OpenVAS 9 - Processes Hanging?

Support/Development for OpenVAS
tsanchez
New Forum User
New Forum User
Posts: 4
Joined: Mon Jul 24, 2017 2:53 pm
Location: Michigan

OpenVAS 9 - Processes Hanging?

Unread post by tsanchez »

I recently setup OpenVAS9 on CentOS7 and can't get my tasks to complete. I found one topic online that matches my issue, but am not able to compile updated files (cmake failures) to test the fix. Any assistance would be appreciated, the new version has some great Group admin features in it finally. Here is some background on what I've found so far:

https://lists.wald.intevation.org/piper ... 11087.html

Got everything setup and ran some single IP scans which all worked perfectly. But everytime I would run a large scan across one of our subnets, it would never complete. There are no errors in the logs and the processor would still be maxed out but the server itself was doing nothing. I ran some tests and it appears that when the scan task first starts, the maximum number of simultaneous endpoints would all start correctly. I would continue to monitor activity using TCPdump from the server and noticed within about 10minutes activity accross most of the addresses would stop, while other endpoint IPs would continue. Once the it finished scanning those IPs it would then show in the logs moving on to the next IP in the task range, but eventually its almost as if the max simulanous scans eventually all end up in a hung state.

I believe the hanging processes maybe on IPs that are not in use. We scan the entire subnet so that as different groups add and remove servers, we don't comprise security by trusting those groups to update the scan tasks. If I change my Alive test to ICMP instead of "Consider Alive" the batch finishes, but since most of our servers don't respond to ping, the report is far from complete.
scott
Atomicorp Staff - Site Admin
Atomicorp Staff - Site Admin
Posts: 8330
Joined: Wed Dec 31, 1969 8:00 pm
Location: earth
Contact:

Re: OpenVAS 9 - Processes Hanging?

Unread post by scott »

How big of scan are you trying here?
tsanchez
New Forum User
New Forum User
Posts: 4
Joined: Mon Jul 24, 2017 2:53 pm
Location: Michigan

Re: OpenVAS 9 - Processes Hanging?

Unread post by tsanchez »

About 400 addresses, it takes about 5-6 hours under version 8.
scott
Atomicorp Staff - Site Admin
Atomicorp Staff - Site Admin
Posts: 8330
Joined: Wed Dec 31, 1969 8:00 pm
Location: earth
Contact:

Re: OpenVAS 9 - Processes Hanging?

Unread post by scott »

About the closest thing Ive seen to this are on dirb scans not finishing up. About all I can think about doing here is changing the NVT profiles around and running openvassd in debug mode so it logs each one that is running. Assuming this is an NVT issue in the first place.

I have run really huge scans with it before (class B's, etc), so I know it can do it. But never in a assume-up mode like you're running here
tsanchez
New Forum User
New Forum User
Posts: 4
Joined: Mon Jul 24, 2017 2:53 pm
Location: Michigan

Re: OpenVAS 9 - Processes Hanging?

Unread post by tsanchez »

I found some time to circle back to this and setup the Debug logging to get more info. I have found that the scans are actually stalling for a number of hours during a few of the tests when it comes to trying to scan Dead IPs. Running the same scan on a live server shows that it will complete at a much more normal rate (30mins). My logs seem to show that I am having the exact same problem that I found another person complaining about in this thread.. https://lists.wald.intevation.org/piper ... 11045.html

[Mon Sep 25 22:20:42 2017][28609] ssh_authorization.nasl (1.3.6.1.4.1.25623.1.0.90022) [28796] finished its job in 14713.496 seconds
[Mon Sep 25 22:20:42 2017][28609] netbios_name_get.nasl (1.3.6.1.4.1.25623.1.0.10150) [28797] finished its job in 14713.448 seconds
[Mon Sep 25 22:20:42 2017][28609] 2012/secpod_database_open_access_vuln.nasl (1.3.6.1.4.1.25623.1.0.902799) [28882] finished its job in 13756.156 seconds
[Mon Sep 25 22:20:42 2017][28609] pre2008/tcp_port_zero.nasl (1.3.6.1.4.1.25623.1.0.18164) [29183] finished its job in 10480.461 seconds

I've rebuilt the server a number of times from scratch, not sure what about my setup is causing this since it does not appear to be a wide spread problem.
I tried to attach the full logs but it won't upload the attachements.

I'm running this on:
CentOS 7.4 Virtual Machine running under VMWare ESXi 6.5
8vCPUs and 4Gb Ram
tsanchez
New Forum User
New Forum User
Posts: 4
Joined: Mon Jul 24, 2017 2:53 pm
Location: Michigan

Re: OpenVAS 9 - Processes Hanging? Final Resolution

Unread post by tsanchez »

After being unable to solve this problem and spending countless hours reinstalling and troubleshooting, I finally bit the bullet and installed OpenVAS 9 from source on Debian 9. WOW!!!! What a difference in speed, finally instead of spending 7Days!!!! to run a network scan of 500 addresses, it was back down to a matter of hours.

I don't know why the pre-compiled packages seem to choke when scanning empty IPs (Consider Alive), just happy to have my scanner back online. There was not much response from others describing the same issue, but I just wanted to post my solution for anyone else who ends up in the same predicament as me.
Post Reply