Greenbone/Installation

Aus Foxwiki

Installation

gvm

This package installs all the required packages

It provides scripts to setup, start and stop the GVM services.

$ sudo apt install gvm

gvm-check-setup

# gvm-check-setup -h
gvm-check-setup 22.4.0
  Test completeness and readiness of GVM-22.4.0
Step 1: Checking OpenVAS (Scanner)... 
        OK: OpenVAS Scanner is present in version 22.4.0.
        OK: Notus Scanner is present in version 22.4.1.
        OK: Server CA Certificate is present as /var/lib/gvm/CA/servercert.pem.
Checking permissions of /var/lib/openvas/gnupg/*
        OK: _gvm owns all files in /var/lib/openvas/gnupg
        OK: redis-server is present.
        OK: scanner (db_address setting) is configured properly using the redis-server socket: /var/run/redis-openvas/redis-server.sock
        ERROR: redis-server is not running or not listening on socket: /var/run/redis-openvas/redis-server.sock
        FIX: You should start the redis-server with 'systemctl start redis-server@openvas.service' or configure it to listen on socket: /var/run/redis-openvas/redis-server.sock

 ERROR: Your GVM-22.4.0 installation is not yet complete!

Please follow the instructions marked with FIX above and run this
script again.

gvm-feed-update

# gvm-feed-update -h
[>] Updating GVM feeds
[*] Updating NVT (Network Vulnerability Tests feed from Greenbone Security Feed/Community Feed)

gvm-setup
# gvm-setup -h

[>] Starting PostgreSQL service
[>] Creating GVM's certificate files
[>] Creating PostgreSQL database
[i] User _gvm already exists in PostgreSQL
[i] Database gvmd already exists in PostgreSQL
[i] Role DBA already exists in PostgreSQL

[*] Applying permissions
GRANT ROLE
[i] Extension uuid-ossp already exists for gvmd database
[i] Extension pgcrypto already exists for gvmd database
[i] Extension pg-gvm already exists for gvmd database
[>] Migrating database
[>] Checking for GVM admin user
[*] Configure Feed Import Owner
[>] Updating GVM feeds
[*] Updating NVT (Network Vulnerability Tests feed from Greenbone Security Feed/Community Feed)
gvm-start
# gvm-start --help
[i] GVM services are already running
gvm-stop
# gvm-stop -h
[>] Stopping GVM services
* gsad.service - Greenbone Security Assistant daemon (gsad)
     Loaded: loaded (/lib/systemd/system/gsad.service; disabled; preset: disabled)
     Active: inactive (dead)
       Docs: man:gsad(8)
             https://www.greenbone.net

* gvmd.service - Greenbone Vulnerability Manager daemon (gvmd)
     Loaded: loaded (/lib/systemd/system/gvmd.service; disabled; preset: disabled)
     Active: inactive (dead)
       Docs: man:gvmd(8)

Nov 24 04:58:38 kali systemd[1]: Starting Greenbone Vulnerability Manager daemon (gvmd)...
Nov 24 04:58:38 kali systemd[1]: gvmd.service: Can't open PID file /run/gvmd/gvmd.pid (yet?) after start: Operation not permitted
Nov 24 04:58:38 kali systemd[1]: Started Greenbone Vulnerability Manager daemon (gvmd).
Nov 24 04:58:42 kali systemd[1]: Stopping Greenbone Vulnerability Manager daemon (gvmd)...
Nov 24 04:58:42 kali systemd[1]: gvmd.service: Deactivated successfully.
Nov 24 04:58:42 kali systemd[1]: Stopped Greenbone Vulnerability Manager daemon (gvmd).

* ospd-openvas.service - OSPd Wrapper for the OpenVAS Scanner (ospd-openvas)
     Loaded: loaded (/lib/systemd/system/ospd-openvas.service; disabled; preset: disabled)
     Active: inactive (dead)
       Docs: man:ospd-openvas(8)
             man:openvas(8)

Nov 24 04:58:37 kali systemd[1]: Starting OSPd Wrapper for the OpenVAS Scanner (ospd-openvas)...
Nov 24 04:58:38 kali systemd[1]: Started OSPd Wrapper for the OpenVAS Scanner (ospd-openvas).
Nov 24 04:58:42 kali systemd[1]: Stopping OSPd Wrapper for the OpenVAS Scanner (ospd-openvas)...
Nov 24 04:58:43 kali systemd[1]: ospd-openvas.service: Deactivated successfully.
Nov 24 04:58:43 kali systemd[1]: Stopped OSPd Wrapper for the OpenVAS Scanner (ospd-openvas).

* notus-scanner.service - Notus Scanner
     Loaded: loaded (/lib/systemd/system/notus-scanner.service; disabled; preset: disabled)
     Active: inactive (dead)
       Docs: https://github.com/greenbone/notus-scanner

Nov 24 04:58:38 kali notus-scanner[439849]:     raise AdvisoriesLoadingError(
Nov 24 04:58:38 kali notus-scanner[439849]: notus.scanner.errors.AdvisoriesLoadingError: Can't load advisories. /var/lib/notus/products is not a directory.
Nov 24 04:58:38 kali notus-scanner[439849]: Exception ignored in atexit callback: <function exit_cleanup at 0x7ffff5349870>
Nov 24 04:58:38 kali notus-scanner[439849]: Traceback (most recent call last):
Nov 24 04:58:38 kali notus-scanner[439849]:   File "/usr/lib/python3/dist-packages/notus/scanner/utils.py", line 112, in exit_cleanup
Nov 24 04:58:38 kali notus-scanner[439849]:     sys.exit()
Nov 24 04:58:38 kali notus-scanner[439849]: SystemExit:
Nov 24 04:58:38 kali systemd[1]: notus-scanner.service: Can't open PID file /run/notus-scanner/notus-scanner.pid (yet?) after start: Operation not permitted
Nov 24 04:58:42 kali systemd[1]: notus-scanner.service: Deactivated successfully.
Nov 24 04:58:42 kali systemd[1]: Stopped Notus Scanner.

Fehlerbehebung

There is a lot that can go wrong during the installation of OpenVAS as some of our readers has pointed out, therefore, we decided to create a little extra section here, covering the most common errors.

PostgreSQL Version Errors v13 and v14

There are multiple possible version errors for PostgreSQL. As our reader Tom has pointed out, the first one is:

[>] Starting PostgreSQL service[-] ERROR: The default PostgreSQL version (13) is not 14 that is required by libgvmd[-] ERROR: Use pg_upgradecluster to update your PostgreSQL cluster

Solution:

Open the postgresql.conf file of version 14 and change the port to 5432:

sudo nano /etc/postgresql/14/main/postgresql.conf

Then open the postgresql.conf file of version 13 and check if the port is the same as in version 14. If it is the same – change it to 5433:

sudo nano /etc/postgresql/13/main/postgresql.conf

Restart the PostgreSQL service:

sudo systemctl restart postgresql

PostgreSQL Version Errors v14 and v15

During my installation, I got the following error affecting v14 and v15 of PostgreSQL:

[>] Starting PostgreSQL service[-] ERROR: The default PostgreSQL version (14) is not 15 that is required by libgvmd[-] ERROR: Use pg_upgradecluster to update your PostgreSQL cluster

Gladly, the solution to this problem was easier than the one above and might as well work for the problem above:

sudo systemcctl stop postgresql@14-main
sudo /usr/bin/pg_dropcluster --stop 14 main

OpenVAS failed to find config

Another common error is the failed to find config ‘long-string-value’ message. There are multiple possible solutions for this issue. The one that worked for me is the following:

sudo runuser -u _gvm – gvmd --get-scanners

Note down the scanner ID.

Then run:

sudo runuser -u _gvm – gvmd --get-users --verbose

This gives you the users, including their IDs. You are probably an admin. To solve the issue, enter:

sudo runuser -u _gvm – gvmd --modify-scanner [scanner id] --value [user id]