OpenVAS

From NST Wiki
Jump to navigationJump to search

Start The openvas-scanner Service

Starting the openvas-scanner (openvassd) service takes a long time. This occurs due to the loading and processing of all of the rules. When the service is started, it reads through all of the ASCII plugins and creates cached versions under the /var/cache/openvas directory. The first time you try and start the service, systemctl may time out and report that the service failed to start even though the openvassd process is still running and parsing rules. For example: 

[root@cayenne ~]# systemctl start openvas-scanner.service
Job failed. See system logs and 'systemctl status' for details.
[root@cayenne ~]# ps -fC openvassd
UID        PID  PPID  C STIME TTY          TIME CMD
root      3813  3812 48 13:30 ?        00:02:34 openvassd -q --port=9391
[root@cayenne ~]#


It takes a very long time for the initial loading and processing of the plugins. You can try to peek at what plugins are currently being loaded (to assure yourself that progress is being made) using the lsof command (this doesn't always work and depends a bit on the start of the openvassd process): 

[root@dhcp150 ~]# lsof | grep /var/lib/openvas/plugins 
openvassd 12858      root  cwd     4r    REG    253,1     2635   21050  /var/lib/openvas/plugins/plugins/gb_MDaemon_39857.nasl
[root@dhcp132 ~]#

If you run the top command while the openvassd is processing the plugins, you should see the openvassd consuming a substantial amount of CPU.

Eventually the openvassd process will complete it's loading phase and enter into a state where it is ready to accept incoming connections. You can use the ps command to check for this. 

[root@dhcp132 ~]# ps -fC openvassd
UID        PID  PPID  C STIME TTY          TIME CMD
root     24529     1  0 07:13 ?        00:00:00 openvassd: waiting for incoming 
[root@dhcp150 ~]#

The systemctl command can also be used to verify that the openvassd process is ready for incoming connections: 

[root@dhcp132 ~]# systemctl status openvas-scanner.service
openvas-scanner.service - LSB: start|stop|status|restart|condrestart|reloadplugins OpenVAS Scanner
	  Loaded: loaded (/etc/rc.d/init.d/openvas-scanner)
	  Active: failed since Wed, 15 Jun 2011 07:10:23 -0400; 7min ago 
	 Process: 2164 ExecStart=/etc/rc.d/init.d/openvas-scanner start (code=killed, signal=TERM)
	  CGroup: name=systemd:/system/openvas-scanner.service
		  └ 24529 openvassd: waiting for incoming connections
[root@dhcp132 ~]#

You may notice that systemctl reports the service in a failed state even though the openvassd daemon is running and accepting connections. You should be able to clear this failed state indicator by restarting the service. 

[root@dhcp132 ~]# systemctl restart openvas-scanner.service
[root@cayenne ~]# systemctl status openvas-scanner.service
openvas-scanner.service - LSB: start|stop|status|restart|condrestart|reloadplugins OpenVAS Scanner
	  Loaded: loaded (/etc/rc.d/init.d/openvas-scanner)
	  Active: active (running) since Sat, 16 Jul 2011 13:44:52 -0400; 1min 6s ago
	 Process: 27198 ExecStart=/etc/rc.d/init.d/openvas-scanner start (code=exited, status=0/SUCCESS)
	Main PID: 27193 (openvassd)
	  CGroup: name=systemd:/system/openvas-scanner.service
		  └ 27193 openvassd: waiting for incoming connections
[root@cayenne ~]# 
[root@dhcp132 ~]#

To enable the openvas-scanner (openvassd) service at boot time, run the following command: 

[root@cayenne ~]# systemctl disable openvas-scanner.service
openvas-scanner.service is not a native service, redirecting to /sbin/chkconfig.
Executing /sbin/chkconfig openvas-scanner off
[root@cayenne ~]# 
[root@dhcp150 ~]#
Retrieved from "https://wiki.networksecuritytoolkit.org/nstwiki/index.php?title=OpenVAS&oldid=4371"