Difference between revisions of "Setting up GVM10"

From Alpine Linux
Jump to: navigation, search
(Updated the page with GVM-11)
(Blanked the page)
(Tag: Blanking)
Line 1: Line 1:
= Greenbone Vulnerability Management (GVM) 11 =
 
= Introduction =
 
  
OpenVAS with version 11 has been renamed in Greenbone Vulnerability Management and it is available in community repository.
 
 
This How-To will guide you to install a complete server solution for vulnerability scanning and vulnerability management solution.
 
 
= Install =
 
[[Enable_Community_Repository|Enable the community repository]] and install the required packages:
 
 
{{Cmd|apk add openvas openvas-config gvmd gvm-libs greenbone-security-assistant ospd-openvas}}
 
 
= Configuration =
 
 
== PostgreSQL  ==
 
 
OpenVAS relies on PostgreSQL, that now is mandatory.
 
 
Start PostgreSQL and add it to default runlevel:
 
rc-service postgresql setup
 
rc-service postgresql start
 
rc-update add postgresql
 
 
Create and configure the gvm database:
 
 
su - postgres
 
createuser -DRS gvm
 
createdb -O gvm gvmd
 
psql gvmd
 
create role dba with superuser noinherit;
 
grant dba to gvm;
 
create extension if not exists "uuid-ossp";
 
create extension "pgcrypto";
 
exit
 
 
== GVMd  ==
 
 
GVMd run as gvm user. Generate the certificate.
 
The certificate infrastructure enables GVMd to communicate in a secure manner and is used for authentication and authorization before establishing TLS connections between the daemons.
 
You can setup the certificate automatically with:
 
su - gvm
 
gvm-manage-certs -a
 
 
Create credentials used to interact with gvmd:
 
 
gvmd --create-user=admin --password=admin
 
 
== Update GVM definitions ==
 
 
Download the GVM definitions and start GVMd, as root user.
 
Be patient...it will take a while:
 
 
greenbone-scapdata-sync
 
greenbone-certdata-sync
 
rc-service gvmd start
 
 
Add gvmd to start on boot:
 
 
rc-update add gvmd
 
 
NVT definitions can be downloaded as gvm user:
 
 
su - gvm
 
greenbone-nvt-sync
 
 
== Greenbone Security Assistant (GSAD) ==
 
 
Configure Greenbone Security Assistant (GSAD) to listen to other interfaces rather than localhost only, so it is reachable from other hosts.
 
 
Modify '''/etc/conf.d/gsad:''' with:
 
GSAD_LISTEN="--listen=0.0.0.0"
 
 
Or, in one shot:
 
sed -i -e "s/127\.0\.0\.1/0\.0\.0\.0/g" /etc/conf.d/gsad
 
 
Start GSAD and add it to default runlevel:
 
rc-service gsad start
 
rc-update add gsad
 
 
Open the browser at the IP address where GSAD is running, on port 9392, and login with the credentials previously created.
 
 
Happy vulnerability assestment!
 
 
[[Category:Server]]
 
[[Category:Monitoring]]
 

Revision as of 16:40, 15 May 2020