openvas-9-dashboard on Kali Linux

OpenVAS bug in Kali Linux 2017.3.5 and 2018

After installing OpenVas in Kali Linux 2017.3.5. I encountered a bug that OpenVas was not starting up. Upon testing OpenVas configuration with command:

root@kali:#openvas-check-setup

I found the error as below

openvas-check-setup 2.3.7
Test completeness and readiness of OpenVAS-9

Please report us any non-detected problems and
help us to improve this check routine:
http://lists.wald.intevation.org/mailman/listinfo/openvas-discuss

Send us the log-file (/tmp/openvas-check-setup.log) to help analyze the problem.

Use the parameter --server to skip checks for client tools
like GSD and OpenVAS-CLI.

Step 1: Checking OpenVAS Scanner ...
OK: OpenVAS Scanner is present in version 5.1.1.
OK: redis-server is present in version v=4.0.6.
OK: scanner (kb_location setting) is configured properly using the redis-server socket: /tmp/redis.sock
ERROR: redis-server is not running or not listening on socket: /tmp/redis.sock
FIX: You should start the redis-server or configure it to listen on socket: /tmp/redis.sock

ERROR: Your OpenVAS-9 installation is not yet complete!

Please follow the instructions marked with FIX above and run this
script again.

If you think this result is wrong, please report your observation
and help us to improve this check routine:
http://lists.wald.intevation.org/mailman/listinfo/openvas-discuss
Please attach the log-file (/tmp/openvas-check-setup.log) to help us analyze the problem.

This is saying that Kali Linux cannot find Redis server socket file in: /tmp/redis.sock

Now I found that Redis is currently working on network level on localhost address 172.0.0.1, not on any socket.

To fix this I entered below line in /etc/redis/redis.conf

unixsocket /var/run/redis/redis.sock
unixsocketperm 700

 

This will ensure running Redis Server on location /var/run/redis/redis.sock

But the problem is that OpenVas is searching Redis Socket in /tmp/redis.sock. From security aspect this is not a good location to run Redis Socket. Now we need to tell OpenVas to look Redis Socket file on /var/run/redis/redis.sock

If we enter the command below it will tell that OpenVas is searching for Redis Location as below:

root@kali:/# openvassd -s | grep kb_location
kb_location = /tmp/redis.sock

 

Now the problem is that there is no file where we can change this location in OpenVas. To fix this we need to create a file openvassd.conf for OpenVas. Because the default installation in Kali Linux this file is not created.

root@kali:# /etc/openvas/openvassd.conf

and enter below entry in the file:

kb_location=/var/run/redis/redis.sock

 

Now we will again check whether OpenVas is checking Redis socket in out changed location or not.

root@kali:/# openvassd -s | grep kb_location

kb_location = /var/run/redis/redis.sock

 

Perfect! Now OpenVas is looking for Redis Socket on correct location. Now we will kill OpenVas processes and start OpenVas again.

root@kali:/etc/openvas# pkill openvas
root@kali:/etc/openvas# /etc/init.d/openvas-scanner start
root@kali:/etc/openvas# /etc/init.d/openvas-manager start

Now we recheck OpenVas configuration to be sure.

 

root@kali:/# openvas-check-setup
openvas-check-setup 2.3.7
  Test completeness and readiness of OpenVAS-9

  Please report us any non-detected problems and
  help us to improve this check routine:
  http://lists.wald.intevation.org/mailman/listinfo/openvas-discuss

  Send us the log-file (/tmp/openvas-check-setup.log) to help analyze the problem.

  Use the parameter --server to skip checks for client tools
  like GSD and OpenVAS-CLI.

Step 1: Checking OpenVAS Scanner ... 
        OK: OpenVAS Scanner is present in version 5.1.1.
        OK: redis-server is present in version v=4.0.7.
        OK: scanner (kb_location setting) is configured properly using the redis-server socket: /var/run/redis/redis.sock
        OK: redis-server is running and listening on socket: /var/run/redis/redis.sock.
        OK: redis-server configuration is OK and redis-server is running.
        ERROR: The NVT collection is very small.
        FIX: Run a synchronization script like greenbone-nvt-sync.

 ERROR: Your OpenVAS-9 installation is not yet complete!

 

This is saying that NVT Collection is small, but OpenVas is installed perfectly.

Please let me know below in comments about any question or suggestion.

10 Comments Posted

  1. Hey thanks for the tutorial, I helped me, but I think you have a small mistake the first call you call openvassd -s | grep kb_location, it should be pointing to tmp right?

  2. Also, in my case it was not necessary to add the code on /etc/redis/redis.conf it was already there :). for me only the step of adding the config file was necessary. Regards and thanks again

  3. This was very helpful. The one difference i had was there was no redis.sock file. The file was redis-server.sock.

  4. I have Still the same problem can you please tell me some solution for this

    Step 1: Checking OpenVAS Scanner …
    OK: OpenVAS Scanner is present in version 5.1.1.
    OK: redis-server is present in version v=4.0.10.
    OK: scanner (kb_location setting) is configured properly using the redis-server socket: /var/run/redis-openvas/redis-server.sock
    ERROR: redis-server is not running or not listening on socket: /var/run/redis-openvas/redis-server.sock
    FIX: You should start the redis-server or configure it to listen on socket: /var/run/redis-openvas/redis-server.sock

    ERROR: Your OpenVAS-9 installation is not yet complete!

    Please follow the instructions marked with FIX above and run this
    script again.

    If you think this result is wrong, please report your observation
    and help us to improve this check routine:
    http://lists.wald.intevation.org/mailman/listinfo/openvas-discuss
    Please attach the log-file (/tmp/openvas-check-setup.log) to help us analyze the problem.

1 Trackbacks & Pingbacks

  1. Homepage

Leave a Reply

Your email address will not be published.


*