Setting up GVM11

From Alpine Linux
Revision as of 16:40, 15 May 2020 by Fcolista (talk | contribs) (Created page with "= Greenbone Vulnerability Management (GVM) 11 = = Introduction = OpenVAS with version 11 has been renamed in Greenbone Vulnerability Management and it is available in communi...")
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)

Greenbone Vulnerability Management (GVM) 11

Introduction

OpenVAS with version 11 has been renamed in Greenbone Vulnerability Management and it is available in community repository.

This How-To will guide you to install a complete server solution for vulnerability scanning and vulnerability management solution.

Install

Enable the community repository and install the required packages:

apk add openvas openvas-config gvmd gvm-libs greenbone-security-assistant ospd-openvas

Configuration

PostgreSQL

OpenVAS relies on PostgreSQL, that now is mandatory.

Start PostgreSQL and add it to default runlevel:

rc-service postgresql setup
rc-service postgresql start
rc-update add postgresql

Create and configure the gvm database:

su - postgres
createuser -DRS gvm
createdb -O gvm gvmd
psql gvmd
create role dba with superuser noinherit;
grant dba to gvm;
create extension if not exists "uuid-ossp";
create extension "pgcrypto";
exit

GVMd

GVMd run as gvm user. Generate the certificate. The certificate infrastructure enables GVMd to communicate in a secure manner and is used for authentication and authorization before establishing TLS connections between the daemons. You can setup the certificate automatically with:

su - gvm
gvm-manage-certs -a

Create credentials used to interact with gvmd:

gvmd --create-user=admin --password=admin

Update GVM definitions

Download the GVM definitions and start GVMd, as root user. Be patient...it will take a while:

greenbone-scapdata-sync
greenbone-certdata-sync
rc-service gvmd start

Add gvmd to start on boot:

rc-update add gvmd

NVT definitions can be downloaded as gvm user:

su - gvm
greenbone-nvt-sync

Greenbone Security Assistant (GSAD)

Configure Greenbone Security Assistant (GSAD) to listen to other interfaces rather than localhost only, so it is reachable from other hosts.

Modify /etc/conf.d/gsad: with:

GSAD_LISTEN="--listen=0.0.0.0" 

Or, in one shot:

sed -i -e "s/127\.0\.0\.1/0\.0\.0\.0/g" /etc/conf.d/gsad

Start GSAD and add it to default runlevel:

rc-service gsad start
rc-update add gsad

Open the browser at the IP address where GSAD is running, on port 9392, and login with the credentials previously created.

Happy vulnerability assestment!