<html>
<head>
<meta http-equiv="content-type" content="text/html; charset=utf-8">
</head>
<body text="#000000" bgcolor="#FFFFFF">
<p>Package: openvas-scanner</p>
<p>Version: 5.1.1-2</p>
<p>opevas-check-setup is not able to detect if openvas-scanner is
running (listening) or not. it uses simple but not very reliable
procedure for this:</p>
<blockquote>
<p>if [ $HAVE_NETSTAT -eq 1 ]<br>
then<br>
netstat -A inet -A inet6 -ntlp 2> /dev/null >> $LOG<br>
OPENVASSD_HOST=`netstat -A inet -A inet6 -ntlp 2> /dev/null
| grep openvassd | awk -F\ '{print $4}' | awk -F: 'sub(FS
$NF,x)'`<br>
OPENVASSD_PORT=`netstat -A inet -A inet6 -ntlp 2> /dev/null
| grep openvassd | awk -F\ '{print $4}' | awk -F: '{print
$NF}'`<br>
OPENVASMD_HOST=`netstat -A inet -A inet6 -ntlp 2> /dev/null
| grep openvasmd | awk -F\ '{print $4}' | awk -F: 'sub(FS
$NF,x)'`<br>
OPENVASMD_PORT=`netstat -A inet -A inet6 -ntlp 2> /dev/null
| grep openvasmd | awk -F\ '{print $4}' | awk -F: '{print
$NF}'`<br>
OPENVASAD_HOST=`netstat -A inet -A inet6 -ntlp 2> /dev/null
| grep openvasad | awk -F\ '{print $4}' | awk -F: 'sub(FS
$NF,x)'`<br>
OPENVASAD_PORT=`netstat -A inet -A inet6 -ntlp 2> /dev/null
| grep openvasad | awk -F\ '{print $4}' | awk -F: '{print
$NF}'`<br>
GSAD_HOST=`netstat -A inet -A inet6 -ntlp 2> /dev/null |
grep gsad | awk -F\ '{print $4}' | awk -F: 'sub(FS $NF,x)'`<br>
GSAD_PORT=`netstat -A inet -A inet6 -ntlp 2> /dev/null |
grep gsad | awk -F\ '{print $4}' | awk -F: '{print $NF}' | tail
-1`<br>
<br>
if [ $VER -ge 9 ]<br>
then<br>
OPENVASSD_SOCKET_FOUND=0<br>
if netstat -A unix -nlp 2> /dev/null | grep
"openvassd\.sock" > /dev/null<br>
then<br>
OPENVASSD_SOCKET_FOUND=1<br>
fi<br>
if [ $OPENVASSD_SOCKET_FOUND -eq 1 ]<br>
then<br>
log_and_print "OK: OpenVAS Scanner is running and
listening on a Unix domain socket."<br>
OPENVASSD_PORT=1 ;<br>
else<br>
log_and_print "ERROR: OpenVAS Scanner is NOT running!"<br>
log_and_print "FIX: Start OpenVAS Scanner (openvassd)."<br>
OPENVASSD_PORT=-1 ;<br>
fi<br>
else</p>
</blockquote>
<p>since openvassd have no inet listening options (only file and
socket for --listen-mode) proper detection of it's UNIX socket
becomes important. notice "openvassd\.sock" expression, yet
openvas-scanner package configured with /tmp/redis.sock for socket
location which i believe is invalid. probably should be something
similar to /var/lib/openvas/openvassd.sock to comply<br>
</p>
<p>/etc/default/openvas-scanner contains:</p>
<blockquote>
<p>SCANNER_SOCKET=/tmp/redis.sock<br>
</p>
</blockquote>
<p>/lib/systemd/system/openvas-scanner.service contains:</p>
<blockquote>
<p>ExecStart=/usr/sbin/openvassd --unix-socket=/tmp/redis.sock</p>
</blockquote>
<pre class="moz-signature" cols="72">--
Vladislav Artemyev</pre>
</body>
</html>