
I am documenting how to update the Greenbone Security Scanner feed in OpenVAS running on Ubuntu 18.04. OpenVAS is a great tool for scanning your system for known vulnerabilities.
How to manually update the Security Scanner Feed
- sudo systemctl stop openvas-scanner
- sudo systemctl stop openvas-manager
- sudo greenbone-nvt-sync
- sudo greenbone-certdata-sync
- sudo greenbone-scapdata-sync
- sudo systemctl start openvas-scanner
- sudo systemctl start openvas-manager
- sudo openvasmd –update –verbose –progress. Step 8 took my AMD Thread-ripper system about 1 minute to process and is the longest part of the process.
Assumptions for this working are as follows:
You have a working OpenVAS system and that you have already performed the initial sync of the feeds
Now, if you do not use the OpenVAS scanner very often, or you do not have any scheduled tasks the above manual process will likely work just fine. I wanted to write a script that would automate this, and also to automate the schedule. Here is how I did this
- create a file to house the script. I created a file called updateopenvas.bash in my Home folder. /home/”name of home folder”
- Open the file in your favorite editor
- sudo nano updateopenvas.bash
- /usr/sbin/greenbone-nvt-sync
/usr/sbin/greenbone-certdata-sync
/usr/sbin/greenbone-scapdata-sync
/usr/sbin/openvasmd –update –verbose –progress
/bin/systemctl restart openvas-scanner
/bin/systemctl restart openvas-manager - Then Ctrl o to save
- Ctrl x to exit
- chmod a+x updateopenvas.bash
- Test the script
- sudo sh updateopenvas.bash
- fix any errors, run the script until it finishes properly
- Now schedule the job
- sudo chrontab -e
- Choose Item one if prompted
- Item 1 picks the default Nano editor
- This is similar to performing a sudo nano /etc/crontab (this shows system wide jobs)
- If you have not run this before the document will contain only directions
- Add the following to the bottom of the text
- 0 1 * * * /home/lance/updateopenvas.bash 1>/dev/null 2>/dev/null
- Then Ctrl o to save
- Ctrl x to exit
- The Cron job will execute at 0 minutes past 1:00 AM in the morning ever day with no output or loging.
- wait until the next day and take a look at your settings in the Greenbone feed status.
- If the Cron job is working properly, it will be up to date.
You should not have to manually update the file again.
One Reply to “How to Update OpenVAS data feeds in Ubuntu 18.04”