[Openvas-discuss] Fresh install and problem with openvas-scapdata-sync

Michal Chrobak Michal.Chrobak at sansec.com
Fri Jan 27 10:40:50 CET 2017


I think its ok for now. What I did:.
1. Increase RAM
2. Run this commands:
user at openvas:~$ mkdir /tmp/scap
user at openvas:~$ sudo mv /var/lib/openvas/scap-data/* /tmp/scap/
user at openvas:~$ sudo openvas-scapdata-sync
[i] This script synchronizes a SCAP data directory with the OpenVAS one.
[i] This script is for the SQLite3 backend.
[i] SCAP dir: /var/lib/openvas/scap-data
[i] Will use rsync
[i] Using rsync: /usr/bin/rsync
[i] Configured SCAP data rsync feed: rsync://feed.openvas.org:/scap-data
OpenVAS community feed server - http://www.openvas.org/
(...rsync...)
[i] Initializing scap database
[i] Updating CPEs
Error: near line 1519808: disk I/O error <<<###########
[i] Updating /var/lib/openvas/scap-data/nvdcve-2.0-2002.xml
(...nvdcve-2.0-2003-20016...)
[i] Updating /var/lib/openvas/scap-data/nvdcve-2.0-2017.xml
[i] Updating OVAL data
[i] Updating /var/lib/openvas/scap-data/oval/5.10/org.mitre.oval/c/oval.xml
(...mitre...)
[i] Updating /var/lib/openvas/scap-data/oval/5.10/org.mitre.oval/v/family/windows.xml
[i] No user data directory '/var/lib/openvas/scap-data/private' found.
[i] Updating CVSS scores and CVE counts for CPEs
[i] Updating CVSS scores for OVAL definitions
[i] Updating placeholder CPEs

And all went ok, but one error show up. My disk:
user at openvas:~$ df -h
Filesystem                    Size  Used Avail Use% Mounted on
udev                              981M     0  981M   0% /dev
tmpfs                         201M  3.3M  197M   2% /run

/dev/mapper/openvas--vg-root   19G  4.9G   13G  29% /

tmpfs                        1001M     0 1001M   0% /dev/shm
tmpfs                         5.0M     0  5.0M   0% /run/lock
tmpfs                        1001M     0 1001M   0% /sys/fs/cgroup
/dev/vda1                     472M  105M  344M  24% /boot
tmpfs                         201M     0  201M   0% /run/user/1000

Could be this error important or it happen because I delete everything from /var/lib/openvas/scap-data/*  and I can omit it?

Michal





Michal Chrobak
IT Security Systems Engineer
tel. +48 22 122 09 42
tel. +48 503 555 769-----Original Message-----
From: Openvas-discuss [mailto:openvas-discuss-bounces at wald.intevation.org] On Behalf Of Michal Chrobak
Sent: Thursday, January 26, 2017 3:42 PM
To: Eero Volotinen <eero.volotinen at iki.fi>
Cc: openvas-discuss at wald.intevation.org
Subject: Re: [Openvas-discuss] Fresh install and problem with openvas-scapdata-sync

As simply as that, ok I try it – for now I have 1GB.
But how can I forced to resync scap-data? When I run openvas-scapdata-sync for second time, it go without errors when parsing /var/lib/openvas/scap-data/nvdcve-2.0-20*xml.

Michal





Michal Chrobak
IT Security Systems Engineer
tel. +48 22 122 09 42
tel. +48 503 555 769From: eero.t.volotinen at gmail.com [mailto:eero.t.volotinen at gmail.com] On Behalf Of Eero Volotinen
Sent: Thursday, January 26, 2017 3:37 PM
To: Michal Chrobak <Michal.Chrobak at sansec.com>
Cc: openvas-discuss at wald.intevation.org
Subject: Re: [Openvas-discuss] Fresh install and problem with openvas-scapdata-sync

you need to add more ram memory to machine.

Eero

26.1.2017 4.31 ip. "Michal Chrobak" <mailto:Michal.Chrobak at sansec.com> kirjoitti:
Hi,

Today I'm trying to install openvas. I downloaded Ubuntu Core 16.04 LTS and install it on KVM virtual machine. Then I add new repository (ppa:mrazavi/openvas from https://launchpad.net/~mrazavi/+archive/ubuntu/openvas) and install openvas 8. Then I run openvas-nvt-sync and openvas-scapdata-sync. And here is my problem, after executing openvas-scap-sync, I've got following error:

user at openvas:~$ sudo openvas-scapdata-sync [i] This script synchronizes a SCAP data directory with the OpenVAS one.
[i] This script is for the SQLite3 backend.
[i] SCAP dir: /var/lib/openvas/scap-data [i] Will use rsync [i] Using rsync: /usr/bin/rsync [i] Configured SCAP data rsync feed: rsync://feed.openvas.org:/scap-data
OpenVAS community feed server - http://www.openvas.org/
(...)
*rsync cut*
(...)

sent 1,236 bytes  received 748,765,593 bytes  815,206.13 bytes/sec total size is 748,578,705  speedup is 1.00 [i] Initializing scap database [i] Updating CPEs [i] Updating /var/lib/openvas/scap-data/nvdcve-2.0-2002.xml
[i] Updating /var/lib/openvas/scap-data/nvdcve-2.0-2003.xml
[i] Updating /var/lib/openvas/scap-data/nvdcve-2.0-2004.xml
[i] Updating /var/lib/openvas/scap-data/nvdcve-2.0-2005.xml
[i] Updating /var/lib/openvas/scap-data/nvdcve-2.0-2006.xml
[i] Updating /var/lib/openvas/scap-data/nvdcve-2.0-2007.xml
[i] Updating /var/lib/openvas/scap-data/nvdcve-2.0-2008.xml
[i] Updating /var/lib/openvas/scap-data/nvdcve-2.0-2009.xml
[i] Updating /var/lib/openvas/scap-data/nvdcve-2.0-2010.xml
[i] Updating /var/lib/openvas/scap-data/nvdcve-2.0-2011.xml
Killed
-:515359: parser error : expected '>'
-:515359: parser error : Premature end of data in tag vulnerable-software-list line 513948
-:515359: parser error : Premature end of data in tag entry line 512501
-:515359: parser error : Premature end of data in tag nvd line 2 unable to parse - [e] Update of CVEs failed at file '/var/lib/openvas/scap-data/nvdcve-2.0-2011.xml': xsltproc exited with code 137

When I rerun command, it looks that everything is ok, but I'm not convinced that it is true:
user at openvas:~$ sudo openvas-nvt-sync
[i] This script synchronizes an NVT collection with the 'OpenVAS NVT Feed'.
[i] The 'OpenVAS NVT Feed' is provided by 'The OpenVAS Project'.
[i] Online information about this feed: 'http://www.openvas.org/openvas-nvt-feed.html'.
[i] NVT dir: /var/lib/openvas/plugins
OpenVAS community feed server - http://www.openvas.org/ This service is hosted by Greenbone Networks - http://www.greenbone.net/

All transactions are logged.

If you have any questions, please use the OpenVAS mailing lists or the OpenVAS IRC chat. See http://www.openvas.org/ for details.

By using this service you agree to our terms and conditions.

Only one sync per time, otherwise the source ip will be blocked.

[i] Feed is already current, no synchronization necessary.
user at openvas:~$

My scap-data looks like that:
user at openvas:~$ ls /var/lib/openvas/scap-data/nvdcve-2.0-20*xml -lh
-rw-r--r-- 1 root root  19M Jan 20 09:28 /var/lib/openvas/scap-data/nvdcve-2.0-2002.xml
-rw-r--r-- 1 root root 5.5M Jan  3 09:25 /var/lib/openvas/scap-data/nvdcve-2.0-2003.xml
-rw-r--r-- 1 root root  12M Jan 20 09:26 /var/lib/openvas/scap-data/nvdcve-2.0-2004.xml
-rw-r--r-- 1 root root  18M Jan 20 09:25 /var/lib/openvas/scap-data/nvdcve-2.0-2005.xml
-rw-r--r-- 1 root root  27M Jan 20 09:22 /var/lib/openvas/scap-data/nvdcve-2.0-2006.xml
-rw-r--r-- 1 root root  25M Jan 20 09:20 /var/lib/openvas/scap-data/nvdcve-2.0-2007.xml
-rw-r--r-- 1 root root  31M Jan 20 09:17 /var/lib/openvas/scap-data/nvdcve-2.0-2008.xml
-rw-r--r-- 1 root root  31M Jan 20 09:14 /var/lib/openvas/scap-data/nvdcve-2.0-2009.xml
-rw-r--r-- 1 root root  45M Jan 18 09:09 /var/lib/openvas/scap-data/nvdcve-2.0-2010.xml
-rw-r--r-- 1 root root 109M Jan  7 09:14 /var/lib/openvas/scap-data/nvdcve-2.0-2011.xml
-rw-r--r-- 1 root root  42M Jan 20 09:12 /var/lib/openvas/scap-data/nvdcve-2.0-2012.xml
-rw-r--r-- 1 root root  44M Jan 25 09:58 /var/lib/openvas/scap-data/nvdcve-2.0-2013.xml
-rw-r--r-- 1 root root  40M Jan 25 09:07 /var/lib/openvas/scap-data/nvdcve-2.0-2014.xml
-rw-r--r-- 1 root root  30M Jan 25 09:04 /var/lib/openvas/scap-data/nvdcve-2.0-2015.xml
-rw-r--r-- 1 root root  30M Jan 25 09:02 /var/lib/openvas/scap-data/nvdcve-2.0-2016.xml
-rw-r--r-- 1 root root 442K Jan 25 09:00 /var/lib/openvas/scap-data/nvdcve-2.0-2017.xml

My question is: what go wrong with sync scap-data and how can I correct it?

Regards,
Michal Chrobak



Michal Chrobak
IT Security Systems Engineer
tel. +48 22 122 09 42
tel. +48 503 555 769

SANSEC Poland S.A. NIP: 7010352299, KRS: 0000429238, REGON: 146270315, Spółka zarejestrowana przez Sąd Rejonowy dla M. St. Warszawy w Warszawie, XII Wydział Gospodarczy Krajowego Rejestru Sądowego, Kapitał zakładowy: 1 000 000 PLN.
Niniejsza wiadomość zawiera informacje zastrzeżone i stanowiące tajemnicę przedsiębiorstwa SANSEC Poland S.A.
_______________________________________________
Openvas-discuss mailing list
mailto:Openvas-discuss at wald.intevation.org
https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss
_______________________________________________
Openvas-discuss mailing list
Openvas-discuss at wald.intevation.org
https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss


More information about the Openvas-discuss mailing list