I am trying to manually update my NVT feed so that I can run some scans but have run into an issue. The Cert Feed managed to keep up to date automatically, and I was able to update the SCAP Feed after trying a couple times however the NVT feed is having issues.
When I run the update from the GSM SSH interface it starts but stops shortly afterwards, giving the following error in the log.
The firewall is set to allow all traffic from and to feed.openvas.org and allows all applications through.
I tried running the script “greenbone-nvt-sync” through the command line but that seems to fail, showing multiple lines and file names with the tag ‘Permission Denied’
A ping test (ping feed.openvas.org) from the command line inside the GSM shows that it can communicate with the server.
Currently, the feed is listed as being 31 days old (June 19th)
Any advice or recommendations would be greatly appreciated.
These are the lines when I try to run the ‘greenbone-nvt-sync’ command:
According to Community Feed URL Consolidation the most recent GCE version 6.0.7 is not using feed.openvas.org anymore. If you’re running a GCE < 6.0.7 it is strongly recommended to setup a fresh GCE with that new version.
I created a fresh GCE at version 6.0.7 and I am still getting the failed to connect. My firewall logs show traffic being allowed to and from feed.community.greenbone.net prompted by me running the feed update.
There is the occasional TCP reset instead of an allow in the firewall logs.
When I ran the command ‘greenbone-nvt-sync’ on the new GCE it managed to update the SCAP and CERT feeds but failed the NVT.
Seems the “Connection Refused” topic was discussed thoroughly in Feed sync via rsync aborts and the discussion lead to a firewall / NAT in between the GCE/GVM setup and the feed service.
I played around with the firewall and managed to get it working, however the result is inconsistent and still shows the connection refused 4 out of 5 times.
I am trying to sort out what was blocking it in the firewall as process of elimination but I can’t get a consistent result to test off of.
Is there a limit as to how many times you can download the feed within a certain time frame?
Latest attempt log:
Problem ended up being the overarching web filter on the firewall, not that I can figure out why.
I’ve made the exception, seems to function properly now.
Thanks for your help!