Hi,
I’m trying to write a custom .notus file to check on AlmaLinux if a vulnerable versions of an in-house application is running, but it seems the feed does not contain it
Using an OID as per VT Development, I have created both an “advisories” file, /var/lib/notus/advisories/almalinux.notus
{
"version": "1.2",
"spdx-license-identifier": "na",
"copyright": "internal use",
"family": "AlmaLinux Local Security Checks",
"advisories": [
{
"oid": "1.3.6.1.4.1.25623.1.0.300000.1",
"title": "AlmaLinux: my-app01",
"creation_date": 1751018388,
"last_modification": 1751018388,
"advisory_id": "CUSTOM-01",
"advisory_xref": "https://example.com",
"cves": [
],
"summary": "My app is vulnerable",
"insight": "My App is vulnerable.",
"affected": "",
"xrefs": [
"https://example.com"
],
"qod_type": "package",
"severity": {
},
"cisa_kev": "false"
}
]
}
and a “products” file, /var/lib/notus/products/almalinux_9.notus:
{
"version": "1.2",
"spdx-license-identifier": "na",
"copyright": "internal use",
"package_type": "rpm",
"product_name": "AlmaLinux 9",
"advisories": [
{
"oid": "1.3.6.1.4.1.25623.1.0.300000.1",
"fixed_packages": [
{
"full_name": "my-app-1.0.1-1.el9_0.x86_64.rpm",
"specifier": ">="
}
]
}
]
}
- Greenbone has been installed on Kali as per docs
- custom files have same owner and permissions as other .notus files
/etc/gvm/notus-scanner.tomlcontains[notus-scanner]/disable-hashsum-verification = true,/usr/lib/systemd/system/ospd-openvas.service- In
/usr/lib/systemd/system/ospd-openvas.serviceExecStartcontains--disable-notus-hashsum-verification = true - Both files are valid JSONs
- In doubt, the VM has been rebooted
Any advice on what could be wrong? Thanks in advance