Greenbone/Konfiguration: Unterschied zwischen den Versionen
| Zeile 70: | Zeile 70: | ||
== Externer Zugriff == | == Externer Zugriff == | ||
; Since we're on '''systemd''', you actually need to modify three ''.service'' files | ; Since we're on '''systemd''', you actually need to modify three ''.service'' files | ||
* greenbone-security-assistant.service | |||
* openvas-manager.service | |||
* openvas-scanner.service | |||
; | ; To make it quick, you may want to use ''[[sed]]'' | ||
This line will replace all '''127.0.0.1''' to '''0.0.0.0''' which will allow all services to be available on all interfaces. | |||
; You should replace '''0.0.0.0''' to the address of your choice. | |||
# cd /lib/systemd/system | |||
You should replace '''0.0.0.0''' to the address of your choice. | |||
# sed -e 's/127.0.0.1/0.0.0.0/g' greenbone-security-assistant.service openvas-manager.service openvas-scanner.service | # sed -e 's/127.0.0.1/0.0.0.0/g' greenbone-security-assistant.service openvas-manager.service openvas-scanner.service | ||
; Verify that all will be done as you want | ; Verify that all will be done as you want | ||
If you're happy with the changes, just add ''-i'' to the end of previous command. | If you're happy with the changes, just add ''-i'' to the end of previous command. | ||
# sed -e 's/127.0.0.1/0.0.0.0/g' greenbone-security-assistant.service openvas-manager.service openvas-scanner.service -i | # sed -e 's/127.0.0.1/0.0.0.0/g' greenbone-security-assistant.service openvas-manager.service openvas-scanner.service -i | ||
; | ; Reload daemons, since you've modified files and restart services | ||
# systemctl daemon-reload | # systemctl daemon-reload | ||
# systemctl restart greenbone-security-assistant.service openvas-manager.service openvas-scanner.service | # systemctl restart greenbone-security-assistant.service openvas-manager.service openvas-scanner.service | ||
| Zeile 92: | Zeile 91: | ||
; Verify, that all services are listening on desired host | ; Verify, that all services are listening on desired host | ||
ss -nalt | ss -nalt | ||
If restarting services didn't work, try to restart the server itself. | If restarting services didn't work, try to restart the server itself. | ||
[[Kategorie:Greenbone]] | [[Kategorie:Greenbone]] | ||
Version vom 10. Februar 2023, 10:14 Uhr
Konfiguration
Dateien
Configuring
The installation is now finished. Next, we verify if our installation is working.
$ sudo gvm-check-setup
I got an error (SCAP DATA are missing), but if you look through the error message, you can see that you can fix it by running:
$ sudo runuser -u _gvm -- greenbone-feed-sync --type SCAP
- Starting the OpenVAS Service
sudo gvm-start
Now your OpenVAS Service should be up and running
- OpenVAS listens on the Ports: 9390, 9391, 9392, and on Port 80.
- Your web browser should automatically open and lead to the OpenVAS Login Page.
- If not, open a web browser manually and enter the URL
https://127.0.0.1:9392
- The first time you want to open this URL you will get a security warning
- Click on Advanced and Add an Exception.
Remember the password you noted down before? Now we are going to need it.
Log in to OpenVAS with admin // your password
"Install OpenVAS on Kali Linux"
First things first – Navigate to To your User Profile / My Settings / Click on Edit and change the password.
This is basically all you need to do. OpenVAS is now running and ready for use.
Password reset
Did you forget to note down the password? You can change the admin password using the following commands:
# gvmd --user=admin --new-password=passwd;
The next step is to accept the self-signed certificate warning and use the automatically generated admin credentials to login on to the web interface:
Starting and stopping
Before starting to install the virtual appliance, the last step I have to consider is to start and stop the OpenVAS service. OpenVAS services consume a lot of unnecessary resources, so it is recommended that you disable these services when you are not using OpenVAS.
Run the following command to start the services:
Sudo gvm-start
To stop the OpenVAS services again, run:
sudo gvm-stop
To create a new user
sudo runuser -u _gvm -- gvmd --create-user=admin2 --new-password=12345
To change the password of the existing user:
sudo runuser -u _gvm -- gvmd --user=admin --new-password=new_password
Externer Zugriff
- Since we're on systemd, you actually need to modify three .service files
- greenbone-security-assistant.service
- openvas-manager.service
- openvas-scanner.service
- To make it quick, you may want to use sed
This line will replace all 127.0.0.1 to 0.0.0.0 which will allow all services to be available on all interfaces.
- You should replace 0.0.0.0 to the address of your choice.
# cd /lib/systemd/system # sed -e 's/127.0.0.1/0.0.0.0/g' greenbone-security-assistant.service openvas-manager.service openvas-scanner.service
- Verify that all will be done as you want
If you're happy with the changes, just add -i to the end of previous command.
# sed -e 's/127.0.0.1/0.0.0.0/g' greenbone-security-assistant.service openvas-manager.service openvas-scanner.service -i
- Reload daemons, since you've modified files and restart services
# systemctl daemon-reload # systemctl restart greenbone-security-assistant.service openvas-manager.service openvas-scanner.service
- Verify, that all services are listening on desired host
ss -nalt
If restarting services didn't work, try to restart the server itself.