GVM-11 centos8 源码安装指南(OpenVas)_openvas centos8

参考文章：https://community.greenbone.net/t/full-gvm-11-build-guide-for-centos-8/5425

原文有各别不对地方，但根据原文，安装成功，并能正确进行漏洞扫描。非常感谢原文作者辛苦付出。这里做一下安装记录，不对的地方请指出。

安装的操作系统:CentOS Linux release 8.1.1911 (Core) ，CPU: 4核，内存 4G，

1，python 3 环境安装设置

使用root登录

默认python3已安装

[root@localhost ~]# yum install python3

设置默认python命令，选择2。

[root@localhost ~]# alternatives --config python
 
共有 2 个提供“python”的程序。
 
  选项    命令
-----------------------------------------------
*  1           /usr/libexec/no-python
 + 2           /usr/bin/python3
 
按 Enter 保留当前选项[+]，或者键入选项编号：2

2，安装EPEL Repository yum 源

[root@localhost ~]# yum install epel-release

3，启用 Centos-Powertools repository 源

[root@localhost ~]# yum config-manager --set-enabled PowerTools 

4，安装开发工具包  (includes gcc and a whole bunch of stuff for compiling and building things)

[root@localhost ~]# yum groupinstall -y "development tools"

5，安装必需的开发包，cmake redis (most come from Centos-Base, a few come from EPEL and Centos-PowerTools) 

[root@localhost ~]# yum install -y cmake glib2-devel zlib-devel gnutls-devel libuuid-devel libssh-devel libxml2-devel libgcrypt-devel openldap-devel popt-devel redis libical-devel openssl-devel hiredis-devel radcli-devel gpgme-devel libksba-devel doxygen libpcap-devel nodejs python3-polib libmicrohttpd-devel gnutls-utils python3-devel libpq-devel texinfo xmltoman nmap sshpass socat mingw32-gcc ncurses-devel

6，安装postgres数据库

 
[root@localhost ~]# yum install -y postgresql-server postgresql-contrib postgresql-server-devel

[root@localhost ~]# /usr/bin/postgresql-setup --initdb
 * Initializing database in '/var/lib/pgsql/data'
 * Initialized, logs are in /var/lib/pgsql/initdb_postgresql.log

 

7，配置postgres 数据库(not secure, on to-do list is to configure this with a password…

[root@localhost ~]# sudo -Hiu postgres
[postgres@localhost ~]$ createuser gvm
[postgres@localhost ~]$ createdb -O gvm gvmd
[postgres@localhost ~]$ psql gvmd
psql (10.6)
输入 "help" 来获取帮助信息.
 
gvmd=# create role dba with superuser noinherit;
CREATE ROLE
gvmd=# grant dba to gvm;
GRANT ROLE
gvmd=# create extension "uuid-ossp";
gvmd=# create  extension "pgcrypto"; 
CREATE EXTENSION
gvmd=# \q
[postgres@localhost ~]$ 

 8，增加gvm动态运行库配置文件

[root@localhost ~]# echo /opt/gvm/lib > /etc/ld.so.conf.d/gvm.conf  
[root@localhost ~]# cat /etc/ld.so.conf.d/gvm.conf
/opt/gvm/lib
[root@localhost ~]# ldconfig

9，增加一个无特权gvm用户和创建程序运行目录

[root@localhost ~]# useradd -r -d /opt/gvm -c "GVM(OpenVas)User" -s /bin/bash gvm
[root@localhost ~]# mkdir /opt/gvm
[root@localhost ~]# mkdir /opt/gvm/src
[root@localhost ~]# chown -R gvm:gvm /opt/gvm

10，增加gvm命令环境变量。在/etc/profile最后增加

#add gvm path PATH to /etc/profile
export PATH=$PATH:/opt/gvm/bin 
export PATH=$PATH:/opt/gvm/sbin 

12，下载源码包（GVM-11 stable as of 5/20/2020）

切换到gvm用户

[root@localhost ~]# su - gvm
-bash: /opt/gvm/bin: 没有那个文件或目录
-bash: /opt/gvm/sbin: 没有那个文件或目录

wget -O gvm-libs-11.0.1.tar.gz https://github.com/greenbone/gvm-libs/archive/v11.0.1.tar.gz
wget -O openvas-7.0.1.tar.gz https://github.com/greenbone/openvas/archive/v7.0.1.tar.gz
wget -O ospd-2.0.1.tar.gz https://github.com/greenbone/ospd/archive/v2.0.1.tar.gz 2
wget -O ospd-openvas-1.0.1.tar.gz https://github.com/greenbone/ospd-openvas/archive/v1.0.1.tar.gz
wget -O gvmd-9.0.1.tar.gz https://github.com/greenbone/gvmd/archive/v9.0.1.tar.gz
wget -O gsa-9.0.1.tar.gz https://github.com/greenbone/gsa/archive/v9.0.1.tar.gz
wget -O openvas-smb-1.0.5.tar.gz https://github.com/greenbone/openvas-smb/archive/v1.0.5.tar.gz

13,解压源文件

[gvm@localhost src]$ find *.gz  -exec tar xvfz {} \;

14 构建gvm-libs包

gvm登录

 export PKG_CONFIG_PATH=/opt/gvm/lib/pkgconfig
 cd gvm-libs-11.0.1/
 mkdir build
 cd build
 cmake ..  -DCMAKE_INSTALL_PREFIX=/opt/gvm
 make
 make doc
 make install

15，安装Heimdal。openvas-smb安装需要

root用户登录

cd /usr/local/src/
wget https://github.com/heimdal/heimdal/releases/download/heimdal-7.7.0/heimdal-7.7.0.tar.gz
tar xvfz heimdal-7.7.0.tar.gz
cd heimdal-7.7.0
./configure --enable-otp=no --prefix=/opt/heimdal
make
make install

openvas-smb code 希望使用(includedir)/heimdal/…

通过创建软链接实现

[root@localhost heimdal-7.7.0]# ln -s /opt/heimdal/include /opt/heimdal/include/heimdal

16，增加heimdal 库到系统中

[root@localhost src]# echo /opt/heimdal/lib > /etc/ld.so.conf.d/heimdal.conf  
[root@localhost src]# ldconfig

17,openvas-smb((Note: PKG_CONFIG_PATH now adds where the heimdal goodies are too))

 cd src/
 export PKG_CONFIG_PATH=/opt/gvm/lib/pkgconfig:/opt/heimdal/lib/pkgconfig
 cd openvas-smb-1.0.5/
 mkdir build
 cd build
 cmake .. -DCMAKE_INSTALL_PREFIX=/opt/gvm
 make
 make install

18,scanner

修改CMakeList.txt文件，否则编辑时会出现以下错误。

 

 错误：‘pcap_lookupdev’ is deprecated: use 'pcap_findalldevs' and use the first device [-Werror=deprecated-declarations]

修改内容

注释216行，增加一行

set (CMAKE_C_FLAGS_DEBUG        "${CMAKE_C_FLAGS_DEBUG} -Werror -Wno-error=deprecated-declarations")

 

 

 vim CMakeLists.txt 
 cd build
 cmake .. -DCMAKE_INSTALL_PREFIX=/opt/gvm
 make
 make doc
 make  install

19,配置redis

使用root登录

 cp /etc/redis.conf /etc/redis.conf.orig
 cp /opt/gvm/src/openvas-7.0.1/config/redis-openvas.conf /etc/redis.conf
 vim /etc/redis.conf

unixsocket /tmp/redis.sock
unixsocketperm 770

20  配置openvas 使用redis

gvm用户

echo db_address = /tmp/redis.sock > /opt/gvm/etc/openvas/openvas.conf

root用户

 systemctl enable redis
 systemctl start redis

21 gvm添加到redis组（需要重启redis)

 

[root@localhost src]# usermod -aG redis gvm
[root@localhost src]# systemctl restart redis

22,赋予gvm以root权限运行openvas,gsad。

增加以下三行

Defaults secure_path="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/snap/bin:/opt/gvm/sbin"

#Allow the user running ospd-openvas, to launch openvas with root permissions
gvm ALL = NOPASSWD: /opt/gvm/sbin/openvas
gvm ALL = NOPASSWD: /opt/gvm/sbin/gsad

 23，修改一些系统设置

[root@localhost src]# echo net.core.somaxconn = 1024 >> /etc/sysctl.conf  
[root@localhost src]# echo vm.overcommit_memory = 1 >> /etc/sysctl.conf  
[root@localhost src]# sysctl -p
net.core.somaxconn = 1024
vm.overcommit_memory = 1
[root@localhost src]# ldconfig

24 Synchronize nvt data

[gvm@localhost ~]$ greenbone-nvt-sync
 
[gvm@localhost ~]$ find /opt/gvm/var/lib/openvas/plugins | wc -l
61300

25 Update the vt info

[gvm@localhost bin]$ openvas --update-vt-info

26 ,gvmd

使用root登录
ln -s /usr/include /usr/include/postgresql
(code wants “postgresql/libpq-fe.h”)

修改   CMakeLists.txt 

增加-lpq参数

 使用gvm用户

cd src/
ln -s /usr/include/ /usr/include/postgresql
cd gvmd-9.0.1/
vim CMakeLists.txt 
export PKG_CONFIG_PATH=/opt/gvm/lib/pkgconfig
mkdir build
cd build
cmake .. -DCMAKE_INSTALL_PREFIX=/opt/gvm/ -DPostgreSQL_TYPE_INCLUDE_DIR=/usr/include/pgsql/server -DPostgreSQL_INCLUDE_DIR=/usr/include/pgsql/server -DPostgreSQL_LIBRARY=/usr/lib64/pgsql
make
make doc
make install

27， Install yarn, a prerequisite for building gsa

root用户登录

[root@localhost opt]# npm install -g yarn

 

gvm用户

cd gsa-9.0.1/
export PKG_CONFIG_PATH=/opt/gvm/lib/pkgconfig
mkdir build
cd build
cmake .. -DCMAKE_INSTALL_PREFIX=/opt/gvm
make
make doc
make install

 greenbone-scapdata-sync 
 greenbone-certdata-sync 
 gvm-manage-certs -a

创建python包安装目录

28,OSPd and OSPd-OpenVAS

  export PYTHONPATH=/opt/gvm/lib/python3.6/site-packages
  export PKG_CONFIG_PATH=/opt/gvm/lib/pkgconfig
  cd ospd-2.0.1/
  python3 setup.py install --prefix=/opt/gvm

  cd ..
  export PYTHONPATH=/opt/gvm/lib/python3.6/site-packages
  export PKG_CONFIG_PATH=/opt/gvm/lib/pkgconfig
  cd ospd-openvas-1.0.1
  python3 setup.py install --prefix=/opt/gvm

29,add install scripts

ospd.service

cat << EOF > /etc/systemd/system/ospd.service
[Unit]
Description=Job that runs the ospd-openvas daemon
Documentation=man:gvm
After=postgresql.service
 
[Service]
Environment=PATH=/opt/gvm/bin/ospd-scanner/bin:/opt/gvm/bin:/opt/gvm/sbin:/opt/gvm/.local/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
Environment=PYTHONPATH=/opt/gvm/lib/python3.6/site-packages
Type=simple
User=gvm
Group=gvm
WorkingDirectory=/opt/gvm
PIDFile=/opt/gvm/var/run/ospd-openvas.pid
ExecStart=/usr/bin/python3 /opt/gvm/bin/ospd-openvas --pid-file /opt/gvm/var/run/ospd-openvas.pid --unix-socket /opt/gvm/var/run/ospd.sock --log-file /opt/gvm/var/log/gvm/ospd-openvas.log --lock-file-dir /opt/gvm/var/run
 
[Install]
WantedBy=multi-user.target
EOF

gvmd.service 

cat << EOF > /etc/systemd/system/gvmd.service
[Unit]
Description=Job that runs the gvm daemon
Documentation=man:gvm
After=ospd.service
 
[Service]
Type=forking
User=gvm
Group=gvm
PIDFile=/opt/gvm/var/run/gvmd.pid
WorkingDirectory=/opt/gvm
ExecStartPre=/bin/sleep 60
ExecStart=/opt/gvm/sbin/gvmd --osp-vt-update=/opt/gvm/var/run/ospd.sock
 
[Install]
WantedBy=multi-user.target
EOF

cat << EOF > /etc/systemd/system/gsad.service
[Unit]
Description=Job that runs the gsa daemon
Documentation=man:gsa
After=postgresql.service
 
[Service]
Type=forking
PIDFile=/opt/gvm/var/run/gsad.pid
WorkingDirectory=/opt/gvm
ExecStart=/opt/gvm/sbin/gsad --listen=0.0.0.0
[Install]
WantedBy=multi-user.target
EOF

30 生成pdf报告

root用户

install texlive-collection-fontsrecommended texlive-collection-latexrecommended texlive-changepage texlive-titlesec
mkdir -p /usr/share/texlive/texmf-local/tex/latex/comment
cd /usr/share/texlive/texmf-local/tex/latex/comment
wget http://mirrors.ctan.org/macros/latex/contrib/comment/comment.sty
chmod 644 comment.sty
texhash
history

31,开机自启

AS ROOT:
systemctl daemon-reload
systemctl enable ospd
systemctl enable gvmd
systemctl enable gsad

32,运行服务

AS ROOT:
systemctl start ospd
systemctl start gvmd
systemctl start gsad

日志文件路径  /opt/gvm/var/log/gvm.

33 ，修改默认扫描器

gvmd --get-scanners
08b69003-5fc2-4037-a479-93b440211c73 OpenVAS /tmp/ospd.sock 0 OpenVAS Default
6acd0832-df90-11e4-b9d5-28d24461215b CVE 0 CVE
gvmd --modify-scanner=08b69003-5fc2-4037-a479-93b440211c73 --scanner-host=/opt/gvm/var/run/ospd.sock
Scanner modified.
gvmd --verify-scanner=08b69003-5fc2-4037-a479-93b440211c73
Scanner version: OpenVAS 7.0.1.

 

43，创建一个web用户

AS GVM:
gvmd --create-user admin
gvmd --user=admin --new-password=123456

 

默认使用80端口

http://ip。

一定要关闭selinux 和防火墙。

 

启动ospd服务

 

更新feeds

systemctl start ospd

systemctl status gvmd

systemctl status gsad

 

 

greenbone-certdata-sync 
greenbone-scapdata-sync 
 greenbone-nvt-sync