freebsd/ports
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
ports/security/gvm/files/pkg-message.in
Jose Alonso Cardenas Marquez 8a0fa5cfc7
security/gvm: Update entry about pdf exporting from gsad
2023-10-20 20:16:40 -05:00

169 lines
5.2 KiB
Plaintext
Raw Blame History

[
{ type: install
message: <<EOM
GVM ports were installed
If you are migrating to new version do not forget do the following:
# su -m gvm -c "gvmd --migrate"
Basic instructions for configure your gvm infraestruture are following:
1) Redis is a dependency of GVM. Please, configure redis-server for
listening on socket /var/run/redis/redis.sock. security/openvas scanner
needs it
# echo "db_address = /var/run/redis/redis.sock" > /usr/local/etc/openvas/openvas.conf
2) Mosquitto broker is a new dependency of GVM. Please configure net/mosquitto
service and add the following line to openvas configuration file
# echo "mqtt_server_uri = localhost:1883" >> /usr/local/etc/openvas/openvas.conf
3) security/py-notus-scanner is a new tool used by GVM. You must create a
notus-scanner.toml configuration file at usr/local/etc/gvm/ directory
# echo "[notus-scanner]" > /usr/local/etc/gvm/notus-scanner.toml
# echo 'mqtt-broker-address = "localhost"' >> /usr/local/etc/gvm/notus-scanner.toml
# echo 'mqtt-broker-port = "1883"' >> /usr/local/etc/gvm/notus-scanner.toml
# echo 'products-directory = "/var/lib/notus/products"' >> /usr/local/etc/gvm/notus-scanner.toml
# echo 'log-level = "INFO"' >> /usr/local/etc/gvm/notus-scanner.toml
# echo "disable-hashsum-verification = false" >> /usr/local/etc/gvm/notus-scanner.toml
Otherwise it can be defined into notus-scanner startup script. Take a look at
/usr/local/etc/rc.d/notus-scanner file
4) Add user gvm to redis group
# pw groupmod redis -M gvm
5) security/gvmd uses PostgreSQL database (server and contrib). Generally,
PostgreSQL must be installed in the same server where security/gvmd is running:
# su postgres
# createuser -DRS gvm
# createdb -O gvm gvmd
# psql gvmd
# create role dba with superuser noinherit;
# grant dba to gvm;
# create extension "uuid-ossp";
# create extension "pgcrypto";
# create extension "pg-gvm";
6) Add the following lines to /etc/rc.conf
# sysrc redis_enable="YES"
# sysrc gvmd_enable="YES"
# sysrc ospd_openvas_enable="YES"
# sysrc notus_scanner_enable="YES"
# sysrc gsad_enable="YES"
7) Start redis service
# service redis start
8) Currently, ospd_openvas should run as a user without elevated privileges
(gvm) and use sudo for run openvas scanner but it does not work properly.
Like a workaround you must run redis as root and the same with ospd_openvas.
Add the following lines to /etc/rc.conf
redis_user="root"
ospd_openvas_user="root"
Take in mind it is not the best configuration for run ospd_openvas and
openvas.
The following could avoid some scan issues with openvas
# echo "test_alive_hosts_only = no" >> /usr/local/etc/openvas/openvas.conf
9) The following steps are neccessary before of you can access to GVM web
interface (gsad):
Create certificates
# su -m gvm -c "gvm-manage-certs -a"
Sync gvmd Data, SCAP, CERT and NVT
# su -m gvm -c "greenbone-nvt-sync"
# su -m gvm -c "greenbone-feed-sync --type GVMD_DATA"
# su -m gvm -c "greenbone-feed-sync --type SCAP"
# su -m gvm -c "greenbone-feed-sync --type CERT"
Start gvmd service. It will listen on /var/run/gvmd/gvmd.sock by default
# service gvmd start
Create an admin user and set the Feed Import Owner
# su -m gvm -c "gvmd --create-user=myuser"
# su -m gvm -c "gvmd --user=myuser --new-password=yourpassword"
Set the Feed Import Owner (myuser user in this example)
# su -m gvm -c "gvmd --get-users --verbose"
myuser <uuid_of_user>
# su -m gvm -c "gvmd --modify-setting 78eceaec-3385-11ea-b237-28d24461215b --value <uuid_of_user>
10) Start OSPD-OpenVAS Wrapper service. It will listen on /var/run/ospd/ospd.sock by default
# service ospd_openvas start
you can test if ospd_openvas is connecting with openvas scanner with the following commands:
# su -m gvm -c "gvmd --get-scanners"
6acd0832-df90-11e4-b9d5-28d24461215b CVE 0 CVE
08b69003-5fc2-4037-a479-93b440211c73 OpenVAS /var/run/ospd/ospd.sock 0 OpenVAS Default
# su -m gvm -c "gvmd --verify-scanner=08b69003-5fc2-4037-a479-93b440211c73"
Scanner version: OpenVAS x.x.x
11) Start Notus Scanner service
# service notus_scanner start
12) Start GVM web interface. It will listen on http://127.0.0.1 by default
# service gsad start
13) Some openvas scanner tasks need access to /dev/bpf device. Add the
following lines to /etc/devfs.conf
own bpf root:gvm
perm bpf 0660
And restart service for apply the changes
# service devfs restart
14) gvm log files are stores to /var/log/gvm directory
15) gsad can export results to PDF. It needs print/tex-xetex port
# pkg install tex-xetex
16) If you need more configure information you can look at the following links:
https://github.com/greenbone/gvmd/blob/master/INSTALL.md
https://github.com/greenbone/openvas/blob/master/INSTALL.md
https://github.com/greenbone/ospd/blob/master/doc/INSTALL-ospd-scanner.md
https://github.com/greenbone/gsa/blob/master/INSTALL.md
https://github.com/greenbone/greenbone-feed-sync/blob/main/README.md
https://greenbone.github.io/docs/latest/index.html
and
# gvmd -h
# openvas -h
# ospd-openvas -h
# notus-scanner -h
# gsad -h
14) Enjoy it
EOM
}
]
Reference in New Issue View Git Blame Copy Permalink