Greenbone Vulnerability Manager 11 Installation on Ubuntu from Source
Greenbone Vulnerability Manager 11 Installation on Ubuntu 19.04 from Source
The Greenbone Security Assistant is a web application that connects to the OpenVAS Manager and OpenVAS Administrator to provide for a full-featured user interface for vulnerability management.
Step – 1 : Pre-requisites
sudo apt install software-properties-common ;\ sudo add-apt-repository universe ;\ sudo apt install -y cmake pkg-config libglib2.0-dev libgpgme11-dev libgnutls28-dev uuid-dev libssh-gcrypt-dev \ libldap2-dev doxygen graphviz libradcli-dev libhiredis-dev libpcap-dev bison libksba-dev libsnmp-dev \ gcc-mingw-w64 heimdal-dev libpopt-dev xmltoman redis-server xsltproc libical2-dev postgresql \ postgresql-contrib postgresql-server-dev-all gnutls-bin nmap rpm nsis curl wget fakeroot gnupg \ sshpass socat snmp smbclient libmicrohttpd-dev libxml2-dev python-polib gettext \ python3-paramiko python3-lxml python3-defusedxml python3-pip python3-psutil virtualenv ;\ sudo apt install -y texlive-latex-extra --no-install-recommends ;\ sudo apt install -y texlive-fonts-recommended ;\ curl -sS https://dl.yarnpkg.com/debian/pubkey.gpg | sudo apt-key add - ;\ echo "deb https://dl.yarnpkg.com/debian/ stable main" | sudo tee /etc/apt/sources.list.d/yarn.list ;\ sudo apt update ;\ sudo apt -y install yarn
Step 2 : Create gvm user
cp /etc/environment ~/environment.bak ;\sudo sed -i 's|PATH="|PATH="/opt/gvm/bin:/opt/gvm/sbin:/opt/gvm/.local/bin:|g' /etc/environment ;\sudo bash -c 'cat << EOF > /etc/ld.so.conf.d/gvm.conf# gmv libs location/opt/gvm/libEOF' sudo mkdir /opt/gvm ;\sudo adduser gvm --disabled-password --home /opt/gvm/ --no-create-home --gecos '' ;\sudo usermod -aG redis gvm # This is for ospd-openvas can connect to redis.sock.. If you have a better idea here, pls write in the comments :) ;\sudo chown gvm:gvm /opt/gvm/ ;\sudo su - gvm mkdir src ;\cd src ;\export PKG_CONFIG_PATH=/opt/gvm/lib/pkgconfig:$PKG_CONFIG_PATH
Step 3 : Download Source Files
wget -O gvm-libs-11.0.0.tar.gz https://github.com/greenbone/gvm-libs/archive/v11.0.0.tar.gz ;\ wget -O openvas-7.0.0.tar.gz https://github.com/greenbone/openvas/archive/v7.0.0.tar.gz ;\ wget -O gvmd-9.0.0.tar.gz https://github.com/greenbone/gvmd/archive/v9.0.0.tar.gz ;\ wget -O openvas-smb-1.0.5.tar.gz https://github.com/greenbone/openvas-smb/archive/v1.0.5.tar.gz ;\ wget -O gsa-9.0.0.tar.gz https://github.com/greenbone/gsa/archive/v9.0.0.tar.gz ;\ wget -O ospd-openvas-1.0.0.tar.gz https://github.com/greenbone/ospd-openvas/archive/v1.0.0.tar.gz ;\ wget -O ospd-2.0.0.tar.gz https://github.com/greenbone/ospd/archive/v2.0.0.tar.gz
Step 4: Unpacking the sources
find . -name \*.gz -exec tar zxvfp {} \;
Step 5: gvm-libs installation
cd gvm-libs-11.0.0 ;\ export PKG_CONFIG_PATH=/opt/gvm/lib/pkgconfig:$PKG_CONFIG_PATH ;\ mkdir build ;\ cd build ;\ cmake -DCMAKE_INSTALL_PREFIX=/opt/gvm .. ;\ make ;\ make doc ;\ make install ;\ cd /opt/gvm/src
Step 6: config and build openvas-smb
cd openvas-smb-1.0.5 ;\ export PKG_CONFIG_PATH=/opt/gvm/lib/pkgconfig:$PKG_CONFIG_PATH ;\ mkdir build ;\ cd build/ ;\ cmake -DCMAKE_INSTALL_PREFIX=/opt/gvm .. ;\ make ;\ make install ;\ cd /opt/gvm/src
Step 7 : config and build scanner
cd openvas-7.0.0 ;\ export PKG_CONFIG_PATH=/opt/gvm/lib/pkgconfig:$PKG_CONFIG_PATH ;\ mkdir build ;\ cd build/ ;\ cmake -DCMAKE_INSTALL_PREFIX=/opt/gvm .. ;\ make ;\ make doc ;\ make install ;\ cd /opt/gvm/src
Step 8 : Redis configuration
Please do the steps as root user ( sudo su root)
ldconfig ;\ cp /etc/redis/redis.conf /etc/redis/redis.orig ;\ cp /opt/gvm/src/openvas-7.0.0/config/redis-openvas.conf /etc/redis/ ;\ chown redis:redis /etc/redis/redis-openvas.conf ;\ echo "db_address = /run/redis-openvas/redis.sock" > /opt/gvm/etc/openvas/openvas.conf ;\ systemctl enable redis-server@openvas.service ;\ systemctl start redis-server@openvas.service
sysctl -w net.core.somaxconn=1024sysctl vm.overcommit_memory=1 echo "net.core.somaxconn=1024" >> /etc/sysctl.conf echo "vm.overcommit_memory=1" >> /etc/sysctl.conf
cat << EOF > /etc/systemd/system/disable-thp.service [Unit] Description=Disable Transparent Huge Pages (THP) [Service] Type=simple ExecStart=/bin/sh -c "echo 'never' > /sys/kernel/mm/transparent_hugepage/enabled && echo 'never' > /sys/kernel/mm/transparent_hugepage/defrag" [Install] WantedBy=multi-user.target EOF
systemctl daemon-reload ;\ systemctl start disable-thp ;\ systemctl enable disable-thp ;\ systemctl restart redis-server
Step 9 : updating path
Modify sudoers file with visudo
Type visudo and modify
Defaults secure_path="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/snap/bin:/opt/gvm/sbin" ### Allow the user running ospd-openvas, to launch openvas with root permissions gvm ALL = NOPASSWD: /opt/gvm/sbin/openvas gvm ALL = NOPASSWD: /opt/gvm/sbin/gsad
Step 10: Update nvt and upload plugins in redis with openvas
Login as gvm Update nvt
greenbone-nvt-sync sudo openvas -u
Step 11: gvmd configuration
cd gvmd-9.0.0 ;\ export PKG_CONFIG_PATH=/opt/gvm/lib/pkgconfig:$PKG_CONFIG_PATH ;\ mkdir build ;\ cd build/ ;\ cmake -DCMAKE_INSTALL_PREFIX=/opt/gvm .. ;\ make ;\ make doc ;\ make install ;\ cd /opt/gvm/src
Step 12 : PostgreSQL configuration
Exit from gvm and run as a sudo enabled user
sudo -u postgres bash createuser -DRS gvm createdb -O gvm gvmd psql gvmd create role dba with superuser noinherit; grant dba to gvm; create extension "uuid-ossp"; exit exit
Step 13 : Fix certs and update feeds and create admin user
gvm-manage-certs -agreenbone-certdata-sync ;\ greenbone-scapdata-sync
gvmd --create-user=admin --password=yourpassword
Step 14: Update IANA Service names
xsltproc /opt/gvm/share/gvm/gvmd/portnames_update.xsl service-names-port-numbers.xml | sed "s/^<.*>$//g" | psql -v ON_ERROR_STOP=1 -q --pset pager=off --no-align -d gvmd -t
gsa installation
cd gsa-9.0.0 ;\ export PKG_CONFIG_PATH=/opt/gvm/lib/pkgconfig:$PKG_CONFIG_PATH ;\ mkdir build ;\ cd build/ ;\ cmake -DCMAKE_INSTALL_PREFIX=/opt/gvm .. ;\ make ;\ make doc ;\ make install ;\ touch /opt/gvm/var/log/gvm/gsad.log ;\ cd /opt/gvm/src
Step 15 : Setting up virtual environment and ospd installation
Virtual Environment
cd src ;\ export PKG_CONFIG_PATH=/opt/gvm/lib/pkgconfig:$PKG_CONFIG_PATH ;\ virtualenv --python python3.7 /opt/gvm/bin/ospd-scanner/ ;\ source /opt/gvm/bin/ospd-scanner/bin/activate
ospd
cd ospd-2.0.0 ;\ pip3 install . ;\ cd /opt/gvm/src
ospd-openvas
cd ospd-openvas-1.0.0 ;\ pip3 install . ;\ cd /opt/gvm/src
Step 16: Creating startup scripts
sudo su root
cat << EOF > /etc/systemd/system/gvmd.service [Unit] Description=Job that runs the gvm daemon Documentation=man:gvm After=postgresql.service [Service] Type=forking User=gvm Group=gvm PIDFile=/opt/gvm/var/run/gvmd.pid WorkingDirectory=/opt/gvm ExecStart=/opt/gvm/sbin/gvmd --osp-vt-update=/opt/gvm/var/run/ospd.sock Restart=on-failure RestartSec=2min KillMode=process KillSignal=SIGINT GuessMainPID=no PrivateTmp=true [Install] WantedBy=multi-user.target EOF
cat << EOF > /etc/systemd/system/gsad.service [Unit] Description=Job that runs the gsa daemon Documentation=man:gsa After=postgresql.service [Service] Type=forking PIDFile=/opt/gvm/var/run/gsad.pid WorkingDirectory=/opt/gvm ExecStart=/opt/gvm/sbin/gsad --drop-privileges=gvm Restart=on-failure RestartSec=2min KillMode=process KillSignal=SIGINT GuessMainPID=no PrivateTmp=true [Install] WantedBy=multi-user.target EOF
cat << EOF > /etc/systemd/system/ospd-openvas.service [Unit] Description=Job that runs the ospd-openvas daemon Documentation=man:gvm After=postgresql.service [Service] Environment=PATH=/opt/gvm/bin/ospd-scanner/bin:/opt/gvm/bin:/opt/gvm/sbin:/opt/gvm/.local/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin Type=simple User=gvm Group=gvm WorkingDirectory=/opt/gvm PIDFile=/opt/gvm/var/run/ospd-openvas.pid ExecStart=/opt/gvm/bin/ospd-scanner/bin/python /opt/gvm/bin/ospd-scanner/bin/ospd-openvas --pid-file /opt/gvm/var/run/ospd-openvas.pid --unix-socket=/opt/gvm/var/run/ospd.sock --log-file /opt/gvm/var/log/gvm/ospd-scanner.log Restart=on-failure RestartSec=2min KillMode=process KillSignal=SIGINT GuessMainPID=no PrivateTmp=true [Install] WantedBy=multi-user.target EOF
systemctl daemon-reload ;\ systemctl enable gvmd ;\ systemctl enable gsad ;\ systemctl enable ospd-openvas ;\ systemctl start gvmd ;\ systemctl start gsad ;\ systemctl start ospd-openvas
Step 17 : Create a new scanner
The default host for default scanner is not in /opt/gvm/var/run/ but with /var/… So we have to create a new scanner by defining scanner-host to /opt/gvm/var/run/ospd.sock
gvmd --create-scanner="TEST OPENVAS Scanner" --scanner-type="OpenVas" --scanner-host=/opt/gvm/var/run/ospd.sock
Verify the scanner
gvmd --verify-scanner=<Scanner-ID>
Type netstat -nltpu to verify port 443 is listening for connetions
And Finally point your browser to https://yourip to get GSA login screen
Login screen
The dashboard