I have GVM installed from source in a Ubuntu Server 22.04 LTS
How can I update 22.4.1 to 22.7.3?
Because when I run a new scan with the version 22.4 shows me the following:
Vulnerability Detection Result Version of installed component: 22.4.1 (Installed component: openvas-l ,→ibraries on OpenVAS <= 9, openvas-scanner on Greenbone Community Edition >= 10 ,→) Latest available openvas-scanner version: 22.7.3
Hi, I created an update script which works super fine. Try it. Leave the following variables as they are and change them only if you encounter problems:
APT_UPGRADE=“no” # Do you wish to do an apt-upgrade at the same time?
REBOOT_AFTER_UPGRADE=“yes” # Do you wish an auto-reboot after apt-upgrade?/
AUTO_REMOVE=“no” # Do you wish to autoremove unnecessary packages?
UPDATE_POSTGRES_PACKAGES=“yes” # Do you wish to upgrade the DB packages?
FEED_UPDATE=“no” # Do you wish to do a feed-update at the same time?
#!/bin/bash
# Purpose: Update Greenbone OpenVAS to new version
# Tested on OS: Kali GNU/Linux Rolling
# Release: 2023.1
# Codename: kali-rolling
# Script created: 28.07.2023 by Birgit Ducarroz
# Last update: 23.08.2023 v.2 /bdu
########################################################
#---------------------------------------------------------------------------
# User defined variables:
#---------------------------------------------------------------------------
PORT="443" # To open the login page directly, without RDP login.
SERVICE_FILE="/lib/systemd/system/greenbone-security-assistant.service" # Location of the file
SSL_CERTIFICATE="your.crt" # Name of your SSL certificate file
SSL_KEY="your.key" # Name of your SSL certificate key file
BACKUP_DIR="/root/script" # Where do you want to store a backup of the service file?
# If you encounter problems during the first upgrade, try to change one or more
# of the following parameters:
CPU="200" # How many CPU's are acceptable for you for a quick update?
APT_UPGRADE="no" # Do you wish to do an apt-upgrade at the same time?
REBOOT_AFTER_UPGRADE="yes" # Do you wish an auto-reboot after apt-upgrade?/
AUTO_REMOVE="no" # Do you wish to autoremove unnecessary packages?
UPDATE_POSTGRES_PACKAGES="yes" # Do you wish to upgrade the DB packages?
FEED_UPDATE="no" # Do you wish to do a feed-update at the same time?
#---------------------------------------------------------------------------
# Do not change anything below...
#---------------------------------------------------------------------------
#---------------------------------------------------------------------------
# Color scheme:
#---------------------------------------------------------------------------
YEL='\033[0;33m'
MAG='\u001b[35;1m' # Purple, Mangentha
RESET=$(tput sgr0)
#-------------------------------------------------------------
# Function print a line:
#-------------------------------------------------------------
fn_line(){
printf "%*s" $(tput cols) |tr " " "-\n"
}
echo -e $MAG
fn_line
echo Greenbone OpenVAS Update Tool
fn_line
echo $RESET
echo
#-------------------------------------------------------------
# Printing the actual openVAS version:
#-------------------------------------------------------------
echo -e ${YEL}ACTUAL VERSION: $RESET
openvas --version
sleep 3
fn_line
#-------------------------------------------------------------
# Checking CPU:
#-------------------------------------------------------------
CPU=$(($CPU - 1)) # Machines count begins at 0...
fn_whiptail(){
if (whiptail --title "WARNING" --yesno "You have less than $CPU CPU.
The update pocess might take several hours.
You can give more CPU to your vm.
Reminder: You need to shutdown and restart your vm.
A simple reboot is not sufficient.
Do you want to continue? " 15 70); then
echo "$?"
else
exit 1;
fi
}
CORES=$(cat /proc/cpuinfo | grep processor |tail -n1 | awk {'print $3'})
if [ $CORES -lt $CPU ]; then
fn_whiptail
fi
#-------------------------------------------------------------
# Making a backup of the service file:
#-------------------------------------------------------------
echo -e ${YEL}Backuping the original service file to ${BACKUP_DIR}$RESET
sleep 3
TIMESTAMP=$(date '+%Y-%m%d-%H%M%S')
mkdir -p $BACKUP_DIR
cp $SERVICE_FILE ${BACKUP_DIR}/${TIMESTAMP}-greenbone-security-assistant.service
fn_line
#-------------------------------------------------------------
# Fn stopping gvm service:
#-------------------------------------------------------------
fn_stopgvm(){
echo -e ${YEL}Stopping gvm service...$RESET
sleep 3
gvm-stop
}
fn_stopgvm
sleep 10
#-----------------------------------------------------------------
# Security check if gvm service is really stopped, continue if so:
#-----------------------------------------------------------------
GSTATUS=$(systemctl status gvmd |grep inactive |awk {'print $3'})
if [[ $GSTATUS != "(dead)" ]]; then
fn_stopgvm
fi
fn_line
#-------------------------------------------------------------
# Find gvm packages to update, update:
#-------------------------------------------------------------
echo -e ${YEL}Updating gvm packages ...$RESET
sleep 2
dpkg -l | grep gvm |awk {'print $2'} > gvm-packages-update-todel.sh
apt update
sed -i 's/^/apt -y install /' gvm-packages-update-todel.sh
chmod 700 gvm-packages-update-todel.sh
./gvm-packages-update-todel.sh
rm gvm-packages-update-todel.sh
echo
fn_line
#-------------------------------------------------------------
# Update postgres packages
#-------------------------------------------------------------
if [[ $UPDATE_POSTGRES_PACKAGES == "yes" ]]; then
echo -e ${YEL}Updating postgresql packages ...$RESET
sleep 2
systemctl stop postgresql
dpkg -l | grep postgresql |awk {'print $2'} > postgresql-packages-update-todel.sh
apt update
sed -i 's/^/apt -y install /' postgresql-packages-update-todel.sh
chmod 700 postgresql-packages-update-todel.sh
./postgresql-packages-update-todel.sh
rm postgresql-packages-update-todel.sh
echo
fn_line
fi
#-------------------------------------------------------------
# Apt upgrade, auto remove
#-------------------------------------------------------------
if [[ $APT_UPGRADE == "yes" ]]; then
echo -e ${YEL}Upgrading kali ...$RESET
sleep 2
gvm-stop
systemctl stop postgresql
apt -y upgrade
if [[ $REBOOT_AFTER_UPGRADE == "yes" ]]; then
echo -e ${MAG}"The system will reboot now. Re-execute this script again after the boot."$RESET
sleep 3
reboot
fi
fn_line
fi
if [[ $AUTO_REMOVE == "yes" ]]; then
echo -e ${YEL}Auto-removing orphaned packages ...$RESET
sleep 2
apt -y autoremove
fn_line
fi
#-------------------------------------------------------------
# Update the OpenVAS databases:
#-------------------------------------------------------------
echo -e $MAG
cat << EOF
Updating the databases.
This will take a long time, maybe more than two hours.
During this time, the following command seems to be unresponsive.
Please be patient...
You can monitor the update process. Use tail -f /var/log/gvm/gvmd.log in a second terminal.
It should not hang more than 10 minutes on one line...
If it hangs at "Updating placeholder CPEs", interrupt the script and try again.
EOF
echo $RESET
systemctl start postgresql
sleep 4
sudo -u _gvm gvmd --migrate
echo -e ${YEL} Done.$RESET
#-------------------------------------------------------------
# Rewrite service file if necessary:
#-------------------------------------------------------------
fn_line
echo -e ${YEL}Updating the service file...$RESET
sleep 3
THIS_HOST=$(hostname)
MY_IP=$(host $THIS_HOST |awk {'print $4'}) # Automatically find my IP address
sed -i "s/127.0.0.1/$MY_IP/g" $SERVICE_FILE # Replace the default IP by my ip address
sed -i "s/9392/$PORT/g" $SERVICE_FILE # Replace the default port by my port
sed -i "s/${PORT}.*/${PORT} --no-redirect --ssl-private-key=\/etc\/gvm\/$SSL_KEY --ssl-certificate=\/etc\/gvm\/$SSL_CERTIFICATE/g" $SERVICE_FILE # Insert certificate file after the port on same line
fn_line
#-------------------------------------------------------------
# Start gvm service:
#-------------------------------------------------------------
echo -e ${YEL}Starting gvm service:$RESET
gvm-start
systemctl daemon-reload && systemctl restart gvmd.service gsad.service greenbone-security-assistant.service
#-------------------------------------------------------------
# Update feeds:
#-------------------------------------------------------------
if [[ $FEED_UPDATE == "yes" ]]; then
echo -e ${YEL}Doing a feedupdate, please wait ...$RESET
#sudo greenbone-feed-sync
/usr/sbin/gvmd --optimize=vacuum
/usr/sbin/gvmd --optimize=analyze
/usr/sbin/gvmd --optimize=cleanup-report-formats
/usr/sbin/gvmd --optimize=cleanup-result-nvts
/usr/sbin/gvmd --optimize=cleanup-config-prefs
/usr/sbin/gvmd --optimize=cleanup-result-severities
/usr/sbin/gvmd --optimize=update-report-cache
sudo -u _gvm greenbone-scapdata-sync >/var/log/gvm/gvm-feed-update-SCAP.log
sudo -u _gvm greenbone-feed-sync --type GVMD_DATA 2>/var/log/gvm/gvm-feed-update-GVMD.log
sudo -u _gvm greenbone-certdata-sync >/var/log/gvm/gvm-feed-update-CERT.log
sudo -u _gvm greenbone-nvt-sync >/var/log/gvm/gvm-feed-update-sync.log
fi
#-------------------------------------------------------------
# Printing new version:
#-------------------------------------------------------------
fn_line
echo Done.
echo -e ${YEL}NEW VERSION$RESET
openvas --version
fn_line
echo
echo -e ${YEL}A backup of your original $SERVICE_FILE is located in ${BACKUP_DIR}$RESET
echo "Have fun ;-)"
fn_line
It should be noted that your script is for Kali native install, however, this is the "Community Containers" category and the OP is asking about "Greenbone Docker Containers"