Ospd-openvas don't have permission to capture on that device

cfi · February 15, 2020, 1:39pm

Back to the initial message:

In GVM < 11 it was required to run the openvassd daemon as root so that it is capable to do package forgery:

Please note that although you can start openvassd as a user without elevated privileges, it is recommended that you start openvassd as root since a number of Network Vulnerability Tests (NVTs) require root privileges to perform certain operations like packet forgery. If you run openvassd as a user without permission to perform these operations, your scan results are likely to be incomplete.
openvas-scanner/INSTALL.md at v6.0.1 · greenbone/openvas-scanner · GitHub

IIUC since GVM-11 openvassd is just openvas which is called by ospd-openvas (See https://community.greenbone.net/t/goodbye-otp/1739, OpenVAS = Open Vulnerability Assessment Scanner - Greenbone Community Edition - Greenbone Community Forum) and to my understanding (which seems to be confirmed by the MR below) you can either run ospd-openvas as root (discouraged) or setup sudo by following the description in the MR (seem this hasn’t made it into the documentation).

github.com/greenbone/ospd-openvas

Check sudo permissions before call openvas.

greenbone:master ← jjnicola:sudo-opt

opened 03:46PM - 25 Jun 19 UTC

jjnicola

+37 -5

Check if the user running ospd-openvas has permissions to call openvas with sud…o and without password. Depending on it, it will run openvas with sudo or without it. How to give the user permission to call openvas with sudo and without password: `$ sudo visudo ` Add at the end of the file `<user> ALL = NOPASSWD: /<install/path/sbin/openvas `