Setting up GVM11
Greenbone Vulnerability Management (GVM) 11
Introduction
OpenVAS with version 11 has been renamed in Greenbone Vulnerability Management and it is available in community repository.
This How-To will guide you to install a complete server solution for vulnerability scanning and vulnerability management solution.
Install
Enable the community repository and install the required packages:
apk add openvas openvas-config gvmd gvm-libs greenbone-security-assistant ospd-openvas
Configuration
PostgreSQL
OpenVAS relies on PostgreSQL, that now is mandatory.
Start PostgreSQL and add it to default runlevel:
rc-service postgresql setup rc-service postgresql start rc-update add postgresql
Create and configure the gvm database:
su - postgres createuser -DRS gvm createdb -O gvm gvmd psql gvmd create role dba with superuser noinherit; grant dba to gvm; create extension if not exists "uuid-ossp"; create extension "pgcrypto"; exit
GVMd
GVMd run as gvm user. Generate the certificate. The certificate infrastructure enables GVMd to communicate in a secure manner and is used for authentication and authorization before establishing TLS connections between the daemons. You can setup the certificate automatically with:
su - gvm gvm-manage-certs -a
Create credentials used to interact with gvmd:
gvmd --create-user=admin --password=admin
Update GVM definitions
Download the GVM definitions and start GVMd, as root user. Be patient...it will take a while:
greenbone-scapdata-sync greenbone-certdata-sync rc-service gvmd start
Add gvmd to start on boot:
rc-update add gvmd
NVT definitions can be downloaded as gvm user:
su - gvm greenbone-nvt-sync
Greenbone Security Assistant (GSAD)
Configure Greenbone Security Assistant (GSAD) to listen to other interfaces rather than localhost only, so it is reachable from other hosts.
Modify /etc/conf.d/gsad: with:
GSAD_LISTEN="--listen=0.0.0.0"
Start GSAD and add it to default runlevel:
rc-service gsad start rc-update add gsad
Open the browser at the IP address where GSAD is running, on port 9392, and login with the credentials previously created.
Happy vulnerability assestment!