after i finally setup Greenbone i want now to have a start/stop script with that i can start/stop the gsad/gvmd/openvassd with the right parameters, like gsad -p 9390 --listen IPADRESS and so on…
But i have not much experience with scripting, so i wanted to know if there already some example scripts?
i’m still trying to write the script, i already wrote a stop script to stopp the gvmd service, but it dont work, and i dont understand why its not working. the follow is my “test script”
#!/bin/sh
# Include functions
set -e . /lib/lsb/init-functions
stop() {
printf "Stopping GVMD’… "
pid=$(pgrep gvmd)
if [ $pid != 0 ]
then
kill $pid
fi
printf “done\n”
}
case $1 in
greenbone polkitd(authority=local)[898]: Unregistered Authentication Agent for unix-process:15550:1655999 (system bus name :1.1014, object path /org/freedesktop/PolicyKit1/AuthenticationAgent, locale en_US.UTF-8) (disconnected from bus)
And after 5 restarts of the gsad.services its call me “Failed to start Greenbone Security Assistant”
Your installation or system is broken, i suggest you get a GCE Version if you have system issues like this.
This is total out of scope of this board. Hint: look for boot environment and ld-preload paths.
I got the installation from source over GitHub and installed it with the source code… So i think that is the GSE Version…
I fixed this Error now with putting this Line in the Script
Environment=LD_LIBRARY_PATH=$LD_LIBRARY_PATH:’/home/user/install/lib/’
the latest error i fixed with this line
PermissionsStartOnly=true
The problem was, that i use User and Group, and its wanted to do sth in /var/run.
So i had to delete the User Group so that its goes default over the root, or add this line. The finished Script for gsad look like that:
Of course using `LD_LIBRARY_PATH is a security risk because it would allow attackers to install manipulated replacements for system libraries (like glib) into this path and the application would use it instead of the system one. Therefore you should not run such installations in production. It is only intended for development purposes.
If you want to use the source releases in production you should always run cmake with -DCMAKE_INSTALL_PREFIX=/usr and -DCMAKE_BUILD_TYPE=Release. But installing into the system prefix /usr creates a lot of additional headaches if done manually. Therefore people invented packages and tools like apt.
Better … depends. Easier of course. But you have to use 3rd party packages because Greenbone doesn’t support anything besides Greenbone OS and the Greenbone Source Edition.
It would be better you build your own deb packet (on your build machine) and make it correct (this is not easy). Most packets out there are insecure or do not work at all. Then you can install and update on your production machine with your own build packets.
Please read here about uncoordinated integration on this forum.
okay…
sorry if a ask newbie questions but im not very familier with this kind of configuration.
But if i want to run the service scripts i have to set the LD LIBRARY PATH… i set it in the environments as my normal user… but the problem is that i must start the scripts with sudo… and when i understand it right, it would be not secure too when i set the LD_LIBRARY_PATH as root user too right?
But i read atm that i can use the systemctl files as user when putting them in a other directory…
Running HTTP servers is prone to security issues. Therefore it needs a lot of background knowledge especially about running daemons on unix based systems.