Greenbone Vulnerability Manager Rev 14
The Greenbone Vulnerability Manager Community Edition is a powerful open-source tool designed for vulnerability scanning and management. With its comprehensive features and user-friendly interface, this software enables organizations to identify and prioritize security risks within their network infrastructure.
Install GVM from source
We'll first update our system and then install the basic prerequisites for Greenbone Vulnerability Manager (GVM) 22.4. Rocky Linux requires the EPEL (Extra Packages for Enterprise Linux) repository. Enable the CodeReady Linux Builder repository (CRB) and proceed to install EPEL along with the Development Tools.
INFO
Supported distributions:
- Ubuntu 22.04 (Jammy Jellyfish)
- Debian 12 (Bookworm)
- Rocky Linux 9 (Blue Onyx)
shellsession
sudo apt-get update --assume-yesshellsession
sudo dnf update --assumeyes
sudo dnf install --assumeyes dnf-utils
sudo dnf config-manager --set-enabled crb
sudo dnf install --assumeyes epel-release
sudo /usr/bin/crb enable
sudo dnf install --assumeyes epel-next-release
sudo dnf upgrade --assumeyes
sudo dnf groupinstall --assumeyes 'Development Tools'In Rocky Linux, add directories containing shared libraries, then run ldconfig to rebuild the cache.
shellsession
sudo tee /etc/ld.so.conf.d/local.conf <<EOF
/usr/local/lib
/usr/local/lib64
EOF
sudo ldconfigInstall the basic dependencies required for GVM.
shellsession
sudo apt-get install --no-install-recommends --assume-yes \
build-essential \
curl \
cmake \
pkg-config \
python3 \
python3-pip \
gnupgshellsession
sudo dnf install --assumeyes \
make \
libffi-devel \
zlib-devel \
python3-pip \
tar \
gcc-c++ \
doxygen \
xmltoman \
systemd \
gcc \
openssl-devel \
bzip2-devel \
elfutils-devel \
libselinux-devel \
elfutils-libelf-devel \
rpm-devel \
perl-devel \
procps \
python3-devel \
python3-setuptools \
chrpath \
mariadb-connector-c-devel
sudo dnf install --assumeyes \
cmakeWe also need to install Net-SNMP version 5.9.1 on Rocky Linux.
shellsession
curl -O https://netcologne.dl.sourceforge.net/project/net-snmp/net-snmp/5.9.1/net-snmp-5.9.1.tar.gz
tar xzf net-snmp-5.9.1.tar.gz
cd net-snmp-5.9.1
./configure --with-default-snmp-version=3 --with-sys-contact="contact" --with-sys-location="location" --with-logfile="/var/log/snmpd.log" --with-persistent-directory="/var/net-snmp"
make -j$(nproc)
sudo make installUser and defined paths
Create the GVM user and add it to the sudoers or wheel group without requiring login. Additionally, add your current sudo user to the GVM group so you are permitted to run gvmd.
shellsession
sudo useradd -r -M -U -G sudo -s /usr/sbin/nologin gvm
sudo usermod -aG gvm $USER && su $USERshellsession
sudo useradd -r -M -U -G wheel -s /usr/sbin/nologin gvm
sudo usermod -aG gvm $USER && su $USERNext, define the base, source, build, and installation directories.
shellsession
export PATH=$PATH:/usr/local/sbin
export INSTALL_PREFIX=/usr/local
export SOURCE_DIR=$HOME/source
export BUILD_DIR=$HOME/build
export INSTALL_DIR=$HOME/install
mkdir -p $SOURCE_DIR
mkdir -p $BUILD_DIR
mkdir -p $INSTALL_DIRshellsession
export PATH=$PATH:/usr/local/sbin
export INSTALL_PREFIX=/usr/local
export SOURCE_DIR=$HOME/source
export BUILD_DIR=$HOME/build
export INSTALL_DIR=$HOME/install
mkdir -p $SOURCE_DIR
mkdir -p $BUILD_DIR
mkdir -p $INSTALL_DIRImport GVM signing key
Download the signing key from Greenbone community to validate the integrity of the source files.
shellsession
curl -f -L https://www.greenbone.net/GBCommunitySigningKey.asc -o /tmp/GBCommunitySigningKey.asc
gpg --import /tmp/GBCommunitySigningKey.ascshellsession
curl -f -L https://www.greenbone.net/GBCommunitySigningKey.asc -o /tmp/GBCommunitySigningKey.asc
gpg --import /tmp/GBCommunitySigningKey.ascEdit the GVM signing key to establish ultimate trust.
shellsession
echo "8AE4BE429B60A59B311C2E739823FAA60ED1E580:6:" > /tmp/ownertrust.txt
gpg --import-ownertrust < /tmp/ownertrust.txtshellsession
echo "8AE4BE429B60A59B311C2E739823FAA60ED1E580:6:" > /tmp/ownertrust.txt
gpg --import-ownertrust < /tmp/ownertrust.txtBuild GVM libs
Before downloading and building GVM libraries (gvm-libs), we will install its prerequisites.
TIP
Optional dependencies are highlighted for clarity.
shellsession
sudo apt-get install --assume-yes \
libglib2.0-dev \
libgpgme-dev \
libgnutls28-dev \
uuid-dev \
libssh-gcrypt-dev \
libhiredis-dev \
libxml2-dev \
libpcap-dev \
libnet1-dev \
libpaho-mqtt-dev \
libldap2-dev \
libradcli-devshellsession
sudo dnf install --assumeyes \
glib2-devel \
gpgme-devel \
gnutls-devel \
libgcrypt-devel \
libuuid-devel \
libssh-devel \
hiredis-devel \
libxml2-devel \
libpcap-devel \
libnet-devel \
uuid-devel \
paho-c-devel \
openldap-devel \
radcli-develNow we can download the latest version of gvm-libs.
shellsession
export GVM_LIBS_VERSION=22.8.0
curl -f -L https://github.com/greenbone/gvm-libs/archive/refs/tags/v$GVM_LIBS_VERSION.tar.gz -o $SOURCE_DIR/gvm-libs-$GVM_LIBS_VERSION.tar.gz
curl -f -L https://github.com/greenbone/gvm-libs/releases/download/v$GVM_LIBS_VERSION/gvm-libs-v$GVM_LIBS_VERSION.tar.gz.asc -o $SOURCE_DIR/gvm-libs-$GVM_LIBS_VERSION.tar.gz.asc
gpg --verify $SOURCE_DIR/gvm-libs-$GVM_LIBS_VERSION.tar.gz.asc $SOURCE_DIR/gvm-libs-$GVM_LIBS_VERSION.tar.gzshellsession
export GVM_LIBS_VERSION=22.8.0
curl -f -L https://github.com/greenbone/gvm-libs/archive/refs/tags/v$GVM_LIBS_VERSION.tar.gz -o $SOURCE_DIR/gvm-libs-$GVM_LIBS_VERSION.tar.gz
curl -f -L https://github.com/greenbone/gvm-libs/releases/download/v$GVM_LIBS_VERSION/gvm-libs-v$GVM_LIBS_VERSION.tar.gz.asc -o $SOURCE_DIR/gvm-libs-$GVM_LIBS_VERSION.tar.gz.asc
gpg --verify $SOURCE_DIR/gvm-libs-$GVM_LIBS_VERSION.tar.gz.asc $SOURCE_DIR/gvm-libs-$GVM_LIBS_VERSION.tar.gzEnsure that the output confirms the signature from the Greenbone Community Feed is valid.
shellsession
gpg: Signature made Thu 11 Jan 2024 07:35:55 AM UTC
gpg: using RSA key 8AE4BE429B60A59B311C2E739823FAA60ED1E580
gpg: checking the trustdb
gpg: marginals needed: 3 completes needed: 1 trust model: pgp
gpg: depth: 0 valid: 1 signed: 0 trust: 0-, 0q, 0n, 0m, 0f, 1u
gpg: Good signature from "Greenbone Community Feed integrity key" [ultimate]Once you've confirmed that the signature is valid, proceed to install gvm-libs.
shellsession
tar -C $SOURCE_DIR -xvzf $SOURCE_DIR/gvm-libs-$GVM_LIBS_VERSION.tar.gz
mkdir -p $BUILD_DIR/gvm-libs && cd $BUILD_DIR/gvm-libs
cmake $SOURCE_DIR/gvm-libs-$GVM_LIBS_VERSION \
-DCMAKE_INSTALL_PREFIX=$INSTALL_PREFIX \
-DCMAKE_BUILD_TYPE=Release \
-DSYSCONFDIR=/etc \
-DLOCALSTATEDIR=/var
make -j$(nproc)
make DESTDIR=$INSTALL_DIR install
sudo cp -rv $INSTALL_DIR/* /
rm -rf $INSTALL_DIR/*shellsession
tar -C $SOURCE_DIR -xvzf $SOURCE_DIR/gvm-libs-$GVM_LIBS_VERSION.tar.gz
mkdir -p $BUILD_DIR/gvm-libs && cd $BUILD_DIR/gvm-libs
cmake $SOURCE_DIR/gvm-libs-$GVM_LIBS_VERSION \
-DCMAKE_INSTALL_PREFIX=$INSTALL_PREFIX \
-DCMAKE_BUILD_TYPE=Release \
-DSYSCONFDIR=/etc \
-DLOCALSTATEDIR=/var \
-DCMAKE_C_FLAGS="-O2" \
-DCMAKE_C_FLAGS_RELEASE="-O2"
make -j$(nproc)
make DESTDIR=$INSTALL_DIR install
sudo cp -rv $INSTALL_DIR/* /
rm -rf $INSTALL_DIR/*Build GVMD
Install the required dependencies for Greenbone Vulnerability Manager (GVMD), and consider installing optional dependencies if needed.
shellsession
sudo apt-get install --assume-yes \
libglib2.0-dev \
libgnutls28-dev \
libpq-dev \
postgresql \
postgresql-server-dev-14 \
libical-dev \
xsltproc \
rsync \
libbsd-dev \
libgpgme-dev \
texlive-latex-extra \
texlive-fonts-recommended \
xmlstarlet \
zip \
rpm \
fakeroot \
dpkg \
nsis \
gnupg \
gpgsm \
wget \
sshpass \
openssh-client \
socat \
snmp \
python3 \
smbclient \
python3-lxml \
gnutls-bin \
xml-twig-tools \
xmltoman \
doxygen \
graphvizshellsession
sudo apt-get install --assume-yes \
libglib2.0-dev \
libgnutls28-dev \
libpq-dev \
postgresql \
postgresql-server-dev-15 \
libical-dev \
xsltproc \
rsync \
libbsd-dev \
libgpgme-dev \
texlive-latex-extra \
texlive-fonts-recommended \
xmlstarlet \
zip \
rpm \
fakeroot \
dpkg \
nsis \
gnupg \
gpgsm \
wget \
sshpass \
openssh-client \
socat \
snmp \
python3 \
smbclient \
python3-lxml \
gnutls-bin \
xml-twig-tools \
xmltoman \
doxygen \
graphvizshellsession
sudo dnf install --assumeyes \
glib2-devel \
gnutls-devel \
postgresql-server-devel \
libical-devel \
libxslt \
rsync \
libbsd-devel \
gpgme-devel \
gnupg2-smime \
openssh-clients \
xmlstarlet \
zip \
rpm \
fakeroot \
dpkg \
gnupg \
wget \
sshpass \
socat \
samba-client \
python3-lxml \
gnutls-utils \
perl-XML-Twig \
texlive*shellsession
export GVMD_VERSION=23.2.0
curl -f -L https://github.com/greenbone/gvmd/archive/refs/tags/v$GVMD_VERSION.tar.gz -o $SOURCE_DIR/gvmd-$GVMD_VERSION.tar.gz
curl -f -L https://github.com/greenbone/gvmd/releases/download/v$GVMD_VERSION/gvmd-$GVMD_VERSION.tar.gz.asc -o $SOURCE_DIR/gvmd-$GVMD_VERSION.tar.gz.asc
gpg --verify $SOURCE_DIR/gvmd-$GVMD_VERSION.tar.gz.asc $SOURCE_DIR/gvmd-$GVMD_VERSION.tar.gzshellsession
export GVMD_VERSION=23.2.0
curl -f -L https://github.com/greenbone/gvmd/archive/refs/tags/v$GVMD_VERSION.tar.gz -o $SOURCE_DIR/gvmd-$GVMD_VERSION.tar.gz
curl -f -L https://github.com/greenbone/gvmd/releases/download/v$GVMD_VERSION/gvmd-$GVMD_VERSION.tar.gz.asc -o $SOURCE_DIR/gvmd-$GVMD_VERSION.tar.gz.asc
gpg --verify $SOURCE_DIR/gvmd-$GVMD_VERSION.tar.gz.asc $SOURCE_DIR/gvmd-$GVMD_VERSION.tar.gzEnsure that the signature from the Greenbone Community Feed is valid.
shellsession
gpg: Signature made Fri 12 Jan 2024 08:14:38 AM UTC
gpg: using RSA key 8AE4BE429B60A59B311C2E739823FAA60ED1E580
gpg: Good signature from "Greenbone Community Feed integrity key" [ultimate]Extract the Greenbone Vulnerability Manager and proceed with the installation.
shellsession
tar -C $SOURCE_DIR -xvzf $SOURCE_DIR/gvmd-$GVMD_VERSION.tar.gz
mkdir -p $BUILD_DIR/gvmd && cd $BUILD_DIR/gvmd
cmake $SOURCE_DIR/gvmd-$GVMD_VERSION \
-DCMAKE_INSTALL_PREFIX=$INSTALL_PREFIX \
-DCMAKE_BUILD_TYPE=Release \
-DLOCALSTATEDIR=/var \
-DSYSCONFDIR=/etc \
-DGVM_DATA_DIR=/var \
-DOPENVAS_DEFAULT_SOCKET=/run/ospd/ospd-openvas.sock \
-DGVM_FEED_LOCK_PATH=/var/lib/gvm/feed-update.lock \
-DSYSTEMD_SERVICE_DIR=/lib/systemd/system \
-DPostgreSQL_TYPE_INCLUDE_DIR=/usr/include/postgresql \
-DLOGROTATE_DIR=/etc/logrotate.d
make -j$(nproc)
make DESTDIR=$INSTALL_DIR install
sudo cp -rv $INSTALL_DIR/* /
rm -rf $INSTALL_DIR/*shellsession
tar -C $SOURCE_DIR -xvzf $SOURCE_DIR/gvmd-$GVMD_VERSION.tar.gz
mkdir -p $BUILD_DIR/gvmd && cd $BUILD_DIR/gvmd
cmake $SOURCE_DIR/gvmd-$GVMD_VERSION \
-DCMAKE_INSTALL_PREFIX=$INSTALL_PREFIX \
-DCMAKE_BUILD_TYPE=Release \
-DLOCALSTATEDIR=/var \
-DSYSCONFDIR=/etc \
-DGVM_DATA_DIR=/var \
-DGVMD_RUN_DIR=/run/gvmd \
-DOPENVAS_DEFAULT_SOCKET=/run/ospd/ospd-openvas.sock \
-DGVM_FEED_LOCK_PATH=/var/lib/gvm/feed-update.lock \
-DSYSTEMD_SERVICE_DIR=/lib/systemd/system \
-DLOGROTATE_DIR=/etc/logrotate.d
sudo mkdir /usr/include/postgresql
sudo cp /usr/include/libpq-fe.h /usr/include/postgresql/libpq-fe.h
make -j$(nproc)
make DESTDIR=$INSTALL_DIR install
sudo cp -rv $INSTALL_DIR/* /
rm -rf $INSTALL_DIR/*
sudo rm /usr/include/postgresql/libpq-fe.h && sudo rmdir /usr/include/postgresqlBuild PostgreSQL helper
Proceed to download and build the latest PostgreSQL helper, pg-gvm.
shellsession
export PG_GVM_VERSION=22.6.4
curl -f -L https://github.com/greenbone/pg-gvm/archive/refs/tags/v$PG_GVM_VERSION.tar.gz -o $SOURCE_DIR/pg-gvm-$PG_GVM_VERSION.tar.gz
curl -f -L https://github.com/greenbone/pg-gvm/releases/download/v$PG_GVM_VERSION/pg-gvm-$PG_GVM_VERSION.tar.gz.asc -o $SOURCE_DIR/pg-gvm-$PG_GVM_VERSION.tar.gz.asc
gpg --verify $SOURCE_DIR/pg-gvm-$PG_GVM_VERSION.tar.gz.asc $SOURCE_DIR/pg-gvm-$PG_GVM_VERSION.tar.gzshellsession
export PG_GVM_VERSION=22.6.4
curl -f -L https://github.com/greenbone/pg-gvm/archive/refs/tags/v$PG_GVM_VERSION.tar.gz -o $SOURCE_DIR/pg-gvm-$PG_GVM_VERSION.tar.gz
curl -f -L https://github.com/greenbone/pg-gvm/releases/download/v$PG_GVM_VERSION/pg-gvm-$PG_GVM_VERSION.tar.gz.asc -o $SOURCE_DIR/pg-gvm-$PG_GVM_VERSION.tar.gz.asc
gpg --verify $SOURCE_DIR/pg-gvm-$PG_GVM_VERSION.tar.gz.asc $SOURCE_DIR/pg-gvm-$PG_GVM_VERSION.tar.gzEnsure that the signature is valid.
shellsession
gpg: Signature made Fri 12 Jan 2024 08:23:34 AM UTC
gpg: using RSA key 8AE4BE429B60A59B311C2E739823FAA60ED1E580
gpg: Good signature from "Greenbone Community Feed integrity key" [ultimate]Build pg-gvm.
shellsession
tar -C $SOURCE_DIR -xvzf $SOURCE_DIR/pg-gvm-$PG_GVM_VERSION.tar.gz
mkdir -p $BUILD_DIR/pg-gvm && cd $BUILD_DIR/pg-gvm
cmake $SOURCE_DIR/pg-gvm-$PG_GVM_VERSION \
-DCMAKE_INSTALL_PREFIX=$INSTALL_PREFIX \
-DCMAKE_BUILD_TYPE=Release \
-DPostgreSQL_TYPE_INCLUDE_DIR=/usr/include/postgresql
make -j$(nproc)
make DESTDIR=$INSTALL_DIR install
sudo cp -rv $INSTALL_DIR/* /
rm -rf $INSTALL_DIR/*shellsession
tar -C $SOURCE_DIR -xvzf $SOURCE_DIR/pg-gvm-$PG_GVM_VERSION.tar.gz
mkdir -p $BUILD_DIR/pg-gvm && cd $BUILD_DIR/pg-gvm
cmake $SOURCE_DIR/pg-gvm-$PG_GVM_VERSION \
-DCMAKE_INSTALL_PREFIX=$INSTALL_PREFIX \
-DCMAKE_BUILD_TYPE=Release
make -j$(nproc)
make DESTDIR=$INSTALL_DIR install
sudo cp -rv $INSTALL_DIR/* /
rm -rf $INSTALL_DIR/*Install GSA
Download the web interface Greenbone Security Assistant (GSA).
shellsession
export GSA_VERSION=23.0.0
curl -f -L https://github.com/greenbone/gsa/releases/download/v$GSA_VERSION/gsa-dist-$GSA_VERSION.tar.gz -o $SOURCE_DIR/gsa-$GSA_VERSION.tar.gz
curl -f -L https://github.com/greenbone/gsa/releases/download/v$GSA_VERSION/gsa-dist-$GSA_VERSION.tar.gz.asc -o $SOURCE_DIR/gsa-$GSA_VERSION.tar.gz.asc
gpg --verify $SOURCE_DIR/gsa-$GSA_VERSION.tar.gz.asc $SOURCE_DIR/gsa-$GSA_VERSION.tar.gzshellsession
export GSA_VERSION=23.0.0
curl -f -L https://github.com/greenbone/gsa/releases/download/v$GSA_VERSION/gsa-dist-$GSA_VERSION.tar.gz -o $SOURCE_DIR/gsa-$GSA_VERSION.tar.gz
curl -f -L https://github.com/greenbone/gsa/releases/download/v$GSA_VERSION/gsa-dist-$GSA_VERSION.tar.gz.asc -o $SOURCE_DIR/gsa-$GSA_VERSION.tar.gz.asc
gpg --verify $SOURCE_DIR/gsa-$GSA_VERSION.tar.gz.asc $SOURCE_DIR/gsa-$GSA_VERSION.tar.gzVerify the GSA download and ensure that the signature from the Greenbone Community Feed is valid.
shellsession
gpg: Signature made Fri 12 Jan 2024 10:04:16 AM UTC
gpg: using RSA key 8AE4BE429B60A59B311C2E739823FAA60ED1E580
gpg: Good signature from "Greenbone Community Feed integrity key" [ultimate]Create the source directory and extract the pre-built web interface (GSA) to its designated installation target.
shellsession
mkdir -p $SOURCE_DIR/gsa-$GSA_VERSION
tar -C $SOURCE_DIR/gsa-$GSA_VERSION -xvzf $SOURCE_DIR/gsa-$GSA_VERSION.tar.gz
sudo mkdir -p $INSTALL_PREFIX/share/gvm/gsad/web/
sudo cp -rv $SOURCE_DIR/gsa-$GSA_VERSION/* $INSTALL_PREFIX/share/gvm/gsad/web/shellsession
mkdir -p $SOURCE_DIR/gsa-$GSA_VERSION
tar -C $SOURCE_DIR/gsa-$GSA_VERSION -xvzf $SOURCE_DIR/gsa-$GSA_VERSION.tar.gz
sudo mkdir -p $INSTALL_PREFIX/share/gvm/gsad/web/
sudo cp -rv $SOURCE_DIR/gsa-$GSA_VERSION/* $INSTALL_PREFIX/share/gvm/gsad/web/Build GSAD
Before downloading the Greenbone Security Assistant Daemon (GSAD) HTTP server, we will install its dependencies.
shellsession
sudo apt-get install --assume-yes \
libmicrohttpd-dev \
libxml2-dev \
libglib2.0-dev \
libgnutls28-devshellsession
sudo dnf install --assumeyes \
libmicrohttpd-devel \
libxml2-devel \
glib2-devel \
gnutls-develOpen TCP port 9392 on Rocky Linux and configure its runtime to be permanent.
shellsession
sudo firewall-cmd --add-port=9392/tcp
sudo firewall-cmd --runtime-to-permanentDownload the Greenbone Security Assistant Daemon (GSAD).
shellsession
export GSAD_VERSION=22.9.0
curl -f -L https://github.com/greenbone/gsad/archive/refs/tags/v$GSAD_VERSION.tar.gz -o $SOURCE_DIR/gsad-$GSAD_VERSION.tar.gz
curl -f -L https://github.com/greenbone/gsad/releases/download/v$GSAD_VERSION/gsad-$GSAD_VERSION.tar.gz.asc -o $SOURCE_DIR/gsad-$GSAD_VERSION.tar.gz.asc
gpg --verify $SOURCE_DIR/gsad-$GSAD_VERSION.tar.gz.asc $SOURCE_DIR/gsad-$GSAD_VERSION.tar.gzshellsession
export GSAD_VERSION=22.9.0
curl -f -L https://github.com/greenbone/gsad/archive/refs/tags/v$GSAD_VERSION.tar.gz -o $SOURCE_DIR/gsad-$GSAD_VERSION.tar.gz
curl -f -L https://github.com/greenbone/gsad/releases/download/v$GSAD_VERSION/gsad-$GSAD_VERSION.tar.gz.asc -o $SOURCE_DIR/gsad-$GSAD_VERSION.tar.gz.asc
gpg --verify $SOURCE_DIR/gsad-$GSAD_VERSION.tar.gz.asc $SOURCE_DIR/gsad-$GSAD_VERSION.tar.gzVerify the download and ensure that the signature is valid.
shellsession
gpg: Signature made Fri 12 Jan 2024 09:08:18 AM UTC
gpg: using RSA key 8AE4BE429B60A59B311C2E739823FAA60ED1E580
gpg: Good signature from "Greenbone Community Feed integrity key" [ultimate]Once you've verified that the signature is valid, proceed to build and install GSAD.
shellsession
tar -C $SOURCE_DIR -xvzf $SOURCE_DIR/gsad-$GSAD_VERSION.tar.gz
mkdir -p $BUILD_DIR/gsad && cd $BUILD_DIR/gsad
cmake $SOURCE_DIR/gsad-$GSAD_VERSION \
-DCMAKE_INSTALL_PREFIX=$INSTALL_PREFIX \
-DCMAKE_BUILD_TYPE=Release \
-DSYSCONFDIR=/etc \
-DLOCALSTATEDIR=/var \
-DGVMD_RUN_DIR=/run/gvmd \
-DGSAD_RUN_DIR=/run/gsad \
-DLOGROTATE_DIR=/etc/logrotate.d
make -j$(nproc)
make DESTDIR=$INSTALL_DIR install
sudo cp -rv $INSTALL_DIR/* /
rm -rf $INSTALL_DIR/*shellsession
tar -C $SOURCE_DIR -xvzf $SOURCE_DIR/gsad-$GSAD_VERSION.tar.gz
mkdir -p $BUILD_DIR/gsad && cd $BUILD_DIR/gsad
cmake $SOURCE_DIR/gsad-$GSAD_VERSION \
-DCMAKE_INSTALL_PREFIX=$INSTALL_PREFIX \
-DCMAKE_BUILD_TYPE=Release \
-DSYSCONFDIR=/etc \
-DLOCALSTATEDIR=/var \
-DGVMD_RUN_DIR=/run/gvmd \
-DGSAD_RUN_DIR=/run/gsad \
-DLOGROTATE_DIR=/etc/logrotate.d
make -j$(nproc)
make DESTDIR=$INSTALL_DIR install
sudo cp -rv $INSTALL_DIR/* /
rm -rf $INSTALL_DIR/*Build OpenVAS Samba
shellsession
sudo apt-get install --assume-yes \
gcc-mingw-w64 \
libgnutls28-dev \
libglib2.0-dev \
libpopt-dev \
libunistring-dev \
heimdal-dev \
perl-baseshellsession
sudo dnf install --assumeyes \
glib2-devel \
gnutls-devel \
popt-devel \
mingw64-gcc \
libunistring-devel \
heimdal-devel \
perl \
ncurses-devel \
gmp-devel*shellsession
sudo cp /usr/lib64/heimdal/lib/pkgconfig/heimdal-gssapi.pc /lib64/pkgconfig/heimdal-gssapi.pc
sudo cp /usr/lib64/heimdal/lib/pkgconfig/heimdal-krb5.pc /lib64/pkgconfig/heimdal-krb5.pcshellsession
sudo dnf --enablerepo=devel install --assumeyes gmp-static*
sudo mkdir -p /builddir/build/BUILD/gnutls-3.7.6/bundled_gmp/.libs
sudo ln -s /usr/lib64/libgmp.a /builddir/build/BUILD/gnutls-3.7.6/bundled_gmp/.libs/libgmp.aDownload and build the OpenVAS SMB module.
INFO
The OpenVAS Samba module is updated independently, and its version tag may differ from the GVM version.
shellsession
export OPENVAS_SMB_VERSION=22.5.3
curl -f -L https://github.com/greenbone/openvas-smb/archive/refs/tags/v$OPENVAS_SMB_VERSION.tar.gz -o $SOURCE_DIR/openvas-smb-$OPENVAS_SMB_VERSION.tar.gz
curl -f -L https://github.com/greenbone/openvas-smb/releases/download/v$OPENVAS_SMB_VERSION/openvas-smb-v$OPENVAS_SMB_VERSION.tar.gz.asc -o $SOURCE_DIR/openvas-smb-$OPENVAS_SMB_VERSION.tar.gz.asc
gpg --verify $SOURCE_DIR/openvas-smb-$OPENVAS_SMB_VERSION.tar.gz.asc $SOURCE_DIR/openvas-smb-$OPENVAS_SMB_VERSION.tar.gzshellsession
export OPENVAS_SMB_VERSION=22.5.3
curl -f -L https://github.com/greenbone/openvas-smb/archive/refs/tags/v$OPENVAS_SMB_VERSION.tar.gz -o $SOURCE_DIR/openvas-smb-$OPENVAS_SMB_VERSION.tar.gz
curl -f -L https://github.com/greenbone/openvas-smb/releases/download/v$OPENVAS_SMB_VERSION/openvas-smb-v$OPENVAS_SMB_VERSION.tar.gz.asc -o $SOURCE_DIR/openvas-smb-$OPENVAS_SMB_VERSION.tar.gz.asc
gpg --verify $SOURCE_DIR/openvas-smb-$OPENVAS_SMB_VERSION.tar.gz.asc $SOURCE_DIR/openvas-smb-$OPENVAS_SMB_VERSION.tar.gzVerify the SMB module download and ensure that the signature from the Greenbone Community Feed is trusted.
shellsession
gpg: Signature made Thu 15 Jun 2023 11:28:12 AM UTC
gpg: using RSA key 8AE4BE429B60A59B311C2E739823FAA60ED1E580
gpg: Good signature from "Greenbone Community Feed integrity key" [ultimate]Next, extract the files and proceed with the installation.
shellsession
tar -C $SOURCE_DIR -xvzf $SOURCE_DIR/openvas-smb-$OPENVAS_SMB_VERSION.tar.gz
mkdir -p $BUILD_DIR/openvas-smb && cd $BUILD_DIR/openvas-smb
cmake $SOURCE_DIR/openvas-smb-$OPENVAS_SMB_VERSION \
-DCMAKE_INSTALL_PREFIX=$INSTALL_PREFIX \
-DCMAKE_BUILD_TYPE=Release
make -j$(nproc)
make DESTDIR=$INSTALL_DIR install
sudo cp -rv $INSTALL_DIR/* /
rm -rf $INSTALL_DIR/*shellsession
tar -C $SOURCE_DIR -xvzf $SOURCE_DIR/openvas-smb-$OPENVAS_SMB_VERSION.tar.gz
mkdir -p $BUILD_DIR/openvas-smb && cd $BUILD_DIR/openvas-smb
cmake $SOURCE_DIR/openvas-smb-$OPENVAS_SMB_VERSION \
-DCMAKE_INSTALL_PREFIX=$INSTALL_PREFIX \
-DCMAKE_BUILD_TYPE=Release
make -j$(nproc)
make DESTDIR=$INSTALL_DIR install
sudo cp -rv $INSTALL_DIR/* /
rm -rf $INSTALL_DIR/*Build OpenVAS scanner
shellsession
sudo apt-get install --assume-yes \
bison \
libglib2.0-dev \
libgnutls28-dev \
libgcrypt20-dev \
libpcap-dev \
libgpgme-dev \
libksba-dev \
rsync \
nmap \
libjson-glib-dev \
libbsd-dev \
python3-impacket \
libsnmp-devshellsession
sudo dnf install --assumeyes \
bison \
glib2-devel \
gnutls-devel \
libgcrypt-devel \
libpcap-devel \
gpgme-devel \
libksba-devel \
rsync \
nmap \
json-glib-devel \
libbsd-develDownload and build the openvas-scanner (OpenVAS).
shellsession
export OPENVAS_SCANNER_VERSION=22.7.9
curl -f -L https://github.com/greenbone/openvas-scanner/archive/refs/tags/v$OPENVAS_SCANNER_VERSION.tar.gz -o $SOURCE_DIR/openvas-scanner-$OPENVAS_SCANNER_VERSION.tar.gz
curl -f -L https://github.com/greenbone/openvas-scanner/releases/download/v$OPENVAS_SCANNER_VERSION/openvas-scanner-v$OPENVAS_SCANNER_VERSION.tar.gz.asc -o $SOURCE_DIR/openvas-scanner-$OPENVAS_SCANNER_VERSION.tar.gz.asc
gpg --verify $SOURCE_DIR/openvas-scanner-$OPENVAS_SCANNER_VERSION.tar.gz.asc $SOURCE_DIR/openvas-scanner-$OPENVAS_SCANNER_VERSION.tar.gzshellsession
export OPENVAS_SCANNER_VERSION=22.7.9
curl -f -L https://github.com/greenbone/openvas-scanner/archive/refs/tags/v$OPENVAS_SCANNER_VERSION.tar.gz -o $SOURCE_DIR/openvas-scanner-$OPENVAS_SCANNER_VERSION.tar.gz
curl -f -L https://github.com/greenbone/openvas-scanner/releases/download/v$OPENVAS_SCANNER_VERSION/openvas-scanner-v$OPENVAS_SCANNER_VERSION.tar.gz.asc -o $SOURCE_DIR/openvas-scanner-$OPENVAS_SCANNER_VERSION.tar.gz.asc
gpg --verify $SOURCE_DIR/openvas-scanner-$OPENVAS_SCANNER_VERSION.tar.gz.asc $SOURCE_DIR/openvas-scanner-$OPENVAS_SCANNER_VERSION.tar.gzVerify the signature output to ensure its authenticity.
shellsession
gpg: Signature made Thu 30 Nov 2023 07:05:51 AM UTC
gpg: using RSA key 8AE4BE429B60A59B311C2E739823FAA60ED1E580
gpg: Good signature from "Greenbone Community Feed integrity key" [ultimate]Build the OpenVAS Scanner.
shellsession
tar -C $SOURCE_DIR -xvzf $SOURCE_DIR/openvas-scanner-$OPENVAS_SCANNER_VERSION.tar.gz
mkdir -p $BUILD_DIR/openvas-scanner && cd $BUILD_DIR/openvas-scanner
cmake $SOURCE_DIR/openvas-scanner-$OPENVAS_SCANNER_VERSION \
-DCMAKE_INSTALL_PREFIX=$INSTALL_PREFIX \
-DCMAKE_BUILD_TYPE=Release \
-DSYSCONFDIR=/etc \
-DLOCALSTATEDIR=/var \
-DOPENVAS_FEED_LOCK_PATH=/var/lib/openvas/feed-update.lock \
-DOPENVAS_RUN_DIR=/run/ospd
make -j$(nproc)
make DESTDIR=$INSTALL_DIR install
sudo cp -rv $INSTALL_DIR/* /
rm -rf $INSTALL_DIR/*shellsession
tar -C $SOURCE_DIR -xvzf $SOURCE_DIR/openvas-scanner-$OPENVAS_SCANNER_VERSION.tar.gz
mkdir -p $BUILD_DIR/openvas-scanner && cd $BUILD_DIR/openvas-scanner
cmake $SOURCE_DIR/openvas-scanner-$OPENVAS_SCANNER_VERSION \
-DCMAKE_INSTALL_PREFIX=$INSTALL_PREFIX \
-DCMAKE_BUILD_TYPE=Release \
-DSYSCONFDIR=/etc \
-DLOCALSTATEDIR=/var \
-DOPENVAS_FEED_LOCK_PATH=/var/lib/openvas/feed-update.lock \
-DOPENVAS_RUN_DIR=/run/ospd
make -j$(nproc)
make DESTDIR=$INSTALL_DIR install
sudo cp -rv $INSTALL_DIR/* /
rm -rf $INSTALL_DIR/*Build OSPD-OpenVAS
shellsession
sudo apt-get install --assume-yes \
python3 \
python3-pip \
python3-setuptools \
python3-packaging \
python3-wrapt \
python3-cffi \
python3-psutil \
python3-lxml \
python3-defusedxml \
python3-paramiko \
python3-redis \
python3-gnupg \
python3-paho-mqttshellsession
sudo dnf install --assumeyes \
python3 \
python3-pip \
python3-setuptools \
python3-packaging \
python3-wrapt \
python3-cffi \
python3-psutil \
python3-lxml \
python3-defusedxml \
python3-paramiko \
python3-redis \
python3-gnupg \
python3-wheel \
python3-paho-mqttProceed to download ospd-openvas.
shellsession
export OSPD_OPENVAS_VERSION=22.6.2
curl -f -L https://github.com/greenbone/ospd-openvas/archive/refs/tags/v$OSPD_OPENVAS_VERSION.tar.gz -o $SOURCE_DIR/ospd-openvas-$OSPD_OPENVAS_VERSION.tar.gz
curl -f -L https://github.com/greenbone/ospd-openvas/releases/download/v$OSPD_OPENVAS_VERSION/ospd-openvas-v$OSPD_OPENVAS_VERSION.tar.gz.asc -o $SOURCE_DIR/ospd-openvas-$OSPD_OPENVAS_VERSION.tar.gz.asc
gpg --verify $SOURCE_DIR/ospd-openvas-$OSPD_OPENVAS_VERSION.tar.gz.asc $SOURCE_DIR/ospd-openvas-$OSPD_OPENVAS_VERSION.tar.gzshellsession
export OSPD_OPENVAS_VERSION=22.6.2
curl -f -L https://github.com/greenbone/ospd-openvas/archive/refs/tags/v$OSPD_OPENVAS_VERSION.tar.gz -o $SOURCE_DIR/ospd-openvas-$OSPD_OPENVAS_VERSION.tar.gz
curl -f -L https://github.com/greenbone/ospd-openvas/releases/download/v$OSPD_OPENVAS_VERSION/ospd-openvas-v$OSPD_OPENVAS_VERSION.tar.gz.asc -o $SOURCE_DIR/ospd-openvas-$OSPD_OPENVAS_VERSION.tar.gz.asc
gpg --verify $SOURCE_DIR/ospd-openvas-$OSPD_OPENVAS_VERSION.tar.gz.asc $SOURCE_DIR/ospd-openvas-$OSPD_OPENVAS_VERSION.tar.gzVerify signature.
shellsession
gpg: Signature made Mon 20 Nov 2023 08:49:05 AM UTC
gpg: using RSA key 8AE4BE429B60A59B311C2E739823FAA60ED1E580
gpg: Good signature from "Greenbone Community Feed integrity key" [ultimate]Extract the files and begin the installation process.
shellsession
tar -C $SOURCE_DIR -xvzf $SOURCE_DIR/ospd-openvas-$OSPD_OPENVAS_VERSION.tar.gz
cd $SOURCE_DIR/ospd-openvas-$OSPD_OPENVAS_VERSION
mkdir -p $INSTALL_DIR/ospd-openvas
python3 -m pip install --root=$INSTALL_DIR/ospd-openvas --no-warn-script-location .
sudo cp -rv $INSTALL_DIR/ospd-openvas/* /shellsession
tar -C $SOURCE_DIR -xvzf $SOURCE_DIR/ospd-openvas-$OSPD_OPENVAS_VERSION.tar.gz
cd $SOURCE_DIR/ospd-openvas-$OSPD_OPENVAS_VERSION
mkdir -p $INSTALL_DIR/ospd-openvas
python3 -m pip install --prefix=$INSTALL_PREFIX --root=$INSTALL_DIR/ospd-openvas --no-warn-script-location .
sudo cp -rv $INSTALL_DIR/ospd-openvas/* /Build Notus scanner
Download and verify the notus-scanner.
shellsession
sudo apt-get install --assume-yes \
python3 \
python3-pip \
python3-setuptools \
python3-paho-mqtt \
python3-psutil \
python3-gnupgshellsession
sudo dnf install --assumeyes \
python3 \
python3-pip \
python3-setuptools \
python3-wheel \
python3-psutilshellsession
export NOTUS_VERSION=22.6.2
curl -f -L https://github.com/greenbone/notus-scanner/archive/refs/tags/v$NOTUS_VERSION.tar.gz -o $SOURCE_DIR/notus-scanner-$NOTUS_VERSION.tar.gz
curl -f -L https://github.com/greenbone/notus-scanner/releases/download/v$NOTUS_VERSION/notus-scanner-v$NOTUS_VERSION.tar.gz.asc -o $SOURCE_DIR/notus-scanner-$NOTUS_VERSION.tar.gz.asc
gpg --verify $SOURCE_DIR/notus-scanner-$NOTUS_VERSION.tar.gz.asc $SOURCE_DIR/notus-scanner-$NOTUS_VERSION.tar.gzshellsession
export NOTUS_VERSION=22.6.2
curl -f -L https://github.com/greenbone/notus-scanner/archive/refs/tags/v$NOTUS_VERSION.tar.gz -o $SOURCE_DIR/notus-scanner-$NOTUS_VERSION.tar.gz
curl -f -L https://github.com/greenbone/notus-scanner/releases/download/v$NOTUS_VERSION/notus-scanner-v$NOTUS_VERSION.tar.gz.asc -o $SOURCE_DIR/notus-scanner-$NOTUS_VERSION.tar.gz.asc
gpg --verify $SOURCE_DIR/notus-scanner-$NOTUS_VERSION.tar.gz.asc $SOURCE_DIR/notus-scanner-$NOTUS_VERSION.tar.gzshellsession
gpg: Signature made Mon 20 Nov 2023 08:35:12 AM UTC
gpg: using RSA key 8AE4BE429B60A59B311C2E739823FAA60ED1E580
gpg: Good signature from "Greenbone Community Feed integrity key" [ultimate]Once verified, proceed with the installation.
shellsession
tar -C $SOURCE_DIR -xvzf $SOURCE_DIR/notus-scanner-$NOTUS_VERSION.tar.gz
cd $SOURCE_DIR/notus-scanner-$NOTUS_VERSION
mkdir -p $INSTALL_DIR/notus-scanner
python3 -m pip install --root=$INSTALL_DIR/notus-scanner --no-warn-script-location .
sudo cp -rv $INSTALL_DIR/notus-scanner/* /shellsession
tar -C $SOURCE_DIR -xvzf $SOURCE_DIR/notus-scanner-$NOTUS_VERSION.tar.gz
cd $SOURCE_DIR/notus-scanner-$NOTUS_VERSION
mkdir -p $INSTALL_DIR/notus-scanner
python3 -m pip install --prefix=$INSTALL_PREFIX --root=$INSTALL_DIR/notus-scanner --no-warn-script-location .
sudo cp -rv $INSTALL_DIR/notus-scanner/* /Install GVM tools
shellsession
sudo apt-get install --assume-yes \
python3 \
python3-pip \
python3-venv \
python3-setuptools \
python3-packaging \
python3-lxml \
python3-defusedxml \
python3-paramikoshellsession
sudo dnf install --assumeyes \
python3 \
python3-pip \
python3-setuptools \
python3-packaging \
python3-lxml \
python3-defusedxml \
python3-paramikoInstall the Greenbone Vulnerability Management Tools, a toolkit that helps remotely control the Greenbone Community Edition.
shellsession
mkdir -p $INSTALL_DIR/gvm-tools
python3 -m pip install --root=$INSTALL_DIR/gvm-tools --no-warn-script-location gvm-tools
sudo cp -rv $INSTALL_DIR/gvm-tools/* /shellsession
mkdir -p $INSTALL_DIR/gvm-tools
python3 -m pip install --prefix=$INSTALL_PREFIX --root=$INSTALL_DIR/gvm-tools --no-warn-script-location gvm-tools
sudo cp -rv $INSTALL_DIR/gvm-tools/* /Set up Mosquitto broker
shellsession
sudo apt-get install --assume-yes mosquittoshellsession
sudo dnf install --assumeyes mosquittoThe Mosquitto MQTT broker facilitates communication between ospd-openvas, openvas-scanner, and notus-scanner.
shellsession
sudo systemctl start mosquitto.service
sudo systemctl enable mosquitto.service
echo "mqtt_server_uri = localhost:1883\ntable_driven_lsc = yes" | sudo tee -a /etc/openvas/openvas.confshellsession
sudo systemctl start mosquitto.service
sudo systemctl enable mosquitto.service
echo "mqtt_server_uri = localhost:1883\ntable_driven_lsc = yes" | sudo tee -a /etc/openvas/openvas.confConfigure Redis
shellsession
sudo apt-get install --assume-yes redis-servershellsession
sudo dnf install --assumeyes \
redis \
policycoreutils-python-utilsshellsession
sudo semanage fcontext -a -f a -t redis_var_run_t -r s0 '/var/run/redis-openvas(/.*)?'
sudo sh -c 'cat << EOF > /etc/tmpfiles.d/redis-openvas.conf
d /var/lib/redis/openvas 0750 redis redis - -
z /var/lib/redis/openvas 0750 redis redis - -
d /run/redis-openvas 0750 redis redis - -
z /run/redis-openvas 0750 redis redis - -
EOF'
sudo systemd-tmpfiles --createshellsession
sudo sh -c 'cat << EOF > /etc/systemd/system/redis-server@.service
[Unit]
Description=Redis persistent key-value database
After=network.target
After=network-online.target
Wants=network-online.target
[Service]
WorkingDirectory=/var/lib/redis/%i
ExecStart=/usr/bin/redis-server /etc/redis/redis-%i.conf --daemonize no --supervised systemd
ExecStop=/usr/libexec/redis-shutdown
Type=notify
User=redis
Group=redis
RuntimeDirectory=%i
RuntimeDirectoryMode=0755
[Install]
WantedBy=multi-user.target
EOF'Next configure Redis.
shellsession
sudo cp $SOURCE_DIR/openvas-scanner-$OPENVAS_SCANNER_VERSION/config/redis-openvas.conf /etc/redis/
sudo chown redis:redis /etc/redis/redis-openvas.conf
echo "db_address = /run/redis-openvas/redis.sock" | sudo tee -a /etc/openvas/openvas.confshellsession
sudo cp $SOURCE_DIR/openvas-scanner-$OPENVAS_SCANNER_VERSION/config/redis-openvas.conf /etc/redis/
sudo chown redis:redis /etc/redis/redis-openvas.conf
echo "db_address = /run/redis-openvas/redis.sock" | sudo tee -a /etc/openvas/openvas.confAdd Redis to the GVM group.
shellsession
sudo usermod -aG redis gvmshellsession
sudo usermod -aG redis gvmStart the Redis server and enable it as a startup service.
shellsession
sudo systemctl start redis-server@openvas.service
sudo systemctl enable redis-server@openvas.serviceshellsession
sudo systemctl start redis-server@openvas.service
sudo systemctl enable redis-server@openvas.serviceProceed to set up the correct permissions.
shellsession
sudo mkdir -p /var/lib/notus
sudo mkdir -p /run/gvmd
sudo mkdir -p /var/lib/notus
sudo mkdir -p /run/notus-scanner
sudo mkdir -p /run/gvmd
sudo chown -R gvm:gvm /var/lib/gvm
sudo chown -R gvm:gvm /var/lib/openvas
sudo chown -R gvm:gvm /var/lib/notus
sudo chown -R gvm:gvm /var/log/gvm
sudo chown -R gvm:gvm /run/gvmd
sudo chmod -R g+srw /var/lib/gvm
sudo chmod -R g+srw /var/lib/openvas
sudo chmod -R g+srw /var/log/gvmshellsession
sudo mkdir -p /var/lib/notus
sudo mkdir -p /run/gvmd
sudo mkdir -p /var/lib/notus
sudo mkdir -p /run/notus-scanner
sudo mkdir -p /run/gvmd
sudo chown -R gvm:gvm /var/lib/gvm
sudo chown -R gvm:gvm /var/lib/openvas
sudo chown -R gvm:gvm /var/lib/notus
sudo chown -R gvm:gvm /var/log/gvm
sudo chown -R gvm:gvm /run/gvmd
sudo chmod -R g+srw /var/lib/gvm
sudo chmod -R g+srw /var/lib/openvas
sudo chmod -R g+srw /var/log/gvmYou also need to adjust the permissions for feed synchronization.
shellsession
sudo chown gvm:gvm /usr/local/sbin/gvmd
sudo chmod 6750 /usr/local/sbin/gvmdshellsession
sudo chown gvm:gvm /usr/local/sbin/gvmd
sudo chmod 6750 /usr/local/sbin/gvmdFeed validation.
shellsession
export GNUPGHOME=/tmp/openvas-gnupg
mkdir -p $GNUPGHOME
gpg --import /tmp/GBCommunitySigningKey.asc
echo "8AE4BE429B60A59B311C2E739823FAA60ED1E580:6:" > /tmp/ownertrust.txt
gpg --import-ownertrust < /tmp/ownertrust.txt
export OPENVAS_GNUPG_HOME=/etc/openvas/gnupg
sudo mkdir -p $OPENVAS_GNUPG_HOME
sudo cp -r /tmp/openvas-gnupg/* $OPENVAS_GNUPG_HOME/
sudo chown -R gvm:gvm $OPENVAS_GNUPG_HOMEshellsession
export GNUPGHOME=/tmp/openvas-gnupg
mkdir -p $GNUPGHOME
gpg --import /tmp/GBCommunitySigningKey.asc
echo "8AE4BE429B60A59B311C2E739823FAA60ED1E580:6:" > /tmp/ownertrust.txt
gpg --import-ownertrust < /tmp/ownertrust.txt
export OPENVAS_GNUPG_HOME=/etc/openvas/gnupg
sudo mkdir -p $OPENVAS_GNUPG_HOME
sudo cp -r /tmp/openvas-gnupg/* $OPENVAS_GNUPG_HOME/
sudo chown -R gvm:gvm $OPENVAS_GNUPG_HOMEConfigure and add all users of the gvm group to run the openvas-scanner application as the root user via sudo.
shellsession
sudo visudoshellsession
sudo visudoshellscript
# Allow members of group gvm to run openvas
%gvm ALL = NOPASSWD: /usr/local/sbin/openvasshellscript
# Allow /usr/local path
Defaults secure_path = /sbin:/bin:/usr/sbin:/usr/bin:/usr/local/sbin:/usr/local/bin
# Allow members of group gvm to run openvas
%gvm ALL = NOPASSWD: /usr/local/sbin/openvasDefaults secure_path="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin" %gvm ALL=(ALL) NOPASSWD: /usr/local/sbin/openvas
PostgreSQL database
shellsession
sudo dnf install --assumeyes \
postgresql-server \
postgresql-contribStart the PostgreSQL service.
shellsession
sudo systemctl start postgresql@14-main.serviceshellsession
sudo systemctl start postgresql@15-main.serviceshellsession
sudo postgresql-setup --initdb --unit postgresql
sudo systemctl start postgresqlCreate a PostgreSQL user and database.
shellsession
sudo -u postgres bashshellsession
sudo -u postgres bashshellsession
cd
createuser -DRS gvm
createdb -O gvm gvmdshellsession
cd
createuser -DRS gvm
createdb -O gvm gvmdSet up correct permissions
shellsession
psql gvmd -c "create role dba with superuser noinherit; grant dba to gvm;"
exitshellsession
psql gvmd -c "create role dba with superuser noinherit; grant dba to gvm;"
exitOnce you're done configuring the database, restart the PostgreSQL service.
shellsession
sudo systemctl restart postgresql@14-main.serviceshellsession
sudo systemctl restart postgresql@15-main.serviceshellsession
sudo systemctl restart postgresqlCreate admin user
Before creating the administration user for the Greenbone Security Assistant, reload the dynamic loader cache.
shellsession
sudo /sbin/ldconfigshellsession
sudo ldconfigOnce you've reloaded the dynamic loader cache, proceed with the user creation.
WARNING
Remember to change the default password later by logging in using the Greenbone Security Assistant (GSA).
shellsession
/usr/local/sbin/gvmd --create-user=admin --password=adminshellsession
/usr/local/sbin/gvmd --create-user=admin --password=adminRetrieve the administrator's UUID.
shellsession
/usr/local/sbin/gvmd --get-users --verboseshellsession
/usr/local/sbin/gvmd --get-users --verboseOutput.
shellsession
admin 0279ba6c-391a-472f-8cbd-1f6eb808823bINFO
Use the administration UUID to modify the gvmd settings. Remember to replace "UUID_HERE" with your actual UUID as the value option.
shellsession
/usr/local/sbin/gvmd --modify-setting 78eceaec-3385-11ea-b237-28d24461215b --value UUID_HEREshellsession
/usr/local/sbin/gvmd --modify-setting 78eceaec-3385-11ea-b237-28d24461215b --value UUID_HEREInstall Greenbone Feed
Install the new greenbone-feed-sync, which replaces the old approach of synchronizing the data (VT, SCAP, CERT, and GVMD) individually.
shellsession
mkdir -p $INSTALL_DIR/greenbone-feed-sync
python3 -m pip install --root=$INSTALL_DIR/greenbone-feed-sync --no-warn-script-location greenbone-feed-sync
sudo cp -rv $INSTALL_DIR/greenbone-feed-sync/* /shellsession
mkdir -p $INSTALL_DIR/greenbone-feed-sync
python3 -m pip install --prefix $INSTALL_PREFIX --root=$INSTALL_DIR/greenbone-feed-sync --no-warn-script-location greenbone-feed-sync
sudo cp -rv $INSTALL_DIR/greenbone-feed-sync/* /Run the Greenbone Community Feed synchronization.
INFO
This may take awhile.
shellsession
sudo /usr/local/bin/greenbone-feed-syncshellsession
sudo /usr/local/bin/greenbone-feed-syncSet up systemd
Create the systemd service script for OSPD-OpenVAS.
shellsession
cat << EOF > $BUILD_DIR/ospd-openvas.service
[Unit]
Description=OSPd Wrapper for the OpenVAS Scanner (ospd-openvas)
Documentation=man:ospd-openvas(8) man:openvas(8)
After=network.target networking.service redis-server@openvas.service mosquitto.service
Wants=redis-server@openvas.service mosquitto.service notus-scanner.service
ConditionKernelCommandLine=!recovery
[Service]
Type=exec
User=gvm
Group=gvm
RuntimeDirectory=ospd
RuntimeDirectoryMode=2775
PIDFile=/run/ospd/ospd-openvas.pid
ExecStart=/usr/local/bin/ospd-openvas --foreground --unix-socket /run/ospd/ospd-openvas.sock --pid-file /run/ospd/ospd-openvas.pid --log-file /var/log/gvm/ospd-openvas.log --lock-file-dir /var/lib/openvas --socket-mode 0o770 --mqtt-broker-address localhost --mqtt-broker-port 1883 --notus-feed-dir /var/lib/notus/advisories
SuccessExitStatus=SIGKILL
Restart=always
RestartSec=60
[Install]
WantedBy=multi-user.target
EOFshellsession
cat << EOF > $BUILD_DIR/ospd-openvas.service
[Unit]
Description=OSPd Wrapper for the OpenVAS Scanner (ospd-openvas)
Documentation=man:ospd-openvas(8) man:openvas(8)
After=network.target networking.service redis-server@openvas.service mosquitto.service
Wants=redis-server@openvas.service mosquitto.service notus-scanner.service
ConditionKernelCommandLine=!recovery
[Service]
Type=exec
User=gvm
Group=gvm
RuntimeDirectory=ospd
RuntimeDirectoryMode=2775
PIDFile=/run/ospd/ospd-openvas.pid
ExecStart=/usr/local/bin/ospd-openvas --foreground --unix-socket /run/ospd/ospd-openvas.sock --pid-file /run/ospd/ospd-openvas.pid --log-file /var/log/gvm/ospd-openvas.log --lock-file-dir /var/lib/openvas --socket-mode 0o770 --mqtt-broker-address localhost --mqtt-broker-port 1883 --notus-feed-dir /var/lib/notus/advisories
SuccessExitStatus=SIGKILL
Restart=always
RestartSec=60
[Install]
WantedBy=multi-user.target
EOFCopy the startup script to your system's manager directory.
shellsession
sudo cp $BUILD_DIR/ospd-openvas.service /etc/systemd/system/shellsession
sudo cp $BUILD_DIR/ospd-openvas.service /etc/systemd/system/Create the systemd service script for the Notus scanner.
shellsession
cat << EOF > $BUILD_DIR/notus-scanner.service
[Unit]
Description=Notus Scanner
Documentation=https://github.com/greenbone/notus-scanner
After=mosquitto.service
Wants=mosquitto.service
ConditionKernelCommandLine=!recovery
[Service]
Type=exec
User=gvm
RuntimeDirectory=notus-scanner
RuntimeDirectoryMode=2775
PIDFile=/run/notus-scanner/notus-scanner.pid
ExecStart=/usr/local/bin/notus-scanner --foreground --products-directory /var/lib/notus/products --log-file /var/log/gvm/notus-scanner.log
SuccessExitStatus=SIGKILL
Restart=always
RestartSec=60
[Install]
WantedBy=multi-user.target
EOFshellsession
cat << EOF > $BUILD_DIR/notus-scanner.service
[Unit]
Description=Notus Scanner
Documentation=https://github.com/greenbone/notus-scanner
After=mosquitto.service
Wants=mosquitto.service
ConditionKernelCommandLine=!recovery
[Service]
Type=exec
User=gvm
RuntimeDirectory=notus-scanner
RuntimeDirectoryMode=2775
PIDFile=/run/notus-scanner/notus-scanner.pid
ExecStart=/usr/local/bin/notus-scanner --foreground --products-directory /var/lib/notus/products --log-file /var/log/gvm/notus-scanner.log
SuccessExitStatus=SIGKILL
Restart=always
RestartSec=60
[Install]
WantedBy=multi-user.target
EOFCopy the startup script to your system's manager directory.
shellsession
sudo cp $BUILD_DIR/notus-scanner.service /etc/systemd/system/shellsession
sudo cp $BUILD_DIR/notus-scanner.service /etc/systemd/system/Create the Greenbone Vulnerability Manager (GVMD) startup script.
shellsession
cat << EOF > $BUILD_DIR/gvmd.service
[Unit]
Description=Greenbone Vulnerability Manager daemon (gvmd)
After=network.target networking.service postgresql.service ospd-openvas.service
Wants=postgresql.service ospd-openvas.service
Documentation=man:gvmd(8)
ConditionKernelCommandLine=!recovery
[Service]
Type=exec
User=gvm
Group=gvm
PIDFile=/run/gvmd/gvmd.pid
RuntimeDirectory=gvmd
RuntimeDirectoryMode=2775
ExecStart=/usr/local/sbin/gvmd --foreground --osp-vt-update=/run/ospd/ospd-openvas.sock --listen-group=gvm
Restart=always
TimeoutStopSec=10
[Install]
WantedBy=multi-user.target
EOFshellsession
cat << EOF > $BUILD_DIR/gvmd.service
[Unit]
Description=Greenbone Vulnerability Manager daemon (gvmd)
After=network.target networking.service postgresql.service ospd-openvas.service
Wants=postgresql.service ospd-openvas.service
Documentation=man:gvmd(8)
ConditionKernelCommandLine=!recovery
[Service]
Type=exec
User=gvm
Group=gvm
PIDFile=/run/gvmd/gvmd.pid
RuntimeDirectory=gvmd
RuntimeDirectoryMode=2775
ExecStart=/usr/local/sbin/gvmd --foreground --osp-vt-update=/run/ospd/ospd-openvas.sock --listen-group=gvm
Restart=always
TimeoutStopSec=10
[Install]
WantedBy=multi-user.target
EOFCopy the startup script to your system's manager directory.
shellsession
sudo cp $BUILD_DIR/gvmd.service /etc/systemd/system/shellsession
sudo cp $BUILD_DIR/gvmd.service /etc/systemd/system/Create the startup script for the web interface of Greenbone Security Assistant (GSA).
INFO
Remember to adjust your IP address for GSA if it's not set to listen on localhost. If you want to access GSA remotely, configure the IP address to listen on all interfaces using 0.0.0.0.
shellsession
cat << EOF > $BUILD_DIR/gsad.service
[Unit]
Description=Greenbone Security Assistant daemon (gsad)
Documentation=man:gsad(8) https://www.greenbone.net
After=network.target gvmd.service
Wants=gvmd.service
[Service]
Type=exec
User=gvm
Group=gvm
RuntimeDirectory=gsad
RuntimeDirectoryMode=2775
PIDFile=/run/gsad/gsad.pid
ExecStart=/usr/local/sbin/gsad --foreground --listen=127.0.0.1 --port=9392 --http-only
Restart=always
TimeoutStopSec=10
[Install]
WantedBy=multi-user.target
Alias=greenbone-security-assistant.service
EOFshellsession
cat << EOF > $BUILD_DIR/gsad.service
[Unit]
Description=Greenbone Security Assistant daemon (gsad)
Documentation=man:gsad(8) https://www.greenbone.net
After=network.target gvmd.service
Wants=gvmd.service
[Service]
Type=exec
User=gvm
Group=gvm
RuntimeDirectory=gsad
RuntimeDirectoryMode=2775
PIDFile=/run/gsad/gsad.pid
ExecStart=/usr/local/sbin/gsad --foreground --listen=127.0.0.1 --port=9392 --http-only
Restart=always
TimeoutStopSec=10
[Install]
WantedBy=multi-user.target
Alias=greenbone-security-assistant.service
EOFCopy the startup script to your system's manager directory.
shellsession
sudo cp $BUILD_DIR/gsad.service /etc/systemd/system/shellsession
sudo cp $BUILD_DIR/gsad.service /etc/systemd/system/To enable the created startup scripts, reload the system control daemon.
shellsession
sudo systemctl daemon-reloadshellsession
sudo systemctl daemon-reloadEnable each of the services.
shellsession
sudo systemctl enable notus-scanner
sudo systemctl enable ospd-openvas
sudo systemctl enable gvmd
sudo systemctl enable gsadshellsession
sudo systemctl enable notus-scanner
sudo systemctl enable ospd-openvas
sudo systemctl enable gvmd
sudo systemctl enable gsadNext start each service.
TIP
If any of the services fail to start for any reason, you can use, for example, journalctl -u notus-scanner.service to view the full trace or read the individual logs of the services in the /var/log/gvm/ directory.
shellsession
sudo systemctl start ospd-openvas
sudo systemctl start notus-scanner
sudo systemctl start gvmd
sudo systemctl start gsadshellsession
sudo systemctl start ospd-openvas
sudo systemctl start notus-scanner
sudo systemctl start gvmd
sudo systemctl start gsadINFO
Remember that even though the initial startup of the services are returned immediately, it make take several minutes or even hours for the services to be ready. For more information visit GVM official docs.
🎉 Done! Now log in to the Greenbone Security Assistant at http://localhost:9392 with the username admin and password admin. Remember to change your password after logging in.
Enable HTTPS
If you want to enable HTTPS support for Greenbone Security Assistant, you first need to generate new SSL certificates.
shellsession
/usr/local/bin/gvm-manage-certs -ashellsession
/usr/local/bin/gvm-manage-certs -aOnce you have obtained your SSL certificates, you need to edit the /etc/systemd/system/gsad.service file. Comment out the User and Group lines, and adjust the ExecStart line to match your requirements.
shellsession
cat << EOF > $BUILD_DIR/gsad.service
[Unit]
Description=Greenbone Security Assistant daemon (gsad)
Documentation=man:gsad(8) https://www.greenbone.net
After=network.target gvmd.service
Wants=gvmd.service
[Service]
Type=exec
#User=gvm
#Group=gvm
RuntimeDirectory=gsad
RuntimeDirectoryMode=2775
PIDFile=/run/gsad/gsad.pid
ExecStart=/usr/local/sbin/gsad --foreground --listen=127.0.0.1 --port=443 --rport=80 --ssl-private-key=/var/lib/gvm/private/CA/clientkey.pem --ssl-certificate=/var/lib/gvm/CA/clientcert.pem
Restart=always
TimeoutStopSec=10
[Install]
WantedBy=multi-user.target
Alias=greenbone-security-assistant.service
EOFshellsession
cat << EOF > $BUILD_DIR/gsad.service
[Unit]
Description=Greenbone Security Assistant daemon (gsad)
Documentation=man:gsad(8) https://www.greenbone.net
After=network.target gvmd.service
Wants=gvmd.service
[Service]
Type=exec
#User=gvm
#Group=gvm
RuntimeDirectory=gsad
RuntimeDirectoryMode=2775
PIDFile=/run/gsad/gsad.pid
ExecStart=/usr/local/sbin/gsad --foreground --listen=127.0.0.1 --port=443 --rport=80 --ssl-private-key=/var/lib/gvm/private/CA/clientkey.pem --ssl-certificate=/var/lib/gvm/CA/clientcert.pem
Restart=always
TimeoutStopSec=10
[Install]
WantedBy=multi-user.target
Alias=greenbone-security-assistant.service
EOFshellsession
sudo systemctl daemon-reloadshellsession
sudo systemctl daemon-reloadshellsession
sudo systemctl restart gsad.serviceshellsession
sudo systemctl restart gsad.serviceLog in to the Greenbone Security Assistant at https://localhost:443.
Troubleshooting
If you encounter any issue or having questions regarding Greenbone Vulnerability Manager, I recommend using their helpful community forum.
Questions, comments, or problems regarding this service? Create an issue here or contact webmaster@libellux.com.
