Difference between revisions of "Setting up GVM11"

From Alpine Linux
Jump to: navigation, search
(Update GSAD binding settings)
(Add missing setup steps)
Line 45: Line 45:
  
 
  gvmd --create-user=admin --password=admin
 
  gvmd --create-user=admin --password=admin
 +
 +
Certain resources that were previously part of the gvmd source code are now shipped via the feed. An example is the config "Full and Fast".
 +
 +
gvmd will only create these resources if a "Feed Import Owner" is configured:
 +
 +
gvmd --modify-setting 78eceaec-3385-11ea-b237-28d24461215b --value <uuid_of_user>
 +
 +
The UUIDs of all created users can be found using
 +
 +
gvmd --get-users --verbose
  
 
== Update GVM definitions ==
 
== Update GVM definitions ==
Line 51: Line 61:
 
Be patient...it will take a while:  
 
Be patient...it will take a while:  
  
greenbone-scapdata-sync
+
  greenbone-feed-sync --type GVMD_DATA
greenbone-certdata-sync
+
  greenbone-feed-sync --type SCAP
 +
  greenbone-feed-sync --type CERT
 +
 
 +
This three feeds needs to be scheduled via cron.
 +
 
 
  rc-service gvmd start
 
  rc-service gvmd start
  

Revision as of 14:35, 7 December 2020

Greenbone Vulnerability Management (GVM) 11

Introduction

OpenVAS with version 11 has been renamed in Greenbone Vulnerability Management and it is available in community repository.

This How-To will guide you to install a complete server solution for vulnerability scanning and vulnerability management solution.

Install

Enable the community repository and install the required packages:

apk add openvas openvas-config gvmd gvm-libs greenbone-security-assistant ospd-openvas

Configuration

PostgreSQL

OpenVAS relies on PostgreSQL, that now is mandatory.

Start PostgreSQL and add it to default runlevel:

rc-service postgresql setup
rc-service postgresql start
rc-update add postgresql

Create and configure the gvm database:

su - postgres
createuser -DRS gvm
createdb -O gvm gvmd
psql gvmd
create role dba with superuser noinherit;
grant dba to gvm;
create extension if not exists "uuid-ossp";
create extension "pgcrypto";
exit

GVMd

GVMd run as gvm user. Generate the certificate. The certificate infrastructure enables GVMd to communicate in a secure manner and is used for authentication and authorization before establishing TLS connections between the daemons. You can setup the certificate automatically with:

su - gvm
gvm-manage-certs -a

Create credentials used to interact with gvmd:

gvmd --create-user=admin --password=admin

Certain resources that were previously part of the gvmd source code are now shipped via the feed. An example is the config "Full and Fast".

gvmd will only create these resources if a "Feed Import Owner" is configured:

gvmd --modify-setting 78eceaec-3385-11ea-b237-28d24461215b --value <uuid_of_user>

The UUIDs of all created users can be found using

gvmd --get-users --verbose

Update GVM definitions

Download the GVM definitions and start GVMd, as root user. Be patient...it will take a while:

 greenbone-feed-sync --type GVMD_DATA
 greenbone-feed-sync --type SCAP
 greenbone-feed-sync --type CERT

This three feeds needs to be scheduled via cron.

rc-service gvmd start

Add gvmd to start on boot:

rc-update add gvmd

NVT definitions can be downloaded as gvm user:

su - gvm
greenbone-nvt-sync

Greenbone Security Assistant (GSAD)

Configure Greenbone Security Assistant (GSAD) to listen to other interfaces rather than localhost only, so it is reachable from other hosts.

Create /etc/conf.d/gsad: with:

echo 'GSAD_LISTEN_ADDRESS="0.0.0.0"' > /etc/conf.d/gsad

Start GSAD and add it to default runlevel:

rc-service gsad start
rc-update add gsad

Open the browser at the IP address where GSAD is running, on http port 9392, and login with the credentials previously created.

Happy vulnerability assestment!