|
|
| (88 dazwischenliegende Versionen desselben Benutzers werden nicht angezeigt) |
| Zeile 1: |
Zeile 1: |
| == Installation ==
| | '''Greenbone/Installation''' - [[Greenbone Community Edition]] auf [[Kali Linux]] installieren |
| === gvm ===
| |
| ; This package installs all the required packages
| |
| It provides scripts to setup, start and stop the GVM services.
| |
| $ '''sudo apt install gvm'''
| |
|
| |
|
| === gvm-setup === | | == Beschreibung == |
| # '''gvm-setup -h''' | | === Kali Linux aktualisieren === |
|
| | <syntaxhighlight lang="bash" highlight="1"> |
| [>] Starting PostgreSQL service
| | sudo apt update |
| [>] Creating GVM's certificate files
| | </syntaxhighlight> |
| [>] Creating PostgreSQL database
| |
| [i] User _gvm already exists in PostgreSQL
| |
| [i] Database gvmd already exists in PostgreSQL
| |
| [i] Role DBA already exists in PostgreSQL
| |
|
| |
| [*] Applying permissions
| |
| GRANT ROLE
| |
| [i] Extension uuid-ossp already exists for gvmd database
| |
| [i] Extension pgcrypto already exists for gvmd database
| |
| [i] Extension pg-gvm already exists for gvmd database
| |
| [>] Migrating database
| |
| [>] Checking for GVM admin user
| |
| [*] Configure Feed Import Owner
| |
| [>] Updating GVM feeds
| |
| [*] Updating NVT (Network Vulnerability Tests feed from Greenbone Security Feed/Community Feed)
| |
|
| |
|
| === gvm-check-setup === | | === Installation === |
| # '''gvm-check-setup -h'''
| | <syntaxhighlight lang="bash" highlight="1"> |
| gvm-check-setup 22.4.0
| | sudo apt install gvm |
| Test completeness and readiness of GVM-22.4.0
| | </syntaxhighlight> |
| Step 1: Checking OpenVAS (Scanner)...
| |
| OK: OpenVAS Scanner is present in version 22.4.0.
| |
| OK: Notus Scanner is present in version 22.4.1.
| |
| OK: Server CA Certificate is present as /var/lib/gvm/CA/servercert.pem.
| |
| Checking permissions of /var/lib/openvas/gnupg/*
| |
| OK: _gvm owns all files in /var/lib/openvas/gnupg
| |
| OK: redis-server is present.
| |
| OK: scanner (db_address setting) is configured properly using the redis-server socket: /var/run/redis-openvas/redis-server.sock
| |
| ERROR: redis-server is not running or not listening on socket: /var/run/redis-openvas/redis-server.sock
| |
| FIX: You should start the redis-server with 'systemctl start redis-server@openvas.service' or configure it to listen on socket: /var/run/redis-openvas/redis-server.sock
| |
|
| |
| ERROR: Your GVM-22.4.0 installation is not yet complete!
| |
|
| |
| Please follow the instructions marked with FIX above and run this
| |
| script again.
| |
|
| |
|
| === gvm-feed-update === | | === gvm-setup === |
| # '''gvm-feed-update -h'''
| | <syntaxhighlight lang="bash" highlight="1"> |
| [>] Updating GVM feeds
| | sudo gvm-setup |
| [*] Updating NVT (Network Vulnerability Tests feed from Greenbone Security Feed/Community Feed)
| | </syntaxhighlight> |
| ----
| |
|
| |
|
| === gvm-start ===
| | Passwort notieren! |
| # '''gvm-start --help'''
| |
| [i] GVM services are already running
| |
|
| |
|
| === gvm-stop === | | === Installation prüfen === |
| # '''gvm-stop -h'''
| | <syntaxhighlight lang="bash" highlight="1"> |
| [>] Stopping GVM services
| | sudo gvm-check-setup |
| * gsad.service - Greenbone Security Assistant daemon (gsad)
| | </syntaxhighlight> |
| Loaded: loaded (/lib/systemd/system/gsad.service; disabled; preset: disabled)
| |
| Active: inactive (dead)
| |
| Docs: man:gsad(8)
| |
| <nowiki>https://www.greenbone.net</nowiki>
| |
|
| |
| * gvmd.service - Greenbone Vulnerability Manager daemon (gvmd)
| |
| Loaded: loaded (/lib/systemd/system/gvmd.service; disabled; preset: disabled)
| |
| Active: inactive (dead)
| |
| Docs: man:gvmd(8)
| |
|
| |
| Nov 24 04:58:38 kali systemd[1]: Starting Greenbone Vulnerability Manager daemon (gvmd)...
| |
| Nov 24 04:58:38 kali systemd[1]: gvmd.service: Can't open PID file /run/gvmd/gvmd.pid (yet?) after start: Operation not permitted
| |
| Nov 24 04:58:38 kali systemd[1]: Started Greenbone Vulnerability Manager daemon (gvmd).
| |
| Nov 24 04:58:42 kali systemd[1]: Stopping Greenbone Vulnerability Manager daemon (gvmd)...
| |
| Nov 24 04:58:42 kali systemd[1]: gvmd.service: Deactivated successfully.
| |
| Nov 24 04:58:42 kali systemd[1]: Stopped Greenbone Vulnerability Manager daemon (gvmd).
| |
|
| |
| * ospd-openvas.service - OSPd Wrapper for the OpenVAS Scanner (ospd-openvas)
| |
| Loaded: loaded (/lib/systemd/system/ospd-openvas.service; disabled; preset: disabled)
| |
| Active: inactive (dead)
| |
| Docs: man:ospd-openvas(8)
| |
| man:openvas(8)
| |
|
| |
| Nov 24 04:58:37 kali systemd[1]: Starting OSPd Wrapper for the OpenVAS Scanner (ospd-openvas)...
| |
| Nov 24 04:58:38 kali systemd[1]: Started OSPd Wrapper for the OpenVAS Scanner (ospd-openvas).
| |
| Nov 24 04:58:42 kali systemd[1]: Stopping OSPd Wrapper for the OpenVAS Scanner (ospd-openvas)...
| |
| Nov 24 04:58:43 kali systemd[1]: ospd-openvas.service: Deactivated successfully.
| |
| Nov 24 04:58:43 kali systemd[1]: Stopped OSPd Wrapper for the OpenVAS Scanner (ospd-openvas).
| |
|
| |
| * notus-scanner.service - Notus Scanner
| |
| Loaded: loaded (/lib/systemd/system/notus-scanner.service; disabled; preset: disabled)
| |
| Active: inactive (dead)
| |
| Docs: <nowiki>https://github.com/greenbone/notus-scanner</nowiki>
| |
|
| |
| Nov 24 04:58:38 kali notus-scanner[439849]: raise AdvisoriesLoadingError(
| |
| Nov 24 04:58:38 kali notus-scanner[439849]: notus.scanner.errors.AdvisoriesLoadingError: Can't load advisories. /var/lib/notus/products is not a directory.
| |
| Nov 24 04:58:38 kali notus-scanner[439849]: Exception ignored in atexit callback: <function exit_cleanup at 0x7ffff5349870>
| |
| Nov 24 04:58:38 kali notus-scanner[439849]: Traceback (most recent call last):
| |
| Nov 24 04:58:38 kali notus-scanner[439849]: File "/usr/lib/python3/dist-packages/notus/scanner/utils.py", line 112, in exit_cleanup
| |
| Nov 24 04:58:38 kali notus-scanner[439849]: sys.exit()
| |
| Nov 24 04:58:38 kali notus-scanner[439849]: SystemExit:
| |
| Nov 24 04:58:38 kali systemd[1]: notus-scanner.service: Can't open PID file /run/notus-scanner/notus-scanner.pid (yet?) after start: Operation not permitted
| |
| Nov 24 04:58:42 kali systemd[1]: notus-scanner.service: Deactivated successfully.
| |
| Nov 24 04:58:42 kali systemd[1]: Stopped Notus Scanner.
| |
|
| |
|
| === Fehlerbehebung === | | === Anmeldung === |
| There is a lot that can go wrong during the installation of OpenVAS as some of our readers has pointed out, therefore, we decided to create a little extra section here, covering the most common errors.
| | ; Anmeldung an der grafischen Oberfläche |
| | Im Webbrowser: https://127.0.0.1:9392 |
|
| |
|
| ==== PostgreSQL Version Errors v13 and v14 ==== | | === Feed-Status prüfen === |
| There are multiple possible version errors for PostgreSQL. As our reader Tom has pointed out, the first one is:
| | * Vor dem ersten Scanvorgang |
|
| |
|
| [>] Starting PostgreSQL service[-] ERROR: The default PostgreSQL version ('''13''') is not '''14''' that is required by libgvmd[-] ERROR: Use pg_upgradecluster to update your PostgreSQL cluster
| | === Externer Zugriff === |
| | <syntaxhighlight lang="bash" highlight="1" copy> |
| | sudo systemctl edit --full greenbone-security-assistant.service |
| | </syntaxhighlight> |
| | <syntaxhighlight lang="bash" highlight="0" copy> |
| | - ExecStart=/usr/sbin/gsad --foreground --listen 127.0.0.1 --port 9293 |
| | + ExecStart=/usr/sbin/gsad --foreground --listen 0.0.0.0 --port 443 |
| | </syntaxhighlight> |
|
| |
|
| Solution:
| | Laden Sie die Daemons neu, da Sie Dateien geändert haben, und starten Sie die Dienste neu |
| | <syntaxhighlight lang="bash" highlight="1" copy> |
| | sudo systemctl daemon-reload |
| | </syntaxhighlight> |
|
| |
|
| Open the <tt>postgresql.conf</tt> file of '''version 14''' and change the port to '''5432''':
| | <syntaxhighlight lang="bash" highlight="1" copy> |
| | sudo systemctl restart gsad.service gvmd.service ospd-openvas.service |
| | </syntaxhighlight> |
|
| |
|
| sudo nano /etc/postgresql/14/main/postgresql.conf
| | Überprüfen Sie, dass alle Dienste auf dem gewünschten Host lauschen |
| | <syntaxhighlight lang="bash" highlight="1" copy> |
| | ss -nalt |
| | </syntaxhighlight> |
|
| |
|
| Then open the <tt>postgresql.conf</tt> file of '''version 13''' and check if the port is the same as in version 14. If it is the same –''' change it''' to '''5433''':
| | Wenn der Neustart der Dienste nicht funktioniert hat, versuchen Sie, den Server selbst neu zu starten. |
|
| |
|
| sudo nano /etc/postgresql/13/main/postgresql.conf
| | <noinclude> |
|
| |
|
| Restart the PostgreSQL service:
| | == Anhang == |
| | | === Siehe auch === |
| sudo systemctl restart postgresql
| | <div style="column-count:2"> |
| | | <categorytree hideroot=on mode="pages">{{BASEPAGENAME}}</categorytree> |
| ==== PostgreSQL Version Errors v14 and v15 ====
| | </div> |
| During my installation, I got the following error affecting '''v14''' and '''v15''' of PostgreSQL:
| | ---- |
| | | {{Special:PrefixIndex/{{BASEPAGENAME}}/}} |
| [>] Starting PostgreSQL service[-] ERROR: The default PostgreSQL version ('''14''') is not '''15''' that is required by libgvmd[-] ERROR: Use pg_upgradecluster to update your PostgreSQL cluster
| |
| | |
| Gladly, the solution to this problem was easier than the one above and might as well work for the problem above:
| |
| | |
| sudo systemcctl stop postgresql@14-main
| |
| sudo /usr/bin/pg_dropcluster --stop 14 main
| |
| | |
| ==== OpenVAS failed to find config ==== | |
| Another common error is the '''failed to find config ‘long-string-value’''' message. There are multiple possible solutions for this issue. The one that worked for me is the following:
| |
| | |
| sudo runuser -u _gvm – gvmd --get-scanners
| |
| | |
| Note down the scanner ID.
| |
| | |
| Then run:
| |
| | |
| sudo runuser -u _gvm – gvmd --get-users --verbose
| |
| | |
| This gives you the users, including their IDs. You are probably an admin. To solve the issue, enter:
| |
| | |
| sudo runuser -u _gvm – gvmd --modify-scanner [scanner id] --value [user id]
| |
| | |
| | |
| == Install == | |
| The first thing we want to do is to make sure that our Kali installation is up-to-date. So open a terminal window and run:
| |
| | |
| sudo apt update && sudo apt upgrade -y
| |
| | |
| This will update your repository and upgrade your Kali, the <tt>-y</tt> at the end saves you a press of the button “Y” in the process.
| |
| | |
| The next thing we want to do is to install OpenVAS. Again in the Terminal type:
| |
| | |
| sudo apt install openvas
| |
| | |
| Confirm that you are aware that an additional ~1,2 Gigabyte of Disk Space will be used by pressing <tt>Y</tt>.
| |
| | |
| Now this will take a good while.
| |
| | |
| Once that is done we will run another command in the terminal window:
| |
| | |
| sudo gvm-setup
| |
| | |
| '''Note''': In case you run into a PostgreSQL error – check out the troubleshooting section at the end of this article.
| |
| | |
| This is going to '''take very long'''.
| |
| | |
| [[Image:Bild1.png|top|alt="Install OpenVAS on Kali Linux"]]
| |
| | |
| Phew… That took about 2 hours for me to finish. I still didn’t get why it takes so long, but just go for a long walk and come back later…
| |
| | |
| After the setup process is finished, don’t forget to note down your password that was generated at the end, you need it to log in for the first time.
| |
| | |
| [[Image:Bild2.png|top|alt="Install OpenVAS on Kali Linux"]]
| |
| | |
| == Installing ==
| |
| To install Openvas and its dependencies on our Kali Linux system run the following command:
| |
| sudo apt update
| |
| sudo apt upgrade -y
| |
| sudo apt dist-upgrade -y
| |
| sudo apt install openvas
| |
| | |
| * The next step is to run the installer, which will configure OpenVAS and download various network vulnerability tests (NVT) or signatures.
| |
| * Due to a large number of NVTs (50.000+), the setting process may take some time and consume a lot of data.
| |
| * In the test setup we used for this tutorial, the complete setup process took 10 minutes, which is not bad.
| |
| | |
| Run the following command to start the setup process
| |
| # '''gvm-setup'''
| |
|
| |
|
| After the configuration process is complete, all the necessary OpenVAS processes will start and the web interface will open automatically.
| | === Dokumentation === |
| * The web interface is running locally on port 9392 and can be accessed through [https://localhost:9392/ https://localhost:9392].'''
| | <!-- |
| * OpenVAS will also set up an admin account and automatically generate a password for this account which is displayed in the last section of the setup output:
| | ; Man-Page |
| | # [https://manpages.debian.org/stable/procps/pgrep.1.de.html prep(1)] |
|
| |
|
| == Verify the Installation ==
| | ; Info-Pages |
| You can verify your installation
| | --> |
| # '''gvm-check-setup'''
| |
|
| |
|
| ; After the setup completes, you will find two listening TCP ports: 9390 and 9392
| | === Links === |
| Port 9392 is likely the one of most interest to you as it is the web interface for OpenVAS. You can open the web interface using your browser of choice.
| | ==== Projekt ==== |
| | ==== Weblinks ==== |
| | # https://greenbone.github.io/docs/latest/22.4/kali/index.html |
|
| |
|
| # '''ss -lnt4'''
| | <!-- |
| State Recv-Q Send-Q Local Address:Port Peer Address:Port
| | {{DEFAULTSORT:new}} |
| LISTEN 0 128 127.0.0.1:9390 *:*
| | {{DISPLAYTITLE:new}} |
| LISTEN 0 128 127.0.0.1:9392 *:*
| | --> |
|
| |
| # '''firefox <nowiki>https://127.0.0.1:9392</nowiki>'''
| |
|
| |
|
| | [[Kategorie:Greenbone]] |
|
| |
|
| [[Kategorie:Greenbone Security Manager]]
| | </noinclude> |