Difference between revisions of "Setting up GVM10"

From Alpine Linux
Jump to: navigation, search
(Updated the page with GVM-11)
(Blanked the page)
(Tag: Blanking)
Line 1: Line 1:
= Greenbone Vulnerability Management (GVM) 11 =
= Introduction =
OpenVAS with version 11 has been renamed in Greenbone Vulnerability Management and it is available in community repository.
This How-To will guide you to install a complete server solution for vulnerability scanning and vulnerability management solution.
= Install =
[[Enable_Community_Repository|Enable the community repository]] and install the required packages:
{{Cmd|apk add openvas openvas-config gvmd gvm-libs greenbone-security-assistant ospd-openvas}}
= Configuration =
== PostgreSQL  ==
OpenVAS relies on PostgreSQL, that now is mandatory.
Start PostgreSQL and add it to default runlevel:
rc-service postgresql setup
rc-service postgresql start
rc-update add postgresql
Create and configure the gvm database:
su - postgres
createuser -DRS gvm
createdb -O gvm gvmd
psql gvmd
create role dba with superuser noinherit;
grant dba to gvm;
create extension if not exists "uuid-ossp";
create extension "pgcrypto";
== GVMd  ==
GVMd run as gvm user. Generate the certificate.
The certificate infrastructure enables GVMd to communicate in a secure manner and is used for authentication and authorization before establishing TLS connections between the daemons.
You can setup the certificate automatically with:
su - gvm
gvm-manage-certs -a
Create credentials used to interact with gvmd:
gvmd --create-user=admin --password=admin
== Update GVM definitions ==
Download the GVM definitions and start GVMd, as root user.
Be patient...it will take a while:
rc-service gvmd start
Add gvmd to start on boot:
rc-update add gvmd
NVT definitions can be downloaded as gvm user:
su - gvm
== Greenbone Security Assistant (GSAD) ==
Configure Greenbone Security Assistant (GSAD) to listen to other interfaces rather than localhost only, so it is reachable from other hosts.
Modify '''/etc/conf.d/gsad:''' with:
Or, in one shot:
sed -i -e "s/127\.0\.0\.1/0\.0\.0\.0/g" /etc/conf.d/gsad
Start GSAD and add it to default runlevel:
rc-service gsad start
rc-update add gsad
Open the browser at the IP address where GSAD is running, on port 9392, and login with the credentials previously created.
Happy vulnerability assestment!

Revision as of 16:40, 15 May 2020