{"id":13239,"date":"2022-06-27T08:30:05","date_gmt":"2022-06-27T05:30:05","guid":{"rendered":"https:\/\/kifarunix.com\/?p=13239"},"modified":"2024-03-09T15:05:16","modified_gmt":"2024-03-09T12:05:16","slug":"install-gvm-21-4-on-kali-linux","status":"publish","type":"post","link":"https:\/\/kifarunix.com\/install-gvm-21-4-on-kali-linux\/","title":{"rendered":"Install GVM 21.4\u00a0on Kali Linux"},"content":{"rendered":"\n<p>In this guide, you will learn how to install GVM 21.4&nbsp;on Kali Linux.&nbsp;<strong>G<\/strong>reenbone&nbsp;<strong>V<\/strong>ulnerability&nbsp;<strong>M<\/strong>anagement (GVM), previously known as OpenVAS, is a network security scanner which provides a set of network vulnerability tests (NVTs) to detect security loopholes in systems and applications. As of this writing,&nbsp;<a href=\"https:\/\/community.greenbone.net\/t\/gvm-release-version-21-4-4\/11506\" target=\"_blank\" rel=\"noopener\">GVM 21.4.4 is the current stable release<\/a>.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"install-gvm-11-ubuntu-20.04\">Install GVM 21.4 on Kali Linux<\/h2>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"prerequisites\">Prerequisites<\/h3>\n\n\n\n<p>In this demo, we will install and setup GVM 21.4 on Kali Linux from source code. As such, below are the system requirements I would personally recommend.<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>At least 4 GB RAM<\/li>\n\n\n\n<li>At least 4 vCPUs<\/li>\n\n\n\n<li>More than 8 GB disk space (We used 16 GB in this demo)<\/li>\n<\/ul>\n\n\n\n<p>These requirements will vary depending on your use cases, however. Just be sure to provide \u201cenough\u201d.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"run-system-update\">Run System Update<\/h3>\n\n\n\n<p>To begin with, update and upgrade your system packages;<\/p>\n\n\n\n<pre class=\"wp-block-preformatted\"><code>apt update<\/code><\/pre>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"create-gvm-user\">Create GVM User on Ubuntu<\/h3>\n\n\n\n<p>In this demo, we will run GVM 21.08 as a non privileged system user. Thus, create&nbsp;<code><strong>gvm<\/strong><\/code>&nbsp;system user account.<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>useradd -r -d \/opt\/gvm -c \"GVM User\" -s \/bin\/bash gvm<\/code><\/pre>\n\n\n\n<p>Create the GVM user directory as specified by option&nbsp;<code>-d<\/code>&nbsp;in the command above and set the user and group ownership to&nbsp;<code>gvm<\/code>.<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>mkdir \/opt\/gvm &amp;&amp; chown gvm: \/opt\/gvm<\/code><\/pre>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"install-gvm-11-required-dependencies\">Install Required Build Tools<\/h3>\n\n\n\n<p>In order to successfully build GVM 21.4 on Kali Linux, you need to install a number of required dependencies and build tools.<\/p>\n\n\n\n<pre class=\"scroll-box\"><code>apt install gcc g++ make bison flex libksba-dev \\\ncurl redis libpcap-dev cmake git pkg-config libglib2.0-dev libgpgme-dev \\\nnmap libgnutls28-dev uuid-dev libssh-gcrypt-dev libldap2-dev gnutls-bin \\\nlibmicrohttpd-dev libhiredis-dev zlib1g-dev libxml2-dev libnet-dev libradcli-dev \\\nclang-format libldap2-dev doxygen gcc-mingw-w64 xml-twig-tools libical-dev perl-base \\\nheimdal-dev libpopt-dev libunistring-dev graphviz libsnmp-dev python3-setuptools \\\npython3-paramiko python3-lxml python3-defusedxml python3-dev gettext python3-polib \\\nxmltoman python3-pip texlive-fonts-recommended libpq-dev postgresql-server-dev-all \\\ntexlive-latex-extra --no-install-recommends xsltproc sudo vim rsync -y\n<\/code><\/pre>\n\n\n\n<h4 class=\"wp-block-heading\" id=\"install-yarn-ubuntu-20.04\">Install Yarn on Kali Linux<\/h4>\n\n\n\n<p>Next, install Yarn JavaScript package manager<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>curl -sL https:\/\/dl.yarnpkg.com\/debian\/pubkey.gpg | gpg --dearmor | sudo tee \/usr\/share\/keyrings\/yarnkey.gpg &gt;\/dev\/null<\/code><\/pre>\n\n\n\n<pre class=\"wp-block-code\"><code>echo \"deb &#91;signed-by=\/usr\/share\/keyrings\/yarnkey.gpg] https:\/\/dl.yarnpkg.com\/debian stable main\" | sudo tee \/etc\/apt\/sources.list.d\/yarn.list<\/code><\/pre>\n\n\n\n<pre class=\"wp-block-code\"><code>apt update<\/code><\/pre>\n\n\n\n<pre class=\"wp-block-code\"><code>apt install yarn -y<\/code><\/pre>\n\n\n\n<h4 class=\"wp-block-heading\" id=\"install-postgresql-ubuntu20.04\">Install PostgreSQL on Kali Linux<\/h4>\n\n\n\n<p>GVM 21.4 uses PostgreSQL as the backend database. We use version 14  in this setup, which is already installed on Kali Linux 2022.2 which we are using.<\/p>\n\n\n\n<p>To check the version;<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>psql --version<\/code><\/pre>\n\n\n\n<p>Sample output;<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>psql (PostgreSQL) 14.2 (Debian 14.2-1+b3)<\/code><\/pre>\n\n\n\n<p>Start and enable PostgreSQL service to run on system boot;<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>systemctl enable --now  postgresql<\/code><\/pre>\n\n\n\n<p>Confirm it is up by checking the ports opened;<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>ss -altnp | grep postgres<\/code><\/pre>\n\n\n\n<pre class=\"wp-block-code\"><code>LISTEN 0      244        127.0.0.1:5432      0.0.0.0:*    users:((\"postgres\",pid=26282,fd=6))\nLISTEN 0      244            &#91;::1]:5432         &#91;::]:*    users:((\"postgres\",pid=26282,fd=5))<\/code><\/pre>\n\n\n\n<h4 class=\"wp-block-heading\" id=\"create-postgresql-user-n-db\">Create PostgreSQL User and Database<\/h4>\n\n\n\n<p>Once the installation is done, create the PostgreSQL user and database for Greenbone Vulnerability Management Daemon (gvmd).<\/p>\n\n\n\n<p>Note that the database and user should be created as PostgreSQL user,&nbsp;<strong>postgres<\/strong>.<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>sudo -Hiu postgres createuser gvm<\/code><\/pre>\n\n\n\n<pre class=\"wp-block-code\"><code>sudo -Hiu postgres createdb -O gvm gvmd<\/code><\/pre>\n\n\n\n<p>Grant PostgreSQL GVM User DBA Roles<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>sudo -Hiu postgres psql gvmd -c 'create role dba with superuser noinherit;'<\/code><\/pre>\n\n\n\n<pre class=\"wp-block-code\"><code>sudo -Hiu postgres psql gvmd -c 'grant dba to gvm;'<\/code><\/pre>\n\n\n\n<pre class=\"wp-block-code\"><code>sudo -Hiu postgres psql gvmd -c 'create extension \"uuid-ossp\";'<\/code><\/pre>\n\n\n\n<pre class=\"wp-block-code\"><code>sudo -Hiu postgres psql gvmd -c 'create extension \"pgcrypto\";'<\/code><\/pre>\n\n\n\n<p>Once that is done, restart PostgreSQL;<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>systemctl restart postgresql<\/code><\/pre>\n\n\n\n<p>Allow the user to run the installation with sudo rights;<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>echo \"gvm ALL = NOPASSWD: $(which make) install\" &gt; \/etc\/sudoers.d\/gvm<\/code><\/pre>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"install-gvm-11-from-source-ubuntu-20.04\">Building GVM 21.4 from Source Code<\/h3>\n\n\n\n<p>There are different tools required to install and setup GVM 21.4 on Kali Linux. These include;<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>GVM Libraries<\/li>\n\n\n\n<li>OpenVAS Scanner<\/li>\n\n\n\n<li>OSPd<\/li>\n\n\n\n<li>ospd-openvas<\/li>\n\n\n\n<li>Greenbone Vulnerability Manager<\/li>\n\n\n\n<li>Greenbone Security Assistant<\/li>\n\n\n\n<li>Python-GVM<\/li>\n\n\n\n<li>GVM-Tools<\/li>\n\n\n\n<li>OpenVAS SMB<\/li>\n<\/ul>\n\n\n\n<p>Every component has&nbsp;<strong>README.md<\/strong>&nbsp;and a&nbsp;<strong>INSTALL.md<\/strong>&nbsp;file that explains how to build and install it.<\/p>\n\n\n\n<h4 class=\"wp-block-heading\" id=\"build-and-install-gvm-21-4-4-on-debian-11-debian-10\">Build and Install GVM on Kali Linux<\/h4>\n\n\n\n<p>Switch to GVM user created above and create a directory where to download the source files to;<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>su -Hiu gvm mkdir gvm-source<\/code><\/pre>\n\n\n\n<h4 class=\"wp-block-heading\" id=\"download-gvm-11-source-files\">Download GVM 21.4 Source Files<\/h4>\n\n\n\n<p>Navigate to temporary directory created above and run the subsequent commands to clone the GVM github branch files.<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>sudo -Hiu gvm git clone -b stable --single-branch https:\/\/github.com\/greenbone\/gvm-libs.git gvm-source\/gvm-libs<\/code><\/pre>\n\n\n\n<pre class=\"wp-block-code\"><code>sudo -Hiu gvm git clone -b main --single-branch https:\/\/github.com\/greenbone\/openvas-smb.git gvm-source\/openvas-smb<\/code><\/pre>\n\n\n\n<pre class=\"wp-block-code\"><code>sudo -Hiu gvm git clone -b stable --single-branch https:\/\/github.com\/greenbone\/openvas.git gvm-source\/openvas<\/code><\/pre>\n\n\n\n<pre class=\"wp-block-code\"><code>sudo -Hiu gvm git clone -b stable --single-branch https:\/\/github.com\/greenbone\/ospd.git gvm-source\/ospd<\/code><\/pre>\n\n\n\n<pre class=\"wp-block-code\"><code>sudo -Hiu gvm git clone -b stable --single-branch https:\/\/github.com\/greenbone\/ospd-openvas.git gvm-source\/ospd-openvas<\/code><\/pre>\n\n\n\n<pre class=\"wp-block-code\"><code>sudo -Hiu gvm git clone -b stable --single-branch https:\/\/github.com\/greenbone\/gvmd.git gvm-source\/gvmd<\/code><\/pre>\n\n\n\n<pre class=\"wp-block-code\"><code>sudo -Hiu gvm git clone -b stable --single-branch https:\/\/github.com\/greenbone\/gsa.git gvm-source\/gsa<\/code><\/pre>\n\n\n\n<pre class=\"wp-block-code\"><code>sudo -Hiu gvm git clone -b stable --single-branch https:\/\/github.com\/greenbone\/gsad.git gvm-source\/gsad<\/code><\/pre>\n\n\n\n<p>Once the source files are in place, proceed to build and install GVM on Kali Linux.<\/p>\n\n\n\n<p>Note the current working directory;<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>sudo -Hiu gvm ls -1 gvm-source<\/code><\/pre>\n\n\n\n<pre class=\"scroll-box\"><code>\ngsa\ngsad\ngvmd\ngvm-libs\nopenvas\nopenvas-smb\nospd\nospd-openvas\n<\/code><\/pre>\n\n\n\n<p>To begin with, switch to GVM user account.<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>su - gvm\ncd gvm-source<\/code><\/pre>\n\n\n\n<p>Next, set the <code>PKG_CONFIG_PATH<\/code> environment variable to the location of your pkg-config files before configuring:<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>echo \"export PKG_CONFIG_PATH=\/opt\/gvm\/lib\/pkgconfig:$PKG_CONFIG_PATH\" &gt;&gt; ~\/.bashrc<\/code><\/pre>\n\n\n\n<pre class=\"wp-block-code\"><code>source ~\/.bashrc<\/code><\/pre>\n\n\n\n<h4 class=\"wp-block-heading\" id=\"install-gvm-11-libraries\">Build and Install GVM 11 Libraries<\/h4>\n\n\n\n<p>From within the source directory,&nbsp;<meta http-equiv=\"content-type\" content=\"text\/html; charset=utf-8\"><code><strong>\/opt\/gvm\/gvm-source<\/strong><\/code>, in this setup, change to GVM libraries directory;<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>cd gvm-libs\nmkdir build &amp;&amp; cd build\ncmake ..\nmake\nsudo make install<\/code><\/pre>\n\n\n\n<h4 class=\"wp-block-heading\" id=\"install-openvas-scanner-smb\">Build and Install OpenVAS scanner and OpenVAS SMB<\/h4>\n\n\n\n<p>Open Vulnerability Assessment Scanner (OpenVAS) is a full-featured scan engine that executes a continuously updated and extended feed of Network Vulnerability Tests (NVTs).<\/p>\n\n\n\n<p>OpenVAS SMB provides modules for the OpenVAS Scanner to interface with Microsoft Windows Systems through the Windows Management Instrumentation API and a&nbsp;<code>winexe<\/code>&nbsp;binary to execute processes remotely on that system.<\/p>\n\n\n\n<p>Build and install openvas-smb;<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>cd ..\/..\/openvas-smb\/\nmkdir build &amp;&amp; cd build\ncmake ..\nmake\nsudo make install<\/code><\/pre>\n\n\n\n<p>Build and install OpenVAS scanner;<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>cd ..\/..\/openvas<\/code><\/pre>\n\n\n\n<p>Since Kali 2022.2 uses Glibc 2.33, you may get errors such as <strong><code>error: \u2018g_pattern_match_string\u2019 is deprecated:<\/code><\/strong> as per <a href=\"https:\/\/giters.com\/greenbone\/openvas-scanner\/issues\/1006\" target=\"_blank\" rel=\"noreferrer noopener\">this issue<\/a>.<\/p>\n\n\n\n<p>Thus, disable the warnings from being treated as errors and proceed.<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>sed -i.bak 's\/-Werror\/-Wno-error\/' misc\/CMakeLists.txt\nmkdir build &amp;&amp; cd build\ncmake ..\nmake\nsudo make install<\/code><\/pre>\n\n\n\n<h4 class=\"wp-block-heading\" id=\"configure-openvas-scanner-gvm11\">Configuring OpenVAS Scanner<\/h4>\n\n\n\n<p>The host scan information is stored temporarily on Redis server.<\/p>\n\n\n\n<p>To begin run the command below to create the cache to the installed shared libraries;<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>exit<\/code><\/pre>\n\n\n\n<pre class=\"wp-block-code\"><code>ldconfig<\/code><\/pre>\n\n\n\n<p>The default configuration of Redis server is&nbsp;<code>\/etc\/redis\/redis.conf<\/code>.<\/p>\n\n\n\n<p>Next, copy OpenVAS scanner Redis configuration file from the OpenVAS source directory,&nbsp;<code>redis-openvas.conf<\/code>, to the Redis config directory;<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>cp \/opt\/gvm\/gvm-source\/openvas\/config\/redis-openvas.conf \/etc\/redis\/<\/code><\/pre>\n\n\n\n<p>Update the ownership of the configuration.<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>chown redis:redis \/etc\/redis\/redis-openvas.conf<\/code><\/pre>\n\n\n\n<p>Update the path to Redis unix socket on the&nbsp;<code><strong>\/etc\/openvas\/openvas.conf<\/strong><\/code>&nbsp;using the&nbsp;<strong><code>db_address<\/code><\/strong>&nbsp;parameter.<\/p>\n\n\n\n<p>To get the path to the Redis unix socket, run the command;<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>grep unixsocket \/etc\/redis\/redis-openvas.conf<\/code><\/pre>\n\n\n\n<p>Sample output;<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>unixsocket <strong>\/run\/redis-openvas\/redis.sock<\/strong>\nunixsocketperm 770<\/code><\/pre>\n\n\n\n<p>Once you get the path to Redis unix socket, run the command;<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>echo \"<strong>db_address = <strong>\/run\/redis-openvas\/redis.sock<\/strong><\/strong>\" &gt; \/etc\/openvas\/openvas.conf<\/code><\/pre>\n\n\n\n<p>Add gvm user to redis group;<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>usermod -aG redis gvm<\/code><\/pre>\n\n\n\n<h4 class=\"wp-block-heading\" id=\"optimize-redis-performance\">Optimize Redis Performance<\/h4>\n\n\n\n<p>You can also optimize Redis server itself improve the performance by making the following adjustments;<\/p>\n\n\n\n<p>Increase the value of somaxconn in order to avoid slow clients connections issues.<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>echo \"net.core.somaxconn = 1024\" &gt;&gt; \/etc\/sysctl.conf<\/code><\/pre>\n\n\n\n<p>Redis background save may fail under low memory condition. To avoid this, enable memory overcommit (<strong>man 5 proc)<\/strong>.<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>echo 'vm.overcommit_memory = 1' &gt;&gt; \/etc\/sysctl.conf<\/code><\/pre>\n\n\n\n<p>Reload sysctl variables created above.<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>sysctl -p<\/code><\/pre>\n\n\n\n<p>To avoid creation of latencies and memory usage issues with Redis, disable Linux Kernel\u2019s support for Transparent Huge Pages (THP). To easily work around this, create a systemd service unit for this purpose.<\/p>\n\n\n\n<pre class=\"scroll-box\"><code>\ncat > \/etc\/systemd\/system\/disable_thp.service << 'EOL'\n[Unit]\nDescription=Disable Kernel Support for Transparent Huge Pages (THP)\n[Service]\nType=simple\nExecStart=\/bin\/sh -c \"echo 'never' > \/sys\/kernel\/mm\/transparent_hugepage\/enabled && echo 'never' > \/sys\/kernel\/mm\/transparent_hugepage\/defrag\"\n[Install]\nWantedBy=multi-user.target\nEOL\n<\/code><\/pre>\n\n\n\n<p>Reload systemd configurations;<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>systemctl daemon-reload<\/code><\/pre>\n\n\n\n<p>Start and enable this service to run on system boot.<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>systemctl enable --now disable_thp<\/code><\/pre>\n\n\n\n<p>Restart OpenVAS Redis server<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>systemctl enable --now redis-server@openvas<\/code><\/pre>\n\n\n\n<p>Confirm the status;<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>systemctl status redis-server@openvas<\/code><\/pre>\n\n\n\n<pre class=\"scroll-box\"><code>\u25cf redis-server@openvas.service - Advanced key-value store (openvas)\n     Loaded: loaded (\/lib\/systemd\/system\/redis-server@.service; enabled; vendor preset: disabled)\n     Active: active (running) since Sat 2022-06-25 05:26:16 EDT; 5s ago\n       Docs: http:\/\/redis.io\/documentation,\n             man:redis-server(1)\n   Main PID: 39946 (redis-server)\n     Status: \"Ready to accept connections\"\n      Tasks: 5 (limit: 4611)\n     Memory: 5.2M\n        CPU: 64ms\n     CGroup: \/system.slice\/system-redis\\x2dserver.slice\/redis-server@openvas.service\n             \u2514\u250039946 \"\/usr\/bin\/redis-server 127.0.0.1:0\"\n\nJun 25 05:26:16 kali redis-server[39946]:   `-._    `-._`-.__.-'_.-'    _.-'\nJun 25 05:26:16 kali redis-server[39946]:       `-._    `-.__.-'    _.-'\nJun 25 05:26:16 kali redis-server[39946]:           `-._        _.-'\nJun 25 05:26:16 kali redis-server[39946]:               `-.__.-'\nJun 25 05:26:16 kali redis[39946]:                 _._                                                  \n                                              _.-``__ ''-._                                             \n                                         _.-``    `.  `_.  ''-._           Redis 6.0.16 (00000000\/0) 64 bit\n                                     .-`` .-```.  ```\\\/    _.,_ ''-._                                   \n                                    (    '      ,       .-`  | `,    )     Running in standalone mode\n                                    |`-._`-...-` __...-.``-._|'` _.-'|     Port: 0\n                                    |    `-._   `._    \/     _.-'    |     PID: 39946\n                                     `-._    `-._  `-.\/  _.-'    _.-'                                   \n                                    |`-._`-._    `-.__.-'    _.-'_.-'|                                  \n                                    |    `-._`-._        _.-'_.-'    |           http:\/\/redis.io        \n                                     `-._    `-._`-.__.-'_.-'    _.-'                                   \n                                    |`-._`-._    `-.__.-'    _.-'_.-'|                                  \n                                    |    `-._`-._        _.-'_.-'    |                                  \n                                     `-._    `-._`-.__.-'_.-'    _.-'                                   \n                                         `-._    `-.__.-'    _.-'                                       \n                                             `-._        _.-'                                           \n                                                 `-.__.-'\nJun 25 05:26:16 kali systemd[1]: Started Advanced key-value store (openvas).\nJun 25 05:26:16 kali redis-server[39946]: 39946:M 25 Jun 2022 05:26:16.258 # Server initialized\nJun 25 05:26:16 kali redis-server[39946]: 39946:M 25 Jun 2022 05:26:16.259 * The server is now ready to accept connections at \/run\/redis-openvas\/redis.sock\nJun 25 05:26:16 kali redis[39946]: Server initialized\nJun 25 05:26:16 kali redis[39946]: The server is now ready to accept connections at \/run\/redis-openvas\/redis.sock\n<\/code><\/pre>\n\n\n\n<h4 class=\"wp-block-heading\" id=\"update-network-vulnerability-tests-nvts\">Update Network Vulnerability Tests (NVTs)<\/h4>\n\n\n\n<p>Update Network Vulnerability Tests feed from Greenbone Security Feed\/Community Feed using the&nbsp;<code>greenbone-nvt-sync<\/code>&nbsp;command.&nbsp;<code>rsync<\/code>&nbsp;tool is required for a successful synchronization.<\/p>\n\n\n\n<p>Note that&nbsp;<strong><code>greenbone-nvt-sync<\/code><\/strong>&nbsp;must not be executed as privileged user root. <strong>For this reason, update the NVTs as gvm user created above<\/strong>.<\/p>\n\n\n\n<p>Ensure that user can write to OpenVAS libraries directory, <code><strong>\/var\/lib\/openvas\/<\/strong><\/code>, directory.<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>chown -R gvm: \/var\/lib\/openvas\/<\/code><\/pre>\n\n\n\n<p>Also, allow GVM user to run openvas with sudo rights.<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>echo \"gvm ALL = NOPASSWD: $(which openvas)\" &gt;&gt; \/etc\/sudoers.d\/gvm<\/code><\/pre>\n\n\n\n<p>Next, update the NVTs GVM user;<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>sudo -Hiu gvm greenbone-nvt-sync<\/code><\/pre>\n\n\n\n<p>If the command fails with:<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>rsync: &#91;receiver] read error: Connection reset by peer (104)\nrsync error: error in socket IO (code 10) at io.c(784) &#91;receiver=3.2.3]\nrsync: connection unexpectedly closed (1913648 bytes received so far) &#91;generator]\nrsync error: error in rsync protocol data stream (code 12) at io.c(228) &#91;generator=3.2.3]<\/code><\/pre>\n\n\n\n<p>Then append&nbsp;<code>--rsync<\/code>&nbsp;option and rerun the command.<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>sudo -Hiu gvm greenbone-nvt-sync --rsync<\/code><\/pre>\n\n\n\n<p>Once the update is done, you need to upload the plugins into Redis server;<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>sudo -Hiu gvm sudo openvas --update-vt-info<\/code><\/pre>\n\n\n\n<h4 class=\"wp-block-heading\" id=\"install-gvm-ubuntu20.04\">Build and Install Greenbone Vulnerability Manager<\/h4>\n\n\n\n<pre class=\"wp-block-code\"><code>su - gvm<\/code><\/pre>\n\n\n\n<pre class=\"wp-block-code\"><code>cd gvm-source\/gvmd\nsource ~\/.bashrc\nsed -i.bak 's\/-Werror\/-Wno-error\/' CMakeLists.txt\nmkdir build &amp;&amp; cd build\ncmake .. -DPostgreSQL_TYPE_INCLUDE_DIR=\/usr\/include\/postgresql\/\nmake\nsudo make install<\/code><\/pre>\n\n\n\n<h4 class=\"wp-block-heading\" id=\"install-gsa-ubuntu20.04\">Build and Install Greenbone Security Assistant<\/h4>\n\n\n\n<p>The Greenbone Security Assistant is the web interface developed for the Greenbone Security Manager<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>cd ..\/..\/gsa\nrm -rf build\nyarn\nyarn build<\/code><\/pre>\n\n\n\n<p>All content of the production build can be shipped with every web server. For providing GSA via <a href=\"https:\/\/github.com\/greenbone\/gsad\/\" target=\"_blank\" rel=\"noopener\">gsad web server<\/a>, the files need to be copied into the <code>\/usr\/local\/share\/gvm\/gsad\/web\/<\/code>.<\/p>\n\n\n\n<h4 class=\"wp-block-heading\">Build and Install Greenbone Security Assistant HTTP server<\/h4>\n\n\n\n<p>The Greenbone Security Assistant HTTP Server is the server developed for the communication with the Greenbone Security Manager appliances. It connects to the Greenbone Vulnerability Manager Daemon <strong>gvmd<\/strong> to provide a full-featured user interface for vulnerability management.<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>cd ..\/gsad\nmkdir build &amp;&amp; cd build\ncmake ..\nmake\nsudo make install<\/code><\/pre>\n\n\n\n<p>Next, copy the web interface configs;<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>exit<\/code><\/pre>\n\n\n\n<pre class=\"wp-block-code\"><code>&#91;&#91; -d \/usr\/local\/share\/gvm\/gsad\/web ]] || mkdir -p \/usr\/local\/share\/gvm\/gsad\/web<\/code><\/pre>\n\n\n\n<pre class=\"wp-block-code\"><code>cp -rp \/opt\/gvm\/gvm-source\/gsa\/build\/* \/usr\/local\/share\/gvm\/gsad\/web<\/code><\/pre>\n\n\n\n<pre class=\"wp-block-code\"><code>chown -R gvm: \/usr\/local\/share\/gvm\/gsad\/web<\/code><\/pre>\n\n\n\n<h4 class=\"wp-block-heading\" id=\"keeping-the-feeds-up-to-date\">Keeping the feeds up-to-date<\/h4>\n\n\n\n<p>The gvmd&nbsp;<code><strong>Data<\/strong><\/code>,&nbsp;<strong><code>SCAP<\/code><\/strong>&nbsp;and&nbsp;<code><strong>CERT<\/strong><\/code>&nbsp;Feeds should be kept up-to-date by calling the&nbsp;<code>greenbone-feed-sync<\/code>&nbsp;script regularly (e.g. via a cron entry):<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>chown -R gvm: \/var\/lib\/gvm\/<\/code><\/pre>\n\n\n\n<pre class=\"wp-block-code\"><code>sudo -Hiu gvm greenbone-feed-sync --type GVMD_DATA<\/code><\/pre>\n\n\n\n<pre class=\"wp-block-code\"><code>sudo -Hiu gvm greenbone-feed-sync --type SCAP<\/code><\/pre>\n\n\n\n<pre class=\"wp-block-code\"><code>sudo -Hiu gvm greenbone-feed-sync --type CERT<\/code><\/pre>\n\n\n\n<p>Please note: The&nbsp;<code>CERT<\/code>&nbsp;feed sync depends on data provided by the&nbsp;<code>SCAP<\/code>&nbsp;feed and should be called after syncing the later.<\/p>\n\n\n\n<p>Also, in case the commands fail with such an error;<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>rsync: read error: Connection reset by peer (104)\nrsync error: error in socket IO (code 10) at io.c(794) &#91;receiver=3.1.3]\nrsync: connection unexpectedly closed (1047 bytes received so far) &#91;generator]\nrsync error: error in rsync protocol data stream (code 12) at io.c(235) &#91;generator=3.1.3]<\/code><\/pre>\n\n\n\n<p>Try adding&nbsp;<code><strong>--rsync<\/strong><\/code>&nbsp;option to the command, for example;<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>sudo -u gvm greenbone-feed-sync --type CERT --rsync<\/code><\/pre>\n\n\n\n<p><strong>Consider setting cron jobs to run the nvts, cert and scap data update scripts at your preferred frequency to pull updates from the feed servers.<\/strong><\/p>\n\n\n\n<h4 class=\"wp-block-heading\" id=\"generate-gvm-certificates\">Generate GVM Certificates<\/h4>\n\n\n\n<p>Next, run the command below to generate certificates gvmd.<\/p>\n\n\n\n<p>Server certificates are used for authentication while client certificates are primarily used for authorization. More on&nbsp;<code><strong>man gvm-manage-certs<\/strong><\/code>.<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>sudo -Hiu gvm gvm-manage-certs -a<\/code><\/pre>\n\n\n\n<h4 class=\"wp-block-heading\" id=\"build-install-ospd-ospd-openvas\">Build and Install OSPd and OSPd-OpenVAS<\/h4>\n\n\n\n<p>Open Scanner Protocol (OSP) creates a unified interface for different security scanners and makes their control flow and scan results consistently available under the central Greenbone Vulnerability Manager service.<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>su - gvm<\/code><\/pre>\n\n\n\n<pre class=\"wp-block-code\"><code>source ~\/.bashrc<\/code><\/pre>\n\n\n\n<pre class=\"wp-block-code\"><code>pip3 install wheel\npip3 install python-gvm gvm-tools<\/code><\/pre>\n\n\n\n<pre class=\"wp-block-code\"><code>cd \/opt\/gvm\/gvm-source\/ospd\npython3 -m pip install ospd<\/code><\/pre>\n\n\n\n<pre class=\"wp-block-code\"><code>cd \/opt\/gvm\/gvm-source\/ospd-openvas\npython3 -m pip install .<\/code><\/pre>\n\n\n\n<p>Once done, exit.<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>exit<\/code><\/pre>\n\n\n\n<p>Update the PATH environment variable with <strong><code>\/opt\/gvm\/.local\/bin<\/code><\/strong>.<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>sed -i.bak '\/^PATH\/s#$#:\/opt\/gvm\/.local\/bin#' \/etc\/environment<\/code><\/pre>\n\n\n\n<pre class=\"wp-block-code\"><code>source \/etc\/environment<\/code><\/pre>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"running-gvm11-services-ubuntu20.04\">Running OpenVAS Scanner, GSA and GVM services<\/h3>\n\n\n\n<p>In order to make the management of OpenVAS scanner, GSA (WebUI service) and GVM daemon, create systemd service unit files for each of them as follows.<\/p>\n\n\n\n<h5 class=\"wp-block-heading\" id=\"create-gvm-11-openvas-service\">Create OpenVAS systemd service<\/h5>\n\n\n\n<pre class=\"scroll-box\"><code>\ncat > \/etc\/systemd\/system\/ospd-openvas.service << 'EOL'\n[Unit]\nDescription=OSPd Wrapper for the OpenVAS Scanner (ospd-openvas)\nAfter=network.target networking.service redis-server@openvas.service postgresql.service\nWants=redis-server@openvas.service\nConditionKernelCommandLine=!recovery\n[Service]\nExecStartPre=-rm -rf \/run\/gvm\/ospd-openvas.pid \/run\/gvm\/ospd-openvas.sock\nType=simple\nUser=gvm\nGroup=gvm\nRuntimeDirectory=gvm\nEnvironment=PATH=\/usr\/local\/sbin:\/usr\/local\/bin:\/usr\/sbin:\/usr\/bin:\/sbin:\/bin:\/usr\/games:\/usr\/local\/games:\/opt\/gvm\/.local\/bin\nExecStart=\/opt\/gvm\/.local\/bin\/ospd-openvas \\\n--pid-file \/run\/gvm\/ospd-openvas.pid \\\n--log-file \/var\/log\/gvm\/ospd-openvas.log \\\n--lock-file-dir \/run\/gvm -u \/run\/gvm\/ospd-openvas.sock\nRemainAfterExit=yes\n[Install]\nWantedBy=multi-user.target\nEOL\n<\/code><\/pre>\n\n\n\n<p>Set proper ownership for logs directory, <strong><code>\/var\/log\/gvm<\/code><\/strong> and run time data directory, <code><strong>\/run\/gvm<\/strong><\/code>;<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>chown -R gvm: \/var\/log\/gvm \/run\/gvm\/<\/code><\/pre>\n\n\n\n<p>Reload systemd service unit configurations.<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>systemctl daemon-reload<\/code><\/pre>\n\n\n\n<pre class=\"wp-block-code\"><code>systemctl start ospd-openvas<\/code><\/pre>\n\n\n\n<p>Check the status of the service;<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>systemctl status ospd-openvas<\/code><\/pre>\n\n\n\n<pre class=\"scroll-box\"><code>\n\u25cf ospd-openvas.service - OSPd Wrapper for the OpenVAS Scanner (ospd-openvas)\n     Loaded: loaded (\/etc\/systemd\/system\/ospd-openvas.service; disabled; vendor preset: disabled)\n     Active: active (exited) since Sun 2022-06-26 15:31:01 EDT; 6s ago\n    Process: 97434 ExecStartPre=rm -rf \/run\/gvm\/ospd-openvas.pid \/run\/gvm\/ospd-openvas.sock (code=exited, status=0\/SUCCESS)\n    Process: 97435 ExecStart=\/opt\/gvm\/.local\/bin\/ospd-openvas --pid-file \/run\/gvm\/ospd-openvas.pid --log-file \/var\/log\/gvm\/ospd-openvas.log --lock-file-dir \/run\/gvm -u \/run\/gvm\/ospd-openvas.sock (code=exited, status=0\/SUCCESS)\n   Main PID: 97435 (code=exited, status=0\/SUCCESS)\n      Tasks: 4 (limit: 4611)\n     Memory: 23.4M\n        CPU: 535ms\n     CGroup: \/system.slice\/ospd-openvas.service\n             \u251c\u250097442 \/usr\/bin\/python3 \/opt\/gvm\/.local\/bin\/ospd-openvas --pid-file \/run\/gvm\/ospd-openvas.pid --log-file \/var\/log\/gvm\/ospd-openvas.log --lock-file-dir \/run\/gvm -u \/run\/gvm\/ospd-openvas.sock\n             \u2514\u250097444 \/usr\/bin\/python3 \/opt\/gvm\/.local\/bin\/ospd-openvas --pid-file \/run\/gvm\/ospd-openvas.pid --log-file \/var\/log\/gvm\/ospd-openvas.log --lock-file-dir \/run\/gvm -u \/run\/gvm\/ospd-openvas.sock\n\nJun 26 15:31:01 kali systemd[1]: Starting OSPd Wrapper for the OpenVAS Scanner (ospd-openvas)...\nJun 26 15:31:01 kali systemd[1]: Started OSPd Wrapper for the OpenVAS Scanner (ospd-openvas).\n<\/code><\/pre>\n\n\n\n<p>Enable OpenVAS scanner to run on system boot;<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>systemctl enable ospd-openvas<\/code><\/pre>\n\n\n\n<p>Check the logs on;<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>tail -f \/var\/log\/gvm\/ospd-openvas.log<\/code><\/pre>\n\n\n\n<h4 class=\"wp-block-heading\" id=\"create-gvm11-systemd-services\">Creating Systemd Service units for GVM services<\/h4>\n\n\n\n<p>When run, the installer creates GVM daemon service unit,&nbsp;<strong><code>\/lib\/systemd\/system\/gvmd.service<\/code><\/strong>.<\/p>\n\n\n\n<p>Let us modify this service unit file;<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>cp \/lib\/systemd\/system\/gvmd.service{,.bak}<\/code><\/pre>\n\n\n\n<pre class=\"scroll-box\"><code>\ncat > \/lib\/systemd\/system\/gvmd.service << 'EOL'\n[Unit]\nDescription=Greenbone Vulnerability Manager daemon (gvmd)\nAfter=network.target networking.service postgresql.service ospd-openvas.service\nWants=postgresql.service ospd-openvas.service\nDocumentation=man:gvmd(8)\nConditionKernelCommandLine=!recovery\n[Service]\nType=forking\nUser=gvm\nGroup=gvm\nRuntimeDirectory=gvmd\nEnvironment=PATH=\/usr\/local\/sbin:\/usr\/local\/bin:\/usr\/sbin:\/usr\/bin:\/sbin:\/bin:\/usr\/games:\/usr\/local\/games:\/opt\/gvm\/.local\/bin\nExecStart=\/usr\/local\/sbin\/gvmd --osp-vt-update=\/run\/gvm\/ospd-openvas.sock\nRestart=always\nTimeoutStopSec=10\n[Install]\nWantedBy=multi-user.target\nEOL\n<\/code><\/pre>\n\n\n\n<p>Reload system unit configs and start the services;<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>systemctl daemon-reload\nsystemctl enable --now gvmd<\/code><\/pre>\n\n\n\n<p>Checking the status;<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>systemctl status gvmd<\/code><\/pre>\n\n\n\n<pre class=\"scroll-box\"><code>\n\u25cf gvmd.service - Greenbone Vulnerability Manager daemon (gvmd)\n     Loaded: loaded (\/lib\/systemd\/system\/gvmd.service; enabled; vendor preset: disabled)\n     Active: active (running) since Sun 2022-06-26 15:32:27 EDT; 6s ago\n       Docs: man:gvmd(8)\n    Process: 97899 ExecStart=\/usr\/local\/sbin\/gvmd --osp-vt-update=\/run\/gvm\/ospd-openvas.sock (code=exited, status=0\/SUCCESS)\n   Main PID: 97904 (gvmd)\n      Tasks: 1 (limit: 4611)\n     Memory: 5.3M\n        CPU: 84ms\n     CGroup: \/system.slice\/gvmd.service\n             \u2514\u250097904 \"gvmd: Initializing\"\n\nJun 26 15:32:26 kali systemd[1]: Starting Greenbone Vulnerability Manager daemon (gvmd)...\nJun 26 15:32:27 kali systemd[1]: Started Greenbone Vulnerability Manager daemon (gvmd).\n<\/code><\/pre>\n\n\n\n<p>Check the logs;<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>tail -f \/var\/log\/gvm\/gvmd.log<\/code><\/pre>\n\n\n\n<h4 class=\"wp-block-heading\" id=\"creating-systemd-service-units-for-gsa-services\">Creating Systemd Service units for GSA services<\/h4>\n\n\n\n<p>When run, the installer creates GSA daemon service unit,&nbsp;<strong><code>\/lib\/systemd\/system\/gsad.service<\/code><\/strong>.<\/p>\n\n\n\n<p>Let us modify this service unit file;<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>cp \/lib\/systemd\/system\/gsad.service{,.bak}<\/code><\/pre>\n\n\n\n<pre class=\"scroll-box\"><code>\ncat > \/lib\/systemd\/system\/gsad.service << 'EOL'\n[Unit]\nDescription=Greenbone Security Assistant daemon (gsad)\nDocumentation=man:gsad(8) https:\/\/www.greenbone.net\nAfter=network.target gvmd.service\nWants=gvmd.service\n[Service]\nType=simple\nUser=gvm\nGroup=gvm\nRuntimeDirectory=gsad\nPIDFile=\/run\/gsad\/gsad.pid\nEnvironment=PATH=\/usr\/local\/sbin:\/usr\/local\/bin:\/usr\/sbin:\/usr\/bin:\/sbin:\/bin:\/usr\/games:\/usr\/local\/games:\/opt\/gvm\/.local\/bin\nExecStart=\/usr\/bin\/sudo \/usr\/local\/sbin\/gsad -k \/var\/lib\/gvm\/private\/CA\/clientkey.pem -c \/var\/lib\/gvm\/CA\/clientcert.pem\nRemainAfterExit=yes\n[Install]\nWantedBy=multi-user.target\nEOL\n<\/code><\/pre>\n\n\n\n<p>The option,&nbsp;<code><strong>-k \/var\/lib\/gvm\/private\/CA\/clientkey.pem -c \/var\/lib\/gvm\/CA\/clientcert.pem<\/strong><\/code>, is as per the certificates path generated by running the&nbsp;<strong><code>gvm-manage-certs<\/code><\/strong>&nbsp;command above.<\/p>\n\n\n\n<p>Enable GVM user to run gsad with sudo rights;<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>echo \"gvm ALL = NOPASSWD: $(which gsad)\" &gt;&gt; \/etc\/sudoers.d\/gvm<\/code><\/pre>\n\n\n\n<p>Reload system unit configs and start the services;<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>systemctl daemon-reload\nsystemctl enable --now gsad<\/code><\/pre>\n\n\n\n<p>Checking the status;<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>systemctl status gsad<\/code><\/pre>\n\n\n\n<pre class=\"scroll-box\"><code>\n\u25cf gsad.service - Greenbone Security Assistant daemon (gsad)\n     Loaded: loaded (\/lib\/systemd\/system\/gsad.service; enabled; vendor preset: disabled)\n     Active: active (running) since Sun 2022-06-26 15:38:53 EDT; 16s ago\n       Docs: man:gsad(8)\n             https:\/\/www.greenbone.net\n   Main PID: 99854 (gsad)\n      Tasks: 4 (limit: 4611)\n     Memory: 3.0M\n        CPU: 52ms\n     CGroup: \/system.slice\/gsad.service\n             \u251c\u250099853 \/usr\/local\/sbin\/gsad -k \/var\/lib\/gvm\/private\/CA\/clientkey.pem -c \/var\/lib\/gvm\/CA\/clientcert.pem\n             \u2514\u250099854 \/usr\/local\/sbin\/gsad -k \/var\/lib\/gvm\/private\/CA\/clientkey.pem -c \/var\/lib\/gvm\/CA\/clientcert.pem\n\nJun 26 15:38:53 kali systemd[1]: Started Greenbone Security Assistant daemon (gsad).\nJun 26 15:38:53 kali sudo[99850]:      gvm : PWD=\/ ; USER=root ; COMMAND=\/usr\/local\/sbin\/gsad -k \/var\/lib\/gvm\/private\/CA\/clientkey.pem -c \/var\/lib\/gvm\/CA\/clientcert.pem\nJun 26 15:38:53 kali sudo[99850]: pam_unix(sudo:session): session opened for user root(uid=0) by (uid=998)\nJun 26 15:38:54 kali sudo[99852]: Oops, secure memory pool already initialized\nJun 26 15:38:54 kali sudo[99850]: pam_unix(sudo:session): session closed for user root\n<\/code><\/pre>\n\n\n\n<p>Check the logs;<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>tail -f \/var\/log\/gvm\/gsad.log<\/code><\/pre>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"create-gvm-scanner\">Create GVM Scanner<\/h3>\n\n\n\n<p>Since we launched the scanner and set it to use our non-standard scanner host path (<strong>\/var\/run\/gvm\/ospd-openvas.sock<\/strong>), we need to create and register our scanner;<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>sudo -Hiu gvm gvmd --create-scanner=\"Kifarunix-demo OpenVAS Scanner\" \\\n--scanner-type=\"OpenVAS\" --scanner-host=\/run\/gvm\/ospd-openvas.sock<\/code><\/pre>\n\n\n\n<p>command output;<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>Scanner created.<\/code><\/pre>\n\n\n\n<p>Next, you need to verify your scanner. For this, you first need to get the scanner identifier;<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>sudo -Hiu gvm gvmd --get-scanners<\/code><\/pre>\n\n\n\n<pre class=\"wp-block-code\"><code>08b69003-5fc2-4037-a479-93b440211c73  OpenVAS  \/run\/ospd\/ospd-openvas.sock  0  OpenVAS Default\n6acd0832-df90-11e4-b9d5-28d24461215b  CVE    0  CVE\n<strong>0d0584a1-9b12-49fb-8a46-2ece4291387c<\/strong>  OpenVAS  \/run\/gvm\/ospd-openvas.sock  9390  Kifarunix-demo OpenVAS Scanner<\/code><\/pre>\n\n\n\n<p>Based on the output above, our scanner UUID is,&nbsp;<strong><code><strong>0d0584a1-9b12-49fb-8a46-2ece4291387c<\/strong><\/code><\/strong>.<\/p>\n\n\n\n<p>Verify the scanner;<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>sudo -Hiu gvm gvmd --verify-scanner=<strong>0d0584a1-9b12-49fb-8a46-2ece4291387c<\/strong><\/code><\/pre>\n\n\n\n<p>Command output;<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>Scanner version: OpenVAS 21.4.5~dev1~git-be09f30d-stable.<\/code><\/pre>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"create-gvm11-admin-user\">Create GVM Admin User<\/h3>\n\n\n\n<p>Create GVM administrative user by running the command below;<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>sudo -Hiu gvm gvmd --create-user admin<\/code><\/pre>\n\n\n\n<p>This command generates a random password for the user. See sample output below;<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>User created with password 'e1a0bf5d-71b7-4e74-8e44-1acd1f9b6ddf'.<\/code><\/pre>\n\n\n\n<p>If you want to create a user and at the same time create your own password;<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>sudo -Hiu gvm gvmd --create-user <strong>USERNAME<\/strong> --password=<strong>PASSWORD<\/strong><\/code><\/pre>\n\n\n\n<p>Otherwise, you can reset the password of an already existing user;<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>sudo -Hiu gvm gvmd --user=&lt;USERNAME&gt; --new-password=&lt;PASSWORD&gt;<\/code><\/pre>\n\n\n\n<p>An administrator user can later create further users or administrators via clients like the Greenbone Security Assistant (GSA).<\/p>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"set-the-feed-import-owner\">Set the Feed Import Owner<\/h3>\n\n\n\n<p>According to&nbsp;<code><strong>gvmd\/INSTALL.md<\/strong><\/code>, certain resources that were previously part of the gvmd source code are now shipped via the feed. An example is the config \u201cFull and Fast\u201d.<\/p>\n\n\n\n<p>gvmd will only create these resources if a \u201cFeed Import Owner\u201d is configured:<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>sudo -Hiu gvm gvmd --modify-setting 78eceaec-3385-11ea-b237-28d24461215b --value &lt;uuid_of_user&gt;<\/code><\/pre>\n\n\n\n<p>The UUIDs of all created users can be found using<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>sudo -Hiu gvm gvmd --get-users --verbose<\/code><\/pre>\n\n\n\n<p>Sample output;<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>admin bd93f503-264e-4212-89d0-468942eba39c<\/code><\/pre>\n\n\n\n<p>Then modify the gvmd settings with the user UUID.<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>sudo -Hiu gvm gvmd --modify-setting 78eceaec-3385-11ea-b237-28d24461215b --value bd93f503-264e-4212-89d0-468942eba39c<\/code><\/pre>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"accessing-gvm-21-04-web-interface\">Accessing GVM 21.04 Web Interface<\/h3>\n\n\n\n<p>Greenbone Security Assistant (GSA) WebUI daemon opens port 443 and listens on all interfaces.<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>ss -altnp | grep 443<\/code><\/pre>\n\n\n\n<pre class=\"wp-block-code\"><code>LISTEN 0      1024               *:443             *:*    users:((\"gsad\",pid=99853,fd=10))<\/code><\/pre>\n\n\n\n<p>If firewall is running, open this port to allow external access.<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>ufw allow 443\/tcp<\/code><\/pre>\n\n\n\n<p>You can now access GSA via the url&nbsp;<code><strong>https:&lt;serverIP-OR-hostname&gt;<\/strong><\/code>.<\/p>\n\n\n\n<p>Accept the self-signed SSL warning and proceed.<\/p>\n\n\n\n<div><a href=\"https:\/\/kifarunix.com\/wp-content\/uploads\/2022\/06\/gvm-21.4.4-login-page.png\" class=\"td-modal-image\"><figure class=\"wp-block-image size-full\"><img loading=\"lazy\" decoding=\"async\" width=\"1424\" height=\"929\" src=\"https:\/\/kifarunix.com\/wp-content\/uploads\/2022\/06\/gvm-21.4.4-login-page.png\" alt=\"Install GVM 21.4\u00a0on Kali Linux\" class=\"wp-image-13311\" title=\"\" srcset=\"https:\/\/kifarunix.com\/wp-content\/uploads\/2022\/06\/gvm-21.4.4-login-page.png?v=1656307288 1424w, https:\/\/kifarunix.com\/wp-content\/uploads\/2022\/06\/gvm-21.4.4-login-page-768x501.png?v=1656307288 768w\" sizes=\"(max-width: 1424px) 100vw, 1424px\" \/><\/figure><\/a><\/div>\n\n\n\n<p>Login with the administrative credentials generated above.<\/p>\n\n\n\n<div><a href=\"https:\/\/kifarunix.com\/wp-content\/uploads\/2022\/06\/kali-2022.2-openvas-gvm-21.4.png\" class=\"td-modal-image\"><figure class=\"wp-block-image size-full\"><img loading=\"lazy\" decoding=\"async\" width=\"1892\" height=\"947\" src=\"https:\/\/kifarunix.com\/wp-content\/uploads\/2022\/06\/kali-2022.2-openvas-gvm-21.4.png\" alt=\"Install GVM 21.4\u00a0on Kali Linux\" class=\"wp-image-13312\" title=\"\" srcset=\"https:\/\/kifarunix.com\/wp-content\/uploads\/2022\/06\/kali-2022.2-openvas-gvm-21.4.png?v=1656307353 1892w, https:\/\/kifarunix.com\/wp-content\/uploads\/2022\/06\/kali-2022.2-openvas-gvm-21.4-768x384.png?v=1656307353 768w, https:\/\/kifarunix.com\/wp-content\/uploads\/2022\/06\/kali-2022.2-openvas-gvm-21.4-1536x769.png?v=1656307353 1536w\" sizes=\"(max-width: 1892px) 100vw, 1892px\" \/><\/figure><\/a><\/div>\n\n\n\n<p>SecInfo.<\/p>\n\n\n\n<div><a href=\"https:\/\/kifarunix.com\/wp-content\/uploads\/2022\/06\/kali-2022.2-openvas-gvm-21.4-secinfo-nvts.png\" class=\"td-modal-image\"><figure class=\"wp-block-image size-full\"><img loading=\"lazy\" decoding=\"async\" width=\"1901\" height=\"952\" src=\"https:\/\/kifarunix.com\/wp-content\/uploads\/2022\/06\/kali-2022.2-openvas-gvm-21.4-secinfo-nvts.png\" alt=\"Install GVM 21.4\u00a0on Kali Linux\" class=\"wp-image-13313\" title=\"\" srcset=\"https:\/\/kifarunix.com\/wp-content\/uploads\/2022\/06\/kali-2022.2-openvas-gvm-21.4-secinfo-nvts.png?v=1656307374 1901w, https:\/\/kifarunix.com\/wp-content\/uploads\/2022\/06\/kali-2022.2-openvas-gvm-21.4-secinfo-nvts-768x385.png?v=1656307374 768w, https:\/\/kifarunix.com\/wp-content\/uploads\/2022\/06\/kali-2022.2-openvas-gvm-21.4-secinfo-nvts-1536x769.png?v=1656307374 1536w\" sizes=\"(max-width: 1901px) 100vw, 1901px\" \/><\/figure><\/a><\/div>\n\n\n\n<p>Note that it may take sometime to update the database with SCAP data and you may see <strong>No SCAP database found<\/strong> on the dashboard. Be sure to check the logs to confirm that actually the database is being updated;<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>tail -f \/var\/log\/gvm\/gvmd.log<\/code><\/pre>\n\n\n\n<pre class=\"scroll-box\"><code>\nmd manage:MESSAGE:2022-06-26 19h42.57 utc:101056: No SCAP database found\nmd   main:MESSAGE:2022-06-26 19h43.44 utc:101274:    Greenbone Vulnerability Manager version 21.4.6~dev1~git-500ef0c5-stable (GIT revision 500ef0c5-stable) (DB revision 242)\nmd manage:   INFO:2022-06-26 19h43.44 utc:101274:    Getting users.\nmd manage:MESSAGE:2022-06-26 19h43.44 utc:101274: No SCAP database found\nmd   main:MESSAGE:2022-06-26 19h44.36 utc:101508:    Greenbone Vulnerability Manager version 21.4.6~dev1~git-500ef0c5-stable (GIT revision 500ef0c5-stable) (DB revision 242)\nmd manage:   INFO:2022-06-26 19h44.36 utc:101508:    Modifying setting.\nmd manage:MESSAGE:2022-06-26 19h44.36 utc:101508: No SCAP database found\nmd manage:   INFO:2022-06-26 19h46.37 UTC:98768: Updating \/var\/lib\/gvm\/scap-data\/nvdcve-2.0-2002.xml\nmd manage:   INFO:2022-06-26 19h47.48 UTC:98768: Updating \/var\/lib\/gvm\/scap-data\/nvdcve-2.0-2012.xml\nmd manage:   INFO:2022-06-26 19h49.16 UTC:98768: Updating \/var\/lib\/gvm\/scap-data\/nvdcve-2.0-2009.xml\nmd manage:   INFO:2022-06-26 19h50.35 UTC:98768: Updating \/var\/lib\/gvm\/scap-data\/nvdcve-2.0-2017.xml\nmd manage:   INFO:2022-06-26 19h53.45 UTC:98768: Updating \/var\/lib\/gvm\/scap-data\/nvdcve-2.0-2005.xml\nmd manage:   INFO:2022-06-26 19h54.48 UTC:98768: Updating \/var\/lib\/gvm\/scap-data\/nvdcve-2.0-2011.xml\nmd manage:   INFO:2022-06-26 19h55.34 UTC:98768: Updating \/var\/lib\/gvm\/scap-data\/nvdcve-2.0-2006.xml\nmd manage:   INFO:2022-06-26 19h56.13 UTC:98768: Updating \/var\/lib\/gvm\/scap-data\/nvdcve-2.0-2022.xml\nmd manage:   INFO:2022-06-26 19h57.37 UTC:98768: Updating \/var\/lib\/gvm\/scap-data\/nvdcve-2.0-2014.xml\nmd manage:   INFO:2022-06-26 19h58.39 UTC:98768: Updating \/var\/lib\/gvm\/scap-data\/nvdcve-2.0-2013.xml\nmd manage:   INFO:2022-06-26 19h59.31 UTC:98768: Updating \/var\/lib\/gvm\/scap-data\/nvdcve-2.0-2021.xml\nmd manage:   INFO:2022-06-26 20h04.11 UTC:98768: Updating \/var\/lib\/gvm\/scap-data\/nvdcve-2.0-2020.xml\nmd manage:   INFO:2022-06-26 20h06.45 UTC:98768: Updating \/var\/lib\/gvm\/scap-data\/nvdcve-2.0-2008.xml\nmd manage:   INFO:2022-06-26 20h08.45 UTC:98768: Updating \/var\/lib\/gvm\/scap-data\/nvdcve-2.0-2007.xml\nmd manage:   INFO:2022-06-26 20h09.40 UTC:98768: Updating \/var\/lib\/gvm\/scap-data\/nvdcve-2.0-2018.xml\nmd manage:   INFO:2022-06-26 20h11.42 UTC:98768: Updating \/var\/lib\/gvm\/scap-data\/nvdcve-2.0-2003.xml\nmd manage:   INFO:2022-06-26 20h11.53 UTC:98768: Updating \/var\/lib\/gvm\/scap-data\/nvdcve-2.0-2004.xml\nmd manage:   INFO:2022-06-26 20h12.10 UTC:98768: Updating \/var\/lib\/gvm\/scap-data\/nvdcve-2.0-2016.xml\nmd manage:   INFO:2022-06-26 20h12.56 UTC:98768: Updating \/var\/lib\/gvm\/scap-data\/nvdcve-2.0-2010.xml\nmd manage:   INFO:2022-06-26 20h13.34 UTC:98768: Updating OVAL data\nmd manage:   INFO:2022-06-26 20h13.45 UTC:98768: Updating \/var\/lib\/gvm\/scap-data\/oval\/5.10\/org.mitre.oval\/c\/oval.xml\nmd manage:   INFO:2022-06-26 20h13.45 UTC:98768: Updating \/var\/lib\/gvm\/scap-data\/oval\/5.10\/org.mitre.oval\/i\/oval.xml\nmd manage:   INFO:2022-06-26 20h13.46 UTC:98768: Updating \/var\/lib\/gvm\/scap-data\/oval\/5.10\/org.mitre.oval\/m\/oval.xml\nmd manage:   INFO:2022-06-26 20h13.47 UTC:98768: Updating \/var\/lib\/gvm\/scap-data\/oval\/5.10\/org.mitre.oval\/p\/oval.xml\nmd manage:   INFO:2022-06-26 20h14.42 UTC:98768: Updating \/var\/lib\/gvm\/scap-data\/oval\/5.10\/org.mitre.oval\/v\/family\/ios.xml\nmd manage:   INFO:2022-06-26 20h14.44 UTC:98768: Updating \/var\/lib\/gvm\/scap-data\/oval\/5.10\/org.mitre.oval\/v\/family\/macos.xml\nmd manage:   INFO:2022-06-26 20h14.45 UTC:98768: Updating \/var\/lib\/gvm\/scap-data\/oval\/5.10\/org.mitre.oval\/v\/family\/pixos.xml\nmd manage:   INFO:2022-06-26 20h14.45 UTC:98768: Updating \/var\/lib\/gvm\/scap-data\/oval\/5.10\/org.mitre.oval\/v\/family\/unix.xml\nmd manage:   INFO:2022-06-26 20h14.50 UTC:98768: Updating \/var\/lib\/gvm\/scap-data\/oval\/5.10\/org.mitre.oval\/v\/family\/windows.xml\nmd manage:   INFO:2022-06-26 20h14.55 UTC:98768: Updating user OVAL definitions.\nmd manage:   INFO:2022-06-26 20h14.55 UTC:98768: Updating CVSS scores and CVE counts for CPEs\nmd manage:   INFO:2022-06-26 20h47.02 UTC:98768: Updating CVSS scores for OVAL definitions\nmd manage:   INFO:2022-06-26 20h47.26 UTC:98768: Updating placeholder CPEs\nmd manage:   INFO:2022-06-26 21h07.52 UTC:98768: Updating Max CVSS for DFN-CERT\nmd manage:   INFO:2022-06-26 21h10.31 UTC:98768: Updating DFN-CERT CVSS max succeeded.\nmd manage:   INFO:2022-06-26 21h10.31 UTC:98768: Updating Max CVSS for CERT-Bund\nmd manage:   INFO:2022-06-26 21h10.40 UTC:98768: Updating CERT-Bund CVSS max succeeded.\nmd manage:   INFO:2022-06-26 21h11.28 UTC:98768: update_scap_end: Updating SCAP info succeeded\nmd manage:   INFO:2022-06-26 21h11.47 UTC:124270: OSP service has different VT status (version 202206240940) from database (version (null), 0 VTs). Starting update ...\nmd manage:   INFO:2022-06-26 21h21.35 UTC:124270: Updating VTs in database ... 99743 new VTs, 0 changed VTs\nmd manage:   INFO:2022-06-26 21h22.48 UTC:124270: Updating VTs in database ... done (99743 VTs).\n...\n<\/code><\/pre>\n\n\n\n<p>And there you go. That is all it take to install and Setup GVM 21.4.4 on Kali Linux 2022.2. You can now start running your scans.<\/p>\n\n\n\n<p><strong>NOTE<\/strong>: When creating a scan task, be sure to select the Scanner we created above.<\/p>\n\n\n\n<div><a href=\"https:\/\/kifarunix.com\/wp-content\/uploads\/2020\/08\/scanner.png\" class=\"td-modal-image\"><figure class=\"wp-block-image size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"1215\" height=\"671\" src=\"https:\/\/kifarunix.com\/wp-content\/uploads\/2020\/08\/scanner.png\" alt=\"Install and Setup GVM 21.04 on Ubuntu 22.04\/Ubuntu 20.04\" class=\"wp-image-6845\" title=\"\" srcset=\"https:\/\/kifarunix.com\/wp-content\/uploads\/2020\/08\/scanner.png?v=1598636617 1215w, https:\/\/kifarunix.com\/wp-content\/uploads\/2020\/08\/scanner-768x424.png?v=1598636617 768w\" sizes=\"(max-width: 1215px) 100vw, 1215px\" \/><\/figure><\/a><\/div>\n\n\n\n<p>You can now create your target hosts to scan and schedule the scans to run at your own preferred time.<\/p>\n\n\n\n<p>That marks the end of our tutorial on how to install GVM on Kali Linux.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">Other Tutorials<\/h3>\n\n\n\n<p><a href=\"https:\/\/kifarunix.com\/install-gvm-21-04-on-debian-11-debian-10\/\" target=\"_blank\" rel=\"noreferrer noopener\">Install GVM 21.04 on Debian 11\/Debian 10<\/a><\/p>\n\n\n\n<p><a href=\"https:\/\/kifarunix.com\/install-and-setup-nessus-scanner-on-ubuntu-20-04\/\" target=\"_blank\" rel=\"noreferrer noopener\">Install and Setup Nessus Scanner on Ubuntu 20.04<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>In this guide, you will learn how to install GVM 21.4&nbsp;on Kali Linux.&nbsp;Greenbone&nbsp;Vulnerability&nbsp;Management (GVM), previously known as OpenVAS, is a network security scanner which provides<\/p>\n","protected":false},"author":3,"featured_media":13311,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"rank_math_lock_modified_date":false,"footnotes":""},"categories":[34,121,150],"tags":[5454,5453,5451,5450,5452,5455,5457],"class_list":["post-13239","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-security","category-howtos","category-vulnerability-scanners","tag-greenbone-vulnerability-scanner-kali-linux","tag-gvm-kali-linux","tag-install-openvas-gvm-on-kali-linux","tag-install-openvas-on-kali-linux","tag-kali-linux-gvm","tag-kali-linux-no-scap-database-found","tag-no-scap-database-found","generate-columns","tablet-grid-50","mobile-grid-100","grid-parent","grid-50","resize-featured-image"],"_links":{"self":[{"href":"https:\/\/kifarunix.com\/wp-json\/wp\/v2\/posts\/13239"}],"collection":[{"href":"https:\/\/kifarunix.com\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/kifarunix.com\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/kifarunix.com\/wp-json\/wp\/v2\/users\/3"}],"replies":[{"embeddable":true,"href":"https:\/\/kifarunix.com\/wp-json\/wp\/v2\/comments?post=13239"}],"version-history":[{"count":44,"href":"https:\/\/kifarunix.com\/wp-json\/wp\/v2\/posts\/13239\/revisions"}],"predecessor-version":[{"id":20556,"href":"https:\/\/kifarunix.com\/wp-json\/wp\/v2\/posts\/13239\/revisions\/20556"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/kifarunix.com\/wp-json\/wp\/v2\/media\/13311"}],"wp:attachment":[{"href":"https:\/\/kifarunix.com\/wp-json\/wp\/v2\/media?parent=13239"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/kifarunix.com\/wp-json\/wp\/v2\/categories?post=13239"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/kifarunix.com\/wp-json\/wp\/v2\/tags?post=13239"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}