I recently became interested in the great open-source SIEM solution from AlienVault (OSSIM), but after the initial installation of OSSIM 4.4.1 it quickly became evident that I was unable to run vulnerability scans. After researching online it seems that I was not the only one and that there were lots of people having the same issue. Scans would fail after less than a minute and I was getting error messages such as “Unable to connect to the vulnerability scanner. If the system has been updated recently the vulnerability scanner is rebuilding its database. Please wait a few minutes.” and when trying to rebuilt the database using the GUI yielded other errors.
After continuing my research online I came across a solution that worked well, so I wanted to share the steps here. From the OSSIM 4 Console, choose option 5 to Jailbreak this Appliance. This grants you command line access where you can run the below commands.
- Install Missing Packages
apt-get install sqlite3 xsltproc texlive-latex-base texlive-latex-extra texlive-latex-recommended htmldoc - Regenerate the client certificate
openvas-mkcert-client -n om -i - Update Plug-ins
openvas-nvt-sync - Stop all of the OpenVAS services
/etc/init.d/openvas-administrator stop;/etc/init.d/openvas-manager stop;/etc/init.d/openvas-scanner stop - Import the new database and then rebuild it
openvassd
openvasmd –migrate
openvasmd –rebuild - Restart Services
killall openvassd
/etc/init.d/openvas-scanner start
/etc/init.d/openvas-manager start
/etc/init.d/openvas-administrator start
After completing the above steps, I logged back into the web interface and was able to run vulnerability scans.
The original solution came from Ian Hayes and is also available within the original discussion thread.
Although the first command did not go through correctly (xsltproc errored out), this solution also fixed this issue for me.