{"id":10217,"date":"2021-08-28T13:01:32","date_gmt":"2021-08-28T10:01:32","guid":{"rendered":"https:\/\/kifarunix.com\/?p=10217"},"modified":"2024-03-18T18:36:33","modified_gmt":"2024-03-18T15:36:33","slug":"install-gvm-21-04-on-debian-11-debian-10","status":"publish","type":"post","link":"https:\/\/kifarunix.com\/install-gvm-21-04-on-debian-11-debian-10\/","title":{"rendered":"Install GVM 21.04 on Debian 11\/Debian 10"},"content":{"rendered":"\n<p>In this guide, you will learn how to install <a href=\"https:\/\/community.greenbone.net\/t\/gvm-21-04-stable-initial-release-2021-04-16\/8942\" target=\"_blank\" rel=\"noreferrer noopener\">GVM 21.04<\/a>&nbsp;on Debian 11\/Debian 10.&nbsp;<a rel=\"noreferrer noopener\" href=\"https:\/\/community.greenbone.net\/\" target=\"_blank\"><strong>G<\/strong>reenbone&nbsp;<strong>V<\/strong>ulnerability&nbsp;<strong>M<\/strong>anagement (GVM)<\/a>, previously known as OpenVAS, is a network security scanner which provides a set of network vulnerability tests (NVTs) to detect security loopholes in systems and applications. As of this writing,&nbsp;<a href=\"https:\/\/community.greenbone.net\/t\/gvm-21-04-stable-initial-release-2021-04-16\/8942\" target=\"_blank\" rel=\"noreferrer noopener\">GVM 21.04 is the current stable release<\/a>.<\/p>\n\n\n\n<p>Want to use Rocky Linux 8 instead?<\/p>\n\n\n\n<p><a href=\"https:\/\/kifarunix.com\/install-gvm-21-04-on-rocky-linux-8\/\" target=\"_blank\" rel=\"noreferrer noopener\">Install GVM 21.04 on Rocky Linux 8<\/a><\/p>\n\n\n\n<div class=\"wp-block-rank-math-toc-block\" id=\"rank-math-toc\"><h2>Table of Contents<\/h2><nav><ul><li><a href=\"#installing-gvm-on-debian\">Installing GVM on Debian<\/a><ul><li><a href=\"#prerequisites\">Prerequisites<\/a><\/li><li><a href=\"#run-system-update\">Run System Update<\/a><\/li><li><a href=\"#create-gvm-user-on-ubuntu\">Create GVM User on Ubuntu<\/a><\/li><li><a href=\"#install-required-build-tools\">Install Required Build Tools<\/a><ul><li><a href=\"#install-yarn-on-debian-11-debian-10\">Install Yarn on Debian 11\/Debian 10<\/a><\/li><li><a href=\"#install-postgre-sql-on-debian-11-debian-10\">Install PostgreSQL on Debian 11\/Debian 10<\/a><\/li><li><a href=\"#create-postgre-sql-user-and-database\">Create PostgreSQL User and Database<\/a><\/li><\/ul><\/li><li><a href=\"#building-gvm-21-04-from-source-code\">Building GVM 21.04 from Source Code<\/a><ul><li><a href=\"#build-and-install-gvm\">Build and Install GVM<\/a><\/li><li><a href=\"#download-gvm-21-04-source-files\">Download GVM 21.04 Source Files<\/a><\/li><li><a href=\"#build-and-install-gvm-11-libraries\">Build and Install GVM 11 Libraries<\/a><\/li><li><a href=\"#build-and-install-open-vas-scanner-and-open-vas-smb\">Build and Install OpenVAS scanner and OpenVAS SMB<\/a><\/li><li><a href=\"#configuring-open-vas-scanner\">Configuring OpenVAS Scanner<\/a><\/li><li><a href=\"#optimize-redis-performance\">Optimize Redis Performance<\/a><\/li><li><a href=\"#update-network-vulnerability-tests-nv-ts\">Update Network Vulnerability Tests (NVTs)<\/a><\/li><li><a href=\"#build-and-install-greenbone-vulnerability-manager\">Build and Install Greenbone Vulnerability Manager<\/a><\/li><li><a href=\"#build-and-install-greenbone-security-assistant\">Build and Install Greenbone Security Assistant<\/a><\/li><li><a href=\"#build-and-install-greenbone-security-assistant-http-server\">Build and Install Greenbone Security Assistant HTTP server<\/a><\/li><li><a href=\"#keeping-the-feeds-up-to-date\">Keeping the feeds up-to-date<\/a><\/li><li><a href=\"#generate-gvm-certificates\">Generate GVM Certificates<\/a><\/li><li><a href=\"#build-and-install-os-pd-and-os-pd-open-vas\">Build and Install OSPd and OSPd-OpenVAS<\/a><\/li><\/ul><\/li><li><a href=\"#running-open-vas-scanner-gsa-and-gvm-services\">Running OpenVAS Scanner, GSA and GVM services<\/a><ul><li><a href=\"#create-systemd-service-unit-for-open-vas-ospd\">Create Systemd Service unit for OpenVAS OSPD<\/a><\/li><li><a href=\"#creating-systemd-service-units-for-gvm-services\">Creating Systemd Service units for GVM services<\/a><\/li><li><a href=\"#creating-systemd-service-units-for-gsa-services\">Creating Systemd Service units for GSA services<\/a><\/li><\/ul><\/li><li><a href=\"#create-gvm-scanner\">Create GVM Scanner<\/a><\/li><li><a href=\"#create-gvm-admin-user\">Create GVM Admin User<\/a><\/li><li><a href=\"#set-the-feed-import-owner\">Set the Feed Import Owner<\/a><\/li><li><a href=\"#accessing-gvm-21-04-web-interface\">Accessing GVM 21.04 Web Interface<\/a><\/li><li><a href=\"#other-tutorials\">Other Tutorials<\/a><\/li><\/ul><\/li><\/ul><\/nav><\/div>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"installing-gvm-on-debian\">Installing GVM on Debian<\/h2>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"prerequisites\">Prerequisites<\/h3>\n\n\n\n<p>In this demo, we will install and setup GVM 21.04 on Debian 11\/Debian 10 from source code. As such, below are the system requirements I would personally recommend.<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>At least 4 GB RAM<\/li>\n\n\n\n<li>At least 4 vCPUs<\/li>\n\n\n\n<li>More than 8 GB disk space (We used 16 GB in this demo)<\/li>\n<\/ul>\n\n\n\n<p>These requirements will vary depending on your use cases, however. Just be sure to provide \u201cenough\u201d.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"run-system-update\">Run System Update<\/h3>\n\n\n\n<p>To begin with, update and upgrade your system packages;<\/p>\n\n\n\n<pre class=\"wp-block-preformatted\"><code>apt update<\/code><\/pre>\n\n\n\n<pre class=\"wp-block-preformatted\"><code>apt upgrade<\/code><\/pre>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"create-gvm-user-on-ubuntu\">Create GVM User on Ubuntu<\/h3>\n\n\n\n<p>In this demo, we will run GVM 21.08 as a non privileged system user. Thus, create&nbsp;<code><strong>gvm<\/strong><\/code>&nbsp;system user account.<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>useradd -r -d \/opt\/gvm -c \"GVM User\" -s \/bin\/bash gvm<\/code><\/pre>\n\n\n\n<p>Create the GVM user directory as specified by option&nbsp;<code>-d<\/code>&nbsp;in the command above and set the user and group ownership to&nbsp;<code>gvm<\/code>.<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>mkdir \/opt\/gvm &amp;&amp; chown gvm: \/opt\/gvm<\/code><\/pre>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"install-required-build-tools\">Install Required Build Tools<\/h3>\n\n\n\n<p>In order to successfully build GVM 21.04 on Debian 11\/Debian 10, you need to install a number of required dependencies and build tools.<\/p>\n\n\n\n<pre class=\"scroll-box\"><code>apt install gcc g++ make bison flex libksba-dev \\\ncurl redis libpcap-dev cmake git pkg-config libglib2.0-dev libgpgme-dev \\\nnmap libgnutls28-dev uuid-dev libssh-gcrypt-dev libldap2-dev gnutls-bin \\\nlibmicrohttpd-dev libhiredis-dev zlib1g-dev libxml2-dev libnet-dev libradcli-dev \\\nclang-format libldap2-dev doxygen gcc-mingw-w64 xml-twig-tools libical-dev perl-base \\\nheimdal-dev libpopt-dev libunistring-dev graphviz libsnmp-dev python3-setuptools \\\npython3-paramiko python3-lxml python3-defusedxml python3-dev gettext python3-polib \\\nxmltoman python3-pip texlive-fonts-recommended \\\ntexlive-latex-extra --no-install-recommends xsltproc sudo vim rsync -y\n<\/code><\/pre>\n\n\n\n<h4 class=\"wp-block-heading\" id=\"install-yarn-on-debian-11-debian-10\">Install Yarn on Debian 11\/Debian 10<\/h4>\n\n\n\n<p>Next, install Yarn JavaScript package manager<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>curl -sL https:\/\/dl.yarnpkg.com\/debian\/pubkey.gpg | gpg --dearmor | sudo tee \/usr\/share\/keyrings\/yarnkey.gpg &gt;\/dev\/null<\/code><\/pre>\n\n\n\n<pre class=\"wp-block-code\"><code>echo \"deb &#91;signed-by=\/usr\/share\/keyrings\/yarnkey.gpg] https:\/\/dl.yarnpkg.com\/debian stable main\" | sudo tee \/etc\/apt\/sources.list.d\/yarn.list<\/code><\/pre>\n\n\n\n<pre class=\"wp-block-code\"><code>apt update<\/code><\/pre>\n\n\n\n<pre class=\"wp-block-code\"><code>apt install yarn -y<\/code><\/pre>\n\n\n\n<h4 class=\"wp-block-heading\" id=\"install-postgre-sql-on-debian-11-debian-10\">Install PostgreSQL on Debian 11\/Debian 10<\/h4>\n\n\n\n<p>GVM 21.04 uses PostgreSQL as the backend database. We use version 11 in this setup.<\/p>\n\n\n\n<p>On Debian 10, run the command below to install PostgreSQL;<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>apt install postgresql-11 postgresql-contrib-11 postgresql-server-dev-11 -y<\/code><\/pre>\n\n\n\n<p>On Debian 11, run the command below;<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>echo \"deb http:\/\/apt.postgresql.org\/pub\/repos\/apt $(lsb_release -cs)-pgdg main\" &gt; \/etc\/apt\/sources.list.d\/pgdg.list\ncurl -sL https:\/\/www.postgresql.org\/media\/keys\/ACCC4CF8.asc | sudo tee \/etc\/apt\/trusted.gpg.d\/pgdg.asc &gt;\/dev\/null\napt update\napt install <meta http-equiv=\"content-type\" content=\"text\/html; charset=utf-8\">postgresql-11 postgresql-contrib-11 postgresql-server-dev-11 -y<\/code><\/pre>\n\n\n\n<h4 class=\"wp-block-heading\" id=\"create-postgre-sql-user-and-database\">Create PostgreSQL User and Database<\/h4>\n\n\n\n<p>Once the installation is done, create the PostgreSQL user and database for Greenbone Vulnerability Management Daemon (gvmd).<\/p>\n\n\n\n<p>Note that the database and user should be created as PostgreSQL user,&nbsp;<strong>postgres<\/strong>.<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>sudo -Hiu postgres\ncreateuser gvm\ncreatedb -O gvm gvmd<\/code><\/pre>\n\n\n\n<p>Grant PostgreSQL User DBA Roles<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>psql gvmd\ncreate role dba with superuser noinherit;\ngrant dba to gvm;\n\\q\nexit<\/code><\/pre>\n\n\n\n<p>Once that is done, restart PostgreSQL;<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>systemctl restart postgresql<\/code><\/pre>\n\n\n\n<pre class=\"wp-block-code\"><code>systemctl enable postgresql<\/code><\/pre>\n\n\n\n<p>Allow the user to run the installation with sudo rights;<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>echo \"gvm ALL = NOPASSWD: $(which make) install\" &gt; \/etc\/sudoers.d\/gvm<\/code><\/pre>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"building-gvm-21-04-from-source-code\">Building GVM 21.04 from Source Code<\/h3>\n\n\n\n<p>There are different tools required to install and setup GVM 21.04 on Debian 11\/Debian 10. These include;<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>GVM Libraries<\/li>\n\n\n\n<li>OpenVAS Scanner<\/li>\n\n\n\n<li>OSPd<\/li>\n\n\n\n<li>ospd-openvas<\/li>\n\n\n\n<li>Greenbone Vulnerability Manager<\/li>\n\n\n\n<li>Greenbone Security Assistant<\/li>\n\n\n\n<li>Python-GVM<\/li>\n\n\n\n<li>GVM-Tools<\/li>\n\n\n\n<li>OpenVAS SMB<\/li>\n<\/ul>\n\n\n\n<p>Every component has&nbsp;<strong>README.md<\/strong>&nbsp;and a&nbsp;<strong>INSTALL.md<\/strong>&nbsp;file that explains how to build and install it.<\/p>\n\n\n\n<h4 class=\"wp-block-heading\" id=\"build-and-install-gvm\">Build and Install GVM<\/h4>\n\n\n\n<p>Switch to GVM user created above;<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>su - gvm<\/code><\/pre>\n\n\n\n<p>Create a directory where to download the source files to;<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>mkdir gvm-source<\/code><\/pre>\n\n\n\n<h4 class=\"wp-block-heading\" id=\"download-gvm-21-04-source-files\">Download GVM 21.04 Source Files<\/h4>\n\n\n\n<p>Navigate to temporary directory created above and run the subsequent commands to clone the GVM github branch files.<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>cd gvm-source<\/code><\/pre>\n\n\n\n<pre class=\"wp-block-code\"><code>git clone -b stable --single-branch https:\/\/github.com\/greenbone\/gvm-libs.git<\/code><\/pre>\n\n\n\n<pre class=\"wp-block-code\"><code>git clone -b main --single-branch https:\/\/github.com\/greenbone\/openvas-smb.git<\/code><\/pre>\n\n\n\n<pre class=\"wp-block-code\"><code>git clone -b stable --single-branch https:\/\/github.com\/greenbone\/openvas.git<\/code><\/pre>\n\n\n\n<pre class=\"wp-block-code\"><code>git clone -b stable --single-branch https:\/\/github.com\/greenbone\/ospd.git<\/code><\/pre>\n\n\n\n<pre class=\"wp-block-code\"><code>git clone -b stable --single-branch https:\/\/github.com\/greenbone\/ospd-openvas.git<\/code><\/pre>\n\n\n\n<pre class=\"wp-block-code\"><code>git clone -b stable --single-branch https:\/\/github.com\/greenbone\/gvmd.git<\/code><\/pre>\n\n\n\n<pre class=\"wp-block-code\"><code>git clone -b stable --single-branch https:\/\/github.com\/greenbone\/gsa.git<\/code><\/pre>\n\n\n\n<pre class=\"wp-block-code\"><code>git clone -b stable --single-branch https:\/\/github.com\/greenbone\/gsad.git<\/code><\/pre>\n\n\n\n<p>Once the source files are in place, proceed to build and install GVM.<\/p>\n\n\n\n<p>Note the current working directory;<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>pwd<\/code><\/pre>\n\n\n\n<pre class=\"wp-block-code\"><code><meta http-equiv=\"content-type\" content=\"text\/html; charset=utf-8\">\/opt\/gvm\/gvm-source<\/code><\/pre>\n\n\n\n<pre class=\"wp-block-code\"><code>ls -1<\/code><\/pre>\n\n\n\n<pre class=\"wp-block-code\"><code>gsa\ngvmd\ngvm-libs\nopenvas\nopenvas-smb\nospd\nopenvas-smb<\/code><\/pre>\n\n\n\n<p><strong>I would suggest you take a snapshot of your machine at this point,&nbsp;<\/strong>just in case things don\u2019t work out, you can revert to this stage without having to start from scratch!<\/p>\n\n\n\n<p>Note that we will install all GVM 21.04 files and libraries to the default location,&nbsp;<strong><code>\/usr\/local<\/code><\/strong>.<\/p>\n\n\n\n<h4 class=\"wp-block-heading\" id=\"build-and-install-gvm-11-libraries\">Build and Install GVM 11 Libraries<\/h4>\n\n\n\n<pre class=\"wp-block-code\"><code>whoami<\/code><\/pre>\n\n\n\n<pre class=\"wp-block-code\"><code>gvm<\/code><\/pre>\n\n\n\n<p>From within the source directory,&nbsp;<meta http-equiv=\"content-type\" content=\"text\/html; charset=utf-8\"><code><strong>\/opt\/gvm\/gvm-source<\/strong><\/code>, in this setup, change to GVM libraries directory;<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>cd gvm-libs\nmkdir build &amp;&amp; cd build\ncmake ..\nmake\nsudo make install<\/code><\/pre>\n\n\n\n<h4 class=\"wp-block-heading\" id=\"build-and-install-open-vas-scanner-and-open-vas-smb\">Build and Install OpenVAS scanner and OpenVAS SMB<\/h4>\n\n\n\n<p>Open Vulnerability Assessment Scanner (OpenVAS) is a full-featured scan engine that executes a continuously updated and extended feed of Network Vulnerability Tests (NVTs).<\/p>\n\n\n\n<p>OpenVAS SMB provides modules for the OpenVAS Scanner to interface with Microsoft Windows Systems through the Windows Management Instrumentation API and a&nbsp;<code>winexe<\/code>&nbsp;binary to execute processes remotely on that system.<\/p>\n\n\n\n<p>Build and install openvas-smb;<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>cd ..\/..\/openvas-smb\/\nmkdir build &amp;&amp; cd build\ncmake ..\nmake\nsudo make install<\/code><\/pre>\n\n\n\n<p>Build and install OpenVAS scanner;<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>cd ..\/..\/openvas\n&#91; -d build ] || mkdir build &amp;&amp; cd build\ncmake ..\nmake\nsudo make install<\/code><\/pre>\n\n\n\n<h4 class=\"wp-block-heading\" id=\"configuring-open-vas-scanner\">Configuring OpenVAS Scanner<\/h4>\n\n\n\n<p>The host scan information is stored temporarily on Redis server.<\/p>\n\n\n\n<p>To begin run the command below to create the cache to the installed shared libraries;<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>exit<\/code><\/pre>\n\n\n\n<pre class=\"wp-block-code\"><code>ldconfig<\/code><\/pre>\n\n\n\n<p>The default configuration of Redis server is&nbsp;<code>\/etc\/redis\/redis.conf<\/code>.<\/p>\n\n\n\n<p>Next, copy OpenVAS scanner Redis configuration file from the OpenVAS source directory,&nbsp;<code>redis-openvas.conf<\/code>, to the Redis config directory;<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>cp \/opt\/gvm\/gvm-source\/openvas\/config\/redis-openvas.conf \/etc\/redis\/<\/code><\/pre>\n\n\n\n<p>Update the ownership of the configuration.<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>chown redis:redis \/etc\/redis\/redis-openvas.conf<\/code><\/pre>\n\n\n\n<p>Update the path to Redis unix socket on the&nbsp;<code><strong>\/etc\/openvas\/openvas.conf<\/strong><\/code>&nbsp;using the&nbsp;<strong><code>db_address<\/code><\/strong>&nbsp;parameter.<\/p>\n\n\n\n<p>To get the path to the Redis unix socket, run the command;<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>grep unixsocket \/etc\/redis\/redis-openvas.conf<\/code><\/pre>\n\n\n\n<p>Sample output;<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>unixsocket <strong>\/run\/redis-openvas\/redis.sock<\/strong>\nunixsocketperm 770<\/code><\/pre>\n\n\n\n<p>Once you get the path to Redis unix socket, run the command;<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>echo \"<strong>db_address = <strong>\/run\/redis-openvas\/redis.sock<\/strong><\/strong>\" &gt; \/etc\/openvas\/openvas.conf<\/code><\/pre>\n\n\n\n<p>Add gvm user to redis group;<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>usermod -aG redis gvm<\/code><\/pre>\n\n\n\n<h4 class=\"wp-block-heading\" id=\"optimize-redis-performance\">Optimize Redis Performance<\/h4>\n\n\n\n<p>You can also optimize Redis server itself improve the performance by making the following adjustments;<\/p>\n\n\n\n<p>Increase the value of somaxconn in order to avoid slow clients connections issues.<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>echo \"net.core.somaxconn = 1024\" &gt;&gt; \/etc\/sysctl.conf<\/code><\/pre>\n\n\n\n<p>Redis background save may fail under low memory condition. To avoid this, enable memory overcommit (<strong>man 5 proc)<\/strong>.<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>echo 'vm.overcommit_memory = 1' &gt;&gt; \/etc\/sysctl.conf<\/code><\/pre>\n\n\n\n<p>Reload sysctl variables created above.<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>sysctl -p<\/code><\/pre>\n\n\n\n<p>To avoid creation of latencies and memory usage issues with Redis, disable Linux Kernel\u2019s support for Transparent Huge Pages (THP). To easily work around this, create a systemd service unit for this purpose.<\/p>\n\n\n\n<pre class=\"scroll-box\"><code>\ncat > \/etc\/systemd\/system\/disable_thp.service << 'EOL'\n[Unit]\nDescription=Disable Kernel Support for Transparent Huge Pages (THP)\n\n[Service]\nType=simple\nExecStart=\/bin\/sh -c \"echo 'never' > \/sys\/kernel\/mm\/transparent_hugepage\/enabled && echo 'never' > \/sys\/kernel\/mm\/transparent_hugepage\/defrag\"\n\n[Install]\nWantedBy=multi-user.target\nEOL\n<\/code><\/pre>\n\n\n\n<p>Reload systemd configurations;<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>systemctl daemon-reload<\/code><\/pre>\n\n\n\n<p>Start and enable this service to run on system boot.<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>systemctl enable --now disable_thp<\/code><\/pre>\n\n\n\n<p>Restart OpenVAS Redis server<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>systemctl enable --now redis-server@openvas<\/code><\/pre>\n\n\n\n<p>Confirm the status;<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>systemctl status redis-server@openvas<\/code><\/pre>\n\n\n\n<pre class=\"scroll-box\"><code>\u25cf redis-server@openvas.service - Advanced key-value store (openvas)\n     Loaded: loaded (\/lib\/systemd\/system\/redis-server@.service; enabled; vendor preset: enabled)\n     Active: active (running) since Sat 2021-08-28 09:40:06 EAT; 5s ago\n       Docs: http:\/\/redis.io\/documentation,\n             man:redis-server(1)\n   Main PID: 9001 (redis-server)\n     Status: \"Ready to accept connections\"\n      Tasks: 5 (limit: 4679)\n     Memory: 2.9M\n        CPU: 42ms\n     CGroup: \/system.slice\/system-redis\\x2dserver.slice\/redis-server@openvas.service\n             \u2514\u25009001 \/usr\/bin\/redis-server 127.0.0.1:0\n\nAug 28 09:40:06 bullseye.kifarunix-demo.com redis-server[9001]:   `-._    `-._`-.__.-'_.-'    _.-'\nAug 28 09:40:06 bullseye.kifarunix-demo.com redis-server[9001]:       `-._    `-.__.-'    _.-'\nAug 28 09:40:06 bullseye.kifarunix-demo.com redis-server[9001]:           `-._        _.-'\nAug 28 09:40:06 bullseye.kifarunix-demo.com redis-server[9001]:               `-.__.-'\nAug 28 09:40:06 bullseye.kifarunix-demo.com redis[9001]:                 _._                                                  \n                                                                    _.-``__ ''-._                                             \n                                                               _.-``    `.  `_.  ''-._           Redis 6.0.15 (00000000\/0) 64 bit\n                                                           .-`` .-```.  ```\\\/    _.,_ ''-._                                   \n                                                          (    '      ,       .-`  | `,    )     Running in standalone mode\n                                                          |`-._`-...-` __...-.``-._|'` _.-'|     Port: 0\n                                                          |    `-._   `._    \/     _.-'    |     PID: 9001\n                                                           `-._    `-._  `-.\/  _.-'    _.-'                                   \n                                                          |`-._`-._    `-.__.-'    _.-'_.-'|                                  \n                                                          |    `-._`-._        _.-'_.-'    |           http:\/\/redis.io        \n                                                           `-._    `-._`-.__.-'_.-'    _.-'                                   \n                                                          |`-._`-._    `-.__.-'    _.-'_.-'|                                  \n                                                          |    `-._`-._        _.-'_.-'    |                                  \n                                                           `-._    `-._`-.__.-'_.-'    _.-'                                   \n                                                               `-._    `-.__.-'    _.-'                                       \n                                                                   `-._        _.-'                                           \n                                                                       `-.__.-'\nAug 28 09:40:06 bullseye.kifarunix-demo.com redis-server[9001]: 9001:M 28 Aug 2021 09:40:06.710 # Server initialized\nAug 28 09:40:06 bullseye.kifarunix-demo.com redis[9001]: Server initialized\nAug 28 09:40:06 bullseye.kifarunix-demo.com redis-server[9001]: 9001:M 28 Aug 2021 09:40:06.711 * The server is now ready to accept connections at \/run\/redis-openvas\/redis&gt;\nAug 28 09:40:06 bullseye.kifarunix-demo.com redis[9001]: The server is now ready to accept connections at \/run\/redis-openvas\/redis.sock\nAug 28 09:40:06 bullseye.kifarunix-demo.com systemd[1]: Started Advanced key-value store (openvas).\n<\/code><\/pre>\n\n\n\n<h4 class=\"wp-block-heading\" id=\"update-network-vulnerability-tests-nv-ts\">Update Network Vulnerability Tests (NVTs)<\/h4>\n\n\n\n<p>Update Network Vulnerability Tests feed from Greenbone Security Feed\/Community Feed using the&nbsp;<code>greenbone-nvt-sync<\/code>&nbsp;command.&nbsp;<code>rsync<\/code>&nbsp;tool is required for a successful synchronization.<\/p>\n\n\n\n<p>Note that&nbsp;<strong><code>greenbone-nvt-sync<\/code><\/strong>&nbsp;must not be executed as privileged user root. For this reason, update the NVTs as gvm user created above.<\/p>\n\n\n\n<p>Ensure that user can write to OpenVAS libraries directory, <code><strong>\/var\/lib\/openvas\/<\/strong><\/code>, directory.<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>chown -R gvm: \/var\/lib\/openvas\/<\/code><\/pre>\n\n\n\n<p>Also, allow GVM user to run openvas with sudo rights.<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>echo \"gvm ALL = NOPASSWD: $(which openvas)\" &gt;&gt; \/etc\/sudoers.d\/gvm<\/code><\/pre>\n\n\n\n<p>Next, update the NVTs GVM user;<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>su - gvm<\/code><\/pre>\n\n\n\n<pre class=\"wp-block-code\"><code>greenbone-nvt-sync<\/code><\/pre>\n\n\n\n<p>If the command fails with:<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>rsync: &#91;receiver] read error: Connection reset by peer (104)\nrsync error: error in socket IO (code 10) at io.c(784) &#91;receiver=3.2.3]\nrsync: connection unexpectedly closed (1913648 bytes received so far) &#91;generator]\nrsync error: error in rsync protocol data stream (code 12) at io.c(228) &#91;generator=3.2.3]<\/code><\/pre>\n\n\n\n<p>Then append&nbsp;<code>--rsync<\/code>&nbsp;option and rerun the command.<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>greenbone-nvt-sync --rsync<\/code><\/pre>\n\n\n\n<p>Once the update is done, you need to upload the plugins into Redis server;<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>sudo openvas --update-vt-info<\/code><\/pre>\n\n\n\n<h4 class=\"wp-block-heading\" id=\"build-and-install-greenbone-vulnerability-manager\">Build and Install Greenbone Vulnerability Manager<\/h4>\n\n\n\n<pre class=\"wp-block-code\"><code>cd gvm-source\/gvmd\nmkdir build &amp;&amp; cd build\ncmake ..\nmake\nsudo make install<\/code><\/pre>\n\n\n\n<h4 class=\"wp-block-heading\" id=\"build-and-install-greenbone-security-assistant\">Build and Install Greenbone Security Assistant<\/h4>\n\n\n\n<p>The Greenbone Security Assistant is the web interface developed for the Greenbone Security Manager<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>cd ..\/..\/gsa\nrm -rf build\nyarn\nyarn build<\/code><\/pre>\n\n\n\n<p>All content of the production build can be shipped with every web server. For providing GSA via <a href=\"https:\/\/github.com\/greenbone\/gsad\/\" target=\"_blank\" rel=\"noopener\">gsad web server<\/a>, the files need to be copied into the <code>\/usr\/local\/share\/gvm\/gsad\/web\/<\/code>.<\/p>\n\n\n\n<h4 class=\"wp-block-heading\" id=\"build-and-install-greenbone-security-assistant-http-server\">Build and Install Greenbone Security Assistant HTTP server<\/h4>\n\n\n\n<p>The Greenbone Security Assistant HTTP Server is the server developed for the communication with the Greenbone Security Manager appliances. It connects to the Greenbone Vulnerability Manager Daemon <strong>gvmd<\/strong> to provide a full-featured user interface for vulnerability management.<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>cd ..\/..\/gsad\nmkdir build &amp;&amp; cd build\ncmake ..\nmake\nsudo make install<\/code><\/pre>\n\n\n\n<p>Next, copy the web interface configs;<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>&#91;&#91; -d \/usr\/local\/share\/gvm\/gsad\/web ]] || mkdir -p \/usr\/local\/share\/gvm\/gsad\/web<\/code><\/pre>\n\n\n\n<pre class=\"wp-block-code\"><code>chown -R gvm: \/usr\/local\/share\/gvm\/gsad\/web<\/code><\/pre>\n\n\n\n<pre class=\"wp-block-code\"><code>cp -rp \/opt\/gvm\/gvm-source\/gsa\/build\/* \/usr\/local\/share\/gvm\/gsad\/web<\/code><\/pre>\n\n\n\n<h4 class=\"wp-block-heading\" id=\"keeping-the-feeds-up-to-date\">Keeping the feeds up-to-date<\/h4>\n\n\n\n<p>The gvmd&nbsp;<code><strong>Data<\/strong><\/code>,&nbsp;<strong><code>SCAP<\/code><\/strong>&nbsp;and&nbsp;<code><strong>CERT<\/strong><\/code>&nbsp;Feeds should be kept up-to-date by calling the&nbsp;<code>greenbone-feed-sync<\/code>&nbsp;script regularly (e.g. via a cron entry):<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>exit<\/code><\/pre>\n\n\n\n<pre class=\"wp-block-code\"><code>chown -R gvm: \/var\/lib\/gvm\/<\/code><\/pre>\n\n\n\n<pre class=\"wp-block-code\"><code>sudo -u gvm greenbone-feed-sync --type GVMD_DATA<\/code><\/pre>\n\n\n\n<pre class=\"wp-block-code\"><code>sudo -u gvm greenbone-feed-sync --type SCAP<\/code><\/pre>\n\n\n\n<pre class=\"wp-block-code\"><code>sudo -u gvm greenbone-feed-sync --type CERT<\/code><\/pre>\n\n\n\n<p>Please note: The&nbsp;<code>CERT<\/code>&nbsp;feed sync depends on data provided by the&nbsp;<code>SCAP<\/code>&nbsp;feed and should be called after syncing the later.<\/p>\n\n\n\n<p>Also, in case the commands fail with such an error;<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>rsync: read error: Connection reset by peer (104)\nrsync error: error in socket IO (code 10) at io.c(794) &#91;receiver=3.1.3]\nrsync: connection unexpectedly closed (1047 bytes received so far) &#91;generator]\nrsync error: error in rsync protocol data stream (code 12) at io.c(235) &#91;generator=3.1.3]<\/code><\/pre>\n\n\n\n<p>Try adding&nbsp;<code><strong>--rsync<\/strong><\/code>&nbsp;option to the command, for example;<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>sudo -u gvm greenbone-feed-sync --type CERT --rsync<\/code><\/pre>\n\n\n\n<p><strong>Consider setting cron jobs to run the nvts, cert and scap data update scripts at your preferred frequency to pull updates from the feed servers.<\/strong><\/p>\n\n\n\n<h4 class=\"wp-block-heading\" id=\"generate-gvm-certificates\">Generate GVM Certificates<\/h4>\n\n\n\n<p>Next, run the command below to generate certificates gvmd.<\/p>\n\n\n\n<p>Server certificates are used for authentication while client certificates are primarily used for authorization. More on&nbsp;<code><strong>man gvm-manage-certs<\/strong><\/code>.<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>sudo -u gvm gvm-manage-certs -a<\/code><\/pre>\n\n\n\n<h4 class=\"wp-block-heading\" id=\"build-and-install-os-pd-and-os-pd-open-vas\">Build and Install OSPd and OSPd-OpenVAS<\/h4>\n\n\n\n<p>Open Scanner Protocol (OSP) creates a unified interface for different security scanners and makes their control flow and scan results consistently available under the central Greenbone Vulnerability Manager service.<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>su - gvm<\/code><\/pre>\n\n\n\n<pre class=\"wp-block-code\"><code>pip3 install wheel\npip3 install python-gvm gvm-tools<\/code><\/pre>\n\n\n\n<pre class=\"wp-block-code\"><code>cd \/opt\/gvm\/gvm-source\/ospd\npython3 -m pip install .<\/code><\/pre>\n\n\n\n<pre class=\"wp-block-code\"><code>cd \/opt\/gvm\/gvm-source\/ospd-openvas\npython3 -m pip install .<\/code><\/pre>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"running-open-vas-scanner-gsa-and-gvm-services\">Running OpenVAS Scanner, GSA and GVM services<\/h3>\n\n\n\n<p>In order to make the management of OpenVAS scanner, GSA (WebUI service) and GVM daemon, create systemd service unit files for each of them as follows.<\/p>\n\n\n\n<p>Log out as&nbsp;<code><strong>gvm<\/strong><\/code>&nbsp;user and execute the commands below as a privileged user.<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>exit<\/code><\/pre>\n\n\n\n<h4 class=\"wp-block-heading\" id=\"create-systemd-service-unit-for-open-vas-ospd\">Create Systemd Service unit for OpenVAS OSPD<\/h4>\n\n\n\n<p>You can copy the service unit file from the source directory to systemd service unit files directory and modify it accordingly. We use the service unit below in this setup.<\/p>\n\n\n\n<pre class=\"scroll-box\"><code>\ncat > \/etc\/systemd\/system\/ospd-openvas.service << 'EOL'\n[Unit]\nDescription=OSPd Wrapper for the OpenVAS Scanner (ospd-openvas)\nAfter=network.target networking.service redis-server@openvas.service postgresql.service\nWants=redis-server@openvas.service\nConditionKernelCommandLine=!recovery\n\n[Service]\nExecStartPre=-rm -rf \/var\/run\/gvm\/ospd-openvas.pid \/var\/run\/gvm\/ospd-openvas.sock\nType=simple\nUser=gvm\nGroup=gvm\nRuntimeDirectory=gvm\nEnvironment=PATH=\/usr\/local\/sbin:\/usr\/local\/bin:\/usr\/sbin:\/usr\/bin:\/sbin:\/bin:\/usr\/games:\/usr\/local\/games:\/opt\/gvm\/bin:\/opt\/gvm\/sbin:\/opt\/gvm\/.local\/bin\nExecStart=\/opt\/gvm\/.local\/bin\/ospd-openvas \\\n--pid-file \/var\/run\/gvm\/ospd-openvas.pid \\\n--log-file \/var\/log\/gvm\/ospd-openvas.log \\\n--lock-file-dir \/var\/run\/gvm -u \/var\/run\/gvm\/ospd-openvas.sock\nRemainAfterExit=yes\n\n[Install]\nWantedBy=multi-user.target\nEOL\n<\/code><\/pre>\n\n\n\n<p>Set the user\/group owner of the directories, <strong>\/var\/run\/gvm<\/strong> and <strong>\/var\/log\/gvm<\/strong> to user <strong>gvm<\/strong>.<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>&#91;&#91; -d \/var\/run\/gvm ]] || mkdir \/var\/run\/gvm<\/code><\/pre>\n\n\n\n<pre class=\"wp-block-code\"><code>chown -R gvm: \/var\/run\/gvm \/var\/log\/gvm<\/code><\/pre>\n\n\n\n<p>Reload systemd configs;<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>systemctl daemon-reload<\/code><\/pre>\n\n\n\n<p>Start and enable OSPD openvas wrapper service;<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>systemctl enable --now ospd-openvas<\/code><\/pre>\n\n\n\n<p>Check the status;<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>systemctl status ospd-openvas.service<\/code><\/pre>\n\n\n\n<pre class=\"scroll-box\"><code>\u25cf ospd-openvas.service - OSPd Wrapper for the OpenVAS Scanner (ospd-openvas)\n     Loaded: loaded (\/etc\/systemd\/system\/ospd-openvas.service; enabled; vendor preset: enabled)\n     Active: active (exited) since Sat 2021-08-28 11:26:07 EAT; 6s ago\n    Process: 11142 ExecStartPre=rm -rf \/var\/run\/gvm\/ospd-openvas.pid \/var\/run\/gvm\/ospd-openvas.sock (code=exited, status=0\/SUCCESS)\n    Process: 11143 ExecStart=\/opt\/gvm\/.local\/bin\/ospd-openvas --pid-file \/var\/run\/gvm\/ospd-openvas.pid --log-file \/var\/log\/gvm\/ospd-openvas.log --lock-file-dir \/var\/run\/gvm -u \/ru&gt;\n   Main PID: 11143 (code=exited, status=0\/SUCCESS)\n      Tasks: 4 (limit: 4679)\n     Memory: 28.3M\n        CPU: 463ms\n     CGroup: \/system.slice\/ospd-openvas.service\n             \u251c\u250011145 \/usr\/bin\/python3 \/opt\/gvm\/.local\/bin\/ospd-openvas --pid-file \/var\/run\/gvm\/ospd-openvas.pid --log-file \/var\/log\/gvm\/ospd-openvas.log --lock-file-dir \/run\/g&gt;\n             \u2514\u250011147 \/usr\/bin\/python3 \/opt\/gvm\/.local\/bin\/ospd-openvas --pid-file \/var\/run\/gvm\/ospd-openvas.pid --log-file \/var\/log\/gvm\/ospd-openvas.log --lock-file-dir \/run\/g&gt;\n\nAug 28 11:26:07 bullseye.kifarunix-demo.com systemd[1]: Starting OSPd Wrapper for the OpenVAS Scanner (ospd-openvas)...\nAug 28 11:26:07 bullseye.kifarunix-demo.com systemd[1]: Started OSPd Wrapper for the OpenVAS Scanner (ospd-openvas).\n<\/code><\/pre>\n\n\n\n<p>Be sure to also check the logs;<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>tail -f \/var\/log\/gvm\/ospd-openvas.log<\/code><\/pre>\n\n\n\n<h4 class=\"wp-block-heading\" id=\"creating-systemd-service-units-for-gvm-services\">Creating Systemd Service units for GVM services<\/h4>\n\n\n\n<p>When run, the installer creates GVM daemon service unit, <strong><code>\/lib\/systemd\/system\/gvmd.service<\/code><\/strong>.<\/p>\n\n\n\n<p>Let us modify this service unit file;<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>cp \/lib\/systemd\/system\/gvmd.service{,.bak}<\/code><\/pre>\n\n\n\n<pre class=\"scroll-box\"><code>\ncat > \/lib\/systemd\/system\/gvmd.service << 'EOL'\n[Unit]\nDescription=Greenbone Vulnerability Manager daemon (gvmd)\nAfter=network.target networking.service postgresql.service ospd-openvas.service\nWants=postgresql.service ospd-openvas.service\nDocumentation=man:gvmd(8)\nConditionKernelCommandLine=!recovery\n\n[Service]\nType=forking\nUser=gvm\nGroup=gvm\nRuntimeDirectory=gvmd\nEnvironment=PATH=\/usr\/local\/sbin:\/usr\/local\/bin:\/usr\/sbin:\/usr\/bin:\/sbin:\/bin:\/usr\/games:\/usr\/local\/games:\/opt\/gvm\/bin:\/opt\/gvm\/sbin:\/opt\/gvm\/.local\/bin\nExecStart=\/usr\/local\/sbin\/gvmd --osp-vt-update=\/var\/run\/gvm\/ospd-openvas.sock\nRestart=always\nTimeoutStopSec=10\n\n[Install]\nWantedBy=multi-user.target\nEOL\n<\/code><\/pre>\n\n\n\n<p>Reload system unit configs and start the services;<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>systemctl daemon-reload\nsystemctl enable --now gvmd<\/code><\/pre>\n\n\n\n<p>Checking the status;<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>systemctl status gvmd<\/code><\/pre>\n\n\n\n<pre class=\"scroll-box\"><code>\n\u25cf gvmd.service - Greenbone Vulnerability Manager daemon (gvmd)\n     Loaded: loaded (\/lib\/systemd\/system\/gvmd.service; enabled; vendor preset: enabled)\n     Active: active (running) since Sat 2021-08-28 11:29:25 EAT; 1min 15s ago\n       Docs: man:gvmd(8)\n    Process: 11259 ExecStart=\/usr\/local\/sbin\/gvmd --osp-vt-update=\/var\/run\/gvm\/ospd-openvas.sock (code=exited, status=0\/SUCCESS)\n   Main PID: 11261 (gvmd)\n      Tasks: 9 (limit: 4679)\n     Memory: 608.8M\n        CPU: 18.131s\n     CGroup: \/system.slice\/gvmd.service\n             \u251c\u250011261 gvmd: Waiting for incoming connections\n             \u251c\u250011299 gpg-agent --homedir \/var\/lib\/gvm\/gvmd\/gnupg --use-standard-socket --daemon\n             \u251c\u250011311 gvmd: Reloading NVTs\n             \u251c\u250011312 gvmd: Syncing SCAP: Updating CPEs\n             \u251c\u250011313 gvmd: OSP: Updating NVT cache\n             \u251c\u250011314 gvmd: Syncing CERT\n             \u251c\u250011326 sh -c xml_split -s40Mb split.xml && head -n 2 split-00.xml > head.xml && echo '<\/cpe-list>' > tail.xml && for F in split-*.xml; do    awk 'NR>3 {print>\n             \u251c\u250011327 \/usr\/bin\/perl -w \/usr\/bin\/xml_split -s40Mb split.xml\n             \u2514\u250011334 gvmd: Synchronizing feed data\n\nAug 28 11:29:25 bullseye.kifarunix-demo.com systemd[1]: Starting Greenbone Vulnerability Manager daemon (gvmd)...\nAug 28 11:29:25 bullseye.kifarunix-demo.com systemd[1]: Started Greenbone Vulnerability Manager daemon (gvmd).\n<\/code><\/pre>\n\n\n\n<p>Check the logs;<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>tail -f \/var\/log\/gvm\/gvmd.log<\/code><\/pre>\n\n\n\n<h4 class=\"wp-block-heading\" id=\"creating-systemd-service-units-for-gsa-services\"><meta http-equiv=\"content-type\" content=\"text\/html; charset=utf-8\">Creating Systemd Service units for GSA services<\/h4>\n\n\n\n<p>When run, the installer creates GSA daemon service unit, <strong><code>\/lib\/systemd\/system\/gsad.service<\/code><\/strong>.<\/p>\n\n\n\n<p>Let us modify this service unit file;<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>cp \/lib\/systemd\/system\/gsad.service{,.bak}<\/code><\/pre>\n\n\n\n<pre class=\"scroll-box\"><code>\ncat > \/lib\/systemd\/system\/gsad.service << 'EOL'\n[Unit]\nDescription=Greenbone Security Assistant daemon (gsad)\nDocumentation=man:gsad(8) https:\/\/www.greenbone.net\nAfter=network.target gvmd.service\nWants=gvmd.service\n\n[Service]\nType=simple\nUser=gvm\nGroup=gvm\nRuntimeDirectory=gsad\nPIDFile=\/var\/run\/gsad\/gsad.pid\nEnvironment=PATH=\/usr\/local\/sbin:\/usr\/local\/bin:\/usr\/sbin:\/usr\/bin:\/sbin:\/bin:\/usr\/games:\/usr\/local\/games:\/opt\/gvm\/bin:\/opt\/gvm\/sbin:\/opt\/gvm\/.local\/bin\nExecStart=\/usr\/bin\/sudo \/usr\/local\/sbin\/gsad -k \/var\/lib\/gvm\/private\/CA\/clientkey.pem -c \/var\/lib\/gvm\/CA\/clientcert.pem\nRemainAfterExit=yes\n\n[Install]\nWantedBy=multi-user.target\nEOL\n<\/code><\/pre>\n\n\n\n<p>The option, <code><strong>-k \/var\/lib\/gvm\/private\/CA\/clientkey.pem -c \/var\/lib\/gvm\/CA\/clientcert.pem<\/strong><\/code>, is as per the certificates path generated by running the <meta http-equiv=\"content-type\" content=\"text\/html; charset=utf-8\"><strong><code>gvm-manage-certs<\/code><\/strong> command above.<\/p>\n\n\n\n<p>Enable GVM user to run gsad with sudo rights;<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>echo \"gvm ALL = NOPASSWD: $(which gsad)\" &gt;&gt; \/etc\/sudoers.d\/gvm<\/code><\/pre>\n\n\n\n<p>Reload system unit configs and start the services;<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>systemctl daemon-reload\nsystemctl enable --now gsad<\/code><\/pre>\n\n\n\n<p>Checking the status;<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>systemctl status gsad<\/code><\/pre>\n\n\n\n<pre class=\"scroll-box\"><code>\u25cf gsad.service - Greenbone Security Assistant daemon (gsad)\n     Loaded: loaded (\/lib\/systemd\/system\/gsad.service; enabled; vendor preset: enabled)\n     Active: active (exited) since Sat 2021-08-28 11:46:14 EAT; 55s ago\n       Docs: man:gsad(8)\n             https:\/\/www.greenbone.net\n    Process: 11954 ExecStart=\/usr\/bin\/sudo \/usr\/local\/sbin\/gsad -k \/var\/lib\/gvm\/private\/CA\/clientkey.pem -c \/var\/lib\/gvm\/CA\/clientcert.pem (code=exited, status=0\/SUCCESS)\n   Main PID: 11954 (code=exited, status=0\/SUCCESS)\n      Tasks: 4 (limit: 4679)\n     Memory: 4.1M\n        CPU: 66ms\n     CGroup: \/system.slice\/gsad.service\n             \u251c\u250011957 \/usr\/local\/sbin\/gsad -k \/var\/lib\/gvm\/private\/CA\/clientkey.pem -c \/var\/lib\/gvm\/CA\/clientcert.pem\n             \u2514\u250011958 \/usr\/local\/sbin\/gsad -k \/var\/lib\/gvm\/private\/CA\/clientkey.pem -c \/var\/lib\/gvm\/CA\/clientcert.pem\n\nAug 28 11:46:14 bullseye.kifarunix-demo.com systemd[1]: Stopping Greenbone Security Assistant daemon (gsad)...\nAug 28 11:46:14 bullseye.kifarunix-demo.com sudo[11954]:      gvm : PWD=\/ ; USER=root ; COMMAND=\/usr\/local\/sbin\/gsad -k \/var\/lib\/gvm\/private\/CA\/clientkey.pem -c \/var\/lib\/g&gt;\nAug 28 11:46:14 bullseye.kifarunix-demo.com systemd[1]: Started Greenbone Security Assistant daemon (gsad).\nAug 28 11:46:14 bullseye.kifarunix-demo.com sudo[11954]: pam_unix(sudo:session): session opened for user root(uid=0) by (uid=998)\nAug 28 11:46:15 bullseye.kifarunix-demo.com sudo[11955]: Oops, secure memory pool already initialized\nAug 28 11:46:15 bullseye.kifarunix-demo.com sudo[11954]: pam_unix(sudo:session): session closed for user root\n<\/code><\/pre>\n\n\n\n<p>Check the logs;<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>tail \/var\/log\/gvm\/gsad.log<\/code><\/pre>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"create-gvm-scanner\">Create GVM Scanner<\/h3>\n\n\n\n<p>Since we launched the scanner and set it to use our non-standard scanner host path (<strong>\/var\/run\/gvm\/ospd-openvas.sock<\/strong>), we need to create and register our scanner;<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>sudo -u gvm gvmd --create-scanner=\"Kifarunix-demo OpenVAS Scanner\" \\\n--scanner-type=\"OpenVAS\" --scanner-host=\/var\/run\/gvm\/ospd-openvas.sock<\/code><\/pre>\n\n\n\n<pre class=\"wp-block-code\"><code>Scanner created.<\/code><\/pre>\n\n\n\n<p>Next, you need to verify your scanner. For this, you first need to get the scanner identifier;<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>sudo -u gvm gvmd --get-scanners<\/code><\/pre>\n\n\n\n<pre class=\"scroll-box\"><code>08b69003-5fc2-4037-a479-93b440211c73  OpenVAS  \/run\/ospd\/ospd-openvas.sock  0  OpenVAS Default\n6acd0832-df90-11e4-b9d5-28d24461215b  CVE    0  CVE\n<strong>6e0c2bec-9688-430d-b8da-f59a7c27fbe7  OpenVAS  \/var\/run\/gvm\/ospd-openvas.sock  9390  Kifarunix-demo OpenVAS Scanner<\/strong>\n<\/code><\/pre>\n\n\n\n<p>Based on the output above, our scanner UUID is,&nbsp;<strong><code><meta http-equiv=\"content-type\" content=\"text\/html; charset=utf-8\">6e0c2bec-9688-430d-b8da-f59a7c27fbe7<\/code><\/strong>.<\/p>\n\n\n\n<p>Verify the scanner;<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>sudo -u gvm gvmd --verify-scanner=<strong><meta http-equiv=\"content-type\" content=\"text\/html; charset=utf-8\">6e0c2bec-9688-430d-b8da-f59a7c27fbe7<\/strong><\/code><\/pre>\n\n\n\n<p>Command output;<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>Scanner version: OpenVAS 21.4.3~dev1~git-3e7b6d3f-openvas-21.04.<\/code><\/pre>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"create-gvm-admin-user\">Create GVM Admin User<\/h3>\n\n\n\n<p>Create GVM administrative user by running the command below;<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>sudo -u gvm gvmd --create-user admin<\/code><\/pre>\n\n\n\n<p>This command generates a random password for the user. See sample output below;<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>User created with password '3ae45864-0d6a-4a53-938f-730a1bb5d959'.<\/code><\/pre>\n\n\n\n<p>If you want to create a user and at the same time create your own password;<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>sudo -u gvm gvmd --create-user <strong>USERNAME<\/strong> --password=<strong>PASSWORD<\/strong><\/code><\/pre>\n\n\n\n<p>Otherwise, you can reset the password of an already existing user;<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>sudo -u gvm gvmd --user=&lt;USERNAME&gt; --new-password=&lt;PASSWORD&gt;<\/code><\/pre>\n\n\n\n<p>An administrator user can later create further users or administrators via clients like the Greenbone Security Assistant (GSA).<\/p>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"set-the-feed-import-owner\">Set the Feed Import Owner<\/h3>\n\n\n\n<p>According to&nbsp;<code><strong>gvmd\/INSTALL.md<\/strong><\/code>, certain resources that were previously part of the gvmd source code are now shipped via the feed. An example is the config \u201cFull and Fast\u201d.<\/p>\n\n\n\n<p>gvmd will only create these resources if a \u201cFeed Import Owner\u201d is configured:<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>sudo -u gvm gvmd --modify-setting 78eceaec-3385-11ea-b237-28d24461215b --value &lt;uuid_of_user&gt;<\/code><\/pre>\n\n\n\n<p>The UUIDs of all created users can be found using<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>sudo -u gvm gvmd --get-users --verbose<\/code><\/pre>\n\n\n\n<p>Sample output;<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>admin bb3bd8a6-6b77-464f-9f9b-1afe4835be15<\/code><\/pre>\n\n\n\n<p>Then modify the gvmd settings with the user UUID.<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>sudo -u gvm gvmd --modify-setting 78eceaec-3385-11ea-b237-28d24461215b --value <meta http-equiv=\"content-type\" content=\"text\/html; charset=utf-8\">bb3bd8a6-6b77-464f-9f9b-1afe4835be15<\/code><\/pre>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"accessing-gvm-21-04-web-interface\">Accessing GVM 21.04 Web Interface<\/h3>\n\n\n\n<p>Greenbone Security Assistant (GSA) WebUI daemon opens port 443 and listens on all interfaces.<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>ss -altnp | grep 443<\/code><\/pre>\n\n\n\n<pre class=\"wp-block-code\"><code>LISTEN 0      1024               *:443             *:*    users:((\"gsad\",pid=11957,fd=10))<\/code><\/pre>\n\n\n\n<p>If firewall is running, open this port to allow external access.<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>ufw allow 443\/tcp<\/code><\/pre>\n\n\n\n<p>You can now access GSA via the url&nbsp;<code><strong>https:&lt;serverIP-OR-hostname&gt;<\/strong><\/code>. <\/p>\n\n\n\n<p>Accept the self-signed SSL warning and proceed.<\/p>\n\n\n\n<figure class=\"wp-block-image size-full\"><img loading=\"lazy\" decoding=\"async\" width=\"1675\" height=\"959\" src=\"https:\/\/kifarunix.com\/wp-content\/uploads\/2021\/08\/gvm-21.04-login-interface.png\" alt=\"Install GVM 21.04 on Debian 11\/Debian 10\" class=\"wp-image-10219\" title=\"\" srcset=\"https:\/\/kifarunix.com\/wp-content\/uploads\/2021\/08\/gvm-21.04-login-interface.png?v=1630141833 1675w, https:\/\/kifarunix.com\/wp-content\/uploads\/2021\/08\/gvm-21.04-login-interface-768x440.png?v=1630141833 768w, https:\/\/kifarunix.com\/wp-content\/uploads\/2021\/08\/gvm-21.04-login-interface-1536x879.png?v=1630141833 1536w\" sizes=\"(max-width: 1675px) 100vw, 1675px\" \/><\/figure>\n\n\n\n<p>Dashboard<\/p>\n\n\n\n<figure class=\"wp-block-image size-full\"><img loading=\"lazy\" decoding=\"async\" width=\"1897\" height=\"932\" src=\"https:\/\/kifarunix.com\/wp-content\/uploads\/2021\/08\/gvm-21.04_dashboard.png\" alt=\"\" class=\"wp-image-10227\" title=\"\" srcset=\"https:\/\/kifarunix.com\/wp-content\/uploads\/2021\/08\/gvm-21.04_dashboard.png?v=1630169528 1897w, https:\/\/kifarunix.com\/wp-content\/uploads\/2021\/08\/gvm-21.04_dashboard-768x377.png?v=1630169528 768w, https:\/\/kifarunix.com\/wp-content\/uploads\/2021\/08\/gvm-21.04_dashboard-1536x755.png?v=1630169528 1536w\" sizes=\"(max-width: 1897px) 100vw, 1897px\" \/><\/figure>\n\n\n\n<p>Feed Status<\/p>\n\n\n\n<figure class=\"wp-block-image size-full\"><img loading=\"lazy\" decoding=\"async\" width=\"1905\" height=\"446\" src=\"https:\/\/kifarunix.com\/wp-content\/uploads\/2021\/08\/gvm-21.04_feed-status.png\" alt=\"\" class=\"wp-image-10229\" title=\"\" srcset=\"https:\/\/kifarunix.com\/wp-content\/uploads\/2021\/08\/gvm-21.04_feed-status.png?v=1630169549 1905w, https:\/\/kifarunix.com\/wp-content\/uploads\/2021\/08\/gvm-21.04_feed-status-768x180.png?v=1630169549 768w, https:\/\/kifarunix.com\/wp-content\/uploads\/2021\/08\/gvm-21.04_feed-status-1536x360.png?v=1630169549 1536w\" sizes=\"(max-width: 1905px) 100vw, 1905px\" \/><\/figure>\n\n\n\n<p>SecInfo<\/p>\n\n\n\n<figure class=\"wp-block-image size-full\"><img loading=\"lazy\" decoding=\"async\" width=\"1901\" height=\"945\" src=\"https:\/\/kifarunix.com\/wp-content\/uploads\/2021\/08\/gvm-21.04-sec-info.png\" alt=\"\" class=\"wp-image-10230\" title=\"\" srcset=\"https:\/\/kifarunix.com\/wp-content\/uploads\/2021\/08\/gvm-21.04-sec-info.png?v=1630169783 1901w, https:\/\/kifarunix.com\/wp-content\/uploads\/2021\/08\/gvm-21.04-sec-info-768x382.png?v=1630169783 768w, https:\/\/kifarunix.com\/wp-content\/uploads\/2021\/08\/gvm-21.04-sec-info-1536x764.png?v=1630169783 1536w\" sizes=\"(max-width: 1901px) 100vw, 1901px\" \/><\/figure>\n\n\n\n<p>And hey, dont forget to choose your default scanner created above, when scanning your hosts;<\/p>\n\n\n<div class=\"wp-block-image\">\n<figure class=\"aligncenter size-full\"><img loading=\"lazy\" decoding=\"async\" width=\"1014\" height=\"663\" src=\"https:\/\/kifarunix.com\/wp-content\/uploads\/2021\/08\/scanner.png\" alt=\"\" class=\"wp-image-10232\" title=\"\" srcset=\"https:\/\/kifarunix.com\/wp-content\/uploads\/2021\/08\/scanner.png?v=1630170363 1014w, https:\/\/kifarunix.com\/wp-content\/uploads\/2021\/08\/scanner-768x502.png?v=1630170363 768w\" sizes=\"(max-width: 1014px) 100vw, 1014px\" \/><\/figure><\/div>\n\n\n<p>You can now start scanning your assets.<\/p>\n\n\n\n<p>Sample Scan Report<\/p>\n\n\n\n<figure class=\"wp-block-image size-full\"><img loading=\"lazy\" decoding=\"async\" width=\"1915\" height=\"754\" src=\"https:\/\/kifarunix.com\/wp-content\/uploads\/2021\/08\/sample-scan-report.png\" alt=\"\" class=\"wp-image-10236\" title=\"\" srcset=\"https:\/\/kifarunix.com\/wp-content\/uploads\/2021\/08\/sample-scan-report.png?v=1630174351 1915w, https:\/\/kifarunix.com\/wp-content\/uploads\/2021\/08\/sample-scan-report-768x302.png?v=1630174351 768w, https:\/\/kifarunix.com\/wp-content\/uploads\/2021\/08\/sample-scan-report-1536x605.png?v=1630174351 1536w\" sizes=\"(max-width: 1915px) 100vw, 1915px\" \/><\/figure>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"other-tutorials\">Other Tutorials<\/h3>\n\n\n\n<p><a href=\"https:\/\/kifarunix.com\/install-nikto-web-scanner-on-rocky-linux-8\/\" target=\"_blank\" rel=\"noreferrer noopener\">Install Nikto Web Scanner on Rocky Linux 8<\/a><\/p>\n\n\n\n<p><a href=\"https:\/\/kifarunix.com\/install-and-setup-nessus-scanner-on-ubuntu-20-04\/\" target=\"_blank\" rel=\"noreferrer noopener\">Install and Setup Nessus Scanner on Ubuntu 20.04<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>In this guide, you will learn how to install GVM 21.04&nbsp;on Debian 11\/Debian 10.&nbsp;Greenbone&nbsp;Vulnerability&nbsp;Management (GVM), previously known as OpenVAS, is a network security scanner which<\/p>\n","protected":false},"author":3,"featured_media":9878,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"rank_math_lock_modified_date":false,"footnotes":""},"categories":[34,121,150],"tags":[997,3958,4022,4026,3133,4025,4023,4024,4021,100],"class_list":["post-10217","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-security","category-howtos","category-vulnerability-scanners","tag-debian-10","tag-debian-11","tag-debian-11-gvm-21-04","tag-gsa","tag-gvm-20-08","tag-gvm-21-04","tag-gvm-21-04-debian-10","tag-install-gvm-21-04-on-debian-10","tag-install-gvm-21-04-on-debian-11","tag-openvas","generate-columns","tablet-grid-50","mobile-grid-100","grid-parent","grid-50","resize-featured-image"],"_links":{"self":[{"href":"https:\/\/kifarunix.com\/wp-json\/wp\/v2\/posts\/10217"}],"collection":[{"href":"https:\/\/kifarunix.com\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/kifarunix.com\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/kifarunix.com\/wp-json\/wp\/v2\/users\/3"}],"replies":[{"embeddable":true,"href":"https:\/\/kifarunix.com\/wp-json\/wp\/v2\/comments?post=10217"}],"version-history":[{"count":24,"href":"https:\/\/kifarunix.com\/wp-json\/wp\/v2\/posts\/10217\/revisions"}],"predecessor-version":[{"id":21673,"href":"https:\/\/kifarunix.com\/wp-json\/wp\/v2\/posts\/10217\/revisions\/21673"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/kifarunix.com\/wp-json\/wp\/v2\/media\/9878"}],"wp:attachment":[{"href":"https:\/\/kifarunix.com\/wp-json\/wp\/v2\/media?parent=10217"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/kifarunix.com\/wp-json\/wp\/v2\/categories?post=10217"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/kifarunix.com\/wp-json\/wp\/v2\/tags?post=10217"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}