openvas-nvt-sync - updates the OpenVAS security checks
The OpenVAS Security Scanner performs several security checks, each of
them being coded as an external plugin coded in NASL. As new security
holes are published every day, new plugins appear on the OpenVAS site
The script openvas-nvt-sync will fetch all the newest security checks
for you and install them at the proper location. Once this is done you
will need to restart openvas-server(8) s so that it loads them and uses
them for new security scans.
openvas-nvt-sync uses rsync(1) and md5sum(1) to do its job. In order
to download the new plugins the machine where the script runs needs to
have access to rsync.openvas.org using the rsync protocol (TCP/UDP port
If you are behind a web proxy you can configure rsync to use it through
the use of the RSYNC_PROXY environment variable. For more information
openvas-nvt-sync uses rsync(1) to retrieve the archive of the new
plugins. The scripts provided by the OpenVAS project might not be
signed. Consequently, if somewhere where to poison your DNS server and
force this script to retrieve NASL plugins on another site he would
force your OpenVAS server to execute NASL scripts when running security
tests. Even if this might not do much harm (see the NASL reference
guide for more information on that subject) you should be very careful
when doing this.
For more information see: rsync(1), openvasd(8) openvas-client(1).
There is more information available at /usr/share/doc/openvas-plugins
on Debian systems.
You can find additional information about the OpenVAS project in
This manual page was written by Javier Fernández-Sanguino Peña
<firstname.lastname@example.org> for the Debian GNU/Linux system (but may be used on
The openvas-nvt-sync script was written by DN-Systems Enterprise
Internet Solutions GmbH.