Update OpenVAS Plugins (NVT, Cert Data & SCAP Data) Automatically

Once you have install OpenVAS it is a good idea to ensure it is kept up to date and running the latest security scripts to find the latest vulnerabilities as well as sync to the most updated nvt, scap and cert data.  The best way to do this is to create a script that sync’s the necessary data for you automatically each day.

Create a script under /usr/local/bin called update-openvas

  • vi /usr/local/bin/update-openvas

add the following contents to the file

  • /usr/sbin/greenbone-nvt-sync
  • /usr/sbin/greenbone-certdata-sync
  • /usr/sbin/greenbone-scapdata-sync
  • /usr/sbin/openvasmd –update –verbose –progress
  • /etc/init.d/openvas-manager restart
  • /etc/init.d/openvas-scanner restart

save the file and make it executeable

  • chmod a+x /usr/local/bin/update-openvas

run the script to make sure it works and that there are no errors

  • /usr/local/bin/update-openvas

add the script to cron to run daily

  • crontab -e

add the following contents

  • 1 1 * * * /usr/local/bin/update-openvas 1>/dev/null 2>/dev/null

the above cronjob will be run at 1 minute past 1 every day

4 replies
  1. Daniel
    Daniel says:

    for newer installations (eg. CentOS7) you have to put the following input to the file:
    /usr/sbin/greenbone-nvt-sync
    /usr/sbin/greenbone-certdata-sync
    /usr/sbin/greenbone-scapdata-sync
    /usr/sbin/openvasmd –update –verbose –progress
    systemctl restart openvas-scanner
    systemctl restart openvas-manager

    Reply
  2. Matt
    Matt says:

    The issue is that if you just copy and paste the above code, the hyphens on the switches are not hyphens in the terminal (or a text editor). You have to actually replace the elongated wanna-be hyphen with an actual hyphen (or two, as Joe mentioned).

    Reply

Leave a Reply

Want to join the discussion?
Feel free to contribute!

Leave a Reply

Your email address will not be published.

This site uses Akismet to reduce spam. Learn how your comment data is processed.