I ran an authenticated full and fast scan and looking at the results I could see that some NVTs that were executed were not present locally on my machine and others that were present but were deprecated. I checked the ‘status feed’ on the web interface and everything was up to date, including the information about the NVTs.
Why does this happen?
Hi Francisco, you said:
Could you explain your meaning here? It’s not clear to me.
sure.
the following NVT for example: < Debian: Security Advisory (DSA-5753-1) > is not present locally on my machine (/var/lib/openvas/plugins), however it was executed in the scan performed.
Another example, the NVT < Ubuntu: Security Advisory (USN-4279-1) > was executed in the scan performed and found locally on the machine (/var/lib/openvas/plugins), however, when checking the code, the NVT was marked as ‘deprecated’.
My version of the NVTs is the following: Greenbone Community Feed
20240903T0952
OK, can you explain how you know that the VT for “Debian: Security Advisory (DSA-5753-1)” is not present locally on your machine? Did you delete the .nasl
file? It was created on Wed, Aug 21, 2024 10:50 AM UTC, so it should be in your feed 20240903T0952 (Sep 03, 2024 9:52 AM UTC).
Secondly, there are two VTs with the title “Ubuntu: Security Advisory (USN-4279-1)”. One is depreciated, and the other is active. How are you verifying that the depreciated feed was the one executed?
I did not delete the .nasl file from NVT Debian: Security Advisory (DSA-5753-1), it is just not present locally. When I saw the scan result, I wanted to look at the code to see what the script did and when I looked for it I could not find the file on my machine.
Regarding Ubuntu: Security Advisory (USN-4279-1), I only have 1 file on my computer that is deprecated, I do not have 2. Could this be a problem with the NVT database?
How are you verifying that the files do not exist on your local machine? The file you claim is missing (Debian: Security Advisory (DSA-5753-1) could not be missing if it is being executed.
I tried searching for NVT by name and OID and couldn’t find it (
Debian: Security Advisory (DSA-5753-1) OID: 1.3.6.1.4.1.25623.1.1.1.1.2024.5753). The searches were done in the path /var/lib/openvas/plugins which has the other NVTs used by openvas
Hi Francisco,
These Linux distro checks are covered via Notus on newer/current versions. Notus doesn’t work with VTs but via a JSON file. So you will not see this VT as a .nasl file on your system.
Hope this helps,
Chris
3 Likes
I didn’t know about this, I thought it was all in the /var/lib/openvas/plugins folder. I checked the /var/lib/notus folder and the file I was looking for was there. Thank you very much