Virtual Appliance v4.2.24 all scans fail

gce

#1

I have downloaded and installed the GCE v4.2.4 and configured it using the instructions provided here: https://www.greenbone.net/en/install_use_gce/ and installed it on a Vmware ESXi 6.7 server.

Using the most basic settings, all scan tasks result in empty reports. It looks like no NVT tests are being run. I have tried multiple Alive Tests to no avail. I have tried the CVE scanner to n avail.

if I log into the shell of the virtual appliance, a basic nmap -sn ping scan succeeds showing hosts that are alive on the network.

If I look at /var/log/openvas/openvassd.messages, it shows “Testing” and “Finished testing” messages for the hosts on my network and demonstrates it is resolving the host names properly. Near the bottom of the log message, it shows “Client not present” so I wonder if that is a hint of the root cause?


New 4.2.24 install all scan blank
#2

Hi

did you already read and try the hints from

?


#3

Yes I tried all those things.

I verified namp is in the PATH of the root user (note:the guide doesn’t say which user to check the PATH for… It should)

I used nmap -sn, which is the same as an ICMP ECHO test. I’m pretty sure openvas uses that exact command for that type of active test. I used the other tests as well, including the ‘assume alive’ variant.

Note: this is a brand new out of the box v4.2.4 virtual appliance install. All the feed syncs are current.


#4

Hi,

few notes:

Are you really running 4.2.4 or is this a typo and you’re running 4.2.24?

The GCE is a ready to run appliance, there is absolutely no access to the shell and checks for nmap on the shell required. Please don’t use any shell command, especially as root as you might break the base system sooner or later.

Only the “not shell” related steps in the linked thread are something you should check for the GCE.

Which is not absolutely true, quoting from man nmap:

The default host discovery done with -sn consists of an ICMP echo request, TCP SYN to port 443, TCP ACK to port 80, and an ICMP timestamp request by default. When executed by an unprivileged user, only SYN packets are sent (using a connect call) to ports 80 and 443 on the target.

The “alive” test “Scan config default” of the scan configuration is only using nmap -PE which is a “real” ICMP echo request only.


#5

Sorry, typing from mobile phone here…

Yes it was a typo, the version is 4.2.24

Regarding the shell access, I understand the implications but please keep things in perspective… The troubleshooting steps say check the path, so that’s what I did. And right now the out of the box install is broken for me, so the risk of it getting more broken makes the root shell concern a bit of a moot point.

And yes I understand your point regarding the nmap man page. When running as root (which I did) nmap -sn does do a icmp ECHO, as well as other tests. I’m getting a combatative vibe from your response and it’s really not necessary or helping actually solve the problem.

The important question here is, have you installed v4.2.24 and does it work out of the box for you? Do you have suggestions on how to further troubleshoot or remediate the problem?


#6

Hi,

the main problem is that no one currently knows which commands you have already tried on the command line while trying to solve this issue which might have contributed to or even causing this issue (e.g. running greenbone-nvt-sync on the command line instead of via the menu).

Thus the note/warning about root/shell access was given.

Similar the note about the nmap parameter so that this discussion isn’t based on incorrect assumptions.

To verify the status of the version 4.2.24 of the GCE (i only had 4.2.20 installed) i had:

  1. downloaded and installed a fresh 4.2.24 ISO image following the instructions posted initially
  2. done a successful first feed sync (no “A system operation is currently running” in the About menu like explained in the initial posted link)
  3. started a new scan against a system answering to ICMP echo requests

The system was detected as “alive” correctly and the results are coming in (e.g. services detected) as expected.

I will see (if time permits) to update Hint: Hosts are not scanned / not shown as “Alive” to make clear that parts of the steps shouldn’t be done for the GCE and to add a few additional notes on how to enabling more debugging steps.

For now i suggest the following:

  1. Re-do the installation of the GCE 4.2.24 installation without going to the shell
  2. Wait until the feed was synced successfully (Check the About menu)
  3. Try to enable additional logging within the nmap (NASL wrapper) and Ping Host VTs (e.g. enable nmap logging) to see possible issues

Greenbone 4.2.24 fresh install, can't see Internet