Centos 8 安装GVM 20.08

参考链接1:https://sadsloth.net/post/install-gvm-20_08-src-on-debian/
参考链接2:https://community.greenbone.net/t/full-gvm-11-build-guide-for-centos-8/5425

旧版的openvas安装成功之后无法下载漏洞库,官方建议使用新版的GVM;
尝试在centos7上源码安装,但无法成功,未深究原因,不确定是centos7无法安装GVM 20.08还是依赖未解决
centos8上安装GVM11,ospd组件启动有问题,控制台可以启动,但是使用systemd无法启动成功,忘记截图,无法确认问题;
由于本次安装耗费了很长时间,做个记录。
安装步骤:

  • 安装python3
yum install python3

确认python3安装位置

`which python3`

选择上一部中pythons3点安装位置

alternatives --config  python
  • 安装epel 仓库
yum install epel-release
  • 安装 centos-powertools仓库
yum config-manager --set-enabled powertools
  • 安装编译工具
yum groupinstall -y "development tools"
  • 安装依赖
yum install -y cmake glib2-devel zlib-devel gnutls-devel libuuid-devel libssh-devel  libxml2-devel libgcrypt-devel openldap-devel popt-devel redis libical-devel openssl-devel hiredis-devel radcl i-devel gpgme-devel libksba-devel doxygen libpcap-devel nodejs python3-polib libmicrohttpd-devel gnutls-utils python3-devel libpq-devel texinfo xmltoman nmap sshpass socat mingw32-gcc ncurses-devel
  • 安装 postgres数据库
 yum install -y postgresql-server postgresql-contrib postgresql-server-develpostgresql-setup --initdbsystemctl enable postgresqlsystemctl start postgresql
  • 配置postgres 数据库
 sudo -Hiu postgrescreateuser gvmcreatedb -O gvm gvmdpsql gvmdcreate role dba with superuser noinherit;grant dba to gvm;create extension “uuid-ossp”;create extension “pgcrypto”;\qexitsystemctl restart postgresql
  • 在系统环境添加gvm 库路径
 echo "/data/gvm/lib" > /etc/ld.so.conf.d/gvm.confldconfig
  • 添加 gvm用户、配置主目录
 useradd -r -d /data/gvm -c "GVM(OpenVAS) User" -s /bin/bash gvmmkdir /data/gvmmkdir /data/gvm/srcchown -R gvm:gvm /data/gvm

  • 在/etc/profile添加gvm可执行文件路径

    vim /etc/profile
    添加以下两行:
    export PATH=$PATH:/data/gvm/bin

    export PATH=$PATH:/data/gvm/sbin

source /etc/profile
  • 获取gvm安装包
 su - gvmcd /data/gvm/srcgit clone -b gvm-libs-20.08 --single-branch https://github.com/greenbone/gvm-libs.git git clone -b openvas-20.08 --single-branch https://github.com/greenbone/openvas.git git clone -b gvmd-20.08 --single-branch https://github.com/greenbone/gvmd.git git clone -b master --single-branch https://github.com/greenbone/openvas-smb.git git clone -b gsa-20.08 --single-branch https://github.com/greenbone/gsa.git git clone -b ospd-openvas-20.08 --single-branch  https://github.com/greenbone/ospd-openvas.git git clone -b ospd-20.08 --single-branch https://github.com/greenbone/ospd.git
  • 安装gvm-libs
 cd gvm-libsexport PKG_CONFIG_PATH=/data/gvm/lib/pkgconfigmkdir buildcd buildcmake -DCMAKE_INSTALL_PREFIX=/data/gvm ..makemake docmake install
  • 安装heimdal(切换至root用户)
 cd /usr/local/srcwget https://github.com/heimdal/heimdal/releases/download/heimdal-7.7.0/heimdal-7.7.0.tar.gztar xvfz heimdal-7.7.0.tar.gzcd heimdal-7.7.0./configure  --enable-opt=no --prefix=/data/heimdalmakemake installln -s /data/heimdal/include/ /data/heimdal/include/heimdalecho "/data/hemidal/lib" > /etc/ld.so.conf.d/hemidal.confldconfig
  • 安装openvas-smb
 cd /data/gvm/src/openvas-smbexport PKG_CONFIG_PATH=/data/gvm/lib/pkgconfig:/data/heimdal/lib/pkgconfigmkdir buildcd buildcmake -DCMAKE_INSTALL_PREFIX=/data/gvm ..makemake install
  • 安装openvas
 cd /data/gvm/src/openvasmkdir build cd build/ cmake -DCMAKE_INSTALL_PREFIX=/opt/gvm .. make make doc make install
  • 修改redis配置文件(切换到root用户)
 cp /etc/redis.conf  /etc/redis.conf.origcp /data/gvm/src/openvas/config/redis-openvas.conf /etc/redis.confchown redis /etc/redis.conf

/etc/redis.conf文件中以下两行内容应该如下:


 echo "db_address = /tmp/redis.sock" > /data/gvm/etc/openvas/openvas.confsystemctl enable redissystemctl start redis
  • 配置系统环境(切换到root用户)
 sysctl -w net.core.somaxconn=1024sysctl -w vm.overcommit_memory=1echo "net.core.somaxconn=1024"  >> /etc/sysctl.confecho "vm.overcommit_memory=1" >> /etc/sysctl.conf

 cat << EOF > /etc/systemd/system/disable-thp.service[Unit]Description=Disable Transparent Huge Pages (THP)[Service]Type=simpleExecStart=/bin/sh -c "echo 'never' > /sys/kernel/mm/transparent_hugepage/enabled && echo 'never' > /sys/kernel    /mm/transparent_hugepage/defrag"[Install]WantedBy=multi-user.targetEOF

 systemctl daemon-reloadsystemctl start disable-thp.servicesystemctl enable disable-thp.service
  • 将gvm用户添加到redis组(切换到root用户)
 usermod  -aG redis gvmsystemctl restart redis

  • 修改/etc/sudoers文件

    添加以下行
    Defaults secure_path="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/snap/bin:/data/gvm/sbin"
    gvm ALL = NOPASSWD:/data/gvm/sbin/openvas
    gvm ALL = NOPASSWD:/data/gvm/sbin/gsad

  • 同步漏洞库

    su - gvm
    greenbone-nvt-sync (容易失败,多次尝试直到成功为止)
    sudo openvas -u

  • 安装gvmd

 cd /data/gvm/src/gvmdexport PKG_CONFIG_PATH=/data/gvm/lib/pkgconfig:/data/heimdal/lib/pkgconfigmkdir buildcd buildcmake -DCMAKE_INSTALL_PREFIX=/data/gvm ..makemake docmake install

  • 配置gvmd

    gvm-manage-certs -a
    gvmd --create-user=admin --password=admin
    查看刚刚创建的admin的uuid
    gvmd --get-users --verbose
    admin 41f853e4-fecf-423f-85b7-18fa3396bac5 ««« 记住这个uuid
    修改uuid
    gvmd --modify-setting 78eceaec-3385-11ea-b237-28d24461215b --value 41f853e4-fecf-423f-85b7-18fa3396bac5
    greenbone-feed-sync --type GVMD_DATA
    greenbone-feed-sync --type SCAP
    greenbone-feed-sync --type CERT

  • 安装gsa

 cd /data/gvm/src/gsamkdir buildcd buildcmake -DCMAKE_INSTALL_PREFIX=/data/gvm ..makemake docmake install
  • 安装ospd-openvas
 cd /data/gvm/srcvirtualenv --python python3.7  /data/gvm/bin/ospd-scanner/source /data/gvm/bin/ospd-scanner/bin/activatemkdir /data/gvm/var/run/ospdcd ospdpip3 install .cd /data/gvm/src/opsd-openvaspip3 install .
  • 创建启动脚本
 cat << EOF > /etc/systemd/system/gvmd.service[Unit]Description=Job that runs the gvm daemonDocumentation=man:gvmAfter=ospd.service[Service]Type=forkingUser=gvmGroup=gvmPIDFile=/data/gvm/var/run/gvmd.pidWorkingDirectory=/data/gvmExecStartPre=/bin/sleep 60ExecStart=/data/gvm/sbin/gvmd --osp-vt-update=/data/gvm/var/run/ospd.sock[Install]WantedBy=multi-user.targetEOF

 cat << EOF > /etc/systemd/system/gsad.service[Unit]Description=Job that runs the gsa daemonDocumentation=man:gsaAfter=postgresql.service[Service]Type=forkingPIDFile=/data/gvm/var/run/gsad.pidWorkingDirectory=/data/gvmExecStart=/data/gvm/sbin/gsad --no-redirect --listen=127.0.0.1 -p 20001[Install]WantedBy=multi-user.targetEOF

 cat << EOF > /etc/systemd/system/ospd-openvas.service[Unit]Description=Job that runs the ospd-openvas daemonDocumentation=man:gvmAfter=network.target redis-server@openvas.serviceWants=redis-server@openvas.service[Service]Environment=PATH=/data/gvm/bin/ospd-scanner/bin:/data/gvm/bin:/data/gvm/sbin:/data/gvm/.local/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/binType=forkingUser=gvmGroup=gvmWorkingDirectory=/data/gvmPIDFile=/data/gvm/var/run/ospd-openvas.pidExecStart=/data/gvm/bin/ospd-scanner/bin/python /data/gvm/bin/ospd-scanner/bin/ospd-openvas --pid-file /data/gvm/var/run/ospd-openvas.pid --unix-socket=/data/gvm/var/run/ospd.sock --log-file /data/gvm/var/log/gvm/ospd-scanner.log --lock-file-dir /data/gvm/var/run/[Install]WantedBy=multi-user.targetEOF

 systemctl daemon-reload systemctl enable gvmd systemctl enable gsad systemctl enable ospd-openvas systemctl start gvmd systemctl start gsad systemctl start ospd-openvas

  • 配置nginx

    下载nginx安装包nginx-1.19.6.tar.gz
    tar -zxvf nginx-1.19.6.tar.gz
    cd nginx-1.19.6/
    useradd -r -d /usr/local/nginx -c “Nginx web server” -s /sbin/nologin nginx
    vim src/http/ngx_http_header_filter_module.c(修改缺省banner值),具体内容如下图:

    yum install libxml2 libxml2-dev libxslt-devel gd-devel perl-devel perl-ExtUtils-Embed geoip-devel gperftools-devel
    ./configure --prefix=/usr/local/nginx --user=nginx --group=nginx --with-file-aio --with-ipv6 --with-http_auth_request_module --with-http_ssl_module --with-http_v2_module --with-http_realip_module --with-http_addition_module --with-http_xslt_module=dynamic --with-http_image_filter_module=dynamic --with-http_geoip_module=dynamic --with-http_sub_module --with-http_dav_module --with-http_flv_module --with-http_mp4_module --with-http_gunzip_module --with-http_gzip_static_module --with-http_random_index_module --with-http_secure_link_module --with-http_degradation_module --with-http_slice_module --with-http_stub_status_module
    –with-http_perl_module=dynamic --with-mail=dynamic --with-mail_ssl_module --with-pcre --with-pcre-jit --with-stream=dynamic
    –with-stream_ssl_module --with-google_perftools_module --with-debug
    make
    make install
    chown -R nginx:nginx /usr/local/nginx/
    修改/usr/local/nginx/conf/nginx.conf
    运行用户为nginx

    修改http自动跳转到https

    配置https访问

 cat <<EOF > /etc/systemd/system/nginx.service[Unit]Description=The nginx HTTP and reverse proxy serverAfter=network.target remote-fs.target nss-lookup.target[Service]Type=forkinguser=nginxgroup=nginxPIDFile=/usr/local/nginx/logs/nginx.pidExecStartPre=/usr/bin/rm -f /usr/local/nginx/logs/nginx.pidExecStartPre=/usr/local/nginx/sbin/nginx -tExecStart=/usr/local/nginx/sbin/nginxExecReload=/bin/kill -s HUP $MAINPIDKillSignal=SIGQUITTimeoutStopSec=5KillMode=processPrivateTmp=true[Install]WantedBy=multi-user.targetEOF

 systemctl daemon-reloadsystemctl start nginxsystemctl enable nginx

  • 访问GVM

    输入默认的账户密码:admin public就可以登录,后续修改账户密码。

CentOS 8安装 GVM20.08相关推荐

  1. CENTOS手动安装修复python ,YUM CENTOS手动安装修复YUM

    CENTOS手动安装修复YUM 2019年3月8日  杨宇 Comments 0 Comment 目录 [hide] 一.问题场景 二.手动修复 2.1 下载 rpm 包 2.2 安装 rpm 包 2 ...

  2. CentOS上安装Jekins

    CentOS上安装Jekins 安装源 sudo wget -O /etc/yum.repos.d/jenkins.repo https://pkg.jenkins.io/redhat/jenkins ...

  3. Centos 6安装完美搭建mysql、php、apache之旅

    安装apache [root@centos share]# yum -y install httpd Loaded plugins: fastestmirror, refresh-packagekit ...

  4. centos编译安装配置支持ssl加密的mysql replication

    参考文章:http://www.howtoforge.com/how-to-set-up-mysql-database-replication-with-ssl-encryption-on-cento ...

  5. CentOS第一次安装MySQL的完整步骤

    CentOS第一次安装MySQL的完整步骤 目录 1.官方安装文档 2.下载 Mysql yum包 3.安转软件源 4.安装mysql服务端 5.首先启动mysql 6.接着检查mysql 的运行状态 ...

  6. 在CentOS上安装和配置OpenNebula入门实例

    导读 我们提到的云计算一般有三种类型:软件即服务(Software as a service, SaaS),平台即服务(Platform as a Service, PaaS)和基础架构即服务(Inf ...

  7. zbb20181210 CentOS第一次安装MySQL的完整步骤

    转载 https://www.cnblogs.com/silentdoer/articles/7258232.html#tag0 本文章只做学习记录 CentOS第一次安装MySQL的完整步骤 目录 ...

  8. CentOS 8 安装MySQL(各版本完美解决方案)

    CentOS 8 安装MySQL 首先,换yum源 `wget -O CentOS-Base.repo http://mirrors.aliyun.com/repo/Centos-8.repo` 下面 ...

  9. CentOS 7安装MySQL集群-GALERA CLUSTER 4 FOR MYSQL 8 RELEASE

    CentOS 7安装MySQL集群-GALERA CLUSTER 4 FOR MYSQL 8 RELEASE 文章目录 CentOS 7安装MySQL集群-GALERA CLUSTER 4 FOR M ...

最新文章

  1. 乐高机器人教室布置图片大全_全国青少年机器人技术等级考试(上海宝山站)顺利举行...
  2. Latex之WinEdt编辑界面的自动换行
  3. C#类型反射、晚期绑定、特性编程的使用背景与分析
  4. 字节跳动花50亿买了个什么?
  5. apache配置 index.php,修改apache配置文件去除thinkphp url中的index.php
  6. 3D数学之四元组应用及实现
  7. MATLAB 线性运算之图像相加去噪
  8. POJ 2236 Wireless Network
  9. js 控制 head 元素 隐藏与显示
  10. NYOJ 214(LIS,二分插入)
  11. FPGA信号处理系列文章——用matlab理解CIC滤波器的原理
  12. CDMA关键技术(RAKE、软切换、功率控制
  13. 2步学会word怎么看字数(图文)
  14. 亚马逊、敦煌、速卖通、阿里国际站、lazada、shopee、ebay、wish、wayfair、mercari、沃尔玛、newegg 跨境电商运营实战攻略
  15. IP地址段与子网掩码
  16. ECC证书操作汇总(ECC certificate operations summary)
  17. 从区块链到DAG(五)--DAG项目介绍IOTA和Obyte
  18. 在linux安装java过程_挑战Java在Linux上安装过程分享
  19. pytest.ini配置文件详解【pytest系列 12】
  20. ArcGIS基础:计算地球椭球表面面积

热门文章

  1. NSMutableAttributedString
  2. 编写Makefile:编译当前文件夹以及子文件夹下所有的ccpp文件并生成可执行文件
  3. 明源售楼系统技术解析 销售控制(更名查询与变更查询)
  4. 如何优雅地使用Sublime Text
  5. 电力负荷预测三篇综述总结
  6. Android 打造炫目的圆形菜单 秒秒钟高仿建行圆形菜单
  7. Linux执行命令常见的英语语句
  8. 步进电机stepmotor
  9. 强制域名使用 HTTPS(SSL)
  10. 华为nova2s用哪个型号服务器,华为Nova2s和Nova2买哪个好/区别大吗?华为Nova2s与Nova2的区别对比详解...