0004182: Redis package not appropriately configured for OpenVAS, scans stop or openvas fails to start up. - Kali Linux Bug Tracker

ID	Project	Category	View Status	Date Submitted	Last Update

0004182	Kali Linux	Kali Package Bug	public	2017-08-24 14:57	2018-02-21 09:42

Reporter	grimwiz	Assigned To
Priority	normal	Severity	minor	Reproducibility	sometimes
Status	closed	Resolution	open
Product Version	2017.1

Summary	0004182: Redis package not appropriately configured for OpenVAS, scans stop or openvas fails to start up.
Description	The default OpenVAS installation triggers 20 parallel host-scans by default, each can run four vulnerability checks in parallel leading to about 100 instances of openvassd trying to talk to redis when a scan starts. The default redis configuration has "databases 16" in /etc/redis/redis.conf so I suggest the openvas package's post installation script adjust this to 128 (or 256) I believe the symptom is that redis will sometimes become unresponsive to openvas, which will become unable to run scans - they will either fail to start or will become stuck at 1%. I have also seen a corruption issue where openvas fails to start until redis is restarted after removing /var/lib/redis/dump.rdb .
Steps To Reproduce	Running a lot of openvassd processes in parallel seems to trigger this, for example downloading a new feed at the same time that a scan is ongoing, or starting a second scan too soon after starting one. The error is fairly rare, I have about one failure/week.
Additional Information	The redis package configuration could be improved, enabling "appendonly yes" in /etc/redis/redis.conf may reduce dump file corruption. I note that redis complains upon startup that kernel parameters are missing, it wants "vm.overcommit_memory=1" added to /etc/sysctl.conf. When openvas gets stuck this way:- stop openvas with "openvas-stop", restart redis with "systemctl restart redis" (if you've not configured redis with appendonly then the dump file may be corrupt, so you'd need to stop the daemon, remove /var/lib/redis/dump.rdb and restart it) restart openvas with "openvas-start" I am running a postgresql database with my openvas. I don't believe this is relevant to the redis issue but felt I should mention it. In all other respects my system is running the default openvas settings with the rolling 17.1 release of kali.

g0tmi1k 2018-02-21 09:42 administrator ~0008763	Due to the age of the OS (Kali Moto [v1], Kali Safi [v2], Kali Rolling 2016.x/2017.1), these legacy versions are no longer supported. We will be closing this ticket due to inactivity. Please could you see if you are able to replicate this issue with the latest version of Kali Linux - https://www.kali.org/downloads/)? If you are still facing the same problem, feel free to re-open the ticket. If you choose to do this, could you provide more information to the issue you are facing,and also give information about your setup? For more information, please read: https://kali.training/topic/filing-a-good-bug-report/

Date Modified	Username	Field	Change
2017-08-24 14:57	grimwiz	New Issue
2018-02-21 09:42	g0tmi1k	Note Added: 0008763
2018-02-21 09:42	g0tmi1k	Status	new => closed