Ubuntu2204安装OpenVas【译+一些适配上的见解】
译自:https://medium.com/@raivishnu1013/install-openvas-gvm-22-4-0-on-ubuntu-22-04-e351fd132a1b
要在 Ubuntu 22.4.0 中安装 GVM 22.04 而没有任何问题,请在您的计算机中打开一个终端,然后按照本指南进行作。如果您仍然遇到一些问题,请随时发表评论。此外,所有服务都有类似的构建方式,所以我只会解释第一个部分,您可以直接复制和粘贴命令,如果您仍然想知道一些我想提及的内容,评论部分仅供您参考,请让我知道:)
推荐一定要科学上网,否则真的很慢
创建新用户
sudo useradd -r -M -U -G sudo -s /usr/sbin/nologin gvm
将用户添加到 gvmd 组
sudo usermod -aG gvm $USER
su $USER
设置 PATH 环境
export PATH=$PATH:/usr/local/sbin
设置 Installation Prefix 环境变量
export INSTALL_PREFIX=/usr/local
选择源码目录、构建目录和安装目录
export SOURCE_DIR=$HOME/source
mkdir -p $SOURCE_DIR
export BUILD_DIR=$HOME/build
mkdir -p $BUILD_DIR
export INSTALL_DIR=$HOME/install
mkdir -p $INSTALL_DIR
下载并安装以下依赖项:
sudo apt update
sudo apt install –no-install-recommends –assume-yes
build-essential
curl
cmake
pkg-config
python3
python3-pip
gnupg
导入 greenbone 密钥
curl -f -L https://www.greenbone.net/GBCommunitySigningKey.asc -o /tmp/GBCommunitySigningKey.asc
gpg –import /tmp/GBCommunitySigningKey.asc
echo “8AE4BE429B60A59B311C2E739823FAA60ED1E580:6:” > /tmp/ownertrust.txt
gpg –import-ownertrust < /tmp/ownertrust.txt
将 GVM 版本设置为如果不设置版本,下载可能会出现问题。(版本可以稍后更改)
export GVM_VERSION=22.4.0
配置 gvm-libs
export GVM_LIBS_VERSION=$GVM_VERSION
sudo apt install -y
libglib2.0-dev
libgpgme-dev
libgnutls28-dev
uuid-dev
libssh-gcrypt-dev
libhiredis-dev
libxml2-dev
libpcap-dev
libnet1-dev
libpaho-mqtt-dev
libldap2-dev
libradcli-dev
curl -f -L https://github.com/greenbone/gvm-libs/archive/refs/tags/v$GVM_LIBS_VERSION.tar.gz -o $SOURCE_DIR/gvm-libs-$GVM_LIBS_VERSION.tar.gz
curl -f -L https://github.com/greenbone/gvm-libs/releases/download/v$GVM_LIBS_VERSION/gvm-libs-$GVM_LIBS_VERSION.tar.gz.asc -o $SOURCE_DIR/gvm-libs-$GVM_LIBS_VERSION.tar.gz.asc
gpg –verify $SOURCE_DIR/gvm-libs-$GVM_LIBS_VERSION.tar.gz.asc $SOURCE_DIR/gvm-libs-$GVM_LIBS_VERSION.tar.gz
tar -C $SOURCE_DIR -xvzf $SOURCE_DIR/gvm-libs-$GVM_LIBS_VERSION.tar.gz
mkdir -p $BUILD_DIR/gvm-libs && cd $BUILD_DIR/gvm-libs
mkdir -p $BUILD_DIR/gvm-libs && cd $BUILD_DIR/gvm-libs
cmake $SOURCE_DIR/gvm-libs-$GVM_LIBS_VERSION
-DCMAKE_INSTALL_PREFIX=$INSTALL_PREFIX
-DCMAKE_BUILD_TYPE=Release
-DSYSCONFDIR=/etc
-DLOCALSTATEDIR=/var
make -j$(nproc)
make DESTDIR=$INSTALL_DIR install
sudo cp -rv $INSTALL_DIR/* /
配置 gvmd
export GVMD_VERSION=$GVM_VERSION
sudo apt install -y
libglib2.0-dev
libgnutls28-dev
libpq-dev
postgresql-server-dev-14
libical-dev
xsltproc
rsync
libbsd-dev
libgpgme-dev
sudo apt install -y –no-install-recommends
texlive-latex-extra
texlive-fonts-recommended
xmlstarlet
zip
rpm
fakeroot
dpkg
nsis
gnupg
gpgsm
wget
sshpass
openssh-client
socat
snmp
python3
smbclient
python3-lxml
gnutls-bin
xml-twig-tools
curl -f -L https://github.com/greenbone/gvmd/archive/refs/tags/v$GVMD_VERSION.tar.gz -o $SOURCE_DIR/gvmd-$GVMD_VERSION.tar.gz
curl -f -L https://github.com/greenbone/gvmd/releases/download/v$GVMD_VERSION/gvmd-$GVMD_VERSION.tar.gz.asc -o $SOURCE_DIR/gvmd-$GVMD_VERSION.tar.gz.asc
gpg –verify $SOURCE_DIR/gvmd-$GVMD_VERSION.tar.gz.asc $SOURCE_DIR/gvmd-$GVMD_VERSION.tar.gz
tar -C $SOURCE_DIR -xvzf $SOURCE_DIR/gvmd-$GVMD_VERSION.tar.gz
mkdir -p $BUILD_DIR/gvmd && cd $BUILD_DIR/gvmd
cmake $SOURCE_DIR/gvmd-$GVMD_VERSION
-DCMAKE_INSTALL_PREFIX=$INSTALL_PREFIX
-DCMAKE_BUILD_TYPE=Release
-DLOCALSTATEDIR=/var
-DSYSCONFDIR=/etc
-DGVM_DATA_DIR=/var
-DGVMD_RUN_DIR=/run/gvmd
-DOPENVAS_DEFAULT_SOCKET=/run/ospd/ospd-openvas.sock
-DGVM_FEED_LOCK_PATH=/var/lib/gvm/feed-update.lock
-DSYSTEMD_SERVICE_DIR=/lib/systemd/system
-DLOGROTATE_DIR=/etc/logrotate.d
-DPostgreSQL_TYPE_INCLUDE_DIR=/usr/include/postgresql
make -j$(nproc)
make DESTDIR=$INSTALL_DIR install
sudo cp -rv $INSTALL_DIR/* /
配置 pg-gvm
export PG_GVM_VERSION=$GVM_VERSION
sudo apt install -y
libglib2.0-dev
postgresql-server-dev-14
libical-dev
curl -f -L https://github.com/greenbone/pg-gvm/archive/refs/tags/v$PG_GVM_VERSION.tar.gz -o $SOURCE_DIR/pg-gvm-$PG_GVM_VERSION.tar.gz
curl -f -L https://github.com/greenbone/pg-gvm/releases/download/v$PG_GVM_VERSION/pg-gvm-$PG_GVM_VERSION.tar.gz.asc -o $SOURCE_DIR/pg-gvm-$PG_GVM_VERSION.tar.gz.asc
gpg –verify $SOURCE_DIR/pg-gvm-$PG_GVM_VERSION.tar.gz.asc $SOURCE_DIR/pg-gvm-$PG_GVM_VERSION.tar.gz
tar -C $SOURCE_DIR -xvzf $SOURCE_DIR/pg-gvm-$PG_GVM_VERSION.tar.gz
mkdir -p $BUILD_DIR/pg-gvm && cd $BUILD_DIR/pg-gvm
cmake $SOURCE_DIR/pg-gvm-$PG_GVM_VERSION
-DCMAKE_BUILD_TYPE=Release
-DPostgreSQL_TYPE_INCLUDE_DIR=/usr/include/postgresql
make -j$(nproc)
make DESTDIR=$INSTALL_DIR install
sudo cp -rv $INSTALL_DIR/* /
配置 GSA
export GSA_VERSION=$GVM_VERSION
export NODE_VERSION=node_14.x
export KEYRING=/usr/share/keyrings/nodesource.gpg
export DISTRIBUTION=”$(lsb_release -s -c)”
curl -fsSL https://deb.nodesource.com/gpgkey/nodesource.gpg.key | gpg –dearmor | sudo tee “$KEYRING” >/dev/null
gpg –no-default-keyring –keyring “$KEYRING” –list-keys
echo “deb [signed-by=$KEYRING] https://deb.nodesource.com/$NODE_VERSION $DISTRIBUTION main” | sudo tee /etc/apt/sources.list.d/nodesource.list
echo “deb-src [signed-by=$KEYRING] https://deb.nodesource.com/$NODE_VERSION $DISTRIBUTION main” | sudo tee -a /etc/apt/sources.list.d/nodesource.list
sudo apt update
sudo apt install -y nodejs
curl -sS https://dl.yarnpkg.com/debian/pubkey.gpg | sudo apt-key add -
echo “deb https://dl.yarnpkg.com/debian/ stable main” | sudo tee /etc/apt/sources.list.d/yarn.list
sudo apt update
sudo apt install -y yarn
curl -f -L https://github.com/greenbone/gsa/archive/refs/tags/v$GSA_VERSION.tar.gz -o $SOURCE_DIR/gsa-$GSA_VERSION.tar.gz
curl -f -L https://github.com/greenbone/gsa/releases/download/v$GSA_VERSION/gsa-$GSA_VERSION.tar.gz.asc -o $SOURCE_DIR/gsa-$GSA_VERSION.tar.gz.asc
gpg –verify $SOURCE_DIR/gsa-$GSA_VERSION.tar.gz.asc $SOURCE_DIR/gsa-$GSA_VERSION.tar.gz
tar -C $SOURCE_DIR -xvzf $SOURCE_DIR/gsa-$GSA_VERSION.tar.gz
cd $SOURCE_DIR/gsa-$GSA_VERSION
rm -rf build
yarn #注意这里大概率ui-components报错,可以去package.json里把这行删掉,然后去github上下源码,过程如下:
# 创建依赖目录
mkdir -p ~/source/greenbone/
cd ~/source/greenbone
# 克隆 ui-components 仓库
git clone https://github.com/greenbone/ui-components.git
cd ui-components
# 切换到对应分支(例如 gsa-22.04 兼容的分支)
git checkout master # 或指定版本分支,如 release-22.04
# 编译并安装到本地
npm install
npm run build
npm link
# 返回gsa目录并创建本地链接
cd ~/source/gsa-22.4.0
npm link @greenbone/ui-components
# 然后再执行
npm i # 这时会跳过ui-components,因为已有本地链接yarn build
sudo mkdir -p $INSTALL_PREFIX/share/gvm/gsad/web/
sudo cp -r build/* $INSTALL_PREFIX/share/gvm/gsad/web/
配置 GSAD
export GSAD_VERSION=$GVM_VERSION
sudo apt install -y
libmicrohttpd-dev
libxml2-dev
libglib2.0-dev
libgnutls28-dev
curl -f -L https://github.com/greenbone/gsad/archive/refs/tags/v$GSAD_VERSION.tar.gz -o $SOURCE_DIR/gsad-$GSAD_VERSION.tar.gz
curl -f -L https://github.com/greenbone/gsad/releases/download/v$GSAD_VERSION/gsad-$GSAD_VERSION.tar.gz.asc -o $SOURCE_DIR/gsad-$GSAD_VERSION.tar.gz.asc
gpg –verify $SOURCE_DIR/gsad-$GSAD_VERSION.tar.gz.asc $SOURCE_DIR/gsad-$GSAD_VERSION.tar.gz
tar -C $SOURCE_DIR -xvzf $SOURCE_DIR/gsad-$GSAD_VERSION.tar.gz
mkdir -p $BUILD_DIR/gsad && cd $BUILD_DIR/gsad
cmake $SOURCE_DIR/gsad-$GSAD_VERSION
-DCMAKE_INSTALL_PREFIX=$INSTALL_PREFIX
-DCMAKE_BUILD_TYPE=Release
-DSYSCONFDIR=/etc
-DLOCALSTATEDIR=/var
-DGVMD_RUN_DIR=/run/gvmd
-DGSAD_RUN_DIR=/run/gsad
-DLOGROTATE_DIR=/etc/logrotate.d
make -j$(nproc)
make DESTDIR=$INSTALL_DIR install
sudo cp -rv $INSTALL_DIR/* /
配置 openvas-smb
export OPENVAS_SMB_VERSION=22.4.0
sudo apt install -y
gcc-mingw-w64
libgnutls28-dev
libglib2.0-dev
libpopt-dev
libunistring-dev
heimdal-dev
perl-base
curl -f -L https://github.com/greenbone/openvas-smb/archive/refs/tags/v$OPENVAS_SMB_VERSION.tar.gz -o $SOURCE_DIR/openvas-smb-$OPENVAS_SMB_VERSION.tar.gz
curl -f -L https://github.com/greenbone/openvas-smb/releases/download/v$OPENVAS_SMB_VERSION/openvas-smb-$OPENVAS_SMB_VERSION.tar.gz.asc -o $SOURCE_DIR/openvas-smb-$OPENVAS_SMB_VERSION.tar.gz.asc
gpg –verify $SOURCE_DIR/openvas-smb-$OPENVAS_SMB_VERSION.tar.gz.asc $SOURCE_DIR/openvas-smb-$OPENVAS_SMB_VERSION.tar.gz
tar -C $SOURCE_DIR -xvzf $SOURCE_DIR/openvas-smb-$OPENVAS_SMB_VERSION.tar.gz
mkdir -p $BUILD_DIR/openvas-smb && cd $BUILD_DIR/openvas-smb
cmake $SOURCE_DIR/openvas-smb-$OPENVAS_SMB_VERSION
-DCMAKE_INSTALL_PREFIX=$INSTALL_PREFIX
-DCMAKE_BUILD_TYPE=Release
make -j$(nproc)
make DESTDIR=$INSTALL_DIR install
sudo cp -rv $INSTALL_DIR/* /
配置 openvas-scanner
export OPENVAS_SCANNER_VERSION=$GVM_VERSION
sudo apt install -y
bison
libglib2.0-dev
libgnutls28-dev
libgcrypt20-dev
libpcap-dev
libgpgme-dev
libksba-dev
rsync
nmap
libjson-glib-dev
libbsd-dev
sudo apt install -y
python3-impacket
libsnmp-dev
curl -f -L https://github.com/greenbone/openvas-scanner/archive/refs/tags/v$OPENVAS_SCANNER_VERSION.tar.gz -o $SOURCE_DIR/openvas-scanner-$OPENVAS_SCANNER_VERSION.tar.gz
curl -f -L https://github.com/greenbone/openvas-scanner/releases/download/v$OPENVAS_SCANNER_VERSION/openvas-scanner-$OPENVAS_SCANNER_VERSION.tar.gz.asc -o $SOURCE_DIR/openvas-scanner-$OPENVAS_SCANNER_VERSION.tar.gz.asc
gpg –verify $SOURCE_DIR/openvas-scanner-$OPENVAS_SCANNER_VERSION.tar.gz.asc $SOURCE_DIR/openvas-scanner-$OPENVAS_SCANNER_VERSION.tar.gz
tar -C $SOURCE_DIR -xvzf $SOURCE_DIR/openvas-scanner-$OPENVAS_SCANNER_VERSION.tar.gz
mkdir -p $BUILD_DIR/openvas-scanner && cd $BUILD_DIR/openvas-scanner
cmake $SOURCE_DIR/openvas-scanner-$OPENVAS_SCANNER_VERSION
-DCMAKE_INSTALL_PREFIX=$INSTALL_PREFIX
-DCMAKE_BUILD_TYPE=Release
-DSYSCONFDIR=/etc
-DLOCALSTATEDIR=/var
-DOPENVAS_FEED_LOCK_PATH=/var/lib/openvas/feed-update.lock
-DOPENVAS_RUN_DIR=/run/ospd
make -j$(nproc)
make DESTDIR=$INSTALL_DIR install
sudo cp -rv $INSTALL_DIR/* /
配置 ospd-openvas
export OSPD_OPENVAS_VERSION=22.4.2
INSTALL_PREFIX=/usr
sudo apt install -y
python3
python3-pip
python3-setuptools
python3-packaging
python3-wrapt
python3-cffi
python3-psutil
python3-lxml
python3-defusedxml
python3-paramiko
python3-redis
python3-paho-mqtt
curl -f -L https://github.com/greenbone/ospd-openvas/archive/refs/tags/v$OSPD_OPENVAS_VERSION.tar.gz -o $SOURCE_DIR/ospd-openvas-$OSPD_OPENVAS_VERSION.tar.gz
curl -f -L https://github.com/greenbone/ospd-openvas/releases/download/v$OSPD_OPENVAS_VERSION/ospd-openvas-$OSPD_OPENVAS_VERSION.tar.gz.asc -o $SOURCE_DIR/ospd-openvas-$OSPD_OPENVAS_VERSION.tar.gz.asc
gpg –verify $SOURCE_DIR/ospd-openvas-$OSPD_OPENVAS_VERSION.tar.gz.asc $SOURCE_DIR/ospd-openvas-$OSPD_OPENVAS_VERSION.tar.gz
tar -C $SOURCE_DIR -xvzf $SOURCE_DIR/ospd-openvas-$OSPD_OPENVAS_VERSION.tar.gz
cd $SOURCE_DIR/ospd-openvas-$OSPD_OPENVAS_VERSION
python3 -m pip install . –prefix=$INSTALL_PREFIX –root=$INSTALL_DIR –no-warn-script-location
sudo cp -rv $INSTALL_DIR/* /
配置 notus-scanner
export NOTUS_VERSION=22.4.1
INSTALL_PREFIX=/usr
sudo apt install -y
python3
python3-pip
python3-setuptools
python3-paho-mqtt
python3-psutil
python3-gnupg
curl -f -L https://github.com/greenbone/notus-scanner/archive/refs/tags/v$NOTUS_VERSION.tar.gz -o $SOURCE_DIR/notus-scanner-$NOTUS_VERSION.tar.gz
curl -f -L https://github.com/greenbone/notus-scanner/releases/download/v$NOTUS_VERSION/notus-scanner-$NOTUS_VERSION.tar.gz.asc -o $SOURCE_DIR/notus-scanner-$NOTUS_VERSION.tar.gz.asc
gpg –verify $SOURCE_DIR/notus-scanner-$NOTUS_VERSION.tar.gz.asc $SOURCE_DIR/notus-scanner-$NOTUS_VERSION.tar.gz
tar -C $SOURCE_DIR -xvzf $SOURCE_DIR/notus-scanner-$NOTUS_VERSION.tar.gz
cd $SOURCE_DIR/notus-scanner-$NOTUS_VERSION
python3 -m pip install . –prefix=$INSTALL_PREFIX –root=$INSTALL_DIR –no-warn-script-location
sudo cp -rv $INSTALL_DIR/* /
配置 gvm-tools
sudo apt install -y
python3
python3-pip
python3-setuptools
python3-packaging
python3-lxml
python3-defusedxml
python3-paramiko
python3 -m pip install –user gvm-tools
python3 -m pip install –prefix=$INSTALL_PREFIX –root=$INSTALL_DIR –no-warn-script-location gvm-tools
sudo cp -rv $INSTALL_DIR/* /
配置 Redis-Server
sudo apt install -y redis-server
sudo cp $SOURCE_DIR/openvas-scanner-$GVM_VERSION/config/redis-openvas.conf /etc/redis/
sudo chown redis:redis /etc/redis/redis-openvas.conf
echo “db_address = /run/redis-openvas/redis.sock” | sudo tee -a /etc/openvas/openvas.conf
sudo systemctl start server@openvas.service"">redis-server@openvas.service
sudo systemctl enable server@openvas.service"">redis-server@openvas.service
sudo usermod -aG redis gvm
配置 Mosquitto MQTT
sudo apt install -y mosquitto
sudo systemctl start mosquitto.service
sudo systemctl enable mosquitto.service
echo “mqtt_server_uri = localhost:1883” | sudo tee -a /etc/openvas/openvas.conf
配置服务的权限
sudo mkdir -p /var/lib/notus
sudo mkdir -p /run/gvmd
sudo chown -R gvm:gvm /var/lib/gvm
sudo chown -R gvm:gvm /var/lib/openvas
sudo chown -R gvm:gvm /var/lib/notus
sudo chown -R gvm:gvm /var/log/gvm
sudo chown -R gvm:gvm /run/gvmd
sudo chmod -R g+srw /var/lib/gvm
sudo chmod -R g+srw /var/lib/openvas
sudo chmod -R g+srw /var/log/gvm
sudo chown gvm:gvm /usr/local/sbin/gvmd
sudo chmod 6750 /usr/local/sbin/gvmd
sudo chown gvm:gvm /usr/local/bin/greenbone-nvt-sync
sudo chmod 740 /usr/local/sbin/greenbone-feed-sync
sudo chown gvm:gvm /usr/local/sbin/greenbone--sync
sudo chmod 740 /usr/local/sbin/greenbone--sync
export GNUPGHOME=/tmp/openvas-gnupg
mkdir -p $GNUPGHOME
gpg –import /tmp/GBCommunitySigningKey.asc
gpg –import-ownertrust < /tmp/ownertrust.txt
export OPENVAS_GNUPG_HOME=/etc/openvas/gnupg
sudo mkdir -p $OPENVAS_GNUPG_HOME
sudo cp -r /tmp/openvas-gnupg/* $OPENVAS_GNUPG_HOME/
sudo chown -R gvm:gvm $OPENVAS_GNUPG_HOME
现在,键入 sudo visudo 并将以下行放在文件末尾:
allow users of the gvm group run openvas
%gvm ALL = NOPASSWD: /usr/local/sbin/openvas
配置 PostgreSQL(确保在第三个命令:D 将用户 > 的 <name 替换为您的用户名)
sudo apt install -y postgresql
sudo systemctl start postgresql@14-main
sudo chmod og+rX /home /home/<name of your user>
sudo -u postgres bash
createuser -DRS gvm
createdb -O gvm gvmd
exit
sudo -u postgres bash
psql gvmd
create role dba with superuser noinherit;
grant dba to gvm;
exit
exit
配置 GVM 用户名和密码(确保在 <password> 字段中键入强密码)
gvmd –create-user=admin –password=<password>
配置 Feed 导入
gvmd –modify-setting 78eceaec-3385-11ea-b237-28d24461215b –value gvmd --get-users --verbose | grep admin | awk '{print $2}'
为系统守护程序配置服务:
使用
vim $BUILD_DIR/ospd-openvas.service
并粘贴以下行以配置 OSPD-OpenVAS:
[Unit]
Description=OSPd Wrapper for the OpenVAS Scanner (ospd-openvas)
Documentation=man:ospd-openvas(8) man:openvas(8)
After=network.target networking.service server@openvas.service"">redis-server@openvas.service
Wants=server@openvas.service"">redis-server@openvas.service
ConditionKernelCommandLine=!recovery
[Service]
Type=forking
User=gvm
Group=gvm
RuntimeDirectory=ospd
RuntimeDirectoryMode=2775
PIDFile=/run/ospd/ospd-openvas.pid
ExecStart=/usr/local/bin/ospd-openvas –unix-socket /run/ospd/ospd-openvas.sock –pid-file /run/ospd/ospd-openvas.pid –log-file /var/log/gvm/ospd-openvas.log –lock-file-dir /var/lib/openvas –socket-mode 0o770 –mqtt-broker-address localhost –mqtt-broker-port 1883 –notus-feed-dir /var/lib/notus/advisories
SuccessExitStatus=SIGKILL
Restart=always
RestartSec=60
[Install]
WantedBy=multi-user.target
现在将服务配置复制到系统目录
sudo cp $BUILD_DIR/ospd-openvas.service /etc/systemd/system/
使用
vim $BUILD_DIR/notus-scanner.service
并粘贴以下行以配置 notus-scanner:
[Unit]
Description=Notus Scanner
Documentation=https://github.com/greenbone/notus-scanner
After=mosquitto.service
Wants=mosquitto.service
ConditionKernelCommandLine=!recovery
[Service]
Type=forking
User=gvm
RuntimeDirectory=notus-scanner
RuntimeDirectoryMode=2775
PIDFile=/run/notus-scanner/notus-scanner.pid
ExecStart=/usr/local/bin/notus-scanner –products-directory /var/lib/notus/products –log-file /var/log/gvm/notus-scanner.log
SuccessExitStatus=SIGKILL
Restart=always
RestartSec=60
[Install]
WantedBy=multi-user.target
现在将服务配置复制到系统目录
sudo cp $BUILD_DIR/notus-scanner.service /etc/systemd/system/
使用 打开 gvmd.service 文件
vim $BUILD_DIR/gvmd.service
并粘贴以下行以配置 GVMD:
[Unit]
Description=Greenbone Vulnerability Manager daemon (gvmd)
After=network.target networking.service postgresql.service ospd-openvas.service
Wants=postgresql.service ospd-openvas.service
Documentation=man:gvmd(8)
ConditionKernelCommandLine=!recovery
[Service]
Type=forking
User=gvm
Group=gvm
PIDFile=/run/gvmd/gvmd.pid
RuntimeDirectory=gvmd
RuntimeDirectoryMode=2775
ExecStart=/usr/local/sbin/gvmd –osp-vt-update=/run/ospd/ospd-openvas.sock –listen-group=gvm
Restart=always
TimeoutStopSec=10
[Install]
WantedBy=multi-user.target
现在将服务配置复制到系统目录
sudo cp $BUILD_DIR/gvmd.service /etc/systemd/system/
使用 打开 gsad.service 文件
vim $BUILD_DIR/gsad.service
并粘贴以下行以配置 GSAD:
[Unit]
Description=Greenbone Security Assistant daemon (gsad)
Documentation=man:gsad(8) https://www.greenbone.net
After=network.target gvmd.service
Wants=gvmd.service
[Service]
Type=exec
User=gvm
Group=gvm
RuntimeDirectory=gsad
RuntimeDirectoryMode=2775
PIDFile=/run/gsad/gsad.pid
ExecStart=/usr/local/sbin/gsad –foreground –listen=127.0.0.1 –port=9392 –http-only
Restart=always
TimeoutStopSec=10
[Install]
WantedBy=multi-user.target
Alias=greenbone-security-assistant.service
现在将服务配置复制到系统目录
sudo cp $BUILD_DIR/gsad.service /etc/systemd/system/
使用以下命令激活所有服务:
sudo systemctl daemon-reload
使用以下命令启用所有服务,以便每次都不需要手动启动它们:
sudo systemctl enable notus-scanner
sudo systemctl enable ospd-openvas
sudo systemctl enable gvmd
sudo systemctl enable gsad
使用以下命令同步 NVT 源(尽管互联网速度很好,但这可能需要很多时间)。如果你在机构中进行这项设置,请确保要求网络团队为你的系统打开 rsync 端口,因为它很可能会被关闭。Rsync 通常在端口 873 上运行。
sudo -u gvm greenbone-nvt-sync
使用以下命令下载 SCAP、CERT 和 GVMD 数据,确保一一使用这些命令(尽管互联网速度很好,这可能需要很多时间):
sudo -u gvm greenbone-feed-sync –type SCAP
sudo -u gvm greenbone-feed-sync –type CERT
sudo -u gvm greenbone-feed-sync –type GVMD_DATA
启动所有服务
sudo systemctl start notus-scanner
sudo systemctl start ospd-openvas
sudo systemctl start gvmd
sudo systemctl start gsad
发表评论