blob: e01bd8dfdaf6265cff3a09a08a64da4fe9a02b6e (
plain) (
blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
|
[
{ type: install
message: <<EOM
GVM ports were installed
If you are migrating to new version do not forget do the following:
# su -m gvm -c "gvmd --migrate"
Basic instructions for configure your gvm infraestruture are following:
1) Redis is a dependency of GVM. Please, configure redis-server for
listening on socket /var/run/redis/redis.sock. security/openvas scanner
needs it
# echo "db_address = /var/run/redis/redis.sock" > /usr/local/etc/openvas/openvas.conf
2) Add user gvm to redis group
# pw groupmod redis -M gvm
3) security/gvmd uses PostgreSQL database. Generally, PostgreSQL must be
installed in the same server where security/gvmd is running:
# su postgres
# createuser -DRS gvm
# createdb -O gvm gvmd
# psql gvmd
# create role dba with superuser noinherit;
# grant dba to gvm;
# create extension "uuid-ossp";
# create extension "pgcrypto";
4) Add the following lines to /etc/rc.conf
# sysrc redis_enable="YES"
# sysrc gvmd_enable="YES"
# sysrc ospd_openvas_enable="YES"
# sysrc gsad_enable="YES"
5) Currently, ospd_openvas should run as a user without elevated privileges
(gvm) and use sudo for run openvas scanner but it does not work properly.
Like a workaround you must run redis as root and the same with ospd_openvas.
Add the following lines to /etc/rc.conf
redis_user="root"
ospd_openvas_user="root"
Take in mind it is not the best configuration for run ospd_openvas and
openvas.
6) The following steps are neccessary before of you can access to GVM web
interface (gsad):
Start gvmd service. It will listen on /var/run/gvmd/gvmd.sock by default
# service gvmd start
Create certificates
# su -m gvm -c "gvm-manage-certs -a"
Sync gvmd Data, SCAP, CERT and NVT
# su -m gvm -c "greenbone-nvt-sync"
# su -m gvm -c "greenbone-feed-sync --type GVMD_DATA"
# su -m gvm -c "greenbone-feed-sync --type SCAP"
# su -m gvm -c "greenbone-feed-sync --type CERT"
Create an admin user and set the Feed Import Owner
# su -m gvm -c "gvmd --create-user=myuser"
# su -m gvm -c "gvmd --user=myuser --new-password=yourpassword"
Set the Feed Import Owner (myuser user in this example)
# su -m gvm -c "gvmd --get-users --verbose"
myuser <uuid_of_user>
# su -m gvm -c "gvmd --modify-setting 78eceaec-3385-11ea-b237-28d24461215b --value <uuid_of_user>
7) Start OSPD-OpenVAS Wrapper service. It will listen on /var/run/ospd/ospd.sock by default
# service ospd_openvas start
you can test if ospd_openvas is connecting with openvas scanner with the following commands:
# su -m gvm -c "gvmd --get-scanners"
6acd0832-df90-11e4-b9d5-28d24461215b CVE 0 CVE
08b69003-5fc2-4037-a479-93b440211c73 OpenVAS /var/run/ospd/ospd.sock 0 OpenVAS Default
# su -m gvm -c "gvmd --verify-scanner=08b69003-5fc2-4037-a479-93b440211c73"
Scanner version: OpenVAS x.x.x
8) Start GVM web interface. It will listen on http://127.0.0.1 by default
# service gsad start
9) Some openvas scanner tasks need access to /dev/bpf device. Add the
following lines to /etc/devfs.conf
own bpf root:gvm
perm bpf 0660
And restart service for apply the changes
# service devfs restart
10) gvm log files are stores to /var/log/gvm directory
11) gsad can export results to PDF. It needs print/texlive-texmf port
# pkg install texlive-texmf
It will install 1G of data
12) If you need more configure information you can look at the following links:
https://github.com/greenbone/gvmd/blob/master/INSTALL.md
https://github.com/greenbone/openvas/blob/master/INSTALL.md
https://github.com/greenbone/ospd/blob/master/doc/INSTALL-ospd-scanner.md
https://github.com/greenbone/gsa/blob/master/INSTALL.md
and
# gvmd -h
# openvas -h
# ospd-openvas -h
# gsad -h
13) Enjoy it
EOM
}
]
|