[研究]Greenbone GVM / OpenVAS 22.4.0弱點掃描工具安裝(atomic)(Rocky Linux 9)

[研究]Greenbone GVM / OpenVAS 22.4.0弱點掃描工具安裝(atomic)(Rocky Linux 9)

2022-10-25

Greenbone Vulnerability Management (GVM)，

前身為 Open Vulnerability Assessment Scanner(OpenVAS)

安裝參考

https://github.com/Atomicorp/gvm

安裝摘要

su root Install the Atomic Yum Repository wget -q -O - https://updates.atomicorp.com/installers/atomic | sudo sh Install the GVM/openvas package # Redhat/Rocky/Centos 8 Only dnf config-manager --set-enabled powertools dnf install epel-release # Redhat/Rocky 9 Only dnf config-manager --set-enabled crb dnf install epel-release # dnf install gvm Configure openvas gvm-setup

實際狀況

[user1@localhost ~]$ su root Password: [root@localhost user1]# wget -q -O - https://updates.atomicorp.com/installers/atomic | sudo sh Atomic Free Unsupported Archive installer, version 7.0.2 BY INSTALLING THIS SOFTWARE AND BY USING ANY AND ALL SOFTWARE PROVIDED BY ATOMICORP LIMITED YOU ACKNOWLEDGE AND AGREE: THIS SOFTWARE AND ALL SOFTWARE PROVIDED IN THIS REPOSITORY IS PROVIDED BY ATOMICORP LIMITED AS IS, IS UNSUPPORTED AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL ATOMICORP LIMITED, THE COPYRIGHT OWNER OR ANY CONTRIBUTOR TO ANY AND ALL SOFTWARE PROVIDED BY OR PUBLISHED IN THIS REPOSITORY BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. For supported software packages please contact us at: sales@atomicorp.com Do you agree to these terms? (yes/no) [Default: yes] Configuring the [atomic] repo archive for this system Installing the Atomic GPG keys: OK Downloading atomic-release-1.0-23.el9.art.noarch.rpm: Verifying... ################################# [100%] Preparing... ################################# [100%] Updating / installing... 1:atomic-release-1.0-23.el9.art ################################# [100%] Enable repo by default? (yes/no) [Default: yes]: The Atomic repo has now been installed and configured for your system The following channels are available: atomic - [ACTIVATED] - contains the stable tree of ART packages atomic-testing - [DISABLED] - contains the testing tree of ART packages atomic-bleeding - [DISABLED] - contains the development tree of ART packages [root@localhost user1]#

安裝 EPEL，安裝了2次，確認沒有其他要安裝的

[root@localhost ~]# dnf config-manager --set-enabled crb [root@localhost ~]# yum install epel-release -y Rocky Linux 9 - BaseOS 1.4 kB/s | 3.6 kB 00:02 Rocky Linux 9 - AppStream 2.3 kB/s | 3.6 kB 00:01 Rocky Linux 9 - CRB 68 kB/s | 1.9 MB 00:28 Package epel-release-9-4.el9.noarch is already installed. Dependencies resolved. Nothing to do. Complete! [root@localhost ~]# yum install epel-release -y Last metadata expiration check: 0:01:13 ago on Tue 25 Oct 2022 09:24:49 AM CST. Package epel-release-9-4.el9.noarch is already installed. Dependencies resolved. Nothing to do. Complete! [root@localhost ~]#

安裝 GVM

[root@localhost ~]# dnf install gvm -y (略...安裝3百多個套件) Complete! [root@localhost ~]#

下面，執行設定時，要求先關閉 SELinux

[root@localhost ~]# gvm-setup ##################################### GVM Setup, Version: 6.1.0 Atomicorp, Inc. ##################################### Error: Selinux is set to (Enforcing) selinux must be disabled in order to use openvas exiting.... [root@localhost ~]#

下面，以 root 權限修改 SELinux 設定檔案 ( 也可直接 sudo  vi  /etc/selinux/config   )

$ su root # vi /etc/selinux/config # This file controls the state of SELinux on the system. # SELINUX= can take one of these three values: # enforcing - SELinux security policy is enforced. # permissive - SELinux prints warnings instead of enforcing. # disabled - No SELinux policy is loaded. SELINUX=disabled <=== 從 enforcing 改為 disabled # SELINUXTYPE= can take one of three two values: # targeted - Targeted processes are protected, # minimum - Modification of targeted policy. Only selected processes are protected. # mls - Multi Level Security protection. SELINUXTYPE=targeted 別改錯，改到這個了 重新啟動作業系統，讓 SELinux 生效 # reboot

設定

[user1@localhost ~]$ su root Password: [root@localhost user1]# cd [root@localhost ~]# gvm-setup ##################################### GVM Setup, Version: 6.1.0 Atomicorp, Inc. ##################################### * Initializing database in '/var/lib/pgsql/data' * Initialized, logs are in /var/lib/pgsql/initdb_postgresql.log ... (很長，很花時間，略；每年有數萬筆資料匯入) Enter Administrator Password: Verify Administrator Password: Created symlink /etc/systemd/system/multi-user.target.wants/ospd-openvas.service → /usr/lib/systemd/system/ospd-openvas.service. Created symlink /etc/systemd/system/multi-user.target.wants/notus-scanner.service → /usr/lib/systemd/system/notus-scanner.service. Created symlink /etc/systemd/system/openvas-manager.service → /usr/lib/systemd/system/gvmd.service. Created symlink /etc/systemd/system/multi-user.target.wants/gvmd.service → /usr/lib/systemd/system/gvmd.service. Created symlink /etc/systemd/system/greenbone-security-assistant.service → /usr/lib/systemd/system/gsad.service. Created symlink /etc/systemd/system/multi-user.target.wants/gsad.service → /usr/lib/systemd/system/gsad.service. Created symlink /etc/systemd/system/multi-user.target.wants/mosquitto.service → /usr/lib/systemd/system/mosquitto.service. success ##################################### Setup complete Log in to GSAD at https://localhost ##################################### [root@localhost ~]#

安裝完成，可用瀏覽器連上  https://localhost

補：

/usr/sbin/greenbone-feed-sync --type SCAP success

Updating CERT data...

/usr/sbin/greenbone-feed-sync --type CERT

Greenbone community feed server - http://feed.community.greenbone.net/

This service is hosted by Greenbone Networks - http://www.greenbone.net/

If you have any questions, please use the Greenbone community portal. 

See https://community.greenbone.net for details.

********************************************************************************

補充：安裝時也可用 gvm* 代替 gvm，相關套件會全部安裝，或現在補安裝 (非必須)。

[root@localhost ~]# yum install gvm* -y

這種安裝沒有安裝檢測功能

[root@localhost ~]# gvm-check-setup bash: gvm-check-setup: command not found... [root@localhost ~]#

https://shaurong.blogspot.com/2022/10/greenbone-gvm-openvas-2240atomicrocky.html

(完)

相關

[研究]Greenbone GVM / OpenVAS 22.4.0弱點掃描工具安裝(atomic)(Rocky Linux 9)
https://shaurong.blogspot.com/2022/10/greenbone-gvm-openvas-2240atomicrocky.html

[研究]Greenbone GSM Trial  22.04.3 VM (OpenVAS/GCE) 弱點掃描工具虛擬機器
https://shaurong.blogspot.com/2022/10/greenbone-gsm-trial-22043-vm-openvasgce.html

[研究]Greenbone GSM Trial  21.04.15 VM (OpenVAS/GCE) 弱點掃描工具虛擬機器
https://shaurong.blogspot.com/2022/05/greenbone-gsm-trial-210415-vm-openvasgce.html

[研究]GVM / OpenVAS 21.4弱點掃描工具安裝(atomic)(CentOS Stream 8)
https://shaurong.blogspot.com/2022/05/gvm-openvas-214atomiccentos-stream-8.html

[研究]OpenVAS 21.4弱點掃描工具安裝(Fedora 35)
https://shaurong.blogspot.com/2022/05/openvas-214fedora-35.html

[研究]OpenVAS 21.4安裝(yum) gvm-setup 詳細資訊(CentOS Stream 8)
https://shaurong.blogspot.com/2022/05/openvas-214yum-gvm-setup-centos-stream-8.html

[研究] OpenVAS 21.4弱點掃描工具安裝(yum)(CentOS Stream 8)
https://shaurong.blogspot.com/2022/05/openvas-214yumcentos-stream-8.html

[研究] GSM Community Edition v4.2.17 (含 OpenVAS-9) 會掃描的網站路徑https://shaurong.blogspot.com/2018/06/gsm-community-edition-v4217-openvas-9_22.html

[研究] GSM Community Edition v4.2.17 (含 OpenVAS-9) .iso 安裝與試用
http://shaurong.blogspot.com/2018/06/gsm-community-edition-v4217-openvas-9.html

Greenbone Warning: SecInfo Database Missing
https://secinfo.greenbone.net/help/cpes.html?r=1&token=guest

OpenVAS SecInfo Database Missing
http://www.anjing.me/wiki/index.php?title=Openvas#SecInfo_Database_Missing

[研究] OpenVAS 9 安裝與使用(yum)(CentOS 7.5 x64)
http://shaurong.blogspot.com/2018/06/openvas-9-yumcentos-75-x64.html

[研究] OpenVAS 9 (iso)安裝
http://shaurong.blogspot.com/2017/06/openvas-9.html

[研究] OpenVAS-8 DEMO Virtual Appliance 1.0 安裝
http://shaurong.blogspot.com/2015/05/openvas-8-demo-virtual-appliance-10.html

[研究] OpenVAS-7 DEMO Virtual Appliance 2.4 安裝
http://shaurong.blogspot.com/2015/03/openvas-7-demo-virtual-appliance-24.html

[研究] OpenVAS 7 安裝與使用(yum)(CentOS 7.0 x64)
http://shaurong.blogspot.com/2014/11/openvas-7-yumcentos-70-x64.html

[研究] OpenVAS 6 安裝與使用(yum)(CentOS 7.0 x64)
http://shaurong.blogspot.com/2014/08/openvas-6-yumcentos-70-x64.html

[研究] OpenVAS 6.0 beta 5 安裝與使用(yum)(Fedora 20 x64)
http://shaurong.blogspot.com/2014/02/openvas-60-beta-5-yumfedora-20-x64.html

[研究] OpenVAS 安裝與使用(yum)(CentOS 6.5 x64)
http://shaurong.blogspot.com/2014/01/openvas-yumcentos-65-x64.html