... let's drop a green monster into the mix.
Years ago I ran OpenVAS on my home network as a vulnerability scanner. It was great but updates were challenging and once my old VM host started to show it's age I turned down that VM. With all the other new updates I have been implementing, it was time to get scanning again.
As I frequently find, many of the online guides for installing <something> on <some platform> fail to get into the details about which versions and end up providing incorrect information. So, please note these notes are for: Greenbone GVM 22.04 on Ubuntu 22.04 LTS
The best (and accurate) guide I found online seems to be this one:
https://launchpad.net/~mrazavi/+archive/ubuntu/gvm
I'll also note there is mention of the new notus-scanner, for which I'm getting mixed messages about it's availability for the community project so for now, I'd just give that a pass.
Notes to augment the linked guide above:
After following all the database update commands:
sudo -u gvm -g gvm greenbone-nvt-sync
sudo -u gvm -g gvm greenbone-feed-sync-legacy --type CERT
sudo -u gvm -g gvm greenbone-feed-sync-legacy --type SCAP
sudo -u gvm -g gvm greenbone-feed-sync-legacy --type GVMD_DATA
The bit about the database is a bit confusing. it says "To remove NVT db, and rebuild it from the scanner" what it probably should say is "After these updates you MUST rebuild the database" YMMV but restarting the services also seemed to trigger this update, which took quite a while to complete. You can check that status through the web UI from the Administration | Feed Status menu:
Which will give you a current status for all the various feeds:
Two other oddities for Greenbone that you will likely encounter are that the web UI only listens on localhost and that it only supports http connections by default. There are many guides that explain how to get around this by changing the listening config under /etc/default and adding SSL certs but. Personally, I'd recommend just installing nginx and setting it as a reverse proxy. This gives finer control and solves both issues with one set of settings.
Some Updates
If any of the feeds show a version like 0T rather then showing versions that look like dates (e.g., 20201229T1131) you may need to re-run some of the updates listed above.
(If any feed still shows a status of 'Update in progress' wait for them to complete first)
When you run the commands the feed status in the web interface will change back to show that it's updating. Again, wait for it to complete before running the next command. Once all the feeds are showing versions that look like dates (e.g., 20201229T1131) and the status is no longer showing as updating you should be able to start scanning as usual.
I also received this error:
receiving incremental file list
rsync: [Receiver] mkdir "/var/lib/notus" failed: Permission denied (13)
rsync error: error in file IO (code 11) at main.c(791) [Receiver=3.2.7]
This was preventing the main NVT feed update from completing. Creating the /var/lib/notus
folder and chown gvm:gvm
then run the feed sync again: sudo -u gvm -g gvm greenbone-nvt-sync
After the rsync
completes it takes a while before the webUI will show the update happening - you can see things working in the background with a top
though:
Once that finished the NVT sync actually completed and everything finally got imported into the database.
Why all this? From what I can tell there are several issues. First there is a bug with the timing of the updates following the sync and sometimes certain updates won't actually happen without the previous completing first. Also with the new notus scanner the main feed sync has been modified to include that, but in the community edition it isn't fully implemented yet, so the notus components are not automatically created.
Auto-Updates
The install is supposed to create a crontab for the gvm user to keep these feeds up to date. But...
sudo crontab -l -u gvm
no crontab for gvm
That also didn't happen. To resolve this I suggest creating the following file:
/usr/local/bin/greenbone-update.sh
And populate with:
/bin/greenbone-nvt-sync
/bin/greenbone-feed-sync --type GVMD_DATA
/bin/greenbone-feed-sync --type SCAP
/bin/greenbone-feed-sync --type CERT
(Doublecheck the location of greenbone-nvt-sync
as it might be in /usr/local/bin
or /usr/local/sbin
)
Then set up a crontab for root to run this (daily is probably good)
0 0 * * * sudo -u gvm /usr/local/bin/greenbone-update.sh