2022年10月27日 星期四

[研究]Greenbone GVM / OpenVAS 22.4.0弱點掃描工具安裝(atomic)(Fedora 36)

[研究]Greenbone GVM / OpenVAS 22.4.0弱點掃描工具安裝(atomic)(Fedora 36)

2022-10-27

Greenbone Vulnerability Management (GVM),

前身為 Open Vulnerability Assessment Scanner(OpenVAS)

安裝參考

https://github.com/Atomicorp/gvm

安裝摘要 ( 雖然沒說支援 Fedora,但實際上測試可以)

su root

Install the Atomic Yum Repository
    wget -q -O - https://updates.atomicorp.com/installers/atomic | sudo sh

Install the GVM/openvas package
	# Redhat/Rocky/Centos 8 Only
	dnf config-manager --set-enabled powertools
	dnf install epel-release
	
	# Redhat/Rocky 9 Only
	dnf config-manager --set-enabled crb
    dnf install epel-release

	# 
	dnf install gvm
	
Configure openvas
    gvm-setup

Atomicorp 有 Fedora 36 資料
https://www6.atomicorp.com/channels/atomic/fedora/36/x86_64/RPMS/

實際狀況

[liveuser@localhost-live ~]$ su root

[root@localhost-live ~]$# wget -q -O - https://updates.atomicorp.com/installers/atomic | sudo sh

Atomic Free Unsupported Archive installer, version 7.0.2

BY INSTALLING THIS SOFTWARE AND BY USING ANY AND ALL SOFTWARE
PROVIDED BY ATOMICORP LIMITED YOU ACKNOWLEDGE AND AGREE:

THIS SOFTWARE AND ALL SOFTWARE PROVIDED IN THIS REPOSITORY IS 
PROVIDED BY ATOMICORP LIMITED AS IS, IS UNSUPPORTED AND ANY
EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL ATOMICORP LIMITED, THE
COPYRIGHT OWNER OR ANY CONTRIBUTOR TO ANY AND ALL SOFTWARE PROVIDED
BY OR PUBLISHED IN THIS REPOSITORY BE LIABLE FOR ANY DIRECT,
INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
(INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
OF THE POSSIBILITY OF SUCH DAMAGE.

For supported software packages please contact us at: 

  sales@atomicorp.com

Do you agree to these terms? (yes/no) [Default: yes] (直接按下 Enrer)

Configuring the [atomic] repo archive for this system 

Installing the Atomic GPG keys: OK

Downloading atomic-release-1.0-23.fc36.art.noarch.rpm: 
Verifying...                          ################################# [100%]
Preparing...                          ################################# [100%]
Updating / installing...
   1:atomic-release-1.0-23.fc36.art   ################################# [100%]

Enable repo by default? (yes/no) [Default: yes]:  (直接按下 Enrer)


The Atomic repo has now been installed and configured for your system
The following channels are available:
  atomic          - [ACTIVATED] - contains the stable tree of ART packages
  atomic-testing  - [DISABLED]  - contains the testing tree of ART packages
  atomic-bleeding - [DISABLED]  - contains the development tree of ART packages


[root@localhost-live ~]# 


安裝失敗的部分不管

安裝 EPEL,安裝了2次,確認沒有其他要安裝的

[root@localhost-live ~]# dnf config-manager --set-enabled crb
Error: No matching repo to modify: crb.
[root@localhost-live ~]# dnf config-manager --set-enabled powertools
Error: No matching repo to modify: powertools.
[root@localhost-live ~]# yum install -y epel-release
Fedora 36 - atomic                              8.9 kB/s | 102 kB     00:11    
Fedora 36 - x86_64                              5.0 MB/s |  81 MB     00:16    
Fedora 36 openh264 (From Cisco) - x86_64        873  B/s | 2.5 kB     00:02    
Fedora Modular 36 - x86_64                      1.0 MB/s | 2.4 MB     00:02    
Fedora 36 - x86_64 - Updates                    1.7 MB/s |  29 MB     00:17    
Fedora Modular 36 - x86_64 - Updates            1.4 MB/s | 2.8 MB     00:02    
No match for argument: epel-release
Error: Unable to find a match: epel-release
[root@localhost-live ~]# yum install -y epel-release
Last metadata expiration check: 0:00:29 ago on Thu 27 Oct 2022 12:31:48 AM EDT.
No match for argument: epel-release
Error: Unable to find a match: epel-release
[root@localhost-live ~]# 


安裝 GVM,結果根目錄空間不足

[root@localhost-live ~]# dnf install gvm -y
                                              
(略...安裝2千1百多個套件)
Error Summary
-------------
Disk Requirements:
   At least 652MB more space needed on the / filesystem.

[root@localhost-live ~]# 

[root@localhost-live ~]# df
Filesystem          1K-blocks    Used Available Use% Mounted on
devtmpfs                 4096       0      4096   0% /dev
tmpfs                 1988840      12   1988828   1% /dev/shm
tmpfs                  795536   10088    785448   2% /run
/dev/sr0              1970848 1970848         0 100% /run/initramfs/live
/dev/mapper/live-rw   7712908 6712224    984300  88% /
tmpfs                 1988840    2752   1986088   1% /tmp
vartmp                1988840       0   1988840   0% /var/tmp
tmpfs                  397768     156    397612   1% /run/user/1000
/dev/nvme0n1p2      103808000 3001548  99024724   3% /mnt/sysroot
/dev/nvme0n1p1         996780  175844    752124  19% /mnt/sysroot/boot
tmpfs                 1988840       0   1988840   0% /mnt/sysroot/dev/shm
/dev/nvme0n1p2      103808000 3001548  99024724   3% /mnt/sysroot/home
tmpfs                 1988840       0   1988840   0% /mnt/sysroot/tmp
[root@localhost-live ~]# 


原本 VM 的  HDD 是 100GB,重新做一個 1000GB 的 VM,重新安裝 Fedora,安裝一切


[user1@fedora ~]$ 

[user1@fedora ~]$ df
Filesystem      1K-blocks    Used  Available Use% Mounted on
devtmpfs             4096       0       4096   0% /dev
tmpfs             1988836       0    1988836   0% /dev/shm
tmpfs              795536    2548     792988   1% /run
/dev/nvme0n1p2 1047526400 3797772 1041957604   1% /
tmpfs             1988836     144    1988692   1% /tmp
/dev/nvme0n1p2 1047526400 3797772 1041957604   1% /home
/dev/nvme0n1p1     996780  175844     752124  19% /boot
tmpfs              397764     152     397612   1% /run/user/1000
/dev/sr0          1970848 1970848          0 100% /run/media/lu/Fedora-WS-Live-36-1-5
[user1@fedora ~]$ 

下面


[user1@fedora ~]$ sudo dnf install gvm -y
                                              
(略...安裝2千1百多個套件)
Complete!

[user1@fedora ~]$ 

下面,執行設定時,要求先關閉 SELinux

[root@localhost ~]# gvm-setup

#####################################
GVM Setup, Version: 6.1.0
Atomicorp, Inc.
#####################################

Error: Selinux is set to (Enforcing)
  selinux must be disabled in order to use openvas
  exiting....
[root@localhost ~]# 



下面,以 root 權限修改 SELinux 設定檔案 ( 也可直接 sudo  vi  /etc/selinux/config   )

[user1@fedora ~]$ sudo  vi   /etc/selinux/config


# This file controls the state of SELinux on the system.
# SELINUX= can take one of these three values:
#     enforcing - SELinux security policy is enforced.
#     permissive - SELinux prints warnings instead of enforcing.
#     disabled - No SELinux policy is loaded.
SELINUX=disabled    <===  從 enforcing 改為 disabled
# SELINUXTYPE= can take one of three two values:
#     targeted - Targeted processes are protected,
#     minimum - Modification of targeted policy. Only selected processes are protected.
#     mls - Multi Level Security protection.
SELINUXTYPE=targeted    別改錯,改到這個了


重新啟動作業系統,讓 SELinux 生效
[user1@fedora ~]$  reboot

設定

[user1@fedora ~]$ sudo gvm-setup
#####################################
GVM Setup, Version: 6.1.0
Atomicorp, Inc.
#####################################

 * Initializing database in '/var/lib/pgsql/data'
 * Initialized, logs are in /var/lib/pgsql/initdb_postgresql.log
... (很長,很花時間,略;每年有數萬筆資料匯入)
Enter Administrator Password: 
Verify Administrator Password: 

Created symlink /etc/systemd/system/multi-user.target.wants/ospd-openvas.service → /usr/lib/systemd/system/ospd-openvas.service.
Created symlink /etc/systemd/system/multi-user.target.wants/notus-scanner.service → /usr/lib/systemd/system/notus-scanner.service.
Created symlink /etc/systemd/system/openvas-manager.service → /usr/lib/systemd/system/gvmd.service.
Created symlink /etc/systemd/system/multi-user.target.wants/gvmd.service → /usr/lib/systemd/system/gvmd.service.
Created symlink /etc/systemd/system/greenbone-security-assistant.service → /usr/lib/systemd/system/gsad.service.
Created symlink /etc/systemd/system/multi-user.target.wants/gsad.service → /usr/lib/systemd/system/gsad.service.
Created symlink /etc/systemd/system/multi-user.target.wants/mosquitto.service → /usr/lib/systemd/system/mosquitto.service.
success


#####################################
Setup complete
  Log in to GSAD at https://localhost
#####################################

[user1@fedora ~]$  

安裝完成,可用瀏覽器連上  https://localhost

補:

/usr/sbin/greenbone-feed-sync --type SCAP success

Updating CERT data...

/usr/sbin/greenbone-feed-sync --type CERT

Greenbone community feed server - http://feed.community.greenbone.net/

This service is hosted by Greenbone Networks - http://www.greenbone.net/

If you have any questions, please use the Greenbone community portal. 

See https://community.greenbone.net for details.

********************************************************************************

補充:安裝時也可用 gvm* 代替 gvm,相關套件會全部安裝,或現在補安裝 (非必須)。

[root@localhost ~]# yum install gvm* -y  

這種安裝沒有安裝檢測功能

[root@localhost ~]# gvm-check-setup
bash: gvm-check-setup: command not found...
[root@localhost ~]# 








(完)

相關

[研究]Greenbone GVM / OpenVAS 22.4.0弱點掃描工具安裝(atomic)(Fedora 36)
https://shaurong.blogspot.com/2022/10/greenbone-gvm-openvas-2240atomicfedora.html

[研究]Greenbone GVM / OpenVAS 22.4.0弱點掃描工具安裝(atomic)(Rocky Linux 9)
https://shaurong.blogspot.com/2022/10/greenbone-gvm-openvas-2240atomicrocky.html

[研究]Greenbone GSM Trial  22.04.3 VM (OpenVAS/GCE) 弱點掃描工具虛擬機器
https://shaurong.blogspot.com/2022/10/greenbone-gsm-trial-22043-vm-openvasgce.html

[研究]Greenbone GSM Trial  21.04.15 VM (OpenVAS/GCE) 弱點掃描工具虛擬機器
https://shaurong.blogspot.com/2022/05/greenbone-gsm-trial-210415-vm-openvasgce.html

[研究]GVM / OpenVAS 21.4弱點掃描工具安裝(atomic)(CentOS Stream 8)
https://shaurong.blogspot.com/2022/05/gvm-openvas-214atomiccentos-stream-8.html

[研究]OpenVAS 21.4弱點掃描工具安裝(Fedora 35)
https://shaurong.blogspot.com/2022/05/openvas-214fedora-35.html

[研究]OpenVAS 21.4安裝(yum) gvm-setup 詳細資訊(CentOS Stream 8)
https://shaurong.blogspot.com/2022/05/openvas-214yum-gvm-setup-centos-stream-8.html

[研究] OpenVAS 21.4弱點掃描工具安裝(yum)(CentOS Stream 8)
https://shaurong.blogspot.com/2022/05/openvas-214yumcentos-stream-8.html

[研究] GSM Community Edition v4.2.17 (含 OpenVAS-9) 會掃描的網站路徑https://shaurong.blogspot.com/2018/06/gsm-community-edition-v4217-openvas-9_22.html

[研究] GSM Community Edition v4.2.17 (含 OpenVAS-9) .iso 安裝與試用
http://shaurong.blogspot.com/2018/06/gsm-community-edition-v4217-openvas-9.html

Greenbone Warning: SecInfo Database Missing
https://secinfo.greenbone.net/help/cpes.html?r=1&token=guest

OpenVAS SecInfo Database Missing
http://www.anjing.me/wiki/index.php?title=Openvas#SecInfo_Database_Missing

[研究] OpenVAS 9 安裝與使用(yum)(CentOS 7.5 x64)
http://shaurong.blogspot.com/2018/06/openvas-9-yumcentos-75-x64.html

[研究] OpenVAS 9 (iso)安裝
http://shaurong.blogspot.com/2017/06/openvas-9.html

[研究] OpenVAS-8 DEMO Virtual Appliance 1.0 安裝
http://shaurong.blogspot.com/2015/05/openvas-8-demo-virtual-appliance-10.html

[研究] OpenVAS-7 DEMO Virtual Appliance 2.4 安裝
http://shaurong.blogspot.com/2015/03/openvas-7-demo-virtual-appliance-24.html

[研究] OpenVAS 7 安裝與使用(yum)(CentOS 7.0 x64)
http://shaurong.blogspot.com/2014/11/openvas-7-yumcentos-70-x64.html

[研究] OpenVAS 6 安裝與使用(yum)(CentOS 7.0 x64)
http://shaurong.blogspot.com/2014/08/openvas-6-yumcentos-70-x64.html

[研究] OpenVAS 6.0 beta 5 安裝與使用(yum)(Fedora 20 x64)
http://shaurong.blogspot.com/2014/02/openvas-60-beta-5-yumfedora-20-x64.html

[研究] OpenVAS 安裝與使用(yum)(CentOS 6.5 x64)
http://shaurong.blogspot.com/2014/01/openvas-yumcentos-65-x64.html


沒有留言:

張貼留言