Scan shows empty results

[pieterhouwen]

After scanning a host with GVM the scan shows results where there are no ports found open, no applications, tls certs etc.

My docker stats show a steady CPU usage of ~0.2%

I have a webserver running on the scanned host but it doesn't seem to pick it up. This is my partially redacted docker log

==> /usr/local/var/log/gvm/gvmd.log <==
event task:MESSAGE:2021-07-12 13h36.55 UTC:904: Status of task Tiki (3417ce4e-18b0-4df5-9c1d-56bcbc3f49cb) has changed to Done
481:signal-handler (1626097106) Received SIGTERM scheduling shutdown...
OSPD[480] 2021-07-12 09:38:26,770: INFO: (ospd.main) Shutting-down server ...
481:M 12 Jul 2021 09:38:26.775 # User requested shutdown...
481:M 12 Jul 2021 09:38:26.776 * Removing the unix socket file.
481:M 12 Jul 2021 09:38:26.776 # Redis is now ready to exit, bye bye...
[cont-finish.d] executing container finish scripts...
[cont-finish.d] done.
[s6-finish] waiting for services.
[s6-finish] sending all processes the TERM signal.
2021-07-12 09:38:27.137 EDT [494] LOG:  received SIGHUP, reloading configuration files
2021-07-12 09:38:27.138 EDT [494] LOG:  received smart shutdown request
2021-07-12 09:38:27.141 EDT [494] LOG:  background worker "logical replication launcher" (PID 518) exited with exit code 1
2021-07-12 09:38:27.142 EDT [513] LOG:  shutting down
2021-07-12 09:38:27.166 EDT [494] LOG:  database system is shut down
[s6-finish] sending all processes the KILL signal and exiting.
[s6-init] making user provided files available at /var/run/s6/etc...exited 0.
[s6-init] ensuring user provided files have correct perms...exited 0.
[fix-attrs.d] applying ownership & permissions fixes...
[fix-attrs.d] done.
[cont-init.d] executing container initialization scripts...
[cont-init.d] 01-envfile: executing... 
[cont-init.d] 01-envfile: exited 0.
[cont-init.d] 10-adduser: executing... 
usermod: no changes

-------------------------------------
          _         ()
         | |  ___   _    __
         | | / __| | |  /  \
         | | \__ \ | | | () |
         |_| |___/ |_|  \__/

Brought to you by linuxserver.io
-------------------------------------

To support LSIO projects visit:
https://www.linuxserver.io/donate/
-------------------------------------
GID/UID
-------------------------------------

User uid:    1000
User gid:    100
-------------------------------------

[cont-init.d] 10-adduser: exited 0.
[cont-init.d] 30-config: executing... 
sed: can't read /etc/pam.d/crond: No such file or directory
ln: failed to create symbolic link '/usr/local/etc/openvas/openvas.conf': File exists
Existing certificate infrastructure found, aborting.
Use '-f' parameter to overwrite existing certificates.
/var/run/s6/etc/cont-init.d/30-config: line 41: /sys/kernel/mm/transparent_hugepage/enabled: Read-only file system
chown: cannot access '/usr/local/share/gvm/gvmd/report_formats': No such file or directory
[cont-init.d] 30-config: exited 0.
[cont-init.d] 50-mailrelay: executing... 
[cont-init.d] 50-mailrelay: exited 0.
[cont-init.d] 50-postgres: executing... 
[cont-init.d] 50-postgres: exited 0.
[cont-init.d] 60-sync: executing... 
Updating NVTs...
Updating GVMD data...
Greenbone community feed server - http://feed.community.greenbone.net/
This service is hosted by Greenbone Networks - http://www.greenbone.net/

All transactions are logged.

If you have any questions, please use the Greenbone community portal. 
See https://community.greenbone.net for details.

By using this service you agree to our terms and conditions.

Only one sync per time, otherwise the source ip will be temporarily blocked.

receiving incremental file list
timestamp

              0   0%    0.00kB/s    0:00:00  
             13 100%   12.70kB/s    0:00:00 (xfr#1, to-chk=0/1)

sent 43 bytes  received 114 bytes  314.00 bytes/sec
total size is 13  speedup is 0.08
rm: cannot remove '/usr/local/var/run/feed-update.lock': No such file or directory
Updating SCAP data...
Greenbone community feed server - http://feed.community.greenbone.net/
This service is hosted by Greenbone Networks - http://www.greenbone.net/

All transactions are logged.

If you have any questions, please use the Greenbone community portal. 
See https://community.greenbone.net for details.

By using this service you agree to our terms and conditions.

Only one sync per time, otherwise the source ip will be temporarily blocked.

receiving incremental file list
timestamp

              0   0%    0.00kB/s    0:00:00  
             13 100%   12.70kB/s    0:00:00 (xfr#1, to-chk=0/1)

sent 43 bytes  received 114 bytes  314.00 bytes/sec
total size is 13  speedup is 0.08
rm: cannot remove '/usr/local/var/run/feed-update.lock': No such file or directory
Updating CERT data...
Greenbone community feed server - http://feed.community.greenbone.net/
This service is hosted by Greenbone Networks - http://www.greenbone.net/

All transactions are logged.

If you have any questions, please use the Greenbone community portal. 
See https://community.greenbone.net for details.

By using this service you agree to our terms and conditions.

Only one sync per time, otherwise the source ip will be temporarily blocked.

receiving incremental file list
timestamp

              0   0%    0.00kB/s    0:00:00  
             13 100%   12.70kB/s    0:00:00 (xfr#1, to-chk=0/1)

sent 43 bytes  received 114 bytes  104.67 bytes/sec
total size is 13  speedup is 0.08
rm: cannot remove '/usr/local/var/run/feed-update.lock': No such file or directory
[cont-init.d] 60-sync: exited 0.
[cont-init.d] 90-custom-folders: executing... 
[cont-init.d] 90-custom-folders: exited 0.
[cont-init.d] 99-custom-scripts: executing... 
[custom-init] no custom files found exiting...
[cont-init.d] 99-custom-scripts: exited 0.
[cont-init.d] done.
[services.d] starting services
Starting PostgreSQL...
Starting Open Scanner Protocol daemon for OpenVAS...
Starting Greenbone Security Assistant...
[services.d] done.
476:C 12 Jul 2021 09:39:29.146 # oO0OoO0OoO0Oo Redis is starting oO0OoO0OoO0Oo
476:C 12 Jul 2021 09:39:29.146 # Redis version=5.0.7, bits=64, commit=00000000, modified=0, pid=476, just started
476:C 12 Jul 2021 09:39:29.146 # Configuration loaded
Oops, secure memory pool already initialized
                _._                                                  
           _.-``__ ''-._                                             
      _.-``    `.  `_.  ''-._           Redis 5.0.7 (00000000/0) 64 bit
  .-`` .-```.  ```\/    _.,_ ''-._                                   
 (    '      ,       .-`  | `,    )     Running in standalone mode
 |`-._`-...-` __...-.``-._|'` _.-'|     Port: 6379
 |    `-._   `._    /     _.-'    |     PID: 476
  `-._    `-._  `-./  _.-'    _.-'                                   
 |`-._`-._    `-.__.-'    _.-'_.-'|                                  
 |    `-._`-._        _.-'_.-'    |           http://redis.io        
  `-._    `-._`-.__.-'_.-'    _.-'                                   
 |`-._`-._    `-.__.-'    _.-'_.-'|                                  
 |    `-._`-._        _.-'_.-'    |                                  
  `-._    `-._`-.__.-'_.-'    _.-'                                   
      `-._    `-.__.-'    _.-'                                       
          `-._        _.-'                                           
              `-.__.-'                                               

476:M 12 Jul 2021 09:39:29.147 # Server initialized
476:M 12 Jul 2021 09:39:29.147 # WARNING overcommit_memory is set to 0! Background save may fail under low memory condition. To fix this issue add 'vm.overcommit_memory = 1' to /etc/sysctl.conf and then reboot or run the command 'sysctl vm.overcommit_memory=1' for this to take effect.
476:M 12 Jul 2021 09:39:29.147 # WARNING you have Transparent Huge Pages (THP) support enabled in your kernel. This will create latency and memory usage issues with Redis. To fix this issue run the command 'echo never > /sys/kernel/mm/transparent_hugepage/enabled' as root, and add it to your /etc/rc.local in order to retain the setting after a reboot. Redis must be restarted after THP is disabled.
476:M 12 Jul 2021 09:39:29.148 * Ready to accept connections
476:M 12 Jul 2021 09:39:29.148 * The server is now ready to accept connections at /run/redis/redis.sock
2021-07-12 09:39:29.153 EDT [491] LOG:  starting PostgreSQL 12.7 (Ubuntu 12.7-0ubuntu0.20.04.1) on x86_64-pc-linux-gnu, compiled by gcc (Ubuntu 9.3.0-17ubuntu1~20.04) 9.3.0, 64-bit
2021-07-12 09:39:29.153 EDT [491] LOG:  listening on IPv4 address "127.0.0.1", port 5432
2021-07-12 09:39:29.153 EDT [491] LOG:  could not bind IPv6 address "::1": Cannot assign requested address
2021-07-12 09:39:29.153 EDT [491] HINT:  Is another postmaster already running on port 5432? If not, wait a few seconds and retry.
2021-07-12 09:39:29.157 EDT [491] LOG:  listening on Unix socket "/var/run/postgresql/.s.PGSQL.5432"
2021-07-12 09:39:29.169 EDT [510] LOG:  database system was shut down at 2021-07-12 09:38:27 EDT
2021-07-12 09:39:29.174 EDT [491] LOG:  database system is ready to accept connections
OSPD[478] 2021-07-12 09:39:29,271: INFO: (ospd.main) Starting OSPd OpenVAS version 21.4.1.
Attempting to migrate database and create default user
User exists already.
Attempting to set max report rows to 5000
Granting feed import owner rights to default user (admin) with UUID 3053ea17-847f-4968-baa9-a7d77a2005c2
Starting Greenbone Vulnerability Manager...
==> /usr/local/var/log/gvm/gsad.log <==
gsad main:MESSAGE:2021-07-12 13h31.24 utc:478: Starting GSAD version 21.4.1~dev1
gsad  gmp:MESSAGE:2021-07-12 13h34.10 utc:478: Authentication success for 'admin' from 172.18.0.1
gsad main:MESSAGE:2021-07-12 13h39.29 utc:477: Starting GSAD version 21.4.1~dev1

==> /usr/local/var/log/gvm/gvmd.log <==
md   main:WARNING:2021-07-12 13h39.34 utc:525: gvmd: databases are already at the supported version
md   main:MESSAGE:2021-07-12 13h39.34 utc:528:    Greenbone Vulnerability Manager version 21.4.2 (DB revision 242)
md manage:   INFO:2021-07-12 13h39.34 utc:528:    Creating user.
md   main:MESSAGE:2021-07-12 13h39.35 utc:531:    Greenbone Vulnerability Manager version 21.4.2 (DB revision 242)
md manage:   INFO:2021-07-12 13h39.35 utc:531:    Modifying setting.
md   main:MESSAGE:2021-07-12 13h39.36 utc:535:    Greenbone Vulnerability Manager version 21.4.2 (DB revision 242)
md manage:   INFO:2021-07-12 13h39.36 utc:535:    Getting users.
md   main:MESSAGE:2021-07-12 13h39.36 utc:540:    Greenbone Vulnerability Manager version 21.4.2 (DB revision 242)
md manage:   INFO:2021-07-12 13h39.36 utc:540:    Modifying setting.
md   main:MESSAGE:2021-07-12 13h39.37 utc:479:    Greenbone Vulnerability Manager version 21.4.2 (DB revision 242)

==> /usr/local/var/log/gvm/openvas.log <==
libgvm util:WARNING:2021-07-12 13h31.50 utc:570: NVT /usr/local/var/lib/openvas/plugins/attic/gb_fortianalyzer_persistent_xss_vuln.nasl with duplicate OID 1.3.6.1.4.1.25623.1.0.809262 will be replaced with 2016/gb_fortianalyzer_persistent_xss_vuln.nasl
libgvm util:MESSAGE:2021-07-12 13h32.14 utc:569: Updated NVT cache from version 0 to 202107121011
sd   main:MESSAGE:2021-07-12 13h35.56 utc:1141: openvas 21.4.1 started
sd   main:MESSAGE:2021-07-12 13h36.03 utc:1141: Vulnerability scan 1f0c2151-0011-4fa6-b4d6-74825aab05cd started: Target has 1 hosts: sub.domain.tld, with max_hosts = 20 and max_checks = 4
libgvm boreas:MESSAGE:2021-07-12 13h36.03 utc:1141: Alive scan 1f0c2151-0011-4fa6-b4d6-74825aab05cd started: Target has 1 hosts
sd   main:MESSAGE:2021-07-12 13h36.06 utc:1207: Vulnerability scan 1f0c2151-0011-4fa6-b4d6-74825aab05cd started for host: 123.123.123.123 (Vhosts: sub.domain.tld)
libgvm boreas:MESSAGE:2021-07-12 13h36.08 utc:1141: Alive scan 1f0c2151-0011-4fa6-b4d6-74825aab05cd finished in 5 seconds: 1 alive hosts of 1.
sd   main:MESSAGE:2021-07-12 13h36.50 utc:1207: Vulnerability scan 1f0c2151-0011-4fa6-b4d6-74825aab05cd finished for host 123.123.123.123 in 44.97 seconds
sd   main:MESSAGE:2021-07-12 13h36.51 utc:1141: Vulnerability scan 1f0c2151-0011-4fa6-b4d6-74825aab05cd finished in 55 seconds: 1 alive hosts of 1
libgvm util:WARNING:2021-07-12 13h40.05 utc:565: NVT /usr/local/var/lib/openvas/plugins/attic/gb_fortianalyzer_persistent_xss_vuln.nasl with duplicate OID 1.3.6.1.4.1.25623.1.0.809262 will be replaced with 2016/gb_fortianalyzer_persistent_xss_vuln.nasl
libgvm util:MESSAGE:2021-07-12 13h40.29 utc:564: Updated NVT cache from version 0 to 202107121011

==> /usr/local/var/log/gvm/gsad.log <==
gsad  gmp:MESSAGE:2021-07-12 13h45.02 utc:477: Authentication success for 'admin' from 172.18.0.1

==> /usr/local/var/log/gvm/gvmd.log <==
event task:MESSAGE:2021-07-12 15h33.24 UTC:2938: Task Tiki (3417ce4e-18b0-4df5-9c1d-56bcbc3f49cb) has been deleted by admin
event target:MESSAGE:2021-07-12 15h34.40 UTC:3233: Target Tiki (287f0bb8-c39c-42bf-bdc8-8b58106f19b1) has been created by admin
event task:MESSAGE:2021-07-12 15h34.55 UTC:3259: Status of task  (baa5aa85-9a3d-4563-b75e-27b8dac0a3c9) has changed to New
event task:MESSAGE:2021-07-12 15h34.55 UTC:3259: Task Tiki (baa5aa85-9a3d-4563-b75e-27b8dac0a3c9) has been created by admin
event task:MESSAGE:2021-07-12 15h34.59 UTC:3296: Status of task Tiki (baa5aa85-9a3d-4563-b75e-27b8dac0a3c9) has changed to Requested
event task:MESSAGE:2021-07-12 15h34.59 UTC:3296: Task Tiki (baa5aa85-9a3d-4563-b75e-27b8dac0a3c9) has been requested to start by admin
OSPD[478] 2021-07-12 11:35:01,705: INFO: (ospd.command.command) Scan e9b8f94b-04ff-42a6-9825-ee4048d0cf3b added to the queue in position 1.
event task:MESSAGE:2021-07-12 15h35.01 UTC:3299: Status of task Tiki (baa5aa85-9a3d-4563-b75e-27b8dac0a3c9) has changed to Queued
OSPD[478] 2021-07-12 11:35:07,576: INFO: (ospd.ospd) Currently 1 queued scans.
OSPD[478] 2021-07-12 11:35:07,588: INFO: (ospd.ospd) Starting scan e9b8f94b-04ff-42a6-9825-ee4048d0cf3b.
event task:MESSAGE:2021-07-12 15h35.11 UTC:3299: Status of task Tiki (baa5aa85-9a3d-4563-b75e-27b8dac0a3c9) has changed to Running

==> /usr/local/var/log/gvm/openvas.log <==
sd   main:MESSAGE:2021-07-12 15h35.30 utc:3539: openvas 21.4.1 started
sd   main:MESSAGE:2021-07-12 15h35.39 utc:3539: Vulnerability scan e9b8f94b-04ff-42a6-9825-ee4048d0cf3b started: Target has 1 hosts: sub.domain.tld, with max_hosts = 20 and max_checks = 4
libgvm boreas:MESSAGE:2021-07-12 15h35.39 utc:3539: Alive scan e9b8f94b-04ff-42a6-9825-ee4048d0cf3b started: Target has 1 hosts
sd   main:MESSAGE:2021-07-12 15h35.42 utc:3593: Vulnerability scan e9b8f94b-04ff-42a6-9825-ee4048d0cf3b started for host: 123.123.123 (Vhosts: sub.domain.tld)
libgvm boreas:MESSAGE:2021-07-12 15h35.44 utc:3539: Alive scan e9b8f94b-04ff-42a6-9825-ee4048d0cf3b finished in 5 seconds: 1 alive hosts of 1.
sd   main:MESSAGE:2021-07-12 15h37.04 utc:3593: Vulnerability scan e9b8f94b-04ff-42a6-9825-ee4048d0cf3b finished for host 123.123.123 in 82.09 seconds
sd   main:MESSAGE:2021-07-12 15h37.04 utc:3539: Vulnerability scan e9b8f94b-04ff-42a6-9825-ee4048d0cf3b finished in 94 seconds: 1 alive hosts of 1
OSPD[478] 2021-07-12 11:37:05,441: INFO: (ospd.ospd) e9b8f94b-04ff-42a6-9825-ee4048d0cf3b: Host scan finished.
OSPD[478] 2021-07-12 11:37:05,447: INFO: (ospd.ospd) e9b8f94b-04ff-42a6-9825-ee4048d0cf3b: Scan finished.

==> /usr/local/var/log/gvm/gvmd.log <==
event task:MESSAGE:2021-07-12 15h37.07 UTC:3299: Status of task Tiki (baa5aa85-9a3d-4563-b75e-27b8dac0a3c9) has changed to Done

Is there anything I'm doing wrong?

[mcjon3z]

I was able to duplicate this behavior on the previous release however Greenbone released a bunch of component updates 2 weeks ago that appear to correct whatever the issue was. I'm going to go ahead and close this issue - pull the most current image build from docker hub and if that does not correct, let me know and we will re-open and troubleshoot further.

[pieterhouwen]

I pulled the latest image using the default docker-compose file but when I re-ran the scan it showed the same behavior.

Maybe some things that can be helpful details:

I use the GVM on Docker for Windows (WSL2). NVT's are loaded in properly after I do the update twice (the first time fails because of hash mismatch)

[pieterhouwen]

When running the build script on an Ubuntu VM I'm getting the following errors in install-pkgs.sh:

Setting up libglib2.0-cil (2.12.40-3) ...

Unhandled Exception:
System.TypeInitializationException: The type initializer for 'Sys' threw an exception. ---> System.DllNotFoundException: System.Native assembly:<unknown assembly> type:<unknown type> member:(null)
  at (wrapper managed-to-native) Interop+Sys.LChflagsCanSetHiddenFlag()
  at Interop+Sys..cctor () [0x00000] in <12b418a7818c4ca0893feeaaf67f1e7f>:0
   --- End of inner exception stack trace ---
  at System.IO.FileSystem.FileExists (System.ReadOnlySpan`1[T] fullPath, System.Int32 fileType, Interop+ErrorInfo& errorInfo) [0x0000f] in <12b418a7818c4ca0893feeaaf67f1e7f>:0
  at System.IO.FileSystem.FileExists (System.ReadOnlySpan`1[T] fullPath) [0x00006] in <12b418a7818c4ca0893feeaaf67f1e7f>:0
  at System.IO.File.Exists (System.String path) [0x00058] in <12b418a7818c4ca0893feeaaf67f1e7f>:0
  at Mono.Tools.Driver.LoadConfig (System.Boolean quiet) [0x00031] in <c1f3f44c980c4c748aff61945c8f618f>:0
  at Mono.Tools.Driver.Main (System.String[] args) [0x00347] in <c1f3f44c980c4c748aff61945c8f618f>:0
[ERROR] FATAL UNHANDLED EXCEPTION: System.TypeInitializationException: The type initializer for 'Sys' threw an exception. ---> System.DllNotFoundException: System.Native assembly:<unknown assembly> type:<unknown type> member:(null)
  at (wrapper managed-to-native) Interop+Sys.LChflagsCanSetHiddenFlag()
  at Interop+Sys..cctor () [0x00000] in <12b418a7818c4ca0893feeaaf67f1e7f>:0
   --- End of inner exception stack trace ---
  at System.IO.FileSystem.FileExists (System.ReadOnlySpan`1[T] fullPath, System.Int32 fileType, Interop+ErrorInfo& errorInfo) [0x0000f] in <12b418a7818c4ca0893feeaaf67f1e7f>:0
  at System.IO.FileSystem.FileExists (System.ReadOnlySpan`1[T] fullPath) [0x00006] in <12b418a7818c4ca0893feeaaf67f1e7f>:0
  at System.IO.File.Exists (System.String path) [0x00058] in <12b418a7818c4ca0893feeaaf67f1e7f>:0
  at Mono.Tools.Driver.LoadConfig (System.Boolean quiet) [0x00031] in <c1f3f44c980c4c748aff61945c8f618f>:0
  at Mono.Tools.Driver.Main (System.String[] args) [0x00347] in <c1f3f44c980c4c748aff61945c8f618f>:0
E: installing Assembly /usr/share/cli-common/policies.d/libglib2.0-cil/policy.2.8.glib-sharp.dll failed
E: Installation of policy.2.8.glib-sharp with /usr/share/cli-common/runtimes.d/mono failed
dpkg: error processing package libglib2.0-cil (--configure):
 installed libglib2.0-cil package post-installation script subprocess returned error exit status 1
Setting up libmono-security4.0-cil (6.8.0.105+dfsg-2) ...
Setting up mono-gac (6.8.0.105+dfsg-2) ...
update-alternatives: using /usr/bin/gacutil to provide /usr/bin/cli-gacutil (global-assembly-cache-tool) in auto mode
update-alternatives: warning: skip creation of /usr/share/man/man1/cli-gacutil.1.gz because associated file /usr/share/man/man1/gacutil.1.gz (of link group global-assembly-cache-tool) doesn't exist
Setting up mono-runtime-common (6.8.0.105+dfsg-2) ...
dpkg: dependency problems prevent configuration of libglib2.0-cil-dev:
 libglib2.0-cil-dev depends on libglib2.0-cil (= 2.12.40-3); however:
  Package libglib2.0-cil is not configured yet.

dpkg: error processing package libglib2.0-cil-dev (--configure):
 dependency problems - leaving unconfigured
Processing triggers for libc-bin (2.31-0ubuntu9.2) ...
Errors were encountered while processing:
 libglib2.0-cil
 libglib2.0-cil-dev
E: Sub-process /usr/bin/dpkg returned an error code (1)

I'm not sure if this will impact the ability to run properly but it doesn't seem good

[mcjon3z]

Reopening issue as problem still present in most recent build