Discussion:
NVT, SCAP and CERT Updates
Rene Behring
2014-07-17 12:32:23 UTC
Permalink
Hey,

does the following blocks mean the same?

service openvas-manager stop
service openvas-scanner restart
openvasmd --rebuild
service openvas-manager start

vs.

openvassd --only-cache
openvasmd --update

With the second it would not be necessary to stop the services, right?
Or is it be better to restart them completely?
And all this is only for the new NVTs right?

Thanks,
Rene
Jan-Oliver Wagner
2014-07-21 20:23:34 UTC
Permalink
Post by Rene Behring
does the following blocks mean the same?
service openvas-manager stop
service openvas-scanner restart
openvasmd --rebuild
service openvas-manager start
vs.
openvassd --only-cache
openvasmd --update
With the second it would not be necessary to stop the services, right?
Or is it be better to restart them completely?
And all this is only for the new NVTs right?
if you are using OpenVAS-7 a SIGHUP first to Scanner, then to Manager would
be sufficient to update the NVT feed.

But anayway, you don't need to stop manager for doing a rebuild as in
the first block.

The second block does not do the job you seem to expect.
--
Dr. Jan-Oliver Wagner | ++49-541-335084-0 | http://www.greenbone.net/
Greenbone Networks GmbH, Neuer Graben 17, 49074 Osnabrück | AG Osnabrück, HR B
202460
Geschäftsführer: Lukas Grunwald, Dr. Jan-Oliver Wagner
René Behring
2014-07-22 06:18:51 UTC
Permalink
Hey

So i can do only openvasmd --rebuild instead of stop, rebuild, start. Thats
better.
But what is the difference between restarting openvassd and openvassd
--only-cache? I thought that the restart is loading the new NVTs into the
cache?

Thanks,
Rene
Am 21.07.2014 22:28 schrieb "Jan-Oliver Wagner" <
Post by Jan-Oliver Wagner
Post by Rene Behring
does the following blocks mean the same?
service openvas-manager stop
service openvas-scanner restart
openvasmd --rebuild
service openvas-manager start
vs.
openvassd --only-cache
openvasmd --update
With the second it would not be necessary to stop the services, right?
Or is it be better to restart them completely?
And all this is only for the new NVTs right?
if you are using OpenVAS-7 a SIGHUP first to Scanner, then to Manager would
be sufficient to update the NVT feed.
But anayway, you don't need to stop manager for doing a rebuild as in
the first block.
The second block does not do the job you seem to expect.
--
Dr. Jan-Oliver Wagner | ++49-541-335084-0 | http://www.greenbone.net/
Greenbone Networks GmbH, Neuer Graben 17, 49074 OsnabrÃŒck | AG OsnabrÃŒck,
HR B
202460
GeschÀftsfÌhrer: Lukas Grunwald, Dr. Jan-Oliver Wagner
_______________________________________________
Openvas-discuss mailing list
https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss
Jan-Oliver Wagner
2014-07-22 12:32:45 UTC
Permalink
Post by René Behring
So i can do only openvasmd --rebuild instead of stop, rebuild, start. Thats
better.
correct. The openvasmd service is blocked for a couple of seconds, thats all.
Post by René Behring
But what is the difference between restarting openvassd and openvassd
--only-cache? I thought that the restart is loading the new NVTs into the
cache?
With "cache", the ".nvti" files are meant.
A regular restart of the Scanner will do that anyway.
--
Dr. Jan-Oliver Wagner | +49-541-335084-0 | http://www.greenbone.net/
Greenbone Networks GmbH, Neuer Graben 17, 49074 Osnabrück | AG Osnabrück, HR B 202460
Geschäftsführer: Lukas Grunwald, Dr. Jan-Oliver Wagner
René Behring
2014-07-22 12:35:40 UTC
Permalink
Okay, but if the Scanner is scanning a System a restart is Not the best
Option, right? thats why i searched an alternative.

Thanks,
Rene
Am 22.07.2014 14:32 schrieb "Jan-Oliver Wagner" <
Post by Jan-Oliver Wagner
Post by René Behring
So i can do only openvasmd --rebuild instead of stop, rebuild, start.
Thats
Post by René Behring
better.
correct. The openvasmd service is blocked for a couple of seconds, thats all.
Post by René Behring
But what is the difference between restarting openvassd and openvassd
--only-cache? I thought that the restart is loading the new NVTs into the
cache?
With "cache", the ".nvti" files are meant.
A regular restart of the Scanner will do that anyway.
--
Dr. Jan-Oliver Wagner | +49-541-335084-0 | http://www.greenbone.net/
Greenbone Networks GmbH, Neuer Graben 17, 49074 OsnabrÃŒck | AG OsnabrÃŒck,
HR B 202460
GeschÀftsfÌhrer: Lukas Grunwald, Dr. Jan-Oliver Wagner
_______________________________________________
Openvas-discuss mailing list
https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss
Jan-Oliver Wagner
2014-07-22 12:43:19 UTC
Permalink
Post by René Behring
Okay, but if the Scanner is scanning a System a restart is Not the best
Option, right? thats why i searched an alternative.
you should not do a "killall openvassd".

Anything else will keep a scanning process scanning :-)
It will of course not consider NVTs that get in newly with a
parallel feed update.

Remind that the canonical way since OpenVAS-7 is to send a HUP.
This will even keep the PID of the openvassd.
--
Dr. Jan-Oliver Wagner | +49-541-335084-0 | http://www.greenbone.net/
Greenbone Networks GmbH, Neuer Graben 17, 49074 Osnabrück | AG Osnabrück, HR B 202460
Geschäftsführer: Lukas Grunwald, Dr. Jan-Oliver Wagner
Loading...