search

mikesplain / openvas-docker

A Docker container for Openvas
MIT License
762 stars 302 forks source link

Client closing the connection? Can't connect to UI. #121

Closed DannyLee12 closed 7 years ago

DannyLee12 commented 7 years ago

I cannot connect the UI through http://localhost:443 This may have somthing to do with the message in the logs:

[Wed Feb 15 16:46:00 2017][837] openvassd 5.1.0 started
[Wed Feb 15 16:46:56 2017][1359] Client closed the communication
[Wed Feb 15 16:47:19 2017][837] Received the Terminated signal
[Tue Mar 28 13:47:30 2017][23] openvassd 5.1.0 started
[Tue Mar 28 13:48:17 2017][168] Client closed the communication

I have encountered this same issue on two machines. Please tell me what I am doing wrong. Full logs attached below.

redis not yet ready
Redis ready.
Checking for empty volume
Restarting services
 * Restarting openvas-scanner openvassd
   ...done.
 * Restarting openvas-manager openvasmd
   ...done.
 * Restarting openvas-gsa gsad
   ...done.
Reloading NVTs
Rebuilding NVT cache... done.
Checking setup
openvas-check-setup 2.3.7
  Test completeness and readiness of OpenVAS-9

  Please report us any non-detected problems and
  help us to improve this check routine:
  http://lists.wald.intevation.org/mailman/listinfo/openvas-discuss

  Send us the log-file (/tmp/openvas-check-setup.log) to help analyze the problem.

  Use the parameter --server to skip checks for client tools
  like GSD and OpenVAS-CLI.

Step 1: Checking OpenVAS Scanner ...
        OK: OpenVAS Scanner is present in version 5.1.0.
        OK: redis-server is present in version v=3.0.6.
        OK: scanner (kb_location setting) is configured properly using the redis-server socket: /var/run/redis/redis.sock
        OK: redis-server is running and listening on socket: /var/run/redis/redis.sock.
        OK: redis-server configuration is OK and redis-server is running.
        OK: NVT collection in /var/lib/openvas/plugins contains 51943 NVTs.
        WARNING: Signature checking of NVTs is not enabled in OpenVAS Scanner.
        SUGGEST: Enable signature checking (see http://www.openvas.org/trusted-nvts.html).
        OK: The NVT cache in /var/cache/openvas contains 51943 files for 51943 NVTs.
Step 2: Checking OpenVAS Manager ...
        OK: OpenVAS Manager is present in version 7.0.0.
        OK: OpenVAS Manager database found in /var/lib/openvas/mgr/tasks.db.
        OK: Access rights for the OpenVAS Manager database are correct.
        OK: sqlite3 found, extended checks of the OpenVAS Manager installation enabled.
        OK: OpenVAS Manager database is at revision 184.
        OK: OpenVAS Manager expects database at revision 184.
        OK: Database schema is up to date.
        OK: OpenVAS Manager database contains information about 51943 NVTs.
        OK: At least one user exists.
        OK: OpenVAS SCAP database found in /var/lib/openvas/scap-data/scap.db.
        OK: OpenVAS CERT database found in /var/lib/openvas/cert-data/cert.db.
        OK: xsltproc found.
Step 3: Checking user configuration ...
        WARNING: Your password policy is empty.
        SUGGEST: Edit the /etc/openvas/pwpolicy.conf file to set a password policy.
Step 4: Checking Greenbone Security Assistant (GSA) ...
        OK: Greenbone Security Assistant is present in version 7.0.0.
        OK: Your OpenVAS certificate infrastructure passed validation.
Step 5: Checking OpenVAS CLI ...
        OK: OpenVAS CLI version 1.4.5.
Step 6: Checking Greenbone Security Desktop (GSD) ...
        SKIP: Skipping check for Greenbone Security Desktop.
Step 7: Checking if OpenVAS services are up and running ...
        OK: netstat found, extended checks of the OpenVAS services enabled.
        OK: OpenVAS Scanner is running and listening on a Unix domain socket.
        OK: OpenVAS Manager is running and listening on a Unix domain socket.
        OK: Greenbone Security Assistant is running and listening on all interfaces.
        WARNING: Greenbone Security Assistant is listening on port 4000, which is NOT the default port!
        SUGGEST: Ensure Greenbone Security Assistant is listening on one of the following ports: 80, 443, 9392.
Step 8: Checking nmap installation ...
        WARNING: Your version of nmap is not fully supported: 7.01
        SUGGEST: You should install nmap 5.51 if you plan to use the nmap NSE NVTs.
Step 10: Checking presence of optional tools ...
        OK: pdflatex found.
        OK: PDF generation successful. The PDF report format is likely to work.
        OK: ssh-keygen found, LSC credential generation for GNU/Linux targets is likely to work.
        OK: rpm found, LSC credential package generation for RPM based targets is likely to work.
        OK: alien found, LSC credential package generation for DEB based targets is likely to work.
        OK: nsis found, LSC credential package generation for Microsoft Windows targets is likely to work.

It seems like your OpenVAS-9 installation is OK.

If you think it is not OK, please report your observation
and help us to improve this check routine:
http://lists.wald.intevation.org/mailman/listinfo/openvas-discuss
Please attach the log-file (/tmp/openvas-check-setup.log) to help us analyze the problem.

Tailing logs
==> /var/log/openvas/gsad.log <==
gsad main:MESSAGE:2017-02-15 16h41.02 utc:859: Starting GSAD version 7.0.0
gsad main:MESSAGE:2017-02-15 16h41.02 utc:859: main: Locale for gettext extensions set to "C", gettext translations are disabled.
gsad xslt:WARNING:2017-02-15 16h41.02 utc:859: init_language_lists: Failed to open locale directory "/usr/share/openvas/gsa/locale": No such file or directory
gsad main:MESSAGE:2017-03-28 13h46.16 utc:45: Starting GSAD version 7.0.0
gsad main:MESSAGE:2017-03-28 13h46.16 utc:45: main: Locale for gettext extensions set to "C", gettext translations are disabled.
gsad xslt:WARNING:2017-03-28 13h46.16 utc:45: init_language_lists: Failed to open locale directory "/usr/share/openvas/gsa/locale": No such file or directory

==> /var/log/openvas/openvasmd.log <==
base gpgme:MESSAGE:2017-03-28 13h47.19 utc:134: Setting GnuPG dir to '/var/lib/openvas/openvasmd/gnupg'
base gpgme:MESSAGE:2017-03-28 13h47.20 utc:134: Using OpenPGP engine version '2.1.11'
md   main:   INFO:2017-03-28 13h47.21 utc:134:    Updating NVT cache.
md    otp:MESSAGE:2017-03-28 13h47.22 utc:134: Waiting for scanner to load NVTs: 45400 / 51943.
md   main:   INFO:2017-03-28 13h47.32 utc:151: update_or_rebuild_nvt_cache: Rebuilding NVT cache
base gpgme:MESSAGE:2017-03-28 13h47.32 utc:151: Setting GnuPG dir to '/var/lib/openvas/openvasmd/gnupg'
base gpgme:MESSAGE:2017-03-28 13h47.33 utc:151: Using OpenPGP engine version '2.1.11'
md   main:   INFO:2017-03-28 13h47.33 utc:151:    Updating NVT cache.
md   main:MESSAGE:2017-03-28 13h51.19 utc:244:    OpenVAS Manager version 7.0.0 (DB revision 184)
md manage:   INFO:2017-03-28 13h51.19 utc:244:    Getting users.

==> /var/log/openvas/openvassd.dump <==

==> /var/log/openvas/openvassd.messages <==
[Wed Feb 15 16:46:00 2017][837] openvassd 5.1.0 started
[Wed Feb 15 16:46:56 2017][1359] Client closed the communication
[Wed Feb 15 16:47:19 2017][837] Received the Terminated signal
[Tue Mar 28 13:47:30 2017][23] openvassd 5.1.0 started
[Tue Mar 28 13:48:17 2017][168] Client closed the communication
mikesplain commented 7 years ago

Hi @DannyLee12, thanks for the details. Are you sure you tried the correct address? It serves only on https: https://localhost and on whatever port you forward.

DannyLee12 commented 7 years ago

I think so, running the container:

CONTAINER ID        IMAGE                COMMAND               CREATED             STATUS              PORTS                            NAMES
fcc96d1b3567        mikesplain/openvas   "/bin/sh -c /start"   2 hours ago         Up 2 hours          0.0.0.0:443->443/tcp, 4000/tcp   openvas

And trying to connect on https://0.0.0.0/ or https://localhost tells me the site cannot be reached.

Does everything else seem ok?

DannyLee12 commented 7 years ago

Nevermind, I am indeed an idiot.