If you try to start a task you’ll get:
Operation: Start Task Status code: 503 Status message: Service temporarily down
In /var/lib/openvasmd.log you can find something like this:
lib serv:WARNING:2016-09-02 08h21.18 UTC:4546: Failed to shake hands with peer: The TLS connection was non-properly terminated. lib serv:WARNING:2016-09-02 08h21.18 UTC:4546: Failed to shutdown server socket event task:MESSAGE:2016-09-02 08h21.18 UTC:4546: Task 256f8360-1ec7-4675-a6ab-415fd5fb9483 could not be started by admin
The fix is mentioned in a text document you can find here or just following the steps bellow:
- Stop scanner
systemctl stop openvas-scanner
- Stop manager
systemctl stop openvas-manager
- Make the certs with the command (pressing enter will fill in the defaults in the brackets):
openvas-mkcert -f
- Make the client certs with the command:
openvas-mkcert-client -i -n
- Get the scanner uid with the command (gives you an uid like “08b69003-5fc2-4037-a479-93b440211c73”):
openvasmd --get-scanners
- Update scanner and keys with the command (you will need to replace the uid in this command with the uid provided from the previous step):
openvasmd --modify-scanner "08b69003-5fc2-4037-a479-93b440211c73" --scanner-ca-pub /var/lib/openvas/CA/cacert.pem --scanner-key-pub /var/lib/openvas/CA/clientcert.pem --scanner-key-priv /var/lib/openvas/private/CA/clientkey.pem
For Debian it can be slightly different. Thanks mansuamen:
openvasmd –modify-scanner “08b69003-5fc2-4037-a479-93b440211c73” –scanner-ca-pub /usr/local/var/lib/openvas/CA/cacert.pem –scanner-key-pub /usr/local/var/lib/openvas/CA/clientcert.pem –scanner-key-priv /usr/local/var/lib/openvas/private/CA/clientkey.pem
- Sync the feeds using the command:
openvas-nvt-sync
- Start the scanner using the command:
systemctl start openvas-scanner
- Rebuild openvas databases using the command:
openvasmd --rebuild
- Start openvas manager using the command:
systemctl start openvas-manager
- Start Greenbone using the command:
systemctl start gsa
Enjoy!
Thanks a lot for your tutorial!
I find 2 mistakes:
In the section 2 it needs to be: systemctl stop openvas-managerer
In the section 5 it needs to be: openvasmd –get-scanners
I get “failed to modify scanner” on section 6.
any idea ?
Michael
Hi Michael,
Thanks for the corrections!
About the error you get – can you try with –verbose to get more details about the problem and what is wrong. Let me know the output.
Regards,
Bisser
Thanks for the tutorial.
Please, take care on step 6th that cert directories in debian are different:
openvasmd –modify-scanner “08b69003-5fc2-4037-a479-93b440211c73” –scanner-ca-pub /usr/local/var/lib/openvas/CA/cacert.pem –scanner-key-pub /usr/local/var/lib/openvas/CA/clientcert.pem –scanner-key-priv /usr/local/var/lib/openvas/private/CA/clientkey.pem
“failed to modify scanner” means – you did’nt use the correct scanner ID (i had a typo)
It really works!
Thanks a lot.
It works!! That should be in the openvas scripts for repairing!
Thanks a lot!
If error at sync step will appear, use:
openvas-nvt-sync –wget
if you have an error: rsync failed at step 7
try
openvas-nvt-sync –wget
Thank you very much.
I have been trying to get my OpenVas 8 Scanner to work for quite sometime but i could not understand or fix the ” Status code 503 Error ” I almost gave up until i found your post. This really helps a lot.
Thanks Again!