GVM-11 centos8 源码安装指南(OpenVas)
参考文章:https://community.greenbone.net/t/full-gvm-11-build-guide-for-centos-8/5425
原文有各别不对地方,但根据原文,安装成功,并能正确进行漏洞扫描。非常感谢原文作者辛苦付出。这里做一下安装记录,不对的地方请指出。
安装的操作系统:CentOS Linux release 8.1.1911 (Core) ,CPU: 4核,内存 4G,
1,python 3 环境安装设置
使用root登录
默认python3已安装
[root@localhost ~]# yum install python3设置默认python命令,选择2。
[root@localhost ~]# alternatives --config python共有 2 个提供“python”的程序。选项 命令
-----------------------------------------------
* 1 /usr/libexec/no-python+ 2 /usr/bin/python3按 Enter 保留当前选项[+],或者键入选项编号:2
2,安装EPEL Repository yum 源
[root@localhost ~]# yum install epel-release3,启用 Centos-Powertools repository 源
[root@localhost ~]# yum config-manager --set-enabled PowerTools
4,安装开发工具包 (includes gcc and a whole bunch of stuff for compiling and building things)
[root@localhost ~]# yum groupinstall -y "development tools"5,安装必需的开发包,cmake redis (most come from Centos-Base, a few come from EPEL and Centos-PowerTools)
[root@localhost ~]# yum install -y cmake glib2-devel zlib-devel gnutls-devel libuuid-devel libssh-devel libxml2-devel libgcrypt-devel openldap-devel popt-devel redis libical-devel openssl-devel hiredis-devel radcli-devel gpgme-devel libksba-devel doxygen libpcap-devel nodejs python3-polib libmicrohttpd-devel gnutls-utils python3-devel libpq-devel texinfo xmltoman nmap sshpass socat mingw32-gcc ncurses-devel6,安装postgres数据库
[root@localhost ~]# yum install -y postgresql-server postgresql-contrib postgresql-server-devel[root@localhost ~]# /usr/bin/postgresql-setup --initdb* Initializing database in '/var/lib/pgsql/data'* Initialized, logs are in /var/lib/pgsql/initdb_postgresql.log7,配置postgres 数据库(not secure, on to-do list is to configure this with a password…
[root@localhost ~]# sudo -Hiu postgres
[postgres@localhost ~]$ createuser gvm
[postgres@localhost ~]$ createdb -O gvm gvmd
[postgres@localhost ~]$ psql gvmd
psql (10.6)
输入 "help" 来获取帮助信息.gvmd=# create role dba with superuser noinherit;
CREATE ROLE
gvmd=# grant dba to gvm;
GRANT ROLE
gvmd=# create extension "uuid-ossp";
gvmd=# create extension "pgcrypto";
CREATE EXTENSION
gvmd=# \q
[postgres@localhost ~]$ 8,增加gvm动态运行库配置文件
[root@localhost ~]# echo /opt/gvm/lib > /etc/ld.so.conf.d/gvm.conf
[root@localhost ~]# cat /etc/ld.so.conf.d/gvm.conf
/opt/gvm/lib
[root@localhost ~]# ldconfig9,增加一个无特权gvm用户和创建程序运行目录
[root@localhost ~]# useradd -r -d /opt/gvm -c "GVM(OpenVas)User" -s /bin/bash gvm
[root@localhost ~]# mkdir /opt/gvm
[root@localhost ~]# mkdir /opt/gvm/src
[root@localhost ~]# chown -R gvm:gvm /opt/gvm10,增加gvm命令环境变量。在/etc/profile最后增加
#add gvm path PATH to /etc/profile
export PATH=$PATH:/opt/gvm/bin
export PATH=$PATH:/opt/gvm/sbin 12,下载源码包(GVM-11 stable as of 5/20/2020)
切换到gvm用户
[root@localhost ~]# su - gvm
-bash: /opt/gvm/bin: 没有那个文件或目录
-bash: /opt/gvm/sbin: 没有那个文件或目录wget -O gvm-libs-11.0.1.tar.gz https://github.com/greenbone/gvm-libs/archive/v11.0.1.tar.gz
wget -O openvas-7.0.1.tar.gz https://github.com/greenbone/openvas/archive/v7.0.1.tar.gz
wget -O ospd-2.0.1.tar.gz https://github.com/greenbone/ospd/archive/v2.0.1.tar.gz 2
wget -O ospd-openvas-1.0.1.tar.gz https://github.com/greenbone/ospd-openvas/archive/v1.0.1.tar.gz
wget -O gvmd-9.0.1.tar.gz https://github.com/greenbone/gvmd/archive/v9.0.1.tar.gz
wget -O gsa-9.0.1.tar.gz https://github.com/greenbone/gsa/archive/v9.0.1.tar.gz
wget -O openvas-smb-1.0.5.tar.gz https://github.com/greenbone/openvas-smb/archive/v1.0.5.tar.gz13,解压源文件
[gvm@localhost src]$ find *.gz -exec tar xvfz {} \;14 构建gvm-libs包
gvm登录
export PKG_CONFIG_PATH=/opt/gvm/lib/pkgconfigcd gvm-libs-11.0.1/mkdir buildcd buildcmake .. -DCMAKE_INSTALL_PREFIX=/opt/gvmmakemake docmake install15,安装Heimdal。openvas-smb安装需要
root用户登录
cd /usr/local/src/
wget https://github.com/heimdal/heimdal/releases/download/heimdal-7.7.0/heimdal-7.7.0.tar.gz
tar xvfz heimdal-7.7.0.tar.gz
cd heimdal-7.7.0
./configure --enable-otp=no --prefix=/opt/heimdal
make
make installopenvas-smb code 希望使用(includedir)/heimdal/…
通过创建软链接实现
[root@localhost heimdal-7.7.0]# ln -s /opt/heimdal/include /opt/heimdal/include/heimdal16,增加heimdal 库到系统中
[root@localhost src]# echo /opt/heimdal/lib > /etc/ld.so.conf.d/heimdal.conf
[root@localhost src]# ldconfig17,openvas-smb((Note: PKG_CONFIG_PATH now adds where the heimdal goodies are too))
cd src/export PKG_CONFIG_PATH=/opt/gvm/lib/pkgconfig:/opt/heimdal/lib/pkgconfigcd openvas-smb-1.0.5/mkdir buildcd buildcmake .. -DCMAKE_INSTALL_PREFIX=/opt/gvmmakemake install18,scanner
修改CMakeList.txt文件,否则编辑时会出现以下错误。
错误:‘pcap_lookupdev’ is deprecated: use 'pcap_findalldevs' and use the first device [-Werror=deprecated-declarations]修改内容
注释216行,增加一行
set (CMAKE_C_FLAGS_DEBUG "${CMAKE_C_FLAGS_DEBUG} -Werror -Wno-error=deprecated-declarations")
vim CMakeLists.txt cd buildcmake .. -DCMAKE_INSTALL_PREFIX=/opt/gvmmakemake docmake install19,配置redis
使用root登录
cp /etc/redis.conf /etc/redis.conf.origcp /opt/gvm/src/openvas-7.0.1/config/redis-openvas.conf /etc/redis.confvim /etc/redis.confunixsocket /tmp/redis.sock
unixsocketperm 770
20 配置openvas 使用redis
gvm用户
echo db_address = /tmp/redis.sock > /opt/gvm/etc/openvas/openvas.confroot用户
systemctl enable redissystemctl start redis21 gvm添加到redis组(需要重启redis)
[root@localhost src]# usermod -aG redis gvm
[root@localhost src]# systemctl restart redis22,赋予gvm以root权限运行openvas,gsad。
增加以下三行
Defaults secure_path="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/snap/bin:/opt/gvm/sbin"
#Allow the user running ospd-openvas, to launch openvas with root permissions
gvm ALL = NOPASSWD: /opt/gvm/sbin/openvas
gvm ALL = NOPASSWD: /opt/gvm/sbin/gsad
23,修改一些系统设置
[root@localhost src]# echo net.core.somaxconn = 1024 >> /etc/sysctl.conf
[root@localhost src]# echo vm.overcommit_memory = 1 >> /etc/sysctl.conf
[root@localhost src]# sysctl -p
net.core.somaxconn = 1024
vm.overcommit_memory = 1
[root@localhost src]# ldconfig24 Synchronize nvt data
[gvm@localhost ~]$ greenbone-nvt-sync[gvm@localhost ~]$ find /opt/gvm/var/lib/openvas/plugins | wc -l
6130025 Update the vt info
[gvm@localhost bin]$ openvas --update-vt-info26 ,gvmd
使用root登录
ln -s /usr/include /usr/include/postgresql
(code wants “postgresql/libpq-fe.h”)
修改 CMakeLists.txt
增加-lpq参数
使用gvm用户
cd src/
ln -s /usr/include/ /usr/include/postgresql
cd gvmd-9.0.1/
vim CMakeLists.txt
export PKG_CONFIG_PATH=/opt/gvm/lib/pkgconfig
mkdir build
cd build
cmake .. -DCMAKE_INSTALL_PREFIX=/opt/gvm/ -DPostgreSQL_TYPE_INCLUDE_DIR=/usr/include/pgsql/server -DPostgreSQL_INCLUDE_DIR=/usr/include/pgsql/server -DPostgreSQL_LIBRARY=/usr/lib64/pgsql
make
make doc
make install27, Install yarn, a prerequisite for building gsa
root用户登录
[root@localhost opt]# npm install -g yarn
gvm用户
cd gsa-9.0.1/
export PKG_CONFIG_PATH=/opt/gvm/lib/pkgconfig
mkdir build
cd build
cmake .. -DCMAKE_INSTALL_PREFIX=/opt/gvm
make
make doc
make install greenbone-scapdata-sync greenbone-certdata-sync gvm-manage-certs -a创建python包安装目录
28,OSPd and OSPd-OpenVAS
export PYTHONPATH=/opt/gvm/lib/python3.6/site-packagesexport PKG_CONFIG_PATH=/opt/gvm/lib/pkgconfigcd ospd-2.0.1/python3 setup.py install --prefix=/opt/gvm cd ..export PYTHONPATH=/opt/gvm/lib/python3.6/site-packagesexport PKG_CONFIG_PATH=/opt/gvm/lib/pkgconfigcd ospd-openvas-1.0.1python3 setup.py install --prefix=/opt/gvm29,add install scripts
ospd.service
cat << EOF > /etc/systemd/system/ospd.service
[Unit]
Description=Job that runs the ospd-openvas daemon
Documentation=man:gvm
After=postgresql.service[Service]
Environment=PATH=/opt/gvm/bin/ospd-scanner/bin:/opt/gvm/bin:/opt/gvm/sbin:/opt/gvm/.local/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
Environment=PYTHONPATH=/opt/gvm/lib/python3.6/site-packages
Type=simple
User=gvm
Group=gvm
WorkingDirectory=/opt/gvm
PIDFile=/opt/gvm/var/run/ospd-openvas.pid
ExecStart=/usr/bin/python3 /opt/gvm/bin/ospd-openvas --pid-file /opt/gvm/var/run/ospd-openvas.pid --unix-socket /opt/gvm/var/run/ospd.sock --log-file /opt/gvm/var/log/gvm/ospd-openvas.log --lock-file-dir /opt/gvm/var/run[Install]
WantedBy=multi-user.target
EOFgvmd.service
cat << EOF > /etc/systemd/system/gvmd.service
[Unit]
Description=Job that runs the gvm daemon
Documentation=man:gvm
After=ospd.service[Service]
Type=forking
User=gvm
Group=gvm
PIDFile=/opt/gvm/var/run/gvmd.pid
WorkingDirectory=/opt/gvm
ExecStartPre=/bin/sleep 60
ExecStart=/opt/gvm/sbin/gvmd --osp-vt-update=/opt/gvm/var/run/ospd.sock[Install]
WantedBy=multi-user.target
EOFcat << EOF > /etc/systemd/system/gsad.service
[Unit]
Description=Job that runs the gsa daemon
Documentation=man:gsa
After=postgresql.service[Service]
Type=forking
PIDFile=/opt/gvm/var/run/gsad.pid
WorkingDirectory=/opt/gvm
ExecStart=/opt/gvm/sbin/gsad --listen=0.0.0.0
[Install]
WantedBy=multi-user.target
EOF30 生成pdf报告
root用户
install texlive-collection-fontsrecommended texlive-collection-latexrecommended texlive-changepage texlive-titlesec
mkdir -p /usr/share/texlive/texmf-local/tex/latex/comment
cd /usr/share/texlive/texmf-local/tex/latex/comment
wget http://mirrors.ctan.org/macros/latex/contrib/comment/comment.sty
chmod 644 comment.sty
texhash
history31,开机自启
AS ROOT:
systemctl daemon-reload
systemctl enable ospd
systemctl enable gvmd
systemctl enable gsad
32,运行服务
AS ROOT:
systemctl start ospd
systemctl start gvmd
systemctl start gsad
日志文件路径 /opt/gvm/var/log/gvm.
33 ,修改默认扫描器
gvmd --get-scanners
08b69003-5fc2-4037-a479-93b440211c73 OpenVAS /tmp/ospd.sock 0 OpenVAS Default
6acd0832-df90-11e4-b9d5-28d24461215b CVE 0 CVE
gvmd --modify-scanner=08b69003-5fc2-4037-a479-93b440211c73 --scanner-host=/opt/gvm/var/run/ospd.sock
Scanner modified.
gvmd --verify-scanner=08b69003-5fc2-4037-a479-93b440211c73
Scanner version: OpenVAS 7.0.1.
43,创建一个web用户
AS GVM:
gvmd --create-user admin
gvmd --user=admin --new-password=123456
默认使用80端口
http://ip。
一定要关闭selinux 和防火墙。
启动ospd服务
更新feeds
systemctl start ospd
systemctl status gvmd
systemctl status gsad
greenbone-certdata-sync
greenbone-scapdata-sync
greenbone-nvt-sync
GVM-11 centos8 源码安装指南(OpenVas)相关推荐
- 国产银河麒麟系统源码安装Openvas
国产麒麟系统源码安装Openvas 1.银河麒麟安装所需安装源 2.执行更新命令: 3.执行安装命令: 4.安装源码包libmicrohttpd-dev 5.从github下载openvas的源码包, ...
- 在龙芯3a5000处理器上进行qt-5.11.3源码编译流程与遇到的问题
1.环境说明 处理器:Loongson-3A5000M 统信桌面操作系统 Linux 注意网上很多帖写的都是适用于龙芯3a4000的,龙芯3a4000指令集是mips,龙芯3a5000指令集为Loon ...
- Linux0.11内核源码解析-setup.s
学习资料: Linux内核完全注释 操作系统真像还原 极客时间-Linux内核源码趣读 Linux0.11内核源码 ->setup程序将system模块从0x10000~0x8ffff整块向下移 ...
- 小米9开源linux内核,发布即开源:小米开源新机Mi 11内核源码
小米已开源最近发布的新机小米 11 的源码,小米 11 系统内核基于 Android R,源码已更新至小米手机内核的 GitHub 仓库,代号为 venus-r-oss. 由于 Android 系统是 ...
- Linux0.11内核源码解析-bootsect.s
学习资料: Linux内核完全注释 操作系统真像还原 极客时间-Linux内核源码趣读 Linux0.11内核源码 ->上电 ->80x86架构CPU会自动进入实模式 ->从地址0x ...
- linux suse11 sp3安装,SUSE Linux Enterprise Server 11 SP3源码安装R过程
SUSE Linux Enterprise Server 11 SP3源码编译安装R-3.2.2过程详解.suse上安装R,过程艰难,文章里的源码包版本都是自己安装时候所用的版本,不一定必须是该版本. ...
- linux0.11操作系统源码剖析fork.c
fork() 用于创建 一个新的进程,一次调用两次返回.父进程返回子进程的PID 子进程是 0. fork() 采用写时复制,也就是 创建的时候 就复制了页表,并没有实际的内存空间,子进程这个时候和父 ...
- Vue(v2.6.11)万行源码生啃,就硬刚!
前言 源码阅读可能会迟到,但是一定不会缺席! 众所周知,以下代码就是 vue 的一种直接上手方式.通过 cdn 可以在线打开 vue.js.一个文件,一万行源码,是万千开发者赖以生存的利器,它究竟做了 ...
- linux-0.11 内核源码学习笔记一(嵌入式汇编语法及使用)
linux内核源码虽然是用C写的,不过其中有很多用嵌入式汇编直接操作底层硬件的"宏函数",要想顺利的理解内核理论和具体实现逻辑,学会看嵌入式汇编是必修课,下面内容是学习过程中的笔记 ...
最新文章
- Python回调函数
- LeetCode 162. 寻找峰值
- 2021高考成绩查询镇远一中,【护航高考 消防同行】——镇远消防圆满完成高考期间消防安保任务...
- umijs 修改默认配置_UmiJS基础教程(2) 目录结构
- Google 如何设计与构建超大规模的软件系统
- hibernate一对多双向关联中怎么配置list
- JSON.parse() 和 JSON.stringify()使用
- python程序设计陈春晖答案_Python程序设计
- Jave2-Java音频视频编码器
- c语言简单程序过程,怎样编写一个简单的C语言程序的全过程
- 阿拉德之怒手游超详细图文架设教程
- 软件工程——总体设计与详细设计
- C语言也能干大事第十三节(如鹏基础)
- Matlab 实时录音(声卡)及频谱显示
- uni-app项目配置UrlSchemes在外部打开APP
- GANs奇思妙想TOP10榜单
- 仿微信二维码极速扫描(MLKit及CameraX初体验),安卓消息分发机制
- 强化学习1 高斯赛德尔迭代
- 微软确认:从4月13日起,Win10系统将强制卸载旧版Edge浏览器
- [SOLVED]Manjaro内核更新后,Nvidia驱动无法链接的问题