Manual Feed Update

Hi everyone,

Due to constraints, how would one person update OpenVAS manually (contrary to the usual RSYNC)?

I figured out the part for NVT feed, where OpenVAS website would provide a downloadable content for all the NVT records. Then all you have to do is to unzip and paste the whole content where all the .nasl files are stored (just do a find / -name *.nasl).

But what about the SCAP and CERT data? from the commands:

greenbone-scapdata-sync
greenbone-certdata-sync

And what do each of these records do?

SCAP from what I’ve read, seems to point towards configuration checks. (let me know if I’m wrong)

Cheers!

At the moment, you do need rsync for downloading SCAP/CERT. For the community we currently
do not have a direct download process.

If rsync does not work from where you run the GSE setup, you need to rsync to another host and then transfer data to your GSE host.

I am aware this is inconvenient and I hope we can improve the situation. But for time being already the delta-downloads for the community feed are very high in volume. Plain full daily downloads of all of the SCAP/CERT data would slow down updates for all community users.

Hi,

neither SCAP nor CERT data is directly related to vulnerability scanning or configuration checks.

You need to see both data sets as some sort of additional but optional metadata. This metadata is provided at the SecInfo Management and is just adding additional information about vulnerabilities.

In short words: There is no lower coverage of product/vulnerability detection or configuration/policy checks if you don’t sync the SCAP and/or CERT data.

Hi cfi,

Thanks for the clarification! That would really help calm my nerves.

Cheers!

Hello,

I updated the NVTs database manualy, using the link provided here: About Greenbone Community Feed (GCF)

SCAP and CERT data are empty, but following your advice I did the scans without them.
However, it seems like openVAS is not aware of the new vulnerabilities on the Oracle Web Logic Servers. In the results, I can see that very old vulnerabilites are detected (which are already fixed on the servers), and the new ones are not. This leads me to thinking that some component of openVAS is not updated. Is copying the NVT record in all of the folders that contain .nasl files enough? (as @jjacec1 explained in the initial post)?

Thank you!
BR,
HM

A post was split to a new topic: Which GVM variant is Kali shipping?