How to get CERT and SCAP data manually and transfer them to OpenVAS server

Hi,

I can’t reach to GCF from my OpenVas server ( internal network rules ), so I can’t update CERT and SCAP feeds.

I’ve tryed to get rsync command from greenbone-certdata-sync script. There is a function do_rsync_community_feed, and there is a rsync command. I manage to get it in form:
/usr/bin/rsync -ltvrP feed.openvas.org:/cert-data /tmp/cert-data

I run this command on a separate server which have unrestricted access to web.
But there isn’t any action with it.

For test I’ve tryed telnet:
$ telnet 89.146.224.58 873

and it seems to work.

I see that greenbone-nvt-sync have --wget option, but greenbone-scapdata-sync and greenbone-certdata-sync doesn’t.

What would be the way to get those data and what to transfer where ( in which directories on openvas server )?

Regards

1 Like

I manage to get feeds ( I think ).
I copyed greenbone-certdata-sync and greenbone-scapdata-sync on web facing server, created there /var/lib/gvm/cert-data and /var/lib/gvm/scap-data. Put there feed.xml from OpenVas host, and start both scripts. They put some xml files in those directories. I copyed them to same location on OpenVas server.

From How to update/keep the feed up to date? those updates of feeds should be automatically done if I have openvassd and gvmd services running. I have both of them in running state.

And I don’t have openvasmd program on OpenVas server.

In Security assistant ( on 9392 port ) in Extras -> Feed Status I have for scap and cert, version OT, and Status current, same as before transfering all those xml files.

How to apply feeds?

Regards

my setup is:
$ yum list installed | grep -i vas
openvas-scanner.x86_64 6.0.0-6930.el7.art @atomic
openvas-smb.x86_64 1.0.5-6923.el7.art @atomic
$ yum info greenbone-security-assistant.x86_64 | grep Version
Version : 8.0.0
$ yum info greenbone-vulnerability-manager.noarch | grep Version
Version : 10.0.0
$ cat /etc/redhat-release
Red Hat Enterprise Linux Server release 7.8 (Maipo)

And today without any action feeds are uptudate. Status is "20200519T0130

2 days old" for cert and scap. But files are in /var/lib/gvm/cert-data and /var/lib/gvm/scap-data are still present. In the next update should I add new files or should I delete old ones?