NAME
openvas-nvt-sync − updates the OpenVAS security checks from OpenVAS NVT Feed
SYNOPSIS
openvas-nvt-sync
DESCRIPTION
The OpenVAS
Security Scanner performs several security checks, each
of them being coded as an external plugin coded in NASL. As
new security holes are published every day, new plugins
appear on the OpenVAS site (www.openvas.org)
The script openvas-nvt-sync will fetch all the newest
security checks for you and install them at the proper
location. Once this is done you will need to either restart
openvas-scanner(8) or send a SIGHUP to its main process so
that it loads the new checks and uses them for new security
scans.
openvas-nvt-sync uses rsync(1) and md5sum(1) to do its job. In order to download the new plugins the machine where the script runs needs to have access to rsync.openvas.org using the rsync protocol (TCP/UDP port 873).
If you are behind a web proxy you can configure rsync to use it through the use of the RSYNC_PROXY environment variable. For more information see rsync(1).
SECURITY NOTES
openvas-nvt-sync uses rsync(1) to retrieve the archive of the new plugins. The scripts provided by the OpenVAS project might not be signed. Consequently, if somewhere where to poison your DNS server and force this script to retrieve NASL plugins on another site he would force your OpenVAS server to execute NASL scripts when running security tests. Even if this might not do much harm (see the NASL reference guide for more information on that subject) you should be very careful when doing this.
SEE ALSO
For more
information see: rsync(1), openvassd(8),
There is more information available at
/usr/share/doc/openvas-plugins on Debian systems.
|
You can find additional information about the OpenVAS project in http://www.openvas.org |
AUTHOR
This manual page was written by Javier Fernández-Sanguino Peña <jfs [AT] debian.org> for the Debian GNU/Linux system (but may be used on other systems).
The openvas-nvt-sync script was written by various authors, mainly from Greenbone Networks GmbH.