Dears,
I have GVM installed from source in a Ubuntu Server 22.04 LTS
How can I update 22.4.1 to 22.7.3?
Because when I run a new scan with the version 22.4 shows me the following:
Vulnerability Detection Result
Version of installed component: 22.4.1 (Installed component: openvas-l
,→ibraries on OpenVAS <= 9, openvas-scanner on Greenbone Community Edition >= 10
,→)
Latest available openvas-scanner version: 22.7.3
I’d appreciate your advice.
Best regards,
Hi, I created an update script which works super fine. Try it. Leave the following variables as they are and change them only if you encounter problems:
APT_UPGRADE=“no” # Do you wish to do an apt-upgrade at the same time?
REBOOT_AFTER_UPGRADE=“yes” # Do you wish an auto-reboot after apt-upgrade?/
AUTO_REMOVE=“no” # Do you wish to autoremove unnecessary packages?
UPDATE_POSTGRES_PACKAGES=“yes” # Do you wish to upgrade the DB packages?
FEED_UPDATE=“no” # Do you wish to do a feed-update at the same time?
#!/bin/bash
# Purpose: Update Greenbone OpenVAS to new version
# Tested on OS: Kali GNU/Linux Rolling
# Release: 2023.1
# Codename: kali-rolling
# Script created: 28.07.2023 by Birgit Ducarroz
# Last update: 23.08.2023 v.2 /bdu
########################################################
#---------------------------------------------------------------------------
# User defined variables:
#---------------------------------------------------------------------------
PORT="443" # To open the login page directly, without RDP login.
SERVICE_FILE="/lib/systemd/system/greenbone-security-assistant.service" # Location of the file
SSL_CERTIFICATE="your.crt" # Name of your SSL certificate file
SSL_KEY="your.key" # Name of your SSL certificate key file
BACKUP_DIR="/root/script" # Where do you want to store a backup of the service file?
# If you encounter problems during the first upgrade, try to change one or more
# of the following parameters:
CPU="200" # How many CPU's are acceptable for you for a quick update?
APT_UPGRADE="no" # Do you wish to do an apt-upgrade at the same time?
REBOOT_AFTER_UPGRADE="yes" # Do you wish an auto-reboot after apt-upgrade?/
AUTO_REMOVE="no" # Do you wish to autoremove unnecessary packages?
UPDATE_POSTGRES_PACKAGES="yes" # Do you wish to upgrade the DB packages?
FEED_UPDATE="no" # Do you wish to do a feed-update at the same time?
#---------------------------------------------------------------------------
# Do not change anything below...
#---------------------------------------------------------------------------
#---------------------------------------------------------------------------
# Color scheme:
#---------------------------------------------------------------------------
YEL='\033[0;33m'
MAG='\u001b[35;1m' # Purple, Mangentha
RESET=$(tput sgr0)
#-------------------------------------------------------------
# Function print a line:
#-------------------------------------------------------------
fn_line(){
printf "%*s" $(tput cols) |tr " " "-\n"
}
echo -e $MAG
fn_line
echo Greenbone OpenVAS Update Tool
fn_line
echo $RESET
echo
#-------------------------------------------------------------
# Printing the actual openVAS version:
#-------------------------------------------------------------
echo -e ${YEL}ACTUAL VERSION: $RESET
openvas --version
sleep 3
fn_line
#-------------------------------------------------------------
# Checking CPU:
#-------------------------------------------------------------
CPU=$(($CPU - 1)) # Machines count begins at 0...
fn_whiptail(){
if (whiptail --title "WARNING" --yesno "You have less than $CPU CPU.
The update pocess might take several hours.
You can give more CPU to your vm.
Reminder: You need to shutdown and restart your vm.
A simple reboot is not sufficient.
Do you want to continue? " 15 70); then
echo "$?"
else
exit 1;
fi
}
CORES=$(cat /proc/cpuinfo | grep processor |tail -n1 | awk {'print $3'})
if [ $CORES -lt $CPU ]; then
fn_whiptail
fi
#-------------------------------------------------------------
# Making a backup of the service file:
#-------------------------------------------------------------
echo -e ${YEL}Backuping the original service file to ${BACKUP_DIR}$RESET
sleep 3
TIMESTAMP=$(date '+%Y-%m%d-%H%M%S')
mkdir -p $BACKUP_DIR
cp $SERVICE_FILE ${BACKUP_DIR}/${TIMESTAMP}-greenbone-security-assistant.service
fn_line
#-------------------------------------------------------------
# Fn stopping gvm service:
#-------------------------------------------------------------
fn_stopgvm(){
echo -e ${YEL}Stopping gvm service...$RESET
sleep 3
gvm-stop
}
fn_stopgvm
sleep 10
#-----------------------------------------------------------------
# Security check if gvm service is really stopped, continue if so:
#-----------------------------------------------------------------
GSTATUS=$(systemctl status gvmd |grep inactive |awk {'print $3'})
if [[ $GSTATUS != "(dead)" ]]; then
fn_stopgvm
fi
fn_line
#-------------------------------------------------------------
# Find gvm packages to update, update:
#-------------------------------------------------------------
echo -e ${YEL}Updating gvm packages ...$RESET
sleep 2
dpkg -l | grep gvm |awk {'print $2'} > gvm-packages-update-todel.sh
apt update
sed -i 's/^/apt -y install /' gvm-packages-update-todel.sh
chmod 700 gvm-packages-update-todel.sh
./gvm-packages-update-todel.sh
rm gvm-packages-update-todel.sh
echo
fn_line
#-------------------------------------------------------------
# Update postgres packages
#-------------------------------------------------------------
if [[ $UPDATE_POSTGRES_PACKAGES == "yes" ]]; then
echo -e ${YEL}Updating postgresql packages ...$RESET
sleep 2
systemctl stop postgresql
dpkg -l | grep postgresql |awk {'print $2'} > postgresql-packages-update-todel.sh
apt update
sed -i 's/^/apt -y install /' postgresql-packages-update-todel.sh
chmod 700 postgresql-packages-update-todel.sh
./postgresql-packages-update-todel.sh
rm postgresql-packages-update-todel.sh
echo
fn_line
fi
#-------------------------------------------------------------
# Apt upgrade, auto remove
#-------------------------------------------------------------
if [[ $APT_UPGRADE == "yes" ]]; then
echo -e ${YEL}Upgrading kali ...$RESET
sleep 2
gvm-stop
systemctl stop postgresql
apt -y upgrade
if [[ $REBOOT_AFTER_UPGRADE == "yes" ]]; then
echo -e ${MAG}"The system will reboot now. Re-execute this script again after the boot."$RESET
sleep 3
reboot
fi
fn_line
fi
if [[ $AUTO_REMOVE == "yes" ]]; then
echo -e ${YEL}Auto-removing orphaned packages ...$RESET
sleep 2
apt -y autoremove
fn_line
fi
#-------------------------------------------------------------
# Update the OpenVAS databases:
#-------------------------------------------------------------
echo -e $MAG
cat << EOF
Updating the databases.
This will take a long time, maybe more than two hours.
During this time, the following command seems to be unresponsive.
Please be patient...
You can monitor the update process. Use tail -f /var/log/gvm/gvmd.log in a second terminal.
It should not hang more than 10 minutes on one line...
If it hangs at "Updating placeholder CPEs", interrupt the script and try again.
EOF
echo $RESET
systemctl start postgresql
sleep 4
sudo -u _gvm gvmd --migrate
echo -e ${YEL} Done.$RESET
#-------------------------------------------------------------
# Rewrite service file if necessary:
#-------------------------------------------------------------
fn_line
echo -e ${YEL}Updating the service file...$RESET
sleep 3
THIS_HOST=$(hostname)
MY_IP=$(host $THIS_HOST |awk {'print $4'}) # Automatically find my IP address
sed -i "s/127.0.0.1/$MY_IP/g" $SERVICE_FILE # Replace the default IP by my ip address
sed -i "s/9392/$PORT/g" $SERVICE_FILE # Replace the default port by my port
sed -i "s/${PORT}.*/${PORT} --no-redirect --ssl-private-key=\/etc\/gvm\/$SSL_KEY --ssl-certificate=\/etc\/gvm\/$SSL_CERTIFICATE/g" $SERVICE_FILE # Insert certificate file after the port on same line
fn_line
#-------------------------------------------------------------
# Start gvm service:
#-------------------------------------------------------------
echo -e ${YEL}Starting gvm service:$RESET
gvm-start
systemctl daemon-reload && systemctl restart gvmd.service gsad.service greenbone-security-assistant.service
#-------------------------------------------------------------
# Update feeds:
#-------------------------------------------------------------
if [[ $FEED_UPDATE == "yes" ]]; then
echo -e ${YEL}Doing a feedupdate, please wait ...$RESET
#sudo greenbone-feed-sync
/usr/sbin/gvmd --optimize=vacuum
/usr/sbin/gvmd --optimize=analyze
/usr/sbin/gvmd --optimize=cleanup-report-formats
/usr/sbin/gvmd --optimize=cleanup-result-nvts
/usr/sbin/gvmd --optimize=cleanup-config-prefs
/usr/sbin/gvmd --optimize=cleanup-result-severities
/usr/sbin/gvmd --optimize=update-report-cache
sudo -u _gvm greenbone-scapdata-sync >/var/log/gvm/gvm-feed-update-SCAP.log
sudo -u _gvm greenbone-feed-sync --type GVMD_DATA 2>/var/log/gvm/gvm-feed-update-GVMD.log
sudo -u _gvm greenbone-certdata-sync >/var/log/gvm/gvm-feed-update-CERT.log
sudo -u _gvm greenbone-nvt-sync >/var/log/gvm/gvm-feed-update-sync.log
fi
#-------------------------------------------------------------
# Printing new version:
#-------------------------------------------------------------
fn_line
echo Done.
echo -e ${YEL}NEW VERSION$RESET
openvas --version
fn_line
echo
echo -e ${YEL}A backup of your original $SERVICE_FILE is located in ${BACKUP_DIR}$RESET
echo "Have fun ;-)"
fn_line
Hi Birgit and welcome to the forum.
It should be noted that your script is for Kali native install, however, this is the "Community Containers" category and the OP is asking about "Greenbone Docker Containers"
Hi Rippledj,
Thank you for your message. Should I delete my post?