Closed immauss closed 2 years ago
If you have coredumps enabled on your system, be advised that every time ospd-openvas calls "openvas --update-vt-info", a core file will be generated in /var/lib/systemd/coredump/ and can fill a file system quite quickly.
update .... I managed to get it to work. But I've no idea why what I did made it work.
My container build is using a 2 stage build. After compiling everything, I start with a new base image and copy everything from /usr/local, /var/lib and /etc/gvm from the 1st stage to the new image.
If instead, I just keep the original image where everything is built, (single stage build) then there is no segmentation fault.
Any ideas would I could be missing?
Possibly a library that is referenced in 21.4.3 that was not in 21.4.2 that is not in my base image? But wouldn't that show up in gdb or the strace?
any hints would be greatly appreciated.
OK ... after installing every package from stage 1, then trying different options with the python based packages, I pulled the install manifests from the build processes and created a unique list of directories, and only copied those directories.
And that fixed. Not really sure why ...
For future reference. COPY --from=0 etc/gvm/pwpolicy.conf /etc/gvm/pwpolicy.conf COPY --from=0 etc/logrotate.d/gvmd /etc/logrotate.d/gvmd COPY --from=0 etc/openvas/openvas_log.conf /etc/openvas/openvas_log.conf COPY --from=0 lib/systemd/system /lib/systemd/system COPY --from=0 usr/local/bin /usr/local/bin COPY --from=0 usr/local/include /usr/local/include COPY --from=0 usr/local/lib /usr/local/lib COPY --from=0 usr/local/sbin /usr/local/sbin COPY --from=0 usr/local/share /usr/local/share
Thanks, -Scott
after my elation on resolving this, I started making some more needed tweaks and it came back. I was able to resolve exactly where the problem came from. If there is no /etc/openvas/openvas_log.conf , then it seg faults. I understood it was using /usr/local/etc/openvas (build directory default of /usr/local).
root@4ecbd6073154:~# openvas
root@4ecbd6073154:~# ls /usr/local/etc/openvas
openvas_log.conf
root@4ecbd6073154:~# ls /etc/openvas
openvas_log.conf
root@4ecbd6073154:~# rm /etc/openvas/openvas_log.conf
root@4ecbd6073154:~# openvas
Segmentation fault (core dumped)
root@4ecbd6073154:~#
This seems to be a duplicate of https://github.com/greenbone/openvas-scanner/issues/960 now. After https://github.com/greenbone/gvm-libs/pull/633 is merged this should be fixed.
@ArnoStiefvater Shouldn't it also be looking for it in "/usr/local/etc/openvas" vs "/etc/openvas" ?
The default location of the log config for stable branch (21.4 version) is currently at /etc/openvas/openvas_log.conf
. It can be configured via cmake with variable SYSCONFDIR
which is currently /etc
per default. So you could run cmake with -DSYSCONFDIR=/usr/local/etc
to have the log file at /usr/local/etc/openvas/openvas_log.conf
Thanks for the clarification. I don't see that in the INSTALL.md though. ( current and release 21.4.3)
https://github.com/greenbone/openvas-scanner/blob/main/INSTALL.md#logging-configuration
greenbone/gvm-libs#633 is merged. So, closing here.
Expected behavior
openvas scanner runs with no segfault
Actual behavior
openvas segmentation faults consistently when run in a container.
Steps to reproduce
The container implementation has worked consistently until openvas-scanner v21.4.3. Following the most recent update, openvas-scanner consistently segmentation faults on all commands except version and help. Downgrading the openvas scanner to 21.4.2 resolves the issue. This issue has been seen on multiple container implementations including docker and podman implementations.
GVM versions
gvmd=v21.4.4 openvas=v21.4.3 openvas_smb=v21.4.0 gvm_libs=v21.4.3 openvas_scanner=v21.4.3 gsa=v21.4.3 ospd=v21.4.4 ospd_openvas=v21.4.3 python_gvm=v21.10.0 gvm_tools=v21.10.0
Environment
Docker Container using Debian Buster as a base image and built using:
https://github.com/immauss/openvas
I've pushed an image with gdb and all the debug packages to: immauss/openvas:DEBUG
unfortunately, this has not lead me to anything (that I understand to be) useful. But I'm not true programer.
There is an existing core file in / ( docker dumps the core files out to the host files sytem, so I've already copied this one back into the image. )
Easiest way to get to it.
docker run -d --name debug immauss/openvas:DEBUG docker exec -it debug bash
Logfiles