How to Update OpenVAS data feeds in Ubuntu 18.04


I am documenting how to update the Greenbone Security Scanner feed in OpenVAS running on Ubuntu 18.04.  OpenVAS is a great tool for scanning your system for known vulnerabilities.

How to manually update the Security Scanner Feed

OpenVAS Vulnerability Scanner

  1. sudo systemctl stop openvas-scanner
  2. sudo systemctl stop openvas-manager
  3. sudo greenbone-nvt-sync
  4. sudo greenbone-certdata-sync
  5. sudo greenbone-scapdata-sync
  6. sudo systemctl start openvas-scanner
  7. sudo systemctl start openvas-manager
  8. sudo openvasmd –update –verbose –progress.  Step 8 took my AMD Thread-ripper system about 1 minute to process and is the longest part of the process.

Assumptions for this working are as follows:

Snapshot of a typical Greenbone feed status

You have a working OpenVAS system and that you have already performed the initial sync of the feeds

Now, if you do not use the OpenVAS scanner very often, or you do not have any scheduled tasks the above manual process will likely work just fine. I wanted to write a script that would automate this, and also to automate the schedule.  Here is how I did this

  1. create a file to house the script.  I created a file called updateopenvas.bash in my Home folder.  /home/”name of home folder”
  2. Open the file in your favorite editor
    1. sudo nano updateopenvas.bash
    2. /usr/sbin/greenbone-nvt-sync
      /usr/sbin/greenbone-certdata-sync
      /usr/sbin/greenbone-scapdata-sync
      /usr/sbin/openvasmd –update –verbose –progress
      /bin/systemctl restart openvas-scanner
      /bin/systemctl restart openvas-manager
    3. Then Ctrl o to save
    4. Ctrl x to exit
  3. chmod a+x updateopenvas.bash
  4. Test the script
  5. sudo sh updateopenvas.bash
  6. fix any errors, run the script until it finishes properly
  7. Now schedule the job
  8. sudo chrontab -e

    crontab -e to schedule a job

  9. Choose Item one if prompted
  10. Item 1 picks the default Nano editor
  11. This is similar to performing a sudo nano /etc/crontab (this shows system wide jobs)
  12. If you have not run this before the document will contain only directions
  13. Add the following to the bottom of the text
  14. 0 1 * * * /home/lance/updateopenvas.bash 1>/dev/null 2>/dev/null
  15. Then Ctrl o to save
  16. Ctrl x to exit
  17. The Cron job will execute at 0 minutes past 1:00 AM in the morning ever day with no output or loging.
  18. wait until the next day and take a look at your settings in the Greenbone feed status.
  19. If the Cron job is working properly, it will be up to date.

You should not have to manually update the file again.