Установка Greenbone Vulnerability Management (GVM) 21.* на Debian 10

Greenbone — это программное обеспечение для сканирования уязвимостей и управления ими с открытым исходным кодом. Оно предоставляет набор тестов на сетевую уязвимость для поиска лазеек безопасности в системах и приложениях.

Все действия ниже будут выполняться от root.

# Устанавливаем необходимые пакеты зависимостей.

apt-get install build-essential curl cmake pkg-config libglib2.0-dev libgpgme-dev libgnutls28-dev uuid-dev libssh-gcrypt-dev libhiredis-dev libxml2-dev libpcap-dev libnet1-dev libldap2-dev libradcli-dev libpq-dev gcc-mingw-w64 libpopt-dev libunistring-dev heimdal-dev perl-base bison libgcrypt20-dev libksba-dev nmap python-impacket libsnmp-dev libical-dev xsltproc rsync texlive-latex-extra texlive-fonts-recommended xmlstarlet zip rpm fakeroot nsis gnupg gpgsm sshpass socat snmp gnutls-bin xml-twig-tools libmicrohttpd-dev python3-lxml python3-pip python3-setuptools python3-packaging python3-wrapt python3-cffi python3-psutil python3-lxml python3-defusedxml python3-paramiko python3-redis -y

JTIzJTIwJUQwJTkyJUQwJUI1JUQwJUIxJTIwJUQwJUI4JUQwJUJEJUQxJTgyJUQwJUI1JUQxJTgwJUQxJTg0JUQwJUI1JUQwJUI5JUQxJTgxJTIwR1ZNJTIwJUQwJUJEJUQwJUIwJUQwJUJGJUQwJUI4JUQxJTgxJUQwJUIwJUQwJUJEJTIwJUQwJUJEJUQwJUIwJTIwSmF2YVNjcmlwdCUyMCVEMCVCOCUyMCVEMCVCOCVEMSU4MSVEMCVCRiVEMCVCRSVEMCVCQiVEMSU4QyVEMCVCNyVEMSU4MyVEMCVCNSVEMSU4MiUyMCVEMSU4NCVEMSU4MCVEMCVCNSVEMCVCOSVEMCVCQyVEMCVCMiVEMCVCRSVEMSU4MCVEMCVCQSUyMFJlYWN0LiUyMCVEMCU5NCVEMCVCQiVEMSU4RiUyMCVEMCVCRiVEMCVCRSVEMCVCNCVEMCVCNCVEMCVCNSVEMSU4MCVEMCVCNiVEMCVCQSVEMCVCOCUyMEphdmFTY3JpcHQtJUQwJUI3JUQwJUIwJUQwJUIyJUQwJUI4JUQxJTgxJUQwJUI4JUQwJUJDJUQwJUJFJUQxJTgxJUQxJTgyJUQwJUI1JUQwJUI5JTIwJUQxJTgzJUQxJTgxJUQxJTgyJUQwJUIwJUQwJUJEJUQwJUJFJUQwJUIyJUQwJUI4JUQwJUJDJTIweWFybi4=

curl -sS https://dl.yarnpkg.com/debian/pubkey.gpg | apt-key add
ZWNobyUyMGRlYiUyMGh0dHBzJTNBJTJGJTJGZGwueWFybnBrZy5jb20lMkZkZWJpYW4lMkYlMjBzdGFibGUlMjBtYWluJTIwJTdDJTIwdGVlJTIwJTJGZXRjJTJGYXB0JTJGc291cmNlcy5saXN0LmQlMkZ5YXJuLmxpc3Q=

apt-get update
YXB0LWdldCUyMGluc3RhbGwlMjB5YXJuJTIwLXk=

yarn install
yarn upgrade

JTIzJTIwJUQwJUEzJUQxJTgxJUQxJTgyJUQwJUIwJUQwJUJEJUQwJUJFJUQwJUIyJUQwJUJBJUQwJUIwJTIwUG9zdGdyZVNRTC4=

YXB0LWdldCUyMGluc3RhbGwlMjBwb3N0Z3Jlc3FsJTIwcG9zdGdyZXNxbC1jb250cmliJTIwcG9zdGdyZXNxbC1zZXJ2ZXItZGV2LTExJTIwLXk=

# Настройка пользователя и базы данных PostgreSQL и настройка разрешений и расширений базы данных.

sudo -Hiu postgres createuser gvm
c3VkbyUyMC1IaXUlMjBwb3N0Z3JlcyUyMGNyZWF0ZWRiJTIwLU8lMjBndm0lMjBndm1k
sudo -Hiu postgres psql -c 'create role dba with superuser noinherit;' gvmd
c3VkbyUyMC1IaXUlMjBwb3N0Z3JlcyUyMHBzcWwlMjAtYyUyMCdncmFudCUyMGRiYSUyMHRvJTIwZ3ZtJTNCJyUyMGd2bWQ=
sudo -Hiu postgres psql -c 'create extension "uuid-ossp";' gvmd
c3VkbyUyMC1IaXUlMjBwb3N0Z3JlcyUyMHBzcWwlMjAtYyUyMCdjcmVhdGUlMjBleHRlbnNpb24lMjAlMjJwZ2NyeXB0byUyMiUzQiclMjBndm1k

# Применение изменений и включение в автозагрузку службу PostgreSQL.

c3lzdGVtY3RsJTIwcmVzdGFydCUyMHBvc3RncmVzcWw=
systemctl enable postgresql

JTIzJUMyJUEwJUQwJUExJUQwJUJFJUQwJUI3JUQwJUI0JUQwJUIwJUQwJUI1JUQwJUJDJTIwJUQwJUJGJUQwJUJFJUQwJUJCJUQxJThDJUQwJUI3JUQwJUJFJUQwJUIyJUQwJUIwJUQxJTgyJUQwJUI1JUQwJUJCJUQxJThGJTIwR1ZNJTIwJUQwJUJFJUQxJTgyJTIwJUQwJUJBJUQwJUJFJUQxJTgyJUQwJUJFJUQxJTgwJUQwJUJFJUQwJUIzJUQwJUJFJTIwJUQwJUIxJUQxJTgzJUQwJUI0JUQwJUI1JUQxJTgyJTIwJUQxJTgwJUQwJUIwJUQwJUIxJUQwJUJFJUQxJTgyJUQwJUIwJUQxJTgyJUQxJThDJTIwJUQxJTgxJUQwJUI4JUQxJTgxJUQxJTgyJUQwJUI1JUQwJUJDJUQwJUIwLg==

useradd -r -M -U -s /usr/sbin/nologin -c "GVM User" gvm

# Скачиваем исходники пакетов входящих в состав системы GVM 21.04 и распаковываем их.

bWtkaXIlMjAtcCUyMCUyRm9wdCUyRmd2bS1zb3VyY2U=
cd /opt/gvm-source/

ZXhwb3J0JTIwR1ZNX1ZFUlNJT04lM0QyMS40LjQ=
ZXhwb3J0JTIwR1ZNX0xJQlNfVkVSU0lPTiUzRCUyNEdWTV9WRVJTSU9O
export GVMD_VERSION=21.4.5
ZXhwb3J0JTIwR1NBX1ZFUlNJT04lM0QlMjRHVk1fVkVSU0lPTg==
export GSAD_VERSION=$GVM_VERSION
export OPENVAS_SMB_VERSION=21.4.0
export OPENVAS_SCANNER_VERSION=$GVM_VERSION
export OSPD_OPENVAS_VERSION=$GVM_VERSION

Y3VybCUyMC1mJTIwLUwlMjBodHRwcyUzQSUyRiUyRmdpdGh1Yi5jb20lMkZncmVlbmJvbmUlMkZndm0tbGlicyUyRmFyY2hpdmUlMkZyZWZzJTJGdGFncyUyRnYlMjRHVk1fTElCU19WRVJTSU9OLnRhci5neiUyMC1vJTIwZ3ZtLWxpYnMtJTI0R1ZNX0xJQlNfVkVSU0lPTi50YXIuZ3o=
Y3VybCUyMC1mJTIwLUwlMjBodHRwcyUzQSUyRiUyRmdpdGh1Yi5jb20lMkZncmVlbmJvbmUlMkZndm1kJTJGYXJjaGl2ZSUyRnJlZnMlMkZ0YWdzJTJGdiUyNEdWTURfVkVSU0lPTi50YXIuZ3olMjAtbyUyMGd2bWQtJTI0R1ZNRF9WRVJTSU9OLnRhci5neg==
Y3VybCUyMC1mJTIwLUwlMjBodHRwcyUzQSUyRiUyRmdpdGh1Yi5jb20lMkZncmVlbmJvbmUlMkZnc2ElMkZhcmNoaXZlJTJGcmVmcyUyRnRhZ3MlMkZ2JTI0R1NBX1ZFUlNJT04udGFyLmd6JTIwLW8lMjBnc2EtJTI0R1NBX1ZFUlNJT04udGFyLmd6
curl -f -L https://github.com/greenbone/gsad/archive/refs/tags/v$GSAD_VERSION.tar.gz -o gsad-$GSAD_VERSION.tar.gz
Y3VybCUyMC1mJTIwLUwlMjBodHRwcyUzQSUyRiUyRmdpdGh1Yi5jb20lMkZncmVlbmJvbmUlMkZvcGVudmFzLXNtYiUyRmFyY2hpdmUlMkZyZWZzJTJGdGFncyUyRnYlMjRPUEVOVkFTX1NNQl9WRVJTSU9OLnRhci5neiUyMC1vJTIwb3BlbnZhcy1zbWItJTI0T1BFTlZBU19TTUJfVkVSU0lPTi50YXIuZ3o=
Y3VybCUyMC1mJTIwLUwlMjBodHRwcyUzQSUyRiUyRmdpdGh1Yi5jb20lMkZncmVlbmJvbmUlMkZvcGVudmFzLXNjYW5uZXIlMkZhcmNoaXZlJTJGcmVmcyUyRnRhZ3MlMkZ2JTI0T1BFTlZBU19TQ0FOTkVSX1ZFUlNJT04udGFyLmd6JTIwLW8lMjBvcGVudmFzLXNjYW5uZXItJTI0T1BFTlZBU19TQ0FOTkVSX1ZFUlNJT04udGFyLmd6
Y3VybCUyMC1mJTIwLUwlMjBodHRwcyUzQSUyRiUyRmdpdGh1Yi5jb20lMkZncmVlbmJvbmUlMkZvc3BkLW9wZW52YXMlMkZhcmNoaXZlJTJGcmVmcyUyRnRhZ3MlMkZ2JTI0T1NQRF9PUEVOVkFTX1ZFUlNJT04udGFyLmd6JTIwLW8lMjBvc3BkLW9wZW52YXMtJTI0T1NQRF9PUEVOVkFTX1ZFUlNJT04udGFyLmd6

dGFyJTIwLXh2emYlMjBndm0tbGlicy0lMjRHVk1fTElCU19WRVJTSU9OLnRhci5neiUyMCUyNiUyNiUyMG12JTIwZ3ZtLWxpYnMtJTI0R1ZNX0xJQlNfVkVSU0lPTiUyMGd2bS1saWJz
tar -xvzf gvmd-$GVMD_VERSION.tar.gz && mv gvmd-$GVMD_VERSION gvmd
dGFyJTIwLXh2emYlMjBnc2EtJTI0R1NBX1ZFUlNJT04udGFyLmd6JTIwJTI2JTI2JTIwbXYlMjBnc2EtJTI0R1NBX1ZFUlNJT04lMjBnc2E=
tar -xvzf gsad-$GSAD_VERSION.tar.gz && mv gsad-$GSAD_VERSION gsad
dGFyJTIwLXh2emYlMjBvcGVudmFzLXNtYi0lMjRPUEVOVkFTX1NNQl9WRVJTSU9OLnRhci5neiUyMCUyNiUyNiUyMG12JTIwb3BlbnZhcy1zbWItJTI0T1BFTlZBU19TTUJfVkVSU0lPTiUyMG9wZW52YXMtc21i
tar -xvzf openvas-scanner-$OPENVAS_SCANNER_VERSION.tar.gz && mv openvas-scanner-$OPENVAS_SCANNER_VERSION openvas-scanner
tar -xvzf ospd-openvas-$OSPD_OPENVAS_VERSION.tar.gz && mv ospd-openvas-$OSPD_OPENVAS_VERSION ospd-openvas

# Собираем и устанавливаем пакет — GVM Libraries.

cd gvm-libs
mkdir build && cd build
cmake .. -DCMAKE_INSTALL_PREFIX=/usr/local -DCMAKE_BUILD_TYPE=Release -DSYSCONFDIR=/etc -DLOCALSTATEDIR=/var
bWFrZQ==
bWFrZSUyMGluc3RhbGw=
Y2QlMjAuLiUyRi4u

JTIzJTIwJUQwJUExJUQwJUJFJUQwJUIxJUQwJUI4JUQxJTgwJUQwJUIwJUQwJUI1JUQwJUJDJTIwJUQwJUI4JTIwJUQxJTgzJUQxJTgxJUQxJTgyJUQwJUIwJUQwJUJEJUQwJUIwJUQwJUIyJUQwJUJCJUQwJUI4JUQwJUIyJUQwJUIwJUQwJUI1JUQwJUJDJTIwJUQwJUJGJUQwJUIwJUQwJUJBJUQwJUI1JUQxJTgyJTIwJUUyJTgwJTk0JTIwR3JlZW5ib25lJTIwVnVsbmVyYWJpbGl0eSUyME1hbmFnZXIu

Y2QlMjBndm1k
mkdir build && cd build
cmake .. -DCMAKE_INSTALL_PREFIX=/usr/local -DCMAKE_BUILD_TYPE=Release -DLOCALSTATEDIR=/var -DSYSCONFDIR=/etc -DGVM_DATA_DIR=/var -DGVMD_RUN_DIR=/run/gvmd -DOPENVAS_DEFAULT_SOCKET=/run/ospd/ospd-openvas.sock -DGVM_FEED_LOCK_PATH=/var/lib/gvm/feed-update.lock -DSYSTEMD_SERVICE_DIR=/lib/systemd/system -DDEFAULT_CONFIG_DIR=/etc/default -DLOGROTATE_DIR=/etc/logrotate.d
bWFrZQ==
bWFrZSUyMGluc3RhbGw=
Y2QlMjAuLiUyRi4u

cd gsa
rm -rf build
eWFybg==
yarn build
Y2QlMjAuLg==

mkdir -p /usr/local/share/gvm/gsad/web
Y3AlMjAtcnAlMjAlMkZvcHQlMkZndm0tc291cmNlJTJGZ3NhJTJGYnVpbGQlMkYqJTIwJTJGdXNyJTJGbG9jYWwlMkZzaGFyZSUyRmd2bSUyRmdzYWQlMkZ3ZWI=

cd gsad
bWtkaXIlMjBidWlsZCUyMCUyNiUyNiUyMGNkJTIwYnVpbGQ=
Y21ha2UlMjAuLiUyMC1EQ01BS0VfSU5TVEFMTF9QUkVGSVglM0QlMkZ1c3IlMkZsb2NhbCUyMC1EQ01BS0VfQlVJTERfVFlQRSUzRFJlbGVhc2UlMjAtRFNZU0NPTkZESVIlM0QlMkZldGMlMjAtRExPQ0FMU1RBVEVESVIlM0QlMkZ2YXIlMjAtREdWTURfUlVOX0RJUiUzRCUyRnJ1biUyRmd2bWQlMjAtREdTQURfUlVOX0RJUiUzRCUyRnJ1biUyRmdzYWQlMjAtRExPR1JPVEFURV9ESVIlM0QlMkZldGMlMkZsb2dyb3RhdGUuZA==
bWFrZQ==
make install
Y2QlMjAuLiUyRi4u

JTIzJTIwJUQwJUExJUQwJUJFJUQwJUIxJUQwJUI4JUQxJTgwJUQwJUIwJUQwJUI1JUQwJUJDJTIwJUQwJUI4JTIwJUQxJTgzJUQxJTgxJUQxJTgyJUQwJUIwJUQwJUJEJUQwJUIwJUQwJUIyJUQwJUJCJUQwJUI4JUQwJUIyJUQwJUIwJUQwJUI1JUQwJUJDJTIwJUQwJUJGJUQwJUIwJUQwJUJBJUQwJUI1JUQxJTgyJUQxJThCJTIwJUUyJTgwJTk0JTIwT3BlblZBUyUyMCVEMCVCOCUyME9wZW5WQVMlMjBTTUIu

Y2QlMjBvcGVudmFzLXNtYg==
bWtkaXIlMjBidWlsZCUyMCUyNiUyNiUyMGNkJTIwYnVpbGQ=
cmake .. -DCMAKE_INSTALL_PREFIX=/usr/local -DCMAKE_BUILD_TYPE=Release
bWFrZQ==
bWFrZSUyMGluc3RhbGw=
cd ../..

cd openvas-scanner
mkdir build && cd build
Y21ha2UlMjAuLiUyMC1EQ01BS0VfSU5TVEFMTF9QUkVGSVglM0QlMkZ1c3IlMkZsb2NhbCUyMC1EQ01BS0VfQlVJTERfVFlQRSUzRFJlbGVhc2UlMjAtRFNZU0NPTkZESVIlM0QlMkZldGMlMjAtRExPQ0FMU1RBVEVESVIlM0QlMkZ2YXIlMjAtRE9QRU5WQVNfRkVFRF9MT0NLX1BBVEglM0QlMkZ2YXIlMkZsaWIlMkZvcGVudmFzJTJGZmVlZC11cGRhdGUubG9jayUyMC1ET1BFTlZBU19SVU5fRElSJTNEJTJGcnVuJTJGb3NwZA==
make
bWFrZSUyMGluc3RhbGw=
cd ../..

cd ospd-openvas
pip3 install --upgrade pip
cHl0aG9uMyUyMC1tJTIwcGlwJTIwaW5zdGFsbCUyMC4lMjAtLXByZWZpeCUzRCUyRnVzciUyRmxvY2FsJTIwLS1uby13YXJuLXNjcmlwdC1sb2NhdGlvbg==
python3 -m pip install --prefix=/usr/local --no-warn-script-location gvm-tools
Y2QlMjAuLg==

JTIzJTIwJUQwJUEzJUQxJTgxJUQxJTgyJUQwJUIwJUQwJUJEJUQwJUJFJUQwJUIyJUQwJUJBJUQwJUIwJTIwJUQxJTgxJUQwJUI1JUQxJTgwJUQwJUIyJUQwJUI1JUQxJTgwJUQwJUIwJTIwUmVkaXMu

YXB0LWdldCUyMGluc3RhbGwlMjByZWRpcy1zZXJ2ZXIlMjAlMjAteQ==

# Добавление конфигурации для запуска сервера Redis для сканера/

ldconfig

Y3AlMjAlMkZvcHQlMkZndm0tc291cmNlJTJGb3BlbnZhcy1zY2FubmVyJTJGY29uZmlnJTJGcmVkaXMtb3BlbnZhcy5jb25mJTIwJTJGZXRjJTJGcmVkaXMlMkY=
chown redis:redis /etc/redis/redis-openvas.conf

echo "db_address = /run/redis-openvas/redis.sock" > /etc/openvas/openvas.conf

JTIzJTIwJUQwJTk3JUQwJUIwJUQwJUJGJUQxJTgzJUQxJTgxJUQwJUJBJUQwJUIwJUQwJUI1JUQwJUJDJTIwJUQxJTgxJUQwJUJCJUQxJTgzJUQwJUI2JUQwJUIxJUQxJTgzJTIwUmVkaXMlMjAlRDAlQjglMjAlRDAlQjQlRDAlQkUlRDAlQjElRDAlQjAlRDAlQjIlRDAlQkIlRDElOEYlRDAlQjUlRDAlQkMlMjAlRDAlQjUlRDAlQjUlMjAlRDAlQjIlMjAlRDAlQjAlRDAlQjIlRDElODIlRDAlQkUlRDAlQjclRDAlQjAlRDAlQjMlRDElODAlRDElODMlRDAlQjclRDAlQkElRDElODMu

systemctl start redis-server@openvas.service
systemctl enable redis-server@openvas.service

JTIzJTIwJUQwJTk0JUQwJUJFJUQwJUIxJUQwJUIwJUQwJUIyJUQwJUJCJUQwJUI1JUQwJUJEJUQwJUI4JUQwJUI1JTIwJUQwJUJGJUQwJUJFJUQwJUJCJUQxJThDJUQwJUI3JUQwJUJFJUQwJUIyJUQwJUIwJUQxJTgyJUQwJUI1JUQwJUJCJUQxJThGJTIwZ3ZtJTIwJUQwJUIyJTIwJUQwJUIzJUQxJTgwJUQxJTgzJUQwJUJGJUQwJUJGJUQxJTgzJTIwcmVkaXMu

usermod -aG redis gvm

JTIzJTIwJUQwJUEyJUQxJThFJUQwJUJEJUQwJUI4JUQwJUJEJUQwJUIzJTIwJUQxJTgxJUQwJUI4JUQxJTgxJUQxJTgyJUQwJUI1JUQwJUJDJUQxJThCJTIwJUQwJUI0JUQwJUJCJUQxJThGJTIwJUQwJUJGJUQwJUJFJUQwJUIyJUQxJThCJUQxJTg4JUQwJUI1JUQwJUJEJUQwJUI4JUQwJUI1JTIwJUQwJUJGJUQxJTgwJUQwJUJFJUQwJUI4JUQwJUI3JUQwJUIyJUQwJUJFJUQwJUI0JUQwJUI4JUQxJTgyJUQwJUI1JUQwJUJCJUQxJThDJUQwJUJEJUQwJUJFJUQxJTgxJUQxJTgyJUQwJUI4Lg==

echo 'net.core.somaxconn = 1024' >> /etc/sysctl.conf
echo 'vm.overcommit_memory = 1' >> /etc/sysctl.conf
c3lzY3RsJTIwLXA=

Y2F0JTIwJTNFJTIwJTJGZXRjJTJGc3lzdGVtZCUyRnN5c3RlbSUyRmRpc2FibGVfdGhwLnNlcnZpY2UlMjAlM0MlM0MlMjAnRU9MJw==
[Unit]
Description=Disable Kernel Support for Transparent Huge Pages (THP)

JTVCU2VydmljZSU1RA==
VHlwZSUzRHNpbXBsZQ==
ExecStart=/bin/sh -c "echo 'never' > /sys/kernel/mm/transparent_hugepage/enabled && echo 'never' > /sys/kernel/mm/transparent_hugepage/defrag"

[Install]
WantedBy=multi-user.target
EOL

systemctl daemon-reload
c3lzdGVtY3RsJTIwZW5hYmxlJTIwLS1ub3clMjBkaXNhYmxlX3RocA==

JTIzJTIwJUQwJTlEJUQwJUIwJUQxJTgxJUQxJTgyJUQxJTgwJUQwJUJFJUQwJUI5JUQwJUJBJUQwJUIwJTIwJUQwJUJGJUQxJTgwJUQwJUIwJUQwJUIyJTIwJUQwJUI0JUQwJUJFJUQxJTgxJUQxJTgyJUQxJTgzJUQwJUJGJUQwJUIwJTIwJUQwJUJEJUQwJUIwJTIwJUQwJUJBJUQwJUIwJUQxJTgyJUQwJUIwJUQwJUJCJUQwJUJFJUQwJUIzJUQwJUI4JTIwJUQwJUJFJUQxJTgyJUQwJUJEJUQwJUJFJUQxJTgxJUQxJThGJUQxJTg5JUQwJUI4JUQwJUI1JUQxJTgxJUQxJThGJTIwJUQwJUJBJTIwJUQxJTgxJUQwJUI4JUQxJTgxJUQxJTgyJUQwJUI1JUQwJUJDJUQwJUI1JTIwR1ZNLg==

Y2hvd24lMjAtUiUyMGd2bSUzQWd2bSUyMCUyRnZhciUyRmxpYiUyRmd2bQ==
chown -R gvm:gvm /var/lib/openvas
chown -R gvm:gvm /var/log/gvm
chown -R gvm:gvm /run/gvmd
Y2hvd24lMjAtUiUyMGd2bSUzQWd2bSUyMCUyRnJ1biUyRmdzYWQ=

chmod -R g+srw /var/lib/gvm
Y2htb2QlMjAtUiUyMGclMkJzcnclMjAlMkZ2YXIlMkZsaWIlMkZvcGVudmFz
chmod -R g+srw /var/log/gvm

Y2hvd24lMjBndm0lM0Fndm0lMjAlMkZ1c3IlMkZsb2NhbCUyRnNiaW4lMkZndm1k
Y2htb2QlMjA2NzUwJTIwJTJGdXNyJTJGbG9jYWwlMkZzYmluJTJGZ3ZtZA==

Y2hvd24lMjBndm0lM0Fndm0lMjAlMkZ1c3IlMkZsb2NhbCUyRmJpbiUyRmdyZWVuYm9uZS1udnQtc3luYw==
chmod 740 /usr/local/sbin/greenbone-feed-sync
chown gvm:gvm /usr/local/sbin/greenbone-*-sync
chmod 740 /usr/local/sbin/greenbone-*-sync

echo "gvm ALL = NOPASSWD: $(which openvas)" >> /etc/sudoers.d/gvm

# Создаем учетную запись администратора и устанавливаем его как владельца импорта фида.

c3VkbyUyMC11JTIwZ3ZtJTIwZ3ZtZCUyMC0tY3JlYXRlLXVzZXIlMjBhZG1pbiUyMC0tcGFzc3dvcmQlM0RhZG1pbg==
User created.

c3VkbyUyMC11JTIwZ3ZtJTIwZ3ZtZCUyMC0tZ2V0LXVzZXJzJTIwLS12ZXJib3Nl
admin f2b57df6-9b3e-419c-91b5-ad5abd43d2b2

sudo -u gvm gvmd --modify-setting 78eceaec-3385-11ea-b237-28d24461215b --value f2b57df6-9b3e-419c-91b5-ad5abd43d2b2

# Выполняем первичную синхронизацию баз данных.

# Update Network Vulnerability Tests (NVTs)
sudo -u gvm greenbone-nvt-sync

# Keeping the feeds up-to-date
c3VkbyUyMC11JTIwZ3ZtJTIwZ3JlZW5ib25lLWZlZWQtc3luYyUyMC0tdHlwZSUyMFNDQVA=
sudo -u gvm greenbone-feed-sync --type CERT
sudo -u gvm greenbone-feed-sync --type GVMD_DATA

JTIzJTIwJUQwJUExJUQwJUJFJUQwJUI3JUQwJUI0JUQwJUIwJUQwJUI1JUQwJUJDJTIwJUQxJTgxJUQwJUI1JUQxJTgwJUQwJUIyJUQwJUI4JUQxJTgxJTIwJUQwJUI3JUQwJUIwJUQwJUJGJUQxJTgzJUQxJTgxJUQwJUJBJUQwJUIwJTIwJUQwJUI0JUQwJUJCJUQxJThGJTIwJUUyJTgwJTk0JTIwT3BlblZBUy4=

Y2F0JTIwJTNDJTNDJTIwRU9GJTIwJTNFJTIwJTJGZXRjJTJGc3lzdGVtZCUyRnN5c3RlbSUyRm9zcGQtb3BlbnZhcy5zZXJ2aWNl
JTVCVW5pdCU1RA==
Description=OSPd Wrapper for the OpenVAS Scanner (ospd-openvas)
RG9jdW1lbnRhdGlvbiUzRG1hbiUzQW9zcGQtb3BlbnZhcyg4KSUyMG1hbiUzQW9wZW52YXMoOCk=
After=network.target networking.service redis-server@openvas.service
Wants=redis-server@openvas.service
ConditionKernelCommandLine=!recovery

JTVCU2VydmljZSU1RA==
Type=forking
VXNlciUzRGd2bQ==
Group=gvm
RuntimeDirectory=ospd
UnVudGltZURpcmVjdG9yeU1vZGUlM0QyNzc1
UElERmlsZSUzRCUyRnJ1biUyRm9zcGQlMkZvc3BkLW9wZW52YXMucGlk
ExecStart=/usr/local/bin/ospd-openvas --unix-socket /run/ospd/ospd-openvas.sock --pid-file /run/ospd/ospd-openvas.pid --log-file /var/log/gvm/ospd-openvas.log --lock-file-dir /var/lib/openvas --socket-mode 0o770
U3VjY2Vzc0V4aXRTdGF0dXMlM0RTSUdLSUxM
UmVzdGFydCUzRGFsd2F5cw==
UmVzdGFydFNlYyUzRDYw

JTVCSW5zdGFsbCU1RA==
WantedBy=multi-user.target
RU9G

# Создаем сервис запуска для — GVM.

cat << EOF > /lib/systemd/system/gvmd.service
JTVCVW5pdCU1RA==
RGVzY3JpcHRpb24lM0RHcmVlbmJvbmUlMjBWdWxuZXJhYmlsaXR5JTIwTWFuYWdlciUyMGRhZW1vbiUyMChndm1kKQ==
After=network.target networking.service postgresql.service ospd-openvas.service
V2FudHMlM0Rwb3N0Z3Jlc3FsLnNlcnZpY2UlMjBvc3BkLW9wZW52YXMuc2VydmljZQ==
RG9jdW1lbnRhdGlvbiUzRG1hbiUzQWd2bWQoOCk=
Q29uZGl0aW9uS2VybmVsQ29tbWFuZExpbmUlM0QhcmVjb3Zlcnk=

JTVCU2VydmljZSU1RA==
VHlwZSUzRGZvcmtpbmc=
VXNlciUzRGd2bQ==
Group=gvm
UElERmlsZSUzRCUyRnJ1biUyRmd2bWQlMkZndm1kLnBpZA==
RuntimeDirectory=gvmd
UnVudGltZURpcmVjdG9yeU1vZGUlM0QyNzc1
ExecStart=/usr/local/sbin/gvmd --osp-vt-update=/run/ospd/ospd-openvas.sock --listen-group=gvm
UmVzdGFydCUzRGFsd2F5cw==
VGltZW91dFN0b3BTZWMlM0QxMA==

JTVCSW5zdGFsbCU1RA==
V2FudGVkQnklM0RtdWx0aS11c2VyLnRhcmdldA==
EOF

Y2F0JTIwJTNDJTNDJTIwRU9GJTIwJTNFJTIwJTJGZXRjJTJGc3lzdGVtZCUyRnN5c3RlbSUyRmdzYWQuc2VydmljZQ==
JTVCVW5pdCU1RA==
RGVzY3JpcHRpb24lM0RHcmVlbmJvbmUlMjBTZWN1cml0eSUyMEFzc2lzdGFudCUyMGRhZW1vbiUyMChnc2FkKQ==
Documentation=man:gsad(8) https://www.greenbone.net
QWZ0ZXIlM0RuZXR3b3JrLnRhcmdldCUyMGd2bWQuc2VydmljZQ==
Wants=gvmd.service

[Service]
Type=forking
User=gvm
Group=gvm
UnVudGltZURpcmVjdG9yeSUzRGdzYWQ=
UnVudGltZURpcmVjdG9yeU1vZGUlM0QyNzc1
PIDFile=/run/gsad/gsad.pid
RXhlY1N0YXJ0JTNEJTJGdXNyJTJGbG9jYWwlMkZzYmluJTJGZ3NhZCUyMC0tbGlzdGVuJTNEMC4wLjAuMCUyMC0tcG9ydCUzRDkzOTIlMjAtLWh0dHAtb25seQ==
Restart=always
VGltZW91dFN0b3BTZWMlM0QxMA==

[Install]
V2FudGVkQnklM0RtdWx0aS11c2VyLnRhcmdldA==
QWxpYXMlM0RncmVlbmJvbmUtc2VjdXJpdHktYXNzaXN0YW50LnNlcnZpY2U=
RU9G

JTIzJTIwJUQwJTkyJUQwJUJBJUQwJUJCJUQxJThFJUQxJTg3JUQwJUIwJUQwJUI1JUQwJUJDJTIwJUQwJUIyJTIwJUQwJUIwJUQwJUIyJUQxJTgyJUQwJUJFJUQwJUI3JUQwJUIwJUQwJUJGJUQxJTgzJUQxJTgxJUQwJUJBJTIwJUQwJUI4JTIwJUQwJUI3JUQwJUIwJUQwJUJGJUQxJTgzJUQxJTgxJUQwJUJBJUQwJUIwJUQwJUI1JUQwJUJDJTIwJUQxJTgxJUQwJUJFJUQwJUI3JUQwJUI0JUQwJUIwJUQwJUJEJUQwJUJEJUQxJThCJUQwJUI1JTIwJUQxJTgxJUQwJUJCJUQxJTgzJUQwJUI2JUQwJUIxJUQxJThCLg==

systemctl daemon-reload

systemctl enable ospd-openvas
c3lzdGVtY3RsJTIwZW5hYmxlJTIwZ3ZtZA==
c3lzdGVtY3RsJTIwZW5hYmxlJTIwZ3NhZA==

systemctl start ospd-openvas
systemctl start gvmd
c3lzdGVtY3RsJTIwc3RhcnQlMjBnc2Fk

c3lzdGVtY3RsJTIwc3RhdHVzJTIwb3NwZC1vcGVudmFz
systemctl status gvmd
c3lzdGVtY3RsJTIwc3RhdHVzJTIwZ3NhZA==

# Устанавливаем задания cron (в моем случае задания добавлены для root пользователя) для выполнения синхронизации один раз в день.

# Update Network Vulnerability Tests (NVTs)
MCUyMDE5JTIwKiUyMColMjAqJTIwc3VkbyUyMC11JTIwZ3ZtJTIwZ3JlZW5ib25lLW52dC1zeW5j

JTIzJTIwS2VlcGluZyUyMHRoZSUyMGZlZWRzJTIwdXAtdG8tZGF0ZQ==
0 21 * * * sudo -u gvm greenbone-feed-sync --type SCAP
0 22 * * * sudo -u gvm greenbone-feed-sync --type CERT
MCUyMDIzJTIwKiUyMColMjAqJTIwc3VkbyVDMiVBMC11JUMyJUEwZ3ZtJUMyJUEwZ3JlZW5ib25lLWZlZWQtc3luYyVDMiVBMC0tdHlwZSVDMiVBMEdWTURfREFUQQ==

ПОНРАВИЛАСЬ ИЛИ ОКАЗАЛАСЬ ПОЛЕЗНОЙ СТАТЬЯ, ПОДДЕРЖИ АВТОРА ДОНАТОМ

IT-блог Жаконды

Установка Greenbone Vulnerability Management (GVM) 21.* на Debian 10

Обсуждение

Обсуждение

Похожие записи