i have implemented this guide. https://www.greenbone.net/inbetriebnahme-der-gce Whenever I start the VM and log on to the console, he wants to continue the setup with the community feed. However, this seems to fail because shortly thereafter comes the message that the server is not accessible. In the web interface I see the following for feed status:
]Greenbone Community Feed 20200728T1419 Aktuell
]Greenbone Community SCAP Feed 20200728T0130 Aktuell
]Greenbone Community CERT Feed 20200728T0030 Aktuell
I can also scan with results. Now of course I wonder which of the two is right? The web interface or the console? What makes me wonder is the result of both scans. Once scan configuration
Full and fast and as a counter test scan configuration
Full and very deep ultimate. The first took only 2 minutes and the second only 3 minutes. As a result, only this was criticized as low: It was detected that the host implements RFC1323/RFC7323.
The following timestamps were retrieved with a delay of 1 seconds in-between:
Packet 1: 3611918585
Packet 2: 3611919677
So far I have been using lynis which has shown me a whole range of security improvements. https://cisofy.com/lynis/ .
So I wonder if the VM with the messed up feed in the console is now running correctly or not.
as far as I remember lynis runs on a local system. Have you configured login details for your scan targets? Is there any service running on your targets with known vulnerabilities or did you harden your targets before scanning?
The web interface should list which nvts, scap, cert data it has loaded, if it is there you will also see it on the local file system of your gvm installation.
the NVT, SCAP, and CERT feeds are independent of each other. While the versions are usually one and the same, they may differ if we release an unscheduled or additional feed update. As long as the status is “Current”, or “Aktuell” in German, you should be fine.
Regarding the feed server connectivity, please note that the feed updates are unavailable for a short time window between 10:00 and 13:00 UTC, or during any unscheduled or additional feed updates, while we update the feed server. In such a case, please wait and try again later. If your problems persists, I can only give you the general advice to check the network settings of your GCE. Please make sure the URL
feed.community.greenbone.net can be reached and resolved from your virtual machine.
As for the scan results, please make sure to configure one or more
Credentials for authenticated checks for your target. If no credential is configured, the GCE will test the target externally, which will only expose very serious flaws such as default logins or firewall misconfigurations.
An internal scan is required to get a full overview about your target system. Please refer to:
and thanks for the quick feedback. Briefly about the system to be scanned: it is a freshly installed Debian 10.4 without an active firewall or other security measures. However, with an Apache web server. Therefore I assume that this is definitely a worthwhile target for gaps. PING feed.community.greenbone.net (220.127.116.11) 56(84) bytes of data. is currently not available. Neither from the guest nor from the host. I think this is the mentioned time window, which is why I will try again later. I also noticed that the time in the VM is not correct. Here is a difference of 2 hours. Can I correct this? I tried it briefly in the console but did not have the necessary rights.
A few notes about unauthenticated scans against a Linux system:
- such scans doesn’t show that much vulnerabilities due to the availability of security backports like done by Debian
- the version of e.g. Apache might be not exposed at all in default configurations
- when scanning Linux systems you might need to lower the “QoD” of your filter to show more vulnerabilities which have a risk of false positives. See https://docs.greenbone.net/GSM-Manual/gos-6/en/glossary.html#quality-of-detection-qod for some info about the QoD and https://docs.greenbone.net/GSM-Manual/gos-6/en/web-interface.html#adjusting-filter on how to adjust your filter
Also note that Lynis seems to be more like a Tool checking for compliance / hardening / configuration issues (if i’m understanding the screenshots correctly) and is not a vulnerability scanner like GVM so the results might differ on a default scan.
To check policies / compliance with GVM you need to do a few additional steps:
Note that a few policies / compliance scans like e.g. Linux Secure Configuration - Policy Scan are also only part of the commercial GSF.