End of Life of the scanner engines

[antonisnyc94]

Hello,

We receive a 10/10 CVSS alert after every scan mentioning that the scanner engine has reached its end of life! Do you know what steps need to be take to remediate this? Do we need to install different packages or just update them? And does this mean that we no longer receive up to date vulnerability updates?

Thanks in advance, Tony

[Dexus]

😪

[markdesilva]

I've been seeing the same thing for days.

Running the latest tag.

[markdesilva]

And how do we migrate the old databases to the new image? The one from the old bind gvm-data:/data to the new bind ./storage?

[rroethof-anylinq]

Seems to be linkable to #299

[tonnyhideyori]

I have received the same error when i check at the logs this was one of the logs md main:MESSAGE:2021-11-16 12h01.56 utc:126: Greenbone Vulnerability Manager version 21.4.3 (DB revision 242)

[markdesilva]

Seems to be linkable to #299

Yes, that's my post. I didn't see anyone else comment so I thought I was the only one with the issues and something was wrong with my setup. At least I'm not on my own on this.

Latest version of of GVM is 21.4.4. I found other docker containers for this but oddly, even those are showing gvm-libs 21.4.2 when they should be the latest. I wonder if its a problem at the greenbone source.

[markdesilva]

In any case I'd like to find out about migrating the database from the 21.4.0-v5 and earlier tag to the newer 21.4.3 tags. The postgres versions are different, one is version 12 the new one is version 13.3. Even if I pg_dumpall the old dbs, I can't import to the new one, importing gives an error and messes up the gvm database. I thought there was going to be script provided, but I can't find it.

[markdesilva]

Seems like a greenbone bug?

Other gvm container maintainers are seeing the same issue even with 21.4.3 libs

https://github.com/immauss/openvas/issues/87 https://github.com/immauss/openvas/issues/86

[cfi-gb]

Just got pointed to this issue and wanted to add some notes:

The message is shown because this docker container is very likely using the version 21.4.2 for the openvas-scanner component of GVM which is lacking one version behind the recent 21.4.3 one (haven't found the exact place where this version is getting pulled in).

I have added some more additional (background) info here:

https://community.greenbone.net/t/21-4-3-gvmlibs-and-nvt-for-end-of-life-scan-engine/10731/2

An update to the VT in question to clarify in the message that the version of the openvas-scanner component is checked by this VT for recent (and still supported) GVM version will arrive in the feed tomorrow or the day after.

[markdesilva]

Is this issue resolved with new feed updates for those using the latest tags? I’m still seeing the “outdated gym libs” warning.

[rroethof]

Just ran the feed updates and still having the issue unfortunatly

[markdesilva]

Just ran the feed updates and still having the issue unfortunatly

Thanks for the confirmation @rroethof, guess we have to wait a little longer.

[cfi-gb]

Just ran the feed updates and still having the issue unfortunatly

For clarification:

This can be only solved if the docker container provided by this project is updated to the most recent versions of all GVM components (seems this is currently prepared in #302).

The previously mentioned change in the feed only had updated some text parts of the message to better reflect which component needs to be updated.

[markdesilva]

Hmmm #302 seems to be having issues like the build immauss is working on.

[markdesilva]

And is there a script or something for migrating the postgres from the old setup (21.1.0) to the current tag setup?

[Dexus]

And is there a script or something for migrating the postgres from the old setup (21.1.0) to the current tag setup?

No, it's not and maybe it will never come. :(

[markdesilva]

No, it's not and maybe it will never come. :(

:(

Thanks @Dexus, guess I'll start downloading all my past reports and prepare to key in all the overrides, targets and scans again.

[antonisnyc94]

@austinsonger @Dexus is there any chance the updates can be pushed to dockerhub?

[austinsonger]

@antonisnyc94 yeah trying to troubleshoot that now. You can pull from the github registry in the mean time. https://github.com/Secure-Compliance-Solutions-LLC/GVM-Docker/pkgs/container/gvm-docker

[Dexus]

@austinsonger v21.4.4 PR #302 was not finished... now it need a new PR

[austinsonger]

@Dexus It was marked as "Ready for Review" that is why I merged it.

[Dexus]

But all tests where red… ;)

Von meinem iPhone gesendet

Am 20.11.2021 um 00:12 schrieb Austin Songer @.***>:

 @Dexus It was marked as "Ready for Review" that is why I merged it.

— You are receiving this because you were mentioned. Reply to this email directly, view it on GitHub, or unsubscribe.

[antonisnyc94]

Thank you @Dexus @austinsonger !! You guys rock!

[markdesilva]

I'm taking we shouldn't pull this to update then.

[markdesilva]

Saw a newer 21.4.4-v1 release. Is this ok to use?

Also are the openvas scanner images going to be updated to 21.4.4 as well?

[austinsonger]

@markdesilva we only push releases if they are ready to be pushed to master.

[antonisnyc94]

@austinsonger @Dexus quick question. I just saw the update in dockerhub. I only saw the Debian update. Does this mean that you guys will no longer support alpine?

[Dexus]

At the moment we are discontinuing support for Alpine, but that shouldn't be forever, at least not from my side. The problem is still that there are incompatibilities between some Linux distros. And there is some work from Greenbone and the community to fix these problems so that we can use it on all kinds of Linux distros.