2022年10月25日 星期二

[研究]Greenbone GVM / OpenVAS 22.4.0弱點掃描工具安裝(atomic)(Rocky Linux 9)

[研究]Greenbone GVM / OpenVAS 22.4.0弱點掃描工具安裝(atomic)(Rocky Linux 9)

2022-10-25

Greenbone Vulnerability Management (GVM),

前身為 Open Vulnerability Assessment Scanner(OpenVAS)

安裝參考

https://github.com/Atomicorp/gvm

安裝摘要

su root

Install the Atomic Yum Repository
    wget -q -O - https://updates.atomicorp.com/installers/atomic | sudo sh

Install the GVM/openvas package
	# Redhat/Rocky/Centos 8 Only
	dnf config-manager --set-enabled powertools
	dnf install epel-release
	
	# Redhat/Rocky 9 Only
	dnf config-manager --set-enabled crb
    dnf install epel-release

	# 
	dnf install gvm
	
Configure openvas
    gvm-setup


實際狀況

[user1@localhost ~]$ su root
Password: 
[root@localhost user1]# wget -q -O - https://updates.atomicorp.com/installers/atomic | sudo sh

Atomic Free Unsupported Archive installer, version 7.0.2

BY INSTALLING THIS SOFTWARE AND BY USING ANY AND ALL SOFTWARE
PROVIDED BY ATOMICORP LIMITED YOU ACKNOWLEDGE AND AGREE:

THIS SOFTWARE AND ALL SOFTWARE PROVIDED IN THIS REPOSITORY IS 
PROVIDED BY ATOMICORP LIMITED AS IS, IS UNSUPPORTED AND ANY
EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL ATOMICORP LIMITED, THE
COPYRIGHT OWNER OR ANY CONTRIBUTOR TO ANY AND ALL SOFTWARE PROVIDED
BY OR PUBLISHED IN THIS REPOSITORY BE LIABLE FOR ANY DIRECT,
INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
(INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
OF THE POSSIBILITY OF SUCH DAMAGE.

For supported software packages please contact us at: 

  sales@atomicorp.com

Do you agree to these terms? (yes/no) [Default: yes] 

Configuring the [atomic] repo archive for this system 

Installing the Atomic GPG keys: OK

Downloading atomic-release-1.0-23.el9.art.noarch.rpm: 
Verifying...                          ################################# [100%]
Preparing...                          ################################# [100%]
Updating / installing...
   1:atomic-release-1.0-23.el9.art    ################################# [100%]

Enable repo by default? (yes/no) [Default: yes]: 


The Atomic repo has now been installed and configured for your system
The following channels are available:
  atomic          - [ACTIVATED] - contains the stable tree of ART packages
  atomic-testing  - [DISABLED]  - contains the testing tree of ART packages
  atomic-bleeding - [DISABLED]  - contains the development tree of ART packages


[root@localhost user1]# 


安裝 EPEL,安裝了2次,確認沒有其他要安裝的

[root@localhost ~]# dnf config-manager --set-enabled crb

[root@localhost ~]# yum install epel-release -y
Rocky Linux 9 - BaseOS                                                                                      1.4 kB/s | 3.6 kB     00:02    
Rocky Linux 9 - AppStream                                                                                   2.3 kB/s | 3.6 kB     00:01    
Rocky Linux 9 - CRB                                                                                          68 kB/s | 1.9 MB     00:28    
Package epel-release-9-4.el9.noarch is already installed.
Dependencies resolved.
Nothing to do.
Complete!
[root@localhost ~]# yum install epel-release -y
Last metadata expiration check: 0:01:13 ago on Tue 25 Oct 2022 09:24:49 AM CST.
Package epel-release-9-4.el9.noarch is already installed.
Dependencies resolved.
Nothing to do.
Complete!
[root@localhost ~]# 

安裝 GVM

[root@localhost ~]# dnf install gvm -y
                                              
(略...安裝3百多個套件)
Complete!

[root@localhost ~]# 

下面,執行設定時,要求先關閉 SELinux

[root@localhost ~]# gvm-setup

#####################################
GVM Setup, Version: 6.1.0
Atomicorp, Inc.
#####################################

Error: Selinux is set to (Enforcing)
  selinux must be disabled in order to use openvas
  exiting....
[root@localhost ~]# 



下面,以 root 權限修改 SELinux 設定檔案 ( 也可直接 sudo  vi  /etc/selinux/config   )

$  su  root
#  vi   /etc/selinux/config


# This file controls the state of SELinux on the system.
# SELINUX= can take one of these three values:
#     enforcing - SELinux security policy is enforced.
#     permissive - SELinux prints warnings instead of enforcing.
#     disabled - No SELinux policy is loaded.
SELINUX=disabled    <===  從 enforcing 改為 disabled
# SELINUXTYPE= can take one of three two values:
#     targeted - Targeted processes are protected,
#     minimum - Modification of targeted policy. Only selected processes are protected.
#     mls - Multi Level Security protection.
SELINUXTYPE=targeted    別改錯,改到這個了


重新啟動作業系統,讓 SELinux 生效
#  reboot

設定

[user1@localhost ~]$ su root
Password: 
[root@localhost user1]# cd
[root@localhost ~]# gvm-setup

#####################################
GVM Setup, Version: 6.1.0
Atomicorp, Inc.
#####################################

 * Initializing database in '/var/lib/pgsql/data'
 * Initialized, logs are in /var/lib/pgsql/initdb_postgresql.log
... (很長,很花時間,略;每年有數萬筆資料匯入)
Enter Administrator Password: 
Verify Administrator Password: 

Created symlink /etc/systemd/system/multi-user.target.wants/ospd-openvas.service → /usr/lib/systemd/system/ospd-openvas.service.
Created symlink /etc/systemd/system/multi-user.target.wants/notus-scanner.service → /usr/lib/systemd/system/notus-scanner.service.
Created symlink /etc/systemd/system/openvas-manager.service → /usr/lib/systemd/system/gvmd.service.
Created symlink /etc/systemd/system/multi-user.target.wants/gvmd.service → /usr/lib/systemd/system/gvmd.service.
Created symlink /etc/systemd/system/greenbone-security-assistant.service → /usr/lib/systemd/system/gsad.service.
Created symlink /etc/systemd/system/multi-user.target.wants/gsad.service → /usr/lib/systemd/system/gsad.service.
Created symlink /etc/systemd/system/multi-user.target.wants/mosquitto.service → /usr/lib/systemd/system/mosquitto.service.
success


#####################################
Setup complete
  Log in to GSAD at https://localhost
#####################################



[root@localhost ~]# 


安裝完成,可用瀏覽器連上  https://localhost

補:

/usr/sbin/greenbone-feed-sync --type SCAP success

Updating CERT data...

/usr/sbin/greenbone-feed-sync --type CERT

Greenbone community feed server - http://feed.community.greenbone.net/

This service is hosted by Greenbone Networks - http://www.greenbone.net/

If you have any questions, please use the Greenbone community portal. 

See https://community.greenbone.net for details.

********************************************************************************

補充:安裝時也可用 gvm* 代替 gvm,相關套件會全部安裝,或現在補安裝 (非必須)。

[root@localhost ~]# yum install gvm* -y  

這種安裝沒有安裝檢測功能

[root@localhost ~]# gvm-check-setup
bash: gvm-check-setup: command not found...
[root@localhost ~]# 







https://shaurong.blogspot.com/2022/10/greenbone-gvm-openvas-2240atomicrocky.html

(完)

相關

[研究]Greenbone GVM / OpenVAS 22.4.0弱點掃描工具安裝(atomic)(Rocky Linux 9)
https://shaurong.blogspot.com/2022/10/greenbone-gvm-openvas-2240atomicrocky.html

[研究]Greenbone GSM Trial  22.04.3 VM (OpenVAS/GCE) 弱點掃描工具虛擬機器
https://shaurong.blogspot.com/2022/10/greenbone-gsm-trial-22043-vm-openvasgce.html

[研究]Greenbone GSM Trial  21.04.15 VM (OpenVAS/GCE) 弱點掃描工具虛擬機器
https://shaurong.blogspot.com/2022/05/greenbone-gsm-trial-210415-vm-openvasgce.html

[研究]GVM / OpenVAS 21.4弱點掃描工具安裝(atomic)(CentOS Stream 8)
https://shaurong.blogspot.com/2022/05/gvm-openvas-214atomiccentos-stream-8.html

[研究]OpenVAS 21.4弱點掃描工具安裝(Fedora 35)
https://shaurong.blogspot.com/2022/05/openvas-214fedora-35.html

[研究]OpenVAS 21.4安裝(yum) gvm-setup 詳細資訊(CentOS Stream 8)
https://shaurong.blogspot.com/2022/05/openvas-214yum-gvm-setup-centos-stream-8.html

[研究] OpenVAS 21.4弱點掃描工具安裝(yum)(CentOS Stream 8)
https://shaurong.blogspot.com/2022/05/openvas-214yumcentos-stream-8.html

[研究] GSM Community Edition v4.2.17 (含 OpenVAS-9) 會掃描的網站路徑https://shaurong.blogspot.com/2018/06/gsm-community-edition-v4217-openvas-9_22.html

[研究] GSM Community Edition v4.2.17 (含 OpenVAS-9) .iso 安裝與試用
http://shaurong.blogspot.com/2018/06/gsm-community-edition-v4217-openvas-9.html

Greenbone Warning: SecInfo Database Missing
https://secinfo.greenbone.net/help/cpes.html?r=1&token=guest

OpenVAS SecInfo Database Missing
http://www.anjing.me/wiki/index.php?title=Openvas#SecInfo_Database_Missing

[研究] OpenVAS 9 安裝與使用(yum)(CentOS 7.5 x64)
http://shaurong.blogspot.com/2018/06/openvas-9-yumcentos-75-x64.html

[研究] OpenVAS 9 (iso)安裝
http://shaurong.blogspot.com/2017/06/openvas-9.html

[研究] OpenVAS-8 DEMO Virtual Appliance 1.0 安裝
http://shaurong.blogspot.com/2015/05/openvas-8-demo-virtual-appliance-10.html

[研究] OpenVAS-7 DEMO Virtual Appliance 2.4 安裝
http://shaurong.blogspot.com/2015/03/openvas-7-demo-virtual-appliance-24.html

[研究] OpenVAS 7 安裝與使用(yum)(CentOS 7.0 x64)
http://shaurong.blogspot.com/2014/11/openvas-7-yumcentos-70-x64.html

[研究] OpenVAS 6 安裝與使用(yum)(CentOS 7.0 x64)
http://shaurong.blogspot.com/2014/08/openvas-6-yumcentos-70-x64.html

[研究] OpenVAS 6.0 beta 5 安裝與使用(yum)(Fedora 20 x64)
http://shaurong.blogspot.com/2014/02/openvas-60-beta-5-yumfedora-20-x64.html

[研究] OpenVAS 安裝與使用(yum)(CentOS 6.5 x64)
http://shaurong.blogspot.com/2014/01/openvas-yumcentos-65-x64.html


沒有留言:

張貼留言