Unable to start scan

[kjake]

Testing a new single container setup using immauss/openvas:21.04.07 and was unable to start a scan - tried twice.

Logs stated Could not connect to Scanner at /run/ospd/ospd-openvas.sock

I fixed it by logging into the container and creating a symbolic link from /run/ospd/ospd.sock to /run/ospd/ospd-openvas.sock.

Creating issue as I don't know if this is the correct way to solve.

[immauss]

Hmmmm.... That shouldn't happen.

I just did that with the latest refresh from earlier today. (Has the most up to date feeds already) and it ran a scan with noproblem and only has /run/ospd/ospd.sock

Can you tell me exactly how you started the container and give me some details on your environment?

Thanks, Scott

[kjake]

Sure.

OS:

VMware Photon OS 4.0
PHOTON_BUILD_NUMBER=2f5aad892

Docker: version 20.10.11, build dea9396

Orchestration: Portainer CE v2.11.1

services:
  openvas:
    ports:
      - "8080:9392"
    network_mode: host
    environment:
      - RELAYHOST="mail.ddd.com"
      - SMTPPORT=25
      - REDISDBS=512    # number of Redis DBs to use
      - QUIET=false     # dump feed sync noise to /dev/null
      - NEWDB=false     # only use this for creating a blank DB 
      - SKIPSYNC=false   # Skips the feed sync on startup.
      - RESTORE=false   # This probably not be used from compose... see docs.
      - DEBUG=false     # This will cause the container to stop and not actually start gvmd
      - HTTPS=false     # wether to use HTTPS or not
      - GMP=9390        # to enable see docs
      - TIMEOUT=1440
      - TZ="America/New_York"
      - OPT_PDF=1
      - AUTO_SYNC=true
    logging:
      driver: journald
    volumes:
      - /root/openvas:/data
    container_name: openvas
    image: immauss/openvas:21.04.07
    restart: unless-stopped

[kjake]

Retried with immauss/openvas:latest and experienced the same.

I had been using securecompliance/gvm for a while, but their poorly handled Alpine > Debian transition, and essentially stale builds has led me to look at other options. Their builds had been working on this same system, but I know that they were doing things differently.

[immauss]

curious ... did you copy your /data from a previous version or from securecompliance?

I'm going to add a link in the start.sh until we work this out.

-Scott

[kjake]

I didn't copy over any data as securecompliance changed versions of PostgreSQL, and I am yet again at a point where I have to start over.

[immauss]

Well .... I had a permission problem on my web server, so the refresh build failed. But it's running again now. If you see the 21.04.07 image update, it will have the link for the socket. Let me know if that resolves it for you. I would like to still figure out what is different on your end as all my test have had no issues with the socket.

[kjake]

Thank you for your help! I have run into one other issue with using Photon 4 - which is that I couldn't get macvlan or individual (LAN) IP addressing working for any containers - so I run gvm host-mode since some tests (like Log4j) will require a connection back to the source IP (a docker IP wouldn't usually work).

I deployed the new one and was able to fire up my test scan without it immediately complaining and moving into Interrupted. It's alive :)

event task:MESSAGE:2022-03-29 00h30.13 UTC:738: Task Test Scan (aa759854-dd85-45d3-9610-4245cb7ffe62) has been requested to start by admin
==> /usr/local/var/log/gvm/ospd-openvas.log <==
OSPD[357] 2022-03-29 00:30:36,326: INFO: (ospd.command.command) Scan 407583a9-b8c8-49f4-bac2-2e906e03d58f added to the queue in position 1.
OSPD[357] 2022-03-29 00:30:36,375: INFO: (ospd.ospd) Currently 1 queued scans.
==> /usr/local/var/log/gvm/gvmd.log <==
event task:MESSAGE:2022-03-29 00h30.36 UTC:741: Status of task Test Scan (aa759854-dd85-45d3-9610-4245cb7ffe62) has changed to Queued
==> /usr/local/var/log/gvm/ospd-openvas.log <==
OSPD[357] 2022-03-29 00:30:36,546: INFO: (ospd.ospd) Starting scan 407583a9-b8c8-49f4-bac2-2e906e03d58f.
==> /usr/local/var/log/gvm/gvmd.log <==
event task:MESSAGE:2022-03-29 00h30.41 UTC:741: Status of task Test Scan (aa759854-dd85-45d3-9610-4245cb7ffe62) has changed to Running
==> /usr/local/var/log/gvm/openvas.log <==
sd   main:MESSAGE:2022-03-29 00h31.05 utc:1003: openvas 21.4.4 started
sd   main:MESSAGE:2022-03-29 00h31.11 utc:1003: Vulnerability scan 407583a9-b8c8-49f4-bac2-2e906e03d58f started: Target has 1 hosts: 192.168.3.1, with max_hosts = 20 and max_checks = 4
libgvm boreas:MESSAGE:2022-03-29 00h31.11 utc:1003: Alive scan 407583a9-b8c8-49f4-bac2-2e906e03d58f started: Target has 1 hosts
sd   main:MESSAGE:2022-03-29 00h31.14 utc:1039: Vulnerability scan 407583a9-b8c8-49f4-bac2-2e906e03d58f started for host: 192.168.3.1
libgvm boreas:MESSAGE:2022-03-29 00h31.16 utc:1003: Alive scan 407583a9-b8c8-49f4-bac2-2e906e03d58f finished in 5 seconds: 1 alive hosts of 1.

[immauss]

So ... ( after googling Photon OS and reading ... ) it sounds like this is specific to Photon OS? Would you mind doing a little write-up on what you had to do differently that I could include in the docs for anyone else trying to use Photon?

[kjake]

Hi Scott, this issue is back in immauss/openvas:latest
md manage:WARNING:2022-07-13 17h50.52 UTC:22654: Could not connect to Scanner at /run/ospd/ospd-openvas.sock

root@photon-machine:/run/ospd# ls -alp
total 16
drwxrwx--- 2 gvm  gvm  4096 Jul 13 06:00 ./
drwxrwxrwx 1 root root 4096 Jul 13 06:00 ../
-rw-rw---- 1 root root    0 Jul  5 20:22 feed-update.lock
-rw-r--r-- 1 root root    3 Jul 13 06:00 ospd.pid
srwxrwxrwx 1 root gvm     0 Jul 13 06:00 ospd.sock

root@photon-machine:/run/ospd# ln -s ospd.sock ospd-openvas.sock fixes it