[prev in list] [next in list] [prev in thread] [next in thread] 

List:       openvas-discuss
Subject:    Re: [Openvas-discuss] Missing CVEs
From:       Public Account <apublic3 () gmail ! com>
Date:       2015-06-30 6:55:52
Message-ID: CACNC36rtESi4D0drdwM9MuaJY_QdoVdmmm=BO+xiB5wP=RptEg () mail ! gmail ! com
[Download RAW message or body]

[Attachment #2 (multipart/alternative)]


Hello,
first of all: sorry for the delay in answering. It's being a busy time.
second: thank you for your answers.

Now...

On Tue, Jun 23, 2015 at 10:24 AM, Timo Pollmeier <
timo.pollmeier@greenbone.net> wrote:

> If you like, you can check here for presence:
>> https://secinfo.greenbone.net
>> If you don't find it there, then indeed a feed uptodateness issue is
>> present.
>> If you find it there, but not in your OpenVAS, check the publication date.
>>
>
Thanks for the tip. I didn't know the website.


> I agree with Jan here. The CVEs you listed should be in the feed already,
> so it looks like there is something wrong with your local SCAP database.
>
> Assuming you are using SQLite as the database backend, you can try fixing
> this by deleting the scap.db file (found in
> "$PREFIX/var/lib/openvas/scap-data/", with "$PREFIX" being the prefix of
> your OpenVAS installation) and running openvas-scapdata-sync again.
>

According to my local web app (GSA):
OpenVAS SCAP Feed Version 201506240629
And the CVE is not present.

So, again I try to update:
/usr/local/sbin/openvas-scapdata-sync
/usr/local/sbin/openvas-nvt-sync
/usr/local/sbin/openvas-certdata-sync
/usr/local/sbin/openvasmd/openvasmd --rebuild
[restart]

And again same version (201506240629) and the CVE not appearing.

Then, as Timo suggested:
rm /usr/local/var/lib/openvas/scap-data/scap.db
/usr/local/sbin/openvas-scapdata-sync

Again same version (201506240629) but this time the CVE is there !! Bingo!

So, some questions arise:
- Any clue why this could happen?
- Any clue about how to detect there's a problem in the db (before
discovering you are missing a CVE)?
- It's a good policy to, once a month for example, delete scap.db and
resync?

Again, thank you
Best Regards
A.

[Attachment #5 (text/html)]

<div dir="ltr"><div class="gmail_extra"><div class="gmail_quote">Hello,</div><div \
class="gmail_quote">first of all: sorry for the delay in answering. It&#39;s being a \
busy time.</div><div class="gmail_quote">second: thank you for your \
answers.</div><div class="gmail_quote"><br></div><div \
class="gmail_quote">Now...</div><div class="gmail_quote"><br></div><div \
class="gmail_quote">On Tue, Jun 23, 2015 at 10:24 AM, Timo Pollmeier <span \
dir="ltr">&lt;<a href="mailto:timo.pollmeier@greenbone.net" \
target="_blank">timo.pollmeier@greenbone.net</a>&gt;</span> wrote:<br><blockquote \
class="gmail_quote" style="margin:0px 0px 0px \
0.8ex;border-left-width:1px;border-left-color:rgb(204,204,204);border-left-style:solid;padding-left:1ex"><span \
class=""><blockquote class="gmail_quote" style="margin:0px 0px 0px \
0.8ex;border-left-width:1px;border-left-color:rgb(204,204,204);border-left-style:solid;padding-left:1ex">If \
you like, you can check here for presence: <a href="https://secinfo.greenbone.net" \
rel="noreferrer" target="_blank">https://secinfo.greenbone.net</a><br> If you \
don&#39;t find it there, then indeed a feed uptodateness issue is present.<br> If you \
find it there, but not in your OpenVAS, check the publication \
date.<br></blockquote></span></blockquote><div><br></div><div>Thanks for the tip. I \
didn&#39;t know the website.</div><div>  </div><blockquote class="gmail_quote" \
style="margin:0px 0px 0px \
0.8ex;border-left-width:1px;border-left-color:rgb(204,204,204);border-left-style:solid;padding-left:1ex"><span \
class=""><blockquote class="gmail_quote" style="margin:0px 0px 0px \
0.8ex;border-left-width:1px;border-left-color:rgb(204,204,204);border-left-style:solid;padding-left:1ex"></blockquote></span>
 I agree with Jan here. The CVEs you listed should be in the feed already, so it \
looks like there is something wrong with your local SCAP database.<br> <br>
Assuming you are using SQLite as the database backend, you can try fixing this by \
deleting the scap.db file (found in &quot;$PREFIX/var/lib/openvas/scap-data/&quot;, \
with &quot;$PREFIX&quot; being the prefix of your OpenVAS installation) and running \
openvas-scapdata-sync again.<br></blockquote><div><br></div><div>According to my \
local web app (GSA):</div><div><div>OpenVAS SCAP Feed Version \
201506240629</div></div><div>And the CVE is not present.</div><div><br></div><div>So, \
again I try to update:</div><div><div>/usr/local/sbin/openvas-scapdata-sync</div><div> \
/usr/local/sbin/openvas-nvt-sync</div><div>/usr/local/sbin/openvas-certdata-sync</div><div>/usr/local/sbin/openvasmd/openvasmd \
--rebuild</div><div>[restart]<br></div><div><br></div><div>And again same version \
(201506240629) and the CVE not appearing.</div></div><div><br></div><div>Then, as \
Timo suggested:</div><div><div>rm \
/usr/local/var/lib/openvas/scap-data/scap.db</div><div>/usr/local/sbin/openvas-scapdata-sync</div><div><br></div><div>Again \
same version (201506240629) but this time the CVE is there !! \
Bingo!</div></div><div><br></div><div>So, some questions arise:</div><div>- Any clue \
why this could happen?</div><div>- Any clue about how to detect there&#39;s a problem \
in the db (before discovering you are missing a CVE)?</div><div>- It&#39;s a good \
policy to, once a month for example, delete scap.db and \
resync?</div><div><br></div><div>Again, thank you</div><div>Best \
Regards</div><div>A.</div><div><br></div></div></div></div>



_______________________________________________
Openvas-discuss mailing list
Openvas-discuss@wald.intevation.org
https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss

[prev in list] [next in list] [prev in thread] [next in thread]

Configure | About | News | Add a list | Sponsored by KoreLogic