Firstly, Thanks a lot for OpenVAS team to provide this kind vulnerability solution. It’s very useful for my SIEM project.
Like many users, I faced issue to update feeds after stating using OpenVAS, but I am lucky to fix them after reviewing many posts in this community. Now, I would like to share and summary some major points that how I fix that connection issue for you.
- Proxy can be used , but you make sure your proxy can reach feed.openvas.org with port 873
Now, I am using Squid to download these feeds after modifying the following changes,
=====copy from internet=======================
To allow RSYNC proxy via Squid, edit squid.conf file:
- add 873 to acl SSL_ports port list
- add 873 to acl Safe_ports port list
- if you want proxy without password, add host at which rsync is running to acl allowed_hosts list
====copy from internet========================
The following is log for updating feeds
====successful log from squid==================
1566377499.776 6268 x.x.x.x TCP_TUNNEL/200 601 CONNECT feed.openvas.org:873 - HIER_DIRECT/89.146.224.58 -
1566377748.449 248659 x.x.x.x TCP_TUNNEL/200 4466562 CONNECT feed.openvas.org:873 - HIER_DIRECT/89.146.224.58 -
1566377903.775 5700 x.x.x.x 2 TCP_TUNNEL/200 601 CONNECT feed.openvas.org:873 - HIER_DIRECT/89.146.224.58 -
- Configure your OpenVAS environment to make sure RSYNC go through the following settings.
rsync_proxy=“proxy server ip:port”
- DNS need to be configured and resolve on proxy server
===========in /etc/squid/squid.conf==============
dns_nameservers 8.8.8.8
==========================================