Redis Errno::eafnosupport (Address Family Not Supported by Protocol - Socket(2)

How to install Greenbone Vulnerability Direction (GVM) (formerly OpenVAS) on Kali Linux

OpenVAS is now renamed Greenbone Vulnerability Management (GVM)

When the OpenVAS project was created, it merely consisted of a vulnerability scanning engine. Greenbone Networks received funding shortly thereafter to provide professional vulnerability scanning support. Greenbone took over development leadership, added a few software components, and turned OpenVAS into a multi-pronged vulnerability management solution that still retains the value of open and costless software.

Over the years, it became apparent that the use of OpenVAS as a trademark for an open source projection and funding for almost all of the projection'southward development had not been appreciated from outside. Therefore, afterward the release of the OpenVAS 9 platform, information technology was renamed Greenbone Vulnerability Management (GVM) and released every bit Greenbone Source Edition (GSE). Since GVM 10, the term OpenVAS is used only for the scanner component, as information technology was at the beginning of the project.

Greenbone Vulnerability Management (GVM) packages: https://github.com/greenbone

Errors when installing and starting GVM, OpenVAS

During the installation and launch process, I encountered quite a few errors, which, nevertheless, were resolved. Under the assumption that these errors are common to anybody (non just my particular installation), I described these errors right during the installation process, as a upshot of which the instructions became cluttered.

If during the installation process yous do not meet the described errors, please write about it in the comments – if the errors practice not appear for everyone, then I will put them at the very end of the article, due to which, in general, the instruction volition become clearer.

How to install OpenVAS (GVM)

Since the authors renamed openvas to gvm (more precisely, divided it into dissimilar packages), now the principal bundle is gvm, when it is installed, all other necessary packages will also be obtained as dependencies.

Installation is done like this:

sudo apt update sudo apt install gvm

Setting upwards OpenVAS

Permit'due south get-go by setting upward the Open up Vulnerability Assessment Scanner (OpenVAS) for Greenbone Vulnerability Management (GVM) solution.

It is used in Greenbone Security Manager and is a full-fledged browse engine that performs constantly updated and expanded submissions of Network Vulnerability Tests (NVTs).

The scanner needs a running Redis server to temporarily store the collected data on the scanned hosts. Configuring the Redis server is washed similar this (these commands need to be executed one time):

wget https://raw.githubusercontent.com/greenbone/openvas-scanner/master/config/redis-openvas.conf sudo cp redis-openvas.conf /etc/redis/ sudo chown redis:redis /etc/redis/redis-openvas.conf repeat 'db_address = /run/redis-openvas/redis.sock' | sudo tee /etc/openvas/openvas.conf

Starting the Redis server (must be done after every computer restart):

sudo systemctl starting time redis-server@openvas.service

Or, if you like, add it to startup:

sudo systemctl enable redis-server@openvas.service

The Greenbone Vulnerability Management (gvmd) service acts as an OSP client to connect to and manage scanners. openvas does not act as an OSP service – you need the OSPD-OpenVAS module for that. Actual user interfaces (like GSA or GVM-Tools) will but collaborate with gvmd and/or ospd-openvas, non the scanner. You can run openvas to load plugins in Redis using the following command:

sudo openvas -u

simply ospd-openvas will update automatically.

Please note that although yous can run openvas as a non-elevated user, it is recommended that you run openvas equally root because some network vulnerability tests (NVTs) require root privileges to perform certain operations, such as bundle spoofing. If yous run openvas as a user without permission to perform these operations, the browse results are likely to be incomplete.

Since openvas will be launched from the ospd-openvas procedure using sudo, the following configuration is required in the sudoers file:

sudo visudo

add this line to allow the user running ospd-openvas to run openvas as root

USERNAME ALL = NOPASSWD: /usr/sbin/openvas

Supersede USERNAME with your Linux username.

You tin can find out the username with the control:

echo $USER

If something does not work, then you can view the log with the control:

cat /var/log/gvm/openvas.log

Configuring Greenbone Vulnerability Management (GVM)

Greenbone Vulnerability Manager is the central management service between security scanners and user clients.

It manages the storage of whatever vulnerability management configuration and scan results. Data, control commands, and workflows are accessed through the XML-based Greenbone Management Protocol (GMP). Scanners such equally OpenVAS are controlled through the Open up Scanner Protocol (OSP).

Deployment script (instead of openvas-setup):

sudo gvm-setup

This script needs to exist run only in one case.

The script ended with an error:

sent two,908 bytes  received 1,097,808,438 bytes  405,171.19 bytes/sec total size is ane,097,537,923  speedup is 1.00 [*] Updating: Cert Data rsync: [Receiver] failed to connect to feed.community.greenbone.net (45.135.106.142): Connexion refused (111) rsync: [Receiver] failed to connect to feed.customs.greenbone.net (2a0e:6b40:twenty:106:20c:29ff:fe67:cbb5): Network is unreachable (101) rsync error: error in socket IO (code 10) at clientserver.c(137) [Receiver=3.ii.3] [*] Checking Default scanner Can not open '/var/log/gvm/gvmd.log' logfile: Permission denied  ** (process:2450): Mistake (recursed) **: Can not open up '/var/log/gvm/gvmd.log' logfile: Permission denied[*] Modifying Default Scanner Can not open '/var/log/gvm/gvmd.log' logfile: Permission denied  ** (procedure:2452): Error (recursed) **: Can not open '/var/log/gvm/gvmd.log' logfile: Permission denied [+] Done

Running bank check:

sudo gvm-bank check-setup

likewise showed an error in the fourth stride:

gvm-cheque-setup xx.8.0   Examination completeness and readiness of GVM-20.8.0 Footstep 1: Checking OpenVAS (Scanner)...          OK: OpenVAS Scanner is nowadays in version 20.8.1.         OK: Server CA Certificate is present every bit /var/lib/gvm/CA/servercert.pem. Checking permissions of /var/lib/openvas/gnupg/*         OK: _gvm owns all files in /var/lib/openvas/gnupg         OK: redis-server is nowadays.         OK: scanner (db_address setting) is configured properly using the redis-server socket: /run/redis-openvas/redis.sock         OK: redis-server is running and listening on socket: /run/redis-openvas/redis.sock.         OK: redis-server configuration is OK and redis-server is running.         OK: _gvm owns all files in /var/lib/openvas/plugins         OK: NVT drove in /var/lib/openvas/plugins contains 66548 NVTs. Checking that the obsolete redis database has been removed Could not connect to Redis at /var/run/redis-openvas/redis-server.sock: No such file or directory         OK: No old Redis DB         OK: ospd-OpenVAS is nowadays in version xx.eight.ane. Step 2: Checking GVMD Manager ...          OK: GVM Managing director (gvmd) is nowadays in version 20.08.one. Step 3: Checking Certificates ...          OK: GVM client certificate is valid and present as /var/lib/gvm/CA/clientcert.pem.         OK: Your GVM document infrastructure passed validation. Footstep 4: Checking data ...          OK: SCAP data found in /var/lib/gvm/scap-data.         ERROR: CERT data are missing.         FIX: Run the CERT synchronization script greenbone-feed-sync.         sudo runuser -u _gvm -- greenbone-feed-sync --type CERT.   ERROR: Your GVM-20.8.0 installation is non yet consummate!  Please follow the instructions marked with Ready above and run this script again.

To set the fault "ERROR: CERT data are missing. Ready: Run the CERT synchronization script greenbone-feed-sync" run the following command:

sudo runuser -u _gvm -- greenbone-feed-sync --type CERT

Re-running the check showed an error at the 5th step:

Step 5: Checking Postgresql DB and user ...          OK: Postgresql version and default port are OK.  gvmd         | _gvm         | UTF8      | ru_RU.UTF-8 | ru_RU.UTF-viii |  Tin can not open up '/var/log/gvm/gvmd.log' logfile: Permission denied  ** (process:2699): Fault (recursed) **: Can not open '/var/log/gvm/gvmd.log' logfile: Permission denied        ERROR: No users establish. Yous need to create at least one user to log in.         FIX: create a user by running 'sudo runuser -u _gvm -- gvmd --create-user=<name> --countersign=<password>'   ERROR: Your GVM-twenty.8.0 installation is not notwithstanding consummate!  Please follow the instructions marked with Prepare above and run this script again.

At that place are several errors at in one case, but the key i is "ERROR: No users found. Y'all demand to create at least ane user to log in.", To fix it, run a control like this:

sudo runuser -u _gvm -- gvmd --create-user=<USERNAME> --password=<Password>

For instance, to create a user named mial and password 2:

sudo runuser -u _gvm -- gvmd --create-user=mial --password=2

The previous command failed:

Can not open up '/var/log/gvm/gvmd.log' logfile: Permission denied  ** (procedure:2807): ERROR (recursed) **: Can not open '/var/log/gvm/gvmd.log' logfile: Permission denied

The essence of the error is that the control does non take enough permissions to write to the /var/log/gvm/gvmd.log file, even though the previous command was run with sudo. To prepare the fault, run the following control:

sudo chmod 666 /var/log/gvm/gvmd.log

Then run the new user cosmos again.

And 1 more mistake at the seventh step:

Step vii: Checking if GVM services are upwards and running ...          OK: ospd-openvas service is active.         Starting gvmd service         Waiting for gvmd service         OK: gvmd service is active.         Starting greenbone-security-banana service Job for greenbone-security-assistant.service failed considering a fatal signal was delivered to the control process. See "systemctl status greenbone-security-banana.service" and "journalctl -xe" for details.         Waiting for greenbone-security-assistant service         ERROR: greenbone-security-assistant service did non commencement.         Please bank check journalctl -xe and /var/log/gvm/gsad.log   Mistake: Your GVM-xx.8.0 installation is not nevertheless complete!  Delight follow the instructions marked with FIX to a higher place and run this script again.

I don't know how to solve it completely, simply I know how to get around it.

Allow's move on to starting the necessary services.

Practice not forget that before starting the service y'all need to start the Redis server, that is, type following before executing the primary command:

sudo systemctl start redis-server@openvas.service

Main service start:

sudo gvm-start

And we become the following:

[*] Please wait for the GVM / OpenVAS services to starting time. [*] [*] You might need to refresh your browser in one case it opens. [*] [*]  Web UI (Greenbone Security Banana): https://127.0.0.1:9392  Chore for greenbone-security-assistant.service failed considering a fatal signal was delivered to the control procedure. See "systemctl status greenbone-security-banana.service" and "journalctl -xe" for details.

The essence of the messages is that everything started fine, except for the greenbone-security-assistant, that is, gsa, that is, Spider web UI (Greenbone Security Banana), that is, the spider web interface.

You tin see the contents of the log file:

cat /var/log/gvm/gsad.log

Output:

gsad master:Bulletin:2021-04-15 09h07.55 utc:1650: Starting GSAD version 20.08.1~git gsad master:CRITICAL:2021-04-15 09h07.55 utc:1651: main: start_https_daemon failed!

https daemon failed to outset .

gsad has a --http-merely choice which but runs HTTP without HTTPS. Allow's use it:

sudo gsad --http-but

Again, the side by side message will be displayed that something is wrong:

Oops, secure retention pool already initialized

However, the web interface is now bachelor at http://127.0.0.1:9392 (but non available at https://127.0.0.1:9392!).

Log in using the credentials that y'all came up with when creating a new user.

To end the service:

sudo gvm-stop

Other:

sudo gvm-cli sudo gvm-feed-update sudo gvm-manage-certs sudo gvm-pyshell gvm-script

In the future, sometimes run the command to update signatures:

sudo runuser -u _gvm -- greenbone-nvt-sync

If something does not work, then you can view the log with the command:

sudo cat /var/log/gvm/gvmd.log

Conclusion

One of the following instructions volition be devoted to how to work in Greenbone Vulnerability Management (GVM) (formerly OpenVAS).

And do not forget to write – have you encountered the described errors during installation?

williamstentsman65.blogspot.com

Source: https://miloserdov.org/?p=6060

Share this post