search

greenbone / ospd-openvas

ospd-openvas is an OSP server implementation to allow GVM to remotely control an OpenVAS Scanner
GNU Affero General Public License v3.0
68 stars 58 forks source link

ospd-openvas daemon crashed #990

Closed blackPantherOS closed 6 months ago

blackPantherOS commented 6 months ago

Installing as per documentation breaks functionality!

Details: The installation guide (here: https://greenbone.github.io/docs/latest/22.4/source-build/index.html#ospd-openvas ) instructs to create a "gvm" user like this:

useradd -r -M -U -G wheel -s /usr/sbin/nologin gvm

In this command, the'-M' switch disables the creation of a HOME directory.

The 'ospd-openvas.service' file contains the following:

[...]
[Service]
Type=exec
User=gvm  ## DEFINIED USER
Group=gvm
RuntimeDirectory=ospd
RuntimeDirectoryMode=2775
PIDFile=/run/ospd/ospd-openvas.pid
ExecStart=/usr/local/bin/ospd-openvas
[...]

However, the 'daemon' needs the gpg directory, which it looks for in the HOME directory, but cannot access it this way, causing this crash:

ValueError: gnupghome should be a directory (it isn't): /home/gvm/.gnupg

**Click here to details of crash output**: ``` máj 24 07:34:37 build-pc systemd[1]: Started ospd-openvas.service. máj 24 07:34:47 build-pc ospd-openvas[2814808]: Traceback (most recent call last): máj 24 07:34:47 build-pc ospd-openvas[2814808]: File "/usr/bin/ospd-openvas", line 8, in máj 24 07:34:47 build-pc ospd-openvas[2814808]: sys.exit(main()) máj 24 07:34:47 build-pc ospd-openvas[2814808]: ^^^^^^ máj 24 07:34:47 build-pc ospd-openvas[2814808]: File "/usr/lib/python3.11/site-packages/ospd_openvas/daemon.py", line 1264, in main máj 24 07:34:47 build-pc ospd-openvas[2814808]: daemon_main('OSPD - openvas', OSPDopenvas, NotusParser()) máj 24 07:34:47 build-pc ospd-openvas[2814808]: File "/usr/lib/python3.11/site-packages/ospd/main.py", line 152, in main máj 24 07:34:47 build-pc ospd-openvas[2814808]: daemon.init(server) máj 24 07:34:47 build-pc ospd-openvas[2814808]: File "/usr/lib/python3.11/site-packages/ospd_openvas/daemon.py", line 528, in init máj 24 07:34:47 build-pc ospd-openvas[2814808]: self.update_vts() máj 24 07:34:47 build-pc ospd-openvas[2814808]: File "/usr/lib/python3.11/site-packages/ospd_openvas/daemon.py", line 652, in update_vts máj 24 07:34:47 build-pc ospd-openvas[2814808]: self.notus.reload_cache() máj 24 07:34:47 build-pc ospd-openvas[2814808]: File "/usr/lib/python3.11/site-packages/ospd_openvas/notus.py", line 133, in reload_cache máj 24 07:34:47 build-pc ospd-openvas[2814808]: self._verifier = hashsum_verificator( máj 24 07:34:47 build-pc ospd-openvas[2814808]: ^^^^^^^^^^^^^^^^^^^^ máj 24 07:34:47 build-pc ospd-openvas[2814808]: File "/usr/lib/python3.11/site-packages/ospd_openvas/notus.py", line 49, in hashsum_verificator máj 24 07:34:47 build-pc ospd-openvas[2814808]: sums = reload_sha256sums(sha_sum_reload_config) máj 24 07:34:47 build-pc ospd-openvas[2814808]: ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ máj 24 07:34:47 build-pc ospd-openvas[2814808]: File "/usr/lib/python3.11/site-packages/ospd_openvas/gpg_sha_verifier.py", line 61, in reload_sha256sums máj 24 07:34:47 build-pc ospd-openvas[2814808]: config.gpg = __default_gpg_home() máj 24 07:34:47 build-pc ospd-openvas[2814808]: ^^^^^^^^^^^^^^^^^^^^ máj 24 07:34:47 build-pc ospd-openvas[2814808]: File "/usr/lib/python3.11/site-packages/ospd_openvas/gpg_sha_verifier.py", line 40, in __default_gpg_home máj 24 07:34:47 build-pc ospd-openvas[2814808]: return GPG(gnupghome=f"{home.absolute()}") máj 24 07:34:47 build-pc ospd-openvas[2814808]: ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ máj 24 07:34:47 build-pc ospd-openvas[2814808]: File "/usr/lib/python3.11/site-packages/gnupg.py", line 1067, in __init__ máj 24 07:34:47 build-pc ospd-openvas[2814808]: raise ValueError('gnupghome should be a directory (it isn\'t): %s' % gnupghome) máj 24 07:34:47 build-pc ospd-openvas[2814808]: ValueError: gnupghome should be a directory (it isn't): /home/gvm/.gnupg máj 24 07:34:47 build-pc ospd-openvas[2814808]: Exception ignored in atexit callback: máj 24 07:34:47 build-pc ospd-openvas[2814808]: Traceback (most recent call last): máj 24 07:34:47 build-pc ospd-openvas[2814808]: File "/usr/lib/python3.11/site-packages/ospd/main.py", line 74, in exit_cleanup máj 24 07:34:47 build-pc ospd-openvas[2814808]: sys.exit() máj 24 07:34:47 build-pc ospd-openvas[2814808]: SystemExit: máj 24 07:34:47 build-pc systemd[1]: ospd-openvas.service: Main process exited, code=exited, status=1/FAILURE ```

Either the gpg path needs to be defined, or the ospd user needs to be changed and the documentation updated accordingly.

ArnoStiefvater commented 6 months ago

Hey @blackPantherOS,

Thanks for your report.

The gnupg directory as described in the installation guide is OPENVAS_GNUPG_HOME=/etc/openvas/gnupg (see https://greenbone.github.io/docs/latest/22.4/source-build/index.html#feed-validation) and not /home/gvm/.gnupg.

It should work out of the box when the correct dir is used.