CentOS 8安装 GVM20.08
Centos 8 安装GVM 20.08
参考链接1:https://sadsloth.net/post/install-gvm-20_08-src-on-debian/
参考链接2:https://community.greenbone.net/t/full-gvm-11-build-guide-for-centos-8/5425
旧版的openvas安装成功之后无法下载漏洞库,官方建议使用新版的GVM;
尝试在centos7上源码安装,但无法成功,未深究原因,不确定是centos7无法安装GVM 20.08还是依赖未解决
centos8上安装GVM11,ospd组件启动有问题,控制台可以启动,但是使用systemd无法启动成功,忘记截图,无法确认问题;
由于本次安装耗费了很长时间,做个记录。
安装步骤:
- 安装python3
yum install python3
确认python3安装位置
`which python3`
选择上一部中pythons3点安装位置
alternatives --config python
- 安装epel 仓库
yum install epel-release
- 安装 centos-powertools仓库
yum config-manager --set-enabled powertools
- 安装编译工具
yum groupinstall -y "development tools"
- 安装依赖
yum install -y cmake glib2-devel zlib-devel gnutls-devel libuuid-devel libssh-devel libxml2-devel libgcrypt-devel openldap-devel popt-devel redis libical-devel openssl-devel hiredis-devel radcl i-devel gpgme-devel libksba-devel doxygen libpcap-devel nodejs python3-polib libmicrohttpd-devel gnutls-utils python3-devel libpq-devel texinfo xmltoman nmap sshpass socat mingw32-gcc ncurses-devel
- 安装 postgres数据库
yum install -y postgresql-server postgresql-contrib postgresql-server-develpostgresql-setup --initdbsystemctl enable postgresqlsystemctl start postgresql
- 配置postgres 数据库
sudo -Hiu postgrescreateuser gvmcreatedb -O gvm gvmdpsql gvmdcreate role dba with superuser noinherit;grant dba to gvm;create extension “uuid-ossp”;create extension “pgcrypto”;\qexitsystemctl restart postgresql
- 在系统环境添加gvm 库路径
echo "/data/gvm/lib" > /etc/ld.so.conf.d/gvm.confldconfig
- 添加 gvm用户、配置主目录
useradd -r -d /data/gvm -c "GVM(OpenVAS) User" -s /bin/bash gvmmkdir /data/gvmmkdir /data/gvm/srcchown -R gvm:gvm /data/gvm
在/etc/profile添加gvm可执行文件路径
vim /etc/profile
添加以下两行:
export PATH=$PATH:/data/gvm/binexport PATH=$PATH:/data/gvm/sbin
source /etc/profile
- 获取gvm安装包
su - gvmcd /data/gvm/srcgit clone -b gvm-libs-20.08 --single-branch https://github.com/greenbone/gvm-libs.git git clone -b openvas-20.08 --single-branch https://github.com/greenbone/openvas.git git clone -b gvmd-20.08 --single-branch https://github.com/greenbone/gvmd.git git clone -b master --single-branch https://github.com/greenbone/openvas-smb.git git clone -b gsa-20.08 --single-branch https://github.com/greenbone/gsa.git git clone -b ospd-openvas-20.08 --single-branch https://github.com/greenbone/ospd-openvas.git git clone -b ospd-20.08 --single-branch https://github.com/greenbone/ospd.git
- 安装gvm-libs
cd gvm-libsexport PKG_CONFIG_PATH=/data/gvm/lib/pkgconfigmkdir buildcd buildcmake -DCMAKE_INSTALL_PREFIX=/data/gvm ..makemake docmake install
- 安装heimdal(切换至root用户)
cd /usr/local/srcwget https://github.com/heimdal/heimdal/releases/download/heimdal-7.7.0/heimdal-7.7.0.tar.gztar xvfz heimdal-7.7.0.tar.gzcd heimdal-7.7.0./configure --enable-opt=no --prefix=/data/heimdalmakemake installln -s /data/heimdal/include/ /data/heimdal/include/heimdalecho "/data/hemidal/lib" > /etc/ld.so.conf.d/hemidal.confldconfig
- 安装openvas-smb
cd /data/gvm/src/openvas-smbexport PKG_CONFIG_PATH=/data/gvm/lib/pkgconfig:/data/heimdal/lib/pkgconfigmkdir buildcd buildcmake -DCMAKE_INSTALL_PREFIX=/data/gvm ..makemake install
- 安装openvas
cd /data/gvm/src/openvasmkdir build cd build/ cmake -DCMAKE_INSTALL_PREFIX=/opt/gvm .. make make doc make install
- 修改redis配置文件(切换到root用户)
cp /etc/redis.conf /etc/redis.conf.origcp /data/gvm/src/openvas/config/redis-openvas.conf /etc/redis.confchown redis /etc/redis.conf
/etc/redis.conf文件中以下两行内容应该如下:
echo "db_address = /tmp/redis.sock" > /data/gvm/etc/openvas/openvas.confsystemctl enable redissystemctl start redis
- 配置系统环境(切换到root用户)
sysctl -w net.core.somaxconn=1024sysctl -w vm.overcommit_memory=1echo "net.core.somaxconn=1024" >> /etc/sysctl.confecho "vm.overcommit_memory=1" >> /etc/sysctl.conf
cat << EOF > /etc/systemd/system/disable-thp.service[Unit]Description=Disable Transparent Huge Pages (THP)[Service]Type=simpleExecStart=/bin/sh -c "echo 'never' > /sys/kernel/mm/transparent_hugepage/enabled && echo 'never' > /sys/kernel /mm/transparent_hugepage/defrag"[Install]WantedBy=multi-user.targetEOF
systemctl daemon-reloadsystemctl start disable-thp.servicesystemctl enable disable-thp.service
- 将gvm用户添加到redis组(切换到root用户)
usermod -aG redis gvmsystemctl restart redis
修改/etc/sudoers文件
添加以下行
Defaults secure_path="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/snap/bin:/data/gvm/sbin"
gvm ALL = NOPASSWD:/data/gvm/sbin/openvas
gvm ALL = NOPASSWD:/data/gvm/sbin/gsad同步漏洞库
su - gvm
greenbone-nvt-sync (容易失败,多次尝试直到成功为止)
sudo openvas -u安装gvmd
cd /data/gvm/src/gvmdexport PKG_CONFIG_PATH=/data/gvm/lib/pkgconfig:/data/heimdal/lib/pkgconfigmkdir buildcd buildcmake -DCMAKE_INSTALL_PREFIX=/data/gvm ..makemake docmake install
配置gvmd
gvm-manage-certs -a
gvmd --create-user=admin --password=admin
查看刚刚创建的admin的uuid
gvmd --get-users --verbose
admin 41f853e4-fecf-423f-85b7-18fa3396bac5 ««« 记住这个uuid
修改uuid
gvmd --modify-setting 78eceaec-3385-11ea-b237-28d24461215b --value 41f853e4-fecf-423f-85b7-18fa3396bac5
greenbone-feed-sync --type GVMD_DATA
greenbone-feed-sync --type SCAP
greenbone-feed-sync --type CERT安装gsa
cd /data/gvm/src/gsamkdir buildcd buildcmake -DCMAKE_INSTALL_PREFIX=/data/gvm ..makemake docmake install
- 安装ospd-openvas
cd /data/gvm/srcvirtualenv --python python3.7 /data/gvm/bin/ospd-scanner/source /data/gvm/bin/ospd-scanner/bin/activatemkdir /data/gvm/var/run/ospdcd ospdpip3 install .cd /data/gvm/src/opsd-openvaspip3 install .
- 创建启动脚本
cat << EOF > /etc/systemd/system/gvmd.service[Unit]Description=Job that runs the gvm daemonDocumentation=man:gvmAfter=ospd.service[Service]Type=forkingUser=gvmGroup=gvmPIDFile=/data/gvm/var/run/gvmd.pidWorkingDirectory=/data/gvmExecStartPre=/bin/sleep 60ExecStart=/data/gvm/sbin/gvmd --osp-vt-update=/data/gvm/var/run/ospd.sock[Install]WantedBy=multi-user.targetEOF
cat << EOF > /etc/systemd/system/gsad.service[Unit]Description=Job that runs the gsa daemonDocumentation=man:gsaAfter=postgresql.service[Service]Type=forkingPIDFile=/data/gvm/var/run/gsad.pidWorkingDirectory=/data/gvmExecStart=/data/gvm/sbin/gsad --no-redirect --listen=127.0.0.1 -p 20001[Install]WantedBy=multi-user.targetEOF
cat << EOF > /etc/systemd/system/ospd-openvas.service[Unit]Description=Job that runs the ospd-openvas daemonDocumentation=man:gvmAfter=network.target redis-server@openvas.serviceWants=redis-server@openvas.service[Service]Environment=PATH=/data/gvm/bin/ospd-scanner/bin:/data/gvm/bin:/data/gvm/sbin:/data/gvm/.local/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/binType=forkingUser=gvmGroup=gvmWorkingDirectory=/data/gvmPIDFile=/data/gvm/var/run/ospd-openvas.pidExecStart=/data/gvm/bin/ospd-scanner/bin/python /data/gvm/bin/ospd-scanner/bin/ospd-openvas --pid-file /data/gvm/var/run/ospd-openvas.pid --unix-socket=/data/gvm/var/run/ospd.sock --log-file /data/gvm/var/log/gvm/ospd-scanner.log --lock-file-dir /data/gvm/var/run/[Install]WantedBy=multi-user.targetEOF
systemctl daemon-reload systemctl enable gvmd systemctl enable gsad systemctl enable ospd-openvas systemctl start gvmd systemctl start gsad systemctl start ospd-openvas
配置nginx
下载nginx安装包nginx-1.19.6.tar.gz
tar -zxvf nginx-1.19.6.tar.gz
cd nginx-1.19.6/
useradd -r -d /usr/local/nginx -c “Nginx web server” -s /sbin/nologin nginx
vim src/http/ngx_http_header_filter_module.c(修改缺省banner值),具体内容如下图:
yum install libxml2 libxml2-dev libxslt-devel gd-devel perl-devel perl-ExtUtils-Embed geoip-devel gperftools-devel
./configure --prefix=/usr/local/nginx --user=nginx --group=nginx --with-file-aio --with-ipv6 --with-http_auth_request_module --with-http_ssl_module --with-http_v2_module --with-http_realip_module --with-http_addition_module --with-http_xslt_module=dynamic --with-http_image_filter_module=dynamic --with-http_geoip_module=dynamic --with-http_sub_module --with-http_dav_module --with-http_flv_module --with-http_mp4_module --with-http_gunzip_module --with-http_gzip_static_module --with-http_random_index_module --with-http_secure_link_module --with-http_degradation_module --with-http_slice_module --with-http_stub_status_module
–with-http_perl_module=dynamic --with-mail=dynamic --with-mail_ssl_module --with-pcre --with-pcre-jit --with-stream=dynamic
–with-stream_ssl_module --with-google_perftools_module --with-debug
make
make install
chown -R nginx:nginx /usr/local/nginx/
修改/usr/local/nginx/conf/nginx.conf
运行用户为nginx
修改http自动跳转到https
配置https访问
cat <<EOF > /etc/systemd/system/nginx.service[Unit]Description=The nginx HTTP and reverse proxy serverAfter=network.target remote-fs.target nss-lookup.target[Service]Type=forkinguser=nginxgroup=nginxPIDFile=/usr/local/nginx/logs/nginx.pidExecStartPre=/usr/bin/rm -f /usr/local/nginx/logs/nginx.pidExecStartPre=/usr/local/nginx/sbin/nginx -tExecStart=/usr/local/nginx/sbin/nginxExecReload=/bin/kill -s HUP $MAINPIDKillSignal=SIGQUITTimeoutStopSec=5KillMode=processPrivateTmp=true[Install]WantedBy=multi-user.targetEOF
systemctl daemon-reloadsystemctl start nginxsystemctl enable nginx
访问GVM
输入默认的账户密码:admin public就可以登录,后续修改账户密码。
CentOS 8安装 GVM20.08相关推荐
- CENTOS手动安装修复python ,YUM
CENTOS手动安装修复YUM
CENTOS手动安装修复YUM 2019年3月8日 杨宇 Comments 0 Comment 目录 [hide] 一.问题场景 二.手动修复 2.1 下载 rpm 包 2.2 安装 rpm 包 2 ...
- CentOS上安装Jekins
CentOS上安装Jekins 安装源 sudo wget -O /etc/yum.repos.d/jenkins.repo https://pkg.jenkins.io/redhat/jenkins ...
- Centos 6安装完美搭建mysql、php、apache之旅
安装apache [root@centos share]# yum -y install httpd Loaded plugins: fastestmirror, refresh-packagekit ...
- centos编译安装配置支持ssl加密的mysql replication
参考文章:http://www.howtoforge.com/how-to-set-up-mysql-database-replication-with-ssl-encryption-on-cento ...
- CentOS第一次安装MySQL的完整步骤
CentOS第一次安装MySQL的完整步骤 目录 1.官方安装文档 2.下载 Mysql yum包 3.安转软件源 4.安装mysql服务端 5.首先启动mysql 6.接着检查mysql 的运行状态 ...
- 在CentOS上安装和配置OpenNebula入门实例
导读 我们提到的云计算一般有三种类型:软件即服务(Software as a service, SaaS),平台即服务(Platform as a Service, PaaS)和基础架构即服务(Inf ...
- zbb20181210 CentOS第一次安装MySQL的完整步骤
转载 https://www.cnblogs.com/silentdoer/articles/7258232.html#tag0 本文章只做学习记录 CentOS第一次安装MySQL的完整步骤 目录 ...
- CentOS 8 安装MySQL(各版本完美解决方案)
CentOS 8 安装MySQL 首先,换yum源 `wget -O CentOS-Base.repo http://mirrors.aliyun.com/repo/Centos-8.repo` 下面 ...
- CentOS 7安装MySQL集群-GALERA CLUSTER 4 FOR MYSQL 8 RELEASE
CentOS 7安装MySQL集群-GALERA CLUSTER 4 FOR MYSQL 8 RELEASE 文章目录 CentOS 7安装MySQL集群-GALERA CLUSTER 4 FOR M ...
最新文章
- 乐高机器人教室布置图片大全_全国青少年机器人技术等级考试(上海宝山站)顺利举行...
- Latex之WinEdt编辑界面的自动换行
- C#类型反射、晚期绑定、特性编程的使用背景与分析
- 字节跳动花50亿买了个什么?
- apache配置 index.php,修改apache配置文件去除thinkphp url中的index.php
- 3D数学之四元组应用及实现
- MATLAB 线性运算之图像相加去噪
- POJ 2236 Wireless Network
- js 控制 head 元素 隐藏与显示
- NYOJ 214(LIS,二分插入)
- FPGA信号处理系列文章——用matlab理解CIC滤波器的原理
- CDMA关键技术(RAKE、软切换、功率控制
- 2步学会word怎么看字数(图文)
- 亚马逊、敦煌、速卖通、阿里国际站、lazada、shopee、ebay、wish、wayfair、mercari、沃尔玛、newegg 跨境电商运营实战攻略
- IP地址段与子网掩码
- ECC证书操作汇总(ECC certificate operations summary)
- 从区块链到DAG(五)--DAG项目介绍IOTA和Obyte
- 在linux安装java过程_挑战Java在Linux上安装过程分享
- pytest.ini配置文件详解【pytest系列 12】
- ArcGIS基础:计算地球椭球表面面积
热门文章
- NSMutableAttributedString
- 编写Makefile:编译当前文件夹以及子文件夹下所有的ccpp文件并生成可执行文件
- 明源售楼系统技术解析 销售控制(更名查询与变更查询)
- 如何优雅地使用Sublime Text
- 电力负荷预测三篇综述总结
- Android 打造炫目的圆形菜单 秒秒钟高仿建行圆形菜单
- Linux执行命令常见的英语语句
- 步进电机stepmotor
- 强制域名使用 HTTPS(SSL)
- 华为nova2s用哪个型号服务器,华为Nova2s和Nova2买哪个好/区别大吗?华为Nova2s与Nova2的区别对比详解...