Page 1 of 1
OpenVAS 9.0.3 on CentOS 7 fails
Posted: Thu Apr 11, 2019 11:00 pm
by ajmatz
Hello Friends,
I am running into multiple issues installing and running latest OpenVas RPM builds on CentOS 7
Used the instructions below to add the atomicorp yum repository
Code: Select all
wget -q -O - https://updates.atomicorp.com/installers/atomic
Followed by
This lists a bunch of packages to be installed. Though I noticed this message at the very beginning (haven't noticed it before, maybe it is pre-existing one).
Code: Select all
Package openvas is obsoleted by greenbone-vulnerability-manager, trying to install greenbone-vulnerability-manager-10.0.0-6871.el7.art.noarch instead
In any case, upon confirming to download and install 238 packages, it fails right away with this error:
Code: Select all
Transaction check error:
file /usr/bin/openvas-nasl conflicts between attempted installs of openvas-scanner-6.0.0-6872.el7.art.x86_64 and openvas-libraries-9.0.3-6672.el7.art.x86_64
file /usr/bin/openvas-nasl-lint conflicts between attempted installs of openvas-scanner-6.0.0-6872.el7.art.x86_64 and openvas-libraries-9.0.3-6672.el7.art.x86_64
file /usr/lib64/libopenvas_misc.so conflicts between attempted installs of openvas-scanner-6.0.0-6872.el7.art.x86_64 and openvas-libraries-9.0.3-6672.el7.art.x86_64
file /usr/lib64/libopenvas_nasl.so conflicts between attempted installs of openvas-scanner-6.0.0-6872.el7.art.x86_64 and openvas-libraries-9.0.3-6672.el7.art.x86_64
file /usr/share/man/man1/openvas-nasl.1.gz conflicts between attempted installs of openvas-scanner-6.0.0-6872.el7.art.x86_64 and openvas-libraries-9.0.3-6672.el7.art.x86_64
Re: OpenVAS 9.0.3 on CentOS 7 fails
Posted: Mon Apr 15, 2019 10:15 am
by nsochris
Just to piggyback on this, I was getting the same error on Friday when attempting to update my existing installation. I'm not getting transaction errors anymore, but after the update completes, the web interface no longer loads. Checking "/var/logs", I see a whole new directory called "gvm", which apparently replaces the openvas logs. Tailing the "gsad.log" file shows the following:
Code: Select all
gsad main:MESSAGE:2019-04-15 13h48.31 utc:7638: Starting GSAD version 8.0.0
gsad main:CRITICAL:2019-04-15 13h48.31 utc:7821: main: Could not load private SSL key from /var/lib/gvm/private/CA/serverkey.pem: Failed to open file “/var/lib/gvm/private/CA/serverkey.pem”: No such file or directory
If I check the "/var/lib/gvm" directory, the only subdirectory that exists is "mgr". It looks to me like the transition from the "openvas" naming scheme to "gvm" naming scheme isn't complete, causing an orphaned directory structure and who knows what else.
Re: OpenVAS 9.0.3 on CentOS 7 fails
Posted: Mon Apr 15, 2019 12:23 pm
by ajmatz
I was able to work around this, by asking yum to ONLY download the packages and then used rpm to force install them.
Definitely, not what I want to do long term, hence any guidance would be helpful.
Re: OpenVAS 9.0.3 on CentOS 7 fails
Posted: Mon Apr 15, 2019 2:16 pm
by albaker
I had the exact same problem last Thursday, at which time I posted the issue to this forum. Given it was probably my first time to post, it took the administrators until today to actually permit my post to show up. You might retry this today, as I'm not having this problem any more, although I am having some other issues with services not starting and an issue with symbolic links.
Re: OpenVAS 9.0.3 on CentOS 7 fails
Posted: Mon Apr 15, 2019 2:19 pm
by albaker
I forgot to mention this, but I ended up having to do the following before I could get everything upgraded. You may or may not have to do this:
rpm -qa|grep atomic
rpm -qa|grep openvas
and maybe rpm -qa|grep openvas gsm
I removed the various packages that were installed. I also made a backup and copied it to another folder to make sure I'd still have the configuration.
Re: OpenVAS 9.0.3 on CentOS 7 fails
Posted: Mon Apr 15, 2019 10:34 pm
by ajmatz
Thanks for the responses, I will try to install again and update the thread.
Re: OpenVAS 9.0.3 on CentOS 7 fails
Posted: Wed Apr 17, 2019 9:05 am
by webtent
I am trying to apply yum updates to a running version of OpenVAS on CentOS 7. After I run updates for all packages, the GSA GUI starts, but cannot login, the error message is the gvmd is not running. This is a list of what I am running now with no issues:
[root@www robert]# yum list installed|egrep "(vas|greenbone)"
greenbone-security-assistant.x86_64 7.0.2-2738.el7.art @atomic
openvas.noarch 9.0.3-6767.el7.art @atomic
openvas-cli.x86_64 1.4.5-2739.el7.art @atomic
openvas-libraries.x86_64 9.0.1-2735.el7.art @atomic
openvas-manager.x86_64 7.0.2-2737.el7.art @atomic
openvas-scanner.x86_64 5.1.1-2736.el7.art @atomic
openvas-smb.x86_64 1.0.2-1980.el7.art @atomic
When I do the upgrade, it upgrades GSA to 8.0.0-6932.el7.art and I can no longer login with error above. It appears things change from openvas-manager to gvmd, not sure how to handle that and get things running with my existing database. Does someone know what needs to be done to complete the upgrade or handle differently? When I run scans now, I get the critical vulnerability of 'Report outdated Scan Engine / Environment (local)'.
--UPATE--
In the end, the gvmd service was not set to start on boot. I started and set, now all good with the new gvmd as it replaces openvas-manager. However, I have a clean slate. Any way to import from the old version?
Re: OpenVAS 9.0.3 on CentOS 7 fails
Posted: Wed Apr 24, 2019 3:27 pm
by maverick
webtent wrote:I am trying to apply yum updates to a running version of OpenVAS on CentOS 7. After I run updates for all packages, the GSA GUI starts, but cannot login, the error message is the gvmd is not running. This is a list of what I am running now with no issues:
[root@www robert]# yum list installed|egrep "(vas|greenbone)"
greenbone-security-assistant.x86_64 7.0.2-2738.el7.art @atomic
openvas.noarch 9.0.3-6767.el7.art @atomic
openvas-cli.x86_64 1.4.5-2739.el7.art @atomic
openvas-libraries.x86_64 9.0.1-2735.el7.art @atomic
openvas-manager.x86_64 7.0.2-2737.el7.art @atomic
openvas-scanner.x86_64 5.1.1-2736.el7.art @atomic
openvas-smb.x86_64 1.0.2-1980.el7.art @atomic
When I do the upgrade, it upgrades GSA to 8.0.0-6932.el7.art and I can no longer login with error above. It appears things change from openvas-manager to gvmd, not sure how to handle that and get things running with my existing database. Does someone know what needs to be done to complete the upgrade or handle differently? When I run scans now, I get the critical vulnerability of 'Report outdated Scan Engine / Environment (local)'.
--UPATE--
In the end, the gvmd service was not set to start on boot. I started and set, now all good with the new gvmd as it replaces openvas-manager. However, I have a clean slate. Any way to import from the old version?
We encountered all these problems too. Had to move the task.db file from /var/lib/openvas/mgr/tasks.db to /var/lib/gvm/gvmd/gvmd.db
More details can be found on Greenbone's github in the Migrating to Version 8.0 section.
https://github.com/greenbone/gvmd/blob/ ... INSTALL.md
Code: Select all
Migrating to Version 8.0
Before starting gvmd 8.0 for the first time you need to move some files to the new locations where they are expected now. If you do not do this, the files are freshly initialized and it gets more complicated to transfer the old data properly.
move $prefix/etc/openvas/pwpolicy.conf to $prefix/etc/gvm/
move $prefix/etc/openvas/openvasmd_log.conf to $prefix/etc/gvm/gvmd_log.conf
copy $prefix/etc/openvas/gsf-access-key to $prefix/etc/gvm/ If the gsf-access-key file was already migrated for the openvas-scanner module it can be removed from the $prefix/etc/openvas/ directory.
move $prefix/var/lib/openvas/scap-data to $prefix/var/lib/gvm/scap-data
move $prefix/var/lib/openvas/cert-data to $prefix/var/lib/gvm/cert-data
move $prefix/var/lib/openvas/openvasmd to $prefix/var/lib/gvm/gvmd
move $prefix/var/lib/openvas/CA to $prefix/var/lib/gvm/CA
move $prefix/var/lib/openvas/private to $prefix/var/lib/gvm/private
(SQLite backend only) move $prefix/var/lib/openvas/mgr/tasks.db to $prefix/var/lib/gvm/gvmd/gvmd.db
(Postgres backend only) rename database to gvmd:
sudo -u postgres sh
psql --command='ALTER DATABASE tasks RENAME TO gvmd;'
Some steps didn't match. But I'd imagine as long as you put the database file into the new correct place and run gvmd --migrate you should be good.