(ospd_openvas.db) Redis Error: Not possible to connect to the kb

Archive Greenbone Community Edition
1

Use this category only if you have build GVM from sources or if you use packages provided by a 3rdparty repository.

When posting you should provide information about your environment using the following template:

GVM versions

gsad: (‘gsad --version’)
Greenbone Security Assistant 21.4.3
gvmd: (‘gvmd --version’)
Greenbone Vulnerability Manager 21.4.4
Manager DB revision 242
openvas-scanner: (‘openvas --version’, in older GVM versions < 11: ‘openvassd --version’)
gvm-libs:
OpenVAS 21.4.3
gvm-libs 21.4.3

Environment

Operating system:
Kernel: (‘uname -a’)
FreeBSD server 13.0-RELEASE FreeBSD 13.0-RELEASE #0 releng/13.0-n244733-ea31abc261f: Fri Apr 9 04:24:09 UTC 2021 root@releng1.nyi.freebsd.org:/usr/obj/usr/src/amd64.amd64/sys/GENERIC amd64
PostgreSQL13

Installation method / source:
GVM ports were installed

If you are migrating to new version do not forget do the following:

su -m gvm -c “gvmd --migrate”

Basic instructions for configure your gvm infraestruture are following:

  1. Redis is a dependency of GVM. Please, configure redis-server for
    listening on socket /var/run/redis/redis.sock. security/openvas scanner
    needs it

    echo “db_address = /var/run/redis/redis.sock” > /usr/local/etc/openvas/openvas.conf

  2. Add user gvm to redis group

    pw groupmod redis -M gvm

  3. security/gvmd uses PostgreSQL database. Generally, PostgreSQL must be
    installed in the same server where security/gvmd is running:

# su postgres
# createuser -DRS gvm
# createdb -O gvm gvmd
# psql gvmd
# create role dba with superuser noinherit;
# grant dba to gvm;
# create extension “uuid-ossp”;
# create extension “pgcrypto”;

  1. Add the following lines to /etc/rc.conf

# sysrc redis_enable=“YES”
# sysrc gvmd_enable=“YES”
# sysrc ospd_openvas_enable=“YES”
# sysrc gsad_enable=“YES”

  1. Currently, ospd_openvas should run as a user without elevated privileges
    (gvm) and use sudo for run openvas scanner but it does not work properly.
    Like a workaround you must run redis as root and the same with ospd_openvas.

    Add the following lines to /etc/rc.conf

    redis_user=“root”
    ospd_openvas_user=“root”

    Take in mind it is not the best configuration for run ospd_openvas and
    openvas.

  2. The following steps are neccessary before of you can access to GVM web
    interface (gsad):

Start gvmd service. It will listen on /var/run/gvmd/gvmd.sock by default

# service gvmd start

Create certificates

# su -m gvm -c “gvm-manage-certs -a”

Sync gvmd Data, SCAP, CERT and NVT

# su -m gvm -c “greenbone-nvt-sync”
# su -m gvm -c “greenbone-feed-sync --type GVMD_DATA”
# su -m gvm -c “greenbone-feed-sync --type SCAP”
# su -m gvm -c “greenbone-feed-sync --type CERT”

Create an admin user and set the Feed Import Owner

# su -m gvm -c “gvmd --create-user=myuser”
# su -m gvm -c “gvmd --user=myuser --new-password=yourpassword”

Set the Feed Import Owner (myuser user in this example)

# su -m gvm -c “gvmd --get-users --verbose”
myuser <uuid_of_user>

# su -m gvm -c "gvmd --modify-setting 78eceaec-3385-11ea-b237-28d24461215b --value <uuid_of_user>

  1. Start OSPD-OpenVAS Wrapper service. It will listen on /var/run/ospd/ospd.sock by default

# service ospd_openvas start

you can test if ospd_openvas is connecting with openvas scanner with the following commands:

# su -m gvm -c “gvmd --get-scanners”
6acd0832-df90-11e4-b9d5-28d24461215b CVE 0 CVE
08b69003-5fc2-4037-a479-93b440211c73 OpenVAS /var/run/ospd/ospd.sock 0 OpenVAS Default

# su -m gvm -c “gvmd --verify-scanner=08b69003-5fc2-4037-a479-93b440211c73”
Scanner version: OpenVAS x.x.x

  1. Start GVM web interface. It will listen on http://127.0.0.1 by default

# service gsad start

  1. Some openvas scanner tasks need access to /dev/bpf device. Add the
    following lines to /etc/devfs.conf

    own bpf root:gvm
    perm bpf 0660

    And restart service for apply the changes

    # service devfs restart

  2. gvm log files are stores to /var/log/gvm directory

  3. gsad can export results to PDF. It needs print/texlive-texmf port

# pkg install texlive-texmf

It will install 1G of data

  1. If you need more configure information you can look at the following links:

and

# gvmd -h
# openvas -h
# ospd-openvas -h
# gsad -h

  1. Enjoy it

In freebsd 13, follow the above steps to configure openvas, start the service in service ospd_openvas start, it always fails, and the /var/log/gvm/ospd-openvas.log log prompts
Prompt ERROR: (ospd_openvas.db) Redis Error: Not possible to connect to the kb.
I wonder if this is caused by incorrect settings there