I’ve been developing some custom VTs and have managed to get them in to my NVT list, but it appears as though (however I’m not 100% certain) when running an update, the custom VTs aren’t updating untill there is a new version number from the greenbone community feed sync.
I can see that my NVT file has been updated in the ospd-openvas container, but the changes are not appearing in the web gui.
I’m updating using openvas --update-vt-info.
I have found that I am able to update my custom NVTs after a new feed version is published by the community feed.
Note that I’m using community containers, however this isn’t a container-specific discussion but one about updating VTs, so I’m posting it here.
Is there a requirement to change the feed version number in order to introduce changes to a custom NVT?
Yes I think so. I am not sure how custom VTs are considered for the hashsum calculation. Thus incrementing the feed version is the only reliable way (besides restarting ospd-openvas) for forcing a full reload of the VTs.
I’ve tried restarting the containers via docker compose down/up, as well as openvas --update-vt-info, but it doesn’t seem to work until the version number is bumped.
I suppose my next question is, can you please advise how I could go about incrementing the feed version?
Giving this a bit of a bump.
Hoping that someone has some insight on how to get custom vulns. working. There’s quite a bit around the forums about how to write VTs, but I haven’t found much about getting them up and running locally.
The feed version is set at the PLUGIN_SET variable in the plugin_feed_info.inc file. Alternatively you may restart the redis-server to force a full reload of the VT data.
I changed the feed version in the plugin_feed_info.inc file, added script_oid, script_version in my custom .nasl script, and I kept the script version the same as the feed version.
However i haven’t found my custom .nasl in the redis when i restart redis-openvas service.
After that I calculated sha256 of my .nasl and added in sha256sums, but there is no change.
Maybe it would calculate the hashsum via sha256sums.asc.
When i used greenbone-nvt-sync to update, it cleared my custom .nasl.
By default, all .nasl scripts in the Greenbone feed(s) are secured via checksums and signatures to prevent third parties from unknowingly modifying the feed of our users. The sha256sums file is signed by Greenbone via a private key, resulting in the sha256sums.asc file. Modifying the checksums or signature is not supported.
To load custom .nasl scripts, you need to disable the scanner’s signature check. To do this, open the scanner’s configuration file (usually located at /etc/openvas/openvas.conf, but this depends on your setup), set nasl_no_signature_check = yes and save. You may also need to restart the various services afterwards, I can’t remember at the moment.