Add third party nasl to OpenVAS/GVM

gvm-10

#1

Hello, I am trying add my own nasl script in the new version of GSA, and not appear.

my deployment for Greenbone is
Greenbone Security Assistant 8.0+beta2

I add the new plugins to the /usr/local/var/lib/openvas/plugins/
path.

I read that in this new version not had rebuild cache option, but I don’t understand how the system add the new script to GSA.

Thanks


Latest version of OpenVAS can't load 3rd party NVT plugins
#2

Actually you need to make the scanner make aware of the new script. GSA is the web interface and simply shows what is collected in the database. See here for an overview how the modules relate to each other:

If you enabled signature checking for your setup, then you need to establish trust for your own scripts or else they will be ignored:

You need to use a OID out of a special range to prevent collision and you should place them into the “private/” directory to not let it be removed during feed sync.

Please check the log files for any problems with the scripts. The following topic might help with resolving any problem:


#3

Ok all this i know and I understand, set the new script in the path where the greenbone-nvt-sync put the Greenbone Community Feed NVTs, check that the oid is unique, restart the openvassd for reload the nvts like de pic

22786 1 0 08:22 ? 00:00:00 /usr/local/sbin/openvassd
root 22788 22786 0 08:22 ? 00:00:00 openvassd (Loading Handler)
root 22789 22786 9 08:22 ? 00:00:51 openvassd: Reloaded 32850 of 48652 NVTs (67% / ETA: 04:07)

when reload completly restart gvmd and gsa but the numbers of NVT appeared in the web not contain the new nasl script.

image

If you can see, the number of NVT show in the reload process and the number in the GSA web is diferent, Why? openssd not is the tool for update de sqlite?

In the openssd.conf i put the var for not check signatures like the future releases say that the community edition will work.

openvassd -s
non_simult_ports = 139, 445, 3389, Services/irc
be_nice = no
safe_checks = yes
nasl_no_signature_check = yes
time_between_request = 0
logfile = /var/log/openvas/openvassd.log
expand_vhosts = yes
max_checks = 10
optimize_test = yes
report_host_details = yes
config_file = /usr/local/etc/openvas/openvassd.conf
unscanned_closed_udp = yes
include_folders = /usr/local/var/lib/openvas/plugins
test_empty_vhost = no
plugins_timeout = 320
cgi_path = /cgi-bin:/scripts
checks_read_timeout = 5
unscanned_closed = yes
auto_enable_dependencies = yes
log_whole_attack = no
db_address = /var/run/redis/redis-server.sock
drop_privileges = no
log_plugins_name_at_load = no
scanner_plugins_timeout = 36000
timeout_retry = 3
max_hosts = 30
network_scan = no
open_sock_max_attempts = 5
plugins_folder = /usr/local/var/lib/openvas/plugins


#4

Following this installation step by step https://sadsloth.net/post/install-gvm10beta2/

I tried other posibility, I add my new nasl scritp before install gvmd-8.0-beta2 and cd gsa-8.0-beta2 if i do this action the script appears in the GSA, This made me think that the rebuild NVT information in GVMD don’t work fine or I don’t know how rebuild this correctly


#5

You can investigate your issue by asking two questions:

Step 1: Is the Scanner (openvassd) aware of the plugin ?

  1. Put your plugin in the plugins directory (under private/ if you don’t want it to disappear with feed updates…)
  2. Restart openvassd (or kill -HUP), check the log files for any errors.
  3. To verify that it was inserted correctly in the nvticache (Redis) by the scanner, use these commands (adjust for redis socket path, plugin name and oid):

$ sudo redis-cli -s /tmp/redis.sock
redis /tmp/redis.sock> select 1
OK
redis /tmp/redis.sock[1]> keys 2018/apple/gb_apple_macosx_HT209193_02.nasl

  1. “filename:2018/apple/gb_apple_macosx_HT209193_02.nasl”
    redis /tmp/redis.sock[1]> keys 1.3.6.1.4.1.25623.1.0.814422
  2. “nvt:1.3.6.1.4.1.25623.1.0.814422”

There is one important caveat though: GVMd rebuilds the cache automatically, but only when the plugin feed version has changed, ie. In plugins/plugin_feed_info.inc, increase PLUGIN_SET value before you reload/restart openvassd.


#6

It is also possible to trigger a rebuild of the manager via SQL commands:

PostgreSQL

psql -q --pset pager=off gvmd -c "DELETE FROM meta where name = 'nvts_feed_version' OR name = 'nvts_check_time';" 

SQLite

/usr/bin/sqlite3 /path/to/var/lib/gvm/gvmd/gvmd.db "DELETE FROM meta where name = 'nvts_feed_version' OR name = 'nvts_check_time';"