Установка GVM (Greenbone Vulnerability Management) 22.* на Debian 12
Greenbone — это программное обеспечение для сканирования уязвимостей и управления ими с открытым исходным кодом. Оно предоставляет набор тестов на сетевую уязвимость для поиска лазеек безопасности в системах и приложениях.
Установка зависимостей
Устанавливаем необходимые пакеты зависимостей.
apt-get install build-essential cmake pkg-config gnupg curl libglib2.0-dev libgpgme-dev libgnutls28-dev uuid-dev libssh-gcrypt-dev libhiredis-dev libxml2-dev libpcap-dev libnet1-dev libpaho-mqtt-dev libldap2-dev libradcli-dev libpq-dev libical-dev xsltproc libbsd-dev libssl-dev libmicrohttpd-dev gcc-mingw-w64 libpopt-dev libunistring-dev heimdal-dev perl-base bison libgcrypt20-dev libksba-dev rsync nmap libjson-glib-dev libcjson-dev libcurl4-gnutls-dev libsnmp-dev mosquitto libkrb5-dev python3 python3-pip python3-setuptools python3-packaging python3-wrapt python3-cffi python3-psutil python3-lxml python3-defusedxml python3-paramiko python3-redis python3-gnupg python3-impacket python3-paho-mqtt postgresql postgresql-contrib postgresql-server-dev-15 -y
Debian 11
, то нужно устанавливать пакет postgresql-server-dev-13
, который доступен в репозиториях.Создание пользователя
JUQwJUExJUQwJUJFJUQwJUI3JUQwJUI0JUQwJUIwJUQwJUI1JUQwJUJDJTIwJUQwJUJGJUQwJUJFJUQwJUJCJUQxJThDJUQwJUI3JUQwJUJFJUQwJUIyJUQwJUIwJUQxJTgyJUQwJUI1JUQwJUJCJUQxJThGJTIwJUQwJUJFJUQxJTgyJTIwJUQwJUJBJUQwJUJFJUQxJTgyJUQwJUJFJUQxJTgwJUQwJUJFJUQwJUIzJUQwJUJFJTIwJUQwJUIxJUQxJTgzJUQwJUI0JUQwJUI1JUQxJTgyJTIwJUQxJTgwJUQwJUIwJUQwJUIxJUQwJUJFJUQxJTgyJUQwJUIwJUQxJTgyJUQxJThDJTIwR1ZNJTIwJUQxJTgxJUQwJUJCJUQxJTgzJUQwJUI2JUQwJUIxJUQxJThCLg==
useradd -r -M -U -s /usr/sbin/nologin -c "GVM User" gvm
Скачивание компонентов
Скачиваем последние версии исходников пакетов входящих в состав системы GVM 23.* и распаковываем их.
JUQwJTkwJUQwJUJBJUQxJTgyJUQxJTgzJUQwJUIwJUQwJUJCJUQxJThDJUQwJUJEJUQxJThCJUQwJUI1JTIwJUQwJUIyJUQwJUI1JUQxJTgwJUQxJTgxJUQwJUI4JUQwJUI4JTIwJUQwJUJGJUQwJUIwJUQwJUJBJUQwJUI1JUQxJTgyJUQwJUJFJUQwJUIyJTIwJUQwJUJDJUQwJUJFJUQwJUI2JUQwJUJEJUQwJUJFJTIwJUQxJTgzJUQwJUI3JUQwJUJEJUQwJUIwJUQxJTgyJUQxJThDJTIwJUQwJUJGJUQwJUJFJTIwJUQxJTgxJUQxJTgxJUQxJThCJUQwJUJCJUQwJUJBJUQwJUIwJUQwJUJDJTNB
- Releases · greenbone/gvm-libs
- Releases · greenbone/gvmd
- Releases · greenbone/pg-gvm
- Releases · greenbone/gsa
- Releases · greenbone/gsad
- Releases · greenbone/openvas-smb
- Releases · greenbone/openvas-scanner
- Releases · greenbone/ospd-openvas
bWtkaXIlMjAtcCUyMCUyRm9wdCUyRmd2bS1zb3VyY2U=
Y2QlMjAlMkZvcHQlMkZndm0tc291cmNlJTJG
ZXhwb3J0JTIwR1ZNX0xJQlNfVkVSU0lPTiUzRDIyLjE0LjA=
export GVMD_VERSION=24.0.0
ZXhwb3J0JTIwUEdfR1ZNX1ZFUlNJT04lM0QyMi42LjU=
export GSA_VERSION=24.0.1
ZXhwb3J0JTIwR1NBRF9WRVJTSU9OJTNEMjQuMC4w
ZXhwb3J0JTIwT1BFTlZBU19TTUJfVkVSU0lPTiUzRDIyLjUuNg==
export OPENVAS_SCANNER_VERSION=23.11.1
export OSPD_OPENVAS_VERSION=22.7.1
Y3VybCUyMC1mJTIwLUwlMjBodHRwcyUzQSUyRiUyRmdpdGh1Yi5jb20lMkZncmVlbmJvbmUlMkZndm0tbGlicyUyRmFyY2hpdmUlMkZyZWZzJTJGdGFncyUyRnYlMjRHVk1fTElCU19WRVJTSU9OLnRhci5neiUyMC1vJTIwZ3ZtLWxpYnMtJTI0R1ZNX0xJQlNfVkVSU0lPTi50YXIuZ3o=
curl -f -L https://github.com/greenbone/gvmd/archive/refs/tags/v$GVMD_VERSION.tar.gz -o gvmd-$GVMD_VERSION.tar.gz
Y3VybCUyMC1mJTIwLUwlMjBodHRwcyUzQSUyRiUyRmdpdGh1Yi5jb20lMkZncmVlbmJvbmUlMkZwZy1ndm0lMkZhcmNoaXZlJTJGcmVmcyUyRnRhZ3MlMkZ2JTI0UEdfR1ZNX1ZFUlNJT04udGFyLmd6JTIwLW8lMjBwZy1ndm0tJTI0UEdfR1ZNX1ZFUlNJT04udGFyLmd6
curl -f -L https://github.com/greenbone/gsa/archive/refs/tags/v$GSA_VERSION.tar.gz -o gsa-$GSA_VERSION.tar.gz
Y3VybCUyMC1mJTIwLUwlMjBodHRwcyUzQSUyRiUyRmdpdGh1Yi5jb20lMkZncmVlbmJvbmUlMkZnc2FkJTJGYXJjaGl2ZSUyRnJlZnMlMkZ0YWdzJTJGdiUyNEdTQURfVkVSU0lPTi50YXIuZ3olMjAtbyUyMGdzYWQtJTI0R1NBRF9WRVJTSU9OLnRhci5neg==
curl -f -L https://github.com/greenbone/openvas-smb/archive/refs/tags/v$OPENVAS_SMB_VERSION.tar.gz -o openvas-smb-$OPENVAS_SMB_VERSION.tar.gz
curl -f -L https://github.com/greenbone/openvas-scanner/archive/refs/tags/v$OPENVAS_SCANNER_VERSION.tar.gz -o openvas-scanner-$OPENVAS_SCANNER_VERSION.tar.gz
Y3VybCUyMC1mJTIwLUwlMjBodHRwcyUzQSUyRiUyRmdpdGh1Yi5jb20lMkZncmVlbmJvbmUlMkZvc3BkLW9wZW52YXMlMkZhcmNoaXZlJTJGcmVmcyUyRnRhZ3MlMkZ2JTI0T1NQRF9PUEVOVkFTX1ZFUlNJT04udGFyLmd6JTIwLW8lMjBvc3BkLW9wZW52YXMtJTI0T1NQRF9PUEVOVkFTX1ZFUlNJT04udGFyLmd6
tar -xvzf gvm-libs-$GVM_LIBS_VERSION.tar.gz && mv gvm-libs-$GVM_LIBS_VERSION gvm-libs
dGFyJTIwLXh2emYlMjBndm1kLSUyNEdWTURfVkVSU0lPTi50YXIuZ3olMjAlMjYlMjYlMjBtdiUyMGd2bWQtJTI0R1ZNRF9WRVJTSU9OJTIwZ3ZtZA==
tar -xvzf pg-gvm-$PG_GVM_VERSION.tar.gz && mv pg-gvm-$PG_GVM_VERSION pg-gvm
mkdir gsa && tar -C "gsa" -xvzf gsa-$GSA_VERSION.tar.gz
tar -xvzf gsad-$GSAD_VERSION.tar.gz && mv gsad-$GSAD_VERSION gsad
tar -xvzf openvas-smb-$OPENVAS_SMB_VERSION.tar.gz && mv openvas-smb-$OPENVAS_SMB_VERSION openvas-smb
tar -xvzf openvas-scanner-$OPENVAS_SCANNER_VERSION.tar.gz && mv openvas-scanner-$OPENVAS_SCANNER_VERSION openvas-scanner
tar -xvzf ospd-openvas-$OSPD_OPENVAS_VERSION.tar.gz && mv ospd-openvas-$OSPD_OPENVAS_VERSION ospd-openvas
Сборка и установка пакетов
JUQwJTlGJUQwJUJFJUQxJTgxJUQwJUJCJUQwJUI1JUQwJUI0JUQwJUJFJUQwJUIyJUQwJUIwJUQxJTgyJUQwJUI1JUQwJUJCJUQxJThDJUQwJUJEJUQwJUJFJTIwJUQxJTgxJUQwJUJFJUQwJUIxJUQwJUI4JUQxJTgwJUQwJUIwJUQwJUI1JUQwJUJDJTIwJUQwJUI4JTIwJUQxJTgzJUQxJTgxJUQxJTgyJUQwJUIwJUQwJUJEJUQwJUIwJUQwJUIyJUQwJUJCJUQwJUI4JUQwJUIyJUQwJUIwJUQwJUI1JUQwJUJDJTIwJUQwJUJGJUQwJUIwJUQwJUJBJUQwJUI1JUQxJTgyJUQxJThCLg==
gvm-libs
JUQwJTlDJUQwJUJFJUQwJUI0JUQxJTgzJUQwJUJCJUQxJThDJTIwJUQwJUIxJUQwJUI4JUQwJUIxJUQwJUJCJUQwJUI4JUQwJUJFJUQxJTgyJUQwJUI1JUQwJUJBJTIwJUQwJUI0JUQwJUJCJUQxJThGJTIwR3JlZW5ib25lJTIwQ29tbXVuaXR5JTIwRWRpdGlvbi4=
cd gvm-libs
bWtkaXIlMjBidWlsZCUyMCUyNiUyNiUyMGNkJTIwYnVpbGQ=
cmake .. -DCMAKE_INSTALL_PREFIX=/usr/local -DCMAKE_BUILD_TYPE=Release -DSYSCONFDIR=/etc -DLOCALSTATEDIR=/var
make
bWFrZSUyMGluc3RhbGw=
Y2QlMjAuLiUyRi4u
gvmd
Greenbone Vulnerability Manager — бэкэнд базы данных для Greenbone Community Edition.
cd gvmd
mkdir build && cd build
cmake .. -DCMAKE_INSTALL_PREFIX=/usr/local -DCMAKE_BUILD_TYPE=Release -DLOCALSTATEDIR=/var -DSYSCONFDIR=/etc -DGVM_DATA_DIR=/var -DGVMD_RUN_DIR=/run/gvmd -DOPENVAS_DEFAULT_SOCKET=/run/ospd/ospd-openvas.sock -DGVM_FEED_LOCK_PATH=/var/lib/gvm/feed-update.lock -DSYSTEMD_SERVICE_DIR=/lib/systemd/system -DDEFAULT_CONFIG_DIR=/etc/default -DLOGROTATE_DIR=/etc/logrotate.d
bWFrZQ==
bWFrZSUyMGluc3RhbGw=
Y2QlMjAuLiUyRi4u
pg-gvm
Библиотека Greenbone для вспомогательных функций в PostgreSQL.
Y2QlMjBwZy1ndm0=
mkdir build && cd build
Y21ha2UlMjAuLiUyMC1EQ01BS0VfQlVJTERfVFlQRSUzRFJlbGVhc2U=
make
make install
Y2QlMjAuLiUyRi4u
gsa
Greenbone Security Assistant — web frontend для Greenbone Community Edition
cd gsa
bWtkaXIlMjAtcCUyMCUyRnVzciUyRmxvY2FsJTJGc2hhcmUlMkZndm0lMkZnc2FkJTJGd2Vi
Y3AlMjAtcnYlMjAqJTIwJTJGdXNyJTJGbG9jYWwlMkZzaGFyZSUyRmd2bSUyRmdzYWQlMkZ3ZWI=
cd ..
gsad
R3JlZW5ib25lJTIwU2VjdXJpdHklMjBBc3Npc3RhbnQlMjBIVFRQJTIwU2VydmVyJTIwJUUyJTgwJTk0JTIwJUQxJTgxJUQwJUI1JUQxJTgwJUQwJUIyJUQwJUI1JUQxJTgwJTJDJTIwJUQwJUIyJUQwJUI3JUQwJUIwJUQwJUI4JUQwJUJDJUQwJUJFJUQwJUI0JUQwJUI1JUQwJUI5JUQxJTgxJUQxJTgyJUQwJUIyJUQxJTgzJUQxJThFJUQxJTg5JUQwJUI4JUQwJUI5JTIwJUQxJTgxJTIwJUQwJUI0JUQwJUI1JUQwJUJDJUQwJUJFJUQwJUJEJUQwJUJFJUQwJUJDJTIwR3JlZW5ib25lJTIwVnVsbmVyYWJpbGl0eSUyME1hbmFnZW1lbnQlMjBkYWVtb24lMjAoZ3ZtZCku
Y2QlMjBnc2Fk
mkdir build && cd build
Y21ha2UlMjAuLiUyMC1EQ01BS0VfSU5TVEFMTF9QUkVGSVglM0QlMkZ1c3IlMkZsb2NhbCUyMC1EQ01BS0VfQlVJTERfVFlQRSUzRFJlbGVhc2UlMjAtRFNZU0NPTkZESVIlM0QlMkZldGMlMjAtRExPQ0FMU1RBVEVESVIlM0QlMkZ2YXIlMjAtREdWTURfUlVOX0RJUiUzRCUyRnJ1biUyRmd2bWQlMjAtREdTQURfUlVOX0RJUiUzRCUyRnJ1biUyRmdzYWQlMjAtRExPR1JPVEFURV9ESVIlM0QlMkZldGMlMkZsb2dyb3RhdGUuZA==
make
make install
Y2QlMjAuLiUyRi4u
openvas-smb
JUQwJUFEJUQxJTgyJUQwJUJFJTIwc21iLSVEMCVCQyVEMCVCRSVEMCVCNCVEMSU4MyVEMCVCQiVEMSU4QyUyMCVEMCVCNCVEMCVCQiVEMSU4RiUyMCVEMSU4MSVEMCVCQSVEMCVCMCVEMCVCRCVEMCVCNSVEMSU4MCVEMCVCMCUyME9wZW5WQVMuJTIwJUQwJTlFJUQwJUJEJTIwJUQwJUIyJUQwJUJBJUQwJUJCJUQxJThFJUQxJTg3JUQwJUIwJUQwJUI1JUQxJTgyJTIwJUQwJUIxJUQwJUI4JUQwJUIxJUQwJUJCJUQwJUI4JUQwJUJFJUQxJTgyJUQwJUI1JUQwJUJBJUQxJTgzJTIwb3BlbnZhcy13bWljbGllbnQlMjAlRDAlQjQlRDAlQkIlRDElOEYlMjAlRDAlQjIlRDAlQjclRDAlQjAlRDAlQjglRDAlQkMlRDAlQkUlRDAlQjQlRDAlQjUlRDAlQjklRDElODElRDElODIlRDAlQjIlRDAlQjglRDElOEYlMjAlRDElODElMjAlRDElODElRDAlQjglRDElODElRDElODIlRDAlQjUlRDAlQkMlRDAlQjAlRDAlQkMlRDAlQjglMjBNaWNyb3NvZnQlMjBXaW5kb3dzJTIwJUQxJTg3JUQwJUI1JUQxJTgwJUQwJUI1JUQwJUI3JTIwV2luZG93cyUyME1hbmFnZW1lbnQlMjBJbnN0cnVtZW50YXRpb24lMjBBUEklMjAlRDAlQjglMjAlRDAlQjQlRDAlQjIlRDAlQkUlRDAlQjglRDElODclRDAlQkQlRDElOEIlRDAlQjklMjAlRDElODQlRDAlQjAlRDAlQjklRDAlQkIlMjB3bWljJTIwJUQwJUI0JUQwJUJCJUQxJThGJTIwJUQxJTgzJUQwJUI0JUQwJUIwJUQwJUJCJUQwJUI1JUQwJUJEJUQwJUJEJUQwJUJFJUQwJUIzJUQwJUJFJTIwJUQwJUIyJUQxJThCJUQwJUJGJUQwJUJFJUQwJUJCJUQwJUJEJUQwJUI1JUQwJUJEJUQwJUI4JUQxJThGJTIwJUQwJUI3JUQwJUIwJUQwJUJGJUQxJTgwJUQwJUJFJUQxJTgxJUQwJUJFJUQwJUIyJTIwJUQwJUJEJUQwJUIwJTIwJUQxJThEJUQxJTgyJUQwJUJFJUQwJUI5JTIwJUQxJTgxJUQwJUI4JUQxJTgxJUQxJTgyJUQwJUI1JUQwJUJDJUQwJUI1Lg==
cd openvas-smb
bWtkaXIlMjBidWlsZCUyMCUyNiUyNiUyMGNkJTIwYnVpbGQ=
cmake .. -DCMAKE_INSTALL_PREFIX=/usr/local -DCMAKE_BUILD_TYPE=Release
bWFrZQ==
bWFrZSUyMGluc3RhbGw=
Y2QlMjAuLiUyRi4u
openvas-scanner
JUQwJUExJUQwJUJBJUQwJUIwJUQwJUJEJUQwJUI1JUQxJTgwJTIwT3BlblZBUyUyMCVEMCVCRiVEMSU4MCVEMCVCNSVEMCVCNCVEMSU4MSVEMSU4MiVEMCVCMCVEMCVCMiVEMCVCQiVEMSU4RiVEMCVCNSVEMSU4MiUyMCVEMSU4MSVEMCVCRSVEMCVCMSVEMCVCRSVEMCVCOSUyMCVEMCVCRiVEMCVCRSVEMCVCQiVEMCVCRCVEMCVCRSVEMSU4NCVEMSU4MyVEMCVCRCVEMCVCQSVEMSU4NiVEMCVCOCVEMCVCRSVEMCVCRCVEMCVCMCVEMCVCQiVEMSU4QyVEMCVCRCVEMSU4QiVEMCVCOSUyMCVEMCVCQyVEMCVCNSVEMSU4NSVEMCVCMCVEMCVCRCVEMCVCOCVEMCVCNyVEMCVCQyUyMCVEMSU4MSVEMCVCQSVEMCVCMCVEMCVCRCVEMCVCOCVEMSU4MCVEMCVCRSVEMCVCMiVEMCVCMCVEMCVCRCVEMCVCOCVEMSU4RiUyQyUyMCVEMCVCMiVEMSU4QiVEMCVCRiVEMCVCRSVEMCVCQiVEMCVCRCVEMSU4RiVEMSU4RSVEMSU4OSVEMCVCOCVEMCVCOSUyMCVEMCVCRiVEMCVCRSVEMSU4MSVEMSU4MiVEMCVCRSVEMSU4RiVEMCVCRCVEMCVCRCVEMCVCRSUyMCVEMCVCRSVEMCVCMSVEMCVCRCVEMCVCRSVEMCVCMiVEMCVCQiVEMSU4RiVEMCVCNSVEMCVCQyVEMSU4QiVEMCVCOSUyMCVEMCVCOCUyMCVEMSU4MCVEMCVCMCVEMSU4MSVEMSU4OCVEMCVCOCVEMSU4MCVEMCVCNSVEMCVCRCVEMCVCRCVEMSU4QiVEMCVCOSUyMCVEMCVCRCVEMCVCMCVEMCVCMSVEMCVCRSVEMSU4MCUyMCVEMSU4MiVEMCVCNSVEMSU4MSVEMSU4MiVEMCVCRSVEMCVCMiUyMCVEMSU4MyVEMSU4RiVEMCVCNyVEMCVCMiVEMCVCOCVEMCVCQyVEMCVCRSVEMSU4MSVEMSU4MiVEMCVCNSVEMCVCOSUyMChWVCku
cd openvas-scanner
mkdir build && cd build
cmake .. -DCMAKE_INSTALL_PREFIX=/usr/local -DCMAKE_BUILD_TYPE=Release -DINSTALL_OLD_SYNC_SCRIPT=OFF -DSYSCONFDIR=/etc -DLOCALSTATEDIR=/var -DOPENVAS_FEED_LOCK_PATH=/var/lib/openvas/feed-update.lock -DOPENVAS_RUN_DIR=/run/ospd
bWFrZQ==
make install
cd ../..
ospd-openvas
ospd-openvas — это реализация OSP-сервера для удаленного управления OpenVAS Scanner.
cd ospd-openvas
cHl0aG9uMyUyMC1tJTIwcGlwJTIwaW5zdGFsbCUyMC4lMjAtLXByZWZpeCUzRCUyRnVzciUyMC0tbm8td2Fybi1zY3JpcHQtbG9jYXRpb24=
cd ..
openvasd
OpenVASD используется для обнаружения уязвимых продуктов.
Устанавливаем язык программирования Rust
необходимый для сборки openvasd
.
curl --proto '=https' --tlsv1.2 -sSf https://sh.rustup.rs | sh
c291cmNlJTIwJTIyJTI0SE9NRSUyRi5jYXJnbyUyRmVudiUyMg==
Собираем и устанавливаем.
cd openvas-scanner/rust
cargo build --release
cd target/release/
cp -rv openvasd /usr/local/bin/
cp -rv scannerctl /usr/local/bin/
cd ../../../..
greenbone-feed-sync
Инструмент для загрузки Greenbone Community Feed.
cHl0aG9uMyUyMC1tJTIwcGlwJTIwaW5zdGFsbCUyMC0tcHJlZml4JTNEJTJGdXNyJTIwLS1uby13YXJuLXNjcmlwdC1sb2NhdGlvbiUyMGdyZWVuYm9uZS1mZWVkLXN5bmM=
gvm-tools
Удаленное управление Greenbone Community Edition.
cHl0aG9uMyUyMC1tJTIwcGlwJTIwaW5zdGFsbCUyMC0tcHJlZml4JTNEJTJGdXNyJTIwLS1uby13YXJuLXNjcmlwdC1sb2NhdGlvbiUyMGd2bS10b29scw==
Настройка системы
Настройка Redis
JUQwJUEzJUQxJTgxJUQxJTgyJUQwJUIwJUQwJUJEJUQwJUJFJUQwJUIyJUQwJUJBJUQwJUIwJTIwJUQxJTgxJUQwJUI1JUQxJTgwJUQwJUIyJUQwJUI1JUQxJTgwJUQwJUIwJTIwUmVkaXMu
YXB0LWdldCUyMGluc3RhbGwlMjByZWRpcy1zZXJ2ZXIlMjAlMjAteQ==
Добавление конфигурации для запуска сервера Redis
для сканера.
cp /opt/gvm-source/openvas-scanner/config/redis-openvas.conf /etc/redis/
chown redis:redis /etc/redis/redis-openvas.conf
ZWNobyUyMCUyMmRiX2FkZHJlc3MlMjAlM0QlMjAlMkZydW4lMkZyZWRpcy1vcGVudmFzJTJGcmVkaXMuc29jayUyMiUyMCU3QyUyMHRlZSUyMC1hJTIwJTJGZXRjJTJGb3BlbnZhcyUyRm9wZW52YXMuY29uZg==
Запускаем службу Redis
и добавляем ее в автозагрузку.
systemctl start redis-server@openvas.service
c3lzdGVtY3RsJTIwZW5hYmxlJTIwcmVkaXMtc2VydmVyJTQwb3BlbnZhcy5zZXJ2aWNl
JUQwJTk0JUQwJUJFJUQwJUIxJUQwJUIwJUQwJUIyJUQwJUJCJUQwJUI1JUQwJUJEJUQwJUI4JUQwJUI1JTIwJUQwJUJGJUQwJUJFJUQwJUJCJUQxJThDJUQwJUI3JUQwJUJFJUQwJUIyJUQwJUIwJUQxJTgyJUQwJUI1JUQwJUJCJUQxJThGJTIwZ3ZtJTIwJUQwJUIyJTIwJUQwJUIzJUQxJTgwJUQxJTgzJUQwJUJGJUQwJUJGJUQxJTgzJTIwcmVkaXMlMkMlMjAlRDElODclRDElODIlRDAlQkUlRDAlQjElRDElOEIlMjAlRDAlQjglRDAlQkMlRDAlQjUlRDElODIlRDElOEMlMjAlRDAlQjQlRDAlQkUlRDElODElRDElODIlRDElODMlRDAlQkYlMjAlRDAlQkElMjAlRDElODElRDAlQkUlRDAlQkElRDAlQjUlRDElODIlRDElODMlMjByZWRpcyUyMHVuaXglMjAlRDAlQkYlRDAlQkUlMjAlRDAlQjAlRDAlQjQlRDElODAlRDAlQjUlRDElODElRDElODMlMjAlMkZydW4lMkZyZWRpcy1vcGVudmFzJTJGcmVkaXMuc29jaw==
usermod -aG redis gvm
Настройка разрешений
JUQwJTlEJUQwJUIwJUQxJTgxJUQxJTgyJUQxJTgwJUQwJUJFJUQwJUI5JUQwJUJBJUQwJUIwJTIwJUQwJUJGJUQxJTgwJUQwJUIwJUQwJUIyJTIwJUQwJUI0JUQwJUJFJUQxJTgxJUQxJTgyJUQxJTgzJUQwJUJGJUQwJUIwJTIwJUQwJUJEJUQwJUIwJTIwJUQwJUJBJUQwJUIwJUQxJTgyJUQwJUIwJUQwJUJCJUQwJUJFJUQwJUIzJUQwJUI4JTIwJUQwJUJFJUQxJTgyJUQwJUJEJUQwJUJFJUQxJTgxJUQxJThGJUQxJTg5JUQwJUI4JUQwJUI1JUQxJTgxJUQxJThGJTIwJUQwJUJBJTIwJUQxJTgxJUQwJUI4JUQxJTgxJUQxJTgyJUQwJUI1JUQwJUJDJUQwJUI1JTIwR1ZNLg==
mkdir -p /var/lib/notus
bWtkaXIlMjAtcCUyMCUyRnJ1biUyRmd2bWQ=
Y2hvd24lMjAtUiUyMGd2bSUzQWd2bSUyMCUyRnZhciUyRmxpYiUyRmd2bQ==
chown -R gvm:gvm /var/lib/openvas
Y2hvd24lMjAtUiUyMGd2bSUzQWd2bSUyMCUyRnZhciUyRmxpYiUyRm5vdHVz
chown -R gvm:gvm /var/log/gvm
chown -R gvm:gvm /run/gvmd
Y2htb2QlMjAtUiUyMGclMkJzcnclMjAlMkZ2YXIlMkZsaWIlMkZndm0=
chmod -R g+srw /var/lib/openvas
chmod -R g+srw /var/log/gvm
chown gvm:gvm /usr/local/sbin/gvmd
Y2htb2QlMjA2NzUwJTIwJTJGdXNyJTJGbG9jYWwlMkZzYmluJTJGZ3ZtZA==
Импорт ключа подписи
Для проверки целостности загруженных исходных файлов используется GnuPG используется открытый ключ подписи сообщества Greenbone
импортированный в связку ключей текущего пользователя. Импортируем его.
curl -f -L https://www.greenbone.net/GBCommunitySigningKey.asc -o /tmp/GBCommunitySigningKey.asc
ZXhwb3J0JTIwR05VUEdIT01FJTNEJTJGdG1wJTJGb3BlbnZhcy1nbnVwZw==
bWtkaXIlMjAtcCUyMCUyNEdOVVBHSE9NRQ==
Z3BnJTIwLS1pbXBvcnQlMjAlMkZ0bXAlMkZHQkNvbW11bml0eVNpZ25pbmdLZXkuYXNj
echo "8AE4BE429B60A59B311C2E739823FAA60ED1E580:6:" | gpg --import-ownertrust
ZXhwb3J0JTIwT1BFTlZBU19HTlVQR19IT01FJTNEJTJGZXRjJTJGb3BlbnZhcyUyRmdudXBn
sudo mkdir -p $OPENVAS_GNUPG_HOME
c3VkbyUyMGNwJTIwLXIlMjAlMkZ0bXAlMkZvcGVudmFzLWdudXBnJTJGKiUyMCUyNE9QRU5WQVNfR05VUEdfSE9NRSUyRg==
sudo chown -R gvm:gvm $OPENVAS_GNUPG_HOME
Настройка sudo
JUQwJTk0JUQwJUJCJUQxJThGJTIwJUQxJTgyJUQwJUJFJUQwJUIzJUQwJUJFJTIwJUQxJTg3JUQxJTgyJUQwJUJFJUQwJUIxJUQxJThCJTIwJUQwJUJGJUQwJUJFJUQwJUJCJUQxJThDJUQwJUI3JUQwJUJFJUQwJUIyJUQwJUIwJUQxJTgyJUQwJUI1JUQwJUJCJUQwJUI4JTIwJUQwJUIzJUQxJTgwJUQxJTgzJUQwJUJGJUQwJUJGJUQxJThCJTIwZ3ZtJTIwJUQwJUI3JUQwJUIwJUQwJUJGJUQxJTgzJUQxJTgxJUQwJUJBJUQwJUIwJUQwJUJCJUQwJUI4JTIwJUQwJUJGJUQxJTgwJUQwJUI4JUQwJUJCJUQwJUJFJUQwJUI2JUQwJUI1JUQwJUJEJUQwJUI4JUQwJUI1JTIwb3BlbnZhcy1zY2FubmVyJTIwJUQwJUJFJUQxJTgyJTIwJUQwJUI4JUQwJUJDJUQwJUI1JUQwJUJEJUQwJUI4JTIwJUQwJUJGJUQwJUJFJUQwJUJCJUQxJThDJUQwJUI3JUQwJUJFJUQwJUIyJUQwJUIwJUQxJTgyJUQwJUI1JUQwJUJCJUQxJThGJTIwcm9vdCUyMCVEMSU4NyVEMCVCNSVEMSU4MCVEMCVCNSVEMCVCNyUyMHN1ZG8lMkMlMjAlRDAlQjQlRDAlQkUlRDAlQjElRDAlQjAlRDAlQjIlRDAlQjglRDAlQkMlMjAlRDElODElRDAlQkUlRDAlQkUlRDElODIlRDAlQjIlRDAlQjUlRDElODIlRDElODElRDElODIlRDAlQjIlRDElODMlRDElOEUlRDElODklRDAlQjUlRDAlQjUlMjAlRDElODAlRDAlQjAlRDAlQjclRDElODAlRDAlQjUlRDElODglRDAlQjUlRDAlQkQlRDAlQjglRDAlQjUu
ZWNobyUyMCUyMmd2bSUyMEFMTCUyMCUzRCUyME5PUEFTU1dEJTNBJTIwJTI0KHdoaWNoJTIwb3BlbnZhcyklMjIlMjAlM0UlM0UlMjAlMkZldGMlMkZzdWRvZXJzLmQlMkZndm0=
Настройка PostgreSQL
JUQwJTlEJUQwJUIwJUQxJTgxJUQxJTgyJUQxJTgwJUQwJUJFJUQwJUI5JUQwJUJBJUQwJUIwJTIwUG9zdGdyZVNRTC4lMjAlRDAlQTElRDAlQkUlRDAlQjclRDAlQjQlRDAlQjAlRDAlQkQlRDAlQjglRDAlQjUlMjAlRDAlQkYlRDAlQkUlRDAlQkIlRDElOEMlRDAlQjclRDAlQkUlRDAlQjIlRDAlQjAlRDElODIlRDAlQjUlRDAlQkIlRDElOEYlMjAlRDAlQjglMjAlRDAlQjElRDAlQjAlRDAlQjclRDElOEIlMjAlRDAlQjQlRDAlQjAlRDAlQkQlRDAlQkQlRDElOEIlRDElODUlMkMlMjAlRDAlQkQlRDAlQjAlRDElODElRDElODIlRDElODAlRDAlQkUlRDAlQjklRDAlQkElRDAlQjAlMjAlRDElODAlRDAlQjAlRDAlQjclRDElODAlRDAlQjUlRDElODglRDAlQjUlRDAlQkQlRDAlQjglRDAlQjklMjAlRDAlQjglMjAlRDElODAlRDAlQjAlRDElODElRDElODglRDAlQjglRDElODAlRDAlQjUlRDAlQkQlRDAlQjglRDAlQjklMjAlRDAlQjElRDAlQjAlRDAlQjclRDElOEIlMjAlRDAlQjQlRDAlQjAlRDAlQkQlRDAlQkQlRDElOEIlRDElODUu
c3VkbyUyMC1IaXUlMjBwb3N0Z3JlcyUyMGNyZWF0ZXVzZXIlMjBndm0=
sudo -Hiu postgres createdb -O gvm gvmd
c3VkbyUyMC1IaXUlMjBwb3N0Z3JlcyUyMHBzcWwlMjAtYyUyMCdjcmVhdGUlMjByb2xlJTIwZGJhJTIwd2l0aCUyMHN1cGVydXNlciUyMG5vaW5oZXJpdCUzQiclMjBndm1k
c3VkbyUyMC1IaXUlMjBwb3N0Z3JlcyUyMHBzcWwlMjAtYyUyMCdncmFudCUyMGRiYSUyMHRvJTIwZ3ZtJTNCJyUyMGd2bWQ=
Настройка пользователя Admin
Создаем учетную запись администратора и настраиваем ее на выполнение функций владельца импорта каналов.
sudo gvmd --create-user=admin --password='<password>'
c3VkbyUyMGd2bWQlMjAtLW1vZGlmeS1zZXR0aW5nJTIwNzhlY2VhZWMtMzM4NS0xMWVhLWIyMzctMjhkMjQ0NjEyMTViJTIwLS12YWx1ZSUyMCU2MHN1ZG8lMjBndm1kJTIwLS1nZXQtdXNlcnMlMjAtLXZlcmJvc2UlMjAlN0MlMjBncmVwJTIwYWRtaW4lMjAlN0MlMjBhd2slMjAnJTdCcHJpbnQlMjAlMjQyJTdEJyU2MA==
Настройка служб для Systemd
ospd-openvas
Y2F0JTIwJTNDJTNDJTIwRU9GJTIwJTNFJTIwJTJGZXRjJTJGc3lzdGVtZCUyRnN5c3RlbSUyRm9zcGQtb3BlbnZhcy5zZXJ2aWNl
[Unit]
RGVzY3JpcHRpb24lM0RPU1BkJTIwV3JhcHBlciUyMGZvciUyMHRoZSUyME9wZW5WQVMlMjBTY2FubmVyJTIwKG9zcGQtb3BlbnZhcyk=
Documentation=man:ospd-openvas(8) man:openvas(8)
QWZ0ZXIlM0RuZXR3b3JrLnRhcmdldCUyMG5ldHdvcmtpbmcuc2VydmljZSUyMHJlZGlzLXNlcnZlciU0MG9wZW52YXMuc2VydmljZSUyMG1vc3F1aXR0by5zZXJ2aWNl
Wants=redis-server@openvas.service mosquitto.service notus-scanner.service
Q29uZGl0aW9uS2VybmVsQ29tbWFuZExpbmUlM0QhcmVjb3Zlcnk=
[Service]
VHlwZSUzRGV4ZWM=
User=gvm
Group=gvm
RuntimeDirectory=ospd
UnVudGltZURpcmVjdG9yeU1vZGUlM0QyNzc1
UElERmlsZSUzRCUyRnJ1biUyRm9zcGQlMkZvc3BkLW9wZW52YXMucGlk
RXhlY1N0YXJ0JTNEJTJGdXNyJTJGbG9jYWwlMkZiaW4lMkZvc3BkLW9wZW52YXMlMjAtLWZvcmVncm91bmQlMjAtLXVuaXgtc29ja2V0JTIwJTJGcnVuJTJGb3NwZCUyRm9zcGQtb3BlbnZhcy5zb2NrJTIwLS1waWQtZmlsZSUyMCUyRnJ1biUyRm9zcGQlMkZvc3BkLW9wZW52YXMucGlkJTIwLS1sb2ctZmlsZSUyMCUyRnZhciUyRmxvZyUyRmd2bSUyRm9zcGQtb3BlbnZhcy5sb2clMjAtLWxvY2stZmlsZS1kaXIlMjAlMkZ2YXIlMkZsaWIlMkZvcGVudmFzJTIwLS1zb2NrZXQtbW9kZSUyMDBvNzcwJTIwLS1tcXR0LWJyb2tlci1hZGRyZXNzJTIwbG9jYWxob3N0JTIwLS1tcXR0LWJyb2tlci1wb3J0JTIwMTg4MyUyMC0tbm90dXMtZmVlZC1kaXIlMjAlMkZ2YXIlMkZsaWIlMkZub3R1cyUyRmFkdmlzb3JpZXM=
SuccessExitStatus=SIGKILL
Restart=always
UmVzdGFydFNlYyUzRDYw
JTVCSW5zdGFsbCU1RA==
WantedBy=multi-user.target
RU9G
gvmd
Y2F0JTIwJTNDJTNDJTIwRU9GJTIwJTNFJTIwJTJGbGliJTJGc3lzdGVtZCUyRnN5c3RlbSUyRmd2bWQuc2VydmljZQ==
JTVCVW5pdCU1RA==
Description=Greenbone Vulnerability Manager daemon (gvmd)
After=network.target networking.service postgresql.service ospd-openvas.service
V2FudHMlM0Rwb3N0Z3Jlc3FsLnNlcnZpY2UlMjBvc3BkLW9wZW52YXMuc2VydmljZQ==
Documentation=man:gvmd(8)
Q29uZGl0aW9uS2VybmVsQ29tbWFuZExpbmUlM0QhcmVjb3Zlcnk=
[Service]
Type=forking
VXNlciUzRGd2bQ==
R3JvdXAlM0Rndm0=
UElERmlsZSUzRCUyRnJ1biUyRmd2bWQlMkZndm1kLnBpZA==
UnVudGltZURpcmVjdG9yeSUzRGd2bWQ=
RuntimeDirectoryMode=2775
RXhlY1N0YXJ0JTNEJTJGdXNyJTJGbG9jYWwlMkZzYmluJTJGZ3ZtZCUyMC0tb3NwLXZ0LXVwZGF0ZSUzRCUyRnJ1biUyRm9zcGQlMkZvc3BkLW9wZW52YXMuc29jayUyMC0tbGlzdGVuLWdyb3VwJTNEZ3Zt
Restart=always
VGltZW91dFN0b3BTZWMlM0QxMA==
JTVCSW5zdGFsbCU1RA==
V2FudGVkQnklM0RtdWx0aS11c2VyLnRhcmdldA==
EOF
gsad
cat << EOF > /etc/systemd/system/gsad.service
[Unit]
Description=Greenbone Security Assistant daemon (gsad)
RG9jdW1lbnRhdGlvbiUzRG1hbiUzQWdzYWQoOCklMjBodHRwcyUzQSUyRiUyRnd3dy5ncmVlbmJvbmUubmV0
QWZ0ZXIlM0RuZXR3b3JrLnRhcmdldCUyMGd2bWQuc2VydmljZQ==
V2FudHMlM0Rndm1kLnNlcnZpY2U=
JTVCU2VydmljZSU1RA==
Type=forking
User=gvm
R3JvdXAlM0Rndm0=
UnVudGltZURpcmVjdG9yeSUzRGdzYWQ=
UnVudGltZURpcmVjdG9yeU1vZGUlM0QyNzc1
UElERmlsZSUzRCUyRnJ1biUyRmdzYWQlMkZnc2FkLnBpZA==
ExecStart=/usr/local/sbin/gsad --listen=0.0.0.0 --port=9392 --http-only
UmVzdGFydCUzRGFsd2F5cw==
VGltZW91dFN0b3BTZWMlM0QxMA==
JTVCSW5zdGFsbCU1RA==
WantedBy=multi-user.target
Alias=greenbone-security-assistant.service
EOF
openvasd
cat << EOF > /etc/systemd/system/openvasd.service
[Unit]
Description=OpenVAS Daemon
RG9jdW1lbnRhdGlvbiUzRGh0dHBzJTNBJTJGJTJGZ2l0aHViLmNvbSUyRmdyZWVuYm9uZSUyRm9wZW52YXMtc2Nhbm5lcg==
QWZ0ZXIlM0Rvc3BkLW9wZW52YXMuc2VydmljZQ==
Wants=ospd-openvas.service
Q29uZGl0aW9uS2VybmVsQ29tbWFuZExpbmUlM0QhcmVjb3Zlcnk=
[Service]
Type=exec
User=gvm
UnVudGltZURpcmVjdG9yeSUzRG9wZW52YXNk
UnVudGltZURpcmVjdG9yeU1vZGUlM0QyNzc1
PIDFile=/run/openvasd/openvasd.pid
RXhlY1N0YXJ0JTNEJTJGdXNyJTJGbG9jYWwlMkZiaW4lMkZvcGVudmFzZCUyMC0tZmVlZC1wYXRoJTIwJTJGdmFyJTJGbGliJTJGb3BlbnZhcyUyRnBsdWdpbnMlMjAtLWZlZWQtY2hlY2staW50ZXJ2YWwlMjAzNjAwJTIwLS1hcGkta2V5JTIwc29tZV9hcGlfa2V5JTIwLS1vc3BkLXNvY2tldCUyMCUyRnJ1biUyRm9zcGQlMkZvc3BkLW9wZW52YXMuc29jayUyMC0tcmVhZC10aW1lb3V0JTIwMSUyMC0tcmVzdWx0LWNoZWNrLWludGVydmFsJTIwMSUyMC0tbGlzdGVuaW5nJTIwMTI3LjAuMC4xJTNBMzAwMCUyMC0tc3RvcmFnZS10eXBlJTIwaW5tZW1vcnk=
U3VjY2Vzc0V4aXRTdGF0dXMlM0RTSUdLSUxM
UmVzdGFydCUzRGFsd2F5cw==
UmVzdGFydFNlYyUzRDYw
[Install]
V2FudGVkQnklM0RtdWx0aS11c2VyLnRhcmdldA==
RU9G
Информирование systemd
о новых служебных файлах.
c3lzdGVtY3RsJTIwZGFlbW9uLXJlbG9hZA==
Первичная синхронизации каналов
JUQwJTlGJUQwJUI1JUQxJTgwJUQwJUI1JUQwJUI0JTIwJUQwJUI3JUQwJUIwJUQwJUJGJUQxJTgzJUQxJTgxJUQwJUJBJUQwJUJFJUQwJUJDJTIwJUQxJTgxJUQwJUJCJUQxJTgzJUQwJUI2JUQwJUIxJTJDJTIwJUQwJUJEJUQwJUI1JUQwJUJFJUQwJUIxJUQxJTg1JUQwJUJFJUQwJUI0JUQwJUI4JUQwJUJDJUQwJUJFJTIwJUQwJUIyJUQxJThCJUQwJUJGJUQwJUJFJUQwJUJCJUQwJUJEJUQwJUI4JUQxJTgyJUQxJThDJTIwJUQwJUJGJUQwJUI1JUQxJTgwJUQwJUIyJUQwJUI4JUQxJTg3JUQwJUJEJUQxJTgzJUQxJThFJTIwJUQxJTgxJUQwJUI4JUQwJUJEJUQxJTg1JUQxJTgwJUQwJUJFJUQwJUJEJUQwJUI4JUQwJUI3JUQwJUIwJUQxJTg2JUQwJUI4JUQxJThFJTIwJUQwJUI0JUQwJUIwJUQwJUJEJUQwJUJEJUQxJThCJUQxJTg1JTJDJTIwJUQwJUJBJUQwJUJFJUQxJTgyJUQwJUJFJUQxJTgwJUQxJThCJUQwJUI1JTIwJUQwJUJGJUQxJTgwJUQwJUI1JUQwJUI0JUQwJUJFJUQxJTgxJUQxJTgyJUQwJUIwJUQwJUIyJUQwJUJCJUQxJThGJUQxJThFJUQxJTgyJUQxJTgxJUQxJThGJUMyJUEwR3JlZW5ib25lJTIwQ29tbXVuaXR5JTIwRmVlZC4=
JUQwJUExJUQwJUI4JUQwJUJEJUQxJTg1JUQxJTgwJUQwJUJFJUQwJUJEJUQwJUI4JUQwJUI3JUQwJUIwJUQxJTg2JUQwJUI4JUQxJThGJTIwJUQwJUIyJUQxJTgxJUQwJUI1JUQwJUIzJUQwJUI0JUQwJUIwJTIwJUQxJTgxJUQwJUJFJUQxJTgxJUQxJTgyJUQwJUJFJUQwJUI4JUQxJTgyJTIwJUQwJUI4JUQwJUI3JTIwJUQwJUI0JUQwJUIyJUQxJTgzJUQxJTg1JTIwJUQxJThEJUQxJTgyJUQwJUIwJUQwJUJGJUQwJUJFJUQwJUIyJTNB
- Загрузка изменений с помощью скрипта
greenbone-feed-sync
- Загрузка изменений в память и базу данных демоном
Выполняем первичную синхронизацию.
sudo -u gvm greenbone-feed-sync
JUQwJTlGJUQwJUJFJUQxJTgxJUQwJUJCJUQwJUI1JTIwJUQwJUI3JUQwJUIwJUQwJUIyJUQwJUI1JUQxJTgwJUQxJTg4JUQwJUI1JUQwJUJEJUQwJUI4JUQxJThGJTIwJUQxJTgxJUQwJUI4JUQwJUJEJUQxJTg1JUQxJTgwJUQwJUJFJUQwJUJEJUQwJUI4JUQwJUI3JUQwJUIwJUQxJTg2JUQwJUI4JUQwJUI4JTJDJTIwJUQwJUI0JUQwJUJFJUQwJUIxJUQwJUIwJUQwJUIyJUQwJUI4JUQwJUJDJTIwJUQwJUI3JUQwJUIwJUQwJUI0JUQwJUIwJUQwJUJEJUQwJUI4JUQwJUI1JTIwJUQwJUIyJTIwY3JvbiUyMCglRDAlQjIlMjAlRDAlQkMlRDAlQkUlRDAlQjUlRDAlQkMlMjAlRDElODElRDAlQkIlRDElODMlRDElODclRDAlQjAlRDAlQjUlMjAlRDAlQjclRDAlQjAlRDAlQjQlRDAlQjAlRDAlQkQlRDAlQjglRDElOEYlMjAlRDAlQjQlRDAlQkUlRDAlQjElRDAlQjAlRDAlQjIlRDAlQkIlRDAlQjUlRDAlQkQlRDElOEIlMjAlRDAlQjQlRDAlQkIlRDElOEYlMjByb290JTIwJUQwJUJGJUQwJUJFJUQwJUJCJUQxJThDJUQwJUI3JUQwJUJFJUQwJUIyJUQwJUIwJUQxJTgyJUQwJUI1JUQwJUJCJUQxJThGKSUyMCVEMCVCMiVEMSU4QiVEMCVCRiVEMCVCRSVEMCVCQiVEMCVCRCVEMCVCNSVEMCVCRCVEMCVCOCVEMCVCNSUyMCVEMSU4MSVEMCVCOCVEMCVCRCVEMSU4NSVEMSU4MCVEMCVCRSVEMCVCRCVEMCVCOCVEMCVCNyVEMCVCMCVEMSU4NiVEMCVCOCVEMCVCOSUyMCVEMCVCRSVEMCVCNCVEMCVCOCVEMCVCRCUyMCVEMSU4MCVEMCVCMCVEMCVCNyUyMCVEMCVCMiUyMCVEMCVCNCVEMCVCNSVEMCVCRCVEMSU4Qy4=
# Update Feed data from Greenbone Community Feed
MCUyMDIzJTIwKiUyMColMjAqJTIwc3VkbyUyMC11JTIwZ3ZtJTIwZ3JlZW5ib25lLWZlZWQtc3luYyUyMDIlM0UlMjYx
Запуск служб
JUQwJTkyJUQwJUJBJUQwJUJCJUQxJThFJUQxJTg3JUQwJUIwJUQwJUI1JUQwJUJDJTIwJTIwJUQwJUI3JUQwJUIwJUQwJUJGJUQxJTgzJUQxJTgxJUQwJUJBJTIwJUQxJTgxJUQwJUJCJUQxJTgzJUQwJUI2JUQwJUIxJTIwJUQwJUJGJUQxJTgwJUQwJUI4JTIwJUQwJUJBJUQwJUIwJUQwJUI2JUQwJUI0JUQwJUJFJUQwJUJDJTIwJUQwJUI3JUQwJUIwJUQwJUJGJUQxJTgzJUQxJTgxJUQwJUJBJUQwJUI1JTIwJUQxJTgxJUQwJUI4JUQxJTgxJUQxJTgyJUQwJUI1JUQwJUJDJUQxJThCLg==
systemctl enable ospd-openvas
systemctl enable gvmd
systemctl enable gsad
c3lzdGVtY3RsJTIwZW5hYmxlJTIwb3BlbnZhc2Q=
JUQwJTk3JUQwJUIwJUQwJUJGJUQxJTgzJUQxJTgxJUQwJUJBJUQwJUIwJUQwJUI1JUQwJUJDJTIwJUQxJTgxJUQwJUJCJUQxJTgzJUQwJUI2JUQwJUIxJUQxJThCLg==
c3lzdGVtY3RsJTIwc3RhcnQlMjBvc3BkLW9wZW52YXM=
c3lzdGVtY3RsJTIwc3RhcnQlMjBndm1k
systemctl start gsad
c3lzdGVtY3RsJTIwc3RhcnQlMjBvcGVudmFzZA==
Проверка состояния служб.
c3lzdGVtY3RsJTIwc3RhdHVzJTIwb3NwZC1vcGVudmFz
systemctl status gvmd
systemctl status gsad
c3lzdGVtY3RsJTIwc3RhdHVzJTIwb3BlbnZhc2Q=
Тюнинг
JUQwJTk0JUQwJUJCJUQxJThGJTIwJUQwJUJGJUQwJUJFJUQwJUIyJUQxJThCJUQxJTg4JUQwJUI1JUQwJUJEJUQwJUI4JUQwJUI1JTIwJUQwJUJGJUQxJTgwJUQwJUJFJUQwJUI4JUQwJUI3JUQwJUIyJUQwJUJFJUQwJUI0JUQwJUI4JUQxJTgyJUQwJUI1JUQwJUJCJUQxJThDJUQwJUJEJUQwJUJFJUQxJTgxJUQxJTgyJUQwJUI4JTIwJUQxJTgxJUQwJUI4JUQxJTgxJUQxJTgyJUQwJUI1JUQwJUJDJUQxJThCJTJDJTIwJUQxJTgwJUQwJUI1JUQwJUJBJUQwJUJFJUQwJUJDJUQwJUI1JUQwJUJEJUQwJUI0JUQxJTgzJUQxJThFJTIwJUQwJUIyJUQxJThCJUQwJUJGJUQwJUJFJUQwJUJCJUQwJUJEJUQwJUI4JUQxJTgyJUQxJThDJTIwJUQxJTgxJUQwJUJCJUQwJUI1JUQwJUI0JUQxJTgzJUQxJThFJUQxJTg5JUQwJUI4JUQwJUI1JTIwJUQwJUJEJUQwJUIwJUQxJTgxJUQxJTgyJUQxJTgwJUQwJUJFJUQwJUI5JUQwJUJBJUQwJUI4JTIwJUQxJTgxJUQwJUI4JUQxJTgxJUQxJTgyJUQwJUI1JUQwJUJDJUQxJThCLg==
JUQwJUFEJUQxJTgyJUQwJUI4JTIwJUQwJUJEJUQwJUIwJUQxJTgxJUQxJTgyJUQxJTgwJUQwJUJFJUQwJUI5JUQwJUJBJUQwJUI4JTIwJUQwJUJGJUQwJUJFJUQwJUIyJUQxJThCJUQxJTg4JUQwJUIwJUQxJThFJUQxJTgyJTIwJUQxJTgzJUQxJTgxJUQxJTgyJUQwJUJFJUQwJUI5JUQxJTg3JUQwJUI4JUQwJUIyJUQwJUJFJUQxJTgxJUQxJTgyJUQxJThDJTIwJUQxJTgxJUQwJUI1JUQxJTgwJUQwJUIyJUQwJUI1JUQxJTgwJUQwJUIwJTIwJUQwJUJGJUQwJUJFJUQwJUI0JTIwJUQwJUJEJUQwJUIwJUQwJUIzJUQxJTgwJUQxJTgzJUQwJUI3JUQwJUJBJUQwJUJFJUQwJUI5JTJDJTIwJUQxJTgzJUQwJUIyJUQwJUI1JUQwJUJCJUQwJUI4JUQxJTg3JUQwJUI4JUQwJUIyJUQwJUIwJUQxJThGJTIwJUQwJUJFJUQxJTg3JUQwJUI1JUQxJTgwJUQwJUI1JUQwJUI0JUQxJThDJTIwJUQwJUJGJUQwJUJFJUQwJUI0JUQwJUJBJUQwJUJCJUQxJThFJUQxJTg3JUQwJUI1JUQwJUJEJUQwJUI4JUQwJUI5JTIwJUQwJUI4JTIwJUQwJUJGJUQwJUJFJUQwJUI3JUQwJUIyJUQwJUJFJUQwJUJCJUQxJThGJUQxJThGJTIwJUQwJUIxJUQwJUJFJUQwJUJCJUQwJUI1JUQwJUI1JTIwJUQwJUIzJUQwJUI4JUQwJUIxJUQwJUJBJUQwJUJFJTIwJUQxJTgzJUQwJUJGJUQxJTgwJUQwJUIwJUQwJUIyJUQwJUJCJUQxJThGJUQxJTgyJUQxJThDJTIwJUQwJUJGJUQwJUIwJUQwJUJDJUQxJThGJUQxJTgyJUQxJThDJUQxJThFLg==
ZWNobyUyMCduZXQuY29yZS5zb21heGNvbm4lMjAlM0QlMjAxMDI0JyUyMCUzRSUzRSUyMCUyRmV0YyUyRnN5c2N0bC5jb25m
ZWNobyUyMCd2bS5vdmVyY29tbWl0X21lbW9yeSUyMCUzRCUyMDEnJTIwJTNFJTNFJTIwJTJGZXRjJTJGc3lzY3RsLmNvbmY=
c3lzY3RsJTIwLXA=
Эта настройка отключает поддержку Transparent Huge Pages (THP) для улучшения производительности некоторых приложений, снижая накладные расходы памяти.
Y2F0JTIwJTNFJTIwJTJGZXRjJTJGc3lzdGVtZCUyRnN5c3RlbSUyRmRpc2FibGVfdGhwLnNlcnZpY2UlMjAlM0MlM0MlMjAnRU9MJw==
[Unit]
RGVzY3JpcHRpb24lM0REaXNhYmxlJTIwS2VybmVsJTIwU3VwcG9ydCUyMGZvciUyMFRyYW5zcGFyZW50JTIwSHVnZSUyMFBhZ2VzJTIwKFRIUCk=
JTVCU2VydmljZSU1RA==
Type=simple
RXhlY1N0YXJ0JTNEJTJGYmluJTJGc2glMjAtYyUyMCUyMmVjaG8lMjAnbmV2ZXInJTIwJTNFJTIwJTJGc3lzJTJGa2VybmVsJTJGbW0lMkZ0cmFuc3BhcmVudF9odWdlcGFnZSUyRmVuYWJsZWQlMjAlMjYlMjYlMjBlY2hvJTIwJ25ldmVyJyUyMCUzRSUyMCUyRnN5cyUyRmtlcm5lbCUyRm1tJTJGdHJhbnNwYXJlbnRfaHVnZXBhZ2UlMkZkZWZyYWclMjI=
[Install]
WantedBy=multi-user.target
EOL
systemctl daemon-reload
c3lzdGVtY3RsJTIwZW5hYmxlJTIwLS1ub3clMjBkaXNhYmxlX3RocA==
Дополнение
JUQwJUE3JUQwJUI4JUQxJTgyJUQwJUIwJUQxJTgyJUQwJUI1JUQwJUJCJUQxJThDJTIwJUQwJUIxJUQwJUJCJUQwJUJFJUQwJUIzJUQwJUIwJTIwVWRnZW4lMjAlRDAlQkYlRDAlQkUlRDAlQjQlRDAlQkMlRDAlQjUlRDElODIlRDAlQjglRDAlQkIlMjAlRDElODclRDElODIlRDAlQkUlMjAlRDAlQjIlMjAlRDElODElRDAlQkIlRDElODMlRDElODclRDAlQjAlRDAlQjUlMjAlRDAlQjUlRDElODElRDAlQkIlRDAlQjglMjAlRDAlQkYlRDElODAlRDAlQjglMjAlRDElOEQlRDAlQkElRDElODElRDAlQkYlRDAlQkUlRDElODAlRDElODIlRDAlQjUlMjAlRDAlQkUlRDElODIlRDElODclRDAlQjUlRDElODIlRDAlQjAlMjAlRDAlQjIlMjBQREYlMkMlMjAlRDAlQjIlRDElOEIlRDAlQjMlRDElODAlRDElODMlRDAlQjYlRDAlQjUlRDAlQkQlRDAlQkQlRDElOEIlRDAlQjklMjAlRDElODQlRDAlQjAlRDAlQjklRDAlQkIlMjAlRDAlQkUlRDElODIlRDElODclRDAlQjUlRDElODIlRDAlQjAlMjAlRDAlQkQlRDElODMlRDAlQkIlRDAlQjUlRDAlQjIlRDAlQkUlRDAlQjMlRDAlQkUlMjAlRDElODAlRDAlQjAlRDAlQjclRDAlQkMlRDAlQjUlRDElODAlRDAlQjAlMkMlMjAlRDElODIlRDAlQkUlMjAlRDAlQjIlRDAlQjUlRDElODAlRDAlQkUlRDElOEYlRDElODIlRDAlQkQlRDAlQkUlMjAlRDAlQjIlMjAlRDElODElRDAlQjglRDElODElRDElODIlRDAlQjUlRDAlQkMlRDAlQjUlMjAlRDAlQkUlRDElODIlRDElODElRDElODMlRDElODIlRDElODElRDElODIlRDAlQjIlRDElODMlRDElOEUlRDElODIlMjAlRDAlQkYlRDAlQjAlRDAlQkElRDAlQjUlRDElODIlRDElOEIlMjBUZVglMjBMaXZlJTIwKExhVGVYKSUyMCVEMCVCQSVEMCVCRSVEMSU4MiVEMCVCRSVEMSU4MCVEMSU4QiVEMCVCNSUyMEdyZWVuYm9uZSUyMCVEMCVCOCVEMSU4MSVEMCVCRiVEMCVCRSVEMCVCQiVEMSU4QyVEMCVCNyVEMSU4MyVEMCVCNSVEMSU4MiUyMCVEMCVCNCVEMCVCQiVEMSU4RiUyMCVEMSU4RCVEMCVCQSVEMSU4MSVEMCVCRiVEMCVCRSVEMSU4MCVEMSU4MiVEMCVCMCUyMCVEMCVCRSVEMSU4MiVEMSU4NyVEMCVCNSVEMSU4MiVEMCVCRSVEMCVCMiUyMCVEMCVCMiUyMFBERi4=
JUQwJTk0JUQwJUJCJUQxJThGJTIwJUQwJUI4JUQxJTgxJUQwJUJGJUQxJTgwJUQwJUIwJUQwJUIyJUQwJUJCJUQwJUI1JUQwJUJEJUQwJUI4JUQwJUI1JTIwJUQxJTgxJUQwJUI4JUQxJTgyJUQxJTgzJUQwJUIwJUQxJTg2JUQwJUI4JUQwJUI4JTJDJTIwJUQwJUJEJUQwJUI1JUQwJUJFJUQwJUIxJUQxJTg1JUQwJUJFJUQwJUI0JUQwJUI4JUQwJUJDJUQwJUJFJTIwJUQwJUIyJUQxJThCJUQwJUJGJUQwJUJFJUQwJUJCJUQwJUJEJUQwJUI4JUQxJTgyJUQxJThDJTIwJUQxJTgzJUQxJTgxJUQxJTgyJUQwJUIwJUQwJUJEJUQwJUJFJUQwJUIyJUQwJUJBJUQxJTgzJTIwJUQxJTgxJUQwJUJCJUQwJUI1JUQwJUI0JUQxJTgzJUQxJThFJUQxJTg5JUQwJUI4JUQxJTg1JTIwJUQwJUJGJUQwJUIwJUQwJUJBJUQwJUI1JUQxJTgyJUQwJUJFJUQwJUIyJTNB
c3VkbyUyMGFwdC1nZXQlMjBpbnN0YWxsJTIwdGV4bGl2ZSUyMHRleGxpdmUtbGF0ZXgtZXh0cmElMjB0ZXhsaXZlLWZvbnRzLXJlY29tbWVuZGVkJTIwLXk=
ПОНРАВИЛАСЬ ИЛИ ОКАЗАЛАСЬ ПОЛЕЗНОЙ СТАТЬЯ, ПОДДЕРЖИ АВТОРА ДОНАТОМ
Касательно прав, отмечу, что ыло все коректно.
использовать chown не пришлось
Я бы еще добавил при следующее для возможности выгрузки резултатов сканирования. Без этого через веб интерфейс выгрущить отчет не получается. Файл нулевого размера.
Для экспорта отчетов в PDF Greenbone использует LaTeX. Проверьте, установлены ли необходимые пакеты:
Установите LaTeX и зависимости:
Для систем на основе Ubuntu/Debian (наш вариант):
sudo apt-get install texlive texlive-latex-extra texlive-fonts-recommended
Проверьте права доступа
sudo chown -R gvm:gvm /var/lib/gvm/
sudo chmod -R 750 /var/lib/gvm/
sudo systemctl restart gvmd
sudo systemctl restart gsad
Добавил эту информацию в статью, спасибо
Доброго.
На Debian 12, как в заголовке статьи
Понял. Прогоню у себя еще раз контрольно все по статье.
с настройкой sudo
echo "gvm ALL = NOPASSWD: $(which openvas)" >> /etc/sudoers.d/gvm
не получалось стартовать сканирование, прерывалось с сообщением Interrupted at 0%
пришлось закомментить в настройках /etc/sudoers
возможность подятягиваьт конфиг из /etc/sudoers.d
добавить строку непосредственно в него
gvm ALL=(ALL) NOPASSWD: ALL
После этого завелось
а так при обращении к sudo можно было увидеть ошибку
/etc/sudoers.d/gvm:1:21: expected a fully-qualified path name
gvm ALL = NOPASSWD: $(which openvas)»
может чего напортачил при создании пользователя
хм, странно, но пусть будет.
А на какой системе разворачивали ?
Я сам лично не однократно копи-пастой из своей же статьи разворачивал gvm все работало. Но я все делал на Debian 12
У меня почему-то отсутсвуют конфиги сканирования. Создать новый или импортировать из xml-файла не получается — выдает ошибку
А что за ошибку выдает ? По всей видимости установка у вас не гладко прошла, вероятно что то с базой.
Ошибки при скачивании и сборке. Возможно надо запускать все от рута?
Все описанное в статье, выполняется от рута.