參考文章:https://community.greenbone.net/t/full-gvm-11-build-guide-for-centos-8/5425
原文有各別不對地方,但根據原文,安裝成功,並能正確進行漏洞掃描。非常感謝原文作者辛苦付出。這裏做一下安裝記錄,不對的地方請指出。
安裝的操作系統:CentOS Linux release 8.1.1911 (Core) ,CPU: 4核,內存 4G,
1,python 3 環境安裝設置
使用root登錄
默認python3已安裝
[root@localhost ~]# yum install python3
設置默認python命令,選擇2。
[root@localhost ~]# alternatives --config python
共有 2 個提供“python”的程序。
選項 命令
-----------------------------------------------
* 1 /usr/libexec/no-python
+ 2 /usr/bin/python3
按 Enter 保留當前選項[+],或者鍵入選項編號:2
2,安裝EPEL Repository yum 源
[root@localhost ~]# yum install epel-release
3,啓用 Centos-Powertools repository 源
[root@localhost ~]# yum config-manager --set-enabled PowerTools
4,安裝開發工具包 (includes gcc and a whole bunch of stuff for compiling and building things)
[root@localhost ~]# yum groupinstall -y "development tools"
5,安裝必需的開發包,cmake redis (most come from Centos-Base, a few come from EPEL and Centos-PowerTools)
[root@localhost ~]# yum install -y cmake glib2-devel zlib-devel gnutls-devel libuuid-devel libssh-devel libxml2-devel libgcrypt-devel openldap-devel popt-devel redis libical-devel openssl-devel hiredis-devel radcli-devel gpgme-devel libksba-devel doxygen libpcap-devel nodejs python3-polib libmicrohttpd-devel gnutls-utils python3-devel libpq-devel texinfo xmltoman nmap sshpass socat mingw32-gcc ncurses-devel
6,安裝postgres數據庫
[root@localhost ~]# yum install -y postgresql-server postgresql-contrib postgresql-server-devel
[root@localhost ~]# /usr/bin/postgresql-setup --initdb
* Initializing database in '/var/lib/pgsql/data'
* Initialized, logs are in /var/lib/pgsql/initdb_postgresql.log
7,配置postgres 數據庫(not secure, on to-do list is to configure this with a password…
[root@localhost ~]# sudo -Hiu postgres
[postgres@localhost ~]$ createuser gvm
[postgres@localhost ~]$ createdb -O gvm gvmd
[postgres@localhost ~]$ psql gvmd
psql (10.6)
輸入 "help" 來獲取幫助信息.
gvmd=# create role dba with superuser noinherit;
CREATE ROLE
gvmd=# grant dba to gvm;
GRANT ROLE
gvmd=# create extension "uuid-ossp";
gvmd=# create extension "pgcrypto";
CREATE EXTENSION
gvmd=# \q
[postgres@localhost ~]$
8,增加gvm動態運行庫配置文件
[root@localhost ~]# echo /opt/gvm/lib > /etc/ld.so.conf.d/gvm.conf
[root@localhost ~]# cat /etc/ld.so.conf.d/gvm.conf
/opt/gvm/lib
[root@localhost ~]# ldconfig
9,增加一個無特權gvm用戶和創建程序運行目錄
[root@localhost ~]# useradd -r -d /opt/gvm -c "GVM(OpenVas)User" -s /bin/bash gvm
[root@localhost ~]# mkdir /opt/gvm
[root@localhost ~]# mkdir /opt/gvm/src
[root@localhost ~]# chown -R gvm:gvm /opt/gvm
10,增加gvm命令環境變量。在/etc/profile最後增加
#add gvm path PATH to /etc/profile
export PATH=$PATH:/opt/gvm/bin
export PATH=$PATH:/opt/gvm/sbin
12,下載源碼包(GVM-11 stable as of 5/20/2020)
切換到gvm用戶
[root@localhost ~]# su - gvm
-bash: /opt/gvm/bin: 沒有那個文件或目錄
-bash: /opt/gvm/sbin: 沒有那個文件或目錄
wget -O gvm-libs-11.0.1.tar.gz https://github.com/greenbone/gvm-libs/archive/v11.0.1.tar.gz
wget -O openvas-7.0.1.tar.gz https://github.com/greenbone/openvas/archive/v7.0.1.tar.gz
wget -O ospd-2.0.1.tar.gz https://github.com/greenbone/ospd/archive/v2.0.1.tar.gz 2
wget -O ospd-openvas-1.0.1.tar.gz https://github.com/greenbone/ospd-openvas/archive/v1.0.1.tar.gz
wget -O gvmd-9.0.1.tar.gz https://github.com/greenbone/gvmd/archive/v9.0.1.tar.gz
wget -O gsa-9.0.1.tar.gz https://github.com/greenbone/gsa/archive/v9.0.1.tar.gz
wget -O openvas-smb-1.0.5.tar.gz https://github.com/greenbone/openvas-smb/archive/v1.0.5.tar.gz
13,解壓源文件
[gvm@localhost src]$ find *.gz -exec tar xvfz {} \;
14 構建gvm-libs包
gvm登錄
export PKG_CONFIG_PATH=/opt/gvm/lib/pkgconfig
cd gvm-libs-11.0.1/
mkdir build
cd build
cmake .. -DCMAKE_INSTALL_PREFIX=/opt/gvm
make
make doc
make install
15,安裝Heimdal。openvas-smb安裝需要
root用戶登錄
cd /usr/local/src/
wget https://github.com/heimdal/heimdal/releases/download/heimdal-7.7.0/heimdal-7.7.0.tar.gz
tar xvfz heimdal-7.7.0.tar.gz
cd heimdal-7.7.0
./configure --enable-otp=no --prefix=/opt/heimdal
make
make install
openvas-smb code 希望使用(includedir)/heimdal/…
通過創建軟鏈接實現
[root@localhost heimdal-7.7.0]# ln -s /opt/heimdal/include /opt/heimdal/include/heimdal
16,增加heimdal 庫到系統中
[root@localhost src]# echo /opt/heimdal/lib > /etc/ld.so.conf.d/heimdal.conf
[root@localhost src]# ldconfig
17,openvas-smb((Note: PKG_CONFIG_PATH now adds where the heimdal goodies are too))
cd src/
export PKG_CONFIG_PATH=/opt/gvm/lib/pkgconfig:/opt/heimdal/lib/pkgconfig
cd openvas-smb-1.0.5/
mkdir build
cd build
cmake .. -DCMAKE_INSTALL_PREFIX=/opt/gvm
make
make install
18,scanner
修改CMakeList.txt文件,否則編輯時會出現以下錯誤。
錯誤:‘pcap_lookupdev’ is deprecated: use 'pcap_findalldevs' and use the first device [-Werror=deprecated-declarations]
修改內容
註釋216行,增加一行
set (CMAKE_C_FLAGS_DEBUG "${CMAKE_C_FLAGS_DEBUG} -Werror -Wno-error=deprecated-declarations")
vim CMakeLists.txt
cd build
cmake .. -DCMAKE_INSTALL_PREFIX=/opt/gvm
make
make doc
make install
19,配置redis
使用root登錄
cp /etc/redis.conf /etc/redis.conf.orig
cp /opt/gvm/src/openvas-7.0.1/config/redis-openvas.conf /etc/redis.conf
vim /etc/redis.conf
unixsocket /tmp/redis.sock
unixsocketperm 770
20 配置openvas 使用redis
gvm用戶
echo db_address = /tmp/redis.sock > /opt/gvm/etc/openvas/openvas.conf
root用戶
systemctl enable redis
systemctl start redis
21 gvm添加到redis組(需要重啓redis)
[root@localhost src]# usermod -aG redis gvm
[root@localhost src]# systemctl restart redis
22,賦予gvm以root權限運行openvas,gsad。
增加以下三行
Defaults secure_path="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/snap/bin:/opt/gvm/sbin"
#Allow the user running ospd-openvas, to launch openvas with root permissions
gvm ALL = NOPASSWD: /opt/gvm/sbin/openvas
gvm ALL = NOPASSWD: /opt/gvm/sbin/gsad
23,修改一些系統設置
[root@localhost src]# echo net.core.somaxconn = 1024 >> /etc/sysctl.conf
[root@localhost src]# echo vm.overcommit_memory = 1 >> /etc/sysctl.conf
[root@localhost src]# sysctl -p
net.core.somaxconn = 1024
vm.overcommit_memory = 1
[root@localhost src]# ldconfig
24 Synchronize nvt data
[gvm@localhost ~]$ greenbone-nvt-sync
[gvm@localhost ~]$ find /opt/gvm/var/lib/openvas/plugins | wc -l
61300
25 Update the vt info
[gvm@localhost bin]$ openvas --update-vt-info
26 ,gvmd
使用root登錄
ln -s /usr/include /usr/include/postgresql
(code wants “postgresql/libpq-fe.h”)
修改 CMakeLists.txt
增加-lpq參數
使用gvm用戶
cd src/
ln -s /usr/include/ /usr/include/postgresql
cd gvmd-9.0.1/
vim CMakeLists.txt
export PKG_CONFIG_PATH=/opt/gvm/lib/pkgconfig
mkdir build
cd build
cmake .. -DCMAKE_INSTALL_PREFIX=/opt/gvm/ -DPostgreSQL_TYPE_INCLUDE_DIR=/usr/include/pgsql/server -DPostgreSQL_INCLUDE_DIR=/usr/include/pgsql/server -DPostgreSQL_LIBRARY=/usr/lib64/pgsql
make
make doc
make install
27, Install yarn, a prerequisite for building gsa
root用戶登錄
[root@localhost opt]# npm install -g yarn
gvm用戶
cd gsa-9.0.1/
export PKG_CONFIG_PATH=/opt/gvm/lib/pkgconfig
mkdir build
cd build
cmake .. -DCMAKE_INSTALL_PREFIX=/opt/gvm
make
make doc
make install
greenbone-scapdata-sync
greenbone-certdata-sync
gvm-manage-certs -a
創建python包安裝目錄
28,OSPd and OSPd-OpenVAS
export PYTHONPATH=/opt/gvm/lib/python3.6/site-packages
export PKG_CONFIG_PATH=/opt/gvm/lib/pkgconfig
cd ospd-2.0.1/
python3 setup.py install --prefix=/opt/gvm
cd ..
export PYTHONPATH=/opt/gvm/lib/python3.6/site-packages
export PKG_CONFIG_PATH=/opt/gvm/lib/pkgconfig
cd ospd-openvas-1.0.1
python3 setup.py install --prefix=/opt/gvm
29,add install scripts
ospd.service
cat << EOF > /etc/systemd/system/ospd.service
[Unit]
Description=Job that runs the ospd-openvas daemon
Documentation=man:gvm
After=postgresql.service
[Service]
Environment=PATH=/opt/gvm/bin/ospd-scanner/bin:/opt/gvm/bin:/opt/gvm/sbin:/opt/gvm/.local/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
Environment=PYTHONPATH=/opt/gvm/lib/python3.6/site-packages
Type=simple
User=gvm
Group=gvm
WorkingDirectory=/opt/gvm
PIDFile=/opt/gvm/var/run/ospd-openvas.pid
ExecStart=/usr/bin/python3 /opt/gvm/bin/ospd-openvas --pid-file /opt/gvm/var/run/ospd-openvas.pid --unix-socket /opt/gvm/var/run/ospd.sock --log-file /opt/gvm/var/log/gvm/ospd-openvas.log --lock-file-dir /opt/gvm/var/run
[Install]
WantedBy=multi-user.target
EOF
gvmd.service
cat << EOF > /etc/systemd/system/gvmd.service
[Unit]
Description=Job that runs the gvm daemon
Documentation=man:gvm
After=ospd.service
[Service]
Type=forking
User=gvm
Group=gvm
PIDFile=/opt/gvm/var/run/gvmd.pid
WorkingDirectory=/opt/gvm
ExecStartPre=/bin/sleep 60
ExecStart=/opt/gvm/sbin/gvmd --osp-vt-update=/opt/gvm/var/run/ospd.sock
[Install]
WantedBy=multi-user.target
EOF
cat << EOF > /etc/systemd/system/gsad.service
[Unit]
Description=Job that runs the gsa daemon
Documentation=man:gsa
After=postgresql.service
[Service]
Type=forking
PIDFile=/opt/gvm/var/run/gsad.pid
WorkingDirectory=/opt/gvm
ExecStart=/opt/gvm/sbin/gsad --listen=0.0.0.0
[Install]
WantedBy=multi-user.target
EOF
30 生成pdf報告
root用戶
install texlive-collection-fontsrecommended texlive-collection-latexrecommended texlive-changepage texlive-titlesec
mkdir -p /usr/share/texlive/texmf-local/tex/latex/comment
cd /usr/share/texlive/texmf-local/tex/latex/comment
wget http://mirrors.ctan.org/macros/latex/contrib/comment/comment.sty
chmod 644 comment.sty
texhash
history
31,開機自啓
AS ROOT:
systemctl daemon-reload
systemctl enable ospd
systemctl enable gvmd
systemctl enable gsad
32,運行服務
AS ROOT:
systemctl start ospd
systemctl start gvmd
systemctl start gsad
日誌文件路徑 /opt/gvm/var/log/gvm.
33 ,修改默認掃描器
gvmd --get-scanners
08b69003-5fc2-4037-a479-93b440211c73 OpenVAS /tmp/ospd.sock 0 OpenVAS Default
6acd0832-df90-11e4-b9d5-28d24461215b CVE 0 CVE
gvmd --modify-scanner=08b69003-5fc2-4037-a479-93b440211c73 --scanner-host=/opt/gvm/var/run/ospd.sock
Scanner modified.
gvmd --verify-scanner=08b69003-5fc2-4037-a479-93b440211c73
Scanner version: OpenVAS 7.0.1.
43,創建一個web用戶
AS GVM:
gvmd --create-user admin
gvmd --user=admin --new-password=123456
默認使用80端口
http://ip。
一定要關閉selinux 和防火牆。