Scan doesn't work

gmourani · October 10, 2021, 1:51am

Hello,

I’ve compiled and installed OpenVAs 21.4.2, then started ospd-openvas, gvmd, and gsad daemons with success. I can access the web portal and log in, then create my first target (192.168.2.0/24), then a scan task to test. Unfortunately, the scan complete without nothing detected. I can ping the subnet IP and nmap also work on the subnet IP. Port List data exist as well as Scan configs data and Scanners (CVE, OpenVAS Default). Therefore I’m a little bit lost now and need help to found out where the problem is, thanks.

GVM versions

**gsad: 21.4.2
**gvmd: 21.4.2
**openvas-scanner: 21.4.2
**gvm-libs: 21.4.2

Environment

**Operating system: AlmaLinux 8.4
**Kernel: 4.18.0-305.12.1
**Installation method / source: source

heewey · October 11, 2021, 7:23am

Hi,

you can increase the logging level /etc/gvm for gsad_log.conf gvmd_log.conf where “level=128” means DEBUG.
and inspect future logs from targets. I using the “htop” too, during the scan - for some additional pieces of information.

gmourani · October 11, 2021, 10:22pm

Hello,

Thanks for you help. It seems that the problem is related to the “Alive Test” option. If I put the “Consider Alive” parameter to avoid ping, then it works and I can scan my subnet. So the question here is why the ping is not working?

Regards, Screen Shot 2021-10-11 at 6.16.56 PM

heewey · October 12, 2021, 5:47am

It would relate to your network settings - just for sure try ping from Openvas machine to a few IP´s from your target list.

Possible reason - ICMP is not allowed on devices, firewall block, routing.

gmourani · October 12, 2021, 2:20pm

I can ping directly from the CLI on this OpenVAS server to the subnet which interests me. I thought maybe the ping command should have some right.

stat /bin/ping
Access: (0755/-rwxr-xr-x) Uid: ( 0/ root) Gid: ( 0/ root)

Regards,

heewey · October 13, 2021, 6:20am

Hi,

please read this article https://greenbone.github.io/docs/gvm-21.04/index.html# to correct user rights -

Creating a User and a Group

The services provided by the GVM framework should run as a dedicated user and group. Therefore a gvm user and a group with the same name will be created.

Creating a gvm system user and group

sudo useradd -r -M -U -G sudo -s /usr/sbin/nologin gvm

Adjusting the Current User

To allow the current user to run gvmd he must be added to the gvm group. To make the group change effective either logout and login again or use su .

Add current user to gvm group

sudo usermod -aG gvm $USER su $USER

If your GVM user is not able to directly using ping, then is not able RUN “Alive Test” where is PING part of them.

gmourani · October 23, 2021, 3:38am

User rights are correct, I can su - gvm then ping ip on my subnet.

/etc/passwd
gvm:x:983:598:Greenbone OpenVAS Manager:/var/lib/gvm:/bin/bash

/etc/group
redis:x:996:gvm
gvm:x:598:

-rwxr-xr-x. 1 root root 2831176 Oct 8 22:50 /usr/sbin/gvmd
-rwxr-xr-x. 1 root root 107032 Oct 8 22:37 /usr/sbin/openvas

sudoers
gvm ALL = NOPASSWD: /usr/sbin/openvas
gvm ALL = NOPASSWD: /usr/sbin/gsad

Regards,

winterk · October 24, 2021, 7:43am

You can additionally try “TCP SYN” discovery method instead of using ICMP since it is most likely the cause for your issues

gmourani · October 24, 2021, 2:47pm

Nothing works, I have tried all the “Alive Tests” available without success. I’m starting to run out of ideas, I don’t understand why the scan doesn’t return anything.

heewey · October 25, 2021, 2:32pm

When you check the openvas.log which is generated to the path by systemd unity configuration.

On my installation is in /var/log/gvm/openvas.log

and when you grep “Alive” then you can find what happened during the scan.

In the case when the logging level is not sufficient for you, you can update unit config /etc/systemd/system/ospd-openvas.service by adding a parameter to “ExecStart=”

--log-level DEBUG -f