Bug#871955: openvas-scanner: invalid UNIX socket location (/tmp/redis.sock)

[Vladislav Artemyev]

Package: openvas-scanner

Version: 5.1.1-2

opevas-check-setup is not able to detect if openvas-scanner is running 
(listening) or not. it uses simple but not very reliable procedure for this:

    if [ $HAVE_NETSTAT -eq 1 ]
    then
       netstat -A inet -A inet6 -ntlp 2> /dev/null >> $LOG
       OPENVASSD_HOST=`netstat -A inet -A inet6 -ntlp 2> /dev/null |
    grep openvassd | awk -F\  '{print $4}' | awk -F: 'sub(FS $NF,x)'`
       OPENVASSD_PORT=`netstat -A inet -A inet6 -ntlp 2> /dev/null |
    grep openvassd | awk -F\  '{print $4}' | awk -F: '{print $NF}'`
       OPENVASMD_HOST=`netstat -A inet -A inet6 -ntlp 2> /dev/null |
    grep openvasmd | awk -F\  '{print $4}' | awk -F: 'sub(FS $NF,x)'`
       OPENVASMD_PORT=`netstat -A inet -A inet6 -ntlp 2> /dev/null |
    grep openvasmd | awk -F\  '{print $4}' | awk -F: '{print $NF}'`
       OPENVASAD_HOST=`netstat -A inet -A inet6 -ntlp 2> /dev/null |
    grep openvasad | awk -F\  '{print $4}' | awk -F: 'sub(FS $NF,x)'`
       OPENVASAD_PORT=`netstat -A inet -A inet6 -ntlp 2> /dev/null |
    grep openvasad | awk -F\  '{print $4}' | awk -F: '{print $NF}'`
       GSAD_HOST=`netstat -A inet -A inet6 -ntlp 2> /dev/null | grep
    gsad | awk -F\  '{print $4}' | awk -F: 'sub(FS $NF,x)'`
       GSAD_PORT=`netstat -A inet -A inet6 -ntlp 2> /dev/null | grep
    gsad | awk -F\  '{print $4}' | awk -F: '{print $NF}' | tail -1`

       if [ $VER -ge 9 ]
       then
         OPENVASSD_SOCKET_FOUND=0
         if netstat -A unix -nlp 2> /dev/null | grep "openvassd\.sock" >
    /dev/null
         then
           OPENVASSD_SOCKET_FOUND=1
         fi
         if [ $OPENVASSD_SOCKET_FOUND -eq 1 ]
         then
           log_and_print "OK: OpenVAS Scanner is running and listening
    on a Unix domain socket."
           OPENVASSD_PORT=1 ;
         else
           log_and_print "ERROR: OpenVAS Scanner is NOT running!"
           log_and_print "FIX: Start OpenVAS Scanner (openvassd)."
           OPENVASSD_PORT=-1 ;
         fi
       else

since openvassd have no inet listening options (only file and socket for 
--listen-mode) proper detection of it's UNIX socket becomes important. 
notice "openvassd\.sock" expression, yet openvas-scanner package 
configured with /tmp/redis.sock for socket location which i believe is 
invalid. probably should be something similar to 
/var/lib/openvas/openvassd.sock to comply

/etc/default/openvas-scanner contains:

    SCANNER_SOCKET=/tmp/redis.sock

/lib/systemd/system/openvas-scanner.service contains:

    ExecStart=/usr/sbin/openvassd --unix-socket=/tmp/redis.sock

-- 
Vladislav Artemyev

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.alioth.debian.org/pipermail/pkg-security-team/attachments/20170813/59bb4635/attachment.html>