Permission missing for scanning with nmap with user gvm

I have installed GVM 20.08 on Debian, scanning work perfectly but got an error message when I tried to scan UDP ports.
I got no permission to scan this ports range as a non root user.
I’ve tried different solution:
-Adding env variable to allow gvm user to run nmap with --privileged flag. Work in cmd terminal but not with GVM

  • Changing user who run services like gvmd/openvas
  • Creating a scanner as root user, but failed

Is there a solution to remedy to this problem ?

Thank you

I believe you need to configure passwordless sudo for the gvm user, so that it can run openvas with elevated privileges.

Example:

$ cat /etc/sudoers.d/gvm
gvm ALL = NOPASSWD: /usr/sbin/openvas

1 Like

Thanks for your reply but already done and no result. I forgot to mention that openvas is installed in /opt/gvm/…

It seems clear to me, from your description, that openvas is not running as a privileged user.

There are two ways to ensure that openvas is invoked as root:

  • Run your ospd-openvas service as root (probably not the best idea)
  • Configure sudo properly (see ospd_openvas/openvas.py for specifics of how openvas is invoked).

Have you verified what user your ospd-openvas process is running as? If it doesn’t match your sudo config, then you would not successfully run openvas as root.

In my case (see my example), the user is gvm. It may be a different user in your case, the path to openvas may differ, etc. You’ve got to make sure that your sudo config matches your environment.

If your ospd-openvas service is running as user billybob, and your openvas executable is in /opt/gvm/bin/, then you’d want something like:

billybob ALL = NOPASSWD: /opt/gvm/bin/openvas

1 Like