Update OpenVAS Plugins (NVT, Cert Data & SCAP Data) Automatically
Once you have install OpenVAS it is a good idea to ensure it is kept up to date and running the latest security scripts to find the latest vulnerabilities as well as sync to the most updated nvt, scap and cert data. The best way to do this is to create a script that sync’s the necessary data for you automatically each day.
Create a script under /usr/local/bin called update-openvas
- vi /usr/local/bin/update-openvas
add the following contents to the file
- /usr/sbin/greenbone-nvt-sync
- /usr/sbin/greenbone-certdata-sync
- /usr/sbin/greenbone-scapdata-sync
- /usr/sbin/openvasmd –update –verbose –progress
- /etc/init.d/openvas-manager restart
- /etc/init.d/openvas-scanner restart
save the file and make it executeable
- chmod a+x /usr/local/bin/update-openvas
run the script to make sure it works and that there are no errors
- /usr/local/bin/update-openvas
add the script to cron to run daily
- crontab -e
add the following contents
- 1 1 * * * /usr/local/bin/update-openvas 1>/dev/null 2>/dev/null
the above cronjob will be run at 1 minute past 1 every day
for newer installations (eg. CentOS7) you have to put the following input to the file:
/usr/sbin/greenbone-nvt-sync
/usr/sbin/greenbone-certdata-sync
/usr/sbin/greenbone-scapdata-sync
/usr/sbin/openvasmd –update –verbose –progress
systemctl restart openvas-scanner
systemctl restart openvas-manager
Thanks for sharing this update with the community…
I found “/usr/sbin/openvasmd –update –verbose –progress” did not work
I needed “/usr/sbin/openvasmd ––update ––verbose ––progress”
The issue is that if you just copy and paste the above code, the hyphens on the switches are not hyphens in the terminal (or a text editor). You have to actually replace the elongated wanna-be hyphen with an actual hyphen (or two, as Joe mentioned).