Recently, I have read an article in a computer magazine on the vulnerability scanner OpenVAS. It sounded interesting and that was why I wanted to try it out. OpenVAS provides a live virtual appliance container file for demo purposes. Trying to install it into a VMWare Player, I was not able to get it running. As it appeared to be related to an incompatible library on the image, I decided to install a new Debian 7.5 Wheezy image as VM. All the steps necessary for install and setup can be found on the OpenVAS website.
One of the crucial steps in between is to run
which updates the cert database. Without it, you won’t be able to start the
openvas-scanner service. It would fail with the error message
sql_x: sqlite3_prepare failed: no such table: main.meta
in the log file
/var/log/openvas/openvasmd.log. However, when running
openvas-certdata-sync, you will get another block of error messages, reading
/usr/sbin/openvas-certdata-sync: 185: /usr/sbin/openvas-certdata-sync: cannot open /usr/share/openvas/cert/cert_db_init.sql: No such file Error: no such table: dfn_cert_advs Error: no such table: meta Error: Inconsistent data. Resetting CERT database.
This problem has already been addressed by the Novell Bugzilla since August, 2013, but has not been fixed yet. Futhermore, there are many other reports of this issue in several forums and mailing lists.
The root cause of this matter is that the Debian software package
openvas-manager is missing the files in
/usr/share/openvas/cert/. These files, however, are available in the VM container file. Unfortunately, extracting and copying them over to your installation may be a bit tricky; that is why I have bundled them for you in a file attached to this blog. You may download the file and extract it via
cd /usr/share/openvas mkdir cert cd cert wget http://blog.schmoigl-online.de/?dl_id=5 tar xzvf openvas-cert.tar.gz rm openvas-cert.tar.gz
onto you local machine.
OpenVAS metadata files for cert directory (2.0 KiB, 1,190 hits)Afterwards, you need to run
It’s a shame that a bug report has been open for more than 10 months now, causing that no Debian distribution will run out of the box anymore, and has not been – even – addressed yet.
If that is representative for the reliability of a security product, should you really run it in your network?