I’ve found this script that should do the job. Is this correct?
#!/bin/bash /usr/sbin/greenbone-nvt-sync /usr/sbin/greenbone-certdata-sync /usr/sbin/greenbone-scapdata-sync /usr/sbin/openvasmd --update --verbose --progress /etc/init.d/openvas-manager restart /etc/init.d/openvas-scanner restart
Hi henkies,
these are the same commands I use to update except the command:
/usr/sbin/openvasmd --update --verbose --progress
usually i use
/usr/sbin/openvasmd --rebuild --verbose --progress
I prefer to rebuild all than update 
I check the openvasmd options here:
https://www.mankier.com/8/openvasmd
or via cli:
openvasmd --help
Giovanni
Awesome, thanks!
Valid for: GVM9+
NOT valid for: OpenVAS8 and below, Greenbone OS (GOS) based installation like Greenbone Security Manager (GSM) or Greenbone Community Edition (GCE).
openvassd daemonopenvasmd/gvmd daemongreenbone-nvt-sync script and make sure that you’re NOT using use the --sync-only parametergreenbone-scapdata-sync
greenbone-certdata-sync (This should be started after greenbone-scapdata-sync)greenbone-nvt-sync script and make sure that you’re NOT using the --sync-only parametergreenbone-scapdata-sync
greenbone-certdata-sync (This should be started after greenbone-scapdata-sync)On GVM9+ it is not required to run the openvasmd --update or --rebuild command as long as both services are running. The greenbone-nvt-sync script will do this step for you. To avoid misunderstandings i have written a short summary above and set this as the solution to the initial question.
If you have found scripts which are doing any of such restarts or rebuilds please contact the author of these scripts to get them corrected.
Hi cfi,
thank you
Giovanni
Ok thanks!
Great solution, thanks. Now, I noticed the scapdata-sync runs quite a while. Do you need to wait for it to complete prior to running greenbone-certdata-sync, or once the files are downloaded and GVMD is sync’ing SCAP data, then you’re ok to run the greenbone-certdata-sync command?
Thanks!
Should these commands be run as root or sudo?
This depends from your security and permission model. We strongly discourage anyone to run services as root unless needed for permissions. But this is your responsibility to build a working permission model. Actual daemons of GVM and sync scripts are no longer run as root anyway.
Is there any way to check that feeds ARE actually uptodate with reporting in case it’s not ? (eg; that the updating scripts didn’t failed for some reason ? firewall, network problem, etc…)
It shouldn’t be hard to write a script doing this, but perhaps it already exist ?
Thanks
You can use GMP to query the feed version 
Or parse your syslog for errors and exit codes.
Thanks Lukas. Any example with gvm-cli how to achieve this ? I’m not very familiar with this. Thanks
All Documented here:
https://docs.greenbone.net/API/GMP/gmp-8.0.html#command_get_feeds
The rest will be your responsibility
Well, I read the docs and I’m able to get the data using command like
gvm-cli tls --hostname ip --port 9390 --gmp-username myuser --gmp-password myPass -X ‘<get_feeds/>’ | xmlstarlet fo
Which gives me the output in xml. But I’m unable to parse XML properly so that I can pipe it in a mail in the form of:
NVT: $version
SCAP: $version
CERT=$version
XML is very difficult to parse with standard GNU tools. I konw xmlstarlet is made for this purpose but the doc is simply ununderstandeable to me. I saw some examples with xmlstarlet sel -t -v … but I can’t reproduce it to work as expected.
Any hints ?
Thanks