependency. Please check the path to the file.                                                                                                                               │
OS│sd   main:WARNING:2021-06-11 20h47.39 utc:1760: There was a problem trying to load gb_symantec_pcanywhere_access_server_detect.nasl, a dependency of Collect banner of unknown services. This may be due │
OS│to a parse error, or it failed to find the dependency. Please check the path to the file.                                                                                                                │
OS│sd   main:WARNING:2021-06-11 20h47.39 utc:1760: There was a problem trying to load nessus_detect.nasl, a dependency of Collect banner of unknown services. This may be due to a parse error, or it failed│
OS│ to find the dependency. Please check the path to the file.                                                                                                                                              │
OS│sd   main:WARNING:2021-06-11 20h47.39 utc:1760: There was a problem trying to load smb_registry_access.nasl, a dependency of HIDDEN COBRA Trojan 'Volgmer' Detection. This may be due to a parse error, o│
OS│r it failed to find the dependency. Please check the path to the file.                                                                                                                                   │
OS│sd   main:WARNING:2021-06-11 20h47.39 utc:1760: There was a problem trying to load gb_wmi_access.nasl, a dependency of Google Chrome MEGA Extension Trojan (Windows). This may be due to a parse error, o│
OS│r it failed to find the dependency. Please check the path to the file.                                                                                                                                   │
OS│sd   main:WARNING:2021-06-11 20h47.39 utc:1760: There was a problem trying to load gb_wmi_access.nasl, a dependency of Get OS Version, OS Type, OS Servicepack and OS Name over WMI (win). This may be du│
OS│e to a parse error, or it failed to find the dependency. Please check the path to the file.

What am I doing wrong? I cant get enough info from the logs. The scanner is failing and gvm logs arent enough helpfull in this case. Only with “journalctl -f” I am able to see what happen when the scan is stopped:

Jun 11 17:22:30 gvm sudo[4459]:      gvm : TTY=unknown ; PWD=/opt/gvm ; USER=root ; COMMAND=/opt/gvm/sbin/openvas --scan-start 335d82ce-a5d1-4e1c-8c0c-68ff21f79dd2
Jun 11 17:22:30 gvm sudo[4459]: pam_unix(sudo:session): session opened for user root by (uid=0)
Jun 11 17:22:31 gvm python[636]: (process:1760): GLib-WARNING (recursed) **: Invalid UTF-8 passed to g_io_channel_write_chars().

Need a hand here community…I am getting out of ideas :frowning: I really want to use GVM 21.04…and I am documenting everything for others newcomers interested in this greate security solution

I think is a problem related with the python encoding UTF-8

I will repeat all again, but this time, setting the language to “en_US.UTF-8” from the begining. I was using “es_CU” wich maybe, wich appears to not be compatible. I will post the results later

UPDATE
Well, the error persist after the changes

GLib-WARNING (recursed) **: Invalid UTF-8 passed to g_io_channel_write_chars().

I hope to get the attention of someone here :confused:

Maybe you have a glib issue, i would compile glib and GVM with debug symbols and run it with GDB so see what “invalid UTF-8” is written to your IO channel.

2 Likes

Hi Lukas. Thanks for your attention. So…it looks more like a glib issue than a bug of ospd-scanner? If it so…then it might be a problem related with glib library in Debian Buster repos.

Would you mind to take a look at my procedure linked in the first post? Just for be sure that i am installing the ospd-scanner in the right way. Is in spanish, but you only need to see the command line procedure.

I am sorry, but if you compile it, you need to debug it.

We can´t support any community self compiled system or any uncoordinated integration. Please try if the GSM Trial is working, and then you need to fix your self build system or use a Greenbone Image.

If you have questions to packets or operating systems besides GOS you need to ask your OS vendor for support.

Ok. Thanks for your answer Lukas. Is there any ensurance that GVM 21.4.0 compiled from source works on Debian Buster 10.9?

In the regards that it compiles and runs on it.

1 Like

Hi bricks, thanks for your answer. Then I would have to try harder and do my best. I will test on Ubuntu Focal next time. If the error continue, then it will be a procedure error from my part. If not…well, it could be something related with Debian Buster.

Cheers

PS: GVM is running on my system, but cant do a succefull scan…wich is not the same of running

Hi, I don’t know if this can help, but some months ago I used the guide below to build GVM (20.08 at that time) on a Debian system and it was very useful.
https://kifarunix.com/install-and-setup-gvm-20-08-on-debian/
Maybe you can cross-check your instructions against it and, in case of discrepancies, you could further investigate those aspects…

Hi filo, thanks for your help. I checked that tuto…but it has some issues inside. yarn installation is different now, and there are errors in the redis and gvm services startup scripts. But I will check it again.

1 Like

Hi filo. I already finished this step by step (https://kifarunix.com/install-and-setup-gvm-20-08-on-debian/) and it has multiple errors related with ospd.sock and permissions with the reading of some files. Beside…the redis configuration service has the wrong path. The ospd and ospd-scanner are not compiled in this case. Multiple errors with python, possible that the tuto mix differents branchs of gvm sources.

Its very difficult to find a good HOW TO, updated to recents versions, even in the official docu.
I will keep trying…it has to be done someday

The one below should work quite well even for 21.04 (only the github branches needs to be changed from 20.08 to 21.04):

https://sadsloth.net/post/install-gvm-20_08-src-on-debian/

Hi cfi. I have tried installing Kali in Debian Buster (via Kali repos) and it also happened the same error. It appears that is something related with Debian 10. I am trying now installing Kali Linux, it should work. I will also test with ubuntu focal.

PS: That link is also outdated. My procedure is a mix between that one and the kifarunix procedure

I can’t confirm this as i had exactly used that tutorial to install a GVM 21.04 installation from scratch.

on Debian Buster 10.9?

Yes, on Debian Buster 10.9 (haven’t tested the recently released 10.10 yet) as well as on Debian Testing.

Well is something really strange. I did a fresh install on 10.9, to avoid my 10.9 pre-configured template, and it happened the same. As I said before, I will test with kali Linux, via apt, wich uses GVM 21.4.0 and later with Ubuntu Focal via source.