Difference between revisions of "Setting up GVM10"
m (→Install) |
(Updated the page with GVM-11) |
||
Line 1: | Line 1: | ||
− | = Greenbone Vulnerability Management (GVM) | + | = Greenbone Vulnerability Management (GVM) 11 = |
= Introduction = | = Introduction = | ||
− | OpenVAS with version | + | OpenVAS with version 11 has been renamed in Greenbone Vulnerability Management and it is available in community repository. |
This How-To will guide you to install a complete server solution for vulnerability scanning and vulnerability management solution. | This How-To will guide you to install a complete server solution for vulnerability scanning and vulnerability management solution. | ||
Line 9: | Line 9: | ||
[[Enable_Community_Repository|Enable the community repository]] and install the required packages: | [[Enable_Community_Repository|Enable the community repository]] and install the required packages: | ||
− | {{Cmd|apk add gvmd | + | {{Cmd|apk add openvas openvas-config gvmd gvm-libs greenbone-security-assistant ospd-openvas}} |
= Configuration = | = Configuration = | ||
− | == | + | == PostgreSQL == |
− | OpenVAS relies on | + | OpenVAS relies on PostgreSQL, that now is mandatory. |
− | + | Start PostgreSQL and add it to default runlevel: | |
− | + | rc-service postgresql setup | |
− | + | rc-service postgresql start | |
− | + | rc-update add postgresql | |
− | + | Create and configure the gvm database: | |
− | |||
− | |||
− | + | su - postgres | |
+ | createuser -DRS gvm | ||
+ | createdb -O gvm gvmd | ||
+ | psql gvmd | ||
+ | create role dba with superuser noinherit; | ||
+ | grant dba to gvm; | ||
+ | create extension if not exists "uuid-ossp"; | ||
+ | create extension "pgcrypto"; | ||
+ | exit | ||
− | + | == GVMd == | |
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | The certificate infrastructure enables | + | GVMd run as gvm user. Generate the certificate. |
+ | The certificate infrastructure enables GVMd to communicate in a secure manner and is used for authentication and authorization before establishing TLS connections between the daemons. | ||
You can setup the certificate automatically with: | You can setup the certificate automatically with: | ||
− | + | su - gvm | |
gvm-manage-certs -a | gvm-manage-certs -a | ||
− | Create | + | Create credentials used to interact with gvmd: |
− | |||
− | + | gvmd --create-user=admin --password=admin | |
− | + | == Update GVM definitions == | |
− | |||
− | + | Download the GVM definitions and start GVMd, as root user. | |
+ | Be patient...it will take a while: | ||
+ | greenbone-scapdata-sync | ||
+ | greenbone-certdata-sync | ||
rc-service gvmd start | rc-service gvmd start | ||
− | |||
− | |||
− | |||
− | + | Add gvmd to start on boot: | |
+ | |||
rc-update add gvmd | rc-update add gvmd | ||
− | + | NVT definitions can be downloaded as gvm user: | |
− | + | su - gvm | |
− | + | greenbone-nvt-sync | |
− | |||
− | |||
− | |||
− | |||
− | |||
== Greenbone Security Assistant (GSAD) == | == Greenbone Security Assistant (GSAD) == | ||
Line 95: | Line 81: | ||
Happy vulnerability assestment! | Happy vulnerability assestment! | ||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
[[Category:Server]] | [[Category:Server]] | ||
[[Category:Monitoring]] | [[Category:Monitoring]] |
Revision as of 16:39, 15 May 2020
Contents
Greenbone Vulnerability Management (GVM) 11
Introduction
OpenVAS with version 11 has been renamed in Greenbone Vulnerability Management and it is available in community repository.
This How-To will guide you to install a complete server solution for vulnerability scanning and vulnerability management solution.
Install
Enable the community repository and install the required packages:
apk add openvas openvas-config gvmd gvm-libs greenbone-security-assistant ospd-openvas
Configuration
PostgreSQL
OpenVAS relies on PostgreSQL, that now is mandatory.
Start PostgreSQL and add it to default runlevel:
rc-service postgresql setup rc-service postgresql start rc-update add postgresql
Create and configure the gvm database:
su - postgres createuser -DRS gvm createdb -O gvm gvmd psql gvmd create role dba with superuser noinherit; grant dba to gvm; create extension if not exists "uuid-ossp"; create extension "pgcrypto"; exit
GVMd
GVMd run as gvm user. Generate the certificate. The certificate infrastructure enables GVMd to communicate in a secure manner and is used for authentication and authorization before establishing TLS connections between the daemons. You can setup the certificate automatically with:
su - gvm gvm-manage-certs -a
Create credentials used to interact with gvmd:
gvmd --create-user=admin --password=admin
Update GVM definitions
Download the GVM definitions and start GVMd, as root user. Be patient...it will take a while:
greenbone-scapdata-sync greenbone-certdata-sync rc-service gvmd start
Add gvmd to start on boot:
rc-update add gvmd
NVT definitions can be downloaded as gvm user:
su - gvm greenbone-nvt-sync
Greenbone Security Assistant (GSAD)
Configure Greenbone Security Assistant (GSAD) to listen to other interfaces rather than localhost only, so it is reachable from other hosts.
Modify /etc/conf.d/gsad: with:
GSAD_LISTEN="--listen=0.0.0.0"
Or, in one shot:
sed -i -e "s/127\.0\.0\.1/0\.0\.0\.0/g" /etc/conf.d/gsad
Start GSAD and add it to default runlevel:
rc-service gsad start rc-update add gsad
Open the browser at the IP address where GSAD is running, on port 9392, and login with the credentials previously created.
Happy vulnerability assestment!