{"id":22484,"date":"2024-05-10T23:42:43","date_gmt":"2024-05-10T20:42:43","guid":{"rendered":"https:\/\/kifarunix.com\/?p=22484"},"modified":"2024-05-11T11:46:32","modified_gmt":"2024-05-11T08:46:32","slug":"install-gvm-vulnerability-scanner-on-ubuntu-24-04","status":"publish","type":"post","link":"https:\/\/kifarunix.com\/install-gvm-vulnerability-scanner-on-ubuntu-24-04\/","title":{"rendered":"Install GVM Vulnerability Scanner on Ubuntu 24.04"},"content":{"rendered":"\n<p>In this guide, you will learn how to install GVM Vulnerability Scanner on Ubuntu 24.04.&nbsp;<a href=\"https:\/\/community.greenbone.net\/\" target=\"_blank\" rel=\"noreferrer noopener\"><strong>G<\/strong>reenbone&nbsp;<strong>V<\/strong>ulnerability&nbsp;<strong>M<\/strong>anagement (GVM)<\/a>, previously known as OpenVAS, is a network security scanner which provides a set of network vulnerability tests (NVTs) to detect security loopholes in systems and applications.<\/p>\n\n\n\n<div class=\"wp-block-rank-math-toc-block\" id=\"rank-math-toc\"><h2>Table of Contents<\/h2><nav><ul><li><a href=\"#installing-gvm-on-ubuntu-24-04\">Installing GVM on Ubuntu 24.04<\/a><ul><li><a href=\"#system-hardware-requirements\">System Hardware Requirements<\/a><\/li><li><a href=\"#run-system-update\">Run System Update<\/a><\/li><li><a href=\"#install-required-build-tools\">Install Required Build Tools<\/a><ul><li><a href=\"#install-node-js-on-ubuntu-24-04\">Install NodeJS on Ubuntu 24.04<\/a><\/li><li><a href=\"#install-postgre-sql-on-ubuntu-24-04\">Install PostgreSQL on Ubuntu 24.04<\/a><\/li><\/ul><\/li><li><a href=\"#create-postgre-sql-user-and-database\">Create PostgreSQL User and Database<\/a><\/li><li><a href=\"#create-gvm-user-on-ubuntu\">Create GVM User on Ubuntu<\/a><\/li><li><a href=\"#building-gvm-from-source-code\">Building GVM from Source Code<\/a><ul><li><a href=\"#build-and-install-gvm-libraries\">Build and Install GVM Libraries<\/a><\/li><li><a href=\"#build-and-install-greenbone-vulnerability-manager\">Build and Install Greenbone Vulnerability Manager<\/a><\/li><li><a href=\"#build-and-install-gvm-postgre-sql-extension\">Build and Install GVM PostgreSQL Extension<\/a><\/li><li><a href=\"#build-and-install-greenbone-security-assistant\">Build and Install Greenbone Security Assistant<\/a><\/li><li><a href=\"#build-and-install-greenbone-security-assistant-http-server\">Build and Install Greenbone Security Assistant HTTP server<\/a><\/li><li><a href=\"#build-and-install-open-vas-scanner-and-open-vas-smb\">Build and Install OpenVAS scanner and OpenVAS SMB<\/a><\/li><li><a href=\"#build-and-install-ospd-open-vas\">Build and Install OSPD-OpenVAS<\/a><\/li><li><a href=\"#build-and-install-notus-scanner\">Build and Install Notus Scanner<\/a><\/li><li><a href=\"#install-gvm-nv-ts-feed-synchronization-tool\">Install GVM NVTs Feed Synchronization tool<\/a><\/li><li><a href=\"#install-gvm-tools\">Install GVM Tools<\/a><\/li><\/ul><\/li><li><a href=\"#configuring-open-vas-scanner-redis-data-store\">Configuring OpenVAS Scanner Redis Data Store<\/a><\/li><li><a href=\"#optimize-redis-performance\">Optimize Redis Performance<\/a><\/li><li><a href=\"#configure-mosquitto-mqtt-broker-for-gvm\">Configure Mosquitto MQTT Broker for GVM<\/a><\/li><li><a href=\"#update-gvm-directories-ownership-and-permissions\">Update GVM Directories Ownership and Permissions<\/a><\/li><li><a href=\"#update-network-vulnerability-tests-nv-ts\">Update Network Vulnerability Tests (NVTs)<\/a><\/li><li><a href=\"#keeping-the-feeds-up-to-date\">Keeping the feeds up-to-date<\/a><ul><li><a href=\"#configure-gvm-feed-validation\">Configure GVM Feed Validation<\/a><\/li><\/ul><\/li><li><a href=\"#running-open-vas-scanner-gsa-and-gvm-services\">Running OpenVAS Scanner, GSA and GVM services<\/a><ul><li><a href=\"#create-systemd-service-unit-for-open-vas-ospd\">Create Systemd Service unit for OpenVAS OSPD<\/a><\/li><li><a href=\"#create-notus-scanner-systemd-service-unit\">Create Notus Scanner Systemd Service Unit<\/a><\/li><li><a href=\"#creating-systemd-service-units-for-gvm-services\">Creating Systemd Service units for GVM services<\/a><\/li><li><a href=\"#creating-systemd-service-units-for-gsa-services\">Creating Systemd Service units for GSA services<\/a><\/li><li><a href=\"#generate-gvm-certificates\">Generate GVM Certificates<\/a><\/li><\/ul><\/li><li><a href=\"#create-gvm-scanner\">Create GVM Scanner<\/a><\/li><li><a href=\"#create-gvm-admin-user\">Create GVM Admin User<\/a><\/li><li><a href=\"#set-the-feed-import-owner\">Set the Feed Import Owner<\/a><\/li><li><a href=\"#accessing-gvm-web-interface\">Accessing GVM Web Interface<\/a><\/li><\/ul><\/li><\/ul><\/nav><\/div>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"installing-gvm-on-ubuntu-24-04\">Installing GVM on Ubuntu 24.04<\/h2>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"system-hardware-requirements\">System Hardware Requirements<\/h3>\n\n\n\n<p>Below are the system requirements I would personally recommend.<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>At least 8 GB RAM<\/li>\n\n\n\n<li>At least 4 vCPUs<\/li>\n\n\n\n<li>More than 8 GB disk space (We have 40+ GB in this demo)<\/li>\n<\/ul>\n\n\n\n<p>These requirements will vary depending on your use cases, however. Just be sure to provide \u201cenough\u201d.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"run-system-update\">Run System Update<\/h3>\n\n\n\n<p>To begin with, update and upgrade your system packages;<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>sudo apt update<\/code><\/pre>\n\n\n\n<pre class=\"wp-block-code\"><code>sudo apt upgrade<\/code><\/pre>\n\n\n\n<p>Run system reboot is necessary;<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>&#91; -f \/run\/reboot-required ] &amp;&amp; sudo systemctl reboot -i<\/code><\/pre>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"install-required-build-tools\">Install Required Build Tools<\/h3>\n\n\n\n<p>In order to successfully build GVM Vulnerability Scanner on Ubuntu 24.04, you need to install a number of required dependencies and build tools.<\/p>\n\n\n\n<pre class=\"scroll-box\"><code>sudo apt install gcc \\\n\tg++ \\\n\tmake \\\n\tbison \\\n\tflex \\\n\tlibksba-dev \\\n\tcurl \\\n\tredis \\\n\tlibpcap-dev \\\n\tcmake \\\n\tgit \\\n\tpkg-config \\\n\tlibglib2.0-dev \\\n\tlibgpgme-dev \\\n\tnmap \\\n\tlibgnutls28-dev \\\n\tuuid-dev \\\n\tlibssh-gcrypt-dev \\\n\tlibldap2-dev \\\n\tgnutls-bin \\\n\tlibmicrohttpd-dev \\\n\tlibhiredis-dev \\\n\tzlib1g-dev \\\n\tlibxml2-dev \\\n\tlibnet-dev \\\n\tlibradcli-dev \\\n\tclang-format \\\n\tlibldap2-dev \\\n\tdoxygen \\\n\tgcc-mingw-w64 \\\n\txml-twig-tools \\\n\tlibical-dev \\\n\tperl-base \\\n\theimdal-dev \\\n\tlibpopt-dev \\\n\tlibunistring-dev \\\n\tgraphviz \\\n\tlibsnmp-dev \\\n\tpython3-setuptools \\\n\tpython3-paramiko \\\n\tpython3-lxml \\\n\tpython3-defusedxml \\\n\tpython3-dev \\\n\tgettext \\\n\tpython3-polib \\\n\txmltoman \\\n\tpython3-pip \\\n\ttexlive-fonts-recommended \\\n\ttexlive-latex-extra \\\n\txsltproc \\\n\trsync \\\n        libpaho-mqtt-dev \\\n        libbsd-dev \\\n        libjson-glib-dev \\\n\tpython3-packaging \\\n\tpython3-wrapt \\\n\tpython3-cffi \\\n\tpython3-psutil \\\n\tpython3-redis \\\n\tpython3-gnupg \\\n\tpython3-paho-mqtt \\\n        mosquitto \\\n        libgcrypt20-dev \\\n        redis-server \\\n        libcurl4-gnutls-dev \\\n\t--no-install-recommends -y\n<\/code><\/pre>\n\n\n\n<h4 class=\"wp-block-heading\" id=\"install-node-js-on-ubuntu-24-04\">Install NodeJS on Ubuntu 24.04<\/h4>\n\n\n\n<p>Next, install NodeJS required to build Greeborne Security Assistant. NodeJS &gt;= 18 is required.<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>curl -fsSL https:\/\/deb.nodesource.com\/gpgkey\/nodesource-repo.gpg.key | \\\nsudo gpg --dearmor -o \/etc\/apt\/trusted.gpg.d\/node.gpg<\/code><\/pre>\n\n\n\n<pre class=\"wp-block-code\"><code>echo \"deb  https:\/\/deb.nodesource.com\/node_18.x nodistro main\" | sudo tee \/etc\/apt\/sources.list.d\/node.list<\/code><\/pre>\n\n\n\n<pre class=\"wp-block-code\"><code>sudo apt update<\/code><\/pre>\n\n\n\n<pre class=\"wp-block-code\"><code>sudo apt install nodejs -y<\/code><\/pre>\n\n\n\n<h4 class=\"wp-block-heading\" id=\"install-postgre-sql-on-ubuntu-24-04\">Install PostgreSQL on Ubuntu 24.04<\/h4>\n\n\n\n<p>GVM uses PostgreSQL as the backend database. We use version 17 in this setup, which is the default version available on Ubuntu 24.04 Bookworm repos as of this writing.<\/p>\n\n\n\n<p>Run the command below to install PostgreSQL;<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>sudo apt install postgresql postgresql-contrib postgresql-server-dev-all -y<\/code><\/pre>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"create-postgre-sql-user-and-database\">Create PostgreSQL User and Database<\/h3>\n\n\n\n<p>Once the installation is done, create the PostgreSQL user and database for Greenbone Vulnerability Management Daemon (gvmd).<\/p>\n\n\n\n<p>Note that the database and user should be created as PostgreSQL user,&nbsp;<strong>postgres<\/strong>.<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>sudo -Hiu postgres createuser gvm<\/code><\/pre>\n\n\n\n<pre class=\"wp-block-code\"><code>sudo -Hiu postgres createdb -O gvm gvmd<\/code><\/pre>\n\n\n\n<p>Grant PostgreSQL User DBA Roles<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>sudo -Hiu postgres psql gvmd -c \"create role dba with superuser noinherit;\"<\/code><\/pre>\n\n\n\n<pre class=\"wp-block-code\"><code>sudo -Hiu postgres psql gvmd -c \"grant dba to gvm;\"<\/code><\/pre>\n\n\n\n<p>Once that is done, restart PostgreSQL;<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>sudo systemctl restart postgresql<\/code><\/pre>\n\n\n\n<pre class=\"wp-block-code\"><code>sudo systemctl enable postgresql<\/code><\/pre>\n\n\n\n<p>You can check status;<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>systemctl status postgresql<\/code><\/pre>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"create-gvm-user-on-ubuntu\">Create GVM User on Ubuntu<\/h3>\n\n\n\n<p>In this demo, we will run GVM as a non privileged system user. Thus, create&nbsp;<code><strong>gvm<\/strong><\/code>&nbsp;system user account.<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>sudo useradd -r -d \/opt\/gvm -c \"GVM User\" -s \/bin\/bash gvm<\/code><\/pre>\n\n\n\n<p>Create the GVM user directory as specified by option&nbsp;<code>-d<\/code>&nbsp;in the command above and set the user and group ownership to&nbsp;<code>gvm<\/code>.<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>sudo mkdir \/opt\/gvm &amp;&amp; sudo chown gvm: \/opt\/gvm<\/code><\/pre>\n\n\n\n<p>Allow the user to run the installation with sudo rights;<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>echo \"gvm ALL = NOPASSWD: $(which make) install, $(which python3)\" | sudo tee \/etc\/sudoers.d\/gvm<\/code><\/pre>\n\n\n\n<p>Confirm validity of this command;<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>visudo -c -f \/etc\/sudoers.d\/gvm<\/code><\/pre>\n\n\n\n<p>Output should be&nbsp;<strong>Ok<\/strong>ay.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"building-gvm-from-source-code\">Building GVM from Source Code<\/h3>\n\n\n\n<p>There are different tools required to install and setup GVM Vulnerability Scanner on Ubuntu 24.04. These include;<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>GVM Libraries<\/li>\n\n\n\n<li>OpenVAS Scanner<\/li>\n\n\n\n<li>OSPD OpenVAS<\/li>\n\n\n\n<li>Greenbone Vulnerability Manager<\/li>\n\n\n\n<li>Greenbone Security Assistant<\/li>\n\n\n\n<li>Python-GVM<\/li>\n\n\n\n<li>Notus Scanner<\/li>\n\n\n\n<li>GVM-Tools<\/li>\n\n\n\n<li>OpenVAS SMB<\/li>\n<\/ul>\n\n\n\n<p>Every component has&nbsp;<strong>README.md<\/strong>&nbsp;and a&nbsp;<strong>INSTALL.md<\/strong>&nbsp;file that explains how to build and install it.<\/p>\n\n\n\n<p>Switch to GVM user created above;<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>sudo su - gvm<\/code><\/pre>\n\n\n\n<p>Create a directory where to download the source files to;<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>mkdir gvm-source<\/code><\/pre>\n\n\n\n<p>Note that we will install all GVM files and libraries to the default location,&nbsp;<strong><code>\/usr\/local<\/code><\/strong>.<\/p>\n\n\n\n<h4 class=\"wp-block-heading\" id=\"build-and-install-gvm-libraries\">Build and Install GVM Libraries<\/h4>\n\n\n\n<p>GVM-libs is a set of shared libraries that provide common functionality for the GVM Vulnerability Scanner suite. It includes libraries for network communication, database access, and data parsing. GVM-libs is used by all GVM components, including the vulnerability scanner, the web-based management interface, and the database.<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>whoami<\/code><\/pre>\n\n\n\n<pre class=\"wp-block-code\"><code>gvm<\/code><\/pre>\n\n\n\n<p>From within the source directory,&nbsp;<code><strong>\/opt\/gvm\/gvm-source<\/strong><\/code>, download, extract the GVM libraries source code and install them as follows.<\/p>\n\n\n\n<p>Replace the version numbers with the stable release versions\/tags.<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>cd ~\/gvm-source<\/code><\/pre>\n\n\n\n<pre class=\"wp-block-code\"><code>GVM_LIBS=22.9.1\nwget https:\/\/github.com\/greenbone\/gvm-libs\/archive\/refs\/tags\/v${GVM_LIBS}.tar.gz \\\n-O gvm-libs-v${GVM_LIBS}.tar.gz<\/code><\/pre>\n\n\n\n<pre class=\"wp-block-code\"><code>tar xzf gvm-libs-v${GVM_LIBS}.tar.gz;cd gvm-libs-${GVM_LIBS}<\/code><\/pre>\n\n\n\n<pre class=\"wp-block-code\"><code>mkdir build &amp;&amp; cd build<\/code><\/pre>\n\n\n\n<pre class=\"wp-block-code\"><code>cmake ..<\/code><\/pre>\n\n\n\n<p>&nbsp;Compile and install GVM libraries<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>make &amp;&amp; sudo make install<\/code><\/pre>\n\n\n\n<h4 class=\"wp-block-heading\" id=\"build-and-install-greenbone-vulnerability-manager\">Build and Install Greenbone Vulnerability Manager<\/h4>\n\n\n\n<p>GVM daemon serves as the central manager for scans, tasks, and the overall vulnerability management process. It communicates with other GVM components, such as the Greenbone Security Assistant (GSA) web interface, the&nbsp;<a href=\"https:\/\/www.openvas.org\/\" target=\"_blank\" rel=\"noreferrer noopener\">OpenVAS<\/a>&nbsp;Scanner, and the various databases used for storing vulnerability data and scan results.<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>cd ~\/gvm-source<\/code><\/pre>\n\n\n\n<pre class=\"wp-block-code\"><code>GVMD=23.6.2\nwget https:\/\/github.com\/greenbone\/gvmd\/archive\/refs\/tags\/v${GVMD}.tar.gz \\\n-O gvmd-v${GVMD}.tar.gz<\/code><\/pre>\n\n\n\n<pre class=\"wp-block-code\"><code>tar xzf gvmd-v${GVMD}.tar.gz;cd gvmd-${GVMD}<\/code><\/pre>\n\n\n\n<pre class=\"wp-block-code\"><code>mkdir build &amp;&amp; cd build\ncmake ..\nmake\nsudo make install<\/code><\/pre>\n\n\n\n<h4 class=\"wp-block-heading\" id=\"build-and-install-gvm-postgre-sql-extension\">Build and Install GVM PostgreSQL Extension<\/h4>\n\n\n\n<p>pg-gvm is a PostgreSQL extension that adds several functions used by gvmd, e.g., iCalendar and host range evaluation. In previous versions of GVM, these functions were managed directly by gvmd while pg-gvm uses the extension management built into PostgreSQL.<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>cd ~\/gvm-source<\/code><\/pre>\n\n\n\n<pre class=\"wp-block-code\"><code>PG_GVM=22.6.5\nwget https:\/\/github.com\/greenbone\/pg-gvm\/archive\/refs\/tags\/v${PG_GVM}.tar.gz \\\n-O pg-gvm-v${PG_GVM}.tar.gz<\/code><\/pre>\n\n\n\n<pre class=\"wp-block-code\"><code>tar xzf pg-gvm-v${PG_GVM}.tar.gz;cd pg-gvm-${PG_GVM}<\/code><\/pre>\n\n\n\n<pre class=\"wp-block-code\"><code>mkdir build &amp;&amp; cd build\ncmake ..\nmake\nsudo make install<\/code><\/pre>\n\n\n\n<h4 class=\"wp-block-heading\" id=\"build-and-install-greenbone-security-assistant\">Build and Install Greenbone Security Assistant<\/h4>\n\n\n\n<p>The Greenbone Security Assistant is the web interface developed for the Greenbone Security Manager<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>cd ~\/gvm-source<\/code><\/pre>\n\n\n\n<pre class=\"wp-block-code\"><code>GSA=23.0.0\nwget https:\/\/github.com\/greenbone\/gsa\/archive\/refs\/tags\/v${GSA}.tar.gz \\\n-O gsa-v${GSA}.tar.gz<\/code><\/pre>\n\n\n\n<pre class=\"wp-block-code\"><code>tar xzf gsa-v${GSA}.tar.gz;cd gsa-${GSA}<\/code><\/pre>\n\n\n\n<pre class=\"wp-block-code\"><code>rm -rf build<\/code><\/pre>\n\n\n\n<pre class=\"wp-block-code\"><code>npm install<\/code><\/pre>\n\n\n\n<pre class=\"wp-block-code\"><code>npm run build<\/code><\/pre>\n\n\n\n<p>All content of the production build can be shipped with every web server. For providing GSA via gsad web server, the files need to be copied into the&nbsp;<code>\/usr\/local\/share\/gvm\/gsad\/web\/<\/code>.<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Also:<\/li>\n\n\n\n<li><strong>build\/img<\/strong>: directory contain images like logos and banners.<\/li>\n\n\n\n<li><strong>build\/static<\/strong>&nbsp;directory will contain generated JavaScript and CSS files.<\/li>\n\n\n\n<li><strong>build\/static\/media<\/strong>&nbsp;directory contains SVG files for all icon.<\/li>\n<\/ul>\n\n\n\n<h4 class=\"wp-block-heading\" id=\"build-and-install-greenbone-security-assistant-http-server\">Build and Install Greenbone Security Assistant HTTP server<\/h4>\n\n\n\n<p>The Greenbone Security Assistant HTTP Server is the server developed for the communication with the Greenbone Security Manager appliances. It connects to the Greenbone Vulnerability Manager Daemon&nbsp;<strong>gvmd<\/strong>&nbsp;to provide a full-featured user interface for vulnerability management.<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>cd ~\/gvm-source<\/code><\/pre>\n\n\n\n<pre class=\"wp-block-code\"><code>GSAD=22.9.1\nwget https:\/\/github.com\/greenbone\/gsad\/archive\/refs\/tags\/v${GSAD}.tar.gz \\\n-O gsad-v${GSAD}.tar.gz<\/code><\/pre>\n\n\n\n<pre class=\"wp-block-code\"><code>tar xzf gsad-v${GSAD}.tar.gz;cd gsad-${GSAD}<\/code><\/pre>\n\n\n\n<pre class=\"wp-block-code\"><code>mkdir build &amp;&amp; cd build\ncmake ..\nmake\nsudo make install<\/code><\/pre>\n\n\n\n<p>Next, copy the web interface configs. Replace&nbsp;<strong>kifarunix<\/strong>&nbsp;user with your privileged system user.<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>&#91;&#91; -d \/usr\/local\/share\/gvm\/gsad\/web ]] || su -c \"sudo mkdir -p \/usr\/local\/share\/gvm\/gsad\/web\" kifarunix<\/code><\/pre>\n\n\n\n<pre class=\"wp-block-code\"><code>su -c \"sudo chown -R gvm: \/usr\/local\/share\/gvm\/gsad\/web\" kifarunix<\/code><\/pre>\n\n\n\n<pre class=\"wp-block-code\"><code>GSA=23.0.0\ncp -rp \/opt\/gvm\/gvm-source\/gsa-${GSA}\/build\/* \/usr\/local\/share\/gvm\/gsad\/web<\/code><\/pre>\n\n\n\n<pre class=\"wp-block-code\"><code>ls -1 \/usr\/local\/share\/gvm\/gsad\/web<\/code><\/pre>\n\n\n\n<pre class=\"scroll-box\"><code>img\nindex.html\nlocales\nrobots.txt\nstatic\n<\/code><\/pre>\n\n\n\n<h4 class=\"wp-block-heading\" id=\"build-and-install-open-vas-scanner-and-open-vas-smb\">Build and Install OpenVAS scanner and OpenVAS SMB<\/h4>\n\n\n\n<p>Open Vulnerability Assessment Scanner (OpenVAS) is a full-featured scan engine that executes a continuously updated and extended feed of Network Vulnerability Tests (NVTs).<\/p>\n\n\n\n<p>OpenVAS SMB provides modules for the OpenVAS Scanner to interface with Microsoft Windows Systems through the Windows Management Instrumentation API and a&nbsp;<code>winexe<\/code>&nbsp;binary to execute processes remotely on that system.<\/p>\n\n\n\n<p>Build and install openvas-smb;<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>cd ~\/gvm-source<\/code><\/pre>\n\n\n\n<pre class=\"wp-block-code\"><code>OPENVAS_SMB=22.5.6\nwget https:\/\/github.com\/greenbone\/openvas-smb\/archive\/refs\/tags\/v${OPENVAS_SMB}.tar.gz -O openvas-smb-v${OPENVAS_SMB}.tar.gz<\/code><\/pre>\n\n\n\n<pre class=\"wp-block-code\"><code>tar xzf openvas-smb-v${OPENVAS_SMB}.tar.gz;cd openvas-smb-${OPENVAS_SMB}<\/code><\/pre>\n\n\n\n<pre class=\"wp-block-code\"><code>mkdir build &amp;&amp; cd build\ncmake ..\nmake\nsudo make install<\/code><\/pre>\n\n\n\n<p>Build and install OpenVAS scanner;<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>cd ~\/gvm-source<\/code><\/pre>\n\n\n\n<pre class=\"wp-block-code\"><code>OPENVAS_SCANNER=23.2.0\nwget https:\/\/github.com\/greenbone\/openvas-scanner\/archive\/refs\/tags\/v${OPENVAS_SCANNER}.tar.gz \\\n-O openvas-scanner-v${OPENVAS_SCANNER}.tar.gz<\/code><\/pre>\n\n\n\n<pre class=\"wp-block-code\"><code>tar xzf openvas-scanner-v${OPENVAS_SCANNER}.tar.gz;cd openvas-scanner-${OPENVAS_SCANNER}<\/code><\/pre>\n\n\n\n<pre class=\"wp-block-code\"><code>mkdir build &amp;&amp; cd build\ncmake ..\nmake\nsudo make install<\/code><\/pre>\n\n\n\n<h4 class=\"wp-block-heading\" id=\"build-and-install-ospd-open-vas\">Build and Install OSPD-OpenVAS<\/h4>\n\n\n\n<p>Open Scanner Protocol (OSP) creates a unified interface for different security scanners and makes their control flow and scan results consistently available under the central Greenbone Vulnerability Manager service.<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>cd ~\/gvm-source<\/code><\/pre>\n\n\n\n<pre class=\"wp-block-code\"><code>OSPD_OPENVAS=22.7.1\nwget https:\/\/github.com\/greenbone\/ospd-openvas\/archive\/refs\/tags\/v${OSPD_OPENVAS}.tar.gz \\\n-O ospd-openvas-v${OSPD_OPENVAS}.tar.gz<\/code><\/pre>\n\n\n\n<pre class=\"wp-block-code\"><code>tar xzf ospd-openvas-v${OSPD_OPENVAS}.tar.gz;cd ospd-openvas-${OSPD_OPENVAS}<\/code><\/pre>\n\n\n\n<pre class=\"wp-block-code\"><code>mkdir build\npython3 -m pip install --root=.\/build .<\/code><\/pre>\n\n\n\n<pre class=\"wp-block-code\"><code>su -c \"sudo cp .\/build\/usr\/local\/bin\/ospd-openvas \/usr\/local\/bin\/\" kifarunix<\/code><\/pre>\n\n\n\n<pre class=\"wp-block-code\"><code>su -c \"sudo cp .\/build\/usr\/local\/lib\/python3.12\/* \/usr\/local\/lib\/python3.12\/\" kifarunix<\/code><\/pre>\n\n\n\n<h4 class=\"wp-block-heading\" id=\"build-and-install-notus-scanner\">Build and Install Notus Scanner<\/h4>\n\n\n\n<p>Notus scanner is a scanner that is integrated into the Greenbone Vulnerability Management framework and can be used to detect vulnerable products by evaluating internal system information, such as the installed software packages and their versions.<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>cd ~\/gvm-source<\/code><\/pre>\n\n\n\n<pre class=\"wp-block-code\"><code>NOTUS_SCANNER=22.6.3\nwget https:\/\/github.com\/greenbone\/notus-scanner\/archive\/refs\/tags\/v${NOTUS_SCANNER}.tar.gz \\\n-O notus-scanner-v${NOTUS_SCANNER}.tar.gz<\/code><\/pre>\n\n\n\n<pre class=\"wp-block-code\"><code>tar xzf notus-scanner-v${NOTUS_SCANNER}.tar.gz;cd notus-scanner-${NOTUS_SCANNER}<\/code><\/pre>\n\n\n\n<pre class=\"wp-block-code\"><code>mkdir build\nsudo python3 -m pip install --root=.\/build .<\/code><\/pre>\n\n\n\n<pre class=\"wp-block-code\"><code>su -c \"sudo cp .\/build\/usr\/local\/bin\/* \/usr\/local\/bin\/\" kifarunix<\/code><\/pre>\n\n\n\n<pre class=\"wp-block-code\"><code>su -c \"sudo cp -r .\/build\/usr\/local\/lib\/python3.12\/dist-packages\/* \/usr\/local\/lib\/python3.12\/dist-packages\/\" kifarunix<\/code><\/pre>\n\n\n\n<h4 class=\"wp-block-heading\" id=\"install-gvm-nv-ts-feed-synchronization-tool\">Install GVM NVTs Feed Synchronization tool<\/h4>\n\n\n\n<p><strong><code>greenbone-feed-sync<\/code><\/strong>&nbsp;is GVM python script that can be used to download the latest version of the Greenbone Community Feed, or to update an existing feed. It can be installed as follows;<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>cd ~\/gvm-source &amp;&amp; mkdir greenbone-feed-sync &amp;&amp; cd greenbone-feed-sync<\/code><\/pre>\n\n\n\n<pre class=\"wp-block-code\"><code>sudo python3 -m pip install --root=. greenbone-feed-sync<\/code><\/pre>\n\n\n\n<pre class=\"wp-block-code\"><code>su -c \"sudo cp .\/usr\/local\/bin\/* \/usr\/local\/bin\/\" kifarunix<\/code><\/pre>\n\n\n\n<pre class=\"wp-block-code\"><code>su -c \"sudo cp -r .\/usr\/local\/lib\/python3.12\/dist-packages\/* \/usr\/local\/lib\/python3.12\/dist-packages\/\" kifarunix<\/code><\/pre>\n\n\n\n<h4 class=\"wp-block-heading\" id=\"install-gvm-tools\">Install GVM Tools<\/h4>\n\n\n\n<p>The Greenbone Vulnerability Management Tools are a collection of tools that help with remote controlling&nbsp;GVM installations. Such tools include;<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>gvm-cli:<\/strong>&nbsp;This tool sends plain GMP\/OSP commands and prints the result to the standard output.<\/li>\n\n\n\n<li><strong>gvm-script:<\/strong>&nbsp;This tool has a lot more features than the simple gvm-cli client.&nbsp;It can be used to create scripts that automate tasks, such as scanning for vulnerabilities or creating reports.<\/li>\n\n\n\n<li><strong>gvm-pyshell:<\/strong>&nbsp;This tool is for running gmp or osp scripts interactively. It provides the same API as gvm-script using the python-gvm library.<\/li>\n\n\n\n<li><strong>gvm-api:<\/strong>&nbsp;This tool provides a Python API for accessing the GMP and OSP protocols. This API can be used to develop custom tools and applications that interact with GVM.<\/li>\n<\/ul>\n\n\n\n<p>To install GVM tools;<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>cd ~\/gvm-source &amp;&amp; mkdir gvm-tools &amp;&amp; cd gvm-tools<\/code><\/pre>\n\n\n\n<pre class=\"wp-block-code\"><code>sudo python3 -m pip install --root=. gvm-tools<\/code><\/pre>\n\n\n\n<pre class=\"wp-block-code\"><code>su -c \"sudo cp .\/usr\/local\/bin\/* \/usr\/local\/bin\/\" kifarunix<\/code><\/pre>\n\n\n\n<pre class=\"wp-block-code\"><code>su -c \"sudo cp -r .\/usr\/local\/lib\/python3.12\/dist-packages\/* \/usr\/local\/lib\/python3.12\/dist-packages\/\" kifarunix<\/code><\/pre>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"configuring-open-vas-scanner-redis-data-store\">Configuring OpenVAS Scanner Redis Data Store<\/h3>\n\n\n\n<p>Redis is used to store information about vulnerabilities, such as their severity, exploitability, and remediation steps.<\/p>\n\n\n\n<p>To begin run the command below to create the cache to the installed shared libraries;<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>exit<\/code><\/pre>\n\n\n\n<pre class=\"wp-block-code\"><code>sudo ldconfig<\/code><\/pre>\n\n\n\n<p>The default configuration of Redis server is&nbsp;<code>\/etc\/redis\/redis.conf<\/code>.<\/p>\n\n\n\n<p>Next, copy OpenVAS scanner Redis configuration file from the OpenVAS source directory,&nbsp;<code>redis-openvas.conf<\/code>, to the Redis config directory;<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>OPENVAS_SCANNER=23.2.0\nsudo cp \/opt\/gvm\/gvm-source\/openvas-scanner-${OPENVAS_SCANNER}\/config\/redis-openvas.conf \/etc\/redis\/<\/code><\/pre>\n\n\n\n<p>Update the ownership of the configuration.<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>sudo chown redis:redis \/etc\/redis\/redis-openvas.conf<\/code><\/pre>\n\n\n\n<p>Update the path to Redis unix socket on the&nbsp;<code><strong>\/etc\/openvas\/openvas.conf<\/strong><\/code>&nbsp;using the&nbsp;<strong><code>db_address<\/code><\/strong>&nbsp;parameter.<\/p>\n\n\n\n<p>To get the path to the Redis unix socket, run the command;<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>sudo grep unixsocket \/etc\/redis\/redis-openvas.conf<\/code><\/pre>\n\n\n\n<p>Sample output;<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>unixsocket \/run\/redis-openvas\/redis.sock\nunixsocketperm 770<\/code><\/pre>\n\n\n\n<p>Once you get the path to Redis unix socket, run the command;<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>echo \"<strong>db_address = \/run\/redis-openvas\/redis.sock<\/strong>\" | sudo tee \/etc\/openvas\/openvas.conf<\/code><\/pre>\n\n\n\n<p>Add gvm user to redis group;<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>sudo usermod -aG redis gvm<\/code><\/pre>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"optimize-redis-performance\">Optimize Redis Performance<\/h3>\n\n\n\n<p>You can also optimize Redis server itself improve the performance by making the following adjustments;<\/p>\n\n\n\n<p>Increase the value of somaxconn in order to avoid slow clients connections issues.<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>echo \"net.core.somaxconn = 1024\" | sudo tee -a \/etc\/sysctl.conf<\/code><\/pre>\n\n\n\n<p>Redis background save may fail under low memory condition. To avoid this, enable memory overcommit (<strong>man 5 proc)<\/strong>.<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>echo 'vm.overcommit_memory = 1' | sudo tee -a \/etc\/sysctl.conf<\/code><\/pre>\n\n\n\n<p>Reload sysctl variables created above.<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>sudo sysctl -p<\/code><\/pre>\n\n\n\n<p>To avoid creation of latencies and memory usage issues with Redis, disable Linux Kernel\u2019s support for Transparent Huge Pages (THP). To easily work around this, create a systemd service unit for this purpose.<\/p>\n\n\n\n<pre class=\"scroll-box\"><code>sudo tee \/etc\/systemd\/system\/disable_thp.service &lt;&lt; 'EOL'\n[Unit]\nDescription=Disable Kernel Support for Transparent Huge Pages (THP)\n\n[Service]\nType=simple\nExecStart=\/bin\/sh -c \"echo 'never' > \/sys\/kernel\/mm\/transparent_hugepage\/enabled &amp;&amp; echo 'never' > \/sys\/kernel\/mm\/transparent_hugepage\/defrag\"\n\n[Install]\nWantedBy=multi-user.target\nEOL\n<\/code><\/pre>\n\n\n\n<p>Reload systemd configurations;<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>sudo systemctl daemon-reload<\/code><\/pre>\n\n\n\n<p>Start and enable this service to run on system boot.<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>sudo systemctl enable --now disable_thp<\/code><\/pre>\n\n\n\n<p>Restart OpenVAS Redis server<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>sudo systemctl enable --now redis-server@openvas<\/code><\/pre>\n\n\n\n<p>Confirm the status;<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>systemctl status redis-server@openvas<\/code><\/pre>\n\n\n\n<pre class=\"scroll-box\"><code>\u25cf redis-server@openvas.service - Advanced key-value store (openvas)\n     Loaded: loaded (\/usr\/lib\/systemd\/system\/redis-server@.service; enabled; preset: enabled)\n     Active: active (running) since Fri 2024-05-10 17:35:18 UTC; 12s ago\n       Docs: http:\/\/redis.io\/documentation,\n             man:redis-server(1)\n   Main PID: 45475 (redis-server)\n     Status: \"Ready to accept connections\"\n      Tasks: 5 (limit: 9444)\n     Memory: 3.8M (peak: 4.3M)\n        CPU: 58ms\n     CGroup: \/system.slice\/system-redis\\x2dserver.slice\/redis-server@openvas.service\n             \u2514\u250045475 \"\/usr\/bin\/redis-server unixsocket:\/run\/redis-openvas\/redis.sock\"\n\nMay 10 17:35:18 gvm redis-server[45475]:   `-._    `-._`-.__.-'_.-'    _.-'\nMay 10 17:35:18 gvm redis-server[45475]:       `-._    `-.__.-'    _.-'\nMay 10 17:35:18 gvm redis-server[45475]:           `-._        _.-'\nMay 10 17:35:18 gvm redis-server[45475]:               `-.__.-'\nMay 10 17:35:18 gvm redis-server[45475]: 45475:M 10 May 2024 17:35:18.259 # Server initialized\nMay 10 17:35:18 gvm redis[45475]:                 _._                                                  \n                                             _.-``__ ''-._                                             \n                                        _.-``    `.  `_.  ''-._           Redis 7.0.15 (00000000\/0) 64 bit\n                                    .-`` .-```.  ```\\\/    _.,_ ''-._                                  \n                                   (    '      ,       .-`  | `,    )     Running in standalone mode\n                                   |`-._`-...-` __...-.``-._|'` _.-'|     Port: 0\n                                   |    `-._   `._    \/     _.-'    |     PID: 45475\n                                    `-._    `-._  `-.\/  _.-'    _.-'                                   \n                                   |`-._`-._    `-.__.-'    _.-'_.-'|                                  \n                                   |    `-._`-._        _.-'_.-'    |           https:\/\/redis.io       \n                                    `-._    `-._`-.__.-'_.-'    _.-'                                   \n                                   |`-._`-._    `-.__.-'    _.-'_.-'|                                  \n                                   |    `-._`-._        _.-'_.-'    |                                  \n                                    `-._    `-._`-.__.-'_.-'    _.-'                                   \n                                        `-._    `-.__.-'    _.-'                                       \n                                            `-._        _.-'                                           \n                                                `-.__.-'\nMay 10 17:35:18 gvm redis-server[45475]: 45475:M 10 May 2024 17:35:18.259 * The server is now ready to accept connections at \/run\/redis-openvas\/redis.sock\nMay 10 17:35:18 gvm redis[45475]: Server initialized\nMay 10 17:35:18 gvm redis[45475]: The server is now ready to accept connections at \/run\/redis-openvas\/redis.sock\nMay 10 17:35:18 gvm systemd[1]: Started redis-server@openvas.service - Advanced key-value store (openvas).\n<\/code><\/pre>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"configure-mosquitto-mqtt-broker-for-gvm\">Configure Mosquitto MQTT Broker for GVM<\/h3>\n\n\n\n<p>MQTT Broker is used for communication between notus-scanner, openvas-scanner and ospd-openvas.<\/p>\n\n\n\n<p>Configure OpenVAS scanner to use MQTT by defining the address to MQTT as well as the vulnerability scannig approach.<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>echo \"mqtt_server_uri = localhost:1883\ntable_driven_lsc = yes\" | sudo tee -a \/etc\/openvas\/openvas.conf<\/code><\/pre>\n\n\n\n<p>Next, start and enable Mosquitto service to run on system boot;<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>sudo systemctl enable --now mosquitto<\/code><\/pre>\n\n\n\n<p>Check status;<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>systemctl status mosquitto<\/code><\/pre>\n\n\n\n<pre class=\"scroll-box\"><code>\u25cf mosquitto.service - Mosquitto MQTT Broker\n     Loaded: loaded (\/usr\/lib\/systemd\/system\/mosquitto.service; enabled; preset: enabled)\n     Active: active (running) since Wed 2024-05-08 20:53:38 UTC; 1 day 20h ago\n       Docs: man:mosquitto.conf(5)\n             man:mosquitto(8)\n   Main PID: 4816 (mosquitto)\n      Tasks: 1 (limit: 9444)\n     Memory: 1.0M (peak: 1.8M)\n        CPU: 1min 53.382s\n     CGroup: \/system.slice\/mosquitto.service\n             \u2514\u25004816 \/usr\/sbin\/mosquitto -c \/etc\/mosquitto\/mosquitto.conf\n\nMay 08 20:53:38 gvm systemd[1]: Starting mosquitto.service - Mosquitto MQTT Broker...\nMay 08 20:53:38 gvm systemd[1]: Started mosquitto.service - Mosquitto MQTT Broker.\n<\/code><\/pre>\n\n\n\n<p>Check the ports;<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>sudo ss -antpl | grep :1883<\/code><\/pre>\n\n\n\n<pre class=\"scroll-box\"><code>LISTEN 0      100        127.0.0.1:1883      0.0.0.0:*    users:((\"mosquitto\",pid=4816,fd=5))                                                                                                                                                                                                                                                \nLISTEN 0      100            [::1]:1883         [::]:*    users:((\"mosquitto\",pid=4816,fd=6))\n<\/code><\/pre>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"update-gvm-directories-ownership-and-permissions\">Update GVM Directories Ownership and Permissions<\/h3>\n\n\n\n<p>Update GVM libraries ownership and permissions as follows;<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>sudo mkdir -p \/var\/lib\/notus \/run\/gvmd<\/code><\/pre>\n\n\n\n<pre class=\"scroll-box\"><code>sudo chown -R gvm:gvm \/var\/lib\/gvm \\\n\t\/var\/lib\/openvas \\\n\t\/var\/lib\/notus \\\n\t\/var\/log\/gvm \\\n\t\/run\/gvmd\n<\/code><\/pre>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"update-network-vulnerability-tests-nv-ts\">Update Network Vulnerability Tests (NVTs)<\/h3>\n\n\n\n<p>Update Network Vulnerability Tests feed from Greenbone Security Feed\/Community Feed using the&nbsp;<code>greenbone-nvt-sync<\/code>&nbsp;command.&nbsp;<code>rsync<\/code>&nbsp;tool is required for a successful synchronization.<\/p>\n\n\n\n<p>Note that&nbsp;<strong><code>greenbone-nvt-sync<\/code><\/strong>&nbsp;must not be executed as privileged user root. For this reason, update the NVTs as gvm user created above.<\/p>\n\n\n\n<p>Also, allow GVM user to run openvas with sudo rights.<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>echo \"gvm ALL = NOPASSWD: $(which openvas)\" | sudo tee -a \/etc\/sudoers.d\/gvm<\/code><\/pre>\n\n\n\n<p>Next, update the NVTs as GVM user;<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>sudo -Hiu gvm greenbone-nvt-sync<\/code><\/pre>\n\n\n\n<p>The command may take a while to complete.<\/p>\n\n\n\n<p>Sample output;<\/p>\n\n\n\n<pre class=\"scroll-box\"><code>Trying to acquire lock on \/var\/lib\/openvas\/feed-update.lock\nAcquired lock on \/var\/lib\/openvas\/feed-update.lock\n\u2826 Downloading Notus files from rsync:\/\/feed.community.greenbone.net\/community\/vulnerability-feed\/22.04\/vt-data\/notus\/ to \/var\/lib\/notus\n\u2807 Downloading NASL files from rsync:\/\/feed.community.greenbone.net\/community\/vulnerability-feed\/22.04\/vt-data\/nasl\/ to \/var\/lib\/openvas\/plugins\nReleasing lock on \/var\/lib\/openvas\/feed-update.lock\n<\/code><\/pre>\n\n\n\n<p>If the command fails with:<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>rsync: &#91;receiver] read error: Connection reset by peer (104)\nrsync error: error in socket IO (code 10) at io.c(784) &#91;receiver=3.2.3]\nrsync: connection unexpectedly closed (1913648 bytes received so far) &#91;generator]\nrsync error: error in rsync protocol data stream (code 12) at io.c(228) &#91;generator=3.2.3]\n<\/code><\/pre>\n\n\n\n<p>Then append&nbsp;<code>--rsync<\/code>&nbsp;option and rerun the command.<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>sudo -Hiu gvm greenbone-nvt-sync --rsync<\/code><\/pre>\n\n\n\n<p>Once the update is done, you need to upload the plugins into Redis server;<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>sudo -Hiu gvm sudo openvas --update-vt-info<\/code><\/pre>\n\n\n\n<p>Again , ensure the logs directory has proper ownership;<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>sudo chown -R gvm:gvm \/var\/log\/gvm<\/code><\/pre>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"keeping-the-feeds-up-to-date\">Keeping the feeds up-to-date<\/h3>\n\n\n\n<p>The gvmd&nbsp;<code><strong>Data<\/strong><\/code>,&nbsp;<strong><code>SCAP<\/code><\/strong>&nbsp;and&nbsp;<code><strong>CERT<\/strong><\/code>&nbsp;Feeds should be kept up-to-date by calling the&nbsp;<code>greenbone-feed-sync<\/code>&nbsp;script regularly (e.g. via a cron entry):<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>sudo -Hiu gvm greenbone-feed-sync --type GVMD_DATA<\/code><\/pre>\n\n\n\n<pre class=\"wp-block-code\"><code>sudo -Hiu gvm greenbone-feed-sync --type SCAP<\/code><\/pre>\n\n\n\n<pre class=\"wp-block-code\"><code>sudo -Hiu gvm greenbone-feed-sync --type CERT<\/code><\/pre>\n\n\n\n<p>Please note: The&nbsp;<code>CERT<\/code>&nbsp;feed sync depends on data provided by the&nbsp;<code>SCAP<\/code>&nbsp;feed and should be called after syncing the later.<\/p>\n\n\n\n<p>Also, in case the commands fail with such an error;<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>rsync: read error: Connection reset by peer (104)\nrsync error: error in socket IO (code 10) at io.c(794) &#91;receiver=3.1.3]\nrsync: connection unexpectedly closed (1047 bytes received so far) &#91;generator]\nrsync error: error in rsync protocol data stream (code 12) at io.c(235) &#91;generator=3.1.3]<\/code><\/pre>\n\n\n\n<p>Try adding&nbsp;<code><strong>--rsync<\/strong><\/code>&nbsp;option to the command, for example;<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>sudo -Hiu gvm greenbone-feed-sync --type CERT --rsync<\/code><\/pre>\n\n\n\n<p><strong>Consider setting cron jobs to run the nvts, cert and scap data update scripts at your preferred frequency to pull updates from the feed servers.<\/strong><\/p>\n\n\n\n<h4 class=\"wp-block-heading\" id=\"configure-gvm-feed-validation\">Configure GVM Feed Validation<\/h4>\n\n\n\n<p>Run the commands below install the GnuPG keychain with the&nbsp;<em>Greenbone Community Feed integrity key<\/em>&nbsp;for validating the feed content;<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>wget https:\/\/www.greenbone.net\/GBCommunitySigningKey.asc<\/code><\/pre>\n\n\n\n<pre class=\"wp-block-code\"><code>sudo gpg --homedir=\/etc\/openvas\/gnupg --import GBCommunitySigningKey.asc<\/code><\/pre>\n\n\n\n<pre class=\"wp-block-code\"><code>echo \"8AE4BE429B60A59B311C2E739823FAA60ED1E580:6:\" | \\\nsudo gpg --import-ownertrust --homedir=\/etc\/openvas\/gnupg<\/code><\/pre>\n\n\n\n<p>Update ownership of the keyrings file.<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>sudo chown gvm:gvm \/etc\/openvas\/gnupg<\/code><\/pre>\n\n\n\n<p>List the keys;<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>sudo -Hiu gvm gpg --homedir=\/etc\/openvas\/gnupg --list-keys<\/code><\/pre>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"running-open-vas-scanner-gsa-and-gvm-services\">Running OpenVAS Scanner, GSA and GVM services<\/h3>\n\n\n\n<p>In order to make the management of OpenVAS scanner, GSA (WebUI service) and GVM daemon, create systemd service unit files for each of them as follows.<\/p>\n\n\n\n<h4 class=\"wp-block-heading\" id=\"create-systemd-service-unit-for-open-vas-ospd\">Create Systemd Service unit for OpenVAS OSPD<\/h4>\n\n\n\n<p>You can copy the service unit file from the source directory to systemd service unit files directory and modify it accordingly. We use the service unit below in this setup.<\/p>\n\n\n\n<pre class=\"scroll-box\"><code>sudo tee \/etc\/systemd\/system\/ospd-openvas.service &lt;&lt; 'EOL'\n[Unit]\nDescription=OSPd Wrapper for the OpenVAS Scanner (ospd-openvas)\nDocumentation=man:ospd-openvas(8) man:openvas(8)\nAfter=network.target networking.service redis-server@openvas.service mosquitto.service\nWants=redis-server@openvas.service mosquitto.service\nConditionKernelCommandLine=!recovery\n\n[Service]\nType=exec\nUser=gvm\nGroup=gvm\nRuntimeDirectory=ospd\nRuntimeDirectoryMode=2775\nPIDFile=\/run\/ospd\/ospd-openvas.pid\nExecStartPre=-rm -rf \/run\/ospd\/ospd-openvas.pid \/run\/ospd\/ospd-openvas.sock\nExecStart=\/usr\/local\/bin\/ospd-openvas --foreground \\\n\t--unix-socket \/run\/ospd\/ospd-openvas.sock \\\n\t--pid-file \/run\/ospd\/ospd-openvas.pid \\\n\t--log-file \/var\/log\/gvm\/ospd-openvas.log \\\n\t--lock-file-dir \/var\/lib\/openvas \\\n\t--socket-mode 0770 \\\n\t--mqtt-broker-address localhost \\\n\t--mqtt-broker-port 1883 \\\n\t--notus-feed-dir \/var\/lib\/notus\/advisories\nSuccessExitStatus=SIGKILL\nRestart=always\nRestartSec=60\n\n[Install]\nWantedBy=multi-user.target\nEOL\n<\/code><\/pre>\n\n\n\n<p>Reload systemd configs;<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>sudo systemctl daemon-reload<\/code><\/pre>\n\n\n\n<p>Start and enable OSPD openvas wrapper service;<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>sudo systemctl enable --now ospd-openvas<\/code><\/pre>\n\n\n\n<p>Check the status;<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>systemctl status ospd-openvas.service<\/code><\/pre>\n\n\n\n<pre class=\"scroll-box\"><code>\u25cf ospd-openvas.service - OSPd Wrapper for the OpenVAS Scanner (ospd-openvas)\n     Loaded: loaded (\/etc\/systemd\/system\/ospd-openvas.service; enabled; preset: enabled)\n     Active: active (running) since Fri 2024-05-10 19:28:14 UTC; 2min 57s ago\n       Docs: man:ospd-openvas(8)\n             man:openvas(8)\n    Process: 49371 ExecStartPre=rm -rf \/run\/ospd\/ospd-openvas.pid \/run\/ospd\/ospd-openvas.sock (code=exited, status=0\/SUCCESS)\n   Main PID: 49373 (ospd-openvas)\n      Tasks: 5 (limit: 9444)\n     Memory: 90.2M (peak: 148.8M)\n        CPU: 55.327s\n     CGroup: \/system.slice\/ospd-openvas.service\n             \u251c\u250049373 \/usr\/bin\/python3 \/usr\/local\/bin\/ospd-openvas --foreground --unix-socket \/run\/ospd\/ospd-openvas.sock --pid-file \/run\/ospd\/ospd-openvas.pid --log-file \/var\/log\/gvm\/ospd-openvas.log --lock-fil>\n             \u2514\u250049378 \/usr\/bin\/python3 \/usr\/local\/bin\/ospd-openvas --foreground --unix-socket \/run\/ospd\/ospd-openvas.sock --pid-file \/run\/ospd\/ospd-openvas.pid --log-file \/var\/log\/gvm\/ospd-openvas.log --lock-fil>\n\nMay 10 19:28:14 gvm systemd[1]: Starting ospd-openvas.service - OSPd Wrapper for the OpenVAS Scanner (ospd-openvas)...\nMay 10 19:28:14 gvm systemd[1]: Started ospd-openvas.service - OSPd Wrapper for the OpenVAS Scanner (ospd-openvas).\nMay 10 19:28:14 gvm ospd-openvas[49373]: OSPD[49373] 2024-05-10 19:28:14,606: INFO: (ospd.main) Starting OSPd OpenVAS version 22.7.1.\nMay 10 19:28:14 gvm ospd-openvas[49373]: OSPD[49373] 2024-05-10 19:28:14,643: INFO: (ospd_openvas.messaging.mqtt) Successfully connected to MQTT broker\nMay 10 19:28:24 gvm ospd-openvas[49373]: OSPD[49373] 2024-05-10 19:28:24,642: INFO: (ospd_openvas.daemon) Loading VTs. Scans will be [requested|queued] until VTs are loaded. This may take a few minutes, please >\nMay 10 19:29:13 gvm ospd-openvas[49373]: OSPD[49373] 2024-05-10 19:29:13,255: INFO: (ospd_openvas.daemon) VTs were up to date. Feed version is 202405101636.\n<\/code><\/pre>\n\n\n\n<p>Be sure to also check the logs;<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>sudo tail -f \/var\/log\/gvm\/ospd-openvas.log<\/code><\/pre>\n\n\n\n<p>Sample logs;<\/p>\n\n\n\n<pre class=\"scroll-box\"><code>...\nOSPD[49373] 2024-05-10 19:28:14,606: INFO: (ospd.main) Starting OSPd OpenVAS version 22.7.1.\nOSPD[49373] 2024-05-10 19:28:14,643: INFO: (ospd_openvas.messaging.mqtt) Successfully connected to MQTT broker\nOSPD[49373] 2024-05-10 19:28:24,642: INFO: (ospd_openvas.daemon) Loading VTs. Scans will be [requested|queued] until VTs are loaded. This may take a few minutes, please wait...\nOSPD[49373] 2024-05-10 19:29:13,255: INFO: (ospd_openvas.daemon) VTs were up to date. Feed version is 202405101636\n<\/code><\/pre>\n\n\n\n<h4 class=\"wp-block-heading\" id=\"create-notus-scanner-systemd-service-unit\">Create Notus Scanner Systemd Service Unit<\/h4>\n\n\n\n<p>Execute the command below to install Notus scanner systemd service unit<\/p>\n\n\n\n<pre class=\"scroll-box\"><code>sudo tee \/etc\/systemd\/system\/notus-scanner.service &lt;&lt; 'EOL'\n[Unit]\nDescription=Notus Scanner\nAfter=mosquitto.service\nWants=mosquitto.service\nConditionKernelCommandLine=!recovery\n\n[Service]\nType=exec\nUser=gvm\nRuntimeDirectory=notus-scanner\nRuntimeDirectoryMode=2775\nPIDFile=\/run\/notus-scanner\/notus-scanner.pid\nExecStart=\/usr\/local\/bin\/notus-scanner --foreground \\\n\t--products-directory \/var\/lib\/notus\/products \\\n\t--log-file \/var\/log\/gvm\/notus-scanner.log\nSuccessExitStatus=SIGKILL\nRestart=always\nRestartSec=60\n\n[Install]\nWantedBy=multi-user.target\nEOL\n<\/code><\/pre>\n\n\n\n<p>Reload systemd configs, start and enable the service.<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>sudo systemctl daemon-reload<\/code><\/pre>\n\n\n\n<pre class=\"wp-block-code\"><code>sudo systemctl enable --now notus-scanner<\/code><\/pre>\n\n\n\n<p>Check the status;<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>systemctl status notus-scanner<\/code><\/pre>\n\n\n\n<pre class=\"scroll-box\"><code>\u25cf notus-scanner.service - Notus Scanner\n     Loaded: loaded (\/etc\/systemd\/system\/notus-scanner.service; enabled; preset: enabled)\n     Active: active (running) since Fri 2024-05-10 19:33:30 UTC; 6s ago\n   Main PID: 49574 (notus-scanner)\n      Tasks: 1 (limit: 9444)\n     Memory: 14.9M (peak: 16.1M)\n        CPU: 95ms\n     CGroup: \/system.slice\/notus-scanner.service\n             \u2514\u250049574 \/usr\/bin\/python3 \/usr\/local\/bin\/notus-scanner --foreground --products-directory \/var\/lib\/notus\/products --log-file \/var\/log\/gvm\/notus-scanner.log\n\nMay 10 19:33:30 gvm systemd[1]: Starting notus-scanner.service - Notus Scanner...\nMay 10 19:33:30 gvm systemd[1]: Started notus-scanner.service - Notus Scanner.\nMay 10 19:33:30 gvm notus-scanner[49574]: 2024-05-10 19:33:30,724 notus-scanner: INFO: (notus.scanner.daemon) Starting notus-scanner version 22.6.3.\n<\/code><\/pre>\n\n\n\n<p>check logs;<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>sudo tail -f \/var\/log\/gvm\/notus-scanner.log<\/code><\/pre>\n\n\n\n<h4 class=\"wp-block-heading\" id=\"creating-systemd-service-units-for-gvm-services\">Creating Systemd Service units for GVM services<\/h4>\n\n\n\n<p>When run, the installer creates GVM daemon service unit,&nbsp;<strong><code>\/lib\/systemd\/system\/gvmd.service<\/code><\/strong>.<\/p>\n\n\n\n<p>Let us modify this service unit file;<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>sudo cp \/lib\/systemd\/system\/gvmd.service{,.bak}<\/code><\/pre>\n\n\n\n<pre class=\"scroll-box\"><code>sudo tee \/lib\/systemd\/system\/gvmd.service &lt;&lt; 'EOL'\n[Unit]\nDescription=Greenbone Vulnerability Manager daemon (gvmd)\nAfter=network.target networking.service postgresql.service ospd-openvas.service\nWants=postgresql.service ospd-openvas.service\nDocumentation=man:gvmd(8)\nConditionKernelCommandLine=!recovery\n\n[Service]\nType=exec\nUser=gvm\nGroup=gvm\nPIDFile=\/run\/gvmd\/gvmd.pid\nRuntimeDirectory=gvmd\nRuntimeDirectoryMode=2775\nExecStart=\/usr\/local\/sbin\/gvmd --foreground \\\n\t--osp-vt-update=\/run\/ospd\/ospd-openvas.sock \\\n\t--listen-group=gvm\nRestart=always\nTimeoutStopSec=10\n\n[Install]\nWantedBy=multi-user.target\nEOL\n<\/code><\/pre>\n\n\n\n<p>Reload system unit configs and start the services;<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>sudo systemctl daemon-reload\nsudo systemctl enable --now gvmd<\/code><\/pre>\n\n\n\n<p>Checking the status;<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>systemctl status gvmd<\/code><\/pre>\n\n\n\n<pre class=\"scroll-box\"><code>\u25cf gvmd.service - Greenbone Vulnerability Manager daemon (gvmd)\n     Loaded: loaded (\/usr\/lib\/systemd\/system\/gvmd.service; enabled; preset: enabled)\n     Active: active (running) since Fri 2024-05-10 19:35:30 UTC; 6s ago\n       Docs: man:gvmd(8)\n   Main PID: 49737 (gvmd)\n      Tasks: 6 (limit: 9444)\n     Memory: 101.9M (peak: 102.4M)\n        CPU: 4.813s\n     CGroup: \/system.slice\/gvmd.service\n             \u251c\u250049737 \"gvmd: Waiting for in\" --foreground --osp-vt-update=\/run\/ospd\/ospd-openvas.sock --listen-group=gvm\n             \u251c\u250049758 gpg-agent --homedir \/var\/lib\/gvm\/gvmd\/gnupg --use-standard-socket --daemon\n             \u251c\u250049767 \"gvmd: Reloading NVTs\" --foreground --osp-vt-update=\/run\/ospd\/ospd-openvas.sock --listen-group=gvm\n             \u251c\u250049768 \"gvmd: Syncing SCAP: \" --foreground --osp-vt-update=\/run\/ospd\/ospd-openvas.sock --listen-group=gvm\n             \u251c\u250049769 \"gvmd: OSP: Updating \" --foreground --osp-vt-update=\/run\/ospd\/ospd-openvas.sock --listen-group=gvm\n             \u2514\u250049770 \"gvmd: Syncing CERT\" \"\" .--foreground --osp-vt-update=\/run\/ospd\/ospd-openvas.sock --listen-group=gvm\n\nMay 10 19:35:30 gvm systemd[1]: Starting gvmd.service - Greenbone Vulnerability Manager daemon (gvmd)...\nMay 10 19:35:30 gvm systemd[1]: Started gvmd.service - Greenbone Vulnerability Manager daemon (gvmd).\n<\/code><\/pre>\n\n\n\n<p>Check the logs;<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>sudo tail -f \/var\/log\/gvm\/gvmd.log<\/code><\/pre>\n\n\n\n<h4 class=\"wp-block-heading\" id=\"creating-systemd-service-units-for-gsa-services\">Creating Systemd Service units for GSA services<\/h4>\n\n\n\n<p>When run, the installer creates GSA daemon service unit,&nbsp;<strong><code>\/lib\/systemd\/system\/gsad.service<\/code><\/strong>.<\/p>\n\n\n\n<p>Let us modify this service unit file;<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>sudo cp \/lib\/systemd\/system\/gsad.service{,.bak}<\/code><\/pre>\n\n\n\n<pre class=\"scroll-box\"><code>sudo tee \/lib\/systemd\/system\/gsad.service &lt;&lt; 'EOL'\n[Unit]\nDescription=Greenbone Security Assistant daemon (gsad)\nDocumentation=man:gsad(8) https:\/\/www.greenbone.net\nAfter=network.target gvmd.service\nWants=gvmd.service\n\n[Service]\nType=exec\nUser=gvm\nGroup=gvm\nRuntimeDirectory=gsad\nRuntimeDirectoryMode=2775\nPIDFile=\/run\/gsad\/gsad.pid\nExecStart=\/usr\/bin\/sudo \/usr\/local\/sbin\/gsad -k \/var\/lib\/gvm\/private\/CA\/clientkey.pem -c \/var\/lib\/gvm\/CA\/clientcert.pem\nRestart=always\nTimeoutStopSec=10\n\n[Install]\nWantedBy=multi-user.target\nAlias=greenbone-security-assistant.service\nEOL\n<\/code><\/pre>\n\n\n\n<h4 class=\"wp-block-heading\" id=\"generate-gvm-certificates\">Generate GVM Certificates<\/h4>\n\n\n\n<p>Next, run the command below to generate certificates gvmd.<\/p>\n\n\n\n<p>Server certificates are used for authentication while client certificates are primarily used for authorization. More on&nbsp;<code><strong>man gvm-manage-certs<\/strong><\/code>.<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>sudo -Hiu gvm gvm-manage-certs -a<\/code><\/pre>\n\n\n\n<p>Sample output;<\/p>\n\n\n\n<pre class=\"scroll-box\"><code>Generated private key in \/tmp\/tmp.s5Z0RMcLv1\/cakey.pem.\nGenerated self signed certificate in \/tmp\/tmp.s5Z0RMcLv1\/cacert.pem.\nInstalled private key to \/var\/lib\/gvm\/private\/CA\/cakey.pem.\nInstalled certificate to \/var\/lib\/gvm\/CA\/cacert.pem.\nGenerated private key in \/tmp\/tmp.s5Z0RMcLv1\/serverkey.pem.\nGenerated certificate request in \/tmp\/tmp.s5Z0RMcLv1\/serverrequest.pem.\nSigned certificate request in \/tmp\/tmp.s5Z0RMcLv1\/serverrequest.pem with CA certificate in \/var\/lib\/gvm\/CA\/cacert.pem to generate certificate in \/tmp\/tmp.s5Z0RMcLv1\/servercert.pem\nInstalled private key to \/var\/lib\/gvm\/private\/CA\/serverkey.pem.\nInstalled certificate to \/var\/lib\/gvm\/CA\/servercert.pem.\nGenerated private key in \/tmp\/tmp.s5Z0RMcLv1\/clientkey.pem.\nGenerated certificate request in \/tmp\/tmp.s5Z0RMcLv1\/clientrequest.pem.\nSigned certificate request in \/tmp\/tmp.s5Z0RMcLv1\/clientrequest.pem with CA certificate in \/var\/lib\/gvm\/CA\/cacert.pem to generate certificate in \/tmp\/tmp.s5Z0RMcLv1\/clientcert.pem\nInstalled private key to \/var\/lib\/gvm\/private\/CA\/clientkey.pem.\nInstalled certificate to \/var\/lib\/gvm\/CA\/clientcert.pem.\nRemoving temporary directory \/tmp\/tmp.s5Z0RMcLv1.\n<\/code><\/pre>\n\n\n\n<p>Enable GVM user to run gsad with sudo rights;<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>echo \"gvm ALL = NOPASSWD: $(which gsad)\" | sudo tee -a \/etc\/sudoers.d\/gvm<\/code><\/pre>\n\n\n\n<p>Reload system unit configs and start the services. <strong>Ensure no service is using the web service ports 80\/443<\/strong>.<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>sudo systemctl daemon-reload\nsudo systemctl enable --now gsad<\/code><\/pre>\n\n\n\n<p>Checking the status;<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>systemctl status gsad<\/code><\/pre>\n\n\n\n<p>Check the logs;<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>sudo tail \/var\/log\/gvm\/gsad.log<\/code><\/pre>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"create-gvm-scanner\">Create GVM Scanner<\/h3>\n\n\n\n<p>We will use the default scanner here.<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>sudo -Hiu gvm \/usr\/local\/sbin\/gvmd --get-scanners<\/code><\/pre>\n\n\n\n<pre class=\"scroll-box\"><code>08b69003-5fc2-4037-a479-93b440211c73  OpenVAS  \/run\/ospd\/ospd-openvas.sock  0  OpenVAS Default\n6acd0832-df90-11e4-b9d5-28d24461215b  CVE    0  CVE\n<\/code><\/pre>\n\n\n\n<blockquote class=\"wp-block-quote has-small-font-size is-layout-flow wp-block-quote-is-layout-flow\">\n<p class=\"has-small-font-size\">If you set your scanner to use non-standard scanner host path rather than <strong>\/run\/ospd\/ospd-openvas.sock<\/strong>, you can create and register your scanner;<\/p>\n\n\n\n<pre class=\"scroll-sz\"><code>sudo -Hiu gvm \/usr\/local\/sbin\/gvmd \\\n\t--create-scanner=\"Kifarunix-demo OpenVAS Scanner\" \\\n\t--scanner-type=\"OpenVAS\" \\\n\t--scanner-host=\/run\/ospd\/ospd-openvas.sock\n<\/code><\/pre>\n\n\n\n<pre class=\"wp-block-code has-small-font-size\"><code>Scanner created.<\/code><\/pre>\n\n\n\n<p>Next, you need to verify your scanner. For this, you first need to get the scanner identifier;<\/p>\n\n\n\n<pre class=\"wp-block-code has-small-font-size\"><code>sudo -Hiu gvm \/usr\/local\/sbin\/gvmd --get-scanners<\/code><\/pre>\n\n\n\n<pre class=\"wp-block-code has-small-font-size\"><code>08b69003-5fc2-4037-a479-93b440211c73  OpenVAS  \/run\/ospd\/ospd-openvas.sock  0  OpenVAS Default\n6acd0832-df90-11e4-b9d5-28d24461215b  CVE    0  CVE\n<strong>3017834c-835b-41d9-8377-d8fb4d855aac  OpenVAS  \/run\/ospd\/ospd-openvas.sock  9390  Kifarunix-demo OpenVAS Scanner<\/strong><\/code><\/pre>\n\n\n\n<p>Based on the output above, our scanner UUID is,&nbsp;<strong><code>3017834c-835b-41d9-8377-d8fb4d855aac<\/code><\/strong>.<\/p>\n\n\n\n<p>Verify the scanner;<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>sudo -Hiu gvm \/usr\/local\/sbin\/gvmd --verify-scanner=<strong><\/strong>3017834c-835b-41d9-8377-d8fb4d855aac<\/code><\/pre>\n<cite>creating own scanner<\/cite><\/blockquote>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"create-gvm-admin-user\">Create GVM Admin User<\/h3>\n\n\n\n<p>Create GVM administrative user by running the command below;<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>sudo -Hiu gvm \/usr\/local\/sbin\/gvmd --create-user admin<\/code><\/pre>\n\n\n\n<p>This command generates a random password for the user. See sample output below;<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>User created with password '5d2d0b2d-2eb8-4853-8aa9-9bf70a802c9a'.<\/code><\/pre>\n\n\n\n<p>If you want to create a user and at the same time create your own password;<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>sudo -Hiu gvm \/usr\/local\/sbin\/gvmd --create-user <strong>USERNAME<\/strong> --password=<strong>PASSWORD<\/strong><\/code><\/pre>\n\n\n\n<p>Otherwise, you can reset the password of an already existing user;<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>sudo -Hiu gvm \/usr\/local\/sbin\/gvmd --user=&lt;USERNAME&gt; --new-password=&lt;PASSWORD&gt;<\/code><\/pre>\n\n\n\n<p>An administrator user can later create further users or administrators via clients like the Greenbone Security Assistant (GSA).<\/p>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"set-the-feed-import-owner\">Set the Feed Import Owner<\/h3>\n\n\n\n<p>According to&nbsp;<code><strong>gvmd\/INSTALL.md<\/strong><\/code>, certain resources that were previously part of the gvmd source code are now shipped via the feed. An example is the config \u201cFull and Fast\u201d.<\/p>\n\n\n\n<p>gvmd will only create these resources if a \u201cFeed Import Owner\u201d is configured:<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>sudo -Hiu gvm \/usr\/local\/sbin\/gvmd --modify-setting 78eceaec-3385-11ea-b237-28d24461215b --value &lt;uuid_of_user&gt;<\/code><\/pre>\n\n\n\n<p>Thus, get the UUIDs of all created users;<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>sudo -Hiu gvm \/usr\/local\/sbin\/gvmd --get-users --verbose<\/code><\/pre>\n\n\n\n<p>Sample output;<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>admin d91affe7-f772-412b-8d7b-7ade616543ee<\/code><\/pre>\n\n\n\n<p>Then modify the gvmd settings with the admin user UUID.<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>sudo -Hiu gvm \/usr\/local\/sbin\/gvmd --modify-setting 78eceaec-3385-11ea-b237-28d24461215b --value d91affe7-f772-412b-8d7b-7ade616543ee<\/code><\/pre>\n\n\n\n<p>You can even use a single command;<\/p>\n\n\n\n<pre class=\"scroll-box\"><code>sudo -Hiu gvm \/usr\/local\/sbin\/gvmd \\\n--modify-setting 78eceaec-3385-11ea-b237-28d24461215b \\\n--value `sudo -Hiu gvm \/usr\/local\/sbin\/gvmd --get-users --verbose | grep admin | awk '{print $2}'`\n<\/code><\/pre>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"accessing-gvm-web-interface\">Accessing GVM Web Interface<\/h3>\n\n\n\n<p>Greenbone Security Assistant (GSA) WebUI daemon opens port 443 and listens on all interfaces.<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>sudo ss -altnp | grep 443<\/code><\/pre>\n\n\n\n<pre class=\"wp-block-code\"><code>LISTEN 0      1024               *:443             *:*    users:((\"gsad\",pid=50368,fd=11))<\/code><\/pre>\n\n\n\n<p>If firewall is running, open this port to allow external access.<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>sudo ufw allow 443\/tcp<\/code><\/pre>\n\n\n\n<p>You can now access GSA via the url&nbsp;<code><strong>https:&lt;serverIP-OR-hostname&gt;<\/strong><\/code>.<\/p>\n\n\n\n<p>Accept the self-signed SSL warning and proceed.<\/p>\n\n\n\n<figure class=\"wp-block-image\"><img loading=\"lazy\" decoding=\"async\" width=\"1456\" height=\"850\" src=\"https:\/\/kifarunix.com\/wp-content\/uploads\/2023\/08\/gvm-login.png\" alt=\"gmv ubuntu 24.04 login page\" class=\"wp-image-18416\" title=\"Install GVM Vulnerability Scanner on Ubuntu 24.04 1\" srcset=\"https:\/\/kifarunix.com\/wp-content\/uploads\/2023\/08\/gvm-login.png?v=1692308841 1456w, https:\/\/kifarunix.com\/wp-content\/uploads\/2023\/08\/gvm-login-768x448.png?v=1692308841 768w\" sizes=\"(max-width: 1456px) 100vw, 1456px\" \/><\/figure>\n\n\n\n<p>Login using the admin user credentials created above.<\/p>\n\n\n\n<p>Dashboard<\/p>\n\n\n\n<figure class=\"wp-block-image\"><img loading=\"lazy\" decoding=\"async\" width=\"1476\" height=\"852\" src=\"https:\/\/kifarunix.com\/wp-content\/uploads\/2023\/08\/gvm-dashboard.png\" alt=\"Install GVM Vulnerability Scanner on Ubuntu 24.04\" class=\"wp-image-18418\" title=\"Install GVM Vulnerability Scanner on Ubuntu 24.04 2\" srcset=\"https:\/\/kifarunix.com\/wp-content\/uploads\/2023\/08\/gvm-dashboard.png?v=1692308897 1476w, https:\/\/kifarunix.com\/wp-content\/uploads\/2023\/08\/gvm-dashboard-768x443.png?v=1692308897 768w\" sizes=\"(max-width: 1476px) 100vw, 1476px\" \/><\/figure>\n\n\n\n<p>Feed Status<\/p>\n\n\n\n<figure class=\"wp-block-image size-full\"><img loading=\"lazy\" decoding=\"async\" width=\"1621\" height=\"514\" src=\"https:\/\/kifarunix.com\/wp-content\/uploads\/2024\/05\/gvm-feed-status.png?v=1715370915\" alt=\"gvm feed status\" class=\"wp-image-22506\" title=\"Install GVM Vulnerability Scanner on Ubuntu 24.04 3\" srcset=\"https:\/\/kifarunix.com\/wp-content\/uploads\/2024\/05\/gvm-feed-status.png?v=1715370915 1621w, https:\/\/kifarunix.com\/wp-content\/uploads\/2024\/05\/gvm-feed-status-768x244.png?v=1715370915 768w, https:\/\/kifarunix.com\/wp-content\/uploads\/2024\/05\/gvm-feed-status-1536x487.png?v=1715370915 1536w\" sizes=\"(max-width: 1621px) 100vw, 1621px\" \/><\/figure>\n\n\n\n<p>SecInfo<\/p>\n\n\n\n<figure class=\"wp-block-image size-full\"><img loading=\"lazy\" decoding=\"async\" width=\"1625\" height=\"841\" src=\"https:\/\/kifarunix.com\/wp-content\/uploads\/2024\/05\/gvm-secinfo.png?v=1715370923\" alt=\"gvm secinfo\" class=\"wp-image-22507\" title=\"Install GVM Vulnerability Scanner on Ubuntu 24.04 4\" srcset=\"https:\/\/kifarunix.com\/wp-content\/uploads\/2024\/05\/gvm-secinfo.png?v=1715370923 1625w, https:\/\/kifarunix.com\/wp-content\/uploads\/2024\/05\/gvm-secinfo-768x397.png?v=1715370923 768w, https:\/\/kifarunix.com\/wp-content\/uploads\/2024\/05\/gvm-secinfo-1536x795.png?v=1715370923 1536w\" sizes=\"(max-width: 1625px) 100vw, 1625px\" \/><\/figure>\n\n\n\n<p>And that is it on how to install GVM on Ubuntu 24.04.<\/p>\n\n\n\n<p>And hey, don&#8217;t forget to choose your default scanner in case you created one, when scanning your hosts;<\/p>\n\n\n\n<figure class=\"wp-block-image\"><img loading=\"lazy\" decoding=\"async\" width=\"1462\" height=\"717\" src=\"https:\/\/kifarunix.com\/wp-content\/uploads\/2023\/08\/gvm-choose-scanner-custom.png\" alt=\"\" class=\"wp-image-18422\" title=\"Install GVM Vulnerability Scanner on Ubuntu 24.04 5\" srcset=\"https:\/\/kifarunix.com\/wp-content\/uploads\/2023\/08\/gvm-choose-scanner-custom.png?v=1692309085 1462w, https:\/\/kifarunix.com\/wp-content\/uploads\/2023\/08\/gvm-choose-scanner-custom-768x377.png?v=1692309085 768w\" sizes=\"(max-width: 1462px) 100vw, 1462px\" \/><\/figure>\n\n\n\n<p>You can now start scanning your assets.<\/p>\n\n\n\n<p>Sample results;<\/p>\n\n\n\n<figure class=\"wp-block-image size-full\"><img loading=\"lazy\" decoding=\"async\" width=\"1626\" height=\"705\" src=\"https:\/\/kifarunix.com\/wp-content\/uploads\/2024\/05\/sample-scan-results-gvm.png?v=1715373534\" alt=\"\" class=\"wp-image-22510\" title=\"\" srcset=\"https:\/\/kifarunix.com\/wp-content\/uploads\/2024\/05\/sample-scan-results-gvm.png?v=1715373534 1626w, https:\/\/kifarunix.com\/wp-content\/uploads\/2024\/05\/sample-scan-results-gvm-768x333.png?v=1715373534 768w, https:\/\/kifarunix.com\/wp-content\/uploads\/2024\/05\/sample-scan-results-gvm-1536x666.png?v=1715373534 1536w\" sizes=\"(max-width: 1626px) 100vw, 1626px\" \/><\/figure>\n\n\n\n<p>And that is all. You are now running GVM scanner on Ubuntu 24.04!<\/p>\n","protected":false},"excerpt":{"rendered":"<p>In this guide, you will learn how to install GVM Vulnerability Scanner on Ubuntu 24.04.&nbsp;Greenbone&nbsp;Vulnerability&nbsp;Management (GVM), previously known as OpenVAS, is a network security scanner<\/p>\n","protected":false},"author":10,"featured_media":18416,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"rank_math_lock_modified_date":false,"footnotes":""},"categories":[34,121,150],"tags":[1045,7486,7183,7396],"class_list":["post-22484","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-security","category-howtos","category-vulnerability-scanners","tag-gvm","tag-gvm-ubuntu-24-04","tag-openvas-gvm","tag-ubuntu-24-04","generate-columns","tablet-grid-50","mobile-grid-100","grid-parent","grid-50","resize-featured-image"],"_links":{"self":[{"href":"https:\/\/kifarunix.com\/wp-json\/wp\/v2\/posts\/22484"}],"collection":[{"href":"https:\/\/kifarunix.com\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/kifarunix.com\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/kifarunix.com\/wp-json\/wp\/v2\/users\/10"}],"replies":[{"embeddable":true,"href":"https:\/\/kifarunix.com\/wp-json\/wp\/v2\/comments?post=22484"}],"version-history":[{"count":10,"href":"https:\/\/kifarunix.com\/wp-json\/wp\/v2\/posts\/22484\/revisions"}],"predecessor-version":[{"id":22516,"href":"https:\/\/kifarunix.com\/wp-json\/wp\/v2\/posts\/22484\/revisions\/22516"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/kifarunix.com\/wp-json\/wp\/v2\/media\/18416"}],"wp:attachment":[{"href":"https:\/\/kifarunix.com\/wp-json\/wp\/v2\/media?parent=22484"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/kifarunix.com\/wp-json\/wp\/v2\/categories?post=22484"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/kifarunix.com\/wp-json\/wp\/v2\/tags?post=22484"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}