Although I have all of these steps built into a python wrapper, the problem that I seem to experience is the default scan configs are not immediately available because GSA is trying to update feeds. This happens only initially when starting the service and the update runs. If I try to run updates at any point after the scan configs are already created, then they are still available. But, I need to either incorporate it as part of the “starting OpenVAS” process or disable it altogether if possible.
In my particular use cases, my feeds will always be up-to-date (within the last 6 hours) when the docker image is built, so it would be great if I could just run the image and perform the steps mentioned in the workflow above.
So I have two questions regarding this:
Does GSA always run updates when you start it?
Is there any quick and easy way to prevent GSA from updating automatically from the API after installing it perhaps?
What happens if the VM where the image is being run doesn’t have Internet access? Do the scan configs just default to becoming available?
I know this might be a little ghetto, but could be useful for anyone else looking for a similar solution. For me, I have developed a process to recursively scan /var/log/gvm/gvmd.log for the default scan config uuid (daba56c8-73ec-11df-a475-002264764cea). Once this exists in the log, then I know that the scan config has been created. It’ll look like this:
___(root__ip-172-31-49-58)-[~]
__# grep daba56c8-73ec-11df-a475-002264764cea /var/log/gvm/gvmd.log
event config:MESSAGE:2021-06-28 21h22.08 utc:2377: Scan config Full and fast (daba56c8-73ec-11df-a475-002264764cea) has been created by admin
This will happen automatically as the updates make their progress, apparently.
The next thing that I noticed is that, even though the scan config gets created, sometimes there can still be updates running. To wait for updates to finish, I am just recursively looking at ps aux output to see if anything has gvmd:, along with either Reloading or Updating in the process args/description/description/whatever.
I don’t really see anything in the gvmd.log file that would make this any cleaner (e.g. something like “Ready to launch.”) so this is the best I was able to come up with.