How to update/keep the feed up to date?

I’ve found this script that should do the job. Is this correct?

#!/bin/bash
/usr/sbin/greenbone-nvt-sync
/usr/sbin/greenbone-certdata-sync
/usr/sbin/greenbone-scapdata-sync
/usr/sbin/openvasmd --update --verbose --progress
/etc/init.d/openvas-manager restart
/etc/init.d/openvas-scanner restart

Hi henkies,
these are the same commands I use to update except the command:

/usr/sbin/openvasmd --update --verbose --progress

usually i use

/usr/sbin/openvasmd --rebuild --verbose --progress

I prefer to rebuild all than update :grinning:
I check the openvasmd options here:
https://www.mankier.com/8/openvasmd

or via cli:

openvasmd --help

Giovanni

1 Like

Awesome, thanks!

How to update the feeds in GVM9+

Valid for: GVM9+
NOT valid for: OpenVAS8 and below, Greenbone OS (GOS) based installation like Greenbone Security Manager (GSM) or Greenbone Community Edition (GCE).

Without running openvasmd/gvmd and openvassd

  1. Start the openvassd daemon
  2. Start the openvasmd/gvmd daemon
  3. Run greenbone-nvt-sync script and make sure that you’re NOT using use the --sync-only parameter
  4. Run greenbone-scapdata-sync
  5. Run greenbone-certdata-sync (This should be started after greenbone-scapdata-sync)

With running openvasmd/gvmd and openvassd

  1. Run greenbone-nvt-sync script and make sure that you’re NOT using the --sync-only parameter
  2. Run greenbone-scapdata-sync
  3. Run greenbone-certdata-sync (This should be started after greenbone-scapdata-sync)
3 Likes

@henkies @Mogimbo

On GVM9+ it is not required to run the openvasmd --update or --rebuild command as long as both services are running. The greenbone-nvt-sync script will do this step for you. To avoid misunderstandings i have written a short summary above and set this as the solution to the initial question.

If you have found scripts which are doing any of such restarts or rebuilds please contact the author of these scripts to get them corrected.

1 Like

Hi cfi,
thank you

Giovanni

Ok thanks!

Great solution, thanks. Now, I noticed the scapdata-sync runs quite a while. Do you need to wait for it to complete prior to running greenbone-certdata-sync, or once the files are downloaded and GVMD is sync’ing SCAP data, then you’re ok to run the greenbone-certdata-sync command?

Thanks!

Should these commands be run as root or sudo?

This depends from your security and permission model. We strongly discourage anyone to run services as root unless needed for permissions. But this is your responsibility to build a working permission model. Actual daemons of GVM and sync scripts are no longer run as root anyway.

1 Like

Is there any way to check that feeds ARE actually uptodate with reporting in case it’s not ? (eg; that the updating scripts didn’t failed for some reason ? firewall, network problem, etc…)

It shouldn’t be hard to write a script doing this, but perhaps it already exist ?

Thanks

You can use GMP to query the feed version :wink: Or parse your syslog for errors and exit codes.

1 Like

Thanks Lukas. Any example with gvm-cli how to achieve this ? I’m not very familiar with this. Thanks

All Documented here:

https://docs.greenbone.net/API/GMP/gmp-8.0.html#command_get_feeds

The rest will be your responsibility :wink:

1 Like

Well, I read the docs and I’m able to get the data using command like

gvm-cli tls --hostname ip --port 9390 --gmp-username myuser --gmp-password myPass -X ‘<get_feeds/>’ | xmlstarlet fo

Which gives me the output in xml. But I’m unable to parse XML properly so that I can pipe it in a mail in the form of:

NVT: $version
SCAP: $version
CERT=$version

XML is very difficult to parse with standard GNU tools. I konw xmlstarlet is made for this purpose but the doc is simply ununderstandeable to me. I saw some examples with xmlstarlet sel -t -v … but I can’t reproduce it to work as expected.

Any hints ?

Thanks

A post was split to a new topic: Feed sync via rsync aborts