After starting scan, OMP service stops and user gets kicked out of Greenbone

[smaccona]

I am running the latest Docker build from 8 days ago:

[root@scanner ~]# docker images
REPOSITORY                     TAG                 IMAGE ID            CREATED             SIZE
docker.io/mikesplain/openvas   latest              6b0c9242fe2a        8 days ago          3.537 GB

On a brand new CentOS 7 host OS (it's a DigitalOcean droplet) I start it like this:

[root@scanner ~]# docker run -d -p 443:443 -p 9390:9390 -p 9391:9391 --name openvas mikesplain/openvas
Unable to find image 'mikesplain/openvas:latest' locally
Trying to pull repository docker.io/mikesplain/openvas ... 
latest: Pulling from docker.io/mikesplain/openvas
96c6a1f3c3b0: Pull complete 
ed40d4bcb313: Pull complete 
b171f9dbc13b: Pull complete 
ccfc4df4fbba: Pull complete 
c17771f08758: Pull complete 
34ac757adce9: Pull complete 
68bb9c8595f1: Pull complete 
Digest: sha256:379d1a81a482fe681b15118ed4cfcf469e7ee6fc50e72ee8bbb02c214b6eaafc
Status: Downloaded newer image for docker.io/mikesplain/openvas:latest
6fbb4756d4798b22d701bb1cac43e8436dd3b66227712171a25013dda690fd5d

I wait until Docker top output looks like this:

[root@scanner ~]# docker top openvas 
UID                 PID                 PPID                C                   STIME               TTY                 TIME                CMD
root                9605                9277                0                   17:45               ?                   00:00:00            /bin/sh -c /openvas/start.sh
root                9615                9605                0                   17:45               ?                   00:00:00            /bin/bash /openvas/start.sh
root                9618                9605                0                   17:45               ?                   00:00:01            redis-server *:6379
root                9622                9605                0                   17:45               ?                   00:00:00            gsad --gnutls-priorities=SECURE128:-AES-128-CBC:-CAMELLIA-128-CBC:-VERS-SSL3.0:-VERS-TLS1.0
root                9623                9622                0                   17:45               ?                   00:00:00            gsad --gnutls-priorities=SECURE128:-AES-128-CBC:-CAMELLIA-128-CBC:-VERS-SSL3.0:-VERS-TLS1.0
root                9631                9605                3                   17:45               ?                   00:01:38            openvassd: Waiting for incoming connections
root                9638                9605                4                   17:45               ?                   00:02:06            openvasmd
root                12824               9615                0                   18:28               ?                   00:00:00            sleep 1

At this point, I can log in with the default admin and openvas credentials. The first thing I do is change the admin password, and then I run a "quick scan" on an external site. The scan commences, and after a couple of minutes I get kicked out of Greenbone Security Assistant with the message "Logged out. OMP service is down." Attempting to log back in displays the message "Login failed. Waiting for OMP service to become available."

Docker log output looks like this:

[root@scanner ~]# docker logs openvas
Starting Redis
Starting Openvas...
Starting gsad
Starting rebuild process...
This may take a minute or two...
Checking setup
openvas-check-setup 2.3.3
  Test completeness and readiness of OpenVAS-8
  (add '--v6' or '--v7' or '--v9'
   if you want to check for another OpenVAS version)
  Please report us any non-detected problems and
  help us to improve this check routine:
  http://lists.wald.intevation.org/mailman/listinfo/openvas-discuss
  Send us the log-file (/tmp/openvas-check-setup.log) to help analyze the problem.
Step 1: Checking OpenVAS Scanner ... 
        OK: OpenVAS Scanner is present in version 5.0.5.
        OK: OpenVAS Scanner CA Certificate is present as /var/lib/openvas/CA/cacert.pem.
        OK: redis-server is present in version v=2.8.4.
        OK: scanner (kb_location setting) is configured properly using the redis-server socket: /var/run/redis/redis.sock
        OK: redis-server is running and listening on socket: /var/run/redis/redis.sock.
        OK: redis-server configuration is OK and redis-server is running.
        OK: NVT collection in /var/lib/openvas/plugins contains 48413 NVTs.
        WARNING: Signature checking of NVTs is not enabled in OpenVAS Scanner.
        SUGGEST: Enable signature checking (see http://www.openvas.org/trusted-nvts.html).
        OK: The NVT cache in /var/cache/openvas contains 48413 files for 48413 NVTs.
Step 2: Checking OpenVAS Manager ... 
        OK: OpenVAS Manager is present in version 6.0.8.
        OK: OpenVAS Manager client certificate is present as /var/lib/openvas/CA/clientcert.pem.
        OK: OpenVAS Manager database found in /var/lib/openvas/mgr/tasks.db.
        OK: Access rights for the OpenVAS Manager database are correct.
        OK: sqlite3 found, extended checks of the OpenVAS Manager installation enabled.
        OK: OpenVAS Manager database is at revision 146.
        OK: OpenVAS Manager expects database at revision 146.
        OK: Database schema is up to date.
        OK: OpenVAS Manager database contains information about 48413 NVTs.
        OK: At least one user exists.
        OK: OpenVAS SCAP database found in /var/lib/openvas/scap-data/scap.db.
        OK: OpenVAS CERT database found in /var/lib/openvas/cert-data/cert.db.
        OK: xsltproc found.
Step 3: Checking user configuration ... 
        WARNING: Your password policy is empty.
        SUGGEST: Edit the /etc/openvas/pwpolicy.conf file to set a password policy.
Step 4: Checking Greenbone Security Assistant (GSA) ... 
        OK: Greenbone Security Assistant is present in version 6.0.10.
Step 5: Checking OpenVAS CLI ... 
        SKIP: Skipping check for OpenVAS CLI.
Step 6: Checking Greenbone Security Desktop (GSD) ... 
        SKIP: Skipping check for Greenbone Security Desktop.
Step 7: Checking if OpenVAS services are up and running ... 
        OK: netstat found, extended checks of the OpenVAS services enabled.
        OK: OpenVAS Scanner is running and listening on all interfaces.
        OK: OpenVAS Scanner is listening on port 9391, which is the default port.
        OK: OpenVAS Manager is running and listening on all interfaces.
        OK: OpenVAS Manager is listening on port 9390, which is the default port.
        OK: Greenbone Security Assistant is listening on port 443, which is the default port.
Step 8: Checking nmap installation ...
        WARNING: Your version of nmap is not fully supported: 6.40
        SUGGEST: You should install nmap 5.51 if you plan to use the nmap NSE NVTs.
Step 10: Checking presence of optional tools ...
        OK: pdflatex found.
        OK: PDF generation successful. The PDF report format is likely to work.
        OK: ssh-keygen found, LSC credential generation for GNU/Linux targets is likely to work.
        OK: rpm found, LSC credential package generation for RPM based targets is likely to work.
        OK: alien found, LSC credential package generation for DEB based targets is likely to work.
        OK: nsis found, LSC credential package generation for Microsoft Windows targets is likely to work.
It seems like your OpenVAS-8 installation is OK.
If you think it is not OK, please report your observation
and help us to improve this check routine:
http://lists.wald.intevation.org/mailman/listinfo/openvas-discuss
Please attach the log-file (/tmp/openvas-check-setup.log) to help us analyze the problem.
Done.
Starting infinite loop...
Press [CTRL+C] to stop..
[root@scanner ~]#

I have run this on an Ubuntu Docker host and a CentOS Docker host with the same results. What am I doing wrong?

[mikesplain]

I'm seeing this as well. This has been a prevalent issue for a bit. I'm looking into what the issues are. If others have been able to better diagnose, please post here as my time has been limited as of late.

[berney]

I'm hitting same issue... I'll update if I make any progress in determining what the cause is.

[mikesplain]

This appears fixed with v9, please give it a try and reopen if you see more issues.

[berney]

Tested v9 and it seems to be working fine. Thanks.

[mikesplain]

Great!

[ibrahemiat]

hello, I'm currently using openvas-9 in kali and its realy unstable the scanner stops after a period of time and refuses to start with "time out" error which is fixable but is persistent. Is there any newer better and more stable version? or a fix for the openvas-scanner? thank-you

[birdi58]

hi,
can you explain how it's fixable? Thanks.

[isweluiz]

Hello,
I have this problem but I'm running openvas in virtualbox.
Can u explay how it's problem fixable? Tks..