GVM Installation: Unterschied zwischen den Versionen

Aus xinux.net
Zur Navigation springen Zur Suche springen
 
(14 dazwischenliegende Versionen desselben Benutzers werden nicht angezeigt)
Zeile 1: Zeile 1:
 
=Install=
 
=Install=
*apt update  
+
*apt update ; apt install -y gvm
*apt install gvm  
 
  
 
=setup=
 
=setup=
Zeile 16: Zeile 15:
 
=stop=
 
=stop=
 
*gvm-stop
 
*gvm-stop
=letsencrypt=
+
;ADD ONS
*apt install certbot
 
*certbot certonly --standalone  -d <FQDN>
 
==pre and post stuff==
 
*echo '#!bin/bash' >  /etc/letsencrypt/renewal-hooks/pre/stuff
 
*echo  'systemctl stop greenbone-security-assistant.service' >>  /etc/letsencrypt/renewal-hooks/pre/stuff
 
*chmod +x  /etc/letsencrypt/renewal-hooks/pre/stuff
 
*echo '#!bin/bash' >  /etc/letsencrypt/renewal-hooks/post/stuff
 
*echo  'systemctl start greenbone-security-assistant.service' >>  /etc/letsencrypt/renewal-hooks/post/stuff
 
*chmod +x  /etc/letsencrypt/renewal-hooks/post/stuff
 
 
 
=change gsad settings=
 
*/etc/systemd/system/greenbone-security-assistant.service
 
<pre>
 
[Unit]
 
Description=Greenbone Security Assistant (gsad)
 
Documentation=man:gsad(8) https://www.greenbone.net
 
After=network.target
 
Wants=gvmd.service
 
 
 
[Service]
 
Type=forking
 
#User=_gvm
 
#Group=_gvm
 
User=root
 
Group=root
 
ExecStart=/usr/sbin/gsad --mlisten=127.0.0.1 --mport=9390  --no-redirect  --listen=0.0.0.0 --port=443 --ssl-private-key=/etc/letsencrypt/live/scanner.tuxmen.de/privkey.pem --ssl-certificate=/etc/letsencrypt/live/scanner.tuxmen.de/cert.pem
 
Restart=always
 
TimeoutStopSec=10
 
 
 
[Install]
 
WantedBy=multi-user.target
 
Alias=gsad.service
 
</pre>
 
 
 
=change gvmd settings=
 
<pre>
 
[Unit]
 
Description=Open Vulnerability Assessment System Manager Daemon
 
Documentation=man:gvmd(8) https://www.greenbone.net
 
Wants=postgresql.service ospd-openvas.service
 
After=postgresql.service ospd-openvas.service
 
 
 
[Service]
 
Type=forking
 
PIDFile=/run/gvm/gvmd.pid
 
User=_gvm
 
Group=_gvm
 
RuntimeDirectory=gvm
 
RuntimeDirectoryMode=2775
 
ExecStart=/usr/sbin/gvmd -a 0.0.0.0 -p 9390
 
ExecReload=/bin/kill -HUP $MAINPID
 
# Kill the main process with SIGTERM and after TimeoutStopSec (defaults to
 
# 1m30) kill remaining processes with SIGKILL
 
KillMode=mixed
 
 
 
[Install]
 
WantedBy=multi-user.target
 
 
 
</pre>
 
  
 
=dameon reload=
 
=dameon reload=
Zeile 82: Zeile 22:
 
*gvm-start
 
*gvm-start
 
*gvm-check-setup --server
 
*gvm-check-setup --server
 
=Check Listing=
 
*netstat -lntp | egrep "gsad|gvmd"
 
tcp        0      0 0.0.0.0:9390            0.0.0.0:*              LISTEN      7035/gvmd: Waiting 
 
tcp        0      0 0.0.0.0:443            0.0.0.0:*              LISTEN      7202/gsad
 
  
 
=Login=
 
=Login=
Zeile 92: Zeile 27:
 
*USR: admin
 
*USR: admin
 
*PWD: 4dxxxx7-exx9-4xx4-axxc-6xxxx20xxx2
 
*PWD: 4dxxxx7-exx9-4xx4-axxc-6xxxx20xxx2
 +
=Passwort ändern=
 +
*su - _gvm -s /bin/bash
 +
*gvmd --user=admin --new-password=123Start$
 +
 +
=Dafür sorgen das gsad von überall erreichbar ist=
 +
*sed -e "s/127.0.0.1/0.0.0.0/" /usr/lib/systemd/system/gsad.service > /etc/systemd/system/gsad.service
 +
 +
=Units enablen=
 +
*systemctl enable gvmd.service --now
 +
*systemctl enable ospd-openvas.service --now
 +
*systemctl enable gsad.service --now
 +
 
=Updates=
 
=Updates=
 +
==Cron==
 
*/etc/cron.d/greenbone  
 
*/etc/cron.d/greenbone  
 
<pre>
 
<pre>
Zeile 101: Zeile 49:
 
30 0 * * * _gvm greenbone-scapdata-sync
 
30 0 * * * _gvm greenbone-scapdata-sync
 
</pre>
 
</pre>
 +
==Manuell==
 +
*su -s /bin/bash _gvm
 +
*greenbone-nvt-sync ; greenbone-certdata-sync ; greenbone-scapdata-sync

Aktuelle Version vom 4. September 2023, 04:58 Uhr

Install

  • apt update ; apt install -y gvm

setup

  • gvm-setup

Finish

...
md   main:  DEBUG:6750:2016-08-15 17h32.43 CEST:    sql_open: db open, max retry sleep time is 0
Rebuilding NVT cache... done.
User created with password '4dxxxx7-exx9-4xx4-axxc-6xxxx20xxx2'.

start

  • gvm-start

stop

  • gvm-stop
ADD ONS

dameon reload

  • systemctl daemon-reload
  • gvm-stop
  • gvm-start
  • gvm-check-setup --server

Login

  • URL: https://<FQDN>
  • USR: admin
  • PWD: 4dxxxx7-exx9-4xx4-axxc-6xxxx20xxx2

Passwort ändern

  • su - _gvm -s /bin/bash
  • gvmd --user=admin --new-password=123Start$

Dafür sorgen das gsad von überall erreichbar ist

  • sed -e "s/127.0.0.1/0.0.0.0/" /usr/lib/systemd/system/gsad.service > /etc/systemd/system/gsad.service

Units enablen

  • systemctl enable gvmd.service --now
  • systemctl enable ospd-openvas.service --now
  • systemctl enable gsad.service --now

Updates

Cron

  • /etc/cron.d/greenbone
SHELL=/bin/sh
PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin
0  0 * * * _gvm greenbone-nvt-sync
15 0 * * * _gvm greenbone-certdata-sync
30 0 * * * _gvm greenbone-scapdata-sync

Manuell

  • su -s /bin/bash _gvm
  • greenbone-nvt-sync ; greenbone-certdata-sync ; greenbone-scapdata-sync
Abgerufen von „https://xinux.net/index.php?title=GVM_Installation&oldid=49074