I am seeing an issue on a clean installation of GVM 20.08 from source where the gmvd.log seems to be looping with a warning that it is skipping one NVT. The NVT is always the same, but the config UUID changes (see example of logs below). I’ve waited 8 hours and it keeps on logging this warning over and over again. I’ve tried resyncing and restarting, as well as starting over clean again. I’ve verified that I’m following the same steps and using the same commits that I have installed from successfully before as recently as January.
Wondering if anyone else is seeing this issue or has any thoughts on how to investigate further? What steps could I take to look into the problem NVT? Thank you!
Sample of log output:
md manage:WARNING:2021-02-05 22h16.34 utc:1266: insert_nvt_selectors: skipping NVT '1.3.6.1.4.1.25623.1.0.150081' from import of config '6fa8ded2-7da8-4cbd-8d9d-7e1f78f7565d' because the NVT does not have a family
md manage:WARNING:2021-02-05 22h16.34 utc:1266: create_config_from_file: Internal error
event config:MESSAGE:2021-02-05 22h16.34 utc:1266: Scan config could not be created by admin
md manage:WARNING:2021-02-05 22h16.35 utc:1266: insert_nvt_selectors: skipping NVT '1.3.6.1.4.1.25623.1.0.150081' from import of config 'd5b57717-5b31-43e7-8b34-f964f87f245d' because the NVT does not have a family
md manage:WARNING:2021-02-05 22h16.35 utc:1266: create_config_from_file: Internal error
event config:MESSAGE:2021-02-05 22h16.35 utc:1266: Scan config could not be created by admin
md manage:WARNING:2021-02-05 22h16.45 utc:1266: insert_nvt_selectors: skipping NVT '1.3.6.1.4.1.25623.1.0.150081' from import of config '90fa7099-a08c-4ec5-a0a8-642dbd002ca2' because the NVT does not have a family
md manage:WARNING:2021-02-05 22h16.45 utc:1266: create_config_from_file: Internal error
event config:MESSAGE:2021-02-05 22h16.45 utc:1266: Scan config could not be created by admin
md manage:WARNING:2021-02-05 22h16.46 utc:1266: insert_nvt_selectors: skipping NVT '1.3.6.1.4.1.25623.1.0.150081' from import of config '115555ff-a9c8-4461-8ede-6f0ba97d8fee' because the NVT does not have a family
md manage:WARNING:2021-02-05 22h16.46 utc:1266: create_config_from_file: Internal error
event config:MESSAGE:2021-02-05 22h16.46 utc:1266: Scan config could not be created by admin
md manage:WARNING:2021-02-05 22h16.57 utc:1266: insert_nvt_selectors: skipping NVT '1.3.6.1.4.1.25623.1.0.150081' from import of config '456c26f4-16ae-41af-b275-63b411d6992f' because the NVT does not have a family
md manage:WARNING:2021-02-05 22h16.57 utc:1266: create_config_from_file: Internal error
Brand new here, but facing exactly the same error, on exactly the same NVT. My host is CentOS8, and I am running the securecompliance/gvm docker container.
I’m assuming CentOS’ config subtly differs from Debian, but not sure where to start debugging.
I have GVM 20.08 installed since 11/2020 and working very wheel at CentOS 8.
Today the machine ran out of disk space. I checked and I have more than 25G occupied with several files /tmp/gvmd-split-xml-file-*.
So I deleted all the files and updated all the things that run with cron.daily:
su - gvm -c “/usr/bin/greenbone-nvt-sync”
su - gvm -c “/usr/sbin/greenbone-feed-sync --type GVMD_DATA”
su - gvm -c “/usr/sbin/greenbone-feed-sync --type SCAP”
su - gvm -c “/usr/sbin/greenbone-feed-sync --type CERT”
su - gvm -c “openvas --update-vt-info”
But I’m allways with the errors:
md manage:WARNING:2021-02-08 16h38.09 utc:3726: insert_nvt_selectors: skipping NVT ‘1.3.6.1.4.1.25623.1.0.150081’ from import of config ‘67780699-722e-412b-9583-51e0d3f2196a’ because the NVT does not have a family
md manage:WARNING:2021-02-08 16h38.09 utc:3726: create_config_from_file: Internal error
event config:MESSAGE:2021-02-08 16h38.09 utc:3726: Scan config could not be created by admin
And another strange thing at “/var/log/gvm/openvas.log”:
lib nvticache:MESSAGE:2021-02-05 03h11.08 utc:51220: Updated NVT cache from version 202102031117 to 202102041133
lib nvticache:MESSAGE:2021-02-06 03h24.23 utc:140668: Updated NVT cache from version 202102041133 to 202102051759
lib nvticache:MESSAGE:2021-02-08 09h51.18 utc:1552: Updated NVT cache from version 0 to 202102051759
lib nvticache:MESSAGE:2021-02-08 15h56.42 utc:1528: Updated NVT cache from version 0 to 202102051759
lib nvticache:MESSAGE:2021-02-08 15h58.37 utc:1985: Updated NVT cache from version 202102051759 to 202102081102
lib nvticache:MESSAGE:2021-02-08 16h14.56 utc:2109: Updated NVT cache from version 0 to 202102081102
I’m not sure where to report this, but as I suspected, there seems to be something wrong with the latest update in the NVT feed.
I searched the feed directories for the troublesome OID (1.3.6.1.4.1.25623.1.0.150081) and found it only in 4 files in
/usr/local/var/lib/gvm/data-objects/gvmd/20.08/configs :
While editing, I realized that 2 of the 4 had 2 references to the OID, and the other 2 did not. The second reference was regarding the family. I added family reference and viola!!
The VT in question is only a part of the Greenbone Security Feed, but missing from the Greenbone Community Feed. However, the new policy XML files in the Community Feed still reference it. I have opened an internal issue to get this sorted out!
Note that we have also improved our backend recently to make it more resilient in cases like these: https://github.com/greenbone/gvmd/pull/1366
With this PR I am not able to reproduce the error, please check it out.
I’m having this issue while using a dockerized version.
openvas | event config:MESSAGE:2021-02-10 22h02.21 utc:319: Scan config could not be created by admin
openvas | md manage:WARNING:2021-02-10 22h02.22 utc:319: insert_nvt_selectors: skipping NVT '1.3.6.1.4.1.25623.1.0.150081' from import of config '697aa8c8-902e-400d-b42d-82aa73c3ee56' because the NVT does not have a family
openvas | md manage:WARNING:2021-02-10 22h02.22 utc:319: create_config_from_file: Internal error
openvas | event config:MESSAGE:2021-02-10 22h02.22 utc:319: Scan config could not be created by admin
openvas | md manage:WARNING:2021-02-10 22h02.33 utc:319: insert_nvt_selectors: skipping NVT '1.3.6.1.4.1.25623.1.0.150081' from import of config 'c30b9c31-8347-40cb-9ba6-15669fa684f8' because the NVT does not have a family
openvas | md manage:WARNING:2021-02-10 22h02.33 utc:319: create_config_from_file: Internal error
openvas | event config:MESSAGE:2021-02-10 22h02.33 utc:319: Scan config could not be created by admin
openvas | md manage:WARNING:2021-02-10 22h02.34 utc:319: insert_nvt_selectors: skipping NVT '1.3.6.1.4.1.25623.1.0.150081' from import of config '91a2ca33-356d-4265-96fe-f5a7bdbb7098' because the NVT does not have a family
openvas | md manage:WARNING:2021-02-10 22h02.34 utc:319: create_config_from_file: Internal error
openvas | event config:MESSAGE:2021-02-10 22h02.34 utc:319: Scan config could not be created by admin
openvas | md manage:WARNING:2021-02-10 22h02.45 utc:319: insert_nvt_selectors: skipping NVT '1.3.6.1.4.1.25623.1.0.150081' from import of config '008d256b-be15-47fe-a7b6-7a08ed39c6db' because the NVT does not have a family
openvas | md manage:WARNING:2021-02-10 22h02.45 utc:319: create_config_from_file: Internal error
openvas | event config:MESSAGE:2021-02-10 22h02.45 utc:319: Scan config could not be created by admin
openvas | md manage:WARNING:2021-02-10 22h02.47 utc:319: insert_nvt_selectors: skipping NVT '1.3.6.1.4.1.25623.1.0.150081' from import of config '16f468ea-ccd0-433b-b377-01e4884165a5' because the NVT does not have a family
openvas | md manage:WARNING:2021-02-10 22h02.47 utc:319: create_config_from_file: Internal error
openvas | event config:MESSAGE:2021-02-10 22h02.47 utc:319: Scan config could not be created by admin
To be clear this issue is fixed with the https://github.com/greenbone/gvmd/pull/1366 PR on GitHub. The changes of the PR are included in our latest bugfix release from last week. Additionally the feed will get an update to not reference the missing VT in the policy provided in the Greenbone Community Feed (GCF). The VT is included in our commercial Greenbone Security Feed (GSF) only.
Therefore the problem has been fixed from our side. If you are using third party packages, docker containers, etc. you need to create an issue report for the maintainers of these packagers, containers, … See Frequently Asked Questions (FAQ)
Bricks,
Thanks! I wasn’t aware there was a new release. It did in fact resolve the issue. Are the community releases announced anywhere? I don’t see an announcement in the “News”. Or maybe there is an email list for releases? I’m maintaining a docker container, and I don’t want to miss a release.
Currently I am not announcing bugfix releases because they are happen only rarely and unstructured. Nevertheless you can use GitHubs functionality to get notifications for release. Besides that I am often announcing changes at https://twitter.com/openvas
can you please let me know how to get the rpm package of latest release without compiling the source code ( env is not avialable for me) . due to these errors VM getting constantly crashed ( large number of xml files)