The SCAP database is required

Linux Distribution and External Repo Discussion
1

Hello! While using gvm and when I go to secinfo page and other pages it keep telling me “The SCAP database is required” although the installation say that everything is okay.

I have tried these steps to solve the issue:

First command: “sudo greenbone-scapdata-sync”
And I got this error in the output:

Running as root. Switching to user '_gvm' and group '_gvm'.
Trying to acquire lock on /var/lib/gvm/feed-update.lock
Acquired lock on /var/lib/gvm/feed-update.lock
⠇ Downloading SCAP data from 
rsync://feed.community.greenbone.net/community/vulnerability-feed/22.04/scap-
data/ to /var/lib/gvm/scap-data
rsync:  read error: Connection reset by peer (104)
rsync error: error in socket IO (code 10) at io.c(806) 
rsync: connection unexpectedly closed (593 bytes received so far) 
rsync error: error in rsync protocol data stream (code 12) at io.c(231) 

Releasing lock on /var/lib/gvm/feed-update.lock

And then I have tried this command “sudo greenbone-certdata-sync”
And I got this error in output:

kali% sudo greenbone-certdata-sync
Running as root. Switching to user '_gvm' and group '_gvm'.
Trying to acquire lock on /var/lib/gvm/feed-update.lock
Acquired lock on /var/lib/gvm/feed-update.lock
⠏ Downloading CERT-Bund data from 
rsync://feed.community.greenbone.net/community/vulnerability-feed/22.04/cert-
data/ to /var/lib/gvm/cert-data
Releasing lock on /var/lib/gvm/feed-update.lock

And when I made check setup everything was okay and here is the output of “gvm-check-setup”:

kali% sudo gvm-check-setup
gvm-check-setup 23.11.0
  Test completeness and readiness of GVM-23.11.0
Step 1: Checking OpenVAS (Scanner)... 
        OK: OpenVAS Scanner is present in version 22.7.9.
        OK: Notus Scanner is present in version 22.6.2.
        OK: Server CA Certificate is present as /var/lib/gvm/CA/servercert.pem.
Checking permissions of /var/lib/openvas/gnupg/*
        OK: _gvm owns all files in /var/lib/openvas/gnupg
        OK: redis-server is present.
        OK: scanner (db_address setting) is configured properly using the redis-server socket: /var/run/redis-openvas/redis-server.sock
        OK: the mqtt_server_uri is defined in /etc/openvas/openvas.conf
        OK: _gvm owns all files in /var/lib/openvas/plugins
        OK: NVT collection in /var/lib/openvas/plugins contains 88945 NVTs.
        OK: The notus directory /var/lib/notus/products contains 456 NVTs.
Checking that the obsolete redis database has been removed
        OK: No old Redis DB
        OK: ospd-openvas service is active.
        OK: ospd-OpenVAS is present in version 22.6.2.
Step 2: Checking GVMD Manager ... 
        OK: GVM Manager (gvmd) is present in version 23.3.0.
Step 3: Checking Certificates ... 
        OK: GVM client certificate is valid and present as /var/lib/gvm/CA/clientcert.pem.
        OK: Your GVM certificate infrastructure passed validation.
Step 4: Checking data ... 
        OK: SCAP data found in /var/lib/gvm/scap-data.
        OK: CERT data found in /var/lib/gvm/cert-data.
Step 5: Checking Postgresql DB and user ... 
        OK: Postgresql version and default port are OK.
 gvmd      | _gvm     | UTF8     | libc            | C.UTF-8 | C.UTF-8 |            |           | 
16440|pg-gvm|10|2200|f|22.6||
        OK: At least one user exists.
Step 6: Checking Greenbone Security Assistant (GSA) ... 
        OK: Greenbone Security Assistant is present in version 22.9.1~git.
Step 7: Checking if GVM services are up and running ... 
        OK: gvmd service is active.
        OK: gsad service is active.
Step 8: Checking few other requirements...
        OK: nmap is present.
        OK: ssh-keygen found, LSC credential generation for GNU/Linux targets is likely to work.
        OK: nsis found, LSC credential package generation for Microsoft Windows targets is likely to work.
        OK: xsltproc found.
        WARNING: Your password policy is empty.
        SUGGEST: Edit the /etc/gvm/pwpolicy.conf file to set a password policy.
Step 9: Checking greenbone-security-assistant...
        OK: greenbone-security-assistant is installed

It seems like your GVM-23.11.0 installation is OK.

Any help please?

2

I think your problem is related to this post. There is an availability issue with internal infrastructure atm.

In the future though, you may investigate the gvm-check-setup command manually. gvm-check-setup is simply a bash script and so it’s very easy to check what is happening. gvm-check-setup does not verify the contents of the database. It only independently verifies the existence of the PostgreSQL database, and database user, and for SCAP and CERT data, only verifies that at least 10 items are present in the configured directory path /var/lib/gvm/cert-data. This is not a robust check, so if your connection is being reset due to the issue, the gvm-check-setup check will come back as OK, but in fact it is not OK.

In fact, the database has not been populated.

2 Likes
3

I checked that link but it’s confusing no one said direct solution. and the problem that I have done re-install many times.
Is that can be also the reason for why I get zero results for scan when I create tasks?

4

Yes, you are correct, if you do not initially populate the database with gvmd, CERT, and SCAP data, you will not have any results for a scan.

1 Like
5

Okay do you have any suggestions how can I get them in the database… Because I have tried to uninstall an re-install and the problem is the same

6

While the Greenbone feed sync server is not fully operational, you will not be able to download all the feeds successfully. You can follow this post for more information: Community Feed: connection reset by peer - #27 by immauss

1 Like