{"id":7922,"date":"2021-02-11T23:59:16","date_gmt":"2021-02-11T20:59:16","guid":{"rendered":"https:\/\/kifarunix.com\/?p=7922"},"modified":"2024-03-19T19:34:41","modified_gmt":"2024-03-19T16:34:41","slug":"install-and-setup-gvm-20-08-on-debian","status":"publish","type":"post","link":"https:\/\/kifarunix.com\/install-and-setup-gvm-20-08-on-debian\/","title":{"rendered":"Install and setup GVM 20.08 on Debian 10"},"content":{"rendered":"\n<p>In this guide, you will learn how to install and setup <a aria-label=\"GVM 20.08 (opens in a new tab)\" href=\"https:\/\/community.greenbone.net\/t\/gvm-20-08-stable-initial-release-2020-08-12\/6312\" target=\"_blank\" rel=\"noreferrer noopener\" class=\"rank-math-link\">GVM 20.08<\/a> on Debian 10. <a rel=\"noreferrer noopener\" href=\"https:\/\/community.greenbone.net\/\" target=\"_blank\"><strong>G<\/strong>reenbone&nbsp;<strong>V<\/strong>ulnerability&nbsp;<strong>M<\/strong>anagement (GVM)<\/a>, previously known as OpenVAS, is a network security scanner which provides a set of network vulnerability tests (NVTs) to detect security loopholes in systems and applications. As of this writing, <a aria-label=\"GVM 20.08 is the current stable release (opens in a new tab)\" href=\"https:\/\/community.greenbone.net\/t\/gvm-20-08-stable-initial-release-2020-08-12\/6312\" target=\"_blank\" rel=\"noreferrer noopener\" class=\"rank-math-link\">GVM 20.08 is the current stable release<\/a> and <em>&nbsp;is the first release that uses a calendar based versioning (August of 2020)<\/em>.<\/p>\n\n\n\n<p>With the release of GVM 20.08, GVM 10 and GVM 11 were set to retire by end of 2020.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"install-gvm-11-ubuntu-20.04\">Install GVM on Debian 10<\/h2>\n\n\n\n<h3 class=\"wp-block-heading\">Prerequisites<\/h3>\n\n\n\n<p>In this demo, we will install and setup GVM from source code. As such, below are the system requirements I would personally recommend.<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>At least 4 GB RAM<\/li>\n\n\n\n<li>At least 4 vCPUs<\/li>\n\n\n\n<li>More than 8 GB disk space (We used 16 GB in this demo)<\/li>\n<\/ul>\n\n\n\n<p>These requirements will vary depending on your use cases, however. Just be sure to provide &#8220;enough&#8221;.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">Run System Update<\/h3>\n\n\n\n<p>To begin with, update and upgrade your system packages;<\/p>\n\n\n\n<pre class=\"wp-block-preformatted\"><code>apt update<\/code><\/pre>\n\n\n\n<pre class=\"wp-block-preformatted\"><code>apt upgrade<\/code><\/pre>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"create-gvm-user\">Create GVM User on Ubuntu<\/h3>\n\n\n\n<p>In this demo, we will run GVM 20.08 as a non privileged system user. Thus, create <code><strong>gvm<\/strong><\/code> system user account.<\/p>\n\n\n\n<pre class=\"wp-block-preformatted\"><code>useradd -r -d \/opt\/gvm -c \"GVM User\" -s \/bin\/bash gvm<\/code><\/pre>\n\n\n\n<p>Create the GVM user directory as specified by option <code>-d<\/code> in the command above and set the user and group ownership to <code>gvm<\/code>.<\/p>\n\n\n\n<pre class=\"wp-block-preformatted\"><code>mkdir \/opt\/gvm<\/code><\/pre>\n\n\n\n<pre class=\"wp-block-preformatted\"><code>chown gvm: \/opt\/gvm<\/code><\/pre>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"install-gvm-11-required-dependencies\">Install Required Build Tools<\/h3>\n\n\n\n<p>In order to successfully build GVM 20.08 on Debian 10, you need to install a number of required dependencies and build tools.<\/p>\n\n\n\n<pre class=\"wp-block-preformatted\"><code>apt install gcc g++ make bison flex libksba-dev curl redis libpcap-dev \\\ncmake git pkg-config libglib2.0-dev libgpgme-dev nmap libgnutls28-dev uuid-dev \\\nlibssh-gcrypt-dev libldap2-dev gnutls-bin libmicrohttpd-dev libhiredis-dev \\\nzlib1g-dev libxml2-dev libradcli-dev clang-format libldap2-dev doxygen \\\ngcc-mingw-w64 xml-twig-tools libical-dev perl-base heimdal-dev libpopt-dev &nbsp;libunistring-dev graphviz \\\nlibsnmp-dev python3-setuptools python3-paramiko python3-lxml python3-defusedxml python3-dev gettext python3-polib xmltoman \\\npython3-pip texlive-fonts-recommended texlive-latex-extra --no-install-recommends xsltproc sudo vim rsync<\/code><\/pre>\n\n\n\n<h4 class=\"wp-block-heading\" id=\"install-yarn-ubuntu-20.04\">Install Yarn on Debian 10<\/h4>\n\n\n\n<p>Next, install Yarn JavaScript package manager<\/p>\n\n\n\n<pre class=\"wp-block-preformatted\"><code>curl -sS https:\/\/dl.yarnpkg.com\/debian\/pubkey.gpg | apt-key add -<\/code><\/pre>\n\n\n\n<pre class=\"wp-block-preformatted\"><code>echo \"deb https:\/\/dl.yarnpkg.com\/debian\/ stable main\" | tee \/etc\/apt\/sources.list.d\/yarn.list<\/code><\/pre>\n\n\n\n<pre class=\"wp-block-preformatted\"><code>apt update<\/code><\/pre>\n\n\n\n<pre class=\"wp-block-preformatted\"><code>apt install yarn -y<\/code><\/pre>\n\n\n\n<h4 class=\"wp-block-heading\" id=\"install-postgresql-ubuntu20.04\">Install PostgreSQL on Debian 10<\/h4>\n\n\n\n<p>GVM 20.08 uses PostgreSQL as the backend database. Therefore, run the command below to install PostgreSQL on Debian 10;<\/p>\n\n\n\n<pre class=\"wp-block-preformatted\"><code>apt install postgresql postgresql-contrib postgresql-server-dev-all<\/code><\/pre>\n\n\n\n<h4 class=\"wp-block-heading\" id=\"create-postgresql-user-n-db\">Create PostgreSQL User and Database<\/h4>\n\n\n\n<p>Once the installation is done, create the PostgreSQL user and database for Greenbone Vulnerability Management Daemon (gvmd). Note that the database and user should be created as PostgreSQL user,&nbsp;<strong>postgres<\/strong>.<\/p>\n\n\n\n<pre class=\"wp-block-preformatted\"><code>sudo -Hiu postgres\ncreateuser gvm\ncreatedb -O gvm gvmd<\/code><\/pre>\n\n\n\n<p>Grant PostgreSQL User DBA Roles<\/p>\n\n\n\n<pre class=\"wp-block-preformatted\"><code>psql gvmd\ncreate role dba with superuser noinherit;\ngrant dba to gvm;\ncreate extension \"uuid-ossp\";\ncreate extension \"pgcrypto\";\n\\q\nexit<\/code><\/pre>\n\n\n\n<p>Once that is done, restart PostgreSQL;<\/p>\n\n\n\n<pre class=\"wp-block-preformatted\"><code>systemctl restart postgresql<\/code><\/pre>\n\n\n\n<pre class=\"wp-block-preformatted\"><code>systemctl enable postgresql<\/code><\/pre>\n\n\n\n<p>Want to get started in CyberSecurity? Check the link below;<\/p>\n\n\n\n<p><a target=\"_blank\" href=\"https:\/\/www.amazon.com\/gp\/product\/B07SB5DYM4\/ref=as_li_tl?ie=UTF8&amp;camp=1789&amp;creative=9325&amp;creativeASIN=B07SB5DYM4&amp;linkCode=as2&amp;tag=unixkip-20&amp;linkId=c6df78e0fcfb21807a3b272a087ef50c\" rel=\"noopener\">Cybersecurity: The Beginner&#8217;s Guide: A comprehensive guide to getting started in cybersecurity<\/a><\/p>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"install-gvm-11-from-source-ubuntu-20.04\">Building GVM 20.08 from Source Code<\/h3>\n\n\n\n<p>There are different tools required to install and setup GVM. These include;<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>GVM Libraries<\/li>\n\n\n\n<li>OpenVAS Scanner<\/li>\n\n\n\n<li>OSPd<\/li>\n\n\n\n<li>ospd-openvas<\/li>\n\n\n\n<li>Greenbone Vulnerability Manager<\/li>\n\n\n\n<li>Greenbone Security Assistant <\/li>\n\n\n\n<li>Python-GVM<\/li>\n\n\n\n<li>GVM-Tools <\/li>\n\n\n\n<li>OpenVAS SMB<\/li>\n<\/ul>\n\n\n\n<p>Every component has <strong>README.md<\/strong>&nbsp;and a&nbsp;<strong>INSTALL.md<\/strong>&nbsp;file that explains how to build and install it.<\/p>\n\n\n\n<p>Since we are running GVM as non-privileged user, gvm, then we will install all the GVM configuration files and libraries under, <code><strong>\/opt\/gvm<\/strong><\/code>.<\/p>\n\n\n\n<p>Update the PATH environment variable on <code><strong>\/etc\/environment<\/strong><\/code>, to include the GVM binary path such that it looks like;<\/p>\n\n\n\n<pre class=\"wp-block-preformatted\"><code>echo \"PATH=\\$PATH:\/opt\/gvm\/bin:\/opt\/gvm\/sbin:\/opt\/gvm\/.local\/bin\" &gt; \/etc\/profile.d\/gvm.sh<\/code><\/pre>\n\n\n\n<p>Add GVM library path to <code><strong>\/etc\/ld.so.conf.d<\/strong><\/code>. <\/p>\n\n\n\n<pre class=\"wp-block-preformatted\"><code>echo \"\/opt\/gvm\/lib\" &gt; \/etc\/ld.so.conf.d\/gvm.conf<\/code><\/pre>\n\n\n\n<h4 class=\"wp-block-heading\">Build and Install GVM 20.08 on Debian 10<\/h4>\n\n\n\n<p>Switch to GVM user, gvm and create a temporary directory to store GVM source files.<\/p>\n\n\n\n<pre class=\"wp-block-preformatted\"><code>su - gvm<\/code><\/pre>\n\n\n\n<pre class=\"wp-block-preformatted\"><code>mkdir gvm-source<\/code><\/pre>\n\n\n\n<h4 class=\"wp-block-heading\" id=\"download-gvm-11-source-files\">Download GVM 20.08 Source Files<\/h4>\n\n\n\n<p>Navigate to temporary directory created above and run the subsequent commands to clone the GVM github branch files.<\/p>\n\n\n\n<pre class=\"wp-block-preformatted\"><code>cd gvm-source<\/code><\/pre>\n\n\n\n<pre class=\"wp-block-preformatted\"><code>git clone -b gvm-libs-20.08 https:\/\/github.com\/greenbone\/gvm-libs.git<\/code><\/pre>\n\n\n\n<pre class=\"wp-block-preformatted\"><code>git clone -b master https:\/\/github.com\/greenbone\/openvas-smb.git<\/code><\/pre>\n\n\n\n<pre class=\"wp-block-preformatted\"><code>git clone -b openvas-20.08 https:\/\/github.com\/greenbone\/openvas.git<\/code><\/pre>\n\n\n\n<pre class=\"wp-block-preformatted\"><code>git clone -b ospd-20.08 https:\/\/github.com\/greenbone\/ospd.git<\/code><\/pre>\n\n\n\n<pre class=\"wp-block-preformatted\"><code>git clone -b ospd-openvas-20.08 https:\/\/github.com\/greenbone\/ospd-openvas.git<\/code><\/pre>\n\n\n\n<pre class=\"wp-block-preformatted\"><code>git clone -b gvmd-20.08 https:\/\/github.com\/greenbone\/gvmd.git<\/code><\/pre>\n\n\n\n<pre class=\"wp-block-preformatted\"><code>git clone -b gsa-20.08 https:\/\/github.com\/greenbone\/gsa.git<\/code><\/pre>\n\n\n\n<p>Once the source files are in place, proceed to build and install GVM 20.08 on Debian 10.<\/p>\n\n\n\n<p>Note the current working directory;<\/p>\n\n\n\n<pre class=\"wp-block-preformatted\"><code>pwd<\/code><\/pre>\n\n\n\n<pre class=\"wp-block-preformatted\"><code>\/opt\/gvm\/gvm-source<\/code><\/pre>\n\n\n\n<pre class=\"wp-block-preformatted\"><code>ls -1<\/code><\/pre>\n\n\n\n<pre class=\"wp-block-code\"><code>gsa\ngvmd\ngvm-libs\nopenvas\nopenvas-smb\nospd\nospd-openvas<\/code><\/pre>\n\n\n\n<p>Note that we will install all GVM 20.08 files and libraries to a non-standard location, <code>\/opt\/gvm<\/code>. As such, you need to set the <code>PKG_CONFIG_PATH<\/code> environment variable to the location of your pkg-config files before configuring:<\/p>\n\n\n\n<pre class=\"wp-block-preformatted\"><code>export PKG_CONFIG_PATH=\/opt\/gvm\/lib\/pkgconfig:$PKG_CONFIG_PATH<\/code><\/pre>\n\n\n\n<p>Be sure to replace the path, <code><strong>\/opt\/gvm<\/strong><\/code>, accordingly.<\/p>\n\n\n\n<p><strong>I would suggest you take a snapshot of your machine at this point, <\/strong>just in  case things don&#8217;t work out, you can revert to this stage without having to start from scratch!<\/p>\n\n\n\n<a href=\"https:\/\/pluralsight.pxf.io\/c\/2935865\/480964\/7490\" target=\"_top\" id=\"480964\" rel=\"noopener\"><style> div {text-align: center;}<\/style>\n<div><img loading=\"lazy\" decoding=\"async\" src=\"\/\/a.impactradius-go.com\/display-ad\/7490-480964\" border=\"0\" alt=\"\" width=\"300\" height=\"180\" title=\"\"><\/div><\/a><img loading=\"lazy\" decoding=\"async\" height=\"0\" width=\"0\" src=\"https:\/\/pluralsight.pxf.io\/i\/2935865\/480964\/7490\" alt=\"\" title=\"\">\n\n\n\n<h4 class=\"wp-block-heading\" id=\"install-gvm-11-libraries\">Build and Install GVM 11 Libraries<\/h4>\n\n\n\n<p>From within the source directory, <strong><code>\/opt\/gvm\/gvm-source<\/code><\/strong>, in this setup, change to GVM libraries directory;<\/p>\n\n\n\n<pre class=\"wp-block-preformatted\"><code>cd gvm-libs<\/code><\/pre>\n\n\n\n<p>Create a build directory and change into it;<\/p>\n\n\n\n<pre class=\"wp-block-preformatted\"><code>mkdir build\ncd build<\/code><\/pre>\n\n\n\n<p>Configure the build;<\/p>\n\n\n\n<pre class=\"wp-block-preformatted\"><code>cmake .. -DCMAKE_INSTALL_PREFIX=\/opt\/gvm<\/code><\/pre>\n\n\n\n<p>Next, compile and install GVM libraries<\/p>\n\n\n\n<pre class=\"wp-block-preformatted\"><code>make<\/code><\/pre>\n\n\n\n<pre class=\"wp-block-preformatted\"><code>make install<\/code><\/pre>\n\n\n\n<h4 class=\"wp-block-heading\" id=\"install-openvas-scanner-smb\">Build and Install OpenVAS scanner and OpenVAS SMB<\/h4>\n\n\n\n<p>Open Vulnerability Assessment Scanner (OpenVAS) is a full-featured scan engine that executes a continuously updated and extended feed of Network Vulnerability Tests (NVTs).<\/p>\n\n\n\n<p>OpenVAS SMB provides modules for the OpenVAS Scanner to interface with Microsoft Windows Systems through the Windows Management Instrumentation API and a&nbsp;<code>winexe<\/code>&nbsp;binary to execute processes remotely on that system.<\/p>\n\n\n\n<p>Build and install openvas-smb;<\/p>\n\n\n\n<pre class=\"wp-block-preformatted\"><code>cd ..\/..\/openvas-smb\/\nmkdir build\ncd build\ncmake .. -DCMAKE_INSTALL_PREFIX=\/opt\/gvm\nmake\nmake install<\/code><\/pre>\n\n\n\n<p>Build and install OpenVAS scanner;<\/p>\n\n\n\n<pre class=\"wp-block-preformatted\"><code>cd ..\/..\/openvas<\/code><\/pre>\n\n\n\n<p>Proceed to build and install openvas.<\/p>\n\n\n\n<pre class=\"wp-block-preformatted\"><code>mkdir build\ncd build\ncmake .. -DCMAKE_INSTALL_PREFIX=\/opt\/gvm\nmake\nmake install<\/code><\/pre>\n\n\n\n<h4 class=\"wp-block-heading\" id=\"configure-openvas-scanner-gvm11\">Configuring OpenVAS Scanner<\/h4>\n\n\n\n<p>The host scan information is stored temporarily on Redis server. The default configuration of Redis server is <code>\/etc\/redis\/redis.conf<\/code>.<\/p>\n\n\n\n<p>Switch back to privileged user and proceed.<\/p>\n\n\n\n<pre class=\"wp-block-preformatted\"><code>exit<\/code><\/pre>\n\n\n\n<p>To begin run the command below to create the cache to the installed shared libraries;<\/p>\n\n\n\n<pre class=\"wp-block-preformatted\"><code>ldconfig<\/code><\/pre>\n\n\n\n<p>Next, copy OpenVAS scanner Redis configuration file, <code>redis-openvas.conf<\/code>, to the same Redis config directory;<\/p>\n\n\n\n<pre class=\"wp-block-preformatted\"><code>cp \/opt\/gvm\/gvm-source\/openvas\/config\/redis-openvas.conf \/etc\/redis\/<\/code><\/pre>\n\n\n\n<p>Update the ownership of the configuration.<\/p>\n\n\n\n<pre class=\"wp-block-preformatted\"><code>chown redis:redis \/etc\/redis\/redis-openvas.conf<\/code><\/pre>\n\n\n\n<p>Update the path to Redis unix socket on the <code><strong>\/opt\/gvm\/etc\/openvas\/openvas.conf<\/strong><\/code>&nbsp;using the&nbsp;<strong><code>db_address<\/code><\/strong>&nbsp;parameter as follows;<\/p>\n\n\n\n<pre class=\"wp-block-preformatted\"><code>echo \"db_address = <strong><strong>\/run\/redis-openvas\/redis.sock<\/strong><\/strong>\" &gt; \/opt\/gvm\/etc\/openvas\/openvas.conf<\/code><\/pre>\n\n\n\n<p>Note, the Unix socket path is defined on <code>\/etc\/redis\/redis-openvas.conf<\/code> file.<\/p>\n\n\n\n<pre class=\"wp-block-preformatted\"><code>chown gvm:gvm \/opt\/gvm\/etc\/openvas\/openvas.conf<\/code><\/pre>\n\n\n\n<p>Add gvm user to redis group;<\/p>\n\n\n\n<pre class=\"wp-block-preformatted\"><code>usermod -aG redis gvm<\/code><\/pre>\n\n\n\n<p>You can also optimize Redis server itself improve the performance by making the following adjustments;<\/p>\n\n\n\n<p>Increase the value of somaxconn in order to avoid slow clients connections issues.<\/p>\n\n\n\n<pre class=\"wp-block-preformatted\"><code>echo \"net.core.somaxconn = 1024\" &gt;&gt; \/etc\/sysctl.conf<\/code><\/pre>\n\n\n\n<p>Redis background save may fail under low memory condition. To avoid this, enable memory overcommit (<strong>man 5 proc)<\/strong>.<\/p>\n\n\n\n<pre class=\"wp-block-preformatted\"><code>echo 'vm.overcommit_memory = 1' &gt;&gt; \/etc\/sysctl.conf<\/code><\/pre>\n\n\n\n<p>Reload sysctl variables created above.<\/p>\n\n\n\n<pre class=\"wp-block-preformatted\"><code>sysctl -p<\/code><\/pre>\n\n\n\n<p>To avoid creation of latencies and memory usage issues with Redis, disable Linux Kernel\u2019s support for Transparent Huge Pages (THP). To easily work around this, create a systemd service unit for this purpose.<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>cat &gt; \/etc\/systemd\/system\/disable_thp.service &lt;&lt; 'EOL'\n&#91;Unit]\nDescription=Disable Kernel Support for Transparent Huge Pages (THP)\n\n&#91;Service]\nType=simple\nExecStart=\/bin\/sh -c \"echo 'never' &gt; \/sys\/kernel\/mm\/transparent_hugepage\/enabled &amp;&amp; echo 'never' &gt; \/sys\/kernel\/mm\/transparent_hugepage\/defrag\"\n\n&#91;Install]\nWantedBy=multi-user.target\nEOL<\/code><\/pre>\n\n\n\n<p>Reload systemd configurations;<\/p>\n\n\n\n<pre class=\"wp-block-preformatted\"><code>systemctl daemon-reload<\/code><\/pre>\n\n\n\n<p>Start and enable this service to run on system boot.<\/p>\n\n\n\n<pre class=\"wp-block-preformatted\"><code>systemctl enable --now disable_thp<\/code><\/pre>\n\n\n\n<p>Restart OpenVAS Redis server<\/p>\n\n\n\n<pre class=\"wp-block-preformatted\"><code>systemctl enable --now redis-server@openvas<\/code><\/pre>\n\n\n\n<p>A number of Network Vulnerability Tests (NVTs) require root privileges to perform certain operations. Since <code>openvas<\/code> is launched from an <code>ospd-openvas<\/code> process, via sudo, add the line below to sudoers file to ensure that the <code>gvm<\/code> user used in this demo can run the openvas with elevated rights using passwordless sudo.<\/p>\n\n\n\n<pre class=\"wp-block-preformatted\"><code>echo \"gvm ALL = NOPASSWD: \/opt\/gvm\/sbin\/openvas\" &gt; \/etc\/sudoers.d\/gvm<\/code><\/pre>\n\n\n\n<p>Also, update the <code><strong>secure_path<\/strong><\/code> to include the GVM <code>\/sbin<\/code> paths, <code><strong>\/opt\/gvm\/sbin<\/strong><\/code>.<\/p>\n\n\n\n<pre class=\"wp-block-preformatted\"><code>visudo<\/code><\/pre>\n\n\n\n<pre class=\"wp-block-preformatted\"><code>Defaults secure_path=\"\/usr\/local\/sbin:\/usr\/local\/bin:\/usr\/sbin:\/usr\/bin:\/sbin:\/bin:\/snap\/bin:<strong>\/opt\/gvm\/sbin<\/strong>\"<\/code><\/pre>\n\n\n\n<p>Also, enable <code>gvm<\/code> user to run GSA web application daemon, <code>gsad<\/code>, with passwordless sudo.<\/p>\n\n\n\n<pre class=\"wp-block-preformatted\"><code>echo \"gvm ALL = NOPASSWD: \/opt\/gvm\/sbin\/gsad\" &gt;&gt; \/etc\/sudoers.d\/gvm<\/code><\/pre>\n\n\n\n<h4 class=\"wp-block-heading\">Update NVTs<\/h4>\n\n\n\n<p>Update Network Vulnerability Tests feed from Greenbone Security Feed\/Community Feed using the <code>greenbone-nvt-sync<\/code> command.<\/p>\n\n\n\n<p>The <code>greenbone-nvt-sync<\/code> command <strong>must not<\/strong> be executed as privileged user root, hence switch back to GVM user we created above and update the NVTs.<\/p>\n\n\n\n<pre class=\"wp-block-preformatted\"><code>su - gvm<\/code><\/pre>\n\n\n\n<p>Next, update the NVTs as openvas user;<\/p>\n\n\n\n<pre class=\"wp-block-preformatted\"><code>greenbone-nvt-sync<\/code><\/pre>\n\n\n\n<p>Once the update is done, you need to update Redis server with the same VT info from VT files;<\/p>\n\n\n\n<pre class=\"wp-block-preformatted\"><code>sudo openvas --update-vt-info<\/code><\/pre>\n\n\n\n<h4 class=\"wp-block-heading\" id=\"install-gvm-ubuntu20.04\">Build and Install Greenbone Vulnerability Manager<\/h4>\n\n\n\n<pre class=\"wp-block-preformatted\"><code>export PKG_CONFIG_PATH=\/opt\/gvm\/lib\/pkgconfig:$PKG_CONFIG_PATH<\/code><\/pre>\n\n\n\n<pre class=\"wp-block-preformatted\"><code>cd gvm-source\/gvmd\nmkdir build\ncd build\ncmake .. -DCMAKE_INSTALL_PREFIX=\/opt\/gvm\nmake\nmake install<\/code><\/pre>\n\n\n\n<h4 class=\"wp-block-heading\" id=\"install-gsa-ubuntu20.04\">Build and Install Greenbone Security Assistant<\/h4>\n\n\n\n<pre class=\"wp-block-preformatted\"><code>cd ..\/..\/gsa\nmkdir build\ncd build\ncmake .. -DCMAKE_INSTALL_PREFIX=\/opt\/gvm\nmake\nmake install<\/code><\/pre>\n\n\n\n<h4 class=\"wp-block-heading\">Generate GVM Certificates<\/h4>\n\n\n\n<p>Next, run the command below to generate certificates gvmd. Server certificates are used for authentication while client certificates are primarily used for authorization. More on <code><strong>man gvm-manage-certs<\/strong><\/code>.<\/p>\n\n\n\n<pre class=\"wp-block-preformatted\"><code>gvm-manage-certs -a<\/code><\/pre>\n\n\n\n<h4 class=\"wp-block-heading\">Keeping the feeds up-to-date<\/h4>\n\n\n\n<p>The gvmd <code><strong>Data<\/strong><\/code>, <strong><code>SCAP<\/code><\/strong> and <code><strong>CERT<\/strong><\/code> Feeds should be kept up-to-date by calling the <code>greenbone-feed-sync<\/code> script regularly (e.g. via a cron entry):<\/p>\n\n\n\n<pre class=\"wp-block-preformatted\"><code>sudo -Hiu gvm greenbone-feed-sync --type GVMD_DATA<\/code><\/pre>\n\n\n\n<pre class=\"wp-block-preformatted\"><code>sudo -Hiu gvm greenbone-feed-sync --type SCAP<\/code><\/pre>\n\n\n\n<pre class=\"wp-block-preformatted\"><code>sudo -Hiu gvm greenbone-feed-sync --type CERT<\/code><\/pre>\n\n\n\n<p>Please note: The <code>CERT<\/code> feed sync depends on data provided by the <code>SCAP<\/code> feed and should be called after syncing the later.<\/p>\n\n\n\n<p>Also, in case the commands fail with such an error;<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>rsync: read error: Connection reset by peer (104)\nrsync error: error in socket IO (code 10) at io.c(794) &#91;receiver=3.1.3]\nrsync: connection unexpectedly closed (1047 bytes received so far) &#91;generator]\nrsync error: error in rsync protocol data stream (code 12) at io.c(235) &#91;generator=3.1.3]<\/code><\/pre>\n\n\n\n<p>Try adding <code><strong>--rsync<\/strong><\/code> option to the command, for example;<\/p>\n\n\n\n<pre class=\"wp-block-preformatted\"><code>sudo -Hiu gvm greenbone-feed-sync --type CERT --rsync<\/code><\/pre>\n\n\n\n<h4 class=\"wp-block-heading\" id=\"build-install-ospd-ospd-openvas\">Build and Install OSPd and OSPd-OpenVAS<\/h4>\n\n\n\n<p>Open Scanner Protocol (OSP) creates a unified interface for different security scanners and makes their control flow and scan results consistently available under the central Greenbone Vulnerability Manager service.<\/p>\n\n\n\n<p>As much as you can build them from the source, it has been made such that you can install using Python package manager, pip as shown below;<\/p>\n\n\n\n<pre class=\"wp-block-preformatted\"><code>su - gvm<\/code><\/pre>\n\n\n\n<pre class=\"wp-block-preformatted\"><code>pip3 install wheel<\/code><\/pre>\n\n\n\n<pre class=\"wp-block-preformatted\"><code>pip3 install python-gvm gvm-tools<\/code><\/pre>\n\n\n\n<p>Build and install OSPd and OSPd-openvas:<\/p>\n\n\n\n<pre class=\"wp-block-preformatted\"><code>cd \/opt\/gvm\/gvm-source\/ospd\npython3 -m pip install .<\/code><\/pre>\n\n\n\n<pre class=\"wp-block-preformatted\"><code>cd \/opt\/gvm\/gvm-source\/ospd-openvas\npython3 -m pip install .<\/code><\/pre>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"running-gvm11-services-ubuntu20.04\">Running OpenVAS Scanner, GSA and GVM services<\/h3>\n\n\n\n<p>In order to make the management of OpenVAS scanner, GSA (WebUI service) and GVM daemon, create systemd service unit files for each of them as follows.<\/p>\n\n\n\n<p>Log out as <code><strong>gvm<\/strong><\/code> user and execute the commands below as a privileged user.<\/p>\n\n\n\n<pre class=\"wp-block-preformatted\"><code>exit<\/code><\/pre>\n\n\n\n<h4 class=\"wp-block-heading\" id=\"create-gvm11-systemd-services\">Creating Systemd Service units for GVM services<\/h4>\n\n\n\n<h5 class=\"wp-block-heading\" id=\"create-gvm-11-openvas-service\">Create OpenVAS systemd service<\/h5>\n\n\n\n<pre class=\"scroll-box\"><code>cat &gt; \/etc\/systemd\/system\/openvas.service &lt;&lt; 'EOL'\n[Unit]\nDescription=Control the OpenVAS service\nAfter=redis.service\nAfter=postgresql.service\n\n[Service]\nExecStartPre=-rm -rf \/opt\/gvm\/var\/run\/ospd-openvas.pid \/opt\/gvm\/var\/run\/ospd.sock \/opt\/gvm\/var\/run\/gvmd.sock\nType=simple\nUser=gvm\nGroup=gvm\nEnvironment=PATH=\/usr\/local\/sbin:\/usr\/local\/bin:\/usr\/sbin:\/usr\/bin:\/sbin:\/bin:\/usr\/games:\/usr\/local\/games:\/opt\/gvm\/bin:\/opt\/gvm\/sbin:\/opt\/gvm\/.local\/bin\nExecStart=\/usr\/bin\/python3 \/opt\/gvm\/.local\/bin\/ospd-openvas \\\n--pid-file \/opt\/gvm\/var\/run\/ospd-openvas.pid \\\n--log-file \/opt\/gvm\/var\/log\/gvm\/ospd-openvas.log \\\n--lock-file-dir \/opt\/gvm\/var\/run -u \/opt\/gvm\/var\/run\/ospd.sock\nRemainAfterExit=yes\n\n[Install]\nWantedBy=multi-user.target\nEOL\n<\/code><\/pre>\n\n\n\n<p>Reload systemd service unit configurations.<\/p>\n\n\n\n<pre class=\"wp-block-preformatted\"><code>systemctl daemon-reload<\/code><\/pre>\n\n\n\n<pre class=\"wp-block-preformatted\"><code>systemctl start openvas<\/code><\/pre>\n\n\n\n<p>Check the status of the service;<\/p>\n\n\n\n<pre class=\"wp-block-preformatted\"><code>systemctl status openvas<\/code><\/pre>\n\n\n\n<pre class=\"scroll-box\"><code>\u25cf openvas.service - Control the OpenVAS service\n   Loaded: loaded (\/etc\/systemd\/system\/openvas.service; disabled; vendor preset: enabled)\n   Active: active (exited) since Thu 2021-02-11 04:22:34 EST; 12s ago\n  Process: 2785 ExecStartPre=\/usr\/bin\/rm -rf \/opt\/gvm\/var\/run\/ospd-openvas.pid \/opt\/gvm\/var\/run\/ospd.sock \/opt\/gvm\/var\/run\/gvmd.sock (code=exited, status=0\/SUCCESS)\n  Process: 2786 ExecStart=\/usr\/bin\/python3 \/opt\/gvm\/.local\/bin\/ospd-openvas --pid-file \/opt\/gvm\/var\/run\/ospd-openvas.pid --log-file \/opt\/gvm\/var\/log\/gvm\/ospd-openvas.log --\n Main PID: 2786 (code=exited, status=0\/SUCCESS)\n    Tasks: 6 (limit: 2359)\n   Memory: 61.4M\n   CGroup: \/system.slice\/openvas.service\n           \u251c\u25002788 \/usr\/bin\/python3 \/opt\/gvm\/.local\/bin\/ospd-openvas --pid-file \/opt\/gvm\/var\/run\/ospd-openvas.pid --log-file \/opt\/gvm\/var\/log\/gvm\/ospd-openvas.log --lock-fil\n           \u251c\u25002790 \/usr\/bin\/python3 \/opt\/gvm\/.local\/bin\/ospd-openvas --pid-file \/opt\/gvm\/var\/run\/ospd-openvas.pid --log-file \/opt\/gvm\/var\/log\/gvm\/ospd-openvas.log --lock-fil\n           \u251c\u25002798 openvas --update-vt-info\n           \u2514\u25002799 openvas --update-vt-info\n\nFeb 11 04:22:34 debian systemd[1]: Starting Control the OpenVAS service...\nFeb 11 04:22:34 debian systemd[1]: Started Control the OpenVAS service.\n<\/code><\/pre>\n\n\n\n<p>Enable OpenVAS scanner to run on system boot;<\/p>\n\n\n\n<pre class=\"wp-block-preformatted\"><code>systemctl enable openvas<\/code><\/pre>\n\n\n\n<h5 class=\"wp-block-heading\" id=\"create-gsa-service-unit-file\">Create GSA systemd service Unit file<\/h5>\n\n\n\n<pre class=\"scroll-box\"><code>cat &gt; \/etc\/systemd\/system\/gsa.service &lt;&lt; 'EOL'\n[Unit]\nDescription=Control the OpenVAS GSA service\nAfter=openvas.service\n\n[Service]\nType=simple\nUser=gvm\nGroup=gvm\nEnvironment=PATH=\/usr\/local\/sbin:\/usr\/local\/bin:\/usr\/sbin:\/usr\/bin:\/sbin:\/bin:\/usr\/games:\/usr\/local\/games:\/opt\/gvm\/bin:\/opt\/gvm\/sbin:\/opt\/gvm\/.local\/bin\nExecStart=\/usr\/bin\/sudo \/opt\/gvm\/sbin\/gsad\nRemainAfterExit=yes\n\n[Install]\nWantedBy=multi-user.target\nEOL\n<\/code><\/pre>\n\n\n\n<pre class=\"scroll-box\"><code>cat &gt;  \/etc\/systemd\/system\/gsa.path &lt;&lt; 'EOL'\n[Unit]\nDescription=Start the OpenVAS GSA service when gvmd.sock is available\n\n[Path]\nPathChanged=\/opt\/gvm\/var\/run\/gvmd.sock\nUnit=gsa.service\n\n[Install]\nWantedBy=multi-user.target\nEOL\n<\/code><\/pre>\n\n\n\n<h5 class=\"wp-block-heading\" id=\"create-gvm-service-unit-file\">Create GVM Systemd Service unit file<\/h5>\n\n\n\n<pre class=\"scroll-box\"><code>cat &gt; \/etc\/systemd\/system\/gvm.service &lt;&lt; 'EOL'\n[Unit]\nDescription=Control the OpenVAS GVM service\nAfter=openvas.service\n\n[Service]\nType=simple\nUser=gvm\nGroup=gvm\nEnvironment=PATH=\/usr\/local\/sbin:\/usr\/local\/bin:\/usr\/sbin:\/usr\/bin:\/sbin:\/bin:\/usr\/games:\/usr\/local\/games:\/opt\/gvm\/bin:\/opt\/gvm\/sbin:\/opt\/gvm\/.local\/bin\nExecStart=\/opt\/gvm\/sbin\/gvmd --osp-vt-update=\/opt\/gvm\/var\/run\/ospd.sock\nRemainAfterExit=yes\n\n[Install]\nWantedBy=multi-user.target\nEOL\n<\/code><\/pre>\n\n\n\n<pre class=\"scroll-box\"><code>cat &gt; \/etc\/systemd\/system\/gvm.path &lt;&lt; 'EOL'\n[Unit]\nDescription=Start the OpenVAS GVM service when opsd.sock is available\n\n[Path]\nPathChanged=\/opt\/gvm\/var\/run\/ospd.sock\nUnit=gvm.service\n\n[Install]\nWantedBy=multi-user.target\nEOL\n<\/code><\/pre>\n\n\n\n<p>Reload system unit configs and start the services;<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>systemctl daemon-reload\nsystemctl enable --now gvm.{path,service}\nsystemctl enable --now gsa.{path,service}<\/code><\/pre>\n\n\n\n<p>Checking the status;<\/p>\n\n\n\n<pre class=\"wp-block-preformatted\"><code>systemctl status gvm.{path,service}<\/code><\/pre>\n\n\n\n<pre class=\"scroll-box\"><code>\u25cf gvm.path - Start the OpenVAS GVM service when opsd.sock is available\n   Loaded: loaded (\/etc\/systemd\/system\/gvm.path; enabled; vendor preset: enabled)\n   Active: active (waiting) since Thu 2021-02-11 04:24:50 EST; 31s ago\n\nFeb 11 04:24:50 debian systemd[1]: Started Start the OpenVAS GVM service when opsd.sock is available.\n\n\u25cf gvm.service - Control the OpenVAS GVM service\n   Loaded: loaded (\/etc\/systemd\/system\/gvm.service; enabled; vendor preset: enabled)\n   Active: active (exited) since Thu 2021-02-11 04:24:50 EST; 31s ago\n Main PID: 2885 (code=exited, status=0\/SUCCESS)\n    Tasks: 8 (limit: 2359)\n   Memory: 336.5M\n   CGroup: \/system.slice\/gvm.service\n           \u251c\u25002886 gvmd: Waiting for incoming connections\n           \u251c\u25002938 gpg-agent --homedir \/opt\/gvm\/var\/lib\/gvm\/gvmd\/gnupg --use-standard-socket --daemon\n           \u251c\u25002947 gvmd: Reloading NVTs\n           \u251c\u25002948 gvmd: Syncing SCAP: Updating CPEs\n           \u251c\u25002949 gvmd: OSP: Updating NVT cache\n           \u251c\u25002950 gvmd: Syncing CERT\n           \u251c\u25002957 sh -c xml_split -s40Mb split.xml &amp;&amp; head -n 2 split-00.xml &gt; head.xml &amp;&amp; echo '&lt;\/cpe-list&gt;' &gt; tail.xml &amp;&amp; for F in split-*.xml; do    awk 'NR&gt;3 {print las\n           \u2514\u25002958 \/usr\/bin\/perl -w \/usr\/bin\/xml_split -s40Mb split.xml\n\nFeb 11 04:24:50 debian systemd[1]: Started Control the OpenVAS GVM service\n<\/code><\/pre>\n\n\n\n<pre class=\"wp-block-preformatted\"><code>systemctl status gsa.{path,service}<\/code><\/pre>\n\n\n\n<pre class=\"scroll-box\"><code>\u25cf gsa.path - Start the OpenVAS GSA service when gvmd.sock is available\n   Loaded: loaded (\/etc\/systemd\/system\/gsa.path; enabled; vendor preset: enabled)\n   Active: active (running) since Thu 2021-02-11 04:24:51 EST; 55s ago\n\nFeb 11 04:24:51 debian systemd[1]: Started Start the OpenVAS GSA service when gvmd.sock is available.\n\n\u25cf gsa.service - Control the OpenVAS GSA service\n   Loaded: loaded (\/etc\/systemd\/system\/gsa.service; enabled; vendor preset: enabled)\n   Active: active (exited) since Thu 2021-02-11 04:24:51 EST; 55s ago\n  Process: 2907 ExecStart=\/usr\/bin\/sudo \/opt\/gvm\/sbin\/gsad (code=exited, status=0\/SUCCESS)\n Main PID: 2907 (code=exited, status=0\/SUCCESS)\n    Tasks: 4 (limit: 2359)\n   Memory: 3.9M\n   CGroup: \/system.slice\/gsa.service\n           \u251c\u25002909 \/opt\/gvm\/sbin\/gsad\n           \u2514\u25002910 \/opt\/gvm\/sbin\/gsad\n\nFeb 11 04:24:51 debian systemd[1]: Started Control the OpenVAS GSA service.\nFeb 11 04:24:52 debian sudo[2907]:      gvm : TTY=unknown ; PWD=\/ ; USER=root ; COMMAND=\/opt\/gvm\/sbin\/gsad\nFeb 11 04:24:52 debian sudo[2907]: pam_unix(sudo:session): session opened for user root by (uid=0)\nFeb 11 04:24:52 debian sudo[2907]: Oops, secure memory pool already initialized\nFeb 11 04:24:52 debian sudo[2907]: pam_unix(sudo:session): session closed for user root\n<\/code><\/pre>\n\n\n\n<p>Various Log files are located under the <code><strong>\/opt\/gvm\/var\/log\/gvm<\/strong><\/code> directory.<\/p>\n\n\n\n<pre class=\"wp-block-preformatted\"><code>ls \/opt\/gvm\/var\/log\/gvm<\/code><\/pre>\n\n\n\n<pre class=\"wp-block-code\"><code>gsad.log  gvmd.log  openvas.log  ospd-openvas.log<\/code><\/pre>\n\n\n\n<h4 class=\"wp-block-heading\">Create GVM Scanner<\/h4>\n\n\n\n<p>Since we launched the scanner and set it to use our non-standard scanner host path (<strong>\/opt\/gvm\/var\/run\/ospd.sock<\/strong>), we need to create and register our scanner;<\/p>\n\n\n\n<pre class=\"wp-block-preformatted\"><code>sudo -Hiu gvm gvmd --create-scanner=\"Kifarunix-demo OpenVAS Scanner\" --scanner-type=\"OpenVAS\" --scanner-host=\/opt\/gvm\/var\/run\/ospd.sock<\/code><\/pre>\n\n\n\n<p>Next, you need to verify your scanner. For this, you first need to get the scanner identifier;<\/p>\n\n\n\n<pre class=\"wp-block-preformatted\"><code>sudo -Hiu gvm gvmd --get-scanners<\/code><\/pre>\n\n\n\n<pre class=\"wp-block-code\"><code>08b69003-5fc2-4037-a479-93b440211c73  OpenVAS  \/var\/run\/ospd\/ospd.sock  0  OpenVAS Default\n6acd0832-df90-11e4-b9d5-28d24461215b  CVE    0  CVE\n50afbf2b-d854-4b6d-879f-c62aa62254d2  OpenVAS  \/opt\/gvm\/var\/run\/ospd.sock  9390  Kifarunix-demo OpenVAS Scanner<\/code><\/pre>\n\n\n\n<p>Based on the output above, our scanner UUID is, <strong><code>50afbf2b-d854-4b6d-879f-c62aa62254d2<\/code><\/strong>.<\/p>\n\n\n\n<p>Verify the scanner;<\/p>\n\n\n\n<pre class=\"wp-block-preformatted\"><code>sudo -Hiu gvm gvmd --verify-scanner=<strong>50afbf2b-d854-4b6d-879f-c62aa62254d2<\/strong><\/code><\/pre>\n\n\n\n<p>Command output;<\/p>\n\n\n\n<pre class=\"wp-block-preformatted\"><code>Scanner version: OpenVAS 20.8.2.<\/code><\/pre>\n\n\n\n<h4 class=\"wp-block-heading\" id=\"create-gvm11-admin-user\">Create OpenVAS (GVM) Admin User<\/h4>\n\n\n\n<p>Create OpenVAS administrative user by running the command below;<\/p>\n\n\n\n<pre class=\"wp-block-preformatted\"><code>sudo -Hiu gvm gvmd --create-user admin<\/code><\/pre>\n\n\n\n<p>This command generates a random password for the user. See sample output below;<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>User created with password 'fee42e66-117c-42f8-9b48-429e51194a13'.<\/code><\/pre>\n\n\n\n<p>If you want to create a user and at the same time create your own password;<\/p>\n\n\n\n<pre class=\"wp-block-preformatted\"><code>sudo -Hiu gvm gvmd --create-user gvmadmin --password=StronGP@SS<\/code><\/pre>\n\n\n\n<p>Otherwise, you can reset the password of an already existing user;<\/p>\n\n\n\n<pre class=\"wp-block-preformatted\"><code>sudo -Hiu gvm gvmd --user=&lt;USERNAME&gt; --new-password=&lt;PASSWORD&gt;<\/code><\/pre>\n\n\n\n<p>An administrator user can later create further users or administrators via clients like the Greenbone Security Assistant (GSA).<\/p>\n\n\n\n<p>If you want to reset the GVM admin password, simply run the command below;<\/p>\n\n\n\n<pre class=\"wp-block-preformatted\"><code>sudo -Hiu gvm gvmd --user=admin --new-password=&lt;new-password&gt;<\/code><\/pre>\n\n\n\n<p>Replace the &lt;<code><strong>new-password<\/strong><\/code>&gt; with your password.<\/p>\n\n\n\n<h4 class=\"wp-block-heading\">Set the Feed Import Owner<\/h4>\n\n\n\n<p>According to <code><strong>gvmd\/INSTALL.md<\/strong><\/code>, certain resources that were previously part of the gvmd source code are now shipped via the feed. An example is the config &#8220;Full and Fast&#8221;.<\/p>\n\n\n\n<p>gvmd will only create these resources if a &#8220;Feed Import Owner&#8221; is configured:<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>sudo -Hiu gvm gvmd --modify-setting 78eceaec-3385-11ea-b237-28d24461215b --value &lt;uuid_of_user&gt;<\/code><\/pre>\n\n\n\n<p>The UUIDs of all created users can be found using<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>sudo -Hiu gvm gvmd --get-users --verbose<\/code><\/pre>\n\n\n\n<p>Sample output;<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>admin 9a9e5070-d2f0-4802-971e-c9d61e682c21<\/code><\/pre>\n\n\n\n<p>Then modify the gvmd settings with the user UUID.<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>sudo -Hiu gvm gvmd --modify-setting 78eceaec-3385-11ea-b237-28d24461215b --value 9a9e5070-d2f0-4802-971e-c9d61e682c21<\/code><\/pre>\n\n\n\n<h3 class=\"wp-block-heading\">Accessing GVM 20.08 (OpenVAS)<\/h3>\n\n\n\n<p>Greenbone Security Assistant (GSA) WebUI daemon opens port 443 and listens on all interfaces. If firewall is running, open this port to allow external access.<\/p>\n\n\n\n<pre class=\"wp-block-preformatted\"><code>ufw allow 443\/tcp<\/code><\/pre>\n\n\n\n<p>You can now access GSA via the url <code><strong>https:&lt;serverIP-OR-hostname&gt;<\/strong><\/code>. Accept the self-signed SSL warning and proceed.<\/p>\n\n\n\n<figure class=\"wp-block-image size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"1627\" height=\"676\" src=\"https:\/\/kifarunix.com\/wp-content\/uploads\/2021\/02\/gvm-login-page.png\" alt=\"\" class=\"wp-image-7900\" title=\"\" srcset=\"https:\/\/kifarunix.com\/wp-content\/uploads\/2021\/02\/gvm-login-page.png?v=1612811334 1627w, https:\/\/kifarunix.com\/wp-content\/uploads\/2021\/02\/gvm-login-page-768x319.png?v=1612811334 768w, https:\/\/kifarunix.com\/wp-content\/uploads\/2021\/02\/gvm-login-page-1536x638.png?v=1612811334 1536w, https:\/\/kifarunix.com\/wp-content\/uploads\/2021\/02\/gvm-login-page-150x62.png?v=1612811334 150w, https:\/\/kifarunix.com\/wp-content\/uploads\/2021\/02\/gvm-login-page-300x125.png?v=1612811334 300w, https:\/\/kifarunix.com\/wp-content\/uploads\/2021\/02\/gvm-login-page-696x289.png?v=1612811334 696w, https:\/\/kifarunix.com\/wp-content\/uploads\/2021\/02\/gvm-login-page-1068x444.png?v=1612811334 1068w, https:\/\/kifarunix.com\/wp-content\/uploads\/2021\/02\/gvm-login-page-1011x420.png?v=1612811334 1011w\" sizes=\"(max-width: 1627px) 100vw, 1627px\" \/><\/figure>\n\n\n\n<p>Login with the administrative credentials generated above.<\/p>\n\n\n\n<figure class=\"wp-block-image size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"1900\" height=\"961\" src=\"https:\/\/kifarunix.com\/wp-content\/uploads\/2021\/02\/gvm-dashboard.png\" alt=\"\" class=\"wp-image-7901\" title=\"\" srcset=\"https:\/\/kifarunix.com\/wp-content\/uploads\/2021\/02\/gvm-dashboard.png?v=1612811365 1900w, https:\/\/kifarunix.com\/wp-content\/uploads\/2021\/02\/gvm-dashboard-768x388.png?v=1612811365 768w, https:\/\/kifarunix.com\/wp-content\/uploads\/2021\/02\/gvm-dashboard-1536x777.png?v=1612811365 1536w, https:\/\/kifarunix.com\/wp-content\/uploads\/2021\/02\/gvm-dashboard-150x76.png?v=1612811365 150w, https:\/\/kifarunix.com\/wp-content\/uploads\/2021\/02\/gvm-dashboard-300x152.png?v=1612811365 300w, https:\/\/kifarunix.com\/wp-content\/uploads\/2021\/02\/gvm-dashboard-696x352.png?v=1612811365 696w, https:\/\/kifarunix.com\/wp-content\/uploads\/2021\/02\/gvm-dashboard-1068x540.png?v=1612811365 1068w, https:\/\/kifarunix.com\/wp-content\/uploads\/2021\/02\/gvm-dashboard-830x420.png?v=1612811365 830w\" sizes=\"(max-width: 1900px) 100vw, 1900px\" \/><\/figure>\n\n\n\n<figure class=\"wp-block-image size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"1900\" height=\"935\" src=\"https:\/\/kifarunix.com\/wp-content\/uploads\/2021\/02\/gvm-cves.png\" alt=\"\" class=\"wp-image-7902\" title=\"\" srcset=\"https:\/\/kifarunix.com\/wp-content\/uploads\/2021\/02\/gvm-cves.png?v=1612811387 1900w, https:\/\/kifarunix.com\/wp-content\/uploads\/2021\/02\/gvm-cves-768x378.png?v=1612811387 768w, https:\/\/kifarunix.com\/wp-content\/uploads\/2021\/02\/gvm-cves-1536x756.png?v=1612811387 1536w, https:\/\/kifarunix.com\/wp-content\/uploads\/2021\/02\/gvm-cves-150x74.png?v=1612811387 150w, https:\/\/kifarunix.com\/wp-content\/uploads\/2021\/02\/gvm-cves-300x148.png?v=1612811387 300w, https:\/\/kifarunix.com\/wp-content\/uploads\/2021\/02\/gvm-cves-696x343.png?v=1612811387 696w, https:\/\/kifarunix.com\/wp-content\/uploads\/2021\/02\/gvm-cves-1068x526.png?v=1612811387 1068w, https:\/\/kifarunix.com\/wp-content\/uploads\/2021\/02\/gvm-cves-853x420.png?v=1612811387 853w, https:\/\/kifarunix.com\/wp-content\/uploads\/2021\/02\/gvm-cves-324x160.png?v=1612811387 324w, https:\/\/kifarunix.com\/wp-content\/uploads\/2021\/02\/gvm-cves-533x261.png?v=1612811387 533w\" sizes=\"(max-width: 1900px) 100vw, 1900px\" \/><\/figure>\n\n\n\n<p>Port lists<\/p>\n\n\n\n<figure class=\"wp-block-image size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"1898\" height=\"543\" src=\"https:\/\/kifarunix.com\/wp-content\/uploads\/2021\/02\/gvm-port-lists.png\" alt=\"\" class=\"wp-image-7903\" title=\"\" srcset=\"https:\/\/kifarunix.com\/wp-content\/uploads\/2021\/02\/gvm-port-lists.png?v=1612815295 1898w, https:\/\/kifarunix.com\/wp-content\/uploads\/2021\/02\/gvm-port-lists-768x220.png?v=1612815295 768w, https:\/\/kifarunix.com\/wp-content\/uploads\/2021\/02\/gvm-port-lists-1536x439.png?v=1612815295 1536w, https:\/\/kifarunix.com\/wp-content\/uploads\/2021\/02\/gvm-port-lists-150x43.png?v=1612815295 150w, https:\/\/kifarunix.com\/wp-content\/uploads\/2021\/02\/gvm-port-lists-300x86.png?v=1612815295 300w, https:\/\/kifarunix.com\/wp-content\/uploads\/2021\/02\/gvm-port-lists-696x199.png?v=1612815295 696w, https:\/\/kifarunix.com\/wp-content\/uploads\/2021\/02\/gvm-port-lists-1068x306.png?v=1612815295 1068w, https:\/\/kifarunix.com\/wp-content\/uploads\/2021\/02\/gvm-port-lists-1468x420.png?v=1612815295 1468w\" sizes=\"(max-width: 1898px) 100vw, 1898px\" \/><\/figure>\n\n\n\n<p>And there you go. That is all it take to install and Setup GVM. You can now start running your scans.<\/p>\n\n\n\n<p>In case you see <strong>The SCAP database is required<\/strong>, upon accessing the NVTs, CVEs, then the SCAP database might still being rebuild. Check the gvmd.log file;<\/p>\n\n\n\n<pre class=\"wp-block-preformatted\"><code>tail -f \/opt\/gvm\/var\/log\/gvm\/gvmd.log<\/code><\/pre>\n\n\n\n<pre class=\"wp-block-code\"><code>md manage:MESSAGE:2021-02-12 06h17.42 utc:11210: No SCAP database found\nutil gpgme:MESSAGE:2021-02-12 06h17.46 utc:11210: Setting GnuPG dir to '\/opt\/gvm\/var\/lib\/gvm\/gvmd\/gnupg'\nutil gpgme:MESSAGE:2021-02-12 06h17.46 utc:11210: Using OpenPGP engine version '2.2.12'\nmd manage:WARNING:2021-02-12 06h17.47 utc:11237: update_scap: No SCAP db present, rebuilding SCAP db from scratch\nmd manage:   INFO:2021-02-12 06h17.53 utc:11237: update_scap: Updating data from feed\nmd manage:   INFO:2021-02-12 06h17.53 utc:11237: Updating CPEs\n...<\/code><\/pre>\n\n\n\n<p>The error will disappear once the SCAP database rebuild completes and such logs appear on gvmd.log file;<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>md manage:   INFO:2021-02-12 06h48.36 utc:13337: Updating CVSS scores for OVAL definitions\nmd manage:   INFO:2021-02-12 06h48.45 utc:13337: Updating placeholder CPEs\nmd manage:   INFO:2021-02-12 06h54.31 utc:13337: Updating Max CVSS for DFN-CERT\nmd manage:   INFO:2021-02-12 06h54.57 utc:13337: Updating DFN-CERT CVSS max succeeded.\nmd manage:   INFO:2021-02-12 06h54.57 utc:13337: Updating Max CVSS for CERT-Bund\nmd manage:   INFO:2021-02-12 07h05.02 utc:13337: Updating CERT-Bund CVSS max succeeded.\nmd manage:   INFO:2021-02-12 07h05.14 utc:13337: update_scap_end: Updating SCAP info succeeded<\/code><\/pre>\n\n\n\n<p><strong>NOTE<\/strong>: When creating a scan task, be sure to select the Scanner we created above.<\/p>\n\n\n\n<figure class=\"wp-block-image size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"1215\" height=\"671\" src=\"https:\/\/kifarunix.com\/wp-content\/uploads\/2020\/08\/scanner.png\" alt=\"\" class=\"wp-image-6845\" title=\"\" srcset=\"https:\/\/kifarunix.com\/wp-content\/uploads\/2020\/08\/scanner.png?v=1598636617 1215w, https:\/\/kifarunix.com\/wp-content\/uploads\/2020\/08\/scanner-768x424.png?v=1598636617 768w\" sizes=\"(max-width: 1215px) 100vw, 1215px\" \/><\/figure>\n\n\n\n<p>You can now create your target hosts to scan and schedule the scans to run at your own preferred time.<\/p>\n\n\n\n<p>Did I miss anything, drop it in the comments section!! Enjoy<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">Reference<\/h3>\n\n\n\n<p>Source files <strong>README.md <\/strong>and <strong>INSTALL.md<\/strong> files<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">Related Tutorials<\/h3>\n\n\n\n<p><a rel=\"noreferrer noopener\" class=\"rank-math-link\" href=\"https:\/\/kifarunix.com\/install-openvas-10-gvm-on-debian-10-buster\/\" target=\"_blank\">Install OpenVAS 10 (GVM) on Debian 10 Buster<\/a><\/p>\n\n\n\n<p><a rel=\"noreferrer noopener\" href=\"https:\/\/kifarunix.com\/install-openvas-9-with-postgresql-in-ubuntu-18-04\/\" target=\"_blank\">Install OpenVAS 9 with PostgreSQL in Ubuntu 18.04<\/a><\/p>\n\n\n\n<p><a rel=\"noreferrer noopener\" class=\"rank-math-link\" href=\"https:\/\/kifarunix.com\/how-to-add-and-scan-a-target-for-vulnerabilities-on-openvas\/\" target=\"_blank\">How to Add and Scan a Target for Vulnerabilities on OpenVAS Scanner<\/a><\/p>\n\n\n\n<p><a rel=\"noreferrer noopener\" href=\"https:\/\/kifarunix.com\/how-to-install-and-setup-openvas-9-vulnerability-scanner-on-ubuntu-18-04\/\" target=\"_blank\">How to Install and Setup OpenVAS 9 Vulnerability Scanner on Ubuntu 18.04<\/a><\/p>\n\n\n\n<p><a href=\"https:\/\/kifarunix.com\/install-use-wpscan-wordpress-vulnerability-scanner-ubuntu-18-04\/\" target=\"_blank\" rel=\"noreferrer noopener\">How to Install and Use WPScan WordPress Vulnerability Scanner Ubuntu 18.04<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>In this guide, you will learn how to install and setup GVM 20.08 on Debian 10. Greenbone&nbsp;Vulnerability&nbsp;Management (GVM), previously known as OpenVAS, is a network<\/p>\n","protected":false},"author":1,"featured_media":7900,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"rank_math_lock_modified_date":false,"footnotes":""},"categories":[121,370,34,150],"tags":[997,3145,1045,3133,3146,3147,3144,3149,3148],"class_list":["post-7922","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-howtos","category-openvas","category-security","category-vulnerability-scanners","tag-debian-10","tag-debian-10-buster-gvm-20-08","tag-gvm","tag-gvm-20-08","tag-gvm-20-08-debian-10","tag-install-gvm-20-08-debian","tag-install-gvm-20-08-debian-10","tag-openvas-vulnerability-scanner","tag-the-scap-database-is-required","generate-columns","tablet-grid-50","mobile-grid-100","grid-parent","grid-50","resize-featured-image"],"_links":{"self":[{"href":"https:\/\/kifarunix.com\/wp-json\/wp\/v2\/posts\/7922"}],"collection":[{"href":"https:\/\/kifarunix.com\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/kifarunix.com\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/kifarunix.com\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/kifarunix.com\/wp-json\/wp\/v2\/comments?post=7922"}],"version-history":[{"count":27,"href":"https:\/\/kifarunix.com\/wp-json\/wp\/v2\/posts\/7922\/revisions"}],"predecessor-version":[{"id":21935,"href":"https:\/\/kifarunix.com\/wp-json\/wp\/v2\/posts\/7922\/revisions\/21935"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/kifarunix.com\/wp-json\/wp\/v2\/media\/7900"}],"wp:attachment":[{"href":"https:\/\/kifarunix.com\/wp-json\/wp\/v2\/media?parent=7922"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/kifarunix.com\/wp-json\/wp\/v2\/categories?post=7922"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/kifarunix.com\/wp-json\/wp\/v2\/tags?post=7922"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}