search

greenbone / ospd-openvas

ospd-openvas is an OSP server implementation to allow GVM to remotely control an OpenVAS Scanner
GNU Affero General Public License v3.0
67 stars 58 forks source link

Scans consistently end up in state Interrupted #980

Closed dhedberg closed 7 months ago

dhedberg commented 7 months ago

Since updating to the latest version with the stable tag last week (the 14th), we have some scans that now consistently end up in state interrupted instead of finishing.

The symptoms appear to be more or less exactly those in #951, for example:

OSPD[7] 2024-03-15 01:14:15,731: INFO: (ospd.ospd) ac4be7ec-972b-417f-bd68-05a753c53c52: Host scan finished.
OSPD[7] 2024-03-15 01:14:15,733: INFO: (ospd.ospd) ac4be7ec-972b-417f-bd68-05a753c53c52: Host scan got interrupted. Progress: 63, Status: RUNNING
OSPD[7] 2024-03-15 01:14:15,734: INFO: (ospd.ospd) ac4be7ec-972b-417f-bd68-05a753c53c52: Scan interrupted.
OSPD[7] 2024-03-15 01:14:16,126: INFO: (ospd.ospd) ac4be7ec-972b-417f-bd68-05a753c53c52: Scan process is dead and its progress is 63

For this scan, the target that fails looks basically like this:

included: 10.1.2.2-10.1.2.254
excluded: 10.1.2.111, 10.1.2.112, 10.1.2.113, 10.1.2.117, 10.1.2.118, 10.1.2.119, 10.1.2.171, 10.1.2.240

When I do a test run now I appear to get 14 hosts alive and included in the range, and I note that 14/(14+8) = 0.636.. , so not accounting for the excluded hosts would appear to roughly explain the progress not being 100%. This may be a coincidence, I have not looked too closely at the changes.

jjnicola commented 7 months ago

Hello @dhedberg did you update openvas as well? or only ospd-openvas ?

dhedberg commented 7 months ago

Hello,

We're running the community containers, deployed in kubernetes with a setup adapted from the provided docker-compose example. The deploy is configured with these images:

image: docker.io/greenbone/cert-bund-data
image: docker.io/greenbone/data-objects
image: docker.io/greenbone/dfn-cert-data
image: docker.io/greenbone/gpg-data
image: docker.io/greenbone/gsa:stable
image: docker.io/greenbone/gvmd:stable
image: docker.io/greenbone/gvm-tools:latest
image: docker.io/greenbone/notus-data
image: docker.io/greenbone/notus-scanner:stable
image: docker.io/greenbone/ospd-openvas:stable
image: docker.io/greenbone/pg-gvm:stable
image: docker.io/greenbone/report-formats
image: docker.io/greenbone/scap-data
image: docker.io/greenbone/vulnerability-tests

It's restarted once per day and the pullpolicy is set to always for all containers, so we should always be running the latest images available for the tags. The scans that are broken haven't been working since the restart last Thursday (that is, around 2024-03-14 18:00 CET).

jjnicola commented 7 months ago

I have just run a scan against a target with 51 hosts. I excluded six hosts. Other hosts were dead. The scan finished successfully. The GUI shows the status as Done and the scanner logs are the followings:

openvas.log

libgvm boreas:MESSAGE:2024-03-19 12h49.44 utc:2455155:02d84c10-6d29-4722-981c-bdc3851dfbc2: Alive scan 02d84c10-6d29-4722-981c-bdc3851dfbc2 finished in 5 seconds: 10 alive hosts of 45.
sd   main:MESSAGE:2024-03-19 12h49.46 utc:2455155:02d84c10-6d29-4722-981c-bdc3851dfbc2: Vulnerability scan 02d84c10-6d29-4722-981c-bdc3851dfbc2 finished in 7 seconds: 10 alive hosts of 45

ospd-openvas.log

OSPD[$PID] 2024-03-19 12:49:47,764: INFO: (ospd.ospd) 02d84c10-6d29-4722-981c-bdc3851dfbc2: Scan finished.
OSPD[$PID] 2024-03-19 12:49:47,765: DEBUG: (ospd.ospd) 02d84c10-6d29-4722-981c-bdc3851dfbc2: Current scan progress: 100,
OSPD[$PID] 2024-03-19 12:49:47,765: DEBUG: (root) 02d84c10-6d29-4722-981c-bdc3851dfbc2: Current progress: 
{'count_alive': 10,
 'count_dead': 35,
 'count_excluded': 6,
 'count_total': 45,
 'current_hosts': {},
 'overall': 100}

I build from sources. Openvas is included in the ospd-openvas container. Could you check the openvas version inside the container or in the logs?

openvas logs should show something like

sd main:MESSAGE:2024-03-19 12h49.35 utc:2455155:02d84c10-6d29-4722-981c-bdc3851dfbc2: openvas 23.0.1~git-ede9dcc0-http2 (GIT revision ~git-ede9dcc0-http2) started

dhedberg commented 7 months ago

I get this for openvas -V

OpenVAS 22.7.9
gvm-libs 22.4.1~dev1
Most new code since 2005: (C) 2022 Greenbone Networks GmbH
Nessus origin: (C) 2004 Renaud Deraison <deraison@nessus.org>
License GPLv2: GNU GPL version 2
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.

.. and this for ospd-openvas --version

OSP Server for openvas: 22.7.0
OSP: 22.7.0
OSPd OpenVAS: 22.7.0

Copyright (C) 2014-2021 Greenbone AG
License GPLv2+: GNU GPL version 2 or later
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.
jjnicola commented 7 months ago

Indeed it is an outdated openvas version. We will re build the images. Thank you very much for reporting this.

jjnicola commented 7 months ago

New image is available and it should include the last openvas version. I leave this issue open. Please check the new image and and close the issue if it works as expected. Thanks again.

dhedberg commented 7 months ago

It seems to working fine again now, thank you for the quick response!

jjnicola commented 7 months ago

You are welcome!