FS#57470 - [openvas-manager] OpenVAS fails to rebuild database after a clean install

Attached to Project: Community Packages
Opened by Martin (greencopper) - Sunday, 11 February 2018, 15:22 GMT
Last edited by Christian Rebischke (Shibumi) - Saturday, 26 May 2018, 14:18 GMT
Task Type Bug Report
Category Packages
Status Closed
Assigned To Christian Rebischke (Shibumi)
Levente Polyak (anthraxx)
Architecture All
Severity High
Priority Normal
Reported Version
Due in Version Undecided
Due Date Undecided
Percent Complete 100%
Votes 2
Private No

Details

Following the guide in the Arch wiki: https://wiki.archlinux.org/index.php/OpenVAS

When you reach the point where you're supposed to rebuild the database it fails:

# openvasmd --rebuild --progress
Rebuilding NVT cache... failed.

This is related to the following packages:

community/greenbone-security-assistant 7.0.2-1 (openvas) [installed]
community/openvas-cli 1.4.5-2 (openvas) [installed]
community/openvas-libraries 9.0.1-1 (openvas) [installed]
community/openvas-manager 7.0.2-1 (openvas) [installed]
community/openvas-scanner 5.1.1-1 [installed]

Steps to reproduce:

Follow the Arch Linux wiki on OpenVAS.
This task depends upon

Closed by  Christian Rebischke (Shibumi)
Saturday, 26 May 2018, 14:18 GMT
Reason for closing:  Not a bug
Comment by Christian Rebischke (Shibumi) - Friday, 16 February 2018, 06:36 GMT
Hello, can you provide any logs? last time when I tried this it was working fine.
Comment by Martin (greencopper) - Sunday, 18 February 2018, 20:21 GMT
No, sorry, I haven't got time at the moment to test any further, but you can easily reproduce with the latest versions.
Comment by tranqil (tranqil) - Tuesday, 06 March 2018, 13:22 GMT
It seems the Wiki isn't up-to-date. You've to setup Redis (and configure the openvas-scanner) before startup of scanner service. But this is not the only problem with the newest openvas version. Its still correct, that openvasmd hangs on rebuilding (updating) the initial database, without any error logging:

openvasmd --rebuild --progress
Rebuilding NVT cache... \
<hanging forever>

md main:MESSAGE:2018-03-06 13h00.29 utc:1088: OpenVAS Manager version 7.0.2 (DB revision 184)
md main: INFO:2018-03-06 13h00.29 utc:1088: rebuild_nvt_cache_retry: Reloading NVT cache
md main: INFO:2018-03-06 13h00.29 utc:1089: update_or_rebuild_nvt_cache: Rebuilding NVT cache
md crypt: INFO:2018-03-06 13h00.29 utc:1089: starting key generation ...
md crypt: INFO:2018-03-06 13h00.31 utc:1089: OpenPGP key 'OpenVAS Credential Encryption' has been generated
md main: INFO:2018-03-06 13h00.31 utc:1089: Updating NVT cache.
md main:MESSAGE:2018-03-06 13h03.14 utc:2118: OpenVAS Manager version 7.0.2 (DB revision 184)

Comment by Max Wölfing (ff0x) - Wednesday, 14 March 2018, 12:44 GMT
Same with the new version:

# /usr/bin/openvassd -f --unix-socket=/var/run/openvassd.sock

# strace -f openvasmd --rebuild --progress
...
[pid 28708] fcntl(6, F_SETLK, {l_type=F_UNLCK, l_whence=SEEK_SET, l_start=123, l_len=1}) = 0
[pid 28708] close(-1) = -1 EBADF (Bad file descriptor)
[pid 28708] socket(AF_UNIX, SOCK_STREAM, 0) = 14
[pid 28708] connect(14, {sa_family=AF_UNIX, sun_path="/var/run/openvassd.sock"}, 25) = 0
[pid 28708] mmap(NULL, 1052672, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f147a6a1000
[pid 28708] fcntl(14, F_SETFL, O_RDONLY|O_NONBLOCK) = 0
[pid 28708] sendto(14, "< OTP/2.0 >\n", 12, 0, NULL, 0) = 12
[pid 28708] sendto(14, "CLIENT <|> NVT_INFO <|> CLIENT\n", 31, 0, NULL, 0) = 31
[pid 28708] select(15, NULL, [14], NULL, {tv_sec=1, tv_usec=0}) = 1 (out [14], left {tv_sec=0, tv_usec=999998})
[pid 28708] recvfrom(14, 0x7ffc02fb70af, 1, MSG_PEEK, NULL, NULL) = -1 EAGAIN (Resource temporarily unavailable)
[pid 28708] select(15, [14], [], NULL, {tv_sec=1, tv_usec=0}) = 0 (Timeout)
...

Comment by Christian Rebischke (Shibumi) - Thursday, 15 March 2018, 02:06 GMT
Mhh I can confirm this:

[root@openvas ~]# openvasmd --rebuild --progress
Rebuilding NVT cache... failed.


Do you guys have reported this upstream?
Comment by Christian Rebischke (Shibumi) - Friday, 06 April 2018, 22:01 GMT
I have pushed a new version to the repos.. please ensure if the bug still exists.
Comment by Max Wölfing (ff0x) - Saturday, 07 April 2018, 07:25 GMT
Same probem like before. Nothing has changed :(
Comment by Christian Rebischke (Shibumi) - Sunday, 08 April 2018, 17:35 GMT
@ff0x did you report this upstream?
Comment by Venkatesh (venkypwr) - Wednesday, 11 April 2018, 03:50 GMT
openvasmd --rebuild --progress
Rebuilding NVT cache... failed.

If anyone got any update please let me know.

Thanks in advance.
Comment by Max Wölfing (ff0x) - Friday, 13 April 2018, 05:13 GMT
Shibumi: Sorry, not yet. There was an issue with account creation on their tracker the last time I've tried and there are a whole bunch of old bugs left open, didn't seems very active to me.
Comment by Christian Rebischke (Shibumi) - Friday, 04 May 2018, 19:57 GMT
Ok, I am going to report this on github. They seem more active on github.
Comment by Christian Rebischke (Shibumi) - Friday, 04 May 2018, 20:03 GMT Comment by Christian Rebischke (Shibumi) - Thursday, 10 May 2018, 12:41 GMT
upstream says this is a configuration issue. We should definitly have a look on our wiki article: https://github.com/greenbone/gvm/issues/98#issuecomment-387347987
Comment by Max Wölfing (ff0x) - Thursday, 24 May 2018, 08:47 GMT
Hmm, for whatever reasons it is working..

Today I've take a look at the redis configuration especially the "save" directive mention in upstream, but it was configured correctly and I ensured that the socket was activated. Then I first started redis, sync all nvt, cert and scapdata, started the scanner daemon and rebuild the NVT cache - like thousand times before. But finally it runs without any issue using the same version from above (7.0.3). The only spcial thing I've done this time, was to remove the old 'dump.rdb' from /var/lib/redis before I started the database. Maybe one can check this out.

The Wiki should be updated, to configure/start redis ahead of the scanner.
Comment by Christian Rebischke (Shibumi) - Saturday, 26 May 2018, 14:18 GMT
I have updated the wiki and moved the redis installation to the 'pre-install' section. I hope this fixes any issues. If you still have problems please re-open this bug report.

Loading...