GVM 10 on Alpine Linux

Archive Greenbone Community Edition
1

Ok so after the official OpenVAS guide on Alpine linux is tremendously out of date and broken and not even for version 10:

https://wiki.alpinelinux.org/wiki/Setting_up_OpenVAS9

I have tried to build OpenVAS from source following a guide written for Debian 10:

Here are the list of packages I have found and not found an equivalent of:

OK
apt install bison cmake gcc
heimdal-dev
libgnutls28-dev
libpcap-dev
git
libsqlite3-dev
libssh-gcrypt-dev
xmltoman
libxml2-dev
pkg-config
python3-paramiko
python3-setuptools
curl
redis
doxygen
libical-dev
python-polib
gnutls-bin

MISSING
gcc-mingw-w64 libgcrypt20-dev libglib2.0-dev libgpgme-dev libhiredis-dev libksba-dev libmicrohttpd-dev libpopt-dev libsnmp-dev perl-base uuid-dev

Installs:

apk add bison cmake gcc
apk add heimdal
apk add heimdal-dev
apk add libgcrypt-dev
apk add gnutls-dev
apk add icu-libs
apk add libpcap-dev
apk add git
apk add sqlite-libs sqlite-dev
apk add libgcrypt-dev
apk add xmltoman
apk add libxml2-dev
apk add pkgconf
apk add py3-paramiko
apk add py3-setuptools
apk add libical-dev
apk add gvm-libs-dev gvm-libs
apk add libical-dev libical
apk add libssh-dev
apk add icu-dev
apk add doxygen

You MUST install this otherwise CMAKE does not function:
apk add build-base

Issue at building the first component (gvm-libs):

CMake Error at util/CMakeLists.txt:59 (message):
  The gpgme library is required.


-- Looking for libgcrypt...
-- Looking for libgcrypt... /usr/lib/libgcrypt.so
-- Looking for freeradius-client library...
-- Looking for radcli library...
--   No suitable radius library found - radius support disabled
-- Looking for libldap...
--   No ldap library found - ldap support disabled
-- Could NOT find Doxygen (missing: DOXYGEN_EXECUTABLE) 
-- WARNING: Doxygen is required to build the HTML docs.
-- Configuring incomplete, errors occurred!

Installing gpgme-dev:

apk add gpgme-dev

ERROR: unsatisfiable constraints:
  so:libicui18n.so.67 (missing):
    required by: qt5-qtbase-5.14.1-r5[so:libicui18n.so.67]
  so:libicuuc.so.67 (missing):
    required by: qt5-qtbase-5.14.1-r5[so:libicuuc.so.67]

I’m sure this is just tip of the iceberg because all those missing libs later on what I could not find an equivalent of would come back to hunt me so my question is are there any plans to create OpenVAS10 packages for Alpine Linux in the near future?

Anyone else here who managed to get GVM10 run on Alpine Linux?

2

I did that how-to 3 years ago. At that time, it was working fine.

You don’t need to build openvas from source because is already available on Alpine Linux, in community repo.

You can go ahead and install the packages you need with:
apk add openvas
apk add gvmd
apk add gvm-tools
apk add openvas-smb
apk add greenbone-security-assistant

.: Francesco

3 Likes
3

While that is true that it has some old version:

openvas-7.0.0-r3 x86_64 {openvas} (GPL-2.0-only) [installed]
ospd-openvas-1.0.0-r1 x86_64 {ospd-openvas} (GPL-2.0) [installed]
openvas-doc-7.0.0-r3 x86_64 {openvas} (GPL-2.0-only)
ospd-openvas-openrc-1.0.0-r1 x86_64 {ospd-openvas} (GPL-2.0) [installed]
openvas-config-7.0.0-r3 x86_64 {openvas} (GPL-2.0-only) [installed]

The tutorial was also broken because openvasmd was renamed to gvmd, after install there are multiple permission problems as well. I thought it is the best idea to get the latest version working instead.

4

To continue it further I have found another guide:
https://wiki.alpinelinux.org/wiki/Setting_up_GVM10

which is also broken, not just package changes and permission problems but GVMd cannot be started with:

md   main:MESSAGE:2020-05-10 16h41.12 utc:3451:    Greenbone Vulnerability Manager version 9.0.0 (DB revision 221)
md manage:WARNING:2020-05-10 16h41.12 utc:3452: sql_open: PQconnectStart to 'gvmd' failed: could not connect to server: No such file or directory
	Is the server running locally and accepting
	connections on Unix domain socket "/tmp/.s.PGSQL.5432"?
md manage:WARNING:2020-05-10 16h41.12 utc:3452: init_manage_process: sql_open failed
md   main:MESSAGE:2020-05-10 16h42.46 utc:3636:    Greenbone Vulnerability Manager version 9.0.0 (DB revision 221)
md manage:WARNING:2020-05-10 16h42.46 utc:3637: sql_open: PQconnectStart to 'gvmd' failed: could not connect to server: No such file or directory
	Is the server running locally and accepting
	connections on Unix domain socket "/tmp/.s.PGSQL.5432"?
md manage:WARNING:2020-05-10 16h42.46 utc:3637: init_manage_process: sql_open failed
md   main:MESSAGE:2020-05-10 16h48.55 utc:3936:    Greenbone Vulnerability Manager version 9.0.0 (DB revision 221)
md manage:WARNING:2020-05-10 16h48.55 utc:3937: sql_open: PQconnectStart to 'gvmd' failed: could not connect to server: No such file or directory
	Is the server running locally and accepting
	connections on Unix domain socket "/tmp/.s.PGSQL.5432"?
md manage:WARNING:2020-05-10 16h48.55 utc:3937: init_manage_process: sql_open failed

Which makes me think it need postgres DB installed which was not part of the guide. I have an older openvas running in docker only using redis. Did postgres become a requirement? I would rather not install it unless it’s a must.

5

Hi,

on gvm10 the sqlite db was working, for gvm11 postgres is a must.

Cheers,
Carl

1 Like
6

Yes it took like 3 hours finally until it loaded it’s DB into postgres then now I getting:

“GMP Service is down”

I have verified both gvmd, gsad, openvas are running. I also restarted the services.

7

I"ve built gvm-11 and plan to update the wiki.
Going to remove that old page.

1 Like
8

@Daniel the wiki page has been updated.
For now, GVM-11 is available on “edge” repository:

https://wiki.alpinelinux.org/wiki/Setting_up_GVM11
It should work out-of-the-box now.

.: Francesco

2 Likes
9 
 rc-service gvmd star	t
 * ./: correcting owner
 * /run/redis-openvas: creating directory
 * /run/redis-openvas: correcting owner
 * Starting Redis server ...                                                                                                                                            [ ok ]
 * Starting Remotely control an OpenVAS Scanner ...
Traceback (most recent call last):
  File "/usr/bin/ospd-openvas", line 6, in <module>
    from pkg_resources import load_entry_point
  File "/usr/lib/python3.8/site-packages/pkg_resources/__init__.py", line 3252, in <module>
    def _initialize_master_working_set():
  File "/usr/lib/python3.8/site-packages/pkg_resources/__init__.py", line 3235, in _call_aside
    f(*args, **kwargs)
  File "/usr/lib/python3.8/site-packages/pkg_resources/__init__.py", line 3264, in _initialize_master_working_set
    working_set = WorkingSet._build_master()
  File "/usr/lib/python3.8/site-packages/pkg_resources/__init__.py", line 583, in _build_master
    ws.require(__requires__)
  File "/usr/lib/python3.8/site-packages/pkg_resources/__init__.py", line 900, in require
    needed = self.resolve(parse_requirements(requirements))
  File "/usr/lib/python3.8/site-packages/pkg_resources/__init__.py", line 786, in resolve
    raise DistributionNotFound(req, requirers)
pkg_resources.DistributionNotFound: The 'packaging' distribution was not found and is required by ospd-openvas
 * start-stop-daemon: failed to start `/usr/bin/ospd-openvas'
 * Failed to start Remotely control an OpenVAS Scanner                                                                                                                  [ !! ]
 * ERROR: ospd-openvas failed to start
 * ERROR: cannot start gvmd as ospd-openvas would not start

Small correction:

apk add py3-packaging

In browser:

After completing the tutorial:
Secure Connection Failed

An error occurred during a connection to :9392. PR_END_OF_FILE_ERROR

GVMD log:
md manage:   INFO:2020-05-18 06h51.58 utc:2697: update_scap: Updating SCAP info succeeded
md manage:WARNING:2020-05-18 06h52.13 utc:2697: sql_exec_internal: PQexec failed: ERROR:  relation "cert_bund_advs" does not exist
LINE 1: SELECT EXISTS (SELECT * FROM cert_bund_advs  WHERE creation_...
                                     ^
 (7)
md manage:WARNING:2020-05-18 06h52.13 utc:2697: sql_exec_internal: SQL: SELECT EXISTS (SELECT * FROM cert_bund_advs  WHERE creation_time        > coalesce (CAST ((SELECT value FROM meta                           WHERE name                                 = 'cert_check_time')                          AS INTEGER),                    0));
md manage:WARNING:2020-05-18 06h52.13 utc:2697: sql_x_internal: sql_exec_internal failed
md manage:   INFO:2020-05-18 06h56.58 utc:3821: OSP service has newer VT status (version 202005151012) than in database (version 0, 0 VTs). Starting update ...

But it is only an issue with https, it seems some SQL inserts don’t complete properly with http it works.

I’m happy about the new web interface is more responsive however it is the same counterintuitive design like how do you create a new TASK which runs right now, why can’t you manually start tasks which is scheduled and the whole adding hosts and tasks is more than weird with that small icon anyway it is not OPS issue anymore but DEVs. Thank you for your contribution.

10

Thanks for your feedback.
I’ve added py3-pacakging as dependency of ospd-openvas.

diff --git a/community/ospd-openvas/APKBUILD b/community/ospd-openvas/APKBUILD
index a4acfd74ac..40195e6dee 100644
--- a/community/ospd-openvas/APKBUILD
+++ b/community/ospd-openvas/APKBUILD
@@ -2,14 +2,14 @@
 # Maintainer: Francesco Colista <fcolista@alpinelinux.org>
 pkgname=ospd-openvas
 pkgver=1.0.1
-pkgrel=3
+pkgrel=4
 pkgdesc="ospd-openvas is an OSP server implementation to allow GVM to remotely control an     OpenVAS Scanner"
 url="https://github.com/greenbone/ospd-openvas"
 arch="noarch"
 license="GPL-2.0"
 pkgusers="gvm"
 pkggroups="gvm"
-depends="py3-psutil py3-redis py3-setuptools ospd"
+depends="py3-psutil py3-redis py3-setuptools py3-packaging ospd"
 subpackages="$pkgname-openrc"
 source="$pkgname-$pkgver.tar.gz::https://github.com/greenbone/ospd-    openvas/archive/v$pkgver.tar.gz
    $pkgname.initd

yes, I have the same issue with https.

.: Francesco

1 Like