Closed deajan closed 1 year ago
So far I've modded the image by adding --disable-notus-hashsum-verification True
into /scripts/openvas.sh
and /scripts/single.sh
Also added --disable-hashsum-verification True
in /scripts/notus-scanner.sh
This permits me to test notus. Of course, this is far from an ideal solution.
If you are still seeing this with the latest, could you please provide details on how you are starting the container.
Thank you, -Scott
OK .. found the issue here .... Need to set the environment variable for the OPENVAS_GPG_HOME ... It was set during the creation of the gpg keys, but not at runtime ... 22.4.14 resolves this.
Thanks, Scott
Thanks, I'll try this shortly.
Btw, even with notus running via my workaround, I got 80k instead of 120k NVTs shown in GUI.
Do you run feed update with--notus
too ?
Didn't see it in sync.sh
To the best of my knowledge, there is no "--notus" option. ( You freaked me out, so I just double-checked.) But, my production, which is running the latest is showing 128k NVTs.
Lol, sorry for that.
I meant greenbone-nvt-sync --type notus
.
I'll recheck with your newer build shortly.
greenbone-nvt-sync does not have a "--type" option. It just syncs all of the NVTs.
su -c "./greenbone-nvt-sync --help" gvm
<28>May 11 03:36:09 greenbone-nvt-sync: The log facility is not working as expected. All messages will be written to the standard error stream.
./greenbone-nvt-sync: Sync NVT data
--describe display current feed info
--feedcurrent just check if feed is up-to-date
--feedversion display version of this feed
--help display this help
--identify display information
--nvt-dir dir set dir as NVT directory
--notus-dir dir set dir as NOTUS directory
--selftest perform self-test and set exit code
--verbose makes the sync process print details
--version display version
The greenbone-feed-sync script has a "--type" option, but "NOTUS" is not one of those options. Unless GB slipped something in somewhere without documenting it
./greenbone-feed-sync --help
Running as root
./greenbone-feed-sync: Sync feed data
No access key found: Using Community Feed
--describe display current feed info
--feedversion display version of this feed
--help display this help
--identify display information
--selftest perform self-test
--type <TYPE> choose type of data to sync (CERT, SCAP or GVMD_DATA)
--version display version
To the best of my knowledge, and after reviewing the installation docs for 22.4, the greenbone-nvt-sync and feed-sync scripts with the types listed above cover the data needed for the notus scanner scans.
If I missed something, please let me know as that would be a huge omission.
Thanks, Scott
Then there's obviously something very strange in my witness setup where I am comparing self build with your docker build openvas
You are building from the master branch. I'm building from the stable branch.
Your version is 23.4 22.4 does not have that option.
^^ Well, then, sorry for the noise. I'll still have to try your new build, but obviously I'll need to compare the comparable.
What puzzles me in my build is that I used the advertised versions, eg:
Anyway, that's out of the scope of this issue.
More curious ... the nvt-sync is packaged with the openvas-scanner. Your openvas_scanner is 22.4.2 mine is 22.6.2 Yet your script is 23.4.0
I automated a check for the latest stable relase via the github APIs, so that's where I'm getting the versions. currently: pg_gvm=v22.4.0 notus_scanner=v22.5.0 gvmd=v22.4.2 openvas=v22.6.2 openvas_smb=v22.5.0 gvm_libs=v22.5.2 openvas_scanner=v22.6.2 gsa=v22.4.1 ospd=v21.4.4 ospd_openvas=v22.5.1 python_gvm=v23.4.2 gvm_tools=v23.4.0
Something similar came up on the forums, so I asked one of the lead developers to clarify.
Yes, you actually posted on my thread in the forum ^^
lol ... I guess I did ...
It seems there is a new version of the script separate from the other repos.
Hello,
Trying your setup, I noticed that notus scanner data cannot be loaded by ospd:
I've tried this with three different fresh images of yours (and of course fresh data mounts in docker):
I've gone into the shell of those, and cannot see what is the culprit. feed syncs have been done without problems.
sha256 sums of notus advisories are correct:
Can I provide any helpful data perhaps ?