I’m running
Greenbone OS 4.2.24
VMware workstation 14
Linux 4 host 64bit
I’ve updated the feeds and they are showing as current
NVT
NVTs
Greenbone Community Feed
201902121108
Current
SCAP
CVEs, CPEs, OVAL Definitions
OpenVAS SCAP Feed
201902120000
Current
CERT
CERT-Bund Advisories, DFN-CERT Advisories
OpenVAS CERT Feed
201902120100
Current
I’ve got plenty of hosts and know that some are insecure. When I run the scan it shows it runs but does not come up with any vulnerabilities.
I have seen posts similar to this where they have said that issuing openvasmd --update fixes the issue. I have gone to maintenance and opened the shell. I have pasted this command but it isnt recognised!
The feed update now runs in the background and you are on the main menu of the administration. Via “About” you can have a look at the key properties of your setup, especially the address of the web interface and whether there still runs the Feed update as a system operation.
Only after the feed update completed there will be all information in the SecInfo area and first scans possible. This could take half an hour or even longer.
Even if the GSA is telling you that the feed versions are current the initial feed sync and the rebuild of the database might still run. So if you’re getting an NVT count of 0/0 please have some more patience, especially for the first sync after the initial setup of the appliance.
If your Report features no hosts either, this means in the first phase of the scan, the Alive Test found all ip addresses in the target “dead”.
The Alive Test is a setting of the Target.
If your Target isn’t overly big, change the Alive Test to “consider alive” to skip it altogether and scan every ip address in your Target, dead or not.
I had exactly the same issue. New VM, waited until the feeds were processed and still not a single scan result.
Read somewhere else to issue the following command in the root command shell (you have to enable it first in your advanced config options , then go to a non-root shell, then use su to get a root shell) - all this is not done in the web interface, but by using SSH.
As said here many time, if you run a ROOT command on the GCE you will break it.
On the GCE is a permission model in place, if you run any command as root it might override files with permission that can´t be read by the GVMd running NOT as root. So this is a very risky idea.
You NEVER need to run any command as root. My suggestion is reinstall it. Check if you can run a feed-sync and wait some time until the feed update is finished. This might take up to 4h. If you run any command as root, you can most likely re-install it.
Please install the latest GCE release 4.3.14. There was a bug fixed most recently in GOS:
Bugfix: In some cases the default quality of detection for all vulnerabilities was set to 75% due to the OpenVAS manager not correctly generating its internal metadata database (#108670).
which might be responsible for this seen behavior reported here.
Additionally even with the newest version the following still applies:
For some reason my fresh GCE 4.3.14 installation has shown a “feed not reachable” message during the first setup causing a 0/0 count of NVTs as well. A subsequent trigger of the feed update via Maintenance → Feed → Update in the GOS menu has started a full sync again.
Keep in mind that the initial/first feed sync/update (after starting another feed update as you did) could take quite some time (one hour or more, depending on various factors).
Basically check via the About menu if there is a “A system operation is currently running” shown. If there is “No system operation is running currently” shown there i had noticed a few days ago that there might be still a sync process running.
AFAIK there has been a lot of work done related on the feed update topic in this new major release. In addition the “About” menu is now showing which system operation currently is running so you should be able to see whats going on in more detail.