Greenbone Community Edition not syncing Cert Data during setup

tisel · May 17, 2023, 3:23pm

I am running into an issue during the initial setup of GVM with the cert data sync. No errors receive (see below)

This is the output from the sudo runuser -u _gvm – greenbone-feed-sync --type CERT command

Greenbone community feed server -
This service is hosted by Greenbone Networks -

All transactions are logged.

If you have any questions, please use the Greenbone community portal.
See for details.

By using this service you agree to our terms and conditions.

Only one sync per time, otherwise the source ip will be temporarily blocked.

receiving incremental file list
timestamp
13 100% 12.70kB/s 0:00:00 (xfr#1, to-chk=0/1)

sent 71 bytes received 111 bytes 72.80 bytes/sec
total size is 13 speedup is 0.07

This is the output from gvm-check-setup following the cert sync attempt

gvm-check-setup 22.4.1
Test completeness and readiness of GVM-22.4.1
Step 1: Checking OpenVAS (Scanner)…
OK: OpenVAS Scanner is present in version 22.4.1.
OK: Notus Scanner is present in version 22.4.2.
OK: Server CA Certificate is present as /var/lib/gvm/CA/servercert.pem.
Checking permissions of /var/lib/openvas/gnupg/*
OK: _gvm owns all files in /var/lib/openvas/gnupg
OK: redis-server is present.
OK: scanner (db_address setting) is configured properly using the redis-server socket: /var/run/redis-openvas/redis-server.sock
OK: redis-server is running and listening on socket: /var/run/redis-openvas/redis-server.sock.
OK: redis-server configuration is OK and redis-server is running.
OK: the mqtt_server_uri is defined in /etc/openvas/openvas.conf
OK: _gvm owns all files in /var/lib/openvas/plugins
OK: NVT collection in /var/lib/openvas/plugins contains 85487 NVTs.
OK: The notus directory /var/lib/notus/products contains 427 NVTs.
Checking that the obsolete redis database has been removed
OK: No old Redis DB
OK: ospd-OpenVAS is present in version 22.4.5.
Step 2: Checking GVMD Manager …
OK: GVM Manager (gvmd) is present in version 22.4.2.
Step 3: Checking Certificates …
OK: GVM client certificate is valid and present as /var/lib/gvm/CA/clientcert.pem.
OK: Your GVM certificate infrastructure passed validation.
Step 4: Checking data …
OK: SCAP data found in /var/lib/gvm/scap-data.
ERROR: CERT data are missing.
FIX: Run the CERT synchronization script greenbone-feed-sync.
sudo runuser -u _gvm – greenbone-feed-sync --type CERT.

ERROR: Your GVM-22.4.1 installation is not yet complete!

I’ve run the cert sync command multiple times so far. No errors any time, but the data still shows as not sync’d by check-setup.

Lukas · May 17, 2023, 3:49pm

Please note this scrip is no longer nor developed maintained by Greenbone, so we can´t help you with that script. Please contact the packet maintainer there.

tisel · May 17, 2023, 3:53pm

Who would I contact? It’s part of the GVM setup…

bricks · May 17, 2023, 10:24pm

Hi, the gvm-check-setup script ist not provided or maintained by Greenbone. It’s a script provided by Kali Linux. I am not sure if the script is correct here. You should check the web UI if cert data is available. If no cert data is shown in the web UI you may run sudo -u _gvm gvmd --rebuild.

tisel · May 18, 2023, 12:18pm

Is there updated installation information on this anywhere? I’m installing this on Ubuntu 23.04.

cfi · May 18, 2023, 2:23pm

Official documentation from Greenbone side is available at https://greenbone.github.io/docs/latest/ (including instructions to build from sources or using official docker images).

And to clarify what’s written before:

Greenbone doesn’t maintain / provide any Linux packages like provided by Kali Linux, Debian and similar. Those are provided by 3rdparty maintainers out of the reach of Greenbone. This is also true for any additional scripts like gvm-check-setup, gvm-run or gvm-setup and any issues within them would need to be reported to the maintainer of these scripts and/or packages.

tisel · May 18, 2023, 5:18pm

Unfortunately the problem I’ve run into is the web interface isn’t accessible. I’ve tried the FQDN and IP Address. I can ping the server all day. I’m guessing the installation isn’t complete but I’m not sure how to proceed. Building the installation from scratch using source seems like a very tedious lift to demo a product.

bricks · May 19, 2023, 7:06am

Hi,

I don’t know the Kali default settings for our software but I guess our web interface is configured to only be available on localhost. You need to take a look at the gsad.service file to adjust the web server gsad to listen on all interfaces of this machine too.