GVM Installation: Unterschied zwischen den Versionen

Aus xinux.net
Zur Navigation springen Zur Suche springen
Zeile 18: Zeile 18:
 
=letsencrypt=
 
=letsencrypt=
 
*apt install certbot
 
*apt install certbot
*certbot certonly --standalone  -d <FQDN>
+
*certbot certonly --standalone  -d $(hostname)
 
==pre and post stuff==
 
==pre and post stuff==
 
*echo '#!bin/bash' >  /etc/letsencrypt/renewal-hooks/pre/stuff
 
*echo '#!bin/bash' >  /etc/letsencrypt/renewal-hooks/pre/stuff

Version vom 3. März 2021, 21:32 Uhr

Install

  • apt update
  • apt install gvm

setup

  • gvm-setup

Finish

...
md   main:  DEBUG:6750:2016-08-15 17h32.43 CEST:    sql_open: db open, max retry sleep time is 0
Rebuilding NVT cache... done.
User created with password '4dxxxx7-exx9-4xx4-axxc-6xxxx20xxx2'.

start

  • gvm-start

stop

  • gvm-stop

letsencrypt

  • apt install certbot
  • certbot certonly --standalone -d $(hostname)

pre and post stuff

  • echo '#!bin/bash' > /etc/letsencrypt/renewal-hooks/pre/stuff
  • echo 'systemctl stop greenbone-security-assistant.service' >> /etc/letsencrypt/renewal-hooks/pre/stuff
  • chmod +x /etc/letsencrypt/renewal-hooks/pre/stuff
  • echo '#!bin/bash' > /etc/letsencrypt/renewal-hooks/post/stuff
  • echo 'systemctl start greenbone-security-assistant.service' >> /etc/letsencrypt/renewal-hooks/post/stuff
  • chmod +x /etc/letsencrypt/renewal-hooks/post/stuff

change gsad settings

  • /etc/systemd/system/greenbone-security-assistant.service
[Unit]
Description=Greenbone Security Assistant (gsad)
Documentation=man:gsad(8) https://www.greenbone.net
After=network.target
After=gvmd.service

[Service]
Type=forking
#User=_gvm
#Group=_gvm
User=root
Group=root
ExecStart=/usr/sbin/gsad --mlisten=127.0.0.1 --mport=9390  --no-redirect  --listen=0.0.0.0 --port=443 --ssl-private-key=/etc/letsencrypt/live/scanner.tuxmen.de/privkey.pem --ssl-certificate=/etc/letsencrypt/live/scanner.tuxmen.de/cert.pem
Restart=always
TimeoutStopSec=10

[Install]
WantedBy=multi-user.target
Alias=gsad.service

change gvmd settings

[Unit]
Description=Open Vulnerability Assessment System Manager Daemon
Documentation=man:gvmd(8) https://www.greenbone.net
Wants=postgresql.service ospd-openvas.service
After=postgresql.service ospd-openvas.service

[Service]
Type=forking
PIDFile=/run/gvm/gvmd.pid
User=_gvm
Group=_gvm
RuntimeDirectory=gvm
RuntimeDirectoryMode=2775
ExecStart=/usr/sbin/gvmd -a 0.0.0.0 -p 9390
ExecReload=/bin/kill -HUP $MAINPID
# Kill the main process with SIGTERM and after TimeoutStopSec (defaults to
# 1m30) kill remaining processes with SIGKILL
KillMode=mixed

[Install]
WantedBy=multi-user.target

dameon reload

  • systemctl daemon-reload
  • gvm-stop
  • gvm-start
  • gvm-check-setup --server

Check Listing

  • netstat -lntp | egrep "gsad|gvmd"
tcp        0      0 0.0.0.0:9390            0.0.0.0:*               LISTEN      7035/gvmd: Waiting  
tcp        0      0 0.0.0.0:443             0.0.0.0:*               LISTEN      7202/gsad

Login

  • URL: https://<FQDN>
  • USR: admin
  • PWD: 4dxxxx7-exx9-4xx4-axxc-6xxxx20xxx2

Updates

  • /etc/cron.d/greenbone
SHELL=/bin/sh
PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin
0  0 * * * _gvm greenbone-nvt-sync
15 0 * * * _gvm greenbone-certdata-sync
30 0 * * * _gvm greenbone-scapdata-sync
Abgerufen von „https://xinux.net/index.php?title=GVM_Installation&oldid=22845