OpenVAS 9 - Processes Hanging?
Posted: Mon Jul 24, 2017 3:17 pm
I recently setup OpenVAS9 on CentOS7 and can't get my tasks to complete. I found one topic online that matches my issue, but am not able to compile updated files (cmake failures) to test the fix. Any assistance would be appreciated, the new version has some great Group admin features in it finally. Here is some background on what I've found so far:
https://lists.wald.intevation.org/piper ... 11087.html
Got everything setup and ran some single IP scans which all worked perfectly. But everytime I would run a large scan across one of our subnets, it would never complete. There are no errors in the logs and the processor would still be maxed out but the server itself was doing nothing. I ran some tests and it appears that when the scan task first starts, the maximum number of simultaneous endpoints would all start correctly. I would continue to monitor activity using TCPdump from the server and noticed within about 10minutes activity accross most of the addresses would stop, while other endpoint IPs would continue. Once the it finished scanning those IPs it would then show in the logs moving on to the next IP in the task range, but eventually its almost as if the max simulanous scans eventually all end up in a hung state.
I believe the hanging processes maybe on IPs that are not in use. We scan the entire subnet so that as different groups add and remove servers, we don't comprise security by trusting those groups to update the scan tasks. If I change my Alive test to ICMP instead of "Consider Alive" the batch finishes, but since most of our servers don't respond to ping, the report is far from complete.
https://lists.wald.intevation.org/piper ... 11087.html
Got everything setup and ran some single IP scans which all worked perfectly. But everytime I would run a large scan across one of our subnets, it would never complete. There are no errors in the logs and the processor would still be maxed out but the server itself was doing nothing. I ran some tests and it appears that when the scan task first starts, the maximum number of simultaneous endpoints would all start correctly. I would continue to monitor activity using TCPdump from the server and noticed within about 10minutes activity accross most of the addresses would stop, while other endpoint IPs would continue. Once the it finished scanning those IPs it would then show in the logs moving on to the next IP in the task range, but eventually its almost as if the max simulanous scans eventually all end up in a hung state.
I believe the hanging processes maybe on IPs that are not in use. We scan the entire subnet so that as different groups add and remove servers, we don't comprise security by trusting those groups to update the scan tasks. If I change my Alive test to ICMP instead of "Consider Alive" the batch finishes, but since most of our servers don't respond to ping, the report is far from complete.