immauss / openvas

Containers for running the Greenbone Vulnerability Manager. Run as a single container with all services or separate single applications containers via docker-compose.
GNU Affero General Public License v3.0
367 stars 102 forks source link

[BUG] Interrupt scan at 0% #297

Closed boesr closed 1 month ago

boesr commented 2 months ago

Describe the bug When starting a scan it is queued, running and immediately interrupted. I upgraded the container recently and moved it to another host (backed up and restored the volume like described in the docs). I disabled the sync at container start for now since that did break the container.

To Reproduce Steps to reproduce the behavior:

  1. Include how you started the container.
    • docker compose up -d (single container file)
  2. When did the issue occur?
    • starting a scan of a single host

Expected behavior The Scan runs successfully.

Environment (please complete the following information):

logs ( commands assume the container name is 'openvas' )

openvas.log

Additional context It may be due to disabled ipv6 (https://forum.greenbone.net/t/arpv6-icmpv6-socket-address-family-not-supported-by-protocol/9628/5). I already tried to set the value mentioned in the openvas.conf, but that was not successful.

boesr commented 2 months ago

Using the IP directly works. The problem only occurs if using the domain names

EDIT: Alive Test of the target also has to be set to Consider Alive. Else the same error is shown

immauss commented 2 months ago

After setting Consider Alive , do you get a full scan of the target?

This sounds more like a GB thing than a container thing.

If you login to the container docker exec -it <container name> bash , Can you ping the host by name? Does the name resolve to an IPv4 or IPv6 address from the container? Does the host have both?

Thanks, Scott

boesr commented 2 months ago

Thanks for the quick reply and sorry for the delay. I was on vacation.

Not sure about the scan. I only receive some low results even though I started OWASP Juice Shop https://juice-shop.herokuapp.com/#/ which should bring up more results. At least I hoped so.

I've got:

I installed the ping utils in the container. The ping gets resolved to an IPv4 address. The host only has an IPv4 address.

Thanks, Benjamin

EDIT: I just forced some weak ciphers on my test vm. These are reported when scanning. So it seems the scan does work at least for SSH things. Going to test another host I scanned before the update, to see if I can reproduce the old results

immauss commented 1 month ago

It would seem this is more to do with boreas and not a container based issue.

Please see here: https://forum.greenbone.net/t/arpv6-icmpv6-socket-address-family-not-supported-by-protocol/9628

If this doesn't resolve, and you can't find any help on the Greenbone forums, please open a new issue here and I'll see if I can find another solution. From what it sounds like though, it has to do with the host "not" having IPv6 enabled.

-Scott