Restart the OpenVAS

Archive Greenbone Community Edition
1

Hello,
I don’t know how to fix the following issue that I try to restart the OpenVAS scanner, manager and security assistant. I am not sure did I get the correct output for adding the vulnerability data to the database by syncing with the feeds.

root@DESKTOP:~# greenbone-nvt-sync
Greenbone community feed server - http://feed.community.greenbone.net/
This service is hosted by Greenbone Networks - http://www.greenbone.net/

All transactions are logged.

If you have any questions, please use the Greenbone community portal.
See https://community.greenbone.net for details.

By using this service you agree to our terms and conditions.

Only one sync per time, otherwise the source ip will be temporarily blocked.

receiving incremental file list
plugin_feed_info.inc
985 100% 961.91kB/s 0:00:00 (xfr#1, to-chk=0/1)

sent 43 bytes received 1,097 bytes 325.71 bytes/sec
total size is 985 speedup is 0.86
root@DESKTOP:~# greenbone-scapdata-sync
Greenbone community feed server - http://feed.community.greenbone.net/
This service is hosted by Greenbone Networks - http://www.greenbone.net/

All transactions are logged.

If you have any questions, please use the Greenbone community portal.
See https://community.greenbone.net for details.

By using this service you agree to our terms and conditions.

Only one sync per time, otherwise the source ip will be temporarily blocked.

receiving incremental file list
timestamp
13 100% 12.70kB/s 0:00:00 (xfr#1, to-chk=0/1)

sent 43 bytes received 114 bytes 44.86 bytes/sec
total size is 13 speedup is 0.08
root@DESKTOP:~# greenbone-certdata-sync
Greenbone community feed server - http://feed.community.greenbone.net/
This service is hosted by Greenbone Networks - http://www.greenbone.net/

All transactions are logged.

If you have any questions, please use the Greenbone community portal.
See https://community.greenbone.net for details.

By using this service you agree to our terms and conditions.

Only one sync per time, otherwise the source ip will be temporarily blocked.

receiving incremental file list
timestamp
13 100% 12.70kB/s 0:00:00 (xfr#1, to-chk=0/1)

sent 43 bytes received 114 bytes 44.86 bytes/sec
total size is 13 speedup is 0.08
root@DESKTOP:~# systemctl restart openvas-scanner
System has not been booted with systemd as init system (PID 1). Can’t operate.

Could someone help me with this issue?

2

root@DESKTOP:~# systemctl restart openvas-scanner
System has not been booted with systemd as init system (PID 1). Can’t operate.

It is likely that you are mistyping the openvas services names. Depending on your system, it may be named differently. Look at you system’s openvas services names:

service --status-all

And try to restart openvas with the right naming convention. Also, you shouldn’t run openvas as root. In latest version, the greenbone feed updates script refuse to run if launched as root.

3

The following is the output I got, and I guess I did use correct name for it
root@DESKTOP:~# service --status-all
[ - ] acpid
[ - ] apparmor
[ ? ] apport
[ - ] atd
[ ? ] binfmt-support
[ - ] console-setup.sh
[ - ] cron
[ ? ] cryptdisks
[ ? ] cryptdisks-early
[ - ] dbus
[ - ] ebtables
[ - ] greenbone-security-assistant
[ ? ] hwclock.sh
[ + ] irqbalance
[ + ] iscsid
[ - ] keyboard-setup.sh
[ - ] kmod
[ - ] lvm2
[ + ] lvm2-lvmetad
[ + ] lvm2-lvmpolld
[ - ] lxcfs
[ - ] lxd
[ - ] mdadm
[ - ] mdadm-waitidle
[ + ] open-iscsi
[ - ] open-vm-tools
[ - ] openvas-gsa
[ - ] openvas-manager
[ - ] openvas-scanner
[ ? ] plymouth
[ ? ] plymouth-log
[ - ] procps
[ - ] redis-server
[ - ] rsync
[ - ] rsyslog
[ - ] screen-cleanup
[ - ] ssh
[ - ] udev
[ - ] ufw
[ - ] unattended-upgrades
[ - ] uuidd
[ - ] x11-common

If I don’t run openvas as root, I got Not synchronizing or updating the database since the current user is not the owner of the database when I run greenbone-scapdata-sync.

4

That’s because you did install openvas as root. You need to setup a specific user, and do the whole openvas build & install in ther user’s directory using the

-DCMAKE_INSTALL_PREFIX=/your/install/path

build option.

Regarding your first problem, then your service script must be broken. Mine looks like the following:

gvm@ov-master-eqi ~ $ cat /etc/systemd/system/openvasmd.service
[Unit]
Description=OpenVAS Manager
After=network.target

[Service]
ExecStart=/usr/local/sbin/openvasmd --client-watch-interval=0 --max-ips-per-target=70000 --inheritor=admin --max-email-attachment-size=-1 --max-email-include-size=-1 --max-email-message-size=-1 --foreground
ExecReload=/bin/kill -HUP $MAINPID

[Install]
WantedBy=multi-user.target

and

gvm@ov-master-eqi ~ $ cat /etc/systemd/system/openvassd.service
[Unit]
Description=OpenVAS Scanner
After=network.target redis-server.service

[Service]
ExecStart=/usr/local/sbin/openvassd --foreground
ExecReload=/bin/kill -HUP $MAINPID

[Install]
WantedBy=multi-user.target

5

I would also strongly suggest you try first to run openvassd & openvasmd by command line using the --foreground option to make sure your installation is correct. Only if the results are successfull, you should run them via system script.

1 Like
6

I created a directory called OpenVAS and I ran 'DCMAKE_INSTALL_PREFIX=/home/yuting7/OpenVas`, then I run the following:

yuting7@DESKTOP:~/OpenVas$ sudo apt install openvas9
Reading package lists… Done
Building dependency tree
Reading state information… Done
openvas9 is already the newest version (7.0.3-2bionic).
0 upgraded, 0 newly installed, 0 to remove and 0 not upgraded.
yuting7@DESKTOP:~/OpenVas$ sudo apt install texlive-latex-extra --no-install-recommends
Reading package lists… Done
Building dependency tree
Reading state information… Done
texlive-latex-extra is already the newest version (2017.20180305-2).
0 upgraded, 0 newly installed, 0 to remove and 0 not upgraded.
yuting7@DESKTOP:~/OpenVas$ sudo apt install texlive-fonts-recommended
Reading package lists… Done
Building dependency tree
Reading state information… Done
texlive-fonts-recommended is already the newest version (2017.20180305-1).
0 upgraded, 0 newly installed, 0 to remove and 0 not upgraded.
yuting7@DESKTOP:~/OpenVas$ sudo apt install libopenvas9-dev
Reading package lists… Done
Building dependency tree
Reading state information… Done
libopenvas9-dev is already the newest version (9.0.3-1bionic).
0 upgraded, 0 newly installed, 0 to remove and 0 not upgraded.
yuting7@DESKTOP:~/OpenVas$ greenbone-nvt-sync
Greenbone community feed server - http://feed.community.greenbone.net/
This service is hosted by Greenbone Networks - http://www.greenbone.net/

All transactions are logged.

If you have any questions, please use the Greenbone community portal.
See https://community.greenbone.net for details.

By using this service you agree to our terms and conditions.

Only one sync per time, otherwise the source ip will be temporarily blocked.

receiving incremental file list
plugin_feed_info.inc
985 100% 961.91kB/s 0:00:00 (xfr#1, to-chk=0/1)

sent 43 bytes received 1,097 bytes 325.71 bytes/sec
total size is 985 speedup is 0.86
yuting7@DESKTOP:~/OpenVas$ greenbone-scapdata-sync
Not synchronizing or updating the database since the current user is not the owner of the database.
yuting7@DESKTOP:~/OpenVas$ openvasmd -f

** (process:5707): ERROR (recursed) **: Can not open ‘/var/log/openvas/openvasmd.log’ logfile: Permission denied
yuting7@DESKTOP:~/OpenVas$ openvassd -f
log_init():open : Permission denied
Could not open the logfile, using stderr
fdopen : Bad file descriptor
[Tue Apr 21 08:46:07 2020][5708] init_unix_network: Error on bind(/var/run/openvassd.sock): Permission denied

7

The DCMAKE_INSTALL_PREFIX=/home/yuting7/OpenVas only apply to source installation, using cmake ! If you install the packages via your system repository then your packages will be using the permissions defined by the package maintainer !

Go back to the package maintainer or install the sources form greenbone.

8

Seems to be a user access issue to the requested directory/file /var/log/openvas/openvasmd.log and to the database. Simply change the owner for the log file to the user which is defined in “DCMAKE_INSTALL_PREFIX/etc/default/gvmd”
like “chown gmv:gvm /var/log/openvas/openvasmd.log”
The same philosophy applies to the database user.

1 Like