MixewayOpenVASRestAPI
MixewayOpenVASRestAPI copied to clipboard
Mixeway
Connecting to gvmd listening on port instead of unix socket path (Premature end of file)
Hi there! Is there any way to run MixewayOpenVASRestAPI using a port or ospd.sock instead of gvmd.sock? I can't seem to find any modern OpenVAS Docker images that create a gvmd.sock.
I'm trying to run MixewayOpenVASRestAPI with the immauss/openvas Docker image, but it has GVM 21.4.4 listening on port 9390 instead of a unix socket. securecompliance/gvm also has this issue.
I have tried replacing gvmd --listen=0.0.0.0 --port=9390 with gvmd --unix-socket=/var/run/gvmd/gvmd.sock in start.sh to create the socket myself, but GVM stops responding.
When I try to use the OSPd socket I get the following error: [Fatal Error] :-1:-1: Premature end of file.. But I don't have verbose logging, so I can't see what's causing this error.
Thank you!
Similar issues:
- https://github.com/immauss/openvas/issues/68
java -jar MixewayOpenVasRestAPI-1.2.0-SNAPSHOT.jar \
--server.port=8443 \
--allowed.users=localhost \
--spring.profiles.active=noauth \
--server.ssl.key-store=/app/pki/certificate.p12 \
--server.ssl.key-store-password=changeit \
--server.ssl.key-alias=localhost \
--server.ssl.trust-store=/usr/local/openjdk-8/lib/security/cacerts \
--server.ssl.trust-store-password=changeit \
--openvasmd.socket=/var/run/ospd/ospd.sock
curl --insecure --request POST \
--url https://localhost:8443/initialize \
--header 'Content-Type: application/json' \
--data '{"username":"admin","password":"test"}'
root@0c9c54974878:/# ps axjf
PPID PID PGID SID TTY TPGID STAT UID TIME COMMAND
0 230 230 230 pts/0 250 Ss 0 0:00 bash
230 250 250 230 pts/0 250 R+ 0 0:00 \_ ps axjf
0 1 1 1 ? -1 Ss 0 0:00 /bin/bash /start.sh
1 8 8 8 ? -1 Ssl 0 0:00 redis-server 127.0.0.1:6379
1 19 19 19 ? -1 Ss 103 0:00 /usr/lib/postgresql/12/bin/postgres -D /data/database
19 21 21 21 ? -1 Ss 103 0:00 \_ postgres: checkpointer
19 22 22 22 ? -1 Ss 103 0:00 \_ postgres: background writer
19 23 23 23 ? -1 Ss 103 0:00 \_ postgres: walwriter
19 24 24 24 ? -1 Ss 103 0:00 \_ postgres: autovacuum launcher
19 25 25 25 ? -1 Ss 103 0:00 \_ postgres: stats collector
19 26 26 26 ? -1 Ss 103 0:00 \_ postgres: logical replication launcher
19 80 80 80 ? -1 SLs 103 0:00 \_ postgres: gvm gvmd [local] idle
1 54 52 52 ? -1 S 1000 0:00 gvmd: Waiting for incoming connections
1 217 215 215 ? -1 Sl 1000 0:00 gsad --mlisten 127.0.0.1 -m 9390 --verbose --timeout=15 --http-only --no-redirect --port=9392
1 223 1 1 ? -1 S 0 0:00 tail -F /usr/local/var/log/gvm/gsad.log /usr/local/var/log/gvm/gvmd.log /usr/local/var/log/gvm/openvas.log /usr/local/var/log/gvm/ospd-openvas.log /usr/local/var/log/gvm/redis-server.log
```
I am sure this is completely irrelevant by now but if someone (like me for example) happens to stumble across this here's what I did to fix it: If you look at the APIs code, you will see that it builds a command and launches a process (using ProcessBuilder) along the lines of bash -c "gvm-cli --username=.. --password=.. --socketpath ... --xml <.....>" What i did was i replaced the socketpath part that expected a standard unix socket with "tls --port=9390". You can check that it worked with this command so you dont have to debug like me for days:
Original command: gvm-cli --timeout 600 --gmp-username=admin --gmp-password=admin socket --socketpath /run/gvmd/gvmd.sock --xml '<get_configs/>'
Working command: gvm-cli --timeout 600 --gmp-username=admin --gmp-password=admin tls --port=9390 --xml '<get_configs/>'
Your username and password may vary so take that into account :)
