Precursor: I am using OpenVAS/GSA on Kali GNU/Linux Rolling in VMWare

Running ‘apt-get install openvas’ returns: openvas is already the newest version (9.0.3kali1).

Looking in /var/lib/openvas/cert-data/ I have ‘CB-K13.xml’ and ‘CB-K14.xml’, but no ‘cert.db’

Running ‘openvas-feed-update’ updates NVT and SCAP, but CERT Data has the following issue (same issue if I run ‘greenbone-certdata-sync’ or ‘sudo greenbone-certdata-sync’ - doesn’t matter which one - CERT data won’t sync)

rsync: read error: Connection reset by peer (104)
rsync error: error in socketIO (code 10) at io.c(794) [receiver=3.1.3]
rsync: connection unexpectedly closed (612 bytes received so far) [generator]
rsync error: error in rsync protocol data stream (code 12) at io.c(235) [generator=3.1.3]

Running ‘openvas-check-setup’ - everything looks good except for the CERT data

I’ve tried restarting, rebuilding, removing/reinstalling, everything else works well in the platform, but CERT data is not syncing.

From reading around the community site and other locations where I’ve seen a similar issue, I read that I might need to check if ports 24 and/or 873 are open (outgoing from this host) for rsync/ssh. Is that a good next step for me to check?

Scan are running with no issues at all - the product is solid - I’m just wanting to make sure I get this aspect of the platform working, as - the more info I get about detected vulnerabilities, the better - IMHO.

Thank you all in advance for any assistance with my n00b question.

Best Regards,


Please have a look to the previous posts, it seems all possible answers are already given to this topic.

Search and Read the topic before posting will help you as well.

Lukas - thank you for your quick reply!

Prior to posting, I searched and read just about every other post on this and several other sites regarding ‘greenbone-certdata-sync’.

I am not having issues with NVT or SCAP (most others aren’t either), but for some strange reason, CERT Data doesn’t want to sync.

I used ‘nc 873’ and got the same output as you replied in the post you referenced above.

Is there a ‘wget’ path/URL that we can use to grab the CERT data? (I tried --wget and --curl at the end of ‘greenbone-certdata-sync’ - neither worked - got the same rsync errors).

Nope only the RSYNC protocol is supported, you need to ensure that no 2nd session is active (NAT gateway or proxy) might block it due to keeping a session longer alive as it should be. Just connect your GCE installation DIRECT to the internet, not behind a NAT-gate, firewall or router :wink:

1 Like