Install Greenbone OpenVAS from source in Ubuntu 18.04
I Spent a lot of time installing Greenbone OpenVAS from the CentOS/Ubuntu repositories. Most builds in the repositories had issues which would have been fixed in the branches or in the latest release, but the repositories are not updated. Errors were mostly related to the library mismatch. I decided to install it from the source and as usual had to face some challenges as well. You could follow the below mentioned steps to install openvas in Ubuntu 18.04. I tried to install this in CentOS as well. But there were a hell lot of issues. Ubuntu is the only OS I was able to install in. I would continue my effort to install it in CentOS. For now, enjoy installation in Ubuntu. Do make a note that I have provided all the dependency installation as well (As I encountered). You may see some other dependency issues. Do provide comments how it goes. Any comments/questions/corrections are welcome.
Install the cmake compiler:
apt-get updateapt-get upgrade
apt-get install cmake
Install gvm libs:
cd gvm-libs/
cmake .
make install
Install openvas-scanner:
apt-get install bison
cd openvas-scanner/
cmake .
make install
Install gvmd:
sudo apt-get install sqlite3 libsqlite3-dev
sudo apt-get install libical-dev
sudo apt-get install libical2
sudo apt-get install libical3
git clone https://github.com/greenbone/gvmd.git
cd gvmd
cmake .
make install
Install gsa:
apt-get install clang-format
sudo apt install nodejs
sudo apt install npm
apt-get install libmicrohttpd-dev
apt-get install libxml2-dev
git clone https://github.com/greenbone/gsa.git
cd gsa
cmake .
make install
Install redis server:
apt-get install redis
Start the redis service:
root@openvas:~/# redis-server /usr/local/share/doc/openvas-scanner/redis_config_examples/redis_4_0.conf
Send the process to background:
root@openvas:~/# Ctrl + z
root@openvas:~/# bg
Important Note: If you have the redis server running, started by the installer, stop it and start it as mentioned above. If redis is not started using the above mentioned conf file, openvas scanner will not be able to connect to redis.
If you are using a different version of redis, use the appropriate conf file while starting the redis.
Generate a self signed certificate (If you dont have CA cert):
root@openvas:~/certs# openssl genrsa -des3 -passout pass:abcdef -out server.pass.key 2048
root@openvas:~/certs# openssl rsa -passin pass:abcdef -in server.pass.key -out server.key
root@openvas:~/certs# rm server.pass.key
root@openvas:~/certs# openssl req -new -key server.key -out server.csr
# Fill the certificate information
Verify the files:
root@openvas:~/certs# ls -ltr
-rw------- 1 root root 1679 Apr 26 11:36 server.key
-rw-r--r-- 1 root root 1090 Apr 26 11:37 server.csr
root@openvas:~/certs# touch v3.ext
root@openvas:~/certs# openssl x509 -req -sha256 -extfile v3.ext -days 365 -in server.csr -signkey server.key -out server.crt
root@openvas:~/certs# openssl req -new -key server.key -out server.csr
# Fill the certificate information
Verify the files:
root@openvas:~/certs# ls -ltr
-rw------- 1 root root 1679 Apr 26 11:36 server.key
-rw-r--r-- 1 root root 1090 Apr 26 11:37 server.csr
root@openvas:~/certs# touch v3.ext
root@openvas:~/certs# openssl x509 -req -sha256 -extfile v3.ext -days 365 -in server.csr -signkey server.key -out server.crt
Verify the files:
root@openvas:~/certs# ls -ltr
-rw------- 1 root root 1679 Apr 26 11:36 server.key
-rw-r--r-- 1 root root 1090 Apr 26 11:37 server.csr
-rw-r--r-- 1 root root 0 Apr 26 11:38 v3.ext
-rw-r--r-- 1 root root 1253 Apr 26 11:38 server.crt
Start openvassd process: (Scanner process)
root@openvas:~/certs# openvassd <Enter>
Ensure there are no errors in the logs.
Default log location: /usr/local/var/log/gvm/openvassd.log
Start gvmd process: (Greenbone vulnerability manager)
root@openvas:~/certs# gvmd <Enter>
Ensure there are no errors in the logs.
Default log location: /usr/local/var/log/gvm/gvmd.log
Start gsad service (for web access):
root@openvas:~/certs# gsad --ssl-private-key=/root/certs/server.key --ssl-certificate=/root/certs/server.crt <Enter>
Ensure there are no errors in the logs.
Ensure there are no errors in the logs.
Default log location: /usr/local/var/log/gvm/gsad.log
Create initial admin user:
root@openvas:~/certs# gvmd --create-user=myadmin
User created with password 'xxxx-xxxxx-xxxx'.
Login to console:
https://<ExternalIPAddress>
Possible errors:
get_redis_ctx: redis connection error: Connection refused
If this comes remove the redis, freshly install and start the service.
root@openvas:~# apt-get remove redis
root@openvas:~# apt-get purge redis
root@openvas:~# apt autoremove
root@openvas:~# apt-get install redis
Stop the process started by installer
root@openvas:~# service redis-server stop
Start the redis service without using service:
root@openvas:~/# redis-server /usr/local/share/doc/openvas-scanner/redis_config_examples/redis_4_0.conf
Send the process to background:
root@openvas:~/# Ctrl + z
root@openvas:~/# bg
Comments
Post a Comment