OpenVAS 9.0.3 on CentOS 7 fails

Support/Development for OpenVAS
ajmatz
New Forum User
New Forum User
Posts: 3
Joined: Thu Apr 11, 2019 10:40 pm
Location: TX

OpenVAS 9.0.3 on CentOS 7 fails

Unread post by ajmatz »

Hello Friends,
I am running into multiple issues installing and running latest OpenVas RPM builds on CentOS 7

Used the instructions below to add the atomicorp yum repository

Code: Select all

wget -q -O - https://updates.atomicorp.com/installers/atomic
Followed by

Code: Select all

yum install openvas
This lists a bunch of packages to be installed. Though I noticed this message at the very beginning (haven't noticed it before, maybe it is pre-existing one).

Code: Select all

Package openvas is obsoleted by greenbone-vulnerability-manager, trying to install greenbone-vulnerability-manager-10.0.0-6871.el7.art.noarch instead
In any case, upon confirming to download and install 238 packages, it fails right away with this error:

Code: Select all

Transaction check error:
  file /usr/bin/openvas-nasl conflicts between attempted installs of openvas-scanner-6.0.0-6872.el7.art.x86_64 and openvas-libraries-9.0.3-6672.el7.art.x86_64
  file /usr/bin/openvas-nasl-lint conflicts between attempted installs of openvas-scanner-6.0.0-6872.el7.art.x86_64 and openvas-libraries-9.0.3-6672.el7.art.x86_64
  file /usr/lib64/libopenvas_misc.so conflicts between attempted installs of openvas-scanner-6.0.0-6872.el7.art.x86_64 and openvas-libraries-9.0.3-6672.el7.art.x86_64
  file /usr/lib64/libopenvas_nasl.so conflicts between attempted installs of openvas-scanner-6.0.0-6872.el7.art.x86_64 and openvas-libraries-9.0.3-6672.el7.art.x86_64
  file /usr/share/man/man1/openvas-nasl.1.gz conflicts between attempted installs of openvas-scanner-6.0.0-6872.el7.art.x86_64 and openvas-libraries-9.0.3-6672.el7.art.x86_64

nsochris
New Forum User
New Forum User
Posts: 1
Joined: Mon Apr 15, 2019 10:02 am
Location: Michigan, USA

Re: OpenVAS 9.0.3 on CentOS 7 fails

Unread post by nsochris »

Just to piggyback on this, I was getting the same error on Friday when attempting to update my existing installation. I'm not getting transaction errors anymore, but after the update completes, the web interface no longer loads. Checking "/var/logs", I see a whole new directory called "gvm", which apparently replaces the openvas logs. Tailing the "gsad.log" file shows the following:

Code: Select all

gsad main:MESSAGE:2019-04-15 13h48.31 utc:7638: Starting GSAD version 8.0.0
gsad main:CRITICAL:2019-04-15 13h48.31 utc:7821: main: Could not load private SSL key from /var/lib/gvm/private/CA/serverkey.pem: Failed to open file “/var/lib/gvm/private/CA/serverkey.pem”: No such file or directory
If I check the "/var/lib/gvm" directory, the only subdirectory that exists is "mgr". It looks to me like the transition from the "openvas" naming scheme to "gvm" naming scheme isn't complete, causing an orphaned directory structure and who knows what else.
ajmatz
New Forum User
New Forum User
Posts: 3
Joined: Thu Apr 11, 2019 10:40 pm
Location: TX

Re: OpenVAS 9.0.3 on CentOS 7 fails

Unread post by ajmatz »

I was able to work around this, by asking yum to ONLY download the packages and then used rpm to force install them.

Definitely, not what I want to do long term, hence any guidance would be helpful.
albaker
Forum User
Forum User
Posts: 5
Joined: Thu Apr 11, 2019 2:42 pm
Location: US

Re: OpenVAS 9.0.3 on CentOS 7 fails

Unread post by albaker »

I had the exact same problem last Thursday, at which time I posted the issue to this forum. Given it was probably my first time to post, it took the administrators until today to actually permit my post to show up. You might retry this today, as I'm not having this problem any more, although I am having some other issues with services not starting and an issue with symbolic links.
albaker
Forum User
Forum User
Posts: 5
Joined: Thu Apr 11, 2019 2:42 pm
Location: US

Re: OpenVAS 9.0.3 on CentOS 7 fails

Unread post by albaker »

I forgot to mention this, but I ended up having to do the following before I could get everything upgraded. You may or may not have to do this:

rpm -qa|grep atomic
rpm -qa|grep openvas
and maybe rpm -qa|grep openvas gsm

I removed the various packages that were installed. I also made a backup and copied it to another folder to make sure I'd still have the configuration.
ajmatz
New Forum User
New Forum User
Posts: 3
Joined: Thu Apr 11, 2019 10:40 pm
Location: TX

Re: OpenVAS 9.0.3 on CentOS 7 fails

Unread post by ajmatz »

Thanks for the responses, I will try to install again and update the thread.
webtent
New Forum User
New Forum User
Posts: 1
Joined: Wed Apr 17, 2019 8:51 am
Location: Tampa, FL USA

Re: OpenVAS 9.0.3 on CentOS 7 fails

Unread post by webtent »

I am trying to apply yum updates to a running version of OpenVAS on CentOS 7. After I run updates for all packages, the GSA GUI starts, but cannot login, the error message is the gvmd is not running. This is a list of what I am running now with no issues:
[root@www robert]# yum list installed|egrep "(vas|greenbone)"
greenbone-security-assistant.x86_64 7.0.2-2738.el7.art @atomic
openvas.noarch 9.0.3-6767.el7.art @atomic
openvas-cli.x86_64 1.4.5-2739.el7.art @atomic
openvas-libraries.x86_64 9.0.1-2735.el7.art @atomic
openvas-manager.x86_64 7.0.2-2737.el7.art @atomic
openvas-scanner.x86_64 5.1.1-2736.el7.art @atomic
openvas-smb.x86_64 1.0.2-1980.el7.art @atomic
When I do the upgrade, it upgrades GSA to 8.0.0-6932.el7.art and I can no longer login with error above. It appears things change from openvas-manager to gvmd, not sure how to handle that and get things running with my existing database. Does someone know what needs to be done to complete the upgrade or handle differently? When I run scans now, I get the critical vulnerability of 'Report outdated Scan Engine / Environment (local)'.

--UPATE--
In the end, the gvmd service was not set to start on boot. I started and set, now all good with the new gvmd as it replaces openvas-manager. However, I have a clean slate. Any way to import from the old version?
maverick
New Forum User
New Forum User
Posts: 1
Joined: Wed Apr 24, 2019 3:20 pm
Location: USA

Re: OpenVAS 9.0.3 on CentOS 7 fails

Unread post by maverick »

webtent wrote:I am trying to apply yum updates to a running version of OpenVAS on CentOS 7. After I run updates for all packages, the GSA GUI starts, but cannot login, the error message is the gvmd is not running. This is a list of what I am running now with no issues:
[root@www robert]# yum list installed|egrep "(vas|greenbone)"
greenbone-security-assistant.x86_64 7.0.2-2738.el7.art @atomic
openvas.noarch 9.0.3-6767.el7.art @atomic
openvas-cli.x86_64 1.4.5-2739.el7.art @atomic
openvas-libraries.x86_64 9.0.1-2735.el7.art @atomic
openvas-manager.x86_64 7.0.2-2737.el7.art @atomic
openvas-scanner.x86_64 5.1.1-2736.el7.art @atomic
openvas-smb.x86_64 1.0.2-1980.el7.art @atomic
When I do the upgrade, it upgrades GSA to 8.0.0-6932.el7.art and I can no longer login with error above. It appears things change from openvas-manager to gvmd, not sure how to handle that and get things running with my existing database. Does someone know what needs to be done to complete the upgrade or handle differently? When I run scans now, I get the critical vulnerability of 'Report outdated Scan Engine / Environment (local)'.

--UPATE--
In the end, the gvmd service was not set to start on boot. I started and set, now all good with the new gvmd as it replaces openvas-manager. However, I have a clean slate. Any way to import from the old version?
We encountered all these problems too. Had to move the task.db file from /var/lib/openvas/mgr/tasks.db to /var/lib/gvm/gvmd/gvmd.db

More details can be found on Greenbone's github in the Migrating to Version 8.0 section.
https://github.com/greenbone/gvmd/blob/ ... INSTALL.md

Code: Select all

Migrating to Version 8.0
Before starting gvmd 8.0 for the first time you need to move some files to the new locations where they are expected now. If you do not do this, the files are freshly initialized and it gets more complicated to transfer the old data properly.

move $prefix/etc/openvas/pwpolicy.conf to $prefix/etc/gvm/

move $prefix/etc/openvas/openvasmd_log.conf to $prefix/etc/gvm/gvmd_log.conf

copy $prefix/etc/openvas/gsf-access-key to $prefix/etc/gvm/ If the gsf-access-key file was already migrated for the openvas-scanner module it can be removed from the $prefix/etc/openvas/ directory.

move $prefix/var/lib/openvas/scap-data to $prefix/var/lib/gvm/scap-data

move $prefix/var/lib/openvas/cert-data to $prefix/var/lib/gvm/cert-data

move $prefix/var/lib/openvas/openvasmd to $prefix/var/lib/gvm/gvmd

move $prefix/var/lib/openvas/CA to $prefix/var/lib/gvm/CA

move $prefix/var/lib/openvas/private to $prefix/var/lib/gvm/private

(SQLite backend only) move $prefix/var/lib/openvas/mgr/tasks.db to $prefix/var/lib/gvm/gvmd/gvmd.db

(Postgres backend only) rename database to gvmd:

sudo -u postgres sh
psql --command='ALTER DATABASE tasks RENAME TO gvmd;'
Some steps didn't match. But I'd imagine as long as you put the database file into the new correct place and run gvmd --migrate you should be good.
Post Reply