Greenbone Vulnerability Manager 11 Installation on Ubuntu from Source

Greenbone Vulnerability Manager 11 Installation on Ubuntu 19.04 from Source

The Greenbone Security Assistant is a web application that connects to the OpenVAS Manager and OpenVAS Administrator to provide for a full-featured user interface for vulnerability management.

Step – 1 : Pre-requisites

sudo apt install software-properties-common ;\
sudo add-apt-repository universe ;\
sudo apt install -y cmake pkg-config libglib2.0-dev libgpgme11-dev libgnutls28-dev uuid-dev libssh-gcrypt-dev \
libldap2-dev doxygen graphviz libradcli-dev libhiredis-dev libpcap-dev bison libksba-dev libsnmp-dev \
gcc-mingw-w64 heimdal-dev libpopt-dev xmltoman redis-server xsltproc libical2-dev postgresql \
postgresql-contrib postgresql-server-dev-all gnutls-bin nmap rpm nsis curl wget fakeroot gnupg \
sshpass socat snmp smbclient libmicrohttpd-dev libxml2-dev python-polib gettext \
python3-paramiko python3-lxml python3-defusedxml python3-pip python3-psutil virtualenv ;\
sudo apt install -y texlive-latex-extra --no-install-recommends ;\
sudo apt install -y texlive-fonts-recommended ;\
curl -sS https://dl.yarnpkg.com/debian/pubkey.gpg | sudo apt-key add - ;\
echo "deb https://dl.yarnpkg.com/debian/ stable main" | sudo tee /etc/apt/sources.list.d/yarn.list ;\
sudo apt update ;\
sudo apt -y install yarn

Step 2 : Create gvm user

cp /etc/environment ~/environment.bak ;\sudo sed -i 's|PATH="|PATH="/opt/gvm/bin:/opt/gvm/sbin:/opt/gvm/.local/bin:|g' /etc/environment ;\sudo bash -c 'cat << EOF > /etc/ld.so.conf.d/gvm.conf# gmv libs location/opt/gvm/libEOF'
sudo mkdir /opt/gvm ;\sudo adduser gvm --disabled-password --home /opt/gvm/ --no-create-home --gecos '' ;\sudo usermod -aG redis gvm  # This is for ospd-openvas can connect to redis.sock.. If you have a better idea here, pls write in the comments :) ;\sudo chown gvm:gvm /opt/gvm/ ;\sudo su - gvm
mkdir src ;\cd src ;\export PKG_CONFIG_PATH=/opt/gvm/lib/pkgconfig:$PKG_CONFIG_PATH

Step 3 : Download Source Files

wget -O gvm-libs-11.0.0.tar.gz  https://github.com/greenbone/gvm-libs/archive/v11.0.0.tar.gz ;\
wget -O openvas-7.0.0.tar.gz https://github.com/greenbone/openvas/archive/v7.0.0.tar.gz ;\
wget -O gvmd-9.0.0.tar.gz https://github.com/greenbone/gvmd/archive/v9.0.0.tar.gz ;\
wget -O openvas-smb-1.0.5.tar.gz https://github.com/greenbone/openvas-smb/archive/v1.0.5.tar.gz ;\
wget -O gsa-9.0.0.tar.gz https://github.com/greenbone/gsa/archive/v9.0.0.tar.gz ;\
wget -O ospd-openvas-1.0.0.tar.gz https://github.com/greenbone/ospd-openvas/archive/v1.0.0.tar.gz ;\
wget -O ospd-2.0.0.tar.gz https://github.com/greenbone/ospd/archive/v2.0.0.tar.gz

Step 4: Unpacking the sources

find . -name \*.gz -exec tar zxvfp {} \;

Step 5: gvm-libs installation

cd gvm-libs-11.0.0 ;\
export PKG_CONFIG_PATH=/opt/gvm/lib/pkgconfig:$PKG_CONFIG_PATH ;\ 
mkdir build ;\ 
cd build ;\ 
cmake -DCMAKE_INSTALL_PREFIX=/opt/gvm .. ;\ 
make ;\ 
make doc ;\ 
make install ;\ 
cd /opt/gvm/src

Step 6: config and build openvas-smb

cd openvas-smb-1.0.5 ;\ 
export PKG_CONFIG_PATH=/opt/gvm/lib/pkgconfig:$PKG_CONFIG_PATH ;\ 
mkdir build ;\ 
cd build/ ;\ 
cmake -DCMAKE_INSTALL_PREFIX=/opt/gvm .. ;\ 
make ;\ 
make install ;\ 
cd /opt/gvm/src

Step 7 : config and build scanner

cd openvas-7.0.0 ;\ 
export PKG_CONFIG_PATH=/opt/gvm/lib/pkgconfig:$PKG_CONFIG_PATH ;\ 
mkdir build ;\ 
cd build/ ;\ 
cmake -DCMAKE_INSTALL_PREFIX=/opt/gvm .. ;\ 
make ;\ 
make doc ;\ 
make install ;\
cd /opt/gvm/src

Step 8 : Redis configuration

Please do the steps as root user ( sudo su root)

ldconfig ;\
cp /etc/redis/redis.conf /etc/redis/redis.orig ;\
cp /opt/gvm/src/openvas-7.0.0/config/redis-openvas.conf /etc/redis/ ;\
chown redis:redis /etc/redis/redis-openvas.conf ;\
echo "db_address = /run/redis-openvas/redis.sock" > /opt/gvm/etc/openvas/openvas.conf ;\
systemctl enable redis-server@openvas.service ;\
systemctl start redis-server@openvas.service
sysctl -w net.core.somaxconn=1024sysctl vm.overcommit_memory=1&nbsp;
echo "net.core.somaxconn=1024"&nbsp; >> /etc/sysctl.conf
echo "vm.overcommit_memory=1" >> /etc/sysctl.conf
cat << EOF > /etc/systemd/system/disable-thp.service
[Unit]
Description=Disable Transparent Huge Pages (THP)

[Service]
Type=simple
ExecStart=/bin/sh -c "echo 'never' > /sys/kernel/mm/transparent_hugepage/enabled && echo 'never' > /sys/kernel/mm/transparent_hugepage/defrag"

[Install]
WantedBy=multi-user.target
EOF
systemctl daemon-reload ;\
systemctl start disable-thp ;\
systemctl enable disable-thp ;\
systemctl restart redis-server

Step 9 : updating path

Modify sudoers file with visudo

Type visudo and modify

Defaults        secure_path="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/snap/bin:/opt/gvm/sbin"

### Allow the user running ospd-openvas, to launch openvas with root permissions
gvm ALL = NOPASSWD: /opt/gvm/sbin/openvas
gvm ALL = NOPASSWD: /opt/gvm/sbin/gsad

Step 10:  Update nvt and upload plugins in redis with openvas

Login as gvm Update nvt

greenbone-nvt-sync 
sudo openvas -u

Step 11: gvmd configuration

cd gvmd-9.0.0 ;\
 export PKG_CONFIG_PATH=/opt/gvm/lib/pkgconfig:$PKG_CONFIG_PATH ;\
 mkdir build ;\
 cd build/ ;\
 cmake -DCMAKE_INSTALL_PREFIX=/opt/gvm .. ;\
 make ;\
 make doc ;\
 make install ;\
 cd /opt/gvm/src

Step 12 : PostgreSQL configuration

Exit from gvm and run as a sudo enabled user

sudo -u postgres bash
createuser -DRS gvm
createdb -O gvm gvmd

psql gvmd
create role dba with superuser noinherit;
grant dba to gvm;
create extension "uuid-ossp";
exit
exit

Step 13 : Fix certs and update feeds and create admin user

gvm-manage-certs -agreenbone-certdata-sync ;\
greenbone-scapdata-sync 
gvmd --create-user=admin --password=yourpassword

Step 14: Update IANA Service names

&nbsp;xsltproc /opt/gvm/share/gvm/gvmd/portnames_update.xsl service-names-port-numbers.xml | sed "s/^<.*>$//g" | psql -v ON_ERROR_STOP=1 -q --pset pager=off --no-align -d gvmd -t

gsa installation

cd gsa-9.0.0 ;\
 export PKG_CONFIG_PATH=/opt/gvm/lib/pkgconfig:$PKG_CONFIG_PATH ;\
 mkdir build ;\
 cd build/ ;\
 cmake -DCMAKE_INSTALL_PREFIX=/opt/gvm .. ;\
 make ;\
 make doc ;\
 make install ;\
 touch /opt/gvm/var/log/gvm/gsad.log ;\
 cd /opt/gvm/src

Step 15 : Setting up virtual environment and ospd installation

Virtual Environment

cd src ;\
export PKG_CONFIG_PATH=/opt/gvm/lib/pkgconfig:$PKG_CONFIG_PATH ;\
virtualenv --python python3.7  /opt/gvm/bin/ospd-scanner/ ;\
source /opt/gvm/bin/ospd-scanner/bin/activate

ospd

cd ospd-2.0.0 ;\
pip3 install . ;\
cd /opt/gvm/src

ospd-openvas

cd ospd-openvas-1.0.0 ;\
pip3 install . ;\
cd /opt/gvm/src

Step 16: Creating startup scripts

sudo su root

cat << EOF > /etc/systemd/system/gvmd.service
[Unit]
Description=Job that runs the gvm daemon
Documentation=man:gvm
After=postgresql.service

[Service]
Type=forking
User=gvm
Group=gvm
PIDFile=/opt/gvm/var/run/gvmd.pid
WorkingDirectory=/opt/gvm
ExecStart=/opt/gvm/sbin/gvmd  --osp-vt-update=/opt/gvm/var/run/ospd.sock
Restart=on-failure
RestartSec=2min
KillMode=process
KillSignal=SIGINT
GuessMainPID=no
PrivateTmp=true

[Install]
WantedBy=multi-user.target
EOF
cat << EOF > /etc/systemd/system/gsad.service
[Unit]
Description=Job that runs the gsa daemon
Documentation=man:gsa
After=postgresql.service

[Service]
Type=forking
PIDFile=/opt/gvm/var/run/gsad.pid
WorkingDirectory=/opt/gvm
ExecStart=/opt/gvm/sbin/gsad --drop-privileges=gvm
Restart=on-failure
RestartSec=2min
KillMode=process
KillSignal=SIGINT
GuessMainPID=no
PrivateTmp=true

[Install]
WantedBy=multi-user.target
EOF
cat << EOF > /etc/systemd/system/ospd-openvas.service 
[Unit]
Description=Job that runs the ospd-openvas daemon
Documentation=man:gvm
After=postgresql.service

[Service]
Environment=PATH=/opt/gvm/bin/ospd-scanner/bin:/opt/gvm/bin:/opt/gvm/sbin:/opt/gvm/.local/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
Type=simple
User=gvm
Group=gvm
WorkingDirectory=/opt/gvm
PIDFile=/opt/gvm/var/run/ospd-openvas.pid
ExecStart=/opt/gvm/bin/ospd-scanner/bin/python /opt/gvm/bin/ospd-scanner/bin/ospd-openvas --pid-file /opt/gvm/var/run/ospd-openvas.pid --unix-socket=/opt/gvm/var/run/ospd.sock --log-file /opt/gvm/var/log/gvm/ospd-scanner.log
Restart=on-failure
RestartSec=2min
KillMode=process
KillSignal=SIGINT
GuessMainPID=no
PrivateTmp=true

[Install]
WantedBy=multi-user.target
EOF
systemctl daemon-reload ;\
systemctl enable gvmd ;\
systemctl enable gsad ;\
systemctl enable ospd-openvas ;\
systemctl start gvmd ;\
systemctl start gsad ;\
systemctl start ospd-openvas

Step 17 : Create a new scanner

The default host for default scanner is not in /opt/gvm/var/run/ but with  /var/… So we have to create a new scanner by defining scanner-host to  /opt/gvm/var/run/ospd.sock

gvmd --create-scanner="TEST OPENVAS Scanner" --scanner-type="OpenVas" --scanner-host=/opt/gvm/var/run/ospd.sock

Verify the scanner

gvmd --verify-scanner=<Scanner-ID>

Type netstat -nltpu to verify port 443 is listening for connetions

And Finally point your browser to https://yourip to get GSA login screen

Login screen

The dashboard