2022年5月21日 星期六

[研究]OpenVAS 21.4弱點掃描工具安裝(Fedora 35)

[研究]OpenVAS 21.4弱點掃描工具安裝(Fedora 35) 

2022-05-21

atomic提供各種作業系統版本的 OpenVAS 安裝,例如 CentOS, Fedora, Ubuntu, Windows, ...等,不然用 .tar.gz  Source Code 安裝其實很累的。
https://updates.atomicorp.com/channels/atomic/

Fedora 35 版 OpenVAS (尚未支援 Fedora 36)
https://www6.atomicorp.com/channels/atomic/fedora/35/x86_64/RPMS/

安裝說明
https://wiki.atomicorp.com/  (無法連上這個網站)
https://github.com/Atomicorp/gvm

Currently Supported Platforms

  • RedHat Enterprise Linux 8
  • Rocky Linux 8
  • Centos 8
  • Fedora 34
  • Fedora 35

Yum/DNF Automatic Installation

1.Install the Atomic Yum Repository

    wget -q -O - https://updates.atomicorp.com/installers/atomic | sudo sh

2.Install the GVM/openvas package

# Redhat/Rocky/Centos 8 Only

yum config-manager --set-enabled powertools

yum install epel-release

yum install gvm

3.Configure openvas

    gvm-setup

實際安裝狀況

[user1@fedora ~]$ su root
Password: 
su: Authentication failure

[user1@fedora ~]$ ping www.hinet.net
PING hinet-hp.cdn.hinet.net (210.59.185.2) 56(84) bytes of data.

64 bytes from 210-59-185-2.hinet-ip.hinet.net (210.59.185.2): icmp_seq=1 ttl=128 time=36.5 ms
64 bytes from 210-59-185-2.hinet-ip.hinet.net (210.59.185.2): icmp_seq=2 ttl=128 time=3.18 ms
64 bytes from 210-59-185-2.hinet-ip.hinet.net (210.59.185.2): icmp_seq=3 ttl=128 time=2.19 ms
^C
--- hinet-hp.cdn.hinet.net ping statistics ---
3 packets transmitted, 3 received, 0% packet loss, time 3043ms
rtt min/avg/max/mdev = 2.194/13.951/36.476/15.932 ms
[user1@fedora ~]$ 


xxxxx
[user1@fedora ~]$ wget -q -O - https://updates.atomicorp.com/installers/atomic | sudo sh

We trust you have received the usual lecture from the local System
Administrator. It usually boils down to these three things:

    #1) Respect the privacy of others.
    #2) Think before you type.
    #3) With great power comes great responsibility.

[sudo] password for user1: 

Atomic Free Unsupported Archive installer, version 6.0

BY INSTALLING THIS SOFTWARE AND BY USING ANY AND ALL SOFTWARE
PROVIDED BY ATOMICORP LIMITED YOU ACKNOWLEDGE AND AGREE:

THIS SOFTWARE AND ALL SOFTWARE PROVIDED IN THIS REPOSITORY IS 
PROVIDED BY ATOMICORP LIMITED AS IS, IS UNSUPPORTED AND ANY
EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL ATOMICORP LIMITED, THE
COPYRIGHT OWNER OR ANY CONTRIBUTOR TO ANY AND ALL SOFTWARE PROVIDED
BY OR PUBLISHED IN THIS REPOSITORY BE LIABLE FOR ANY DIRECT,
INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
(INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
OF THE POSSIBILITY OF SUCH DAMAGE.

For supported software packages please contact us at: 

  sales@atomicorp.com

Do you agree to these terms? (yes/no) [Default: yes] 

Configuring the [atomic] repo archive for this system 

Installing the Atomic GPG keys: OK

Downloading atomic-release-1.0-23.fc35.art.noarch.rpm: Verifying...                          ################################# [100%]
Preparing...                          ################################# [100%]
Updating / installing...
   1:atomic-release-1.0-23.fc35.art   ################################# [100%]
OK

Enable repo by default? (yes/no) [Default: yes]: 


The Atomic repo has now been installed and configured for your system
The following channels are available:
  atomic          - [ACTIVATED] - contains the stable tree of ART packages
  atomic-testing  - [DISABLED]  - contains the testing tree of ART packages
  atomic-bleeding - [DISABLED]  - contains the development tree of ART packages


[user1@fedora ~]$ 


sudo yum config-manager --set-enabled powertools 失敗,跳過不理會。
sudo yum install -y epel-release 失敗,跳過不理會。

[user1@fedora ~]$ yum config-manager --set-enabled powertools
Error: This command has to be run with superuser privileges (under the root user on most systems).

[user1@fedora ~]$ sudo yum config-manager --set-enabled powertools
Error: No matching repo to modify: powertools.

[user1@fedora ~]$ yum install -y epel-release
Error: This command has to be run with superuser privileges (under the root user on most systems).

[user1@fedora ~]$ sudo yum install -y epel-release
Fedora 35 - atomic                               18 kB/s |  94 kB     00:05    
Fedora 35 - x86_64                              4.0 MB/s |  79 MB     00:19    

Fedora 35 openh264 (From Cisco) - x86_64        494  B/s | 2.5 kB     00:05    
Fedora Modular 35 - x86_64                      1.5 MB/s | 3.3 MB     00:02    
Fedora 35 - x86_64 - Updates                    2.6 MB/s |  30 MB     00:11    
Fedora Modular 35 - x86_64 - Updates            1.2 MB/s | 3.1 MB     00:02    
No match for argument: epel-release
Error: Unable to find a match: epel-release
[user1@fedora ~]$ 

重點,開始安裝

[user1@fedora ~]$ sudo yum -y install gvm  

... (很長,略)

Complete!

[user1@fedora ~]$ 

設定,要先關 SELinux,Reboot 後才能進行

[user1@fedora ~]$  gvm-setup
bash: /usr/bin/gvm-setup: Permission denied

[user1@fedora ~]$ sudo gvm-setup
[sudo] password for user1: 

#####################################
GVM Setup, Version: 6.0.2
Atomicorp, Inc.
#####################################

Error: Selinux is set to (Enforcing)
  selinux must be disabled in order to use openvas
  exiting....
[user1@fedora ~]$ 

[user1@fedora ~]$ sudo vi /etc/sysconfig/selinux     
找到 SELINUX=enforcing 然後修改為 SELINUX=disabled 要重新開機 reboot / restart 後才會套用
[user1@fedora ~]$ sestatus SELinux status: enabled SELinuxfs mount: /sys/fs/selinux SELinux root directory: /etc/selinux Loaded policy name: targeted Current mode: permissive Mode from config file: disabled Policy MLS status: enabled Policy deny_unknown status: allowed Memory protection checking: actual (secure) Max kernel policy version: 33 [user1@fedora ~]$ reboot [user1@fedora ~]$ su root Password: su: Authentication failure [user1@fedora ~]$ sudo sestatus [sudo] password for user1: SELinux status: disabled [user1@fedora ~]$ sudo gvm-setup
#####################################
GVM Setup, Version: 6.0.2
Atomicorp, Inc.
#####################################

cannot access /var/lib/alternatives/python: No such file or directory
 * Initializing database in '/var/lib/pgsql/data'
 * Initialized, logs are in /var/lib/pgsql/initdb_postgresql.log
Created symlink /etc/systemd/system/multi-user.target.wants/postgresql.service → /usr/lib/systemd/system/postgresql.service.
Created symlink /etc/systemd/system/multi-user.target.wants/redis.service → /usr/lib/systemd/system/redis.service.
net.core.somaxconn = 1024
vm.overcommit_memory = 1

Update NVT, CERT, and SCAP data
Please note this step could take some time.
Once completed, this will be updated automatically every 24 hours


Updating NVTs....
/usr/bin/greenbone-nvt-sync
Greenbone community feed server - http://feed.community.greenbone.net/
This service is hosted by Greenbone Networks - http://www.greenbone.net/

All transactions are logged.

If you have any questions, please use the Greenbone community portal. 
See https://community.greenbone.net for details.

By using this service you agree to our terms and conditions.

...(略)

sha1sums
          1,532 100%    2.31kB/s    0:00:00 (xfr#27, to-chk=3/31)
sha256sums
          2,180 100%    3.28kB/s    0:00:00 (xfr#28, to-chk=2/31)
sha256sums.asc
            819 100%    1.05kB/s    0:00:00 (xfr#29, to-chk=1/31)
timestamp
             13 100%    0.02kB/s    0:00:00 (xfr#30, to-chk=0/31)

sent 685 bytes  received 85,298,798 bytes  963,835.97 bytes/sec
total size is 85,275,972  speedup is 1.00
/usr/sbin/greenbone-feed-sync --type CERT success


Updating OpenVAS Manager certificates: Complete

GVMD startup: Done

Set the GSAD admin users password.
The admin user is used to configure accounts,
Update NVT's manually, and manage roles.

Enter Administrator Password: 
Verify Administrator Password: 
Empty password not allowed.

Enter Administrator Password: (設定密碼)
Verify Administrator Password: (再輸入一次密碼)
Created symlink /etc/systemd/system/multi-user.target.wants/ospd-openvas.service → /usr/lib/systemd/system/ospd-openvas.service.
Created symlink /etc/systemd/system/openvas-manager.service → /usr/lib/systemd/system/gvmd.service.
Created symlink /etc/systemd/system/multi-user.target.wants/gvmd.service → /usr/lib/systemd/system/gvmd.service.
Created symlink /etc/systemd/system/greenbone-security-assistant.service → /usr/lib/systemd/system/gsad.service.
Created symlink /etc/systemd/system/multi-user.target.wants/gsad.service → /usr/lib/systemd/system/gsad.service.
success
success


#####################################
Setup complete
  Log in to GSAD at https://localhost
#####################################


[user1@fedora ~]$ 

瀏覽器連上 https://localhost/






居然出現 The SCAP database is required, 後來又設定一次,解決了。

[user1@fedora ~]$ sudo gvm-check-setup
[sudo] password for user1: 
sudo: gvm-check-setup: command not found  
[user1@fedora ~]$ 
[user1@fedora ~]$ sudo gvm-setup

F5更新瀏覽器畫面,正常了。



安裝完成。

(完)

沒有留言:

張貼留言