Stuck VT test "Requested Status"

gvm-9

#1

One of my VT test are stuck in “Requested” status for a long time (2 hours). I’ve checked for any clues like service issues or logs pending and I didn’t get any luck. See below details for this instalation.

Iopenvas-check-setup 2.3.7
Mode: desktop
Date: Mon, 26 Nov 2018 16:00:03 +0000

Checking for old OpenVAS Scanner <= 2.0 …
/bin/openvas-check-setup: line 172: openvasd: command not found

Checking presence of OpenVAS Scanner …
OpenVAS Scanner 5.1.1
Most new code since 2005: © 2016 Greenbone Networks GmbH
Nessus origin: © 2004 Renaud Deraison deraison@nessus.org
License GPLv2: GNU GPL version 2
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.

Checking OpenVAS Scanner version …

    OK: OpenVAS Scanner is present in version 5.1.1.

plugins_folder = /var/lib/openvas/plugins
cache_folder = /var/cache/openvas
include_folders = /var/lib/openvas/plugins
max_hosts = 30
max_checks = 10
be_nice = no
logfile = /var/log/openvas/openvassd.log
log_whole_attack = no
log_plugins_name_at_load = no
dumpfile = /var/log/openvas/openvassd.dump
cgi_path = /cgi-bin:/scripts
optimize_test = yes
checks_read_timeout = 5
network_scan = no
non_simult_ports = 139, 445
plugins_timeout = 320
scanner_plugins_timeout = 36000
safe_checks = yes
auto_enable_dependencies = yes
use_mac_addr = no
nasl_no_signature_check = yes
drop_privileges = no
unscanned_closed = yes
unscanned_closed_udp = yes
vhosts =
vhosts_ip =
report_host_details = yes
kb_location = /tmp/redis.sock
timeout_retry = 3
rules = /etc/openvas/openvassd.rules
port_range = default
silent_dependencies = no
save_knowledge_base = no
kb_restore = no
only_test_hosts_whose_kb_we_dont_have = no
only_test_hosts_whose_kb_we_have = no
kb_dont_replay_scanners = no
kb_dont_replay_info_gathering = no
kb_dont_replay_attacks = no
kb_dont_replay_denials = no
kb_max_age = 864000
slice_network_addresses = no
cert_file = /var/lib/openvas/CA/servercert.pem
key_file = /var/lib/openvas/private/CA/serverkey.pem
ca_file = /var/lib/openvas/CA/cacert.pem
config_file = /etc/openvas/openvassd.conf
Checking presence of redis …
OK: redis-server is present in version v=3.2.12.

Checking if redis-server is configured properly to run with openVAS …
OK: scanner (kb_location setting) is configured properly using the redis-server socket: /tmp/redis.sock
Checking if redis-server is running …
OK: redis-server is running and listening on socket: /tmp/redis.sock.
OK: redis-server configuration is OK and redis-server is running.

Checking NVT collection …

    OK: NVT collection in /var/lib/openvas/plugins contains 47979 NVTs.

Checking status of signature checking in OpenVAS Scanner …
WARNING: Signature checking of NVTs is not enabled in OpenVAS Scanner.
SUGGEST: Enable signature checking (see http://www.openvas.org/trusted-nvts.html).

    OK: The NVT cache in /var/cache/openvas contains 64134 files for 47979 NVTs.

Checking presence of OpenVAS Manager …
OpenVAS Manager 7.0.2
Manager DB revision 184
Copyright © 2010-2016 Greenbone Networks GmbH
License GPLv2+: GNU GPL version 2 or later
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.

    OK: OpenVAS Manager is present in version 7.0.2.

Checking OpenVAS Manager database …

    OK: OpenVAS Manager database found in /var/lib/openvas/mgr/tasks.db.

Checking access rights of OpenVAS Manager database …

    OK: Access rights for the OpenVAS Manager database are correct.

Checking sqlite3 presence …
OK: sqlite3 found, extended checks of the OpenVAS Manager installation enabled.

Checking OpenVAS Manager database revision …
OK: OpenVAS Manager database is at revision 184.
Checking database revision expected by OpenVAS Manager …
OK: OpenVAS Manager expects database at revision 184.
OK: Database schema is up to date.
Checking OpenVAS Manager database (NVT data) …
OK: OpenVAS Manager database contains information about 63165 NVTs.
Checking if users exist …
OK: At least one user exists.

Checking OpenVAS SCAP database …

    OK: OpenVAS SCAP database found in /var/lib/openvas/scap-data/scap.db.

Checking OpenVAS CERT database …

    OK: OpenVAS CERT database found in /var/lib/openvas/cert-data/cert.db.

Checking xsltproc presence …
OK: xsltproc found.

Checking status of password policy …
WARNING: Your password policy is empty.
SUGGEST: Edit the /etc/openvas/pwpolicy.conf file to set a password policy.

Checking presence of Greenbone Security Assistant …
Greenbone Security Assistant 7.0.2
Copyright © 2010-2016 Greenbone Networks GmbH
License GPLv2+: GNU GPL version 2 or later
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.
OK: Greenbone Security Assistant is present in version 7.0.2.
Verifying certificate infrastructure …
OK: Directory for keys (/var/lib/openvas/private/CA) exists.
OK: Directory for certificates (/var/lib/openvas/CA) exists.
OK: CA key found in /var/lib/openvas/private/CA/cakey.pem
OK: CA certificate found in /var/lib/openvas/CA/cacert.pem
OK: CA certificate verified.
OK: Certificate /var/lib/openvas/CA/servercert.pem verified.
OK: Certificate /var/lib/openvas/CA/clientcert.pem verified.

OK: Your OpenVAS certificate infrastructure passed validation.

    OK: Your OpenVAS certificate infrastructure passed validation.

Checking presence of OpenVAS CLI …
OMP Command Line Interface 1.4.5
Copyright © 2010-2016 Greenbone Networks GmbH
License GPLv2+: GNU GPL version 2 or later
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.

    OK: OpenVAS CLI version 1.4.5.
    SKIP: Skipping check for Greenbone Security Desktop.

Checking netstat presence …
OK: netstat found, extended checks of the OpenVAS services enabled.

Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 127.0.0.1:25 0.0.0.0:* LISTEN 963/master
tcp 0 0 127.0.0.1:199 0.0.0.0:* LISTEN 843/snmpd
tcp 0 0 127.0.0.1:6379 0.0.0.0:* LISTEN 1015/redis-server 1
tcp 0 0 0.0.0.0:80 0.0.0.0:* LISTEN 893/gsad
tcp 0 0 0.0.0.0:9392 0.0.0.0:* LISTEN 892/gsad
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 1021/sshd
tcp6 0 0 ::1:25 :::* LISTEN 963/master
tcp6 0 0 :::22 :::* LISTEN 1021/sshd
OK: OpenVAS Scanner is running and listening on a Unix domain socket.
OK: OpenVAS Manager is running and listening on a Unix domain socket.
OK: Greenbone Security Assistant is listening on port 9392, which is the default port.
Checking presence of nmap …
WARNING: Your version of nmap is not fully supported: 6.47
SUGGEST: You should install nmap 5.51 if you plan to use the nmap NSE NVTs.

Checking presence of pdflatex …
OK: pdflatex found.

Checking presence of LaTeX packages required for PDF report generation …
WARNING: PDF generation failed, most likely due to missing LaTeX packages. The PDF report format will not work.
SUGGEST: Install required LaTeX packages.
Checking presence of ssh-keygen …
OK: ssh-keygen found, LSC credential generation for GNU/Linux targets is likely to work.

Checking presence of rpm …
OK: rpm found, LSC credential package generation for RPM based targets is likely to work.

Checking presence of alien …
OK: alien found, LSC credential package generation for DEB based targets is likely to work.

Checking presence of nsis …
OK: nsis found, LSC credential package generation for Microsoft Windows targets is likely to work.
Checking for SELinux …
OK: SELinux is disabled.


#2

Hi, when choosing the category for a topic please try to have a look at the category description for each category first:

The current used category is/was https://community.greenbone.net/c/vulnerability-tests (Description: About the Vulnerability Tests category) which is about vulnerability tests (the so called “NASL scripts”).

Based on your questions it seems to be relevant to the OpenVAS/GVM setup and not a vulnerability test itself. For such questions the https://community.greenbone.net/c/gse (Description: About the Source Edition (GSE) category) needs to be chosen.

I have moved the topic to the correct category for now. It could be possible that the info above is made more prominent / easier to find in the future.

Comparing this versions with the latest ones of GVM-9 (stable, initial release 2017-03-07) those are quite outdated.

Please update to the recent releases and try again.


#3

Atomic doesn’t provide this update in CentOS 7. We are using them to get most recently versions.

Is there any new procedure for fix this?

Best Regards,


#4

Hi,

the openvas-check-setup isn’t very helpful. It might give you wrong impressions about the state of your setup. It’s deprecated and not developed anymore.

Greenbone doesn’t provide any distribution packages see also the details about the GSE category

Therefore we aren’t responsible for the cent os packages. Please get contact the repository maintainers or alternatively you can try the GCE

or build from sources.

Before looking at your issue in more detail we have to ensure that this bug is still valid for the latest releases. If you search for the term “stuck” here you can see it’s very likely that the issue is fixed already.