Looking for documentation? Check out our new learning center!

OpenVAS hangs at 1%, how to fix?

timbrighamtimbrigham Posts: 153 Abducted By Aliens
I've been dealing with problems with my OpenVAS scans not completing for a while, at least a couple weeks. Thought it might have been a bug introduced in a previous upgrade. I've tried running alienvault-reconfig and alienvault-upgrade multiple times. 

Nothing shows in in the agent, framework, frameworkd or frameworkd_error logs. 

I'm getting the following in /var/log/ossim/nessus_cron.log. 

2013-01-09 15:19:04 [15106] INFO task id='76fd2f2d-b6d2-40d2-a38f-445b936b3cd7' Running (1%)
2013-01-09 15:19:12 [15106] INFO /usr/bin/omp -h 192.168.100.42 -p 9390 -u ossim -w ossim -iX "<get_tasks task_id='76fd2f2d-b6d2-40d2-a38f-445b936b3cd7'/>" > /usr/share/ossim/www/vulnmeter/tmp/tmp_nessus_jobs15106.xml 2>&1


I tried looking at the command output from above. Of interest the host_progress is always at zero. 

    <get_tasks_response status="200" status_text="OK">
      <task_count>1</task_count>
      <sort>
        <field>ROWID
          <order>ascending</order>
        </field>
      </sort>
      <apply_overrides>0</apply_overrides>
      <task id="9c9459ac-3b1a-4025-8651-82b6490a9c7a">
        <name>Test</name>
        <comment></comment>
        <owner>
          <name>ossim</name>
        </owner>
        <observers></observers>
        <config id="14d5ec70-892c-45d0-b00d-07eb2d06233f">
          <name>Default</name>
          <trash>0</trash>
        </config>
        <escalator id="">
          <name></name>
          <trash>0</trash>
        </escalator>
        <target id="08f4540c-881a-4a8a-9ace-aafda2808978">
          <name>target17388</name>
          <trash>0</trash>
        </target>
        <slave id="">
          <name></name>
          <trash>0</trash>
        </slave>
        <status>Running</status>
        <progress>1
          <host_progress>0
            <host>192.168.100.50</host>
          </host_progress>
        </progress>
        <report_count>1
          <finished>0</finished>
        </report_count>
        <trend></trend>
        <schedule id="">
          <name></name>
          <next_time>over</next_time>
          <trash>0</trash>
        </schedule>
        <preferences>
          <preference>
            <name>Maximum concurrently executed NVTs per host</name>
            <scanner_name>max_checks</scanner_name>
            <value>10</value>
          </preference>
          <preference>
            <name>Maximum concurrently scanned hosts</name>
            <scanner_name>max_hosts</scanner_name>
            <value>5</value>
          </preference>
        </preferences>
      </task>
    </get_tasks_response>


Then I looked at the openvas running processes:

 ps -ax | grep openvas
Warning: bad ps syntax, perhaps a bogus '-'? See http://procps.sf.net/faq.html
13408 pts/1    S+     0:00 grep --color=auto openvas
13704 pts/0    S      0:06 /usr/sbin/openvasmd --database=/var/lib/openvas/mgr/tasks.db --listen=0.0.0.0 --port=9390 --slisten=127.0.0.1 --sport=9391
14493 ?        Ss     0:09 openvassd: waiting for incoming connections
21130 ?        SNs    0:07 openvassd: serving 127.0.0.1
21131 pts/0    S      0:02 /usr/sbin/openvasmd --database=/var/lib/openvas/mgr/tasks.db --listen=0.0.0.0 --port=9390 --slisten=127.0.0.1 --sport=9391
21148 ?        SN     0:00 openvassd: testing 192.168.100.50
21447 ?        SN     0:00 openvassd: testing 192.168.100.50 (/var/lib/openvas/plugins/portscan-tcp-simple.nasl)
24584 pts/0    S+     0:00 tail openvasmd.log -f

I tried renaming teh portscan-tcp-simple.nasl to see if it might be the problem based on some outside research but that resulted in the same behavior again with a different port scanner:

ps -ax | grep openvas
Warning: bad ps syntax, perhaps a bogus '-'? See http://procps.sf.net/faq.html
13704 pts/0    S      0:09 /usr/sbin/openvasmd --database=/var/lib/openvas/mgr/tasks.db --listen=0.0.0.0 --port=9390 --slisten=127.0.0.1 --sport=9391
14493 ?        Ss     0:10 openvassd: waiting for incoming connections
18139 ?        SNs    0:07 openvassd: serving 127.0.0.1
18144 pts/0    S      0:05 /usr/sbin/openvasmd --database=/var/lib/openvas/mgr/tasks.db --listen=0.0.0.0 --port=9390 --slisten=127.0.0.1 --sport=9391
18259 ?        SN     0:00 openvassd: testing 192.168.100.50
19347 ?        SN     0:00 openvassd: testing 192.168.100.50 (/var/lib/openvas/plugins/portscan-strobe.nasl)
23582 pts/1    S+     0:00 grep --color=auto openvas
24584 pts/0    S+     0:00 tail openvasmd.log -f

How can I proceed from here?


Best Answer

Answers

Sign In or Register to comment.