Greenbone OpenVAS

From Braindump
Jump to navigation Jump to search

https://kifarunix.com/install-and-setup-gvm-20-08-on-debian/

https://community.greenbone.net/t/about-gvm-20-08-architecture/8449

GVM is the greenbone vulnerability manager, previously named OpenVAS. The gvm-libs is the base library, gvmd is the core component, it uses postgresql as a backend, the pg-pgm component is an extension for postgresql. The GSA is the assistent that provides the webserver. ospd is a generic scanner interface, openvas-scanner is the default scanner, it uses redis for storage

The build process is to install the dependancies, clone the repositories from git, checkout the release branch, configure with cmake and then install using make install. Create an empty gvmd database, run gvmd, this will populate the database. create a gvm user, make it the sync owner, run nvt sync to rsync the datafiles, sync the gvmd_data, scap, cert, create selfsigned certificates, install the openvas-scanner, modify the scanner, run the gsa webserver. 

sudo apt install cmake gcc pkgconfig libssh-gcrypt-dev libgnutls28-dev libglib2.0-dev libpcap-dev libgpgme-dev bison libksba-dev libsnmp-dev libgcrypt20-dev libnet-dev redis-server libhiredis-dev libxml2-dev doxygen xsltproc graphviz libical-dev postgresql-server-dev-all 
sudo apt install nodejs npm libmicrohttpd-dev

useradd -r -d /share/gvm -c "GVM User" -s /bin/bash gvm
usermod -aG redis gvm

git clone https://github.com/greenbone/gvm-libs
git clone https://github.com/greenbone/gvmd
git clone https://github.com/greenbone/gsa

git checkout -b gvm-libs-21.04 --track origin/gvm-libs-21.04 
cmake -DCMAKE_INSTALL_PREFIX=
sudo make install

export PKG_CONFIG_PATH=/lib64/pkgconfig/ 
sudo npm install --global yarn
echo "/lib/x64" > /etc/ld.so.conf.d/gvm.conf
sudo ldconfig

sudo touch /var/run/gvm-checking
sudo touch /var/run/gvm-migrating
sudo touch /var/run/gvm-helping
sudo touch /var/run/gvm-serving
sudo touch /var/run/gvm-create-functions
sudo chown gvm:gvm /var/run/gvm-*
sudo mkdir /var/log/gvm/
sudo chown gvm:gvm /var/log/gvm/

sudo mkdir /var/lib/gvm/gvmd/gnupg
sudo chown gvm:gvm /var/lib/gvm/gvmd/gnupg/

sudo -u postgres createuser -DRS gvm
sudo -u postgres createdb -O gvm gvmd

sudo -u postgres psql gvmd
create role dba with superuser noinherit;
grant dba to gvm;
create extension "uuid-ossp";
create extension "pgcrypto";
create extension "pg-gvm";

sudo chmod 777 /var/run/
sudo mkdir -p /var/lib/openvas/
sudo chown -R gvm:gvm /var/lib/openvas/

sudo -u gvm /bin/greenbone-nvt-sync
sudo ls -la /var/lib/gvm/data-objects/gvmd/21.04/

sudo -u gvm greenbone-feed-sync --type GVMD_DATA
sudo -u gvm greenbone-feed-sync --type SCAP
sudo -u gvm greenbone-feed-sync --type CERT

sudo -u gvm gvm-manage-certs -a -f

sudo -u gvm /sbin/gvmd -v --unix-socket /var/run/gvmd.sock 
sudo tail -f /var/log/gvm/gvmd.log

sudo -u gvm gvmd --create-scanner="OpenVAS Scanner" --scanner-type="OpenVAS" --scanner-host=/var/run/ospd.sock
sudo -u gvm gvmd --get-scanners

wget https://codeload.github.com/greenbone/ospd/zip/refs/heads/ospd-21.04
mv ospd-21.04 ospd-21.04.zip
python3 -m pip install ospd-21.04.zip

wget https://codeload.github.com/greenbone/ospd-openvas/zip/refs/heads/ospd-openvas-21.04
mv ospd-openvas-21.04 ospd-openvas-21.04.zip
python3 -m pip install ospd-openvas-21.04.zip

sudo -u gvm python3 /share/gvm/.local/bin/ospd-openvas
Retrieved from "https://www.janmg.com/wiki/index.php?title=Greenbone_OpenVAS&oldid=468"