The Greenbone Vulnerability Management - in short GVM and previously known as OpenVAS - is an open source vulnerability scanner and uses vulnerability information from several sources, called "feeds".
In the GVM user interface (Greenbone Security Assistant, short GSA) these feeds and their status can be seen under Administration -> Feed Status:
Here we can see all the local feeds are 4 days old. It's not too bad yet they are 4 days behind of the public feeds.
To manually update the locally stored vulnerability information, the local feeds need to be synced from the public feeds. In order to do that, you first need to access the GVM server (or appliance) on a SSH terminal. Then use the command greenbone-feed-sync, but make sure you run this command as gvm user.
If you've followed the official GVM setup documentation, you can run the following command to sync the GVMD_DATA feed:
root@openvas:~# sudo -u gvm greenbone-feed-sync --type GVMD_DATA
Greenbone community feed server - http://feed.community.greenbone.net/
This service is hosted by Greenbone Networks - http://www.greenbone.net/
[...]
sent 102,474 bytes received 74,826 bytes 354,600.00 bytes/sec
total size is 12,704,064 speedup is 71.65
This should be fairly quick and the GSA user interface should show a few seconds later that the GVMD_DATA is now synced (Status: Current):
To update the CERT and SCAP feeds, run the same command with a different feed type:
root@openvas:~# sudo -u gvm greenbone-feed-sync --type CERT
root@openvas:~# sudo -u gvm greenbone-feed-sync --type SCAP
This will cause some load on the GVM server as feeds and the database in the background are updated:
During the update the user interface might show "Update in progress..." on all feeds:
After a couple of minutes the local feed should be in sync and the feeds show "Current" as status.
All feeds? Almost... The NVT feed is still 4 days old.
The command used for syncing the feeds, greenbone-feed-sync, only supports "GVMD_DATA", "CERT" and "SCAP" as feed type (--type parameter). An error will show the currently valid types:
root@openvas:~# sudo -u gvm greenbone-feed-sync --type NVT
Invalid feed type NVT given to --type parameter. Currently supported: CERT, SCAP or GVMD_DATA
To manually update the NVT feed, another command, greenbone-nvt-sync, needs to be used:
root@openvas:~# sudo -u gvm greenbone-nvt-sync
This feed sync can take quite some time. Once this is finished, the NVT feed should show as "Current" and therefore up to date, too:
Outdated or un-patched systems are beloved targets by hackers and automated hacking scripts and malware. A well written malware can detect vulnerabilities (e.g. an unpatched Windows Domain Controller), exploit vulnerabilities, encrypt files on local disks or network shares and infect additional machines.
It's therefore very important to discover the vulnerabilities on public and internal networks before a malware does. Infiniroot can help with an a security review of your public or internal servers and give you recommendations how to increase security in your networks.
ck from Switzerland wrote on Jan 10th, 2023:
Lewis, nope, no idea. I ran into a lot of issues trying to run GVM in a Docker setup (e.g. wrong socket path used in one of the start scripts in the Docker image) so I did not bother and installed GVM in a full VM instead.
Lewis from wrote on Jan 9th, 2023:
Any idea on how to do this for a GVM docker image?
ck from Switzerland wrote on Dec 12th, 2022:
darkfader, no, I do not know that. Indeed, the UI does not look very modern. But to me the vulnerability list and plugins are more important, and they still seem to be updated frequently. Maybe ask the Greenbone CE community if there are plans for an updated UI. I myself am not very involved in their community, just a basic user of GVM CE.
darkfader from wrote on Dec 10th, 2022:
I've run into Greenbone due to the integration with Verinice.
Do you know if there will be some refresh of Greenbone at some point?
I honestly was shocked that seemingly no work has been put into the UI for a decade, the scan jobs are a bit inefficient to configure and Windows scanning requires so many permissions that some agent would be safer by a margin. I simply don't understand where the software is aiming to go.
It feels as if they are letting it die, but I don't think it's the case.
AWS Android Ansible Apache Apple Atlassian BSD Backup Bash Bluecoat CMS Chef Cloud Coding Consul Containers CouchDB DB DNS Database Databases Docker ELK Elasticsearch Filebeat FreeBSD Galera Git GlusterFS Grafana Graphics HAProxy HTML Hacks Hardware Icinga Icingaweb Icingaweb2 Influx Internet Java KVM Kibana Kodi Kubernetes LVM LXC Linux Logstash Mac Macintosh Mail MariaDB Minio MongoDB Monitoring Multimedia MySQL NFS Nagios Network Nginx OSSEC OTRS Office PGSQL PHP Perl Personal PostgreSQL Postgres PowerDNS Proxmox Proxy Python Rancher Rant Redis Roundcube SSL Samba Seafile Security Shell SmartOS Solaris Surveillance Systemd TLS Tomcat Ubuntu Unix VMWare VMware Varnish Virtualization Windows Wireless Wordpress Wyse ZFS Zoneminder