|
|
| Zeile 1: |
Zeile 1: |
| == Installation ==
| | https://greenbone.github.io/docs/latest/22.4/kali/index.html |
| === gvm ===
| |
| ; This package installs all the required packages
| |
| It provides scripts to setup, start and stop the GVM services.
| |
| $ '''sudo apt install gvm'''
| |
| | |
| === gvm-setup ===
| |
| # '''gvm-setup -h'''
| |
|
| |
| [>] Starting PostgreSQL service
| |
| [>] Creating GVM's certificate files
| |
| [>] Creating PostgreSQL database
| |
| [i] User _gvm already exists in PostgreSQL
| |
| [i] Database gvmd already exists in PostgreSQL
| |
| [i] Role DBA already exists in PostgreSQL
| |
|
| |
| [*] Applying permissions
| |
| GRANT ROLE
| |
| [i] Extension uuid-ossp already exists for gvmd database
| |
| [i] Extension pgcrypto already exists for gvmd database
| |
| [i] Extension pg-gvm already exists for gvmd database
| |
| [>] Migrating database
| |
| [>] Checking for GVM admin user
| |
| [*] Configure Feed Import Owner
| |
| [>] Updating GVM feeds
| |
| [*] Updating NVT (Network Vulnerability Tests feed from Greenbone Security Feed/Community Feed)
| |
| | |
| === gvm-check-setup ===
| |
| # '''gvm-check-setup -h'''
| |
| gvm-check-setup 22.4.0
| |
| Test completeness and readiness of GVM-22.4.0
| |
| Step 1: Checking OpenVAS (Scanner)...
| |
| OK: OpenVAS Scanner is present in version 22.4.0.
| |
| OK: Notus Scanner is present in version 22.4.1.
| |
| OK: Server CA Certificate is present as /var/lib/gvm/CA/servercert.pem.
| |
| Checking permissions of /var/lib/openvas/gnupg/*
| |
| OK: _gvm owns all files in /var/lib/openvas/gnupg
| |
| OK: redis-server is present.
| |
| OK: scanner (db_address setting) is configured properly using the redis-server socket: /var/run/redis-openvas/redis-server.sock
| |
| ERROR: redis-server is not running or not listening on socket: /var/run/redis-openvas/redis-server.sock
| |
| FIX: You should start the redis-server with 'systemctl start redis-server@openvas.service' or configure it to listen on socket: /var/run/redis-openvas/redis-server.sock
| |
|
| |
| ERROR: Your GVM-22.4.0 installation is not yet complete!
| |
|
| |
| Please follow the instructions marked with FIX above and run this
| |
| script again.
| |
| | |
| === gvm-feed-update ===
| |
| # '''gvm-feed-update -h'''
| |
| [>] Updating GVM feeds
| |
| [*] Updating NVT (Network Vulnerability Tests feed from Greenbone Security Feed/Community Feed)
| |
| ----
| |
| | |
| === gvm-start ===
| |
| # '''gvm-start --help'''
| |
| [i] GVM services are already running
| |
| | |
| === gvm-stop ===
| |
| # '''gvm-stop -h'''
| |
| [>] Stopping GVM services
| |
| * gsad.service - Greenbone Security Assistant daemon (gsad)
| |
| Loaded: loaded (/lib/systemd/system/gsad.service; disabled; preset: disabled)
| |
| Active: inactive (dead)
| |
| Docs: man:gsad(8)
| |
| <nowiki>https://www.greenbone.net</nowiki>
| |
|
| |
| * gvmd.service - Greenbone Vulnerability Manager daemon (gvmd)
| |
| Loaded: loaded (/lib/systemd/system/gvmd.service; disabled; preset: disabled)
| |
| Active: inactive (dead)
| |
| Docs: man:gvmd(8)
| |
|
| |
| Nov 24 04:58:38 kali systemd[1]: Starting Greenbone Vulnerability Manager daemon (gvmd)...
| |
| Nov 24 04:58:38 kali systemd[1]: gvmd.service: Can't open PID file /run/gvmd/gvmd.pid (yet?) after start: Operation not permitted
| |
| Nov 24 04:58:38 kali systemd[1]: Started Greenbone Vulnerability Manager daemon (gvmd).
| |
| Nov 24 04:58:42 kali systemd[1]: Stopping Greenbone Vulnerability Manager daemon (gvmd)...
| |
| Nov 24 04:58:42 kali systemd[1]: gvmd.service: Deactivated successfully.
| |
| Nov 24 04:58:42 kali systemd[1]: Stopped Greenbone Vulnerability Manager daemon (gvmd).
| |
|
| |
| * ospd-openvas.service - OSPd Wrapper for the OpenVAS Scanner (ospd-openvas)
| |
| Loaded: loaded (/lib/systemd/system/ospd-openvas.service; disabled; preset: disabled)
| |
| Active: inactive (dead)
| |
| Docs: man:ospd-openvas(8)
| |
| man:openvas(8)
| |
|
| |
| Nov 24 04:58:37 kali systemd[1]: Starting OSPd Wrapper for the OpenVAS Scanner (ospd-openvas)...
| |
| Nov 24 04:58:38 kali systemd[1]: Started OSPd Wrapper for the OpenVAS Scanner (ospd-openvas).
| |
| Nov 24 04:58:42 kali systemd[1]: Stopping OSPd Wrapper for the OpenVAS Scanner (ospd-openvas)...
| |
| Nov 24 04:58:43 kali systemd[1]: ospd-openvas.service: Deactivated successfully.
| |
| Nov 24 04:58:43 kali systemd[1]: Stopped OSPd Wrapper for the OpenVAS Scanner (ospd-openvas).
| |
|
| |
| * notus-scanner.service - Notus Scanner
| |
| Loaded: loaded (/lib/systemd/system/notus-scanner.service; disabled; preset: disabled)
| |
| Active: inactive (dead)
| |
| Docs: <nowiki>https://github.com/greenbone/notus-scanner</nowiki>
| |
|
| |
| Nov 24 04:58:38 kali notus-scanner[439849]: raise AdvisoriesLoadingError(
| |
| Nov 24 04:58:38 kali notus-scanner[439849]: notus.scanner.errors.AdvisoriesLoadingError: Can't load advisories. /var/lib/notus/products is not a directory.
| |
| Nov 24 04:58:38 kali notus-scanner[439849]: Exception ignored in atexit callback: <function exit_cleanup at 0x7ffff5349870>
| |
| Nov 24 04:58:38 kali notus-scanner[439849]: Traceback (most recent call last):
| |
| Nov 24 04:58:38 kali notus-scanner[439849]: File "/usr/lib/python3/dist-packages/notus/scanner/utils.py", line 112, in exit_cleanup
| |
| Nov 24 04:58:38 kali notus-scanner[439849]: sys.exit()
| |
| Nov 24 04:58:38 kali notus-scanner[439849]: SystemExit:
| |
| Nov 24 04:58:38 kali systemd[1]: notus-scanner.service: Can't open PID file /run/notus-scanner/notus-scanner.pid (yet?) after start: Operation not permitted
| |
| Nov 24 04:58:42 kali systemd[1]: notus-scanner.service: Deactivated successfully.
| |
| Nov 24 04:58:42 kali systemd[1]: Stopped Notus Scanner.
| |
| | |
| == Install ==
| |
| The first thing we want to do is to make sure that our Kali installation is up-to-date. So open a terminal window and run:
| |
| $ sudo apt update && sudo apt upgrade -y
| |
| | |
| This will update your repository and upgrade your Kali, the <tt>-y</tt> at the end saves you a press of the button “Y” in the process.
| |
| | |
| The next thing we want to do is to install OpenVAS. Again in the Terminal type:
| |
| $ sudo apt install openvas
| |
| | |
| Confirm that you are aware that an additional ~1,2 Gigabyte of Disk Space will be used by pressing <tt>Y</tt>.
| |
| | |
| Now this will take a good while.
| |
| | |
| Once that is done we will run another command in the terminal window:
| |
| $ sudo gvm-setup
| |
| | |
| ; Note
| |
| :In case you run into a PostgreSQL error – check out the troubleshooting section at the end of this article.
| |
| | |
| This is going to '''take very long'''.
| |
| | |
| [Image:Bild1.png|top|alt="Install OpenVAS on Kali Linux"]]
| |
| | |
| Phew… That took about 2 hours for me to finish. I still didn’t get why it takes so long, but just go for a long walk and come back later…
| |
| | |
| After the setup process is finished, don’t forget to note down your password that was generated at the end, you need it to log in for the first time.
| |
| | |
| [Image:Bild2.png|top|alt="Install OpenVAS on Kali Linux"]]
| |
| | |
| == Installing ==
| |
| To install Openvas and its dependencies on our Kali Linux system run the following command:
| |
| sudo apt update
| |
| sudo apt upgrade -y
| |
| sudo apt dist-upgrade -y
| |
| sudo apt install openvas
| |
| | |
| * The next step is to run the installer, which will configure OpenVAS and download various network vulnerability tests (NVT) or signatures.
| |
| * Due to a large number of NVTs (50.000+), the setting process may take some time and consume a lot of data.
| |
| * In the test setup we used for this tutorial, the complete setup process took 10 minutes, which is not bad.
| |
| | |
| Run the following command to start the setup process
| |
| # '''gvm-setup'''
| |
| | |
| After the configuration process is complete, all the necessary OpenVAS processes will start and the web interface will open automatically.
| |
| * The web interface is running locally on port 9392 and can be accessed through [https://localhost:9392/ https://localhost:9392].'''
| |
| * OpenVAS will also set up an admin account and automatically generate a password for this account which is displayed in the last section of the setup output:
| |
| | |
| == Verify the Installation ==
| |
| You can verify your installation
| |
| # '''gvm-check-setup'''
| |
| | |
| ; After the setup completes, you will find two listening TCP ports: 9390 and 9392
| |
| Port 9392 is likely the one of most interest to you as it is the web interface for OpenVAS. You can open the web interface using your browser of choice.
| |
| | |
| # '''ss -lnt4'''
| |
| State Recv-Q Send-Q Local Address:Port Peer Address:Port
| |
| LISTEN 0 128 127.0.0.1:9390 *:*
| |
| LISTEN 0 128 127.0.0.1:9392 *:*
| |
|
| |
| # '''firefox <nowiki>https://127.0.0.1:9392</nowiki>'''
| |
| | |
| | |
| [[Kategorie:Greenbone]]
| |