Author: Martin Dvorsky<\/p>\n\n\n\n
Greenbone Vulnerability Manager (formerly OpenVAS) is the most popular open source vulnerability scanner.
In this tutorial we will install, configure and prepare GVM v10 for use with CLI only.<\/p>\n\n\n\n
OS: Debian 9.8.0
GVMD: 8.0
GVM-libs: 10.0
GVM-tools: 1.4.1
OpenVAS (scanner): 6.0
OpenVAS SMB: 1.0.5<\/p>\n\n\n\n
sudo apt install -y git xmltoman doxygen gcc cmake pkg-config gcc-mingw-w64 libgnutls28-dev perl-base heimdal-dev libpopt-dev libglib2.0-dev libgpgme11-dev uuid-dev libssh-gcrypt-dev libhiredis-dev libpcap-dev bison libksba-dev libsnmp-dev libgcrypt20-dev libradcli-dev libldap2-dev clang-format libical-dev postgresql postgresql-contrib postgresql-server-dev-all xsltproc python3-pip redis-server gnutls-bin python3-paramiko python3-lxml python3-defusedxml haveged<\/code><\/pre>\n\n\n\nGit clone and install following source codes from GitHub <\/h3>\n\n\n\n
Note: At the time of writing this article (10\/2019) we weren’t successful in installing the latest versions (master branches) of following components. There were cross dependencies that were impossible to meet and according to developers at Greenbone community portal: „The master branch is used for development and could break at any time“, so we stayed away from that.
We used versions (branches) mentioned in the beginning of the article.<\/p>\n\n\n\n
- https:\/\/github.com\/greenbone\/openvas-smb<\/a><\/li>
- https:\/\/github.com\/greenbone\/gvm-libs<\/a><\/li>
- https:\/\/github.com\/greenbone\/openvas-scanner<\/a><\/li>
- https:\/\/github.com\/greenbone\/gvmd<\/a> <\/li><\/ul>\n\n\n\n
git clone -b <branch_name> <package_URL>\ncd <package_name>\ncmake .\nsudo make install<\/code><\/pre>\n\n\n\nInstall gvm-tools using pip3 <\/h3>\n\n\n\npip3 install gvm-tools<\/code><\/pre>\n\n\n\nLink libraries<\/h3>\n\n\n\nsudo ldconfig<\/code><\/pre>\n\n\n\nEdit config file for Redis DB server \/etc\/redis\/redis.conf<\/h3>\n\n\n\nChange listening port to 0 (don\u2019t listen, use Unix socket instead)<\/h4>\n\n\n\nport 0<\/code><\/pre>\n\n\n\nEnable Unix socket<\/h4>\n\n\n\nunixsocket \/tmp\/redis.sock\nunixsocketperm 700<\/code><\/pre>\n\n\n\nCreate systemd service files for openvassd and gvmd<\/h3>\n\n\n\n\/etc\/systemd\/system\/openvassd.service<\/h4>\n\n\n\n[Unit]\nDescription=OpenVas scanner\nAfter=redis-server.service\n\n[Service]\nExecStart=\/usr\/local\/sbin\/openvassd -f\n\n[Install]\nWantedBy=multi-user.target<\/code><\/pre>\n\n\n\n \/etc\/systemd\/system\/gvmd.service<\/h4>\n\n\n\n[Unit]\nDescription=OpenVas manager\n\n[Service]\nExecStart=\/usr\/local\/sbin\/gvmd -f\n\n[Install]\nWantedBy=multi-user.target<\/code><\/pre>\n\n\n\nEdit systemd service file for Redis DB server \/lib\/systemd\/system\/redis-server.service<\/h3>\n\n\n\nDon\u2019t create separate file system namespace<\/h4>\n\n\n\nPrivateTmp=no<\/code><\/pre>\n\n\n\nGrant access to Unix socket (add line into [Service] section)<\/h4>\n\n\n\nReadWriteDirectories=-\/tmp<\/code><\/pre>\n\n\n\nReload service files<\/h3>\n\n\n\nsudo systemctl daemon-reload<\/code><\/pre>\n\n\n\nRestart Redis DB server<\/h3>\n\n\n\nsudo systemctl restart redis-server.service<\/code><\/pre>\n\n\n\nls -l \/tmp<\/em> should give you sock file redis.sock<\/em><\/p>\n\n\n\nUpdate signatures (NVTs, SCAP data, CERT data)<\/h3>\n\n\n\nsudo greenbone-nvt-sync\nsudo greenbone-scapdata-sync\nsudo greenbone-certdata-sync<\/code><\/pre>\n\n\n\nCreate GVM admin account and change password<\/h3>\n\n\n\nsudo gvmd --create-user=admin --role=Admin\nsudo gvmd --user=admin --new-password=V3ry$3cur3P@$$w0rd<\/code><\/pre>\n\n\n\n(Optional) Modify OpenVAS scanner configuration<\/h3>\n\n\n\n
Config file for OpenVAS scanner by default doesn\u2019t exists. You can check default configuration using command:<\/p>\n\n\n\n
sudo openvas -s<\/code><\/pre>\n\n\n\nIf you want to modify any of this configuration (for example number of concurrently scanned vulnerabilities or hosts), use the following command and then edit the created file:<\/p>\n\n\n\n
sudo openvas -s > \/usr\/local\/etc\/openvas\/openvas.conf<\/code><\/pre>\n\n\n\nEnable GVMD and OpenVAS scanner services and start them:<\/h3>\n\n\n\nsudo systemctl enable openvassd.service\nsudo systemctl enable gvmd.service\nsudo systemctl start openvassd.service\nsudo systemctl start gvmd.service<\/code><\/pre>\n\n\n\nSignatures are now probably loading (check using ps -ef<\/em>). Loading SCAP data can take more than one hour. After the loading is complete, restart the system and enjoy GVM.<\/p>\n\n\n\nAn example of simple command to show all tasks:<\/p>\n\n\n\n
gvm-cli --gmp-username admin --gmp-password V3ry$3cur3P@$$w0rd socket --socketpath \/usr\/local\/var\/run\/gvmd.sock --xml '<get_tasks\/>'<\/code><\/pre>\n\n\n\n(Optional) Web GUI<\/h3>\n\n\n\n
For Web GUI you will need Greenbone Security Assistant (GSA) and probably a few dependencies (not tested).<\/p>\n\n\n\n
https:\/\/github.com\/greenbone\/gsa<\/code><\/pre>\n\n\n\n<\/p>","protected":false},"excerpt":{"rendered":"
Author: Martin Dvorsky Greenbone Vulnerability Manager (formerly OpenVAS) is the most popular open source vulnerability scanner.In this tutorial we will install, configure and prepare GVM v10 for use with CLI only. Versions: OS: Debian 9.8.0GVMD: 8.0GVM-libs: 10.0GVM-tools: 1.4.1OpenVAS (scanner): 6.0OpenVAS SMB: 1.0.5 Install dependencies Git clone and install following source codes from GitHub Note: At…<\/p>","protected":false},"author":21,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_seopress_robots_primary_cat":"","_seopress_titles_title":"","_seopress_titles_desc":"","_seopress_robots_index":"","_kad_blocks_custom_css":"","_kad_blocks_head_custom_js":"","_kad_blocks_body_custom_js":"","_kad_blocks_footer_custom_js":"","_kad_post_transparent":"","_kad_post_title":"","_kad_post_layout":"","_kad_post_sidebar_id":"","_kad_post_content_style":"","_kad_post_vertical_padding":"","_kad_post_feature":"","_kad_post_feature_position":"","_kad_post_header":false,"_kad_post_footer":false,"footnotes":""},"categories":[709,685,707,715],"tags":[],"class_list":["post-4828","post","type-post","status-publish","format-standard","hentry","category-network-security-analyzers","category-linux_-_howto-en","category-network-security-en","category-network-security-tools"],"taxonomy_info":{"category":[{"value":709,"label":"Analyzers"},{"value":685,"label":"Linux - HOWTO"},{"value":707,"label":"Network security"},{"value":715,"label":"Tools"}]},"featured_image_src_large":false,"author_info":{"display_name":"Martin Dvorsk\u00fd","author_link":"https:\/\/nil.uniza.sk\/en\/author\/martin-dvorsky\/"},"comment_info":11,"category_info":[{"term_id":709,"name":"Analyzers","slug":"network-security-analyzers","term_group":0,"term_taxonomy_id":707,"taxonomy":"category","description":"","parent":707,"count":4,"filter":"raw","cat_ID":709,"category_count":4,"category_description":"","cat_name":"Analyzers","category_nicename":"network-security-analyzers","category_parent":707},{"term_id":685,"name":"Linux - HOWTO","slug":"linux_-_howto-en","term_group":0,"term_taxonomy_id":683,"taxonomy":"category","description":"","parent":0,"count":71,"filter":"raw","cat_ID":685,"category_count":71,"category_description":"","cat_name":"Linux - HOWTO","category_nicename":"linux_-_howto-en","category_parent":0},{"term_id":707,"name":"Network security","slug":"network-security-en","term_group":0,"term_taxonomy_id":705,"taxonomy":"category","description":"","parent":0,"count":4,"filter":"raw","cat_ID":707,"category_count":4,"category_description":"","cat_name":"Network security","category_nicename":"network-security-en","category_parent":0},{"term_id":715,"name":"Tools","slug":"network-security-tools","term_group":0,"term_taxonomy_id":713,"taxonomy":"category","description":"","parent":707,"count":8,"filter":"raw","cat_ID":715,"category_count":8,"category_description":"","cat_name":"Tools","category_nicename":"network-security-tools","category_parent":707}],"tag_info":false,"_links":{"self":[{"href":"https:\/\/nil.uniza.sk\/en\/wp-json\/wp\/v2\/posts\/4828","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/nil.uniza.sk\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/nil.uniza.sk\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/nil.uniza.sk\/en\/wp-json\/wp\/v2\/users\/21"}],"replies":[{"embeddable":true,"href":"https:\/\/nil.uniza.sk\/en\/wp-json\/wp\/v2\/comments?post=4828"}],"version-history":[{"count":0,"href":"https:\/\/nil.uniza.sk\/en\/wp-json\/wp\/v2\/posts\/4828\/revisions"}],"wp:attachment":[{"href":"https:\/\/nil.uniza.sk\/en\/wp-json\/wp\/v2\/media?parent=4828"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/nil.uniza.sk\/en\/wp-json\/wp\/v2\/categories?post=4828"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/nil.uniza.sk\/en\/wp-json\/wp\/v2\/tags?post=4828"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}