Scan completed but no result displayed about gvm-docker HOT 4 CLOSED

It looks like the database is running out of file descriptors. Try to increase the limit on max file descriptors on your host system.

For the results not showing, click the black X to the right of the filter text box.

from gvm-docker.

Hi,

I have downloaded the latest commit and perform another round of scan with it. I noticed I got some warning regarding DB once the GSA is ready for use:

++++++++++++++++++++++++++++++++++++++++++++++
+Your GVM 11 container is now ready to use! +
++++++++++++++++++++++++++++++++++++++++++++++
++++++++++++++++
+Tailing logs +
++++++++++++++++
==> /usr/local/var/log/gvm/gsad.log <==
gsad main:MESSAGE:2020-06-03 06h02.13 utc:421: Starting GSAD version 9.0.1
==> /usr/local/var/log/gvm/gvmd.log <==
md manage: INFO:2020-06-03 06h02.03 utc:400: update_scap: Initializing SCAP database
md manage: INFO:2020-06-03 06h02.03 utc:402: sync_cert: Updating data from feed
md manage: INFO:2020-06-03 06h02.03 utc:402: update_dfn_xml: dfn-cert-2019.xml
md manage: INFO:2020-06-03 06h02.03 utc:402: Updating /usr/local/var/lib/gvm/cert-data/dfn-cert-2019.xml
md manage: INFO:2020-06-03 06h02.03 utc:400: update_scap: Updating data from feed
md manage: INFO:2020-06-03 06h02.03 utc:400: Updating CPEs
md main:MESSAGE:2020-06-03 06h02.08 utc:412: Greenbone Vulnerability Manager version 9.0.1 (DB revision 221)
md manage: INFO:2020-06-03 06h02.08 utc:412: Creating user.
md manage:WARNING:2020-06-03 06h02.08 utc:412: database must be initialised from scanner
md manage: INFO:2020-06-03 06h02.13 utc:401: OSP service has newer VT status (version 202006020940) than in database (version (null), 0 VTs). Starting update ...

Then I proceed to wait for all SecInfo data to finish loading, but there is error related to CERT-Bund (no target, scan config or scan task created yet at this point):

md manage: INFO:2020-06-03 07h01.40 utc:400: Updating user OVAL definitions.
md manage: INFO:2020-06-03 07h01.40 utc:400: Updating CVSS scores and CVE counts for CPEs
md manage: INFO:2020-06-03 07h11.08 utc:400: Updating CVSS scores for OVAL definitions
md manage: INFO:2020-06-03 07h11.22 utc:400: Updating placeholder CPEs
md manage: INFO:2020-06-03 07h15.19 utc:400: update_scap: Updating SCAP info succeeded
md manage:WARNING:2020-06-03 07h15.28 utc:400: sql_exec_internal: PQexec failed: ERROR: relation "cert_bund_advs" does not exist
LINE 1: SELECT EXISTS (SELECT * FROM cert_bund_advs WHERE creation_...
^
(7)
md manage:WARNING:2020-06-03 07h15.28 utc:400: sql_exec_internal: SQL: SELECT EXISTS (SELECT * FROM cert_bund_advs WHERE creation_time > coalesce (CAST ((SELECT value FROM meta WHERE name = 'cert_check_time') AS INTEGER), 0));
md manage:WARNING:2020-06-03 07h15.28 utc:400: sql_x_internal: sql_exec_internal failed
==> /usr/local/var/log/gvm/gsad.log <==

Then when I finally run a scan, I still got the same error (as the first post above). My Docker also subsequently froze, so I have to restart it. Im not sure if this error is related to the DB warnings mentioned above or my Docker version (The same target successfully scanned using MacOS High Sierra v10.13.6 and Docker Desktop v2.3.0.2 (45183) without below error displayed):

==> /usr/local/var/log/gvm/openvas.log <==
sd main:MESSAGE:2020-06-03 04h16.45 utc:3365: openvas 7.0.1 started
sd main:MESSAGE:2020-06-03 04h16.57 utc:3365: Starts a new scan. Target(s) : XX.XX.XX.XXX, XX.XX.XXX.XXX, XX.XXX.X.XX, with max_hosts = 20 and max_checks = 4
sd main:MESSAGE:2020-06-03 04h16.57 utc:3429: Testing XX.XX.XXX.XXX (Vhosts: ec2-XX.XX.XX.XXX-amazonaws.com) [3429]
sd main:MESSAGE:2020-06-03 04h16.57 utc:3427: Testing XX.XX.XXX.XXX (Vhosts: ec2-XX.XX.XX.XXX-amazonaws.com) [3427]
sd main:MESSAGE:2020-06-03 04h16.57 utc:3428: Testing XX.XX.XXX.XXX (Vhosts: ec2-XX.XX.XX.XXX-amazonaws.com) [3428]
==> /usr/local/var/log/gvm/gvmd.log <==
md manage:WARNING:2020-06-03 04h17.06 utc:3494: sql_open: PQconnectPoll failed
md manage:WARNING:2020-06-03 04h17.06 utc:3494: sql_open: PQerrorMessage (conn): FATAL: could not open relation mapping file "global/pg_filenode.map": Too many open files in system
md manage:WARNING:2020-06-03 04h17.49 utc:3567: init_manage_process: sql_open failed
md manage: INFO:2020-06-03 04h17.50 utc:386: Updating /usr/local/var/lib/gvm/scap-data/nvdcve-2.0-2008.xml
md manage:WARNING:2020-06-03 04h17.52 utc:3571: sql_open: PQconnectPoll failed

For additional information, I am using:

• OS: macOS Catalina v10.15.5
• Docker:
  -- Docker Desktop v2.3.0.3 (45519) Stable
  -- Docker Engine v19.03.8
  -- Compose v1.25.5
  -- Notary v0.6.1

Another additional info:

1. The RSYNC service feed.openvas.org will be shut down September 30th 2020. Ref here based on this post.
2. Python gvm v1.5.0 is now available. Ref here.

from gvm-docker.

Thanks for the heads up about the feed being shut down. I have opened a new issue for that: #32

For the database error it looks like you need to increase the max open file limit. You may need to disable system integrity protection (SIP) for the steps below but remember to reactivate SIP after you have completed the steps below.

To disable SIP:
You need to restart your Mac, and hold Command-R until the Apple logo appears. When Recovery Mode has loaded, open Terminal and run this command:

csrutil disable

1. In /Library/LaunchDaemons create a file named limit.maxfiles.plist and paste the following in:

<?xml version="1.0" encoding="UTF-8"?>  
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN"  
        "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">  
  <dict>
    <key>Label</key>
    <string>limit.maxfiles</string>
    <key>ProgramArguments</key>
    <array>
      <string>launchctl</string>
      <string>limit</string>
      <string>maxfiles</string>
      <string>65536</string>
      <string>524288</string>
    </array>
    <key>RunAtLoad</key>
    <true/>
    <key>ServiceIPC</key>
    <false/>
  </dict>
</plist>

2. Change the owner of your new file:

sudo chown root:wheel /Library/LaunchDaemons/limit.maxfiles.plist

3. Load these new settings:

sudo launchctl load -w /Library/LaunchDaemons/limit.maxfiles.plist

4. Finally, check that the limits are correct:

launchctl limit maxfiles

To enable SIP:
You need to restart your Mac, and hold Command-R until the Apple logo appears. When Recovery Mode has loaded, open Terminal and run this command:

csrutil enable

from gvm-docker.

Hi Joshua, thank you for your detailed suggestion. When I tried to perform scan using the docker image with latest commit, the database error is no longer reproducible. I did not do any changes in my machine yet, it might have something to do with the updated NVT url.

The md manage:WARNING:2020-06-03 06h02.08 utc:412: database must be initialised from scanner warning and cert_bund_advs error however is still reproducible.
Not sure if this is an existing issue from Greenbone, and since it didnt affect my scanning I will close this thread.

Thanks so much for your help.

from gvm-docker.