Signature check in OpenVAS 9

gvm-9
signature

#1

Hello, I wanted to know how to enable signature check for custom scripts in Openvas 9. I have created a script or modified a existing script and signed them with my local key. But, there is a error when restarting openvassd. It says “No checksum for this nasl script” and “Unable to load”. For a modified script it says “Checksum not matching, unable to load”. Please help me with the signing of any new scripts in Openvas 9.


Custom scripts and signature check Openvas 9
Signature check for custom scripts in Openvas 9
#2

A first start for enabling signature checks can be found at


#3

I did all the configurations in this link, but How to sign the custom or modified scripts?


#4

I followed the link

GCF: Managing the digital signatures

I signed the key as in link and set trust to “ultimate” for all the keys I have. Also to “Greenbone Community Feed integrity key” according to the link above.

Please help me with the signing of any new custom or modified scripts in Openvas 9.


#5

Hey @manasa-ummadi,

There were changes to the signature verfication steps in OpenVAS 9 and later. The file sha256sums in your plugins folder is verified, before loading the checksums of all plugins from there for verification. Signing every plugin is not needed anymore (the .asc files in feed are kept for backward compatibility at the moment.)

In your case:

  1. Add your script’s name and its sha256 checksum to plugins/sha256sums
  2. Generate a new signature for the sha256sums file (as the old sha256sums.asc is not valid anymore.)

#6

Thank you very much for your reply.