安装 GVM 11 的 OS选择说明
本文提到的GVM不是开发人员所熟知的“Go Version Management ”,而是德国 Greenbone 公司出品的一套平台环境安全漏洞扫描与管理工具,主要面向平台运维人员。
GVM 的全称是 Greenbone Vulnerability Management ,是一个安全扫描系统,其开源社区版本也叫 Open-VAS,当前的稳定版本是 Greenbone Vulnerability Management version 11 (GVM-11)。
今天我试图在 Ubuntu 1404 环境上升级安装 GVM-11,但遗憾的是安装失败了,原因是 GVM-11 不支持当前操作系统环境。
经查阅 GVM-11 的项目资料得知:GVM-11 仅支持 CentOS 8、Ubuntu 18 和 Ubuntu 20 。
我在 Ubuntu 14 上只能考虑安装 GVM-8,接下来我会找个时间在 Ubuntu 1404 上部署 Docker 环境,用 docker 部署 GVM-11 。
尽管本次升级安装失败了,但这个踩坑过程也是值得记录的。
我的踩坑过程:
Ubuntu 1404 安装 Open-VAS(Greenbone Vulnerability Management)
googlebigtable@googlebigtable-virtual-machine:~$ sudo su
[sudo] password for googlebigtable:
root@googlebigtable-virtual-machine:/home/googlebigtable# apt install -y aptitude
.........................................................................................................
正在设置 aptitude (0.6.8.2-1ubuntu4) ...
update-alternatives: using /usr/bin/aptitude-curses to provide /usr/bin/aptitude (aptitude) in 自动模式
正在处理用于 libc-bin (2.19-0ubuntu6) 的触发器 ...
root@googlebigtable-virtual-machine:/home/googlebigtable#
root@googlebigtable-virtual-machine:/home/googlebigtable# timedatectl set-timezone Asia/Shanghai
root@googlebigtable-virtual-machine:/home/googlebigtable# systemctl restart syslog
systemctl:未找到命令
root@googlebigtable-virtual-machine:/home/googlebigtable# service syslog restart
syslog: unrecognized service
root@googlebigtable-virtual-machine:/home/googlebigtable# service rsyslog restart
rsyslog stop/waiting
rsyslog start/running, process 5670
root@googlebigtable-virtual-machine:/home/googlebigtable#
root@googlebigtable-virtual-machine:/home/googlebigtable# echo "deb http://apt.postgresql.org/pub/repos/apt/ trusty-pgdg main" >> /etc/apt/sources.list.d/pgdg.list
root@googlebigtable-virtual-machine:/home/googlebigtable# cat /etc/apt/sources.list.d/pgdg.list
deb http://apt.postgresql.org/pub/repos/apt/ trusty-pgdg main
root@googlebigtable-virtual-machine:/home/googlebigtable# wget --quiet -O - https://www.postgresql.org/media/keys/ACCC4CF8.asc | sudo apt-key add -
OK
root@googlebigtable-virtual-machine:/home/googlebigtable# apt-get update
忽略 http://cn.archive.ubuntu.com trusty InRelease
命中 http://security.ubuntu.com trusty-security InRelease
....................................................................................................
正在读取软件包列表... 完成
root@googlebigtable-virtual-machine:/home/googlebigtable# aptitude install -y postgresql-10
下列“新”软件包将被安装。
libpq5{a} pgdg-keyring{a} postgresql-10 postgresql-client-10{a} postgresql-client-common{a} postgresql-common{a} sysstat{a}
0 个软件包被升级,新安装 7 个, 0 个将被删除, 同时 766 个将不升级。
需要获取 7,028 kB 的存档。 解包后将要使用 31.4 MB。
........................................................................................................
正在设置 postgresql-client-common (201.pgdg14.04+1) ...
正在设置 postgresql-client-10 (10.8-1.pgdg14.04+1) ...
update-alternatives: using /usr/share/postgresql/10/man/man1/psql.1.gz to provide /usr/share/man/man1/psql.1.gz (psql.1.gz) in 自动模式
正在设置 postgresql-common (201.pgdg14.04+1) ...
正在将用户“postgres”加入到“ssl-cert”组中
Creating config file /etc/postgresql-common/createcluster.conf with new version
Building PostgreSQL dictionaries from installed myspell/hunspell packages...
en_au
en_gb
en_us
en_za
Removing obsolete dictionary files:
* No PostgreSQL clusters exist; see "man pg_createcluster"
正在设置 sysstat (10.2.0-1) ...
Creating config file /etc/default/sysstat with new version
update-alternatives: using /usr/bin/sar.sysstat to provide /usr/bin/sar (sar) in 自动模式
正在处理用于 ureadahead (0.100.0-16) 的触发器 ...
正在设置 postgresql-10 (10.8-1.pgdg14.04+1) ...
Creating new PostgreSQL cluster 10/main ...
/usr/lib/postgresql/10/bin/initdb -D /var/lib/postgresql/10/main --auth-local peer --auth-host md5
属于此数据库系统的文件宿主为用户 "postgres".
此用户也必须为服务器进程的宿主.
数据库簇将使用本地化语言 "zh_CN.UTF-8"进行初始化.
默认的数据库编码已经相应的设置为 "UTF8".
initdb: 无法为本地化语言环境"zh_CN.UTF-8"找到合适的文本搜索配置
缺省的文本搜索配置将会被设置到"simple"
禁止为数据页生成校验和.
修复已存在目录 /var/lib/postgresql/10/main 的权限 ... 成功
正在创建子目录 ... 成功
选择默认最大联接数 (max_connections) ... 100
选择默认共享缓冲区大小 (shared_buffers) ... 128MB
选择动态共享内存实现 ......posix
创建配置文件 ... 成功
正在运行自举脚本 ...成功
正在执行自举后初始化 ...成功
同步数据到磁盘...成功
Success. You can now start the database server using:
/usr/lib/postgresql/10/bin/pg_ctl -D /var/lib/postgresql/10/main -l logfile start
Ver Cluster Port Status Owner Data directory Log file
10 main 5432 down postgres /var/lib/postgresql/10/main /var/log/postgresql/postgresql-10-main.log
update-alternatives: using /usr/share/postgresql/10/man/man1/postmaster.1.gz to provide /usr/share/man/man1/postmaster.1.gz (postmaster.1.gz) in 自动模式
* Starting PostgreSQL 10 database server [ OK ]
正在处理用于 libc-bin (2.19-0ubuntu6) 的触发器 ...
root@googlebigtable-virtual-machine:/home/googlebigtable#
root@googlebigtable-virtual-machine:/home/googlebigtable# find / -name pg_hba.conf
/etc/postgresql/10/main/pg_hba.conf
root@googlebigtable-virtual-machine:/home/googlebigtable# cat -n /etc/postgresql/10/main/pg_hba.conf
1 # PostgreSQL Client Authentication Configuration File
2 # ===================================================
3 #
4 # Refer to the "Client Authentication" section in the PostgreSQL
5 # documentation for a complete description of this file. A short
6 # synopsis follows.
7 #
8 # This file controls: which hosts are allowed to connect, how clients
9 # are authenticated, which PostgreSQL user names they can use, which
10 # databases they can access. Records take one of these forms:
11 #
12 # local DATABASE USER METHOD [OPTIONS]
13 # host DATABASE USER ADDRESS METHOD [OPTIONS]
14 # hostssl DATABASE USER ADDRESS METHOD [OPTIONS]
15 # hostnossl DATABASE USER ADDRESS METHOD [OPTIONS]
16 #
17 # (The uppercase items must be replaced by actual values.)
18 #
19 # The first field is the connection type: "local" is a Unix-domain
20 # socket, "host" is either a plain or SSL-encrypted TCP/IP socket,
21 # "hostssl" is an SSL-encrypted TCP/IP socket, and "hostnossl" is a
22 # plain TCP/IP socket.
23 #
24 # DATABASE can be "all", "sameuser", "samerole", "replication", a
25 # database name, or a comma-separated list thereof. The "all"
26 # keyword does not match "replication". Access to replication
27 # must be enabled in a separate record (see example below).
28 #
29 # USER can be "all", a user name, a group name prefixed with "+", or a
30 # comma-separated list thereof. In both the DATABASE and USER fields
31 # you can also write a file name prefixed with "@" to include names
32 # from a separate file.
33 #
34 # ADDRESS specifies the set of hosts the record matches. It can be a
35 # host name, or it is made up of an IP address and a CIDR mask that is
36 # an integer (between 0 and 32 (IPv4) or 128 (IPv6) inclusive) that
37 # specifies the number of significant bits in the mask. A host name
38 # that starts with a dot (.) matches a suffix of the actual host name.
39 # Alternatively, you can write an IP address and netmask in separate
40 # columns to specify the set of hosts. Instead of a CIDR-address, you
41 # can write "samehost" to match any of the server's own IP addresses,
42 # or "samenet" to match any address in any subnet that the server is
43 # directly connected to.
44 #
45 # METHOD can be "trust", "reject", "md5", "password", "scram-sha-256",
46 # "gss", "sspi", "ident", "peer", "pam", "ldap", "radius" or "cert".
47 # Note that "password" sends passwords in clear text; "md5" or
48 # "scram-sha-256" are preferred since they send encrypted passwords.
49 #
50 # OPTIONS are a set of options for the authentication in the format
51 # NAME=VALUE. The available options depend on the different
52 # authentication methods -- refer to the "Client Authentication"
53 # section in the documentation for a list of which options are
54 # available for which authentication methods.
55 #
56 # Database and user names containing spaces, commas, quotes and other
57 # special characters must be quoted. Quoting one of the keywords
58 # "all", "sameuser", "samerole" or "replication" makes the name lose
59 # its special character, and just match a database or username with
60 # that name.
61 #
62 # This file is read on server startup and when the server receives a
63 # SIGHUP signal. If you edit the file on a running system, you have to
64 # SIGHUP the server for the changes to take effect, run "pg_ctl reload",
65 # or execute "SELECT pg_reload_conf()".
66 #
67 # Put your actual configuration here
68 # ----------------------------------
69 #
70 # If you want to allow non-local connections, you need to add more
71 # "host" records. In that case you will also need to make PostgreSQL
72 # listen on a non-local interface via the listen_addresses
73 # configuration parameter, or via the -i or -h command line switches.
74
75
76
77
78 # DO NOT DISABLE!
79 # If you change this first entry you will need to make sure that the
80 # database superuser can access the database using some other method.
81 # Noninteractive access to all databases is required during automatic
82 # maintenance (custom daily cronjobs, replication, and similar tasks).
83 #
84 # Database administrative login by Unix domain socket
85 local all postgres peer
86
87 # TYPE DATABASE USER ADDRESS METHOD
88
89 # "local" is for Unix domain socket connections only
90 local all all peer
91 # IPv4 local connections:
92 host all all 127.0.0.1/32 md5
93 # IPv6 local connections:
94 host all all ::1/128 md5
95 # Allow replication connections from localhost, by a user with the
96 # replication privilege.
97 local replication all peer
98 host replication all 127.0.0.1/32 md5
99 host replication all ::1/128 md5
root@googlebigtable-virtual-machine:/home/googlebigtable#
root@googlebigtable-virtual-machine:/home/googlebigtable# cp /etc/postgresql/10/main/pg_hba.conf{,.original}
root@googlebigtable-virtual-machine:/home/googlebigtable# gedit /etc/postgresql/10/main/pg_hba.conf
修改为允许本地连接
84 # Database administrative login by Unix domain socket
85 local all postgres trust
86
87 # TYPE DATABASE USER ADDRESS METHOD
88
89 # "local" is for Unix domain socket connections only
90 local all all trust
91 # IPv4 local connections:
92 host all all 127.0.0.1/32 trust
93 # IPv6 local connections:
94 host all all ::1/128 trust
root@googlebigtable-virtual-machine:/home/googlebigtable# service postgresql restart
* Restarting PostgreSQL 10 database server [ OK ]
root@googlebigtable-virtual-machine:/home/googlebigtable#
root@googlebigtable-virtual-machine:/home/googlebigtable# add-apt-repository ppa:mrazavi/gvm
Greenbone Vulnerability Management version 11 (GVM-11) is the current stable major release of tools offering a comprehensive and powerful vulnerability scanning and vulnerability management solution. GVM is developed for and as part of the commercial product line Greenbone Security Manager. It is developed by Greenbone and licenced as Open Source.
More info at: https://community.greenbone.net/
** NEW **
A set of docker images based on this PPA are avialble at docker hub. It could be used to setup GVM on any distribution of GNU/Linux.
More info: https://github.com/admirito/gvm-containers
.............................................................................................................
gpg: 钥匙环‘/tmp/tmpnen9kor6/secring.gpg’已建立
gpg: 钥匙环‘/tmp/tmpnen9kor6/pubring.gpg’已建立
gpg: 下载密钥‘4AA450E0’,从 hkp 服务器 keyserver.ubuntu.com
gpg: /tmp/tmpnen9kor6/trustdb.gpg:建立了信任度数据库
gpg: 密钥 4AA450E0:公钥“Launchpad PPA for Mohammad Razavi”已导入
gpg: 合计被处理的数量:1
gpg: 已导入:1 (RSA: 1)
OK
root@googlebigtable-virtual-machine:/home/googlebigtable#
root@googlebigtable-virtual-machine:/home/googlebigtable# apt install -y gvm
正在读取软件包列表... 完成
正在分析软件包的依赖关系树
正在读取状态信息... 完成
E: 未发现软件包 gvm
root@googlebigtable-virtual-machine:/home/googlebigtable# aptitude install -y gvm
无法找到任何名称或者描述中匹配“gvm”的软件包
无法找到任何名称或者描述中匹配“gvm”的软件包
将不会安装,升级或者删除任何软件包。
0 个软件包被升级,新安装 0 个, 0 个将被删除, 同时 766 个将不升级。
需要获取 0 B 的存档。 解包后将要使用 0 B。
root@googlebigtable-virtual-machine:/home/googlebigtable#
查阅
https://github.com/greenbone/gvmd
https://launchpad.net/~mrazavi/+archive/ubuntu/gvm
得知,GVM只能安装到Ubuntu 18 和 Ubuntu 20 上。
官方推荐的安装组件和过程:
To install the Greenbone Vulnerability Management 11 packages on Ubuntu 20.04 Focal Fossa first you need to install PostgreSQL database server (if you don't already have one--it could also be installed on a remote machine):
sudo apt install postgresql
Then use the following commands to install GVM:
sudo add-apt-repository ppa:mrazavi/gvm
sudo apt install gvm
Finally, you have to update the greenbone nvt/cert/scap data with these commands:
greenbone-nvt-sync
sudo greenbone-scapdata-sync
sudo greenbone-certdata-sync
You can access the Greenbone Security Assistant web interface at:
https://localhost:9392
(The port number has changed according to the upstream in the new version and the old 4000 port number is no longer the default)
The default username/password is as follows:
Username: admin
Password: admin
You can check the status of greenbone daemons with systemctl:
systemctl status ospd-openvas # scanner
systemctl status gvmd # manager
systemctl status gsad # web ui
顺利安装 GVM 后的 Web 管理系统登录界面如下:
安装 GVM 11 的 OS选择说明相关推荐
- Windows XP硬盘安装Ubuntu 11.10双系统全程图解
Ubuntu 11.10正式版出来有段时间了,许多朋友还在用wubi安装,其实,Windows XP下硬盘安装Ubuntu 11.10双系统其实也很简单的,Ubuntu 11.10的安装过程跟11.0 ...
- xp 硬盘安装linux双系统,WinXP硬盘安装Ubuntu 11.10双系统全程图解
Ubuntu 11.10正式版出来有段时间了,许多朋友还在用wubi安装,其实,Windows XP下硬盘安装Ubuntu 11.10双系统其实也很简单的,Ubuntu 11.10的安装过程跟11.0 ...
- Mac OS X10.11(OS X EI Capitan)安装程序下载
Mac OS X10.11(OS X EI Capitan)的安装程序(dmg文件)已经上传到百度网盘(直接安装即可).有需要者请加微信公众号:geekculture,并发送capitan或osx获取 ...
- MySQL安装问题—— Can‘t create directory ‘C:\web\mysql-8.0.11\data\‘ (OS errno 2 - No such file or directo
D:\MSQL\mysql-8.0.23-winx64\mysql-8.0.23-winx64\bin>mysqld --initialize --consolemysqld: Can't cr ...
- 最详细AMD Ryzen CPU,VMware 16安装macOS 11.x BigSur记录(第二篇)
虚拟机安装macOS 安装之前 博主电脑配置 博主电脑环境 安装环境准备 开始安装 安装VMware Workstation unlocker解锁工具 创建虚拟机 配置虚拟机 运行虚拟机 安装VMwa ...
- 如何安装 Debian 11 操作系统手把手教学
Debian 终于发布了稳定的 OS 版本 11,它的代号是 bullseye.Debian 11 是一个 LTS 版本,这意味着我们将得到更新和支持直到 2025 年.它推出了全新的主题<家园 ...
- CentOS 7 安装 Oracle 11.2.0.4
一.安装环境 CentOS Linux release 7.2.1511 (Core) Oracle Database 11g Release 2 (11.2.0.4) 二.安装前准备 2.1 修改主 ...
- ORALCE 数据库静默安装教程(Center OS 7) --用于个人理解
ORALCE 数据库静默安装教程(Center OS 7) --用于个人理解 一.安装前准备工作 1.安装依赖包 2.建立用户组和用户 3.在/etc/hosts文件内容的最底下添加主机名(注掉原来的 ...
- Centos7卸载Python2.7.5后安装Python3.11.1
卸载Python2.7.5 #强制删除已安装python及其关联 rpm -qa|grep python|xargs rpm -ev –allmatches –nodeps #删除残余文件 where ...
最新文章
- MySQL使用详解--根据个人学习总结
- TensorFlow.NET 在工业部署中的应用
- Mysql优化-大数据量下的分页策略
- 港科大郑光廷院士问诊未来,揭露 AI 最新应用与实践
- 这样讲闭包,你终生难忘
- 天翼校园网连接不上服务器无响应,使用天翼校园客户端提示登陆失败应该怎么处理?...
- 闲置光猫改成无线打印服务器,简单几步,让闲置路由器变身专业无线AP-无线ap设置...
- 手机摄像头的组成结构和工作原理
- Google Chrome 49.0.2623.112 XP系统最终版离线安装包官方下载地址
- 卡巴斯基正版半年注册码申请
- 【文学】平凡的世界第三部
- linux进入不了系统怎么处理,LINUX无法进入系统
- 【深度学习】OCR文本识别
- Go语言之路:一、万丈高楼平地起
- 睿智的目标检测——YoloV7-Tiny-OBB旋转目标检测算法部署
- Git 删除 GitHub仓库的文件——详细操作 githua如何删除文件
- Learning Local Search Heuristics for Boolean Satisfiability 2020-04-30
- win10设置网络打印机
- 删除.sys、.dll流氓文件
- Unity3D脚本依赖RequireComponent(自动添加关联的脚本)