{"id":11734,"date":"2022-07-08T08:44:33","date_gmt":"2022-07-08T05:44:33","guid":{"rendered":"https:\/\/kifarunix.com\/?p=11734"},"modified":"2024-03-09T20:32:50","modified_gmt":"2024-03-09T17:32:50","slug":"install-gvm-21-04-on-ubuntu","status":"publish","type":"post","link":"https:\/\/kifarunix.com\/install-gvm-21-04-on-ubuntu\/","title":{"rendered":"Install GVM 21.4 on Ubuntu 20.04"},"content":{"rendered":"\n<p>In this guide, you will learn how to install GVM 21.4 on Ubuntu 20.04. <a href=\"https:\/\/community.greenbone.net\/\" target=\"_blank\" rel=\"noreferrer noopener\"><strong>G<\/strong>reenbone&nbsp;<strong>V<\/strong>ulnerability&nbsp;<strong>M<\/strong>anagement (GVM)<\/a>, previously known as OpenVAS, is a network security scanner which provides a set of network vulnerability tests (NVTs) to detect security loopholes in systems and applications. As of this writing, <a href=\"https:\/\/github.com\/greenbone\/gvm-libs\/releases\" target=\"_blank\" rel=\"noopener\">GVM 21.4 is the current stable release<\/a> and <em>&nbsp;<\/em>is the latest release.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"install-gvm-11-ubuntu-20.04\">Install GVM 21.4 on Ubuntu 20.04<\/h2>\n\n\n\n<h3 class=\"wp-block-heading\">Prerequisites<\/h3>\n\n\n\n<p>In this demo, we will install and setup GVM 21.4 on Ubuntu 20.04 from source code. As such, below are the system requirements I would personally recommend.<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>At least 4 GB RAM<\/li>\n\n\n\n<li>At least 4 vCPUs<\/li>\n\n\n\n<li>More than 8 GB disk space (We used 16 GB in this demo)<\/li>\n<\/ul>\n\n\n\n<p>These requirements will vary depending on your use cases, however. Just be sure to provide &#8220;enough&#8221;.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">Run System Update<\/h3>\n\n\n\n<p>To begin with, update your system package cache and upgrade your system packages;<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>apt update<\/code><\/pre>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"create-gvm-user\">Create GVM User on Ubuntu<\/h3>\n\n\n\n<p>In this demo, we will run GVM 21.4 as a non privileged system user. Thus, create <code><strong>gvm<\/strong><\/code> system user account.<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>useradd -r -m -d \/opt\/gvm -c \"GVM User\" -s \/bin\/bash gvm<\/code><\/pre>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"install-gvm-11-required-dependencies\">Install Required Build Tools<\/h3>\n\n\n\n<p>In order to successfully build GVM 21.4 on Ubuntu 20.04, you need to install a number of required dependencies and build tools.<\/p>\n\n\n\n<pre class=\"scroll-box\"><code>apt install gcc g++ make bison flex libksba-dev curl redis libpcap-dev \\\ncmake git pkg-config libglib2.0-dev libgpgme-dev nmap libgnutls28-dev uuid-dev \\\nlibssh-gcrypt-dev libldap2-dev gnutls-bin libmicrohttpd-dev libhiredis-dev \\\nzlib1g-dev libxml2-dev libradcli-dev clang-format libldap2-dev doxygen libnet1-dev \\\ngcc-mingw-w64 xml-twig-tools libical-dev perl-base heimdal-dev libpopt-dev \\\nlibsnmp-dev python3-setuptools python3-paramiko python3-lxml python3-defusedxml \\\npython3-dev gettext python3-polib xmltoman python3-pip texlive-fonts-recommended \\\ntexlive-latex-extra --no-install-recommends xsltproc libunistring-dev vim -y\n<\/code><\/pre>\n\n\n\n<h4 class=\"wp-block-heading\" id=\"install-yarn-ubuntu-20.04\">Install Yarn on Ubuntu 20.04<\/h4>\n\n\n\n<p>Next, install Yarn JavaScript package manager<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>curl -sS https:\/\/dl.yarnpkg.com\/debian\/pubkey.gpg | gpg --dearmor &gt; \/etc\/apt\/trusted.gpg.d\/yarn.gpg<\/code><\/pre>\n\n\n\n<pre class=\"wp-block-code\"><code>echo \"deb https:\/\/dl.yarnpkg.com\/debian\/ stable main\" &gt; \/etc\/apt\/sources.list.d\/yarn.list<\/code><\/pre>\n\n\n\n<pre class=\"wp-block-code\"><code>apt update<\/code><\/pre>\n\n\n\n<pre class=\"wp-block-code\"><code>apt install yarn -y<\/code><\/pre>\n\n\n\n<h4 class=\"wp-block-heading\" id=\"install-postgresql-ubuntu20.04\">Install PostgreSQL on Ubuntu 20.04<\/h4>\n\n\n\n<p>GVM 21.4 uses PostgreSQL as the backend database.<\/p>\n\n\n\n<p>Therefore, run the command below to install PostgreSQL on Ubuntu 20.04;<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>apt install postgresql postgresql-contrib postgresql-server-dev-all<\/code><\/pre>\n\n\n\n<p>Start and enable PostgreSQL to run on system boot;<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>systemctl enable --now postgresql<\/code><\/pre>\n\n\n\n<h4 class=\"wp-block-heading\" id=\"create-postgresql-user-n-db\">Create PostgreSQL User and Database<\/h4>\n\n\n\n<p>Once the installation is done, create the PostgreSQL user and database for Greenbone Vulnerability Management Daemon (gvmd). Note that the database and user should be created as PostgreSQL user,&nbsp;<strong>postgres<\/strong>.<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>sudo -Hiu postgres createuser gvm<\/code><\/pre>\n\n\n\n<pre class=\"wp-block-code\"><code>sudo -Hiu postgres createdb -O gvm gvmd<\/code><\/pre>\n\n\n\n<p>Grant PostgreSQL GVM User DBA Roles<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>sudo -Hiu postgres psql gvmd -c 'create role dba with superuser noinherit;'<\/code><\/pre>\n\n\n\n<pre class=\"wp-block-code\"><code>sudo -Hiu postgres psql gvmd -c 'grant dba to gvm;'<\/code><\/pre>\n\n\n\n<pre class=\"wp-block-code\"><code>sudo -Hiu postgres psql gvmd -c 'create extension \"uuid-ossp\";'<\/code><\/pre>\n\n\n\n<pre class=\"wp-block-code\"><code>sudo -Hiu postgres psql gvmd -c 'create extension \"pgcrypto\";'<\/code><\/pre>\n\n\n\n<p>Once that is done, restart PostgreSQL;<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>systemctl restart postgresql<\/code><\/pre>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"install-gvm-11-from-source-ubuntu-20.04\">Building GVM 21.4 from Source Code<\/h3>\n\n\n\n<p>There are different tools required to install and setup GVM 21.4 on Ubuntu 20.04. These include;<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>GVM Libraries<\/li>\n\n\n\n<li>OpenVAS Scanner<\/li>\n\n\n\n<li>OSPd<\/li>\n\n\n\n<li>ospd-openvas<\/li>\n\n\n\n<li>Greenbone Vulnerability Manager<\/li>\n\n\n\n<li>Greenbone Security Assistant <\/li>\n\n\n\n<li>Python-GVM<\/li>\n\n\n\n<li>GVM-Tools <\/li>\n\n\n\n<li>OpenVAS SMB<\/li>\n<\/ul>\n\n\n\n<p>Every component has <strong>README.md<\/strong>&nbsp;and a&nbsp;<strong>INSTALL.md<\/strong>&nbsp;file that explains how to build and install it.<\/p>\n\n\n\n<p>Since we are running GVM as non-privileged user, gvm, then we will install all the GVM configuration files and libraries under, <code><strong>\/opt\/gvm<\/strong><\/code> (<strong><em><code>\/opt\/gvm\/bin:\/opt\/gvm\/sbin:\/opt\/gvm\/.local\/bin<\/code><\/em><\/strong>).<\/p>\n\n\n\n<p>Update the PATH environment variable on <code><strong>\/etc\/environment<\/strong><\/code>, to include the GVM binary path such that it looks like;<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>sed -i.bak '\/^PATH\/s|\"$|:\/opt\/gvm\/bin:\/opt\/gvm\/sbin:\/opt\/gvm\/.local\/bin\"|' \/etc\/environment<\/code><\/pre>\n\n\n\n<pre class=\"wp-block-code\"><code>source \/etc\/environment<\/code><\/pre>\n\n\n\n<p>Add GVM library path to <code><strong>\/etc\/ld.so.conf.d<\/strong><\/code>. <\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>echo \"\/opt\/gvm\/lib\" &gt; \/etc\/ld.so.conf.d\/gvm.conf<\/code><\/pre>\n\n\n\n<h4 class=\"wp-block-heading\">Build and Install GVM on Ubuntu 20.04<\/h4>\n\n\n\n<p>Before you can proceed, enable gvm user to run installation command with sudo rights;<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>echo \"gvm ALL = NOPASSWD: \/usr\/bin\/make install\" &gt;&gt; \/etc\/sudoers.d\/gvm<\/code><\/pre>\n\n\n\n<p>Switch to GVM user, gvm and create a temporary directory to store GVM source files.<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>sudo -Hiu gvm mkdir gvm-source<\/code><\/pre>\n\n\n\n<h4 class=\"wp-block-heading\" id=\"download-gvm-11-source-files\">Download GVM 21.4 Source Files<\/h4>\n\n\n\n<p>Clone the GVM github branch files into directory created above.<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>sudo -Hiu gvm git clone -b stable --single-branch https:\/\/github.com\/greenbone\/gvm-libs.git gvm-source\/gvm-libs<\/code><\/pre>\n\n\n\n<pre class=\"wp-block-code\"><code>sudo -Hiu gvm git clone -b main --single-branch https:\/\/github.com\/greenbone\/openvas-smb.git gvm-source\/openvas-smb<\/code><\/pre>\n\n\n\n<pre class=\"wp-block-code\"><code>sudo -Hiu gvm git clone -b stable --single-branch https:\/\/github.com\/greenbone\/openvas.git gvm-source\/openvas<\/code><\/pre>\n\n\n\n<pre class=\"wp-block-code\"><code>sudo -Hiu gvm git clone -b stable --single-branch https:\/\/github.com\/greenbone\/ospd.git gvm-source\/ospd<\/code><\/pre>\n\n\n\n<pre class=\"wp-block-code\"><code>sudo -Hiu gvm git clone -b stable --single-branch https:\/\/github.com\/greenbone\/ospd-openvas.git gvm-source\/ospd-openvas<\/code><\/pre>\n\n\n\n<pre class=\"wp-block-code\"><code>sudo -Hiu gvm git clone -b stable --single-branch https:\/\/github.com\/greenbone\/gvmd.git gvm-source\/gvmd<\/code><\/pre>\n\n\n\n<pre class=\"wp-block-code\"><code>sudo -Hiu gvm git clone -b stable --single-branch https:\/\/github.com\/greenbone\/gsa.git gvm-source\/gsa<\/code><\/pre>\n\n\n\n<pre class=\"wp-block-code\"><code>sudo -Hiu gvm git clone -b stable --single-branch https:\/\/github.com\/greenbone\/gsad.git gvm-source\/gsad<\/code><\/pre>\n\n\n\n<p>The source files are in now place;<\/p>\n\n\n\n<pre class=\"wp-block-preformatted\"><code>ls -1 \/opt\/gvm\/gvm-source<\/code><\/pre>\n\n\n\n<pre class=\"wp-block-preformatted\"><code>ls -1<\/code><\/pre>\n\n\n\n<pre class=\"scroll-box\"><code>gsa\ngsad\ngvm-libs\ngvmd\nopenvas\nopenvas-smb\nospd\nospd-openvas\n<\/code><\/pre>\n\n\n\n<p>Note that we will install all GVM 21.4 files and libraries to a non-standard location, <code>\/opt\/gvm<\/code>.<\/p>\n\n\n\n<p>Switch to GVM user;<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>su - gvm<\/code><\/pre>\n\n\n\n<p>As such, you need to set the <code>PKG_CONFIG_PATH<\/code> environment variable to the location of your pkg-config files before configuring:<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>echo \"export PKG_CONFIG_PATH=\/opt\/gvm\/lib\/pkgconfig:$PKG_CONFIG_PATH\" &gt;&gt; ~\/.bashrc<\/code><\/pre>\n\n\n\n<pre class=\"wp-block-code\"><code>source ~\/.bashrc<\/code><\/pre>\n\n\n\n<p>Be sure to replace the path, <code><strong>\/opt\/gvm<\/strong><\/code>, accordingly.<\/p>\n\n\n\n<h4 class=\"wp-block-heading\" id=\"install-gvm-11-libraries\">Build and Install GVM Libraries<\/h4>\n\n\n\n<p>From within the source directory, <strong><code>\/opt\/gvm\/gvm-source<\/code><\/strong>, in this setup, change to GVM libraries directory;<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>cd ~\/gvm-source\/gvm-libs<\/code><\/pre>\n\n\n\n<p>Create a build directory and change into it;<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>mkdir build &amp;&amp; cd build<\/code><\/pre>\n\n\n\n<p>Configure the build;<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>cmake .. -DCMAKE_INSTALL_PREFIX=\/opt\/gvm<\/code><\/pre>\n\n\n\n<p>Next, compile and install GVM libraries<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>make &amp;&amp; sudo make install<\/code><\/pre>\n\n\n\n<h4 class=\"wp-block-heading\" id=\"install-openvas-scanner-smb\">Build and Install OpenVAS scanner and OpenVAS SMB<\/h4>\n\n\n\n<p>Open Vulnerability Assessment Scanner (OpenVAS) is a full-featured scan engine that executes a continuously updated and extended feed of Network Vulnerability Tests (NVTs).<\/p>\n\n\n\n<p>OpenVAS SMB provides modules for the OpenVAS Scanner to interface with Microsoft Windows Systems through the Windows Management Instrumentation API and a&nbsp;<code>winexe<\/code>&nbsp;binary to execute processes remotely on that system.<\/p>\n\n\n\n<p>Build and install openvas-smb;<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>cd ..\/..\/openvas-smb\/\nmkdir build &amp;&amp; cd build\ncmake .. -DCMAKE_INSTALL_PREFIX=\/opt\/gvm\nmake &amp;&amp; sudo make install<\/code><\/pre>\n\n\n\n<p>Build and install OpenVAS scanner;<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>cd ..\/..\/openvas\nsed -i.bak 's\/-Werror\/-Wno-error\/' misc\/CMakeLists.txt\nmkdir build &amp;&amp; cd build\ncmake .. -DCMAKE_INSTALL_PREFIX=\/opt\/gvm\nmake\nsudo make install<\/code><\/pre>\n\n\n\n<p>If you get the error below while running the make command;<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>CMake Error at \/opt\/gvm\/gvm-source\/openvas\/cmake\/GetGit.cmake:33 (string):\n  string sub-command REPLACE requires at least four arguments.\nCall Stack (most recent call first):\n  \/opt\/gvm\/gvm-source\/openvas\/cmake\/GetGit.cmake:39 (Git_GET_REVISION)<\/code><\/pre>\n\n\n\n<p>The exit as gvm user and run the command below as privileged user;<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>sudo git config --global --add safe.directory \/opt\/gvm\/gvm-source\/openvas<\/code><\/pre>\n\n\n\n<p>Then rerun the compilation and installation command.<\/p>\n\n\n\n<h4 class=\"wp-block-heading\" id=\"configure-openvas-scanner-gvm11\">Configuring OpenVAS Scanner<\/h4>\n\n\n\n<p>The host scan information is stored temporarily on Redis server. The default configuration of Redis server is <code>\/etc\/redis\/redis.conf<\/code>.<\/p>\n\n\n\n<p>Switch back to privileged user and proceed.<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>exit<\/code><\/pre>\n\n\n\n<p>To begin run the command below to create the cache to the installed shared libraries;<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>ldconfig<\/code><\/pre>\n\n\n\n<p>Next, copy OpenVAS scanner Redis configuration file, <code>redis-openvas.conf<\/code>, to the same Redis config directory;<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>cp \/opt\/gvm\/gvm-source\/openvas\/config\/redis-openvas.conf \/etc\/redis\/<\/code><\/pre>\n\n\n\n<p>Update the ownership of the configuration.<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>chown redis:redis \/etc\/redis\/redis-openvas.conf<\/code><\/pre>\n\n\n\n<p>Update the path to Redis unix socket on the <code><strong>\/etc\/openvas\/openvas.conf<\/strong><\/code>&nbsp;using the&nbsp;<strong><code>db_address<\/code><\/strong>&nbsp;parameter as follows;<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>echo \"db_address = <strong><strong>\/run\/redis-openvas\/redis.sock<\/strong><\/strong>\" &gt; \/etc\/openvas\/openvas.conf<\/code><\/pre>\n\n\n\n<p>Note, the Unix socket path is defined on <code>\/etc\/redis\/redis-openvas.conf<\/code> file.<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>chown gvm:gvm \/etc\/openvas\/openvas.conf<\/code><\/pre>\n\n\n\n<p>Add gvm user to redis group;<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>usermod -aG redis gvm<\/code><\/pre>\n\n\n\n<p>You can also optimize Redis server itself improve the performance by making the following adjustments;<\/p>\n\n\n\n<p>Increase the value of somaxconn in order to avoid slow clients connections issues.<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>echo \"net.core.somaxconn = 1024\" &gt;&gt; \/etc\/sysctl.conf<\/code><\/pre>\n\n\n\n<p>Redis background save may fail under low memory condition. To avoid this, enable memory overcommit (<strong>man 5 proc)<\/strong>.<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>echo 'vm.overcommit_memory = 1' &gt;&gt; \/etc\/sysctl.conf<\/code><\/pre>\n\n\n\n<p>Reload sysctl variables created above.<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>sysctl -p<\/code><\/pre>\n\n\n\n<p>To avoid creation of latencies and memory usage issues with Redis, disable Linux Kernel\u2019s support for Transparent Huge Pages (THP). To easily work around this, create a systemd service unit for this purpose.<\/p>\n\n\n\n<pre class=\"scroll-box\"><code>cat &gt; \/etc\/systemd\/system\/disable_thp.service &lt;&lt; 'EOL'\n[Unit]\nDescription=Disable Kernel Support for Transparent Huge Pages (THP)\n\n[Service]\nType=simple\nExecStart=\/bin\/sh -c \"echo 'never' &gt; \/sys\/kernel\/mm\/transparent_hugepage\/enabled &amp;&amp; echo 'never' &gt; \/sys\/kernel\/mm\/transparent_hugepage\/defrag\"\n\n[Install]\nWantedBy=multi-user.target\nEOL\n<\/code><\/pre>\n\n\n\n<p>Reload systemd configurations;<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>systemctl daemon-reload<\/code><\/pre>\n\n\n\n<p>Start and enable this service to run on system boot.<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>systemctl enable --now disable_thp<\/code><\/pre>\n\n\n\n<p>Restart OpenVAS Redis server<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>systemctl enable --now redis-server@openvas<\/code><\/pre>\n\n\n\n<p>A number of Network Vulnerability Tests (NVTs) require root privileges to perform certain operations. Since <code>openvas<\/code> is launched from an <code>ospd-openvas<\/code> process, via sudo, add the line below to sudoers file to ensure that the <code>gvm<\/code> user used in this demo can run the openvas with elevated rights using passwordless sudo.<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>echo \"gvm ALL = NOPASSWD: \/opt\/gvm\/sbin\/openvas\" &gt;&gt; \/etc\/sudoers.d\/gvm<\/code><\/pre>\n\n\n\n<p>Also, enable <code>gvm<\/code> user to run GSA web application daemon, <code>gsad<\/code>, with passwordless sudo.<\/p>\n\n\n\n<p>Also, update the <code><strong>secure_path<\/strong><\/code> to include the GVM <code>\/sbin<\/code> paths, <code><strong>\/opt\/gvm\/sbin<\/strong><\/code>.<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>sed -i '\/secure_path=\"\/s|\"$|:\/opt\/gvm\/sbin\"|' \/etc\/sudoers<\/code><\/pre>\n\n\n\n<h4 class=\"wp-block-heading\">Update NVTs<\/h4>\n\n\n\n<p>Update Network Vulnerability Tests feed from Greenbone Security Feed\/Community Feed using the <code>greenbone-nvt-sync<\/code> command.<\/p>\n\n\n\n<p>The <code>greenbone-nvt-sync<\/code> command <strong>must not<\/strong> be executed as privileged user root, hence switch back to GVM user we created above and update the NVTs.<\/p>\n\n\n\n<p>Ensure the GVM user can write to <code>\/var\/lib\/openvas\/<\/code>.<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>chown -R gvm: \/var\/lib\/openvas\/<\/code><\/pre>\n\n\n\n<p>Next, update the NVTs as openvas user;<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>sudo -Hiu gvm greenbone-nvt-sync<\/code><\/pre>\n\n\n\n<p>Once the update is done, you need to update Redis server with the same VT info from VT files;<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>sudo openvas --update-vt-info<\/code><\/pre>\n\n\n\n<h4 class=\"wp-block-heading\" id=\"install-gvm-ubuntu20.04\">Build and Install Greenbone Vulnerability Manager<\/h4>\n\n\n\n<p>The Greenbone Vulnerability Manager is the central management service between security scanners and the user clients.<\/p>\n\n\n\n<p>To build and install GVM;<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>su - gvm<\/code><\/pre>\n\n\n\n<pre class=\"wp-block-code\"><code>cd gvm-source\/gvmd\nexport PKG_CONFIG_PATH=\/opt\/gvm\/lib\/pkgconfig:$PKG_CONFIG_PATH\nsed -i.bak 's\/-Werror\/-Wno-error\/' CMakeLists.txt\nmkdir build &amp;&amp; cd build\ncmake .. -DCMAKE_INSTALL_PREFIX=\/opt\/gvm\nmake\nsudo make install<\/code><\/pre>\n\n\n\n<p>Similarly, if you get the error;<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>-- Found Git: \/usr\/bin\/git (found version \"2.25.1\") \nfatal: unsafe repository ('\/opt\/gvm\/gvm-source\/gvmd' is owned by someone else)\nTo add an exception for this directory, call:<\/code><\/pre>\n\n\n\n<p>Exit as GVM user and run the command below as privileged user;<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>sudo git config --global --add safe.directory \/opt\/gvm\/gvm-source\/gvmd<\/code><\/pre>\n\n\n\n<p>Switch back to GVM user and rerun the installation.<\/p>\n\n\n\n<h4 class=\"wp-block-heading\" id=\"install-gsa-ubuntu20.04\">Build and Install Greenbone Security Assistant<\/h4>\n\n\n\n<p>The Greenbone Security Assistant is the web interface developed for the Greenbone Security Manager<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>cd ..\/..\/gsa\nrm -rf build\nyarn\nyarn build<\/code><\/pre>\n\n\n\n<p>All content of the production build can be shipped with every web server. For providing GSA via&nbsp;<a href=\"https:\/\/github.com\/greenbone\/gsad\/\" target=\"_blank\" rel=\"noreferrer noopener\">gsad web server<\/a>, the files need to be copied into the&nbsp;<code>\/usr\/local\/share\/gvm\/gsad\/web\/<\/code>.<\/p>\n\n\n\n<h4 class=\"wp-block-heading\">Build and Install Greenbone Security Assistant HTTP server<\/h4>\n\n\n\n<p>The Greenbone Security Assistant HTTP Server is the server developed for the communication with the Greenbone Security Manager appliances. It connects to the Greenbone Vulnerability Manager Daemon&nbsp;<strong>gvmd<\/strong>&nbsp;to provide a full-featured user interface for vulnerability management.<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>cd ..\/gsad\nmkdir build &amp;&amp; cd build\ncmake ..\nmake\nsudo make install<\/code><\/pre>\n\n\n\n<p>Next, copy the web interface configs;<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>exit<\/code><\/pre>\n\n\n\n<pre class=\"wp-block-code\"><code>&#91;&#91; -d \/usr\/local\/share\/gvm\/gsad\/web ]] || mkdir -p \/usr\/local\/share\/gvm\/gsad\/web<\/code><\/pre>\n\n\n\n<pre class=\"wp-block-code\"><code>chown -R gvm: \/usr\/local\/share\/gvm\/gsad\/web<\/code><\/pre>\n\n\n\n<pre class=\"wp-block-code\"><code>cp -rp \/opt\/gvm\/gvm-source\/gsa\/build\/* \/usr\/local\/share\/gvm\/gsad\/web<\/code><\/pre>\n\n\n\n<h4 class=\"wp-block-heading\" id=\"keeping-the-feeds-up-to-date\">Keeping the feeds up-to-date<\/h4>\n\n\n\n<p>The gvmd&nbsp;<code><strong>Data<\/strong><\/code>,&nbsp;<strong><code>SCAP<\/code><\/strong>&nbsp;and&nbsp;<code><strong>CERT<\/strong><\/code>&nbsp;Feeds should be kept up-to-date by calling the&nbsp;<code>greenbone-feed-sync<\/code>&nbsp;script regularly (e.g. via a cron entry):<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>chown -R gvm: \/var\/lib\/gvm\/<\/code><\/pre>\n\n\n\n<pre class=\"wp-block-code\"><code>sudo -Hiu gvm greenbone-feed-sync --type GVMD_DATA<\/code><\/pre>\n\n\n\n<pre class=\"wp-block-code\"><code>sudo -Hiu gvm greenbone-feed-sync --type SCAP<\/code><\/pre>\n\n\n\n<pre class=\"wp-block-code\"><code>sudo -Hiu gvm greenbone-feed-sync --type CERT<\/code><\/pre>\n\n\n\n<p>Please note: The&nbsp;<code>CERT<\/code>&nbsp;feed sync depends on data provided by the&nbsp;<code>SCAP<\/code>&nbsp;feed and should be called after syncing the later.<\/p>\n\n\n\n<p>Consider setting cron jobs to run the nvts, cert and scap data update scripts at your preferred frequency to pull updates from the feed servers.<\/p>\n\n\n\n<p>Next, run the command below to generate certificates gvmd. Server certificates are used for authentication while client certificates are primarily used for authorization. More on <code><strong>man gvm-manage-certs<\/strong><\/code>.<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>\/opt\/gvm\/bin\/gvm-manage-certs -a<\/code><\/pre>\n\n\n\n<p>Sample command output;<\/p>\n\n\n\n<pre class=\"scroll-box\"><code>Generated private key in \/tmp\/tmp.kinSHFrwd1\/cakey.pem.\nGenerated self signed certificate in \/tmp\/tmp.kinSHFrwd1\/cacert.pem.\nInstalled private key to \/var\/lib\/gvm\/private\/CA\/cakey.pem.\nInstalled certificate to \/var\/lib\/gvm\/CA\/cacert.pem.\nGenerated private key in \/tmp\/tmp.kinSHFrwd1\/serverkey.pem.\nGenerated certificate request in \/tmp\/tmp.kinSHFrwd1\/serverrequest.pem.\nSigned certificate request in \/tmp\/tmp.kinSHFrwd1\/serverrequest.pem with CA certificate in \/var\/lib\/gvm\/CA\/cacert.pem to generate certificate in \/tmp\/tmp.kinSHFrwd1\/servercert.pem\nInstalled private key to \/var\/lib\/gvm\/private\/CA\/serverkey.pem.\nInstalled certificate to \/var\/lib\/gvm\/CA\/servercert.pem.\nGenerated private key in \/tmp\/tmp.kinSHFrwd1\/clientkey.pem.\nGenerated certificate request in \/tmp\/tmp.kinSHFrwd1\/clientrequest.pem.\nSigned certificate request in \/tmp\/tmp.kinSHFrwd1\/clientrequest.pem with CA certificate in \/var\/lib\/gvm\/CA\/cacert.pem to generate certificate in \/tmp\/tmp.kinSHFrwd1\/clientcert.pem\nInstalled private key to \/var\/lib\/gvm\/private\/CA\/clientkey.pem.\nInstalled certificate to \/var\/lib\/gvm\/CA\/clientcert.pem.\nRemoving temporary directory \/tmp\/tmp.kinSHFrwd1.\n<\/code><\/pre>\n\n\n\n<p>Set the proper ownership of certs files;<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>chown -R gvm: \/var\/lib\/gvm\/{CA,private}<\/code><\/pre>\n\n\n\n<h4 class=\"wp-block-heading\" id=\"build-install-ospd-ospd-openvas\">Build and Install OSPd and OSPd-OpenVAS<\/h4>\n\n\n\n<p>Open Scanner Protocol (OSP) creates a unified interface for different security scanners and makes their control flow and scan results consistently available under the central Greenbone Vulnerability Manager service.<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>su - gvm<\/code><\/pre>\n\n\n\n<pre class=\"wp-block-code\"><code>export PKG_CONFIG_PATH=\/opt\/gvm\/lib\/pkgconfig:$PKG_CONFIG_PATH<\/code><\/pre>\n\n\n\n<pre class=\"wp-block-code\"><code>cd \/opt\/gvm\/gvm-source\/ospd\npython3 -m pip install .<\/code><\/pre>\n\n\n\n<pre class=\"wp-block-code\"><code>cd \/opt\/gvm\/gvm-source\/ospd-openvas\npython3 -m pip install .<\/code><\/pre>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"running-gvm11-services-ubuntu20.04\">Running OpenVAS Scanner, GSA and GVM services<\/h3>\n\n\n\n<p>In order to make the management of OpenVAS scanner, GSA (WebUI service) and GVM daemon, create systemd service unit files for each of them as follows.<\/p>\n\n\n\n<p>Log out as <code><strong>gvm<\/strong><\/code> user and execute the commands below as a privileged user.<\/p>\n\n\n\n<pre class=\"wp-block-preformatted\"><code>exit<\/code><\/pre>\n\n\n\n<p>Source \/etc\/environment to update the PATH;<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>source \/etc\/environment<\/code><\/pre>\n\n\n\n<h5 class=\"wp-block-heading\" id=\"create-gvm-11-openvas-service\">Create OpenVAS systemd service<\/h5>\n\n\n\n<pre class=\"scroll-box\"><code>\ncat > \/etc\/systemd\/system\/ospd-openvas.service << 'EOL'\n[Unit]\nDescription=OSPd Wrapper for the OpenVAS Scanner (ospd-openvas)\nAfter=network.target networking.service redis-server@openvas.service postgresql.service\nWants=redis-server@openvas.service\nConditionKernelCommandLine=!recovery\n[Service]\nExecStartPre=-rm -rf \/run\/gvm\/ospd-openvas.pid \/run\/gvm\/ospd-openvas.sock\nType=simple\nUser=gvm\nGroup=gvm\nRuntimeDirectory=gvm\nEnvironment=PATH=\/usr\/local\/sbin:\/usr\/local\/bin:\/usr\/sbin:\/usr\/bin:\/sbin:\/bin:\/usr\/games:\/usr\/local\/games:\/opt\/gvm\/bin:\/opt\/gvm\/sbin:\/opt\/gvm\/.local\/bin\nExecStart=\/opt\/gvm\/.local\/bin\/ospd-openvas \\\n--pid-file \/run\/gvm\/ospd-openvas.pid \\\n--log-file \/var\/log\/gvm\/ospd-openvas.log \\\n--lock-file-dir \/run\/gvm -u \/run\/gvm\/ospd-openvas.sock\nRemainAfterExit=yes\n[Install]\nWantedBy=multi-user.target\nEOL\n<\/code><\/pre>\n\n\n\n<p>Set proper ownership for logs directory, <strong><code>\/var\/log\/gvm<\/code><\/strong> and run time data directory, <code><strong>\/run\/gvm<\/strong><\/code>;<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>chown -R gvm: \/var\/log\/gvm \/run\/gvm\/<\/code><\/pre>\n\n\n\n<p>Reload systemd service unit configurations.<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>systemctl daemon-reload<\/code><\/pre>\n\n\n\n<pre class=\"wp-block-code\"><code>systemctl start ospd-openvas<\/code><\/pre>\n\n\n\n<p>Check the status of the service;<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>systemctl status ospd-openvas<\/code><\/pre>\n\n\n\n<pre class=\"scroll-box\"><code>\u25cf ospd-openvas.service - OSPd Wrapper for the OpenVAS Scanner (ospd-openvas)\n     Loaded: loaded (\/etc\/systemd\/system\/ospd-openvas.service; disabled; vendor preset: enabled)\n     Active: active (exited) since Thu 2022-07-07 04:50:27 UTC; 6s ago\n    Process: 36289 ExecStartPre=\/usr\/bin\/rm -rf \/run\/gvm\/ospd-openvas.pid \/run\/gvm\/ospd-openvas.sock (code=exited, status=0\/SUCCESS)\n    Process: 36290 ExecStart=\/opt\/gvm\/.local\/bin\/ospd-openvas --pid-file \/run\/gvm\/ospd-openvas.pid --log-file \/var\/log\/gvm\/ospd-openvas.log --lock-file-dir \/run\/gvm -u \/ru&gt;\n   Main PID: 36290 (code=exited, status=0\/SUCCESS)\n      Tasks: 4 (limit: 4618)\n     Memory: 25.2M\n     CGroup: \/system.slice\/ospd-openvas.service\n             \u251c\u250036305 \/usr\/bin\/python3 \/opt\/gvm\/.local\/bin\/ospd-openvas --pid-file \/run\/gvm\/ospd-openvas.pid --log-file \/var\/log\/gvm\/ospd-openvas.log --lock-file-dir \/run\/g&gt;\n             \u2514\u250036307 \/usr\/bin\/python3 \/opt\/gvm\/.local\/bin\/ospd-openvas --pid-file \/run\/gvm\/ospd-openvas.pid --log-file \/var\/log\/gvm\/ospd-openvas.log --lock-file-dir \/run\/g&gt;\n\nJul 07 04:50:27 ubuntu20 systemd[1]: Starting OSPd Wrapper for the OpenVAS Scanner (ospd-openvas)...\nJul 07 04:50:27 ubuntu20 systemd[1]: Started OSPd Wrapper for the OpenVAS Scanner (ospd-openvas).\n<\/code><\/pre>\n\n\n\n<p>Enable OpenVAS scanner to run on system boot;<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>systemctl enable ospd-openvas<\/code><\/pre>\n\n\n\n<p>Check the logs on;<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>tail -f \/var\/log\/gvm\/ospd-openvas.log<\/code><\/pre>\n\n\n\n<h4 class=\"wp-block-heading\" id=\"create-gvm11-systemd-services\">Creating Systemd Service units for GVM services<\/h4>\n\n\n\n<p>When run, the installer creates GVM daemon service unit,&nbsp;<strong><code>\/lib\/systemd\/system\/gvmd.service<\/code><\/strong>.<\/p>\n\n\n\n<p>Let us modify this service unit file;<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>cp \/lib\/systemd\/system\/gvmd.service{,.bak}<\/code><\/pre>\n\n\n\n<pre class=\"scroll-box\"><code>\ncat > \/lib\/systemd\/system\/gvmd.service << 'EOL'\n[Unit]\nDescription=Greenbone Vulnerability Manager daemon (gvmd)\nAfter=network.target networking.service postgresql.service ospd-openvas.service\nWants=postgresql.service ospd-openvas.service\nDocumentation=man:gvmd(8)\nConditionKernelCommandLine=!recovery\n[Service]\nType=forking\nUser=gvm\nGroup=gvm\nRuntimeDirectory=gvmd\nEnvironment=PATH=\/usr\/local\/sbin:\/usr\/local\/bin:\/usr\/sbin:\/usr\/bin:\/sbin:\/bin:\/usr\/games:\/usr\/local\/games:\/opt\/gvm\/bin:\/opt\/gvm\/sbin:\/opt\/gvm\/.local\/bin\nExecStart=\/opt\/gvm\/sbin\/gvmd --osp-vt-update=\/run\/gvm\/ospd-openvas.sock\nRestart=always\nTimeoutStopSec=10\n[Install]\nWantedBy=multi-user.target\nEOL\n<\/code><\/pre>\n\n\n\n<p>Reload system unit configs and start the services;<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>systemctl daemon-reload\nsystemctl enable --now gvmd<\/code><\/pre>\n\n\n\n<p>Checking the status;<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>systemctl status gvmd<\/code><\/pre>\n\n\n\n<pre class=\"scroll-box\"><code>\u25cf gvmd.service - Greenbone Vulnerability Manager daemon (gvmd)\n     Loaded: loaded (\/lib\/systemd\/system\/gvmd.service; enabled; vendor preset: enabled)\n     Active: active (running) since Thu 2022-07-07 04:55:44 UTC; 4s ago\n       Docs: man:gvmd(8)\n    Process: 37170 ExecStart=\/opt\/gvm\/sbin\/gvmd --osp-vt-update=\/run\/gvm\/ospd-openvas.sock (code=exited, status=0\/SUCCESS)\n   Main PID: 37181 (gvmd)\n      Tasks: 1 (limit: 4618)\n     Memory: 3.2M\n     CGroup: \/system.slice\/gvmd.service\n             \u2514\u250037181 gvmd: Initializing\n\nJul 07 04:55:44 ubuntu20 systemd[1]: Starting Greenbone Vulnerability Manager daemon (gvmd)...\nJul 07 04:55:44 ubuntu20 systemd[1]: Started Greenbone Vulnerability Manager daemon (gvmd).\n<\/code><\/pre>\n\n\n\n<p><\/p>\n\n\n\n<p>You can restart PostgreSQL as well;<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>systemctl restart postgresql<\/code><\/pre>\n\n\n\n<p>Check the GVMD logs. You should be able to see that <\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>tail -f \/var\/log\/gvm\/gvmd.log<\/code><\/pre>\n\n\n\n<p>You should see that the feeds are updating...<\/p>\n\n\n\n<pre class=\"scroll-box\"><code>md manage:WARNING:2022-07-07 04h56.34 utc:37220: sqlv: sql_exec_internal failed\nmd manage:WARNING:2022-07-07 04h56.36 utc:37181: sql_exec_internal: PQexec failed: FATAL:  terminating connection due to administrator command\nserver closed the connection unexpectedly\n\tThis probably means the server terminated abnormally\n\tbefore or while processing the request.\n (7)\nmd manage:WARNING:2022-07-07 04h56.36 utc:37181: sql_exec_internal: SQL: BEGIN;\nmd manage:WARNING:2022-07-07 04h56.36 utc:37181: sqlv: sql_exec_internal failed\nmd   main:MESSAGE:2022-07-07 04h56.55 utc:37302:    Greenbone Vulnerability Manager version 21.4.6~dev1~git-500ef0c5-stable (GIT revision 500ef0c5-stable) (DB revision 242)\nmd manage:MESSAGE:2022-07-07 04h56.56 utc:37303: No SCAP database found\nlibgvm util:MESSAGE:2022-07-07 04h57.01 utc:37303: Setting GnuPG dir to '\/var\/lib\/gvm\/gvmd\/gnupg'\nlibgvm util:MESSAGE:2022-07-07 04h57.01 utc:37303: Using OpenPGP engine version '2.2.19'\nmd manage:   INFO:2022-07-07 04h57.01 UTC:37328: OSP service has different VT status (version 202207061012) from database (version (null), 0 VTs). Starting update ...\nmd manage:   INFO:2022-07-07 04h57.01 UTC:37329: sync_cert: Updating data from feed\nmd manage:   INFO:2022-07-07 04h57.01 UTC:37329: update_dfn_xml: dfn-cert-2011.xml\nmd manage:   INFO:2022-07-07 04h57.01 UTC:37329: Updating \/var\/lib\/gvm\/cert-data\/dfn-cert-2011.xml\nmd manage:WARNING:2022-07-07 04h57.01 UTC:37327: update_scap: No SCAP db present, rebuilding SCAP db from scratch\nmd manage:   INFO:2022-07-07 04h57.03 UTC:37329: update_dfn_xml: dfn-cert-2012.xml\nmd manage:   INFO:2022-07-07 04h57.03 UTC:37329: Updating \/var\/lib\/gvm\/cert-data\/dfn-cert-2012.xml\nmd manage:   INFO:2022-07-07 04h57.05 UTC:37329: update_dfn_xml: dfn-cert-2008.xml\nmd manage:   INFO:2022-07-07 04h57.05 UTC:37329: Updating \/var\/lib\/gvm\/cert-data\/dfn-cert-2008.xml\nmd manage:   INFO:2022-07-07 04h57.05 UTC:37329: update_dfn_xml: dfn-cert-2014.xml\nmd manage:   INFO:2022-07-07 04h57.05 UTC:37329: Updating \/var\/lib\/gvm\/cert-data\/dfn-cert-2014.xml\nmd manage:   INFO:2022-07-07 04h57.07 UTC:37329: update_dfn_xml: dfn-cert-2013.xml\nmd manage:   INFO:2022-07-07 04h57.07 UTC:37329: Updating \/var\/lib\/gvm\/cert-data\/dfn-cert-2013.xml\nmd manage:   INFO:2022-07-07 04h57.09 UTC:37329: update_dfn_xml: dfn-cert-2015.xml\nmd manage:   INFO:2022-07-07 04h57.09 UTC:37329: Updating \/var\/lib\/gvm\/cert-data\/dfn-cert-2015.xml\nmd manage:   INFO:2022-07-07 04h57.11 UTC:37327: update_scap: Updating data from feed\nmd manage:   INFO:2022-07-07 04h57.11 UTC:37327: Updating CPEs\nmd manage:   INFO:2022-07-07 04h57.11 UTC:37329: update_dfn_xml: dfn-cert-2009.xml\nmd manage:   INFO:2022-07-07 04h57.11 UTC:37329: Updating \/var\/lib\/gvm\/cert-data\/dfn-cert-2009.xml\nmd manage:   INFO:2022-07-07 04h57.15 UTC:37329: update_dfn_xml: dfn-cert-2018.xml\nmd manage:   INFO:2022-07-07 04h57.15 UTC:37329: Updating \/var\/lib\/gvm\/cert-data\/dfn-cert-2018.xml\nmd manage:   INFO:2022-07-07 04h57.26 UTC:37329: update_dfn_xml: dfn-cert-2019.xml\nmd manage:   INFO:2022-07-07 04h57.26 UTC:37329: Updating \/var\/lib\/gvm\/cert-data\/dfn-cert-2019.xml\nmd manage:   INFO:2022-07-07 04h57.31 UTC:37329: update_dfn_xml: dfn-cert-2022.xml\nmd manage:   INFO:2022-07-07 04h57.31 UTC:37329: Updating \/var\/lib\/gvm\/cert-data\/dfn-cert-2022.xml\nmd manage:   INFO:2022-07-07 04h57.35 UTC:37329: update_dfn_xml: dfn-cert-2010.xml\nmd manage:   INFO:2022-07-07 04h57.35 UTC:37329: Updating \/var\/lib\/gvm\/cert-data\/dfn-cert-2010.xml\nmd manage:   INFO:2022-07-07 04h57.36 UTC:37329: update_dfn_xml: dfn-cert-2016.xml\nmd manage:   INFO:2022-07-07 04h57.36 UTC:37329: Updating \/var\/lib\/gvm\/cert-data\/dfn-cert-2016.xml\nmd manage:   INFO:2022-07-07 04h57.39 UTC:37329: update_dfn_xml: dfn-cert-2017.xml\nmd manage:   INFO:2022-07-07 04h57.39 UTC:37329: Updating \/var\/lib\/gvm\/cert-data\/dfn-cert-2017.xml\nmd manage:   INFO:2022-07-07 04h57.42 UTC:37329: update_dfn_xml: dfn-cert-2021.xml\nmd manage:   INFO:2022-07-07 04h57.42 UTC:37329: Updating \/var\/lib\/gvm\/cert-data\/dfn-cert-2021.xml\nmd manage:   INFO:2022-07-07 04h57.46 UTC:37329: update_dfn_xml: dfn-cert-2020.xml\nmd manage:   INFO:2022-07-07 04h57.46 UTC:37329: Updating \/var\/lib\/gvm\/cert-data\/dfn-cert-2020.xml\nmd manage:   INFO:2022-07-07 04h57.50 UTC:37329: Updating \/var\/lib\/gvm\/cert-data\/CB-K14.xml\nmd manage:   INFO:2022-07-07 04h57.53 UTC:37329: Updating \/var\/lib\/gvm\/cert-data\/CB-K15.xml\nmd manage:   INFO:2022-07-07 04h57.57 UTC:37329: Updating \/var\/lib\/gvm\/cert-data\/CB-K22.xml\nmd manage:   INFO:2022-07-07 04h58.00 UTC:37329: Updating \/var\/lib\/gvm\/cert-data\/CB-K19.xml\nmd manage:   INFO:2022-07-07 04h58.01 UTC:37329: Updating \/var\/lib\/gvm\/cert-data\/CB-K13.xml\nmd manage:   INFO:2022-07-07 04h58.02 UTC:37329: Updating \/var\/lib\/gvm\/cert-data\/CB-K20.xml\nmd manage:   INFO:2022-07-07 04h58.04 UTC:37329: Updating \/var\/lib\/gvm\/cert-data\/CB-K17.xml\nmd manage:   INFO:2022-07-07 04h58.09 UTC:37329: Updating \/var\/lib\/gvm\/cert-data\/CB-K16.xml\nmd manage:   INFO:2022-07-07 04h58.11 UTC:37329: Updating \/var\/lib\/gvm\/cert-data\/CB-K18.xml\nmd manage:   INFO:2022-07-07 04h58.13 UTC:37329: Updating \/var\/lib\/gvm\/cert-data\/CB-K21.xml\nmd manage:   INFO:2022-07-07 04h58.15 UTC:37329: SCAP database does not exist (yet), skipping CERT severity score update\nmd manage:   INFO:2022-07-07 04h58.15 UTC:37329: sync_cert: Updating CERT info succeeded.\nmd manage:   INFO:2022-07-07 05h02.59 UTC:37327: Updating \/var\/lib\/gvm\/scap-data\/nvdcve-2.0-2020.xml\nmd manage:   INFO:2022-07-07 05h06.32 UTC:37327: Updating \/var\/lib\/gvm\/scap-data\/nvdcve-2.0-2022.xml\n...\n<\/code><\/pre>\n\n\n\n<h4 class=\"wp-block-heading\" id=\"creating-systemd-service-units-for-gsa-services\">Creating Systemd Service units for GSA services<\/h4>\n\n\n\n<p>When run, the installer creates GSA daemon service unit,&nbsp;<strong><code>\/lib\/systemd\/system\/gsad.service<\/code><\/strong>.<\/p>\n\n\n\n<p>Let us modify this service unit file;<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>cp \/lib\/systemd\/system\/gsad.service{,.bak}<\/code><\/pre>\n\n\n\n<pre class=\"scroll-box\"><code>\ncat > \/lib\/systemd\/system\/gsad.service << 'EOL'\n[Unit]\nDescription=Greenbone Security Assistant daemon (gsad)\nDocumentation=man:gsad(8) https:\/\/www.greenbone.net\nAfter=network.target gvmd.service\nWants=gvmd.service\n[Service]\nType=simple\nUser=gvm\nGroup=gvm\nRuntimeDirectory=gsad\nPIDFile=\/run\/gsad\/gsad.pid\nEnvironment=PATH=\/usr\/local\/sbin:\/usr\/local\/bin:\/usr\/sbin:\/usr\/bin:\/sbin:\/bin:\/usr\/games:\/usr\/local\/games:\/opt\/gvm\/bin:\/opt\/gvm\/sbin:\/opt\/gvm\/.local\/bin\nExecStart=\/usr\/bin\/sudo \/usr\/local\/sbin\/gsad -k \/var\/lib\/gvm\/private\/CA\/clientkey.pem -c \/var\/lib\/gvm\/CA\/clientcert.pem\nRemainAfterExit=yes\n[Install]\nWantedBy=multi-user.target\nEOL\n<\/code><\/pre>\n\n\n\n<p>The option,&nbsp;<code><strong>-k \/var\/lib\/gvm\/private\/CA\/clientkey.pem -c \/var\/lib\/gvm\/CA\/clientcert.pem<\/strong><\/code>, is as per the certificates path generated by running the&nbsp;<strong><code>gvm-manage-certs<\/code><\/strong>&nbsp;command above.<\/p>\n\n\n\n<p>Enable GVM user to run gsad with sudo rights;<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>echo \"gvm ALL = NOPASSWD: $(which gsad)\" &gt;&gt; \/etc\/sudoers.d\/gvm<\/code><\/pre>\n\n\n\n<p>Reload system unit configs and start the services;<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>systemctl daemon-reload\nsystemctl enable --now gsad<\/code><\/pre>\n\n\n\n<p>Checking the status;<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>systemctl status gsad<\/code><\/pre>\n\n\n\n<pre class=\"scroll-box\"><code>\n\u25cf gsad.service - Greenbone Security Assistant daemon (gsad)\n     Loaded: loaded (\/lib\/systemd\/system\/gsad.service; enabled; vendor preset: enabled)\n     Active: active (exited) since Thu 2022-07-07 18:56:01 UTC; 33s ago\n       Docs: man:gsad(8)\n             https:\/\/www.greenbone.net\n    Process: 36900 ExecStart=\/usr\/bin\/sudo \/usr\/local\/sbin\/gsad -k \/var\/lib\/gvm\/private\/CA\/clientkey.pem -c \/var\/lib\/gvm\/CA\/clientcert.pem (code=exited, status=0\/SUCCESS)\n   Main PID: 36900 (code=exited, status=0\/SUCCESS)\n      Tasks: 4 (limit: 2281)\n     Memory: 3.4M\n     CGroup: \/system.slice\/gsad.service\n             \u251c\u250036915 \/usr\/local\/sbin\/gsad -k \/var\/lib\/gvm\/private\/CA\/clientkey.pem -c \/var\/lib\/gvm\/CA\/clientcert.pem\n             \u2514\u250036916 \/usr\/local\/sbin\/gsad -k \/var\/lib\/gvm\/private\/CA\/clientkey.pem -c \/var\/lib\/gvm\/CA\/clientcert.pem\n\nJul 07 18:56:01 ubuntu20 systemd[1]: Started Greenbone Security Assistant daemon (gsad).\nJul 07 18:56:01 ubuntu20 sudo[36900]:      gvm : TTY=unknown ; PWD=\/ ; USER=root ; COMMAND=\/usr\/local\/sbin\/gsad -k \/var\/lib\/gvm\/private\/CA\/clientkey.pem -c \/var\/lib\/gvm\/CA>\nJul 07 18:56:01 ubuntu20 sudo[36900]: pam_unix(sudo:session): session opened for user root by (uid=0)\nJul 07 18:56:04 ubuntu20 sudo[36912]: Oops, secure memory pool already initialized\nJul 07 18:56:04 ubuntu20 sudo[36900]: pam_unix(sudo:session): session closed for user root\n<\/code><\/pre>\n\n\n\n<p>Check the logs;<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>tail -f \/var\/log\/gvm\/gsad.log<\/code><\/pre>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"create-gvm-scanner\">Create GVM Scanner<\/h3>\n\n\n\n<p>Since we launched the scanner and set it to use our non-standard scanner host path (<strong>\/run\/gvm\/ospd-openvas.sock<\/strong>), we need to create and register our scanner;<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>sudo -Hiu gvm gvmd --create-scanner=\"Kifarunix-demo OpenVAS Scanner\" \\\n--scanner-type=\"OpenVAS\" --scanner-host=\/run\/gvm\/ospd-openvas.sock<\/code><\/pre>\n\n\n\n<p>command output;<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>Scanner created.<\/code><\/pre>\n\n\n\n<p>Next, you need to verify your scanner. For this, you first need to get the scanner identifier;<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>sudo -Hiu gvm gvmd --get-scanners<\/code><\/pre>\n\n\n\n<pre class=\"wp-block-code\"><code>08b69003-5fc2-4037-a479-93b440211c73  OpenVAS  \/run\/ospd\/ospd-openvas.sock  0  OpenVAS Default\n6acd0832-df90-11e4-b9d5-28d24461215b  CVE    0  CVE\n<strong>17597043-78cb-492c-b7b4-3b4b36406ed1<\/strong>  OpenVAS  \/run\/gvm\/ospd-openvas.sock  9390  Kifarunix-demo OpenVAS Scanner<\/code><\/pre>\n\n\n\n<p>Based on the output above, our scanner UUID is,&nbsp;<strong><code><strong><strong><strong>17597043-78cb-492c-b7b4-3b4b36406ed1<\/strong><\/strong><\/strong><\/code><\/strong>.<\/p>\n\n\n\n<p>Verify the scanner;<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>sudo -Hiu gvm gvmd --verify-scanner=<strong>17597043-78cb-492c-b7b4-3b4b36406ed1<\/strong><\/code><\/pre>\n\n\n\n<p>Command output;<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>Scanner version: OpenVAS 21.4.5~dev1~git-773a6537-stable.<\/code><\/pre>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"create-gvm11-admin-user\">Create GVM Admin User<\/h3>\n\n\n\n<p>Create GVM administrative user by running the command below;<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>sudo -Hiu gvm gvmd --create-user admin<\/code><\/pre>\n\n\n\n<p>This command generates a random password for the user. See sample output below;<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>User created with password '3ae45864-0d6a-4a53-938f-730a1bb5d959'.<\/code><\/pre>\n\n\n\n<p>If you want to create a user and at the same time create your own password;<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>sudo -Hiu gvm gvmd --create-user <strong>USERNAME<\/strong> --password=<strong>PASSWORD<\/strong><\/code><\/pre>\n\n\n\n<p>Otherwise, you can reset the password of an already existing user;<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>sudo -Hiu gvm gvmd --user=&lt;USERNAME&gt; --new-password=&lt;PASSWORD&gt;<\/code><\/pre>\n\n\n\n<p>An administrator user can later create further users or administrators via clients like the Greenbone Security Assistant (GSA).<\/p>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"set-the-feed-import-owner\">Set the Feed Import Owner<\/h3>\n\n\n\n<p>According to&nbsp;<code><strong>gvmd\/INSTALL.md<\/strong><\/code>, certain resources that were previously part of the gvmd source code are now shipped via the feed. An example is the config \u201cFull and Fast\u201d.<\/p>\n\n\n\n<p>gvmd will only create these resources if a \u201cFeed Import Owner\u201d is configured:<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>sudo -Hiu gvm gvmd --modify-setting 78eceaec-3385-11ea-b237-28d24461215b --value &lt;uuid_of_user&gt;<\/code><\/pre>\n\n\n\n<p>The UUIDs of all created users can be found using<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>sudo -Hiu gvm gvmd --get-users --verbose<\/code><\/pre>\n\n\n\n<p>Sample output;<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>admin 2dd752e3-a051-44c6-b214-079673a263f7<\/code><\/pre>\n\n\n\n<p>Then modify the gvmd settings with the user UUID.<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>sudo -Hiu gvm gvmd --modify-setting 78eceaec-3385-11ea-b237-28d24461215b --value 2dd752e3-a051-44c6-b214-079673a263f7<\/code><\/pre>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"accessing-gvm-21.4-web-interface\">Accessing GVM 21.4 Web Interface<\/h3>\n\n\n\n<p>Greenbone Security Assistant (GSA) WebUI daemon opens port 443 and listens on all interfaces.<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>ss -altnp | grep 443<\/code><\/pre>\n\n\n\n<pre class=\"wp-block-code\"><code>LISTEN    0         128                      *:443                    *:*        users:((\"gsad\",pid=37710,fd=10))<\/code><\/pre>\n\n\n\n<p>If firewall is running, open this port to allow external access.<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>ufw allow 443\/tcp<\/code><\/pre>\n\n\n\n<p>You can now access GSA via the url&nbsp;<code><strong>https:&lt;serverIP-OR-hostname&gt;<\/strong><\/code>.<\/p>\n\n\n\n<p>Accept the self-signed SSL warning and proceed.<\/p>\n\n\n\n<p>You can now access GSA via the url <code><strong>https:&lt;serverIP-OR-hostname&gt;<\/strong><\/code>. Accept the self-signed SSL warning and proceed.<\/p>\n\n\n\n<div><a href=\"https:\/\/kifarunix.com\/wp-content\/uploads\/2022\/07\/gvm-21.4-login-page.png\" class=\"td-modal-image\"><figure class=\"wp-block-image size-full\"><img loading=\"lazy\" decoding=\"async\" width=\"1340\" height=\"905\" src=\"https:\/\/kifarunix.com\/wp-content\/uploads\/2022\/07\/gvm-21.4-login-page.png\" alt=\"Install GVM 21.4 on Ubuntu 20.04\" class=\"wp-image-13399\" title=\"\" srcset=\"https:\/\/kifarunix.com\/wp-content\/uploads\/2022\/07\/gvm-21.4-login-page.png?v=1657258648 1340w, https:\/\/kifarunix.com\/wp-content\/uploads\/2022\/07\/gvm-21.4-login-page-768x519.png?v=1657258648 768w\" sizes=\"(max-width: 1340px) 100vw, 1340px\" \/><\/figure><\/a><\/div>\n\n\n\n<p>Login with the administrative credentials generated above.<\/p>\n\n\n\n<p>Dashboard;<\/p>\n\n\n\n<div><a href=\"https:\/\/kifarunix.com\/wp-content\/uploads\/2022\/07\/gvm-default-dashboard.png\" class=\"td-modal-image\"><figure class=\"wp-block-image size-full\"><img loading=\"lazy\" decoding=\"async\" width=\"1902\" height=\"951\" src=\"https:\/\/kifarunix.com\/wp-content\/uploads\/2022\/07\/gvm-default-dashboard.png\" alt=\"Install GVM 21.4 on Ubuntu 20.04\" class=\"wp-image-13400\" title=\"\" srcset=\"https:\/\/kifarunix.com\/wp-content\/uploads\/2022\/07\/gvm-default-dashboard.png?v=1657258663 1902w, https:\/\/kifarunix.com\/wp-content\/uploads\/2022\/07\/gvm-default-dashboard-768x384.png?v=1657258663 768w, https:\/\/kifarunix.com\/wp-content\/uploads\/2022\/07\/gvm-default-dashboard-1536x768.png?v=1657258663 1536w\" sizes=\"(max-width: 1902px) 100vw, 1902px\" \/><\/figure><\/a><\/div>\n\n\n\n<p>SecInfo<\/p>\n\n\n\n<div><a href=\"https:\/\/kifarunix.com\/wp-content\/uploads\/2022\/07\/gvm-secinfo.png\" class=\"td-modal-image\"><figure class=\"wp-block-image size-full\"><img loading=\"lazy\" decoding=\"async\" width=\"1907\" height=\"951\" src=\"https:\/\/kifarunix.com\/wp-content\/uploads\/2022\/07\/gvm-secinfo.png\" alt=\"Install GVM 21.4 on Ubuntu 20.04\" class=\"wp-image-13401\" title=\"\" srcset=\"https:\/\/kifarunix.com\/wp-content\/uploads\/2022\/07\/gvm-secinfo.png?v=1657258675 1907w, https:\/\/kifarunix.com\/wp-content\/uploads\/2022\/07\/gvm-secinfo-768x383.png?v=1657258675 768w, https:\/\/kifarunix.com\/wp-content\/uploads\/2022\/07\/gvm-secinfo-1536x766.png?v=1657258675 1536w\" sizes=\"(max-width: 1907px) 100vw, 1907px\" \/><\/figure><\/a><\/div>\n\n\n\n<p>It may take sometime to update the database with SCAP data and you may see&nbsp;<strong>No SCAP database found<\/strong>&nbsp;on the dashboard. Be sure to check the logs to confirm that actually the database is being updated;<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>tail -f \/var\/log\/gvm\/gvmd.log<\/code><\/pre>\n\n\n\n<pre class=\"scroll-box\"><code>\nmd manage:   INFO:2022-07-07 05h25.00 utc:38216:    Modifying setting.\nmd manage:MESSAGE:2022-07-07 05h25.00 utc:38216: No SCAP database found\nmd manage:   INFO:2022-07-07 05h27.55 UTC:37327: Updating \/var\/lib\/gvm\/scap-data\/nvdcve-2.0-2005.xml\nmd manage:   INFO:2022-07-07 05h28.36 UTC:37327: Updating \/var\/lib\/gvm\/scap-data\/nvdcve-2.0-2004.xml\nmd manage:   INFO:2022-07-07 05h28.52 UTC:37327: Updating \/var\/lib\/gvm\/scap-data\/nvdcve-2.0-2010.xml\nmd manage:   INFO:2022-07-07 05h30.19 UTC:37327: Updating \/var\/lib\/gvm\/scap-data\/nvdcve-2.0-2012.xml\nmd manage:   INFO:2022-07-07 05h31.06 UTC:37327: Updating \/var\/lib\/gvm\/scap-data\/nvdcve-2.0-2009.xml\nmd manage:   INFO:2022-07-07 05h31.55 UTC:37327: Updating \/var\/lib\/gvm\/scap-data\/nvdcve-2.0-2015.xml\nmd manage:   INFO:2022-07-07 05h33.00 UTC:37327: Updating \/var\/lib\/gvm\/scap-data\/nvdcve-2.0-2013.xml\nmd manage:   INFO:2022-07-07 05h33.38 UTC:37327: Updating \/var\/lib\/gvm\/scap-data\/nvdcve-2.0-2018.xml\n...\n<\/code><\/pre>\n\n\n\n<p>And there you go. That is all it take to install and Setup GVM 21.4 on Ubuntu 20.04. You can now start running your scans.<\/p>\n\n\n\n<p><strong>NOTE<\/strong>: When creating a scan task, be sure to select the Scanner we created above.<\/p>\n\n\n\n<div><a href=\"https:\/\/kifarunix.com\/wp-content\/uploads\/2020\/08\/scanner.png\" class=\"td-modal-image\"><figure class=\"wp-block-image size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"1215\" height=\"671\" src=\"https:\/\/kifarunix.com\/wp-content\/uploads\/2020\/08\/scanner.png\" alt=\"Install GVM 21.4 on Ubuntu 20.04\" class=\"wp-image-6845\" title=\"\" srcset=\"https:\/\/kifarunix.com\/wp-content\/uploads\/2020\/08\/scanner.png?v=1598636617 1215w, https:\/\/kifarunix.com\/wp-content\/uploads\/2020\/08\/scanner-768x424.png?v=1598636617 768w\" sizes=\"(max-width: 1215px) 100vw, 1215px\" \/><\/figure><\/a><\/div>\n\n\n\n<p>You can now create your target hosts to scan and schedule the scans to run at your own preferred time.<\/p>\n\n\n\n<p>That marks the end of our tutorial on how to install and setup GVM 21.4 on Ubuntu 20.04.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">Reference<\/h3>\n\n\n\n<p>Source files <strong>README.md <\/strong>and <strong>INSTALL.md<\/strong> files<\/p>\n\n\n\n<p>Other Tutorials<\/p>\n\n\n\n<p><a href=\"https:\/\/kifarunix.com\/install-nikto-web-scanner-on-rocky-linux-8\/\" target=\"_blank\" rel=\"noreferrer noopener\">Install Nikto Web Scanner on Rocky Linux 8<\/a><\/p>\n\n\n\n<p><a href=\"https:\/\/kifarunix.com\/install-gvm-21-4-on-kali-linux\/\" target=\"_blank\" rel=\"noreferrer noopener\">Install GVM 21.4&nbsp;on Kali Linux<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>In this guide, you will learn how to install GVM 21.4 on Ubuntu 20.04. Greenbone&nbsp;Vulnerability&nbsp;Management (GVM), previously known as OpenVAS, is a network security scanner<\/p>\n","protected":false},"author":3,"featured_media":13399,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"rank_math_lock_modified_date":false,"footnotes":""},"categories":[34,121,370,150],"tags":[5492,5489,5488,5491,5490],"class_list":["post-11734","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-security","category-howtos","category-openvas","category-vulnerability-scanners","tag-greenbone-vulnerability-manager-on-ubuntu","tag-gvm-21-4-ubuntu","tag-install-gvm-21-4-on-kali-linux","tag-setup-gvm-on-ubuntu","tag-ubuntu-20-04-gvm-21-4-4-install","generate-columns","tablet-grid-50","mobile-grid-100","grid-parent","grid-50","resize-featured-image"],"_links":{"self":[{"href":"https:\/\/kifarunix.com\/wp-json\/wp\/v2\/posts\/11734"}],"collection":[{"href":"https:\/\/kifarunix.com\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/kifarunix.com\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/kifarunix.com\/wp-json\/wp\/v2\/users\/3"}],"replies":[{"embeddable":true,"href":"https:\/\/kifarunix.com\/wp-json\/wp\/v2\/comments?post=11734"}],"version-history":[{"count":50,"href":"https:\/\/kifarunix.com\/wp-json\/wp\/v2\/posts\/11734\/revisions"}],"predecessor-version":[{"id":20597,"href":"https:\/\/kifarunix.com\/wp-json\/wp\/v2\/posts\/11734\/revisions\/20597"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/kifarunix.com\/wp-json\/wp\/v2\/media\/13399"}],"wp:attachment":[{"href":"https:\/\/kifarunix.com\/wp-json\/wp\/v2\/media?parent=11734"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/kifarunix.com\/wp-json\/wp\/v2\/categories?post=11734"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/kifarunix.com\/wp-json\/wp\/v2\/tags?post=11734"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}