|
|
| (84 dazwischenliegende Versionen desselben Benutzers werden nicht angezeigt) |
| Zeile 1: |
Zeile 1: |
| == Installation ==
| | '''Greenbone/Installation''' - [[Greenbone Community Edition]] auf [[Kali Linux]] installieren |
| === gvm ===
| |
| ; This package installs all the required packages
| |
| It provides scripts to setup, start and stop the GVM services.
| |
| $ '''sudo apt install gvm'''
| |
|
| |
|
| === gvm-setup === | | == Beschreibung == |
| # '''gvm-setup -h''' | | === Kali Linux aktualisieren === |
|
| | <syntaxhighlight lang="bash" highlight="1"> |
| [>] Starting PostgreSQL service
| | sudo apt update |
| [>] Creating GVM's certificate files
| | </syntaxhighlight> |
| [>] Creating PostgreSQL database
| |
| [i] User _gvm already exists in PostgreSQL
| |
| [i] Database gvmd already exists in PostgreSQL
| |
| [i] Role DBA already exists in PostgreSQL
| |
|
| |
| [*] Applying permissions
| |
| GRANT ROLE
| |
| [i] Extension uuid-ossp already exists for gvmd database
| |
| [i] Extension pgcrypto already exists for gvmd database
| |
| [i] Extension pg-gvm already exists for gvmd database
| |
| [>] Migrating database
| |
| [>] Checking for GVM admin user
| |
| [*] Configure Feed Import Owner
| |
| [>] Updating GVM feeds
| |
| [*] Updating NVT (Network Vulnerability Tests feed from Greenbone Security Feed/Community Feed)
| |
|
| |
|
| === gvm-check-setup === | | === Installation === |
| # '''gvm-check-setup -h'''
| | <syntaxhighlight lang="bash" highlight="1"> |
| gvm-check-setup 22.4.0
| | sudo apt install gvm |
| Test completeness and readiness of GVM-22.4.0
| | </syntaxhighlight> |
| Step 1: Checking OpenVAS (Scanner)...
| |
| OK: OpenVAS Scanner is present in version 22.4.0.
| |
| OK: Notus Scanner is present in version 22.4.1.
| |
| OK: Server CA Certificate is present as /var/lib/gvm/CA/servercert.pem.
| |
| Checking permissions of /var/lib/openvas/gnupg/*
| |
| OK: _gvm owns all files in /var/lib/openvas/gnupg
| |
| OK: redis-server is present.
| |
| OK: scanner (db_address setting) is configured properly using the redis-server socket: /var/run/redis-openvas/redis-server.sock
| |
| ERROR: redis-server is not running or not listening on socket: /var/run/redis-openvas/redis-server.sock
| |
| FIX: You should start the redis-server with 'systemctl start redis-server@openvas.service' or configure it to listen on socket: /var/run/redis-openvas/redis-server.sock
| |
|
| |
| ERROR: Your GVM-22.4.0 installation is not yet complete!
| |
|
| |
| Please follow the instructions marked with FIX above and run this
| |
| script again.
| |
|
| |
|
| === gvm-feed-update === | | === gvm-setup === |
| # '''gvm-feed-update -h'''
| | <syntaxhighlight lang="bash" highlight="1"> |
| [>] Updating GVM feeds
| | sudo gvm-setup |
| [*] Updating NVT (Network Vulnerability Tests feed from Greenbone Security Feed/Community Feed)
| | </syntaxhighlight> |
| ----
| |
|
| |
|
| === gvm-start ===
| | Passwort notieren! |
| # '''gvm-start --help'''
| |
| [i] GVM services are already running
| |
|
| |
|
| === gvm-stop === | | === Installation prüfen === |
| # '''gvm-stop -h'''
| | <syntaxhighlight lang="bash" highlight="1"> |
| [>] Stopping GVM services
| | sudo gvm-check-setup |
| * gsad.service - Greenbone Security Assistant daemon (gsad)
| | </syntaxhighlight> |
| Loaded: loaded (/lib/systemd/system/gsad.service; disabled; preset: disabled)
| |
| Active: inactive (dead)
| |
| Docs: man:gsad(8)
| |
| <nowiki>https://www.greenbone.net</nowiki>
| |
|
| |
| * gvmd.service - Greenbone Vulnerability Manager daemon (gvmd)
| |
| Loaded: loaded (/lib/systemd/system/gvmd.service; disabled; preset: disabled)
| |
| Active: inactive (dead)
| |
| Docs: man:gvmd(8)
| |
|
| |
| Nov 24 04:58:38 kali systemd[1]: Starting Greenbone Vulnerability Manager daemon (gvmd)...
| |
| Nov 24 04:58:38 kali systemd[1]: gvmd.service: Can't open PID file /run/gvmd/gvmd.pid (yet?) after start: Operation not permitted
| |
| Nov 24 04:58:38 kali systemd[1]: Started Greenbone Vulnerability Manager daemon (gvmd).
| |
| Nov 24 04:58:42 kali systemd[1]: Stopping Greenbone Vulnerability Manager daemon (gvmd)...
| |
| Nov 24 04:58:42 kali systemd[1]: gvmd.service: Deactivated successfully.
| |
| Nov 24 04:58:42 kali systemd[1]: Stopped Greenbone Vulnerability Manager daemon (gvmd).
| |
|
| |
| * ospd-openvas.service - OSPd Wrapper for the OpenVAS Scanner (ospd-openvas)
| |
| Loaded: loaded (/lib/systemd/system/ospd-openvas.service; disabled; preset: disabled)
| |
| Active: inactive (dead)
| |
| Docs: man:ospd-openvas(8)
| |
| man:openvas(8)
| |
|
| |
| Nov 24 04:58:37 kali systemd[1]: Starting OSPd Wrapper for the OpenVAS Scanner (ospd-openvas)...
| |
| Nov 24 04:58:38 kali systemd[1]: Started OSPd Wrapper for the OpenVAS Scanner (ospd-openvas).
| |
| Nov 24 04:58:42 kali systemd[1]: Stopping OSPd Wrapper for the OpenVAS Scanner (ospd-openvas)...
| |
| Nov 24 04:58:43 kali systemd[1]: ospd-openvas.service: Deactivated successfully.
| |
| Nov 24 04:58:43 kali systemd[1]: Stopped OSPd Wrapper for the OpenVAS Scanner (ospd-openvas).
| |
|
| |
| * notus-scanner.service - Notus Scanner
| |
| Loaded: loaded (/lib/systemd/system/notus-scanner.service; disabled; preset: disabled)
| |
| Active: inactive (dead)
| |
| Docs: <nowiki>https://github.com/greenbone/notus-scanner</nowiki>
| |
|
| |
| Nov 24 04:58:38 kali notus-scanner[439849]: raise AdvisoriesLoadingError(
| |
| Nov 24 04:58:38 kali notus-scanner[439849]: notus.scanner.errors.AdvisoriesLoadingError: Can't load advisories. /var/lib/notus/products is not a directory.
| |
| Nov 24 04:58:38 kali notus-scanner[439849]: Exception ignored in atexit callback: <function exit_cleanup at 0x7ffff5349870>
| |
| Nov 24 04:58:38 kali notus-scanner[439849]: Traceback (most recent call last):
| |
| Nov 24 04:58:38 kali notus-scanner[439849]: File "/usr/lib/python3/dist-packages/notus/scanner/utils.py", line 112, in exit_cleanup
| |
| Nov 24 04:58:38 kali notus-scanner[439849]: sys.exit()
| |
| Nov 24 04:58:38 kali notus-scanner[439849]: SystemExit:
| |
| Nov 24 04:58:38 kali systemd[1]: notus-scanner.service: Can't open PID file /run/notus-scanner/notus-scanner.pid (yet?) after start: Operation not permitted
| |
| Nov 24 04:58:42 kali systemd[1]: notus-scanner.service: Deactivated successfully.
| |
| Nov 24 04:58:42 kali systemd[1]: Stopped Notus Scanner.
| |
|
| |
|
| == Install == | | === Anmeldung === |
| The first thing we want to do is to make sure that our Kali installation is up-to-date. So open a terminal window and run:
| | ; Anmeldung an der grafischen Oberfläche |
| $ sudo apt update && sudo apt upgrade -y
| | Im Webbrowser: https://127.0.0.1:9392 |
|
| |
|
| This will update your repository and upgrade your Kali, the <tt>-y</tt> at the end saves you a press of the button “Y” in the process.
| | === Feed-Status prüfen === |
| | * Vor dem ersten Scanvorgang |
|
| |
|
| The next thing we want to do is to install OpenVAS. Again in the Terminal type:
| | === Externer Zugriff === |
| $ sudo apt install openvas
| | <syntaxhighlight lang="bash" highlight="1" copy> |
| | sudo systemctl edit --full greenbone-security-assistant.service |
| | </syntaxhighlight> |
| | <syntaxhighlight lang="bash" highlight="0" copy> |
| | - ExecStart=/usr/sbin/gsad --foreground --listen 127.0.0.1 --port 9293 |
| | + ExecStart=/usr/sbin/gsad --foreground --listen 0.0.0.0 --port 443 |
| | </syntaxhighlight> |
|
| |
|
| Confirm that you are aware that an additional ~1,2 Gigabyte of Disk Space will be used by pressing <tt>Y</tt>.
| | Laden Sie die Daemons neu, da Sie Dateien geändert haben, und starten Sie die Dienste neu |
| | <syntaxhighlight lang="bash" highlight="1" copy> |
| | sudo systemctl daemon-reload |
| | </syntaxhighlight> |
|
| |
|
| Now this will take a good while.
| | <syntaxhighlight lang="bash" highlight="1" copy> |
| | sudo systemctl restart gsad.service gvmd.service ospd-openvas.service |
| | </syntaxhighlight> |
|
| |
|
| Once that is done we will run another command in the terminal window:
| | Überprüfen Sie, dass alle Dienste auf dem gewünschten Host lauschen |
| $ sudo gvm-setup
| | <syntaxhighlight lang="bash" highlight="1" copy> |
| | ss -nalt |
| | </syntaxhighlight> |
|
| |
|
| ; Note
| | Wenn der Neustart der Dienste nicht funktioniert hat, versuchen Sie, den Server selbst neu zu starten. |
| :In case you run into a PostgreSQL error – check out the troubleshooting section at the end of this article.
| |
|
| |
|
| This is going to '''take very long'''.
| | <noinclude> |
|
| |
|
| [[Image:Bild1.png|top|alt="Install OpenVAS on Kali Linux"]]
| | == Anhang == |
| | === Siehe auch === |
| | <div style="column-count:2"> |
| | <categorytree hideroot=on mode="pages">{{BASEPAGENAME}}</categorytree> |
| | </div> |
| | ---- |
| | {{Special:PrefixIndex/{{BASEPAGENAME}}/}} |
|
| |
|
| Phew… That took about 2 hours for me to finish. I still didn’t get why it takes so long, but just go for a long walk and come back later…
| | === Dokumentation === |
| | <!-- |
| | ; Man-Page |
| | # [https://manpages.debian.org/stable/procps/pgrep.1.de.html prep(1)] |
|
| |
|
| After the setup process is finished, don’t forget to note down your password that was generated at the end, you need it to log in for the first time.
| | ; Info-Pages |
| | --> |
|
| |
|
| [[Image:Bild2.png|top|alt="Install OpenVAS on Kali Linux"]]
| | === Links === |
| | ==== Projekt ==== |
| | ==== Weblinks ==== |
| | # https://greenbone.github.io/docs/latest/22.4/kali/index.html |
|
| |
|
| == Installing ==
| | <!-- |
| To install Openvas and its dependencies on our Kali Linux system run the following command:
| | {{DEFAULTSORT:new}} |
| sudo apt update
| | {{DISPLAYTITLE:new}} |
| sudo apt upgrade -y
| | --> |
| sudo apt dist-upgrade -y
| |
| sudo apt install openvas
| |
|
| |
|
| * The next step is to run the installer, which will configure OpenVAS and download various network vulnerability tests (NVT) or signatures.
| | [[Kategorie:Greenbone]] |
| * Due to a large number of NVTs (50.000+), the setting process may take some time and consume a lot of data.
| |
| * In the test setup we used for this tutorial, the complete setup process took 10 minutes, which is not bad.
| |
| | |
| Run the following command to start the setup process
| |
| # '''gvm-setup'''
| |
| | |
| After the configuration process is complete, all the necessary OpenVAS processes will start and the web interface will open automatically.
| |
| * The web interface is running locally on port 9392 and can be accessed through [https://localhost:9392/ https://localhost:9392].'''
| |
| * OpenVAS will also set up an admin account and automatically generate a password for this account which is displayed in the last section of the setup output:
| |
| | |
| == Verify the Installation ==
| |
| You can verify your installation
| |
| # '''gvm-check-setup'''
| |
| | |
| ; After the setup completes, you will find two listening TCP ports: 9390 and 9392
| |
| Port 9392 is likely the one of most interest to you as it is the web interface for OpenVAS. You can open the web interface using your browser of choice.
| |
| | |
| # '''ss -lnt4'''
| |
| State Recv-Q Send-Q Local Address:Port Peer Address:Port
| |
| LISTEN 0 128 127.0.0.1:9390 *:*
| |
| LISTEN 0 128 127.0.0.1:9392 *:*
| |
|
| |
| # '''firefox <nowiki>https://127.0.0.1:9392</nowiki>'''
| |
|
| |
|
| | | </noinclude> |
| [[Kategorie:Greenbone]]
| |
Greenbone/Installation - Greenbone Community Edition auf Kali Linux installieren
Beschreibung
Kali Linux aktualisieren
Installation
gvm-setup
Passwort notieren!
Installation prüfen
Anmeldung
- Anmeldung an der grafischen Oberfläche
Im Webbrowser: https://127.0.0.1:9392
Feed-Status prüfen
- Vor dem ersten Scanvorgang
Externer Zugriff
sudo systemctl edit --full greenbone-security-assistant.service
- ExecStart=/usr/sbin/gsad --foreground --listen 127.0.0.1 --port 9293
+ ExecStart=/usr/sbin/gsad --foreground --listen 0.0.0.0 --port 443
Laden Sie die Daemons neu, da Sie Dateien geändert haben, und starten Sie die Dienste neu
sudo systemctl daemon-reload
sudo systemctl restart gsad.service gvmd.service ospd-openvas.service
Überprüfen Sie, dass alle Dienste auf dem gewünschten Host lauschen
Wenn der Neustart der Dienste nicht funktioniert hat, versuchen Sie, den Server selbst neu zu starten.
Anhang
Siehe auch
Dokumentation
Links
Projekt
Weblinks
- https://greenbone.github.io/docs/latest/22.4/kali/index.html