Scribd
Upload
27 views

OpenVAS - ArchWiki

Uploaded by

Сар
Copyright
© © All Rights Reserved
Available Formats
Download as PDF, TXT or read online on Scribd
27 views

OpenVAS - ArchWiki

Uploaded by

Сар
Copyright
© © All Rights Reserved
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 7

OpenVAS

OpenVAS (https://www.openvas.org/) stands for Open Vulnerability Assessment System and is a


network security scanner with associated tools like a graphical user front-end. The core component is a server
with a set of network vulnerability tests (NVTs) to detect security problems in remote systems and
applications.

1 Pre-install

1.1 PostgreSQL
Set up PostgreSQL before you continue.

1.2 Redis
Configure Redis as prescribed by the OpenVAS redis configuration (https://github.com/greenbon
e/openvas-scanner/blob/v20.8.1/doc/redis_config.md). In summary, amend the following to your
/etc/redis/redis.conf :

port 0
unixsocket /run/redis/redis.sock
unixsocketperm 770
timeout 0
databases 128

Note: See the previous OpenVAS redis configuration document on how to calculate the databases
number.

Finally restart redis.service .

2 Installation
Install the following packages to get a full OpenVAS setup, including manager, web frontend, scanner, and
so on: openvas-scanner (https://aur.archlinux.org/packages/openvas-scanner/)AUR, ospd-
openvas (https://aur.archlinux.org/packages/ospd-openvas/)AUR, gsa (https://aur.archlinu
x.org/packages/gsa/)AUR, gvmd (https://aur.archlinux.org/packages/gvmd/)AUR. nmap (http
s://archlinux.org/packages/?name=nmap) needs to be installed for the scanner to deliver proper results
and texlive (https://archlinux.org/groups/x86_64/texlive/) is needed for PDF report feature to
work.

Warning: The packages openvas-scanner (https://aur.archlinux.org/packages/openvas-scann


er/)AUR, ospd-openvas (https://aur.archlinux.org/packages/ospd-openvas/)AUR, gsa (http
s://aur.archlinux.org/packages/gsa/)AUR, gvmd (https://aur.archlinux.org/packages/gvm
d/)AUR are currently broken. To fix them refer to [1] (https://bbs.archlinux.org/viewtopic.php?id=
283507).

3 Initial setup
Setup the PostgreSQL DB for gvm:
[postgres]$ createuser gvm
[postgres]$ createdb -O gvm gvmd

Grant this user DBA roles:

[postgres]$ psql gvmd


# create role dba with superuser noinherit;
# grant dba to gvm;
# create extension "uuid-ossp";
# \q

Make sure to have the following sysctl configurations:

# echo "net.core.somaxconn = 1024" >> /etc/sysctl.d/90-openvas.conf


# echo "vm.overcommit_memory = 1" >> /etc/sysctl.d/90-openvas.conf
# sysctl -p /etc/sysctl.d/90-openvas.conf

Before doing this check the values of somaxconn (normally this is 4096 for Arch Linux and does not need to
be adjusted:

# sysctl -a | grep somaxconn

If this is the case just skip the first echo line.

Grant the gvm user access to the redis socket:

# usermod -aG redis gvm


# echo "db_address = /run/redis/redis.sock" > /etc/openvas/openvas.conf
# chown gvm:gvm /etc/openvas/openvas.conf

Update NVTs:

# chown -R gvm:gvm /var/lib/openvas


[gvm]$ greenbone-nvt-sync && openvas --update-vt-info

Update feeds:

[gvm]$ greenbone-feed-sync --type GVMD_DATA


[gvm]$ greenbone-scapdata-sync --rsync
[gvm]$ greenbone-certdata-sync --rsync

You can enable the following timers to update these data on a frequently basis:
greenbone-nvt-sync.timer , greenbone-feed-sync.timer , greenbone-scapdata-sync.timer ,
greenbone-certdata-sync.timer .

Create certificates for the server and clients, default values were used:

[gvm]$ gvm-manage-certs -a

Add an administrator user account, be sure to copy the password:

[gvm]$ gvmd --create-user=admin --role=Admin

You can also change the password of the user later on

[gvm]$ gvmd --user=admin --new-password=<password>

4 Getting started
Start ospd-openvas.service , gvmd.service and gsad.service .

Create the Scanner:

[gvm]$ gvmd --get-scanners

Copy the id of the OpenVAS Default scanner and run:

[gvm]$ gvmd --modify-scanner=id-of-scanner --scanner-host=/run/gvm/ospd.sock


[gvm]$ gvmd --verify-scanner=id-of-scanner

Set the feed import user:

[gvm]$ gvmd --get-users --verbose

Copy the id of the admin user and run:

[gvm]$ gvmd --modify-setting 78eceaec-3385-11ea-b237-28d24461215b --value id-of-admin

Point your web browser to http://127.0.0.1 and login with your admin credentials.

Note: By default, gsad will bind to port 80. If you are already running a webserver, this will obviously
cause problems. You can modify the ports and listen addresses in the file /etc/default/gsad

5 See also
Wikipedia:OpenVAS
OpenVAS (https://www.openvas.org/) Official OpenVAS website.

Retrieved from "https://wiki.archlinux.org/index.php?title=OpenVAS&oldid=792168"


Home Packages Forums Wiki GitLab Security AUR

Download

AUR Home Packages Register Login English Go

Search Criteria
Search by Keywords Out of Date Sort by
Name, Description All Popularity
Sort order Per page
Descending 50

Go Orphans

Package Details: openvas-scanner 23.9.0-8


Git Clone URL: https://aur.archlinux.org/openvas-scanner.git (read-only, click to copy)
Package Actions
Package Base: openvas-scanner View PKGBUILD / View Changes
Download snapshot
Description: Vulnerability scanning Daemon
Search wiki
Upstream URL: https://github.com/greenbone/openvas-scanner
Licenses: GPL-2.0-only
Groups: greenbone-vulnerability-manager
Submitter: mfulz
Maintainer: TrialnError
Last Packager: TrialnError
Votes: 0
Popularity: 0.000000
First Submitted: 2021-02-16 22:17 (UTC)
Last Updated: 2024-10-12 20:51 (UTC)

Dependencies (11) Required by (3)

gvm-libsAUR gsa
json-glib (json-glib-git AUR openvas-script
)
AUR
ospd-openvas
libbsd (libbsd-git )
libgcrypt
redis (redis-testingAUR, redis-gitAUR, keydbAUR, valkey)
rsync (rsync-gitAUR, rsync-reflinkAUR, rsync-reflink-gitAUR)
cargo (rustup-gitAUR, rust-nightly-binAUR, rust-gitAUR, rust,
rustup) (make)
cmake (cmake-gitAUR) (make)
doxygen (doxygen-gitAUR) (make)
inetutils (inetutils-gitAUR, busybox-coreutilsAUR) (make)
greenbone-feed-syncAUR (optional) – scripts for
downloading updated feed informations

Sources (3)

openvas-scanner-23.9.0.tar.gz.asc
openvas-scanner-23.9.0.tar.gz
openvas-scanner.tmpfiles
Latest Comments 1 2 3 4 5 Next › Last »

TrialnError commented on 2024-10-08 19:04 (UTC)


Regarding the missing binaries:
There are more packages needed. Looking at the install script of gvmd it is clearly stated, why those aren't available anymore by
default:

OPTION (INSTALL_OLD_SYNC_SCRIPTS "Install shell based feed sync scripts" OFF)


if (INSTALL_OLD_SYNC_SCRIPTS)
message (DEPRECATION "The version of greenbone-feed-sync included in gvmd is deprec
endif (INSTALL_OLD_SYNC_SCRIPTS)

It is deprecated.

TrialnError commented on 2024-10-08 18:08 (UTC)


I'm sorry that this is still a mess.
But I'm limited in my time and I only took the software, because it was neglected for a long time and in a non working state.
Regarding the missing binaries: I noticed that too and thats the reason why the systemd unit files are temporarily removed. My
focus was mostly to get the groundwork right (how are users created, directories and such). Next on the agenda is the case of the
missing binaries. Of note though: I wouldn't consider the wiki up to date and the content should be taken with a grain of salt. My
opinion is, that the official doc should be used at the moment.
Regarding the maintenance: I will happily add co-maintainers, especially ones that want to use the software. I don't intend to
maintain this software stack in the long run. But it should be in a state where it adheres the current guidelines and don't do
questionable stuff (like the various sudo calls).
Until then I can only ask for patience and for more hands that take a stab on this.

rek2 commented on 2024-10-08 15:50 (UTC) (edited on 2024-10-08 15:51 (UTC) by rek2)
Hello thanks, everything compiled now, but there are a lot of things wrong, I am following the wiki entry and as I mention now I can
use makepkg with ignore pgp key because that fails with "paru" but I can install all the packages listed in the arch wiki... But what
makes me cry now because I have been with this on and off for more than 1-2 months there are missing binaries :( some packages
are missing to install the bin/ etc example:

locate greenbone-feed-sync
/etc/systemd/system/multi-user.target.wants/greenbone-feed-sync.timer
/home/rek2/.cache/paru/clone/gvmd/src/build/tools/greenbone-feed-sync
/home/rek2/.cache/paru/clone/gvmd/src/gvmd-23.10.0/tools/greenbone-feed-sync.in

There is only the .timer under systemd the actual tool is never installed on an of the bin/ standard PATH places, is still on tools/ but
never installed in the system etc so is all a super mess like this… I am about to give up and install nessus even do I will hate that
because I rather use always open tools can someone please fix the packages so all tools are installed, and maybe update the wiki
:(

TrialnError commented on 2024-09-22 19:09 (UTC)


Great, that this package now worked.
Regarding gsa I would suggest to post any issue on the respective package details page :) Avoids to search all over the place and
notify users unnecessary if they're subscribed to this specific package.
Nevertheless thank you for reporting. I will look into it. It did build not to long ago :D

rek2 commented on 2024-09-19 16:18 (UTC)


Hello @TrilError I did was able to compile this one now, thank you. but unfortunatelly hit another problem with "gsa" :(

✓ 2521 modules transformed.


x Build failed in 1m 36s
error during build:
[vite:terser] terser not found. Since Vite v3, terser has become an optional dependen
at loadTerserPath (file:///home/rek2/.cache/paru/clone/gsa/src/gsa-23.3.0/node_mo
at Object.renderChunk (file:///home/rek2/.cache/paru/clone/gsa/src/gsa-23.3.0/nod
at file:///home/rek2/.cache/paru/clone/gsa/src/gsa-23.3.0/node_modules/vite/node_
at process.processTicksAndRejections (node:internal/process/task_queues:105:5)
error Command failed with exit code 1.
info Visit https://yarnpkg.com/en/docs/cli/run for documentation about this command.
==> ERROR: A failure occurred in build().
Aborting...

note: I did install terser with paru -S terser but same result :(

TrialnError commented on 2024-09-18 19:13 (UTC)


-Werror is stripped from CMakeLists.txt and with that the build succeeds on FORTIFY_SOURCE=3 . Lots of warnings though.
This is already done that way in gvm-libs .

TrialnError commented on 2024-09-18 18:33 (UTC)


Good it got figured out. After the pacman 7.0 update I noticed I wasn't in sync with the current Arch settings (aka still
FORTIFY_SOURCE 2 ) and therefore had no issues :D
Following your ticket it seems the related samba package is optional. I will look into adding it to the AUR, but first I want to figure
out how to handle the FORTIFY_SOURCE situation and get the current packages up to standard.

rek2 commented on 2024-09-16 15:52 (UTC)


Hello, so I fixed the original issue, had another one that I pasted on the same thread on the GitHub issues section, and they say we
are missing a OpenVAS-smb package context: https://github.com/greenbone/openvas-scanner/issues/1710#issuecomment-
2352558597

TrialnError commented on 2024-09-06 18:22 (UTC)


Hello rek2,
really odd. Do you have a customized makepkg.conf ? Or does paru have a similar replacement?
What happens if you try to build the package with makepkg ?
Regarding gsa vs greenbone-security-assistant : I'm fairly new to maintaining these PKGBUILDs. And on the ToDo is still to
figure out what was tried to achieve and what should happen. I assume the latter will go, as it is in theory duplicating efforts. On the
other hand it only used to build a sub part of the whole.
But I would suggest to stick with gsa .

rek2 commented on 2024-09-06 17:01 (UTC)


Hello TrialnError thank you for your reply, today I finished work a bit early and I have tried again with no luck :( I made sure I
removed the old cache from ~/.cache/paru/clone/* so it pulls a new version… I think is the same error:

-- Build files have been written to: /home/rek2/.cache/paru/clone/openvas-scanner/src


make: Entering directory '/home/rek2/.cache/paru/clone/openvas-scanner/src/build'
[ 1%] Building C object misc/CMakeFiles/openvas_misc_shared.dir/bpf_share.c.o
<command-line>: error: "_FORTIFY_SOURCE" redefined [-Werror]
<command-line>: note: this is the location of the previous definition
cc1: all warnings being treated as errors
make[2]: *** [misc/CMakeFiles/openvas_misc_shared.dir/build.make:76: misc/CMakeFiles/
make[1]: *** [CMakeFiles/Makefile2:229: misc/CMakeFiles/openvas_misc_shared.dir/all]
make: *** [Makefile:166: all] Error 2
make: Leaving directory '/home/rek2/.cache/paru/clone/openvas-scanner/src/build'
==> ERROR: A failure occurred in build().
Aborting...
error: failed to build 'openvas-scanner-23.9.0-2':
error: can't build ospd-openvas-22.7.1-1, deps not satisfied: openvas-scanner
error: packages failed to build: openvas-scanner-23.9.0-2 ospd-openvas-22.7.1-1
BTW why is there a gsa and a greenbone-security-assistant package? both seem very new, which one should I use?

1 2 3 4 5 Next › Last »

aurweb v6.2.15
Report issues here.
Copyright © 2004-2024 aurweb Development Team.
AUR packages are user produced content. Any use of the provided files is at your own risk.

You might also like