Download OpenVAS

Build;cmake .. -DCMAKE_INSTALL_PREFIX=/opt/gvmNext, compile and install GVM librariesmake && sudo make installBuild and Install OpenVAS scanner and OpenVAS SMBOpen Vulnerability Assessment Scanner (OpenVAS) is a full-featured scan engine that executes a continuously updated and extended feed of Network Vulnerability Tests (NVTs).OpenVAS SMB provides modules for the OpenVAS Scanner to interface with Microsoft Windows Systems through the Windows Management Instrumentation API and a winexe binary to execute processes remotely on that system.Build and install openvas-smb;cd ../../openvas-smb/mkdir build && cd buildcmake .. -DCMAKE_INSTALL_PREFIX=/opt/gvmmake && sudo make installBuild and install OpenVAS scanner;cd ../../openvassed -i.bak 's/-Werror/-Wno-error/' misc/CMakeLists.txtmkdir build && cd buildcmake .. -DCMAKE_INSTALL_PREFIX=/opt/gvmmakesudo make installIf you get the error below while running the make command;CMake Error at /opt/gvm/gvm-source/openvas/cmake/GetGit.cmake:33 (string): string sub-command REPLACE requires at least four arguments.Call Stack (most recent call first): /opt/gvm/gvm-source/openvas/cmake/GetGit.cmake:39 (Git_GET_REVISION)The exit as gvm user and run the command below as privileged user;sudo git config --global --add safe.directory /opt/gvm/gvm-source/openvasThen rerun the compilation and installation command.Configuring OpenVAS ScannerThe host scan information is stored temporarily on Redis server. The default configuration of Redis server is /etc/redis/redis.conf.Switch back to privileged user and proceed.exitTo begin run the command below to create the cache to the installed shared libraries;ldconfigNext, copy OpenVAS scanner Redis configuration file, redis-openvas.conf, to the same Redis config directory;cp /opt/gvm/gvm-source/openvas/config/redis-openvas.conf /etc/redis/Update the ownership of the configuration.chown redis:redis /etc/redis/redis-openvas.confUpdate the path to Redis unix socket on the /etc/openvas/openvas.conf using the db_address parameter as follows;echo "db_address = /run/redis-openvas/redis.sock" > /etc/openvas/openvas.confNote, the Unix socket path is defined on /etc/redis/redis-openvas.conf file.chown gvm:gvm /etc/openvas/openvas.confAdd gvm user to redis group;usermod -aG redis gvmYou can also optimize Redis server itself improve the performance by making the following adjustments;Increase the value of somaxconn in order to avoid slow clients connections issues.echo "net.core.somaxconn = 1024" >> /etc/sysctl.confRedis background save may fail under low memory condition. To avoid this, enable memory overcommit (man 5 proc).echo 'vm.overcommit_memory = 1' >> /etc/sysctl.confReload sysctl variables created above.sysctl -pTo avoid creation of latencies and memory usage issues with Redis, disable Linux Kernel’s support for Transparent Huge Pages (THP). To easily work around this, create a systemd service unit for this purpose.cat > /etc/systemd/system/disable_thp.service /sys/kernel/mm/transparent_hugepage/enabled && echo 'never'

> /sys/kernel/mm/transparent_hugepage/defrag"[Install]WantedBy=multi-user.targetEOLReload systemd configurations;systemctl daemon-reloadStart and enable this service to run on system boot.systemctl enable --now disable_thpRestart OpenVAS Redis serversystemctl enable --now redis-server@openvasA number of Network Vulnerability Tests (NVTs) require root privileges to perform certain operations. Since openvas is launched from an ospd-openvas process, via sudo, add the line below to sudoers file to ensure that the gvm user used in this demo can run the openvas with elevated rights using passwordless sudo.echo "gvm ALL = NOPASSWD: /opt/gvm/sbin/openvas" >> /etc/sudoers.d/gvmAlso, enable gvm user to run GSA web application daemon, gsad, with passwordless sudo.Also, update the secure_path to include the GVM /sbin paths, /opt/gvm/sbin.sed -i '/secure_path="/s|"$|:/opt/gvm/sbin"|' /etc/sudoersUpdate NVTsUpdate Network Vulnerability Tests feed from Greenbone Security Feed/Community Feed using the greenbone-nvt-sync command.The greenbone-nvt-sync command must not be executed as privileged user root, hence switch back to GVM user we created above and update the NVTs.Ensure the GVM user can write to /var/lib/openvas/.chown -R gvm: /var/lib/openvas/Next, update the NVTs as openvas user;sudo -Hiu gvm greenbone-nvt-syncOnce the update is done, you need to update Redis server with the same VT info from VT files;sudo openvas --update-vt-infoBuild and Install Greenbone Vulnerability ManagerThe Greenbone Vulnerability Manager is the central management service between security scanners and the user clients.To build and install GVM;su - gvmcd gvm-source/gvmdexport PKG_CONFIG_PATH=/opt/gvm/lib/pkgconfig:$PKG_CONFIG_PATHsed -i.bak 's/-Werror/-Wno-error/' CMakeLists.txtmkdir build && cd buildcmake .. -DCMAKE_INSTALL_PREFIX=/opt/gvmmakesudo make installSimilarly, if you get the error;-- Found Git: /usr/bin/git (found version "2.25.1") fatal: unsafe repository ('/opt/gvm/gvm-source/gvmd' is owned by someone else)To add an exception for this directory, call:Exit as GVM user and run the command below as privileged user;sudo git config --global --add safe.directory /opt/gvm/gvm-source/gvmdSwitch back to GVM user and rerun the installation.Build and Install Greenbone Security AssistantThe Greenbone Security Assistant is the web interface developed for the Greenbone Security Managercd ../../gsarm -rf buildyarnyarn buildAll content of the production build can be shipped with every web server. For providing GSA via gsad web server, the files need to be copied into the /usr/local/share/gvm/gsad/web/.Build and Install Greenbone Security Assistant HTTP serverThe Greenbone Security Assistant HTTP Server is the server developed for the communication with the Greenbone Security Manager appliances. It connects

/run/gvm/ospd-openvas.pid /run/gvm/ospd-openvas.sockType=simpleUser=gvmGroup=gvmRuntimeDirectory=gvmEnvironment=PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/usr/games:/usr/local/games:/opt/gvm/bin:/opt/gvm/sbin:/opt/gvm/.local/binExecStart=/opt/gvm/.local/bin/ospd-openvas \--pid-file /run/gvm/ospd-openvas.pid \--log-file /var/log/gvm/ospd-openvas.log \--lock-file-dir /run/gvm -u /run/gvm/ospd-openvas.sockRemainAfterExit=yes[Install]WantedBy=multi-user.targetEOLSet proper ownership for logs directory, /var/log/gvm and run time data directory, /run/gvm;chown -R gvm: /var/log/gvm /run/gvm/Reload systemd service unit configurations.systemctl daemon-reloadsystemctl start ospd-openvasCheck the status of the service;systemctl status ospd-openvas● ospd-openvas.service - OSPd Wrapper for the OpenVAS Scanner (ospd-openvas) Loaded: loaded (/etc/systemd/system/ospd-openvas.service; disabled; vendor preset: enabled) Active: active (exited) since Thu 2022-07-07 04:50:27 UTC; 6s ago Process: 36289 ExecStartPre=/usr/bin/rm -rf /run/gvm/ospd-openvas.pid /run/gvm/ospd-openvas.sock (code=exited, status=0/SUCCESS) Process: 36290 ExecStart=/opt/gvm/.local/bin/ospd-openvas --pid-file /run/gvm/ospd-openvas.pid --log-file /var/log/gvm/ospd-openvas.log --lock-file-dir /run/gvm -u /ru> Main PID: 36290 (code=exited, status=0/SUCCESS) Tasks: 4 (limit: 4618) Memory: 25.2M CGroup: /system.slice/ospd-openvas.service ├─36305 /usr/bin/python3 /opt/gvm/.local/bin/ospd-openvas --pid-file /run/gvm/ospd-openvas.pid --log-file /var/log/gvm/ospd-openvas.log --lock-file-dir /run/g> └─36307 /usr/bin/python3 /opt/gvm/.local/bin/ospd-openvas --pid-file /run/gvm/ospd-openvas.pid --log-file /var/log/gvm/ospd-openvas.log --lock-file-dir /run/g>Jul 07 04:50:27 ubuntu20 systemd[1]: Starting OSPd Wrapper for the OpenVAS Scanner (ospd-openvas)...Jul 07 04:50:27 ubuntu20 systemd[1]: Started OSPd Wrapper for the OpenVAS Scanner (ospd-openvas).Enable OpenVAS scanner to run on system boot;systemctl enable ospd-openvasCheck the logs on;tail -f /var/log/gvm/ospd-openvas.logCreating Systemd Service units for GVM servicesWhen run, the installer creates GVM daemon service unit, /lib/systemd/system/gvmd.service.Let us modify this service unit file;cp /lib/systemd/system/gvmd.service{,.bak}cat > /lib/systemd/system/gvmd.service Reload system unit configs and start the services;systemctl daemon-reloadsystemctl enable --now gvmdChecking the status;systemctl status gvmd● gvmd.service - Greenbone Vulnerability Manager daemon (gvmd) Loaded: loaded (/lib/systemd/system/gvmd.service; enabled; vendor preset: enabled) Active: active (running) since Thu 2022-07-07 04:55:44 UTC; 4s ago Docs: man:gvmd(8) Process: 37170 ExecStart=/opt/gvm/sbin/gvmd --osp-vt-update=/run/gvm/ospd-openvas.sock (code=exited, status=0/SUCCESS) Main PID: 37181 (gvmd) Tasks: 1 (limit: 4618) Memory: 3.2M CGroup: /system.slice/gvmd.service └─37181 gvmd: InitializingJul 07 04:55:44 ubuntu20 systemd[1]: Starting Greenbone Vulnerability Manager daemon (gvmd)...Jul 07 04:55:44 ubuntu20 systemd[1]: Started Greenbone Vulnerability Manager daemon (gvmd).You can restart PostgreSQL as well;systemctl restart postgresqlCheck the GVMD logs. You should be able to see thattail -f /var/log/gvm/gvmd.logYou should see that the feeds are updating...md manage:WARNING:2022-07-07 04h56.34 utc:37220: sqlv: sql_exec_internal failedmd manage:WARNING:2022-07-07 04h56.36 utc:37181: sql_exec_internal: PQexec failed: FATAL: terminating connection due to administrator commandserver closed the connection unexpectedly This probably means the server terminated abnormally before or while processing the request. (7)md manage:WARNING:2022-07-07 04h56.36 utc:37181: sql_exec_internal: SQL: BEGIN;md manage:WARNING:2022-07-07 04h56.36 utc:37181: sqlv: sql_exec_internal failedmd main:MESSAGE:2022-07-07 04h56.55 utc:37302: Greenbone Vulnerability Manager version 21.4.6~dev1~git-500ef0c5-stable (GIT revision 500ef0c5-stable) (DB revision 242)md