I quite agree, you shouldn’t blindly copy paste code.
sed is a powerful command line text parser and editor, essentially you tell it to look for a character pattern and then change it if it finds it, to something else, learn how it works here;
These things are freely available to learn from most ‘learn linux’ type websites, and I would strongly urge anyone to start with some of those basics.
Linux in many ways follows the old UNIX philosophy, where an output of one command can be the input of another using pipes, and when you start to want to create your own exploits or tools, you will be glad you learned those basics.
I’ve been having the same issue as Lupus reported; I tried everything from Greenbone site and internet on subject, then I found the advice here of Lupus running a “sed” command but that only throws errors in my terminal. In my case, Greenbone security assistant updates from feed syncs and winds up showing “current” for all, but nothing in any openvas logs for scap or cert dbs. Of course, running greenbone-feed-sync --type SCAP does nothing.
I run openvas on Kali in a QEMU vm. Last weekend, I created new vms for Kali, Kali Purple, even Kali everything just to see how openvas reacted; in each case, once any vm rebooted from fresh install, openvas could be installed, updated, and gvm-check-setup ends saying setup seems to be okay; but in any vm where Kali was first updated, the scap/cert db issue occurred and continued. No idea how to fix.
Ran the commands in order given; here is result of gvm-check-setup:
└─# gvm-check-setup
gvm-check-setup 23.11.0
Test completeness and readiness of GVM-23.11.0
Step 1: Checking OpenVAS (Scanner)…
OK: OpenVAS Scanner is present in version 23.16.1.
OK: Notus Scanner is present in version 22.6.5.
OK: Server CA Certificate is present as /var/lib/gvm/CA/servercert.pem.
Checking permissions of /var/lib/openvas/gnupg/*
OK: _gvm owns all files in /var/lib/openvas/gnupg
OK: redis-server is present.
OK: scanner (db_address setting) is configured properly using the redis-server socket: /var/run/redis-openvas/redis-server.sock
OK: the mqtt_server_uri is defined in /etc/openvas/openvas.conf
OK: _gvm owns all files in /var/lib/openvas/plugins
OK: NVT collection in /var/lib/openvas/plugins contains 93660 NVTs.
OK: The notus directory /var/lib/notus/products contains 498 NVTs.
Checking that the obsolete redis database has been removed
Could not connect to Redis at /var/run/redis-openvas/redis-server.sock: No such file or directory
OK: No old Redis DB
Starting ospd-openvas service
Waiting for ospd-openvas service
OK: ospd-openvas service is active.
OK: ospd-OpenVAS is present in version 22.8.2.
Step 2: Checking GVMD Manager …
OK: GVM Manager (gvmd) is present in version 25.2.1.
Step 3: Checking Certificates …
OK: GVM client certificate is valid and present as /var/lib/gvm/CA/clientcert.pem.
OK: Your GVM certificate infrastructure passed validation.
Step 4: Checking data …
ERROR: SCAP DATA are missing.
FIX: Run the SCAP synchronization script greenbone-feed-sync.
sudo greenbone-feed-sync --type scap.
ERROR: Your GVM-23.11.0 installation is not yet complete!
Please follow the instructions marked with FIX above and run this
script again.
So if I understood the solution correctly, it is to replace ‘s/if [ $SCAPCOUNT -lt 10 ]’ with ‘s/if [ $SCAPCOUNT -lt 1 ]’ in the gvm-check-setup script.
If I do that replacement the gvm-check-setup script runs to completion, but I still see the following:
md manage:MESSAGE:2025-04-10 19h48.09 utc:139416: No SCAP database found
md manage:MESSAGE:2025-04-10 19h48.09 utc:139416: No CERT database found
in the output. So I am not convinced that everything is working as it should.
In regards to running the sed command:
You should make a copy of the gvm-check-setup script before running it so that you can compare the updated file with it to make sure that it does what you intended it to do.
The sed command is in principle correct but it is not quoted correctly. This is what I executed:
That is the correct SCAP data, so either modify the script as directed, or just ignore the error. I will look at the script later and try to determine why it is giving wrong results.
Will do; thank you for your efforts and replies. As just a pure aside, wonder if Greenbone did something under the hood with CE edition (which is the edition relevant to me); for the first time in two years of no-issues use, after usual feed sync this morning when I opened the security assistant (browser) I was greeted by a pop-up telling me 60% of vulns are not available in CE, only scans consumer like Ubuntu Linux, MS Word. Again, thanks for your efforts, have a great weekend.