Resolving Greenbone data loading issues
At Quiq we use Greenbone Vulnerability Management system (GVM, also known as OpenVAS) to periodically scan our networks for vulnerable network services. It’s a powerful piece of software and we love it; it’s one of many that helps us ensure our platform is as secure as possible. However it’s also a complicated tool, and as with all tools with high complexity sometimes issues arise.
We run GVM in docker containers on several different platforms: Linux machines as well as Macs, x64 and ARM. Occasionally, for reasons we don’t fully understand, some of the data that GVM requires in order to run fails to load. This article describes one such situation along with the steps we’ve found to resolve it. We wanted to write it up because even though we’ve found a number of articles with suggestions on how to resolve similar issues, those suggestions didn’t quite take care of it for us.
TL; DR:
NVTs and scan configs didn’t show up in the GVM console. Running `sudo -u gvm gvmd — rebuild && sudo -u gvm gvmd — rebuild-gvmd-data=all` ultimately fixed it for us.
The Setup:
- Running a version of the Secure Compliance GVM image (https://hub.docker.com/r/securecompliance/gvm/)
- GVM data stored in three separate docker volumes, mapped to: /var/lib/gvm, /opt/database, /var/lib/openvas/plugins
The Symptom:
- Start up GVM container and wait several hours, as is suggested in a number of different entries on StackOverflow and community.greenbone.net
- Log into the GVM admin panel and check the data feeds page, and see that all the feeds are marked as current. In some cases a feed may be marked “too old”, this is okay as well:
- However, discover that there are no NVT’s (network vulnerability tests) or default scan configs in the system:
Tailing the container log didn’t give us any insights into what was going wrong, everything in it looked normal. However, there are also logs of interest under /var/log/gvm.
Our Solution:
- Looking at the logs we could see all the data being “loaded” (fetched from the internet and stored in some form), but they still didn’t show in the console. After a fair bit of research and experimentation though, we came across the following commands that forced the NVTs and scan configs to be rebuilt, and this was the solution: `sudo -u gvm gvmd — rebuild && sudo -u gvm gvmd — rebuild-gvmd-data=all`
- These commands take a while (approximately 30 minutes for us) to complete, but once they finished, everything was there!
Footnote: These articles helped us get to the bottom of this issue and ultimately resolve it, so if this one doesn’t help resolve your situation, maybe these ones will:
