[研究]OpenVAS 21.4弱點掃描工具安裝(Fedora 35)
2022-05-21
atomic提供各種作業系統版本的 OpenVAS 安裝,例如 CentOS, Fedora, Ubuntu, Windows, ...等,不然用 .tar.gz Source Code 安裝其實很累的。
https://updates.atomicorp.com/channels/atomic/
Fedora 35 版 OpenVAS (尚未支援 Fedora 36)
https://www6.atomicorp.com/channels/atomic/fedora/35/x86_64/RPMS/
安裝說明
https://wiki.atomicorp.com/ (無法連上這個網站)
https://github.com/Atomicorp/gvm
Currently Supported Platforms
- RedHat Enterprise Linux 8
- Rocky Linux 8
- Centos 8
- Fedora 34
- Fedora 35
Yum/DNF Automatic Installation
1.Install the Atomic Yum Repository
wget -q -O - https://updates.atomicorp.com/installers/atomic | sudo sh
2.Install the GVM/openvas package
# Redhat/Rocky/Centos 8 Only
yum config-manager --set-enabled powertools
yum install epel-release
#
yum install gvm
3.Configure openvas
gvm-setup
實際安裝狀況
[user1@fedora ~]$ su root Password: su: Authentication failure [user1@fedora ~]$ ping www.hinet.net PING hinet-hp.cdn.hinet.net (210.59.185.2) 56(84) bytes of data. 64 bytes from 210-59-185-2.hinet-ip.hinet.net (210.59.185.2): icmp_seq=1 ttl=128 time=36.5 ms 64 bytes from 210-59-185-2.hinet-ip.hinet.net (210.59.185.2): icmp_seq=2 ttl=128 time=3.18 ms 64 bytes from 210-59-185-2.hinet-ip.hinet.net (210.59.185.2): icmp_seq=3 ttl=128 time=2.19 ms ^C --- hinet-hp.cdn.hinet.net ping statistics --- 3 packets transmitted, 3 received, 0% packet loss, time 3043ms rtt min/avg/max/mdev = 2.194/13.951/36.476/15.932 ms [user1@fedora ~]$ |
xxxxx
[user1@fedora ~]$ wget -q -O - https://updates.atomicorp.com/installers/atomic | sudo sh
We trust you have received the usual lecture from the local System
Administrator. It usually boils down to these three things:
#1) Respect the privacy of others.
#2) Think before you type.
#3) With great power comes great responsibility.
[sudo] password for user1:
Atomic Free Unsupported Archive installer, version 6.0
BY INSTALLING THIS SOFTWARE AND BY USING ANY AND ALL SOFTWARE
PROVIDED BY ATOMICORP LIMITED YOU ACKNOWLEDGE AND AGREE:
THIS SOFTWARE AND ALL SOFTWARE PROVIDED IN THIS REPOSITORY IS
PROVIDED BY ATOMICORP LIMITED AS IS, IS UNSUPPORTED AND ANY
EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL ATOMICORP LIMITED, THE
COPYRIGHT OWNER OR ANY CONTRIBUTOR TO ANY AND ALL SOFTWARE PROVIDED
BY OR PUBLISHED IN THIS REPOSITORY BE LIABLE FOR ANY DIRECT,
INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
(INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
OF THE POSSIBILITY OF SUCH DAMAGE.
For supported software packages please contact us at:
sales@atomicorp.com
Do you agree to these terms? (yes/no) [Default: yes]
Configuring the [atomic] repo archive for this system
Installing the Atomic GPG keys: OK
Downloading atomic-release-1.0-23.fc35.art.noarch.rpm: Verifying... ################################# [100%]
Preparing... ################################# [100%]
Updating / installing...
1:atomic-release-1.0-23.fc35.art ################################# [100%]
OK
Enable repo by default? (yes/no) [Default: yes]:
The Atomic repo has now been installed and configured for your system
The following channels are available:
atomic - [ACTIVATED] - contains the stable tree of ART packages
atomic-testing - [DISABLED] - contains the testing tree of ART packages
atomic-bleeding - [DISABLED] - contains the development tree of ART packages
[user1@fedora ~]$
|
sudo yum config-manager --set-enabled powertools 失敗,跳過不理會。
sudo yum install -y epel-release 失敗,跳過不理會。
[user1@fedora ~]$ yum config-manager --set-enabled powertools Error: This command has to be run with superuser privileges (under the root user on most systems). [user1@fedora ~]$ sudo yum config-manager --set-enabled powertools Error: No matching repo to modify: powertools. [user1@fedora ~]$ yum install -y epel-release Error: This command has to be run with superuser privileges (under the root user on most systems). [user1@fedora ~]$ sudo yum install -y epel-release Fedora 35 - atomic 18 kB/s | 94 kB 00:05 Fedora 35 - x86_64 4.0 MB/s | 79 MB 00:19 Fedora 35 openh264 (From Cisco) - x86_64 494 B/s | 2.5 kB 00:05 Fedora Modular 35 - x86_64 1.5 MB/s | 3.3 MB 00:02 Fedora 35 - x86_64 - Updates 2.6 MB/s | 30 MB 00:11 Fedora Modular 35 - x86_64 - Updates 1.2 MB/s | 3.1 MB 00:02 No match for argument: epel-release Error: Unable to find a match: epel-release [user1@fedora ~]$ |
重點,開始安裝
[user1@fedora ~]$ sudo yum -y install gvm
... (很長,略)
Complete!
[user1@fedora ~]$
|
設定,要先關 SELinux,Reboot 後才能進行
[user1@fedora ~]$ gvm-setup bash: /usr/bin/gvm-setup: Permission denied [user1@fedora ~]$ sudo gvm-setup [sudo] password for user1: ##################################### GVM Setup, Version: 6.0.2 Atomicorp, Inc. ##################################### Error: Selinux is set to (Enforcing) selinux must be disabled in order to use openvas exiting.... [user1@fedora ~]$ ##################################### GVM Setup, Version: 6.0.2 Atomicorp, Inc. ##################################### cannot access /var/lib/alternatives/python: No such file or directory * Initializing database in '/var/lib/pgsql/data' * Initialized, logs are in /var/lib/pgsql/initdb_postgresql.log Created symlink /etc/systemd/system/multi-user.target.wants/postgresql.service → /usr/lib/systemd/system/postgresql.service. Created symlink /etc/systemd/system/multi-user.target.wants/redis.service → /usr/lib/systemd/system/redis.service. net.core.somaxconn = 1024 vm.overcommit_memory = 1 Update NVT, CERT, and SCAP data Please note this step could take some time. Once completed, this will be updated automatically every 24 hours Updating NVTs.... /usr/bin/greenbone-nvt-sync Greenbone community feed server - http://feed.community.greenbone.net/ This service is hosted by Greenbone Networks - http://www.greenbone.net/ All transactions are logged. If you have any questions, please use the Greenbone community portal. See https://community.greenbone.net for details. By using this service you agree to our terms and conditions. ...(略) sha1sums 1,532 100% 2.31kB/s 0:00:00 (xfr#27, to-chk=3/31) sha256sums 2,180 100% 3.28kB/s 0:00:00 (xfr#28, to-chk=2/31) sha256sums.asc 819 100% 1.05kB/s 0:00:00 (xfr#29, to-chk=1/31) timestamp 13 100% 0.02kB/s 0:00:00 (xfr#30, to-chk=0/31) sent 685 bytes received 85,298,798 bytes 963,835.97 bytes/sec total size is 85,275,972 speedup is 1.00 /usr/sbin/greenbone-feed-sync --type CERT success Updating OpenVAS Manager certificates: Complete GVMD startup: Done Set the GSAD admin users password. The admin user is used to configure accounts, Update NVT's manually, and manage roles. Enter Administrator Password: Verify Administrator Password: Empty password not allowed. Enter Administrator Password: (設定密碼) Verify Administrator Password: (再輸入一次密碼) Created symlink /etc/systemd/system/multi-user.target.wants/ospd-openvas.service → /usr/lib/systemd/system/ospd-openvas.service. Created symlink /etc/systemd/system/openvas-manager.service → /usr/lib/systemd/system/gvmd.service. Created symlink /etc/systemd/system/multi-user.target.wants/gvmd.service → /usr/lib/systemd/system/gvmd.service. Created symlink /etc/systemd/system/greenbone-security-assistant.service → /usr/lib/systemd/system/gsad.service. Created symlink /etc/systemd/system/multi-user.target.wants/gsad.service → /usr/lib/systemd/system/gsad.service. success success ##################################### Setup complete Log in to GSAD at https://localhost ##################################### [user1@fedora ~]$ |
瀏覽器連上 https://localhost/
居然出現 The SCAP database is required, 後來又設定一次,解決了。
[user1@fedora ~]$ sudo gvm-check-setup
[sudo] password for user1:
sudo: gvm-check-setup: command not found
[user1@fedora ~]$
|
F5更新瀏覽器畫面,正常了。
安裝完成。
(完)
沒有留言:
張貼留言