Use this category only if you have build GVM from sources or if you use packages provided by a 3rdparty repository.
When posting you should provide information about your environment using the following template:
GVM versions
gsad: (‘gsad --version’)
Greenbone Security Assistant 21.4.3
gvmd: (‘gvmd --version’)
Greenbone Vulnerability Manager 21.4.4
Manager DB revision 242
openvas-scanner: (‘openvas --version’, in older GVM versions < 11: ‘openvassd --version’)
gvm-libs:
OpenVAS 21.4.3
gvm-libs 21.4.3
Environment
Operating system:
Kernel: (‘uname -a’)
FreeBSD server 13.0-RELEASE FreeBSD 13.0-RELEASE #0 releng/13.0-n244733-ea31abc261f: Fri Apr 9 04:24:09 UTC 2021 root@releng1.nyi.freebsd.org:/usr/obj/usr/src/amd64.amd64/sys/GENERIC amd64
PostgreSQL13
Installation method / source:
GVM ports were installed
If you are migrating to new version do not forget do the following:
su -m gvm -c “gvmd --migrate”
Basic instructions for configure your gvm infraestruture are following:
-
Redis is a dependency of GVM. Please, configure redis-server for
listening on socket /var/run/redis/redis.sock. security/openvas scanner
needs itecho “db_address = /var/run/redis/redis.sock” > /usr/local/etc/openvas/openvas.conf
-
Add user gvm to redis group
pw groupmod redis -M gvm
-
security/gvmd uses PostgreSQL database. Generally, PostgreSQL must be
installed in the same server where security/gvmd is running:
# su postgres
# createuser -DRS gvm
# createdb -O gvm gvmd
# psql gvmd
# create role dba with superuser noinherit;
# grant dba to gvm;
# create extension “uuid-ossp”;
# create extension “pgcrypto”;
- Add the following lines to /etc/rc.conf
# sysrc redis_enable=“YES”
# sysrc gvmd_enable=“YES”
# sysrc ospd_openvas_enable=“YES”
# sysrc gsad_enable=“YES”
-
Currently, ospd_openvas should run as a user without elevated privileges
(gvm) and use sudo for run openvas scanner but it does not work properly.
Like a workaround you must run redis as root and the same with ospd_openvas.Add the following lines to /etc/rc.conf
redis_user=“root”
ospd_openvas_user=“root”Take in mind it is not the best configuration for run ospd_openvas and
openvas. -
The following steps are neccessary before of you can access to GVM web
interface (gsad):
Start gvmd service. It will listen on /var/run/gvmd/gvmd.sock by default
# service gvmd start
Create certificates
# su -m gvm -c “gvm-manage-certs -a”
Sync gvmd Data, SCAP, CERT and NVT
# su -m gvm -c “greenbone-nvt-sync”
# su -m gvm -c “greenbone-feed-sync --type GVMD_DATA”
# su -m gvm -c “greenbone-feed-sync --type SCAP”
# su -m gvm -c “greenbone-feed-sync --type CERT”
Create an admin user and set the Feed Import Owner
# su -m gvm -c “gvmd --create-user=myuser”
# su -m gvm -c “gvmd --user=myuser --new-password=yourpassword”
Set the Feed Import Owner (myuser user in this example)
# su -m gvm -c “gvmd --get-users --verbose”
myuser <uuid_of_user>
# su -m gvm -c "gvmd --modify-setting 78eceaec-3385-11ea-b237-28d24461215b --value <uuid_of_user>
- Start OSPD-OpenVAS Wrapper service. It will listen on /var/run/ospd/ospd.sock by default
# service ospd_openvas start
you can test if ospd_openvas is connecting with openvas scanner with the following commands:
# su -m gvm -c “gvmd --get-scanners”
6acd0832-df90-11e4-b9d5-28d24461215b CVE 0 CVE
08b69003-5fc2-4037-a479-93b440211c73 OpenVAS /var/run/ospd/ospd.sock 0 OpenVAS Default
# su -m gvm -c “gvmd --verify-scanner=08b69003-5fc2-4037-a479-93b440211c73”
Scanner version: OpenVAS x.x.x
- Start GVM web interface. It will listen on http://127.0.0.1 by default
# service gsad start
-
Some openvas scanner tasks need access to /dev/bpf device. Add the
following lines to /etc/devfs.confown bpf root:gvm
perm bpf 0660And restart service for apply the changes
# service devfs restart
-
gvm log files are stores to /var/log/gvm directory
-
gsad can export results to PDF. It needs print/texlive-texmf port
# pkg install texlive-texmf
It will install 1G of data
- If you need more configure information you can look at the following links:
and
# gvmd -h
# openvas -h
# ospd-openvas -h
# gsad -h
- Enjoy it
In freebsd 13, follow the above steps to configure openvas, start the service in service ospd_openvas start, it always fails, and the /var/log/gvm/ospd-openvas.log log prompts
Prompt ERROR: (ospd_openvas.db) Redis Error: Not possible to connect to the kb.
I wonder if this is caused by incorrect settings there