Full GVM-11 Build Guide for CentOS 8

That’s probably in the faq. I haven’t done that yet but when I do I’ll comment back.

For some reason the web formatting of this forum is adding an extra period to the cmake command. It should be "cmake period period "

for formatting commands it is best to use backticks (see inline code)

Hmm. I see no way to edit my original post. Oh well.

Side note, my default system build has selinux disabled as it’s a decvelopment environment. My fault for not adding that info.

FYI centos 8 appears to disable email by default. All I had to do to get email alerts working was to enable postfix.

systemctl enable postfix

A post was split to a new topic: Can’t create a scan config (failed to find config)

Hi @caseybea - I have tried to install on CentOS following your guide, but I am getting this following error when making the scanner: https://pastebin.com/5SMgh48s - do you have an idea by which this could be caused?

Thanks!

OpenVAS uses a tool called sendmail. You just need to configure it. There is an example for Ubuntu and Gmail https://kifarunix.com/configure-sendmail-to-use-gmail-relay-on-ubuntu-18-04-debian-10-9/, but you can google it.

Please don’t use the term OpenVAS anymore. You are talking about GVM. See Frequently Asked Questions (FAQ)

2 Likes

@caseybea
Great job !!!
Thanks to your guide, the installation was perfect; I have installed GVM-11 on CentOS 8.1.

Only two notes:

  1. If rsync is not installed, greenbone-nvt-sync (and other sync: scapdata and certdata) return the error:
    /opt/gvm/bin/greenbone-nvt-sync: line 135: /dev/stderr: Permission denied

Then …
AS ROOT
yum install rsync

  1. If redis socket (/tmp/redis.sock) have 770 permission, in the openvas.log I have this error:
    lib kb:CRITICAL:2020-05-28 17h14.58 utc:5568: redis_find: redis connection error to /tmp/redis.sock: Permission denied

Yes, the gvm user is in the redis group …

Then, in the /etc/redis.conf, I put this settings:

unixsocket /tmp/redis.sock
unixsocketperm 777

Thanks
LTM

1 Like

Hello

I did everything according to the instructions but I have a mistake

[gvm@localhost ~]$ openvas --update-vt-info
openvas: error while loading shared libraries: libopenvas_nasl.so.11: cannot open shared object file: No such file or directory

What is the problem?

[root@localhost ~]# find / -name libopenvas_nasl.so.11
/opt/gvm/src/openvas-7.0.1/build/nasl/libopenvas_nasl.so.11
/opt/gvm/lib/libopenvas_nasl.so.11

Should fix the issue.

Don’t take that as an offense but if you don’t know how to fix this issue you should very likely not build something from source by yourself. You need to know how shared binary objects (aka. dynamic libraries) are loaded at runtime and how the toolchain around it works.

2 Likes

Thanks helped. I entered the quotation marks incorrectly

Hmm running into problems when following the script when getting to the openvas build make erroring with the following:

cc: error: .-g: No such file or directory
cc: fatal error: no input files
compilation terminated.

Not sure what I could be doing wrong. Has the source somehow changed?

I ran into the same thing. I missed a step in this doc. My fault, not the doc’s.

Check to make sure you should have a file named /etc/ld.so.conf.d/gvm.conf with a line in it that reads “/opt/gvm/lib”. Then run “ldconfig” as root, and this issue should go away.

1 Like

The second last step didn’t work for me, i got the same UUID as in the example above, change it. but get:

[gvm@gvm11 ~]$ gvmd --get-scanners
6acd0832-df90-11e4-b9d5-28d24461215b CVE 0 CVE
08b69003-5fc2-4037-a479-93b440211c73 OpenVAS /tmp/ospd.sock 0 OpenVAS Default 0 OpenVAS Default

[gvm@gvm11 ~]$ gvmd --modify-scanner=08b69003-5fc2-4037-a479-93b440211c73 --scanner-host=/opt/gvm/var/run/ospd.sock
Scanner modified.

[gvm@gvm11 ~]$ gvmd --verify-scanner=08b69003-5fc2-4037-a479-93b440211c73
Failed to verify scanner.

How to fix this?

I ran into issues here as well. It turns out that one of the feed update processes left a lock file in /opt/gvm/var/run/ and this causes ospd to not finish startup. In fact, it doesn’t even create the unix socket file until all the feed updates are finished. In my case, the lock file was stale, so I manually removed it, and ospd finished startup. I re-ran the gvmd --modify-scanner and gvmd --verify-scanner steps and they worked after that.

2 Likes

6 posts were merged into an existing topic: Feed sync via rsync aborts

This helped in my situation as well. Thanks

Managed to get most of this scripted and working but OSPD fails to stay up for longer than 25 seconds with the error “OSPD - openvas: ERROR: (ospd_openvas.db) Redis Error: Not possible to connect to the kb.”
Searching the error has come up blank, anyone have any tips?