Install Greenbone Vulnerability Manager 10-beta1 with Postgresql on Ubuntu 18.04 to test is out...
Oct 29, 2018Edits:
-
2018-10-30 - Fixed the redis part.. There was a good old PEBKAC from me
-
2019-01-01 - Updated some thing with the help from a comment by tsanchez88 below. This should update this to work with beta2. And a fix that was a good old PEBKAC from me again :)
-
2019-03-24 - Again PEBKAC from me, mafli77 found out that the latest fix from 190101 was sorta wrong. Thanks for the find!
First try at GVM 10b1 on Ubuntu 18.04LTS.
Like the last guides –
This installation is not made for public facing servers, there is no build in security in my setup.
Everything is run as root in this example below, including daemons and web servers…
I take no responsibility if this guide bork you server, burn your house down to ashes or just messes up your life.. It’s under the “it worked for me[tm]” clause
This is work in progress.
Become almighty root
sudo su
Download the stuffz
cd /usr/local/src
wget -O gvm-libs-1.0-beta1.tar.gz https://github.com/greenbone/gvm-libs/archive/v1.0+beta1.tar.gz ;\
wget -O openvas-scanner-6.0-beta1.tar.gz https://github.com/greenbone/openvas-scanner/archive/v6.0+beta1.tar.gz ;\
wget -O gvm-8.0-beta1.tar.gz https://github.com/greenbone/gvm/archive/v8.0+beta1.tar.gz ;\
wget -O gsa-8.0-beta1.tar.gz https://github.com/greenbone/gsa/archive/v8.0+beta1.tar.gz ;\
wget -O ospd-1.3.1.tar.gz https://github.com/greenbone/ospd/archive/v1.3.1.tar.gz ;\
wget -O openvas-smb-1.0.4.tar.gz https://github.com/greenbone/openvas-smb/archive/v1.0.4.tar.gz
unpack
find . -name \*.gz -exec tar zxvfp {} \;
install requirements
add-apt-repository universe ;\
apt install cmake pkg-config libglib2.0-dev libgpgme11-dev uuid-dev libssh-gcrypt-dev libhiredis-dev \
gcc libgnutls28-dev libpcap-dev libgpgme-dev bison libksba-dev libsnmp-dev libgcrypt20-dev redis-server \
libsqlite3-dev libical-dev gnutls-bin doxygen nmap libmicrohttpd-dev libxml2-dev apt-transport-https sqlfairy \
xmltoman xsltproc gcc-mingw-w64 perl-base heimdal-dev libpopt-dev graphviz nodejs rpm nsis wget sshpass socat snmp \
postgresql postgresql-contrib postgresql-server-dev-all libpq-dev
install gvm-libs
cd gvm-libs-1.0-beta1 ;\
mkdir build ;\
cd build ;\
cmake .. ;\
make ;\
make doc-full ;\
make install ;\
cd /usr/local/src
config and build openvas-smb
cd openvas-smb-1.0.4 ;\
mkdir build ;\
cd build/ ;\
cmake .. ;\
make ;\
make install ;\
cd /usr/local/src
config and build scanner
cd openvas-scanner-6.0-beta1 ;\
mkdir build ;\
cd build/ ;\
cmake .. ;\
make ;\
make doc-full ;\
make install ;\
cd /usr/local/src
Fix redis for default openvas install
cp /etc/redis/redis.conf /etc/redis/redis.orig ;\
cp /usr/local/src/openvas-scanner-6.0-beta1/build/doc/example_redis_2_6.conf /etc/redis/redis.conf ;\
sed -i 's|/usr/local/var/run/openvas-redis.pid|/var/run/redis/redis-server.pid|g' /etc/redis/redis.conf ;\
sed -i 's|/tmp/redis.sock|/var/run/redis/redis-server.sock|g' /etc/redis/redis.conf ;\
sed -i 's|dir ./|dir /var/lib/redis|g' /etc/redis/redis.conf
sysctl -w net.core.somaxconn=1024
sysctl vm.overcommit_memory=1
echo "net.core.somaxconn=1024" >> /etc/sysctl.conf
echo "vm.overcommit_memory=1" >> /etc/sysctl.conf
cat << EOF > /etc/systemd/system/disable-thp.service
[Unit]
Description=Disable Transparent Huge Pages (THP)
[Service]
Type=simple
ExecStart=/bin/sh -c "echo 'never' > /sys/kernel/mm/transparent_hugepage/enabled && echo 'never' > /sys/kernel/mm/transparent_hugepage/defrag"
[Install]
WantedBy=multi-user.target
EOF
systemctl daemon-reload ;\
systemctl start disable-thp ;\
systemctl enable disable-thp ;\
systemctl restart redis-server
beta1 config
cat << EOF > /usr/local/etc/openvas/openvassd.conf
kb_location = /var/run/redis/redis-server.sock
EOF
beta2 config
cat << EOF > /usr/local/etc/openvas/openvassd.conf
db_address = /var/run/redis/redis-server.sock
EOF
update nvt’s
greenbone-nvt-sync
reload modules
ldconfig
start openvassd
openvassd
check out so that openvassd is running
root@hostilehamster:/usr/local/src# watch "ps -ef | grep openvassd"
root 32078 1 27 16:09 ? 00:00:36 openvassd: Reloaded 6550 of 34309 NVTs (19% / ETA: 09:10)
root 32079 32078 0 16:09 ? 00:00:00 openvassd (Loading Handler)
Wait until “openvassd: Reloaded is done”.. and switches to “Waiting for ingcoming…”
config and build manager
cd gvm-8.0-beta1 ;\
mkdir build ;\
cd build/ ;\
cmake -DBACKEND=POSTGRESQL .. ;\
make ;\
make doc-full ;\
make install ;\
cd /usr/local/src
Config postgresql backend
sudo -u postgres sh
createuser -DRS root
createdb -O root gvmd
psql gvmd
create role dba with superuser noinherit;
grant dba to root;
create extension "uuid-ossp";
\q
exit
ldconfig
configure and install gsa
curl --silent --show-error https://dl.yarnpkg.com/debian/pubkey.gpg | sudo apt-key add - ;\
echo "deb https://dl.yarnpkg.com/debian/ stable main" | sudo tee /etc/apt/sources.list.d/yarn.list ;\
sudo apt-get update ;\
sudo apt-get install yarn
cd gsa-8.0-beta1 ;\
mkdir build ;\
cd build/ ;\
cmake .. ;\
make ;\
make doc-full ;\
make install ;\
cd /usr/local/src
fix certs
gvm-manage-certs -a
create admin user
gvmd --create-user=admin
start evrytnhg to test is out..
gvmd ;\
openvassd ;\
gsad
And point your browser to http://ipnumberofyourserver and login :)
Coffe..
To be continued…