Shutting down GCF HTTP Download

The option to download the entire feed as a single tarball (community-nvt-feed-current.tar.bz2) via HTTP is a historic left-over. With growing size of the tarball this option is not the preferred one anymore. The majority of the community users is using the default RSYNC method.

So finally we are now shutting down the HTTP-URL for community-nvt-feed-current.tar.bz2 effective from July 1st 2020.

Due to the high demand for our community feed service, we migrated the Greenbone Community Feed (GCF) to a platform that has ten times the capacity of the old feed.openvas.org. So, our new RSYNC service serves faster and we are concurrently switching over any RSYNC activity to this new platform. See the separate announcement about this change: Community Feed URL Consolidation

Part of this platform migration is a new HTTP service for dl.greenbone.net running on a new server with a new IP address.

In case you use Greenbone Security Manager (GSM)

You are not affected by this change.

In case you use Greenbone Community Edition Virtual Machine (GCE)

You are not affected by this change.

In case you use Greenbone Source Edition (GSE)

You are only affected in case you configured your setup to not use the default synchronization method but rather HTTP (wget or curl). We have prepared updates where the support has been removed (GVM 11: openvas 7.0.1; GVM 10: openvas-scanner 6.0.2).

In case you used HTTP only to apply HTTP_PROXY, then consider using RSYNC_PROXY.

We highly recommend that you switch to the new RSYNC service at the same time because the old one will be shutdown September 30th 2020.

The new RSYNC service is already available and automatically used by latest GVM 10/GVM 11 releases:

feed.community.greenbone.net:

  • IP address: 2a0e:6b40:20:106:20c:29ff:fe67:cbb5
  • Legacy IP address: 45.135.106.142

ATTENTION: If you use an old synchronization script (greenbone-nvt-sync) for a fresh setup, it will fail because it tries the HTTP download for the very first update. Especially this affects outdated versions like GVM 9. Either update to the latest releases of our software or directly use the latest synchronization routine:

3 Likes

Please be aware that from July 1st on we will not update the nvt feed tar-ball anymore.
This means your set of vulnerability tests will be outdated rapidly.
Follow the guide to continue fetching daily updates.

2 Likes