Re: [Openvas-discuss] SCAP / CERT Databases missing

Michael . Eissele Fri, 09 Jun 2017 14:46:07 -0700

Dear Thijs,

sorry, i thought we was dealing with sqlite here.
No problem, maybe the issue will be gone with next update already,

as this should launch a rebuild for cert.db and hopefully getting itback

into a consistant state.



Cheers,
Michael.


On 09.06.2017 10:09, Thijs Stuurman wrote:

Michael,

Thank you for the reply and information.
I am however running a PostgreSQL backend.

Since everything else works and I don't see what I am missing really,
I am reluctant to mess with things at this moment.
I might give it a try later but looking at my schedule and vacaction
planning, I don't see much time for it in the coming weeks.


Thijs Stuurman
Security Operations Center | KPN Internedservices
[email protected] | [email protected]
T: +31(0)299476185 | M: +31(0)624366778
PGP Key-ID: 0x16ADC048 (https://pgp.surfnet.nl/)
Fingerprint: 2EDB 9B42 D6E8 7D4B 6E02 8BE5 6D46 8007 16AD C048

W: https://www.internedservices.nl | L:http://nl.linkedin.com/in/thijsstuurman



-----Oorspronkelijk bericht-----

Van: [email protected][mailto:[email protected]]

Verzonden: donderdag 8 juni 2017 22:16
Aan: Thijs Stuurman <[email protected]>
CC: [email protected]
Onderwerp: RE: [Openvas-discuss] SCAP / CERT Databases missing

Dear Thijs,

thank you for reaching back.
I am sorry for the missing field on WebGUI, i have currently no
OpenVAS installation at hand to try out.
We go an alternate way for this later.

Here is a guide, that covers the recreation of a clean CERT DB:
----------------------------------------------------------------

Please run the following commands as root user:

service openvas-manager stop
mkdir /var/lib/openvas/cert-data/bak
mv /var/lib/openvas/cert-data/cert.db /var/lib/openvas/cert-data/bak/
mv /var/lib/openvas/cert-data/timestamp*
/var/lib/openvas/cert-data/bak/ service openvas-manager start

Now we would need to trigger a Feedsync. By that, a new cert.db file
(and the timestamp files) will be created.
(please check with: ' ls -lah /var/lib/openvas/cert-data/cert.db ')

Please asure the feedsync has completed before taking next steps!

After the Feedsync has completed, please run the following commands,
preferable via copy&paste:

chmod 640 /var/lib/openvas/cert-data/cert.db
sqlite3 /var/lib/openvas/cert-data/cert.db 'PRAGMA journal_mode=WAL'

Now reboot the machine and see if the problem has solved.
If so, we would next go and remove the ../bak folder like this:

cd /var/lib/openvas/cert-data
rm -r bak

Explanation:
Withing this guide, we backup the current state, and remove the db
from it's original location.
The scanner will then think he has this db missing and therefore
creates a new one. This process is triggered by running a feedupdate.
With a newly created certs.db the problem should be gone.

Cheers,
Michael.



On 08.06.2017 10:52, Thijs Stuurman wrote:

Michael,

Outputs:

"""

~# ls -lah /opt/openvas/var/lib/openvas/cert-data/
/opt/openvas/var/lib/openvas/scap-data/

/opt/openvas/var/lib/openvas/cert-data/:

total 35M

drwxr-xr-x 2 root root 4.0K May 11 16:49 .

drwxr-xr-x 10 root root 4.0K May 10 10:12 ..

-rw-r--r-- 1 root root 1.4M Nov 29 2016 CB-K13.xml

-rw-r--r-- 1 root root 181 May 11 08:08 CB-K13.xml.asc

-rw-r--r-- 1 root root 4.6M Jan 25 09:59 CB-K14.xml

-rw-r--r-- 1 root root 181 May 11 08:08 CB-K14.xml.asc

-rw-r--r-- 1 root root 5.9M Jan 25 09:59 CB-K15.xml

-rw-r--r-- 1 root root 181 May 11 08:08 CB-K15.xml.asc

-rw-r--r-- 1 root root 7.9M Jan 25 09:59 CB-K16.xml

-rw-r--r-- 1 root root 181 May 11 08:08 CB-K16.xml.asc

-rw-r--r-- 1 root root 551K Jan 25 09:59 CB-K17.xml

-rw-r--r-- 1 root root 181 May 11 08:08 CB-K17.xml.asc

-rw-r--r-- 1 root root 25K May 11 16:49 cert.db

-rw-r--r-- 1 root root 1.1K Sep 20 2016 COPYING

-rw-r--r-- 1 root root 181 May 11 08:08 COPYING.asc

-rw-r--r-- 1 root root 3.0K Sep 20 2016 dfn-cert-2008.xml

-rw-r--r-- 1 root root 181 May 11 08:08 dfn-cert-2008.xml.asc

-rw-r--r-- 1 root root 662K Sep 20 2016 dfn-cert-2009.xml

-rw-r--r-- 1 root root 181 May 11 08:08 dfn-cert-2009.xml.asc

-rw-r--r-- 1 root root 1.4M Sep 20 2016 dfn-cert-2010.xml

-rw-r--r-- 1 root root 181 May 11 08:08 dfn-cert-2010.xml.asc

-rw-r--r-- 1 root root 1.6M Sep 20 2016 dfn-cert-2011.xml

-rw-r--r-- 1 root root 181 May 11 08:08 dfn-cert-2011.xml.asc

-rw-r--r-- 1 root root 1.7M Sep 20 2016 dfn-cert-2012.xml

-rw-r--r-- 1 root root 181 May 11 08:08 dfn-cert-2012.xml.asc

-rw-r--r-- 1 root root 1.6M Nov 7 2016 dfn-cert-2013.xml

-rw-r--r-- 1 root root 181 May 11 08:08 dfn-cert-2013.xml.asc

-rw-r--r-- 1 root root 1.5M Apr 13 08:53 dfn-cert-2014.xml

-rw-r--r-- 1 root root 181 May 11 08:08 dfn-cert-2014.xml.asc

-rw-r--r-- 1 root root 2.0M May 10 07:52 dfn-cert-2015.xml

-rw-r--r-- 1 root root 181 May 11 08:08 dfn-cert-2015.xml.asc

-rw-r--r-- 1 root root 2.6M May 11 08:08 dfn-cert-2016.xml

-rw-r--r-- 1 root root 181 May 11 08:08 dfn-cert-2016.xml.asc

-rw-r--r-- 1 root root 1.1M May 11 08:08 dfn-cert-2017.xml

-rw-r--r-- 1 root root 181 May 11 08:08 dfn-cert-2017.xml.asc

-rw-r--r-- 1 root root 2.0K May 11 08:08 sha1sums

-rw-r--r-- 1 root root 13 May 11 08:08 timestamp

-rw-r--r-- 1 root root 181 May 11 08:08 timestamp.asc

/opt/openvas/var/lib/openvas/scap-data/:

total 554M

drwxr-xr-x 3 root root 4.0K May 11 08:05 .

drwxr-xr-x 10 root root 4.0K May 10 10:12 ..

-rw-r--r-- 1 root root 1.5K May 11 08:03 COPYING

-rw-r--r-- 1 root root 181 May 11 08:03 COPYING.asc

-rw-r--r-- 1 root root 19M May 4 09:07 nvdcve-2.0-2002.xml

-rw-r--r-- 1 root root 181 May 11 08:03 nvdcve-2.0-2002.xml.asc

-rw-r--r-- 1 root root 5.5M May 2 23:47 nvdcve-2.0-2003.xml

-rw-r--r-- 1 root root 181 May 11 08:03 nvdcve-2.0-2003.xml.asc

-rw-r--r-- 1 root root 12M May 2 23:46 nvdcve-2.0-2004.xml

-rw-r--r-- 1 root root 181 May 11 08:03 nvdcve-2.0-2004.xml.asc

-rw-r--r-- 1 root root 18M May 2 23:45 nvdcve-2.0-2005.xml

-rw-r--r-- 1 root root 181 May 11 08:03 nvdcve-2.0-2005.xml.asc

-rw-r--r-- 1 root root 27M May 2 23:43 nvdcve-2.0-2006.xml

-rw-r--r-- 1 root root 181 May 11 08:03 nvdcve-2.0-2006.xml.asc

-rw-r--r-- 1 root root 25M May 2 23:41 nvdcve-2.0-2007.xml

-rw-r--r-- 1 root root 181 May 11 08:03 nvdcve-2.0-2007.xml.asc

-rw-r--r-- 1 root root 31M May 2 23:38 nvdcve-2.0-2008.xml

-rw-r--r-- 1 root root 181 May 11 08:03 nvdcve-2.0-2008.xml.asc

-rw-r--r-- 1 root root 31M May 2 23:35 nvdcve-2.0-2009.xml

-rw-r--r-- 1 root root 181 May 11 08:03 nvdcve-2.0-2009.xml.asc

-rw-r--r-- 1 root root 45M May 10 09:12 nvdcve-2.0-2010.xml

-rw-r--r-- 1 root root 181 May 11 08:03 nvdcve-2.0-2010.xml.asc

-rw-r--r-- 1 root root 109M May 2 23:29 nvdcve-2.0-2011.xml

-rw-r--r-- 1 root root 181 May 11 08:03 nvdcve-2.0-2011.xml.asc

-rw-r--r-- 1 root root 42M May 2 23:25 nvdcve-2.0-2012.xml

-rw-r--r-- 1 root root 181 May 11 08:03 nvdcve-2.0-2012.xml.asc

-rw-r--r-- 1 root root 44M May 3 08:39 nvdcve-2.0-2013.xml

-rw-r--r-- 1 root root 181 May 11 08:03 nvdcve-2.0-2013.xml.asc

-rw-r--r-- 1 root root 40M May 10 09:09 nvdcve-2.0-2014.xml

-rw-r--r-- 1 root root 181 May 11 08:03 nvdcve-2.0-2014.xml.asc

-rw-r--r-- 1 root root 31M May 10 09:06 nvdcve-2.0-2015.xml

-rw-r--r-- 1 root root 181 May 11 08:03 nvdcve-2.0-2015.xml.asc

-rw-r--r-- 1 root root 36M May 10 09:03 nvdcve-2.0-2016.xml

-rw-r--r-- 1 root root 181 May 11 08:03 nvdcve-2.0-2016.xml.asc

-rw-r--r-- 1 root root 8.7M May 10 09:00 nvdcve-2.0-2017.xml

-rw-r--r-- 1 root root 181 May 11 08:03 nvdcve-2.0-2017.xml.asc

-rw-r--r-- 1 root root 37M May 10 06:52
official-cpe-dictionary_v2.2.xml

-rw-r--r-- 1 root root 181 May 11 08:03
official-cpe-dictionary_v2.2.xml.asc

drwxr-xr-x 3 root root 4.0K Oct 15 2015 oval

-rw-r--r-- 1 root root 3.9K May 11 08:03 sha1sums

-rw-r--r-- 1 root root 21 Sep 20 2016 status

-rw-r--r-- 1 root root 198 Sep 20 2016 status.asc

-rw-r--r-- 1 root root 13 May 11 08:03 timestamp

-rw-r--r-- 1 root root 181 May 11 08:03 timestamp.asc

"""

Feed status:

Right now I am only missing the CERT information, haven’t tried to get
it working any further since my last email on it.

I only update before I start montlhy scans so it might be a bit behind
at the moment.

Btw, “you can also manually trigger these updates via WebGUI
(available under "Administration", where you also add users, create
groups, roles, etc.).”, under Administration I only see the options
Users, Groups, Roles, LDAP and Radius.

Thijs Stuurman

Security Operations Center | KPN Internedservices

[email protected] | [email protected]

T: +31(0)299476185 | M: +31(0)624366778

PGP Key-ID: 0x16ADC048 (https://pgp.surfnet.nl/)

Fingerprint: 2EDB 9B42 D6E8 7D4B 6E02 8BE5 6D46 8007 16AD C048

W: https://www.internedservices.nl | L:
http://nl.linkedin.com/in/thijsstuurman

-----Oorspronkelijk bericht-----
Van: [email protected]
[mailto:[email protected]]
Verzonden: woensdag 7 juni 2017 18:07
Aan: Thijs Stuurman <[email protected]>
CC: [email protected]
Onderwerp: Re: [Openvas-discuss] SCAP / CERT Databases missing

Hello,

could you guys please cd into these directories:

/var/lib/openvas/cert-data/

/var/lib/openvas/scap-data/

..and do an 'ls -lah' in there each. Please log the output and send it
over within your next message.

The SCAP and CERT Databases however, are rewritten at feed sync stage,
you can also manually trigger these updates via WebGUI (available
under "Administration", where you also add users, create groups,
roles, etc.).

Each SCAP and CERT have an entry there, with a Button that allows
manually syncing. But before syncing, i would suggest to capture the
'ls -lah' output and send it over to us.

Cheers,

Michael.

On 19.05.2017 10:04, Thijs Stuurman wrote:

Panos,

Nope!

I recently went from 8 to 9 and also had issues with the SCAP and

CERT

database errors.

Turned out the scripts wanted to change my database but had no

rights

to make the changes .. I eventually fixed that and got rid of the

errors but I do not see any data.

To be honest I gave up for now, not sure if missing it really makes

big deal for me. (what am I missing really? Someone let me know if I

should care)

Thijs Stuurman

Security Operations Center | KPN Internedservices

[email protected] | [email protected]

T: +31(0)299476185 | M: +31(0)624366778

PGP Key-ID: 0x16ADC048 (https://pgp.surfnet.nl/ [1] [1])

Fingerprint: 2EDB 9B42 D6E8 7D4B 6E02 8BE5 6D46 8007 16AD C048

W: https://www.internedservices.nl [2] [2] | L:

http://nl.linkedin.com/in/thijsstuurman [3] [3]

VAN: Openvas-discuss

[mailto:[email protected]] NAMENS

?a?a???t??

?e??t???

VERZONDEN: woensdag 17 mei 2017 16:40

AAN: [email protected];

[email protected]

ONDERWERP: [Openvas-discuss] SCAP / CERT Databases missing

Dear All,

I have latest versions of kali (4.9.0) and OpenVas (9.0) on a USB

stick with persistence.

Everything is setup and running, EXCEPT the fact that I get a

warning

in GSA that SCAP or CERT databases are empty. Followed the

instructions for the corresponding feed syncs, but no change

whatsoever…

Any ideas?

Thanks in advance,

Panos

PANAGIOTIS LEONTIOS

Business Engineer | Project Manager | Consultant

BEng, DIC, MSc, MBA, IRCA Lead Auditor

M: +30 6977 976269

E: [email protected]

B: pleontios.wordpress.com [4]

L: www.linkedin.com/in/leontios [4] [5]

T: @pleontios [6]

Links:

------

[1] https://pgp.surfnet.nl/ [1]

[2] https://www.internedservices.nl/ [5]

[3] http://nl.linkedin.com/in/thijsstuurman [3]

[4] http://pleontios.wordpress.com/ [6]

[5] http://www.linkedin.com/in/leontios [4]

[6] https://twitter.com/pleontios [7]

_______________________________________________

Openvas-discuss mailing list

[email protected]

https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-dis
[8]

cuss




Links:
------
[1] https://pgp.surfnet.nl/
[2] https://www.internedservices.nl
[3] http://nl.linkedin.com/in/thijsstuurman
[4] http://www.linkedin.com/in/leontios
[5] https://www.internedservices.nl/
[6] http://pleontios.wordpress.com/
[7] https://twitter.com/pleontios
[8]
https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-dis


_______________________________________________
Openvas-discuss mailing list
[email protected]
https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss

Re: [Openvas-discuss] SCAP / CERT Databases missing

Reply via email to