Full GVM-11 Build Guide for CentOS 8

Hmm. I see no way to edit my original post. Oh well.

Side note, my default system build has selinux disabled as it’s a decvelopment environment. My fault for not adding that info.

FYI centos 8 appears to disable email by default. All I had to do to get email alerts working was to enable postfix.

systemctl enable postfix

A post was split to a new topic: Can’t create a scan config (failed to find config)

Hi @caseybea - I have tried to install on CentOS following your guide, but I am getting this following error when making the scanner: https://pastebin.com/5SMgh48s - do you have an idea by which this could be caused?

Thanks!

OpenVAS uses a tool called sendmail. You just need to configure it. There is an example for Ubuntu and Gmail https://kifarunix.com/configure-sendmail-to-use-gmail-relay-on-ubuntu-18-04-debian-10-9/, but you can google it.

Please don’t use the term OpenVAS anymore. You are talking about GVM. See Frequently Asked Questions (FAQ) - Greenbone Community Edition - Greenbone Community Forum

2 Likes

@caseybea
Great job !!!
Thanks to your guide, the installation was perfect; I have installed GVM-11 on CentOS 8.1.

Only two notes:

  1. If rsync is not installed, greenbone-nvt-sync (and other sync: scapdata and certdata) return the error:
    /opt/gvm/bin/greenbone-nvt-sync: line 135: /dev/stderr: Permission denied

Then …
AS ROOT
yum install rsync

  1. If redis socket (/tmp/redis.sock) have 770 permission, in the openvas.log I have this error:
    lib kb:CRITICAL:2020-05-28 17h14.58 utc:5568: redis_find: redis connection error to /tmp/redis.sock: Permission denied

Yes, the gvm user is in the redis group …

Then, in the /etc/redis.conf, I put this settings:

unixsocket /tmp/redis.sock
unixsocketperm 777

Thanks
LTM

1 Like

Hello

I did everything according to the instructions but I have a mistake

[gvm@localhost ~]$ openvas --update-vt-info
openvas: error while loading shared libraries: libopenvas_nasl.so.11: cannot open shared object file: No such file or directory

What is the problem?

[root@localhost ~]# find / -name libopenvas_nasl.so.11
/opt/gvm/src/openvas-7.0.1/build/nasl/libopenvas_nasl.so.11
/opt/gvm/lib/libopenvas_nasl.so.11

Should fix the issue.

Don’t take that as an offense but if you don’t know how to fix this issue you should very likely not build something from source by yourself. You need to know how shared binary objects (aka. dynamic libraries) are loaded at runtime and how the toolchain around it works.

2 Likes

Thanks helped. I entered the quotation marks incorrectly

Hmm running into problems when following the script when getting to the openvas build make erroring with the following:

cc: error: .-g: No such file or directory
cc: fatal error: no input files
compilation terminated.

Not sure what I could be doing wrong. Has the source somehow changed?

I ran into the same thing. I missed a step in this doc. My fault, not the doc’s.

Check to make sure you should have a file named /etc/ld.so.conf.d/gvm.conf with a line in it that reads “/opt/gvm/lib”. Then run “ldconfig” as root, and this issue should go away.

1 Like

The second last step didn’t work for me, i got the same UUID as in the example above, change it. but get:

[gvm@gvm11 ~]$ gvmd --get-scanners
6acd0832-df90-11e4-b9d5-28d24461215b CVE 0 CVE
08b69003-5fc2-4037-a479-93b440211c73 OpenVAS /tmp/ospd.sock 0 OpenVAS Default 0 OpenVAS Default

[gvm@gvm11 ~]$ gvmd --modify-scanner=08b69003-5fc2-4037-a479-93b440211c73 --scanner-host=/opt/gvm/var/run/ospd.sock
Scanner modified.

[gvm@gvm11 ~]$ gvmd --verify-scanner=08b69003-5fc2-4037-a479-93b440211c73
Failed to verify scanner.

How to fix this?

I ran into issues here as well. It turns out that one of the feed update processes left a lock file in /opt/gvm/var/run/ and this causes ospd to not finish startup. In fact, it doesn’t even create the unix socket file until all the feed updates are finished. In my case, the lock file was stale, so I manually removed it, and ospd finished startup. I re-ran the gvmd --modify-scanner and gvmd --verify-scanner steps and they worked after that.

2 Likes

6 posts were merged into an existing topic: Feed sync via rsync aborts

This helped in my situation as well. Thanks

Managed to get most of this scripted and working but OSPD fails to stay up for longer than 25 seconds with the error “OSPD - openvas: ERROR: (ospd_openvas.db) Redis Error: Not possible to connect to the kb.”
Searching the error has come up blank, anyone have any tips?

Have you verified that the Unix socket for Redis has been created and is accessible by ospd?
As indicated in the code this is a result of not being able connect to Redis via the Unix socket path. It tries 5 times with a delay of 5 seconds between attempts, which exactly correlates to that 25 second lifespan.

Redis is running, is there a way to confirm where exactly OSPD is looking for the socket file? it’s currently in /tmp/redis.sock

As you can see above, the configuration file is /opt/gvm/etc/openvas/openvas.conf. In it, you should have it configured to use /tmp/redis.sock. The Unix socket should be owned by the gvm user, and have 0770 permissions on it.

To actually check whether or not ospd is using that socket, you might want to try using strace.