openvas scan fails silently if port_list is empty

[mellymello]

Hello,

When trying to run openvas scan, the scan failed after a few seconds.

The status in PatrolManager was [EngineTasks/startscan_task/08513bb4-86b8-487f-8492-34c25f3095da] [Job=1] DuringScan - bad scanner status: ERROR (retries left=1). And the status in the engine was simply Error.

Moreover, the reason in engines/openvas/info wasn't updated after "Loadconfig: Configuration file successfuly loaded. Let's go guy !" and I don't know why

Anyway after investigating, I found that the "OpenVAS Default" port list was missing in the port config (gvm side) and the default policy of PatrowlManager do not specify the port_list option. Thus, the scan fails.

Part of the code that helped me to find the issue (from line 1024)

    if "OpenVAS Default" in this.openvas_portlists.keys():
        scan_portlist_id = this.openvas_portlists["OpenVAS Default"]
    scan_portlist_name = ""
    if 'port_list' in scan["options"].keys():
        scan_portlist_name = scan["options"]["port_list"]
        if scan_portlist_name in this.openvas_portlists.keys():
            scan_portlist_id = this.openvas_portlists[scan_portlist_name]

    # print("scan_portlist_id:", scan_portlist_id)

    if scan_portlist_id is None:
        engine.scans[scan_id]['status'] = "ERROR"
        engine.scans[scan_id]['reason'] = "Port list unknown ('OpenVAS Default' ?)"
        return False

I fixed the problem by creating the "OpenVAS Default" port list in GSA (and creating a new policy with patrowl-all_tcp as value to the port_list argument.. you never know)

Maybe, in addition to the status and reason error handling you can add more logging ?

Gvm Version 21.4.3 (from Debian package) PatrowlManager 18.4 PatrowlEngine 1.5.2

Other than that, it worked perfectly so a big congrats and thx

[karnamonkster]

Hi @mellymello ,

I am running a GVMD version 21.4.5 (Source install) PatrowlManager - 1.8.4 Community Edition PatrowlEngine - 1.5.3 Could you please share (removing the sensitive parts) your openvas.json file for this engine. For some reason there is a connection error when I initiate a scan. read_from_client_tls: failed to read from client: The TLS connection was non-properly terminated.

As this is a test setup , I am running both of them on same machine. Do you know what could be the issue?

[mellymello]

Hope it can help you :

{
  "name": "Openvas API",
  "version": "1.1.0",
  "description": "Openvas API",
  "allowed_asset_types": ["fqdn" ,"ip", "domain", "ip-subnet", "ip-range", "url"],
  "options": {
     "gmp_host":         { "type": "required", "value": "127.0.0.1"},
     "gmp_port":         { "type": "optional", "value": "9390"},
     "gmp_username":     { "type": "optional", "value": "hawk"},
     "gmp_password":     { "type": "optional", "value": "yoursecurepassword"},
     "default_credential_name":  { "type": "optional", "value": "SSH Scanner"},
     "default_scan_config_name": { "type": "optional", "value": "Full and fast"}
  }
}

This might also help you :

/etc/systemd/system/gsad.service

[Unit]
Description=Greenbone Security Assistant (gsad)
Documentation=man:gsad(8) https://www.greenbone.net
After=network.target gvmd.service
Wants=gvmd.service

[Service]
Type=forking
User=_gvm
Group=_gvm
ExecStart=/usr/sbin/gsad --listen=127.0.0.1 --port=9392 --mlisten=127.0.0.1 --mport=9390
Restart=always
TimeoutStopSec=10

[Install]
WantedBy=multi-user.target
Alias=gsad.service

[karnamonkster]

Thanks for the quick update @mellymello :) I also have exactly the same setup, but still facing the same error unfortunately.

[mellymello]

your error is starting to remind me something...

I also edited this file : /etc/systemd/system/multi-user.target.wants/gvmd.service

[Unit]
Description=Greenbone Vulnerability Manager daemon (gvmd)
After=network.target networking.service postgresql.service ospd-openvas.service
Wants=postgresql.service ospd-openvas.service
Documentation=man:gvmd(8)
ConditionKernelCommandLine=!recovery

[Service]
Type=forking
User=_gvm
Group=_gvm
PIDFile=/run/gvm/gvmd.pid
RuntimeDirectory=gvm
RuntimeDirectoryMode=2775
ExecStart=/usr/sbin/gvmd --osp-vt-update=/run/ospd/ospd.sock --listen=127.0.0.1
Restart=always
TimeoutStopSec=10

[Install]
WantedBy=multi-user.target

[karnamonkster]

These settings are same as well for me..

Thanks for your help anyways. May be something else which is missing.

[bdoublet91]

Hi @mellymello .

I'll try to help you about your openvas configuration.

First gvmd service, this is the one which expose the port 9390

[Unit]
Description=Greenbone Vulnerability Manager daemon (gvmd)
After=network.target networking.service postgresql.service ospd-openvas.service
Wants=postgresql.service ospd-openvas.service
Documentation=man:gvmd(8)
ConditionKernelCommandLine=!recovery
[Service]
Type=forking
User=gvm
Group=gvm
PIDFile=/run/gvm/gvmd.pid
RuntimeDirectory=gvm
RuntimeDirectoryMode=2775
ExecStart=/usr/local/sbin/gvmd --osp-vt-update=/run/ospd/ospd-openvas.sock --listen-group=gvm --listen=127.0.0.1 --port=9390
Restart=always
TimeoutStopSec=10
[Install]
WantedBy=multi-user.target

Second GSAD, the -mport is to config gsad to connect to openvas manager. This is not the exposed port where the openvas engine will connect to.

Description=Greenbone Security Assistant daemon (gsad)
Documentation=man:gsad(8) https://www.greenbone.net
After=network.target gvmd.service
Wants=gvmd.service
[Service]
Type=forking
User=gvm
Group=gvm
PIDFile=/run/gvm/gsad.pid
ExecStart=/usr/local/sbin/gsad --listen=127.0.0.1 --port=9392 --mlisten=127.0.0.1 --mport=9390
Restart=always
TimeoutStopSec=10
[Install]
WantedBy=multi-user.target
Alias=greenbone-security-assistant.service

and last OSPD

[Unit]
Description=OSPd Wrapper for the OpenVAS Scanner (ospd-openvas)
Documentation=man:ospd-openvas(8) man:openvas(8)
After=network.target networking.service redis-server@openvas.service
Wants=redis-server@openvas.service
ConditionKernelCommandLine=!recovery
[Service]
Type=forking
User=gvm
Group=gvm
RuntimeDirectory=ospd
RuntimeDirectoryMode=2775
PIDFile=/run/ospd/ospd-openvas.pid
ExecStart=/usr/local/bin/ospd-openvas --unix-socket /run/ospd/ospd-openvas.sock --pid-file /run/ospd/ospd-openvas.pid --log-file /var/log/gvm/ospd-openvas.log --lock-file-dir /var/lib/openvas --socket-mode 0o770
SuccessExitStatus=SIGKILL
Restart=always
RestartSec=60
[Install]
WantedBy=multi-user.target

This config works if your engine is installed on the host where openvas is too. If you want to install openvas on another server, just expose three services on ip of your private network and modify engines config to this ip.

Be carefull with user of the service, I use specific linux user gvm so you could have some rights problem. You can use root at your own risks ;)

Hope it will correct your problem :)

[karnamonkster]

Hi @bdoublet91 ,

The issue is with my setup and was checking with @mellymello for some help. Thanks for your response.(The more the merrier :)) I have the same configurations which you mentioned for GVMD, GSAD and OSPD-OPENVAS. Still no luck though.

[karnamonkster]

Hey @mellymello @bdoublet91 , Did you guys also did something on the GSA ? for this as mentioned below ? You have to create a new task on OpenVAS...

[mellymello]

No, I didn't. I don't see why it need an existing tasks as there are functions to check tasks and create them. Only thing I added on the web interface (GSA) is the port list and credentials for auth scans

BTW how did you install the "greenbone-security-assistant"

[karnamonkster]

I installed GSA and GSAD from the sources. GSAD from the official site admin@openvas:~/PatrowlEngines/engines$ gsad --version Greenbone Security Assistant 21.4.4

Here is the GSAD Service

[Unit]
Description=Greenbone Security Assistant daemon (gsad)
Documentation=man:gsad(8) https://www.greenbone.net
After=network.target gvmd.service
Wants=gvmd.service

[Service]
Type=forking
User=gvm
Group=gvm
PIDFile=/run/gsad/gsad.pid
RuntimeDirectory=gsad
RuntimeDirectoryMode=2775
ExecStart=/usr/local/sbin/gsad --listen=127.0.0.1 --port=9392 --http-only --mlisten=127.0.0.1 --mport=9391
Restart=always
TimeoutStopSec=10

[Install]
WantedBy=multi-user.target
Alias=greenbone-security-assistant.service

[bdoublet91]

Hi,

Plz put all your service config file. I think we don't understand eachother about port services.

GVMD expose port 9390 GSAD expose port 9392 and connect to GVMD through 9390 patrowl-openvas-engine connect to port 9390 to GVMD

I'm not sure it's your setup.

Plz post gvmd service, gsad service and ospd service (scanner).

If you used the last patrowl engine version, the tutorial could be outdated. You could use the Dockerfile to be sure to have the right install.

Give us more information about your setup. All will be install on the same machine ? version ? etc..

[karnamonkster]

Hi @bdoublet91 ,

Full setup is running on single machine (Ubuntu 20.04 64bit). Here are the details for OpenVAS engine. Versions GVMD

Greenbone Vulnerability Manager 21.4.5
Manager DB revision 242
Copyright (C) 2009-2021 Greenbone Networks GmbH
License: AGPL-3.0-or-later
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law

[Unit]
Description=Greenbone Vulnerability Manager daemon (gvmd)
After=network.target networking.service postgresql.service ospd-openvas.service
Wants=postgresql.service ospd-openvas.service
Documentation=man:gvmd(8)
ConditionKernelCommandLine=!recovery

[Service]
Type=forking
User=gvm
Group=gvm
PIDFile=/run/gvmd/gvmd.pid
RuntimeDirectory=gvmd
RuntimeDirectoryMode=2775
ExecStart=/usr/local/sbin/gvmd --osp-vt-update=/run/ospd/ospd-openvas.sock --listen=0.0.0.0 --port=9391 --listen-group=gvm
Restart=always
TimeoutStopSec=10

[Install]
WantedBy=multi-user.target

GSAD Greenbone Security Assistant 21.4.4

[Unit]
Description=Greenbone Security Assistant daemon (gsad)
Documentation=man:gsad(8) https://www.greenbone.net
After=network.target gvmd.service
Wants=gvmd.service

[Service]
Type=forking
User=gvm
Group=gvm
PIDFile=/run/gsad/gsad.pid
RuntimeDirectory=gsad
RuntimeDirectoryMode=2775
ExecStart=/usr/local/sbin/gsad --listen=10.0.0.8 --port=9392 --http-only --mlisten=127.0.0.1 --mport=9391
Restart=always
TimeoutStopSec=10

[Install]
WantedBy=multi-user.target
Alias=greenbone-security-assistant.service

OSPD-OPENVAS

OSP Server for openvas: 21.4.4
OSP: 21.4.5.dev1
OSPd OpenVAS: 21.4.5.dev1

Copyright (C) 2014-2021 Greenbone Networks GmbH
License GPLv2+: GNU GPL version 2 or later
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.

[Unit]
Description=OSPd Wrapper for the OpenVAS Scanner (ospd-openvas)
Documentation=man:ospd-openvas(8) man:openvas(8)
After=network.target networking.service redis-server@openvas.service
Wants=redis-server@openvas.service
ConditionKernelCommandLine=!recovery

[Service]
Type=forking
User=gvm
Group=gvm
RuntimeDirectory=ospd
RuntimeDirectoryMode=2775
PIDFile=/run/ospd/ospd-openvas.pid
ExecStart=/usr/local/bin/ospd-openvas --unix-socket /run/ospd/ospd-openvas.sock --pid-file /run/ospd/ospd-openvas.pid --log-file /var/log/gvm/ospd-openvas.log --lock-file-dir /var/lib/openvas --socket-mode 0o770
SuccessExitStatus=SIGKILL
Restart=always
RestartSec=60

[Install]
WantedBy=multi-user.target

PatrowlManager - 1.8.4 Community Edition PatrowlEngine - 1.5.3 OpenVAS Engine configuration is verified

Errors under Events for a Scan

Error on /var/log/gvm/gvmd.log

md   main:WARNING:2022-05-09 14h15.12 utc:1447878: read_from_client_tls: failed to read from client: The TLS connection was non-properly terminated.
md   main:WARNING:2022-05-09 14h15.12 UTC:1447881: read_from_client_tls: failed to read from client: The TLS connection was non-properly terminated.
md   main:WARNING:2022-05-09 14h15.12 utc:1447884: read_from_client_tls: failed to read from client: The TLS connection was non-properly terminated.
event task:MESSAGE:2022-05-09 14h15.12 UTC:1447887: Status of task  (3846ce76-8c71-48ec-a24b-2432f9e75006) has changed to New
event task:MESSAGE:2022-05-09 14h15.12 UTC:1447887: Task dfe4d6bf06d5b433a35ed3f1cf7ac64e010d2034 - Full and fast (3846ce76-8c71-48ec-a24b-2432f9e75006) has been created by gvmadmin
md   main:WARNING:2022-05-09 14h15.12 UTC:1447887: read_from_client_tls: failed to read from client: The TLS connection was non-properly terminated.
md   main:WARNING:2022-05-09 14h15.12 utc:1447890: read_from_client_tls: failed to read from client: The TLS connection was non-properly terminated.
event task:MESSAGE:2022-05-09 14h15.12 UTC:1447893: Status of task dfe4d6bf06d5b433a35ed3f1cf7ac64e010d2034 - Full and fast (3846ce76-8c71-48ec-a24b-2432f9e75006) has changed to Requested
event task:MESSAGE:2022-05-09 14h15.12 UTC:1447893: Task dfe4d6bf06d5b433a35ed3f1cf7ac64e010d2034 - Full and fast (3846ce76-8c71-48ec-a24b-2432f9e75006) has been requested to start by gvmadmin
md   main:WARNING:2022-05-09 14h15.12 UTC:1447893: read_from_client_tls: failed to read from client: The TLS connection was non-properly terminated.
event task:MESSAGE:2022-05-09 14h15.12 UTC:1447896: Status of task dfe4d6bf06d5b433a35ed3f1cf7ac64e010d2034 - Full and fast (3846ce76-8c71-48ec-a24b-2432f9e75006) has changed to Running
event task:MESSAGE:2022-05-09 14h15.12 UTC:1447896: Status of task dfe4d6bf06d5b433a35ed3f1cf7ac64e010d2034 - Full and fast (3846ce76-8c71-48ec-a24b-2432f9e75006) has changed to Done
md   main:WARNING:2022-05-09 14h15.12 utc:1447898: read_from_client_tls: failed to read from client: The TLS connection was non-properly terminated.
md   main:WARNING:2022-05-09 14h15.12 UTC:1447901: read_from_client_tls: failed to read from client: The TLS connection was non-properly terminated.
md   main:WARNING:2022-05-09 14h15.16 utc:1447909: read_from_client_tls: failed to read from client: The TLS connection was non-properly terminated.
md   main:WARNING:2022-05-09 14h15.16 UTC:1447915: read_from_client_tls: failed to read from client: The TLS connection was non-properly terminated.
md   main:WARNING:2022-05-09 14h15.17 utc:1447953: read_from_client_tls: failed to read from client: The TLS connection was non-properly terminated.
md   main:WARNING:2022-05-09 14h15.17 UTC:1447956: read_from_client_tls: failed to read from client: The TLS connection was non-properly terminated.
md   main:WARNING:2022-05-09 14h15.17 utc:1447959: read_from_client_tls: failed to read from client: The TLS connection was non-properly terminated.
md   main:WARNING:2022-05-09 14h15.17 UTC:1447962: read_from_client_tls: failed to read from client: The TLS connection was non-properly terminated.

Hope this helps

[karnamonkster]

In addition my openvas.json

{
  "name": "Openvas API",
  "version": "1.1.0",
  "description": "Openvas API",
  "allowed_asset_types": ["fqdn" ,"ip", "domain", "ip-subnet", "ip-range", "url"],
  "options": {
     "gmp_host":         { "type": "required", "value": "127.0.0.1"},
     "gmp_port":         { "type": "optional", "value": "9391"},
     "gmp_username":     { "type": "optional", "value": "gvmadmin"},
     "gmp_password":     { "type": "optional", "value": "<removedpassword>"},
     "task_id":          { "type": "optional", "value": "8bd88527-b465-4532-9e98-49ecd499dc31"},
     "default_credential_name":  { "type": "optional", "value": "SSH Scanner"},
     "default_scan_config_name": { "type": "optional", "value": "Full and fast"}
  }
}

And the curl requests

~/PatrowlEngines/engines$ export OPURL=http://127.0.0.1:5007/engines/openvas
~/PatrowlEngines/engines$ curl "${OPURL}"/status
{
  "nb_scans": 0,
  "page": "status",
  "scans": [],
  "status": "READY"
}
~/PatrowlEngines/engines$ curl "${OPURL}"/info
{
  "engine_config": {
    "allowed_asset_types": [
      "fqdn",
      "ip",
      "domain",
      "ip-subnet",
      "ip-range",
      "url"
    ],
    "description": "Openvas API",
    "max_scans": 5,
    "name": "openvas",
    "nb_scans": 0,
    "reason": "Starting loading configuration file",
    "status": "READY",
    "version": "1.4.31"
  },
  "page": "info"
}

[bdoublet91]

Ok thanks, You gvm looks good. Try to add --no-redirect in your gsad config

--http-only --mlisten=127.0.0.1 --mport=9391 --no-redirect

also remove the task_id parameter in openvas engine config

IF you start a scan from gsa, it works ?

Your gvm logs says there is a TLS connection whereas all service connect through http ...

If the engine is ready, that means authentificaton is good also ;)

[karnamonkster]

• Made the required changes on the GSAD config and made changes to the openvas.json file , but no luck :(
• Yes the scan works fine if executed directly from the GSA
• Logs where the TLS connections entries appear are only when I start the scan from Patrowl,

Also why do we need to set this redirect on GSAD ? if we are connecting to GVMD then shouldn't be there something which needs to be changed ? just a thought as we want to achieve what GSA does.

[bdoublet91]

no-redirect is to cancel http redirection to https because you start it with http-only.

Logs didnt change on patrowl openvas engines ? We have now the same setup so I don't really see where it can be wrong. (And I have no errors)

[karnamonkster]

Yes there are no errors now on the Patrowl.

However there are no findings, guess the scan did not run.

[bdoublet91]

OK check on gsad the scan start by patrowl if exist. Test on google dns for example 8.8.8.8 you should find something

[karnamonkster]

Yes the scan is created and I see it exists on GSA.

The same IPs that i scan from GSA directly get me the results, but nothing if started from Patrowl.

[bdoublet91]

Oh did you update gvm feeds ? sudo -u gvm greenbone-feed-sync --type GVMD_DATA sudo -u gvm greenbone-feed-sync --type SCAP sudo -u gvm greenbone-feed-sync --type CERT Strange if you find something with GSA directly and not with patrowl ...

[bdoublet91]

Check your gmvd and ospd logs when start a patrowl sscan

Screenshot the report too

[karnamonkster]

Oh did you update gvm feeds ? sudo -u gvm greenbone-feed-sync --type GVMD_DATA sudo -u gvm greenbone-feed-sync --type SCAP sudo -u gvm greenbone-feed-sync --type CERT Strange if you find something with GSA directly and not with patrowl ...

Here are the feedversions

:~$ sudo -u gvm greenbone-nvt-sync --feedversion
202205091004
:~$ sudo -u gvm greenbone-feed-sync --type SCAP --feedversion
202205060040
:~$ sudo -u gvm greenbone-feed-sync --type CERT --feedversion
202205050030
:~$ sudo -u gvm greenbone-feed-sync --type GVMD_DATA --feedversion
202201281556

[karnamonkster]

More details on the setup: GSA Port List

Another strange observation, that all these scans triggered from Patrowl are going to CVE Scanner and not the OpenVAS scanner.

[karnamonkster]

Here is the Scan definition on Patrowl

[karnamonkster]

Check your gmvd and ospd logs when start a patrowl sscan

Screenshot the report too

Here are the logs generated during the scan on gvmd and ospd (no logs):

:~$ sudo tail -f /var/log/gvm/ospd-openvas.log
OSPD[935981] 2022-05-09 09:45:41,902: INFO: (ospd.ospd) Starting scan fba42afc-3c32-48b1-8222-47256018c1e2.
OSPD[935981] 2022-05-09 09:55:57,453: INFO: (ospd.ospd) fba42afc-3c32-48b1-8222-47256018c1e2: Stopping Scan with the PID 1420179.
OSPD[935981] 2022-05-09 09:55:57,454: INFO: (ospd.ospd) fba42afc-3c32-48b1-8222-47256018c1e2: Scan stopped.
OSPD[935981] 2022-05-09 11:35:50,307: INFO: (ospd.ospd) fba42afc-3c32-48b1-8222-47256018c1e2: Host scan finished.
OSPD[935981] 2022-05-09 15:48:22,683: INFO: (ospd.command.command) Scan ab97491a-80f4-41db-a596-dd3d7fbf1c43 added to the queue in position 1.
OSPD[935981] 2022-05-09 15:48:32,367: INFO: (ospd.ospd) Currently 1 queued scans.
OSPD[935981] 2022-05-09 15:48:32,478: INFO: (ospd.ospd) Starting scan ab97491a-80f4-41db-a596-dd3d7fbf1c43.
OSPD[935981] 2022-05-09 15:50:42,982: INFO: (ospd.ospd) ab97491a-80f4-41db-a596-dd3d7fbf1c43: Stopping Scan with the PID 1458334.
OSPD[935981] 2022-05-09 15:50:42,983: INFO: (ospd.ospd) ab97491a-80f4-41db-a596-dd3d7fbf1c43: Scan stopped.
OSPD[935981] 2022-05-09 15:50:43,996: INFO: (ospd.ospd) ab97491a-80f4-41db-a596-dd3d7fbf1c43: Host scan finished.
---NO LOGS GENERATED FOR THE INITIATED SCAN---

GVMD

:~$ sudo tail -20 /var/log/gvm/gvmd.log
md   main:WARNING:2022-05-10 08h13.24 utc:1548118: read_from_client_tls: failed to read from client: The TLS connection was non-properly terminated.
event task:MESSAGE:2022-05-10 08h13.24 UTC:1548121: Status of task 37b53b186ad18448044f9cd1cd105604b2644a0a - Full and fast (66da8885-d473-42c9-85a3-13c92b374e92) has changed to Requested
event task:MESSAGE:2022-05-10 08h13.24 UTC:1548121: Task 37b53b186ad18448044f9cd1cd105604b2644a0a - Full and fast (66da8885-d473-42c9-85a3-13c92b374e92) has been requested to start by gvmadmin
md   main:WARNING:2022-05-10 08h13.24 UTC:1548121: read_from_client_tls: failed to read from client: The TLS connection was non-properly terminated.
event task:MESSAGE:2022-05-10 08h13.24 UTC:1548124: Status of task 37b53b186ad18448044f9cd1cd105604b2644a0a - Full and fast (66da8885-d473-42c9-85a3-13c92b374e92) has changed to Running
md   main:WARNING:2022-05-10 08h13.24 utc:1548126: read_from_client_tls: failed to read from client: The TLS connection was non-properly terminated.
event task:MESSAGE:2022-05-10 08h13.24 UTC:1548124: Status of task 37b53b186ad18448044f9cd1cd105604b2644a0a - Full and fast (66da8885-d473-42c9-85a3-13c92b374e92) has changed to Done
md   main:WARNING:2022-05-10 08h13.24 UTC:1548129: read_from_client_tls: failed to read from client: The TLS connection was non-properly terminated.
md   main:WARNING:2022-05-10 08h13.28 utc:1548141: read_from_client_tls: failed to read from client: The TLS connection was non-properly terminated.
md   main:WARNING:2022-05-10 08h13.28 UTC:1548144: read_from_client_tls: failed to read from client: The TLS connection was non-properly terminated.
md   main:WARNING:2022-05-10 08h13.29 utc:1548147: read_from_client_tls: failed to read from client: The TLS connection was non-properly terminated.
md   main:WARNING:2022-05-10 08h13.29 UTC:1548151: read_from_client_tls: failed to read from client: The TLS connection was non-properly terminated.
md   main:WARNING:2022-05-10 08h13.29 utc:1548154: read_from_client_tls: failed to read from client: The TLS connection was non-properly terminated.
md   main:WARNING:2022-05-10 08h13.29 UTC:1548157: read_from_client_tls: failed to read from client: The TLS connection was non-properly terminated.

[bdoublet91]

Ok that could be your issue because I use openvas default scanner no the cve scanner

Find a way to use Openvas default scanner and not cve scanner All your setup is working now: Patrowl -> openvas. Just get no results because of scanner I guess Do you ping 10.0.0.4 from your machine ?

[karnamonkster]

Ok that could be your issue because I use openvas default scanner no the cve scanner

Find a way to use Openvas default scanner and not cve scanner All your setup is working now: Patrowl -> openvas. Just get no results because of scanner I guess

Could you share the snapshot for your Scan profile on Patrowl and the Policy too? Yes I can very well reach 10.0.0.4 .. Just ran a base scan from GSA - working as expected.

[bdoublet91]

OK I don't know ....

Here the scan profile

Default openvas engine policy

[karnamonkster]

Finally - I don't know why but this started to scan now ! :) I can see it now..

So I can confirm if works. Moving on to the next step - getting the selection of all Remote Scanners added to GVMD Thanks for all the help @bdoublet91 and @mellymello

[karnamonkster]

Update: The scan completed fine however in the Patrowl logs i do see these.. Not sure what they mean

[bdoublet91]

OK great, yeah there are some error when a finding is evalutated but it doesnt matter.

GLad it works. Patrowl has also a lot of Pro engines like Nuclei, Zap, also Nikto. Feel free to ask a demo: https://patrowl.io/en/contact/

See you soon ;)

[dfa7]

Hello!

I have the same error, but I don't understand your solution:

I have created Openvas Default

and now?

I don't understand the part about:

"(and creating a new policy with patrowl-all_tcp as value to the port_list argument.. you never know"

I have been dealing with this problem for weeks, I await your response!

Thank you!

[karnamonkster]

Hi @dfa7, Could you provide specific errors in Patrowl and GVMD that you are getting ? What version are you running on GVM side ?

[dfa7]

Hello! Thanks for answering.

GVM:

ERROR PATROWL:

JSON OPENVAS-ENGINE:

These are my dockers:

With openvas 9 it works perfectly (docker "openvas (stopped)" is openvas9) , but with GVM this happens.

[karnamonkster]

Sorry i have no clue how the OpenVAS 9 works

I see you are only running GVM and there is no OpenVAS container (Scanner Engine). GVM alone is just to manage the vulnerability scans, feeds and profiles. You would need OpenVAS container as well. I would recommend you to use more updated container deployments other than securecompliance ..(Basically same guys) Here

Run both GVM and OpenVAS docker and verify

1. GSA is up an running or not.
2. Provide the versions GSAD, GVMD and OSPD-OPENVAS
3. Test if you are able to scan any target from that
4. Finally test it using Patrowl Engine

[mellymello]

I think @karnamonkster is a better help for you here and he gave a lot of info. About your question (I don't understand the part about: ... ).

I edited the engine policy in Patrowl (PatrowlManager). Within the web interface.

[dfa7]

I think @karnamonkster is a better help for you here and he gave a lot of info. About your question (I don't understand the part about: ... ).

I edited the engine policy in Patrowl (PatrowlManager). Within the web interface.

FANTASTIC!!! IS WORKING!!

Thank you very much for your help, I hope this can help more people.

[BunOc]

I have OpenVas run standalone build by script https://github.com/yu210148/gvm_install My PatrowlManager: 1.8.4

How can i config PatrowlEngine Openvas. I try many time but it's not work :(

GVM Service:

GSA service:

[karnamonkster]

I have OpenVas run standalone build by script https://github.com/yu210148/gvm_install My PatrowlManager: 1.8.4

How can i config PatrowlEngine Openvas. I try many time but it's not work :(

GVM Service:

GSA service:

I really cannot comment on the source of your GVM install, but i would recommend following the official greenbone source build.

Regarding your issue check and provide details for the following:

• What is the error you get, when you scan from Patrowl?
• Were you able to have the engine validated and online ?
• GSA is up an running or not.
• Provide the versions GSAD, GVMD and OSPD-OPENVAS
• Test if you are able to scan any target from that
• Finally test it using Patrowl Engine