Skipping NVT '1.3.6.1.4.1.25623.1.0.150081'

Hello,

I am seeing an issue on a clean installation of GVM 20.08 from source where the gmvd.log seems to be looping with a warning that it is skipping one NVT. The NVT is always the same, but the config UUID changes (see example of logs below). I’ve waited 8 hours and it keeps on logging this warning over and over again. I’ve tried resyncing and restarting, as well as starting over clean again. I’ve verified that I’m following the same steps and using the same commits that I have installed from successfully before as recently as January.

Wondering if anyone else is seeing this issue or has any thoughts on how to investigate further? What steps could I take to look into the problem NVT? Thank you!

Sample of log output:

md manage:WARNING:2021-02-05 22h16.34 utc:1266: insert_nvt_selectors: skipping NVT '1.3.6.1.4.1.25623.1.0.150081' from import of config '6fa8ded2-7da8-4cbd-8d9d-7e1f78f7565d' because the NVT does not have a family
md manage:WARNING:2021-02-05 22h16.34 utc:1266: create_config_from_file: Internal error
event config:MESSAGE:2021-02-05 22h16.34 utc:1266: Scan config could not be created by admin
md manage:WARNING:2021-02-05 22h16.35 utc:1266: insert_nvt_selectors: skipping NVT '1.3.6.1.4.1.25623.1.0.150081' from import of config 'd5b57717-5b31-43e7-8b34-f964f87f245d'   because the NVT does not have a family
md manage:WARNING:2021-02-05 22h16.35 utc:1266: create_config_from_file: Internal error
event config:MESSAGE:2021-02-05 22h16.35 utc:1266: Scan config could not be created by admin
md manage:WARNING:2021-02-05 22h16.45 utc:1266: insert_nvt_selectors: skipping NVT '1.3.6.1.4.1.25623.1.0.150081' from import of config '90fa7099-a08c-4ec5-a0a8-642dbd002ca2' because the NVT does not have a family
md manage:WARNING:2021-02-05 22h16.45 utc:1266: create_config_from_file: Internal error
event config:MESSAGE:2021-02-05 22h16.45 utc:1266: Scan config could not be created by admin
md manage:WARNING:2021-02-05 22h16.46 utc:1266: insert_nvt_selectors: skipping NVT '1.3.6.1.4.1.25623.1.0.150081' from import of config '115555ff-a9c8-4461-8ede-6f0ba97d8fee' because the NVT does not have a family
md manage:WARNING:2021-02-05 22h16.46 utc:1266: create_config_from_file: Internal error
event config:MESSAGE:2021-02-05 22h16.46 utc:1266: Scan config could not be created by admin
md manage:WARNING:2021-02-05 22h16.57 utc:1266: insert_nvt_selectors: skipping NVT '1.3.6.1.4.1.25623.1.0.150081' from import of config '456c26f4-16ae-41af-b275-63b411d6992f' because the NVT does not have a family
md manage:WARNING:2021-02-05 22h16.57 utc:1266: create_config_from_file: Internal error

GVM versions

gsad: 20.08.0
gvmd: 20.08.0
openvas-scanner: 20.08.0
gvm-libs: 20.08.0

Environment

Operating system: CentOS 8

Hi!

Brand new here, but facing exactly the same error, on exactly the same NVT. My host is CentOS8, and I am running the securecompliance/gvm docker container.

I’m assuming CentOS’ config subtly differs from Debian, but not sure where to start debugging.

I’m seeing this on multiple builds. It looks like an error in a recently added NVT. I’m only guessing though. Can anyone confirm?

I’m seeing it on a docker build too, rebuilding to latest didn’t change anything.

Hi,

I have GVM 20.08 installed since 11/2020 and working very wheel at CentOS 8.
Today the machine ran out of disk space. I checked and I have more than 25G occupied with several files /tmp/gvmd-split-xml-file-*.

So I deleted all the files and updated all the things that run with cron.daily:

su - gvm -c “/usr/bin/greenbone-nvt-sync”
su - gvm -c “/usr/sbin/greenbone-feed-sync --type GVMD_DATA”
su - gvm -c “/usr/sbin/greenbone-feed-sync --type SCAP”
su - gvm -c “/usr/sbin/greenbone-feed-sync --type CERT”
su - gvm -c “openvas --update-vt-info”

But I’m allways with the errors:

md manage:WARNING:2021-02-08 16h38.09 utc:3726: insert_nvt_selectors: skipping NVT ‘1.3.6.1.4.1.25623.1.0.150081’ from import of config ‘67780699-722e-412b-9583-51e0d3f2196a’ because the NVT does not have a family
md manage:WARNING:2021-02-08 16h38.09 utc:3726: create_config_from_file: Internal error
event config:MESSAGE:2021-02-08 16h38.09 utc:3726: Scan config could not be created by admin

And another strange thing at “/var/log/gvm/openvas.log”:

lib nvticache:MESSAGE:2021-02-05 03h11.08 utc:51220: Updated NVT cache from version 202102031117 to 202102041133
lib nvticache:MESSAGE:2021-02-06 03h24.23 utc:140668: Updated NVT cache from version 202102041133 to 202102051759
lib nvticache:MESSAGE:2021-02-08 09h51.18 utc:1552: Updated NVT cache from version 0 to 202102051759
lib nvticache:MESSAGE:2021-02-08 15h56.42 utc:1528: Updated NVT cache from version 0 to 202102051759
lib nvticache:MESSAGE:2021-02-08 15h58.37 utc:1985: Updated NVT cache from version 202102051759 to 202102081102
lib nvticache:MESSAGE:2021-02-08 16h14.56 utc:2109: Updated NVT cache from version 0 to 202102081102

Any ideias will be very weel received

Thank you all.

I’m not sure where to report this, but as I suspected, there seems to be something wrong with the latest update in the NVT feed.

I searched the feed directories for the troublesome OID (1.3.6.1.4.1.25623.1.0.150081) and found it only in 4 files in
/usr/local/var/lib/gvm/data-objects/gvmd/20.08/configs :

policy-gaussdbkernel-2eec8313-fee4-442a-b3c4-fa0d5dc83d61.xml
policy-opengauss-c2b049f9-6d3d-45be-871f-2252895ed9e8.xml
policy_euleros_20200909_9f822ad3-9208-4e02-ac03-78dce3ca9a23.xml
policy_gaussdb_20200909_61327f09-8a54-4854-9e1c-16798285fb28.xml

I first edited these xml files and removed the sections with the troublesome OID, and the errors were gone.

The removed sections appear as:

    <preference>
      <nvt oid="1.3.6.1.4.1.25623.1.0.150081">
        <name>Linux: SSH AllowGroups</name>
      </nvt>
      <name>Value</name>
      <type>entry</type>
      <value/>
      <default>group1 group2</default>
      <id>1</id>
    </preference>

OR

    <nvt_selector>
      <include>1</include>
      <type>2</type>
      <family_or_nvt>1.3.6.1.4.1.25623.1.0.150081</family_or_nvt>
    </nvt_selector>

While editing, I realized that 2 of the 4 had 2 references to the OID, and the other 2 did not. The second reference was regarding the family. I added family reference and viola!!

So … It’s a feed problem.

However … after a short while, now I’m getting these errors. Which I suspect may be a product of manually editing the feed ???

md manage:WARNING:2021-02-08 18h05.22 utc:849: update_scap: last scap update later than last feed update

md manage:WARNING:2021-02-08 18h05.32 utc:859: update_scap: last scap update later than last feed update

md manage:WARNING:2021-02-08 18h05.42 utc:866: update_scap: last scap update later than last feed update

md manage:WARNING:2021-02-08 18h05.52 utc:877: update_scap: last scap update later than last feed update

md manage:WARNING:2021-02-08 18h06.02 utc:886: update_scap: last scap update later than last feed update

md manage:WARNING:2021-02-08 18h06.12 utc:893: update_scap: last scap update later than last feed update

Hello everyone, thank you for the reports.

The VT in question is only a part of the Greenbone Security Feed, but missing from the Greenbone Community Feed. However, the new policy XML files in the Community Feed still reference it. I have opened an internal issue to get this sorted out!

Note that we have also improved our backend recently to make it more resilient in cases like these: https://github.com/greenbone/gvmd/pull/1366
With this PR I am not able to reproduce the error, please check it out.

Thanks Martin!

Hello Martin,

I understand what you had explained. But should I run that procedure or is better wait for a solution on the feed?

Thank you.

Thanks, Martin! I’ll check out the PR that you linked. Looks like a nice improvement to make the sync process more resilient.

Hi @Martin

I’m having this issue while using a dockerized version.

openvas    | event config:MESSAGE:2021-02-10 22h02.21 utc:319: Scan config could not be created by admin
openvas    | md manage:WARNING:2021-02-10 22h02.22 utc:319: insert_nvt_selectors: skipping NVT '1.3.6.1.4.1.25623.1.0.150081' from import of config '697aa8c8-902e-400d-b42d-82aa73c3ee56' because the NVT does not have a family
openvas    | md manage:WARNING:2021-02-10 22h02.22 utc:319: create_config_from_file: Internal error
openvas    | event config:MESSAGE:2021-02-10 22h02.22 utc:319: Scan config could not be created by admin
openvas    | md manage:WARNING:2021-02-10 22h02.33 utc:319: insert_nvt_selectors: skipping NVT '1.3.6.1.4.1.25623.1.0.150081' from import of config 'c30b9c31-8347-40cb-9ba6-15669fa684f8' because the NVT does not have a family
openvas    | md manage:WARNING:2021-02-10 22h02.33 utc:319: create_config_from_file: Internal error
openvas    | event config:MESSAGE:2021-02-10 22h02.33 utc:319: Scan config could not be created by admin
openvas    | md manage:WARNING:2021-02-10 22h02.34 utc:319: insert_nvt_selectors: skipping NVT '1.3.6.1.4.1.25623.1.0.150081' from import of config '91a2ca33-356d-4265-96fe-f5a7bdbb7098' because the NVT does not have a family
openvas    | md manage:WARNING:2021-02-10 22h02.34 utc:319: create_config_from_file: Internal error
openvas    | event config:MESSAGE:2021-02-10 22h02.34 utc:319: Scan config could not be created by admin
openvas    | md manage:WARNING:2021-02-10 22h02.45 utc:319: insert_nvt_selectors: skipping NVT '1.3.6.1.4.1.25623.1.0.150081' from import of config '008d256b-be15-47fe-a7b6-7a08ed39c6db' because the NVT does not have a family
openvas    | md manage:WARNING:2021-02-10 22h02.45 utc:319: create_config_from_file: Internal error
openvas    | event config:MESSAGE:2021-02-10 22h02.45 utc:319: Scan config could not be created by admin
openvas    | md manage:WARNING:2021-02-10 22h02.47 utc:319: insert_nvt_selectors: skipping NVT '1.3.6.1.4.1.25623.1.0.150081' from import of config '16f468ea-ccd0-433b-b377-01e4884165a5' because the NVT does not have a family
openvas    | md manage:WARNING:2021-02-10 22h02.47 utc:319: create_config_from_file: Internal error
openvas    | event config:MESSAGE:2021-02-10 22h02.47 utc:319: Scan config could not be created by admin

I guess you can try to reprodue it with this:

docker-compose.yml

version: "3.3"
services:
  openvas:
    ports:
      - "8080:9392"
    environment:
      - "PASSWORD=Your admin password here"
    volumes:
      - "openvas:/data"
    container_name: openvas
    image: immauss/openvas:latest
volumes:
  openvas:

To be clear this issue is fixed with the https://github.com/greenbone/gvmd/pull/1366 PR on GitHub. The changes of the PR are included in our latest bugfix release from last week. Additionally the feed will get an update to not reference the missing VT in the policy provided in the Greenbone Community Feed (GCF). The VT is included in our commercial Greenbone Security Feed (GSF) only.

Therefore the problem has been fixed from our side. If you are using third party packages, docker containers, etc. you need to create an issue report for the maintainers of these packagers, containers, … See Frequently Asked Questions (FAQ)

Bricks,
Thanks! I wasn’t aware there was a new release. It did in fact resolve the issue. Are the community releases announced anywhere? I don’t see an announcement in the “News”. Or maybe there is an email list for releases? I’m maintaining a docker container, and I don’t want to miss a release.

Thanks,
Scott

Currently I am not announcing bugfix releases because they are happen only rarely and unstructured. Nevertheless you can use GitHubs functionality to get notifications for release. Besides that I am often announcing changes at https://twitter.com/openvas

Thanks Bjorn!
I’ll do both.

-Scott

can you please let me know how to get the rpm package of latest release without compiling the source code ( env is not avialable for me) . due to these errors VM getting constantly crashed ( large number of xml files)

We can’t do that. We are not involved in any distribution packaging. Please take a look at the FAQ for more details.