On GVM9+ it is not required to run the openvasmd --update or --rebuild command as long as both services are running. The greenbone-nvt-sync script will do this step for you. To avoid misunderstandings i have written a short summary above and set this as the solution to the initial question.
If you have found scripts which are doing any of such restarts or rebuilds please contact the author of these scripts to get them corrected.
Great solution, thanks. Now, I noticed the scapdata-sync runs quite a while. Do you need to wait for it to complete prior to running greenbone-certdata-sync, or once the files are downloaded and GVMD is sync’ing SCAP data, then you’re ok to run the greenbone-certdata-sync command?
This depends from your security and permission model. We strongly discourage anyone to run services as root unless needed for permissions. But this is your responsibility to build a working permission model. Actual daemons of GVM and sync scripts are no longer run as root anyway.
Is there any way to check that feeds ARE actually uptodate with reporting in case it’s not ? (eg; that the updating scripts didn’t failed for some reason ? firewall, network problem, etc…)
It shouldn’t be hard to write a script doing this, but perhaps it already exist ?
Which gives me the output in xml. But I’m unable to parse XML properly so that I can pipe it in a mail in the form of:
NVT: $version
SCAP: $version
CERT=$version
XML is very difficult to parse with standard GNU tools. I konw xmlstarlet is made for this purpose but the doc is simply ununderstandeable to me. I saw some examples with xmlstarlet sel -t -v … but I can’t reproduce it to work as expected.