{"id":9377,"date":"2021-07-27T23:58:52","date_gmt":"2021-07-27T20:58:52","guid":{"rendered":"https:\/\/kifarunix.com\/?p=9377"},"modified":"2024-03-18T19:31:44","modified_gmt":"2024-03-18T16:31:44","slug":"install-gvm-21-04-on-rocky-linux-8","status":"publish","type":"post","link":"https:\/\/kifarunix.com\/install-gvm-21-04-on-rocky-linux-8\/","title":{"rendered":"Install GVM 21.04 on Rocky Linux 8"},"content":{"rendered":"\n<p>In this guide, you will learn how to install &nbsp;<a href=\"https:\/\/community.greenbone.net\/t\/gvm-20-08-stable-initial-release-2020-08-12\/6312\" target=\"_blank\" rel=\"noreferrer noopener\">GVM 21.04<\/a>&nbsp;on Rocky Linux 8.&nbsp;<a rel=\"noreferrer noopener\" href=\"https:\/\/community.greenbone.net\/\" target=\"_blank\"><strong>G<\/strong>reenbone&nbsp;<strong>V<\/strong>ulnerability&nbsp;<strong>M<\/strong>anagement (GVM)<\/a>, previously known as OpenVAS, is a network security scanner which provides a set of network vulnerability tests (NVTs) to detect security loopholes in systems and applications. As of this writing,&nbsp;GVM 21.04 is the current stable release.<\/p>\n\n\n\n<p>Want to use Debian 11 instead? Use the guide below;<\/p>\n\n\n\n<p><a href=\"https:\/\/kifarunix.com\/install-gvm-21-04-on-debian-11-debian-10\/\" target=\"_blank\" rel=\"noreferrer noopener\">Install GVM 21.04 on Debian 11\/Debian 10<\/a><\/p>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"install-gvm-11-ubuntu-20.04\">Install GVM on Rocky Linux 8<\/h2>\n\n\n\n<h3 class=\"wp-block-heading\">Prerequisites<\/h3>\n\n\n\n<p>In this demo, we will install and setup GVM 21.04 on Rocky Linux 8 from source code. As such, below are the system requirements I would personally recommend.<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>At least 4 GB RAM<\/li>\n\n\n\n<li>At least 4 vCPUs<\/li>\n\n\n\n<li>More than 8 GB disk space (We used 16 GB in this demo)<\/li>\n<\/ul>\n\n\n\n<p>These requirements will vary depending on your use cases, however. Just be sure to provide \u201cenough\u201d.<\/p>\n\n\n\n<p><strong>DISCLAIMER: I cannot guarantee you that this guide will work for you out of the box. So just try it.<\/strong><\/p>\n\n\n\n<h3 class=\"wp-block-heading\">Run System Update<\/h3>\n\n\n\n<p>To begin with, update and upgrade your system packages;<\/p>\n\n\n\n<pre class=\"wp-block-preformatted\"><code>dnf update<\/code><\/pre>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"create-gvm-user\">Create GVM User on Rocky Linux<\/h3>\n\n\n\n<p>In this demo, we will run GVM 21.04 as a non privileged system user. Thus, create&nbsp;<code><strong>gvm<\/strong><\/code>&nbsp;system user account.<\/p>\n\n\n\n<pre class=\"wp-block-preformatted\"><code>useradd -r -d \/opt\/gvm -c \"GVM User\" -s \/bin\/bash gvm<\/code><\/pre>\n\n\n\n<p>Create the GVM user directory as specified by option&nbsp;<code>-d<\/code>&nbsp;in the command above and set the user and group ownership to&nbsp;<code>gvm<\/code>.<\/p>\n\n\n\n<pre class=\"wp-block-preformatted\"><code>mkdir \/opt\/gvm &amp;&amp; chown gvm: \/opt\/gvm<\/code><\/pre>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"install-gvm-11-required-dependencies\">Install Required Build Tools<\/h3>\n\n\n\n<p>In order to successfully build GVM 21.04 on Rocky Linux 8, you need to install a number of required dependencies and build tools.<\/p>\n\n\n\n<p>Enable repositories that will provide additional packages;<\/p>\n\n\n\n<pre class=\"wp-block-preformatted\"><code>dnf install epel-release -y<\/code><\/pre>\n\n\n\n<pre class=\"wp-block-preformatted\"><code>dnf config-manager --set-enabled powertools<\/code><\/pre>\n\n\n\n<p>Next, Install the required build tools.<\/p>\n\n\n\n<pre class=\"wp-block-preformatted\"><code>dnf group install \"Development Tools\"<\/code><\/pre>\n\n\n\n<pre class=\"wp-block-code\"><code>dnf install cmake glib2-devel zlib-devel gnutls-devel libuuid-devel libssh-devel libxml2-devel wget vim rsync \\\nlibgcrypt-devel openldap-devel popt-devel redis libical-devel openssl-devel hiredis-devel radcli-devel bzip2-devel \\\npython3-devel libpq-devel texinfo xmltoman nmap sshpass socat mingw32-gcc ncurses-devel libunistring-devel xz-devel \\\ngpgme-devel libksba-devel doxygen libpcap-devel python3-polib libmicrohttpd-devel gnutls-utils libnet-devel libffi-devel<\/code><\/pre>\n\n\n\n<p>Building OpenVAS SMB requires Heimdal GSSAPI package. You need to build this package from the source.<\/p>\n\n\n\n<p>Download Heimdal package from the <a href=\"https:\/\/github.com\/heimdal\/heimdal\/releases\" target=\"_blank\" rel=\"noreferrer noopener\">releases<\/a> page.<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>wget https:\/\/github.com\/heimdal\/heimdal\/releases\/download\/heimdal-7.7.0\/heimdal-7.7.0.tar.gz -P \/tmp\/<\/code><\/pre>\n\n\n\n<p>Extract and install Heimdal on Rocky Linux 8;<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>cd \/tmp<\/code><\/pre>\n\n\n\n<pre id=\"block-242a1730-7d05-4aa5-9915-9bb622985b6e\" class=\"wp-block-code\"><code>tar xzf heimdal-7.7.0.tar.gz\ncd heimdal-7.7.0\n.\/configure  --enable-opt=no --disable-otp --prefix=\/opt\/heimdal\nmake\nmake install\ncd ~<\/code><\/pre>\n\n\n\n<pre class=\"wp-block-code\"><code>ln -s \/opt\/heimdal\/include\/ \/opt\/heimdal\/include\/heimdal\necho \"\/opt\/heimdal\/lib\" &gt; \/etc\/ld.so.conf.d\/heimdal-gssapi.conf\nldconfig<\/code><\/pre>\n\n\n\n<p>Next, create a symbolic of the <code>\/usr\/lib64\/libtspi.so.1<\/code> to <code>\/usr\/lib64\/libtspi.so<\/code>. This is needs to be done to fix the error, <strong>\/usr\/bin\/ld: cannot find -ltspi<\/strong>, encountered while compiling OpenVAS SMB.<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>ln -s \/usr\/lib64\/libtspi.so.1 \/usr\/lib64\/libtspi.so<\/code><\/pre>\n\n\n\n<p>Install Python &gt;=3.7 required to build OSPD. We choose to install Python 3.7.9 in this demo;<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>wget https:\/\/www.python.org\/ftp\/python\/3.7.9\/Python-3.7.9.tgz<\/code><\/pre>\n\n\n\n<pre class=\"wp-block-code\"><code>tar xzf Python-3.7.9.tgz\ncd Python-3.7.9\n.\/configure --enable-optimizations\nmake altinstall\ncd ~<\/code><\/pre>\n\n\n\n<h4 class=\"wp-block-heading\">Configure SELinux<\/h4>\n\n\n\n<p>In this demo, we have set up SELinux to run in permissive mode. I don&#8217;t recommend this, though. But i couldn&#8217;t deal with various permissions!<\/p>\n\n\n\n<pre class=\"wp-block-preformatted\"><code>setenforce 0<\/code><\/pre>\n\n\n\n<pre class=\"wp-block-preformatted\"><code>sed -i 's\/=enforcing\/=permissive\/' \/etc\/selinux\/config<\/code><\/pre>\n\n\n\n<p>Allow gvm user to run installation with passwordless sudo;<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>echo \"gvm ALL = NOPASSWD: $(which make) install\" &gt; \/etc\/sudoers.d\/gvm<\/code><\/pre>\n\n\n\n<h4 class=\"wp-block-heading\" id=\"install-yarn-ubuntu-20.04\">Install Yarn on Rocky Linux 8<\/h4>\n\n\n\n<p>Next, install Yarn JavaScript package manager by following the link below;<\/p>\n\n\n\n<p><a href=\"https:\/\/kifarunix.com\/install-yarn-on-rocky-linux-8\/\" target=\"_blank\" rel=\"noreferrer noopener\">Install Yarn on Rocky Linux 8<\/a><\/p>\n\n\n\n<h4 class=\"wp-block-heading\" id=\"install-postgresql-ubuntu20.04\">Install PostgreSQL on Rocky Linux 8<\/h4>\n\n\n\n<p>GVM 21.04 uses PostgreSQL as the backend database. Hence, run the command below to install PostgreSQL on Rocky Linux 8.<\/p>\n\n\n\n<pre class=\"wp-block-preformatted\"><code>sudo dnf -y install -y postgresql-server postgresql-contrib postgresql-server-devel<\/code><\/pre>\n\n\n\n<p>Once the installation is done, Initialize:<\/p>\n\n\n\n<pre class=\"wp-block-preformatted\"><code>\/usr\/bin\/postgresql-setup --initdb<\/code><\/pre>\n\n\n\n<p>Next, start it and enable it to run on system boot;<\/p>\n\n\n\n<pre class=\"wp-block-preformatted\"><code>systemctl enable --now postgresql<\/code><\/pre>\n\n\n\n<h4 class=\"wp-block-heading\" id=\"create-postgresql-user-n-db\">Create PostgreSQL User and Database<\/h4>\n\n\n\n<p>Once the installation is done, create the PostgreSQL user and database for Greenbone Vulnerability Management Daemon (gvmd).<\/p>\n\n\n\n<p>Note that the database and user should be created as PostgreSQL user,&nbsp;<strong>postgres<\/strong>.<\/p>\n\n\n\n<pre class=\"wp-block-preformatted\"><code>sudo -Hiu postgres\ncreateuser gvm\ncreatedb -O gvm gvmd<\/code><\/pre>\n\n\n\n<p>Grant PostgreSQL User DBA Roles<\/p>\n\n\n\n<pre class=\"wp-block-preformatted\"><code>psql gvmd\ncreate role dba with superuser noinherit;\ngrant dba to gvm;\n\\q\nexit<\/code><\/pre>\n\n\n\n<p>Once that is done, restart PostgreSQL;<\/p>\n\n\n\n<pre class=\"wp-block-preformatted\"><code>systemctl restart postgresql<\/code><\/pre>\n\n\n\n<p>Create a symbolic link;<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>ln -s \/usr\/include \/usr\/include\/postgresql<\/code><\/pre>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"install-gvm-11-from-source-ubuntu-20.04\">Building GVM 21.04 from Source<\/h3>\n\n\n\n<p>There are different tools required to install and setup GVM 21.04 on Rocky Linux 8. These include;<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>GVM Libraries<\/li>\n\n\n\n<li>OpenVAS Scanner<\/li>\n\n\n\n<li>OSPd<\/li>\n\n\n\n<li>ospd-openvas<\/li>\n\n\n\n<li>Greenbone Vulnerability Manager<\/li>\n\n\n\n<li>Greenbone Security Assistant<\/li>\n\n\n\n<li>Python-GVM<\/li>\n\n\n\n<li>GVM-Tools<\/li>\n\n\n\n<li>OpenVAS SMB<\/li>\n<\/ul>\n\n\n\n<p>Every component has&nbsp;<strong>README.md<\/strong>&nbsp;and a&nbsp;<strong>INSTALL.md<\/strong>&nbsp;file that explains how to build and install it.<\/p>\n\n\n\n<p>Since we are running GVM as non-privileged user, gvm, then we will install all the GVM configuration files and libraries under,&nbsp;<code><strong>\/opt\/gvm<\/strong><\/code>.<\/p>\n\n\n\n<p>Update the PATH environment variable on&nbsp;<code><strong>\/etc\/environment<\/strong><\/code>, to include the GVM binary path such that it looks like;<\/p>\n\n\n\n<pre class=\"wp-block-preformatted\"><code>echo \"PATH=$PATH:\/opt\/gvm\/bin:\/opt\/gvm\/sbin:\/opt\/gvm\/.local\/bin\" &gt;&gt; \/etc\/environment<\/code><\/pre>\n\n\n\n<pre class=\"wp-block-preformatted\"><code>source \/etc\/environment<\/code><\/pre>\n\n\n\n<p>Add GVM library path to&nbsp;<code><strong>\/etc\/ld.so.conf.d<\/strong><\/code>.<\/p>\n\n\n\n<pre class=\"wp-block-preformatted\"><code>echo \"\/opt\/gvm\/lib\" &gt; \/etc\/ld.so.conf.d\/gvm.conf<\/code><\/pre>\n\n\n\n<h4 class=\"wp-block-heading\">Install and Setup GVM 21.04 on Rocky Linux 8<\/h4>\n\n\n\n<p>Switch to GVM user, gvm and create a temporary directory to store GVM source files.<\/p>\n\n\n\n<pre class=\"wp-block-preformatted\"><code>su - gvm<\/code><\/pre>\n\n\n\n<pre class=\"wp-block-preformatted\"><code>mkdir gvm-source<\/code><\/pre>\n\n\n\n<h4 class=\"wp-block-heading\" id=\"download-gvm-11-source-files\">Download GVM 21.04 Source Files<\/h4>\n\n\n\n<p>Navigate to temporary directory created above and run the subsequent commands to clone the GVM github branch files.<\/p>\n\n\n\n<pre class=\"wp-block-preformatted\"><code>cd gvm-source<\/code><\/pre>\n\n\n\n<pre class=\"wp-block-code\"><code>git clone -b stable --single-branch https:\/\/github.com\/greenbone\/gvm-libs.git<\/code><\/pre>\n\n\n\n<pre class=\"wp-block-code\"><code>git clone -b main --single-branch https:\/\/github.com\/greenbone\/openvas-smb.git<\/code><\/pre>\n\n\n\n<pre class=\"wp-block-code\"><code>git clone -b stable --single-branch https:\/\/github.com\/greenbone\/openvas.git<\/code><\/pre>\n\n\n\n<pre class=\"wp-block-code\"><code>git clone -b stable --single-branch https:\/\/github.com\/greenbone\/ospd.git<\/code><\/pre>\n\n\n\n<pre class=\"wp-block-code\"><code>git clone -b stable --single-branch https:\/\/github.com\/greenbone\/ospd-openvas.git<\/code><\/pre>\n\n\n\n<pre class=\"wp-block-code\"><code>git clone -b stable --single-branch https:\/\/github.com\/greenbone\/gvmd.git<\/code><\/pre>\n\n\n\n<pre class=\"wp-block-code\"><code>git clone -b stable --single-branch https:\/\/github.com\/greenbone\/gsa.git<\/code><\/pre>\n\n\n\n<p>Once the source files are in place, proceed to build and install GVM on Rocky Linux<\/p>\n\n\n\n<p>Note the current working directory;<\/p>\n\n\n\n<pre class=\"wp-block-preformatted\"><code>pwd<\/code><\/pre>\n\n\n\n<pre class=\"wp-block-preformatted\"><code>\/opt\/gvm\/gvm-source<\/code><\/pre>\n\n\n\n<pre class=\"wp-block-preformatted\"><code>ls -1<\/code><\/pre>\n\n\n\n<pre class=\"wp-block-code\"><code>gsa\ngvmd\ngvm-libs\nopenvas\nopenvas-smb\nospd\nospd-openvas<\/code><\/pre>\n\n\n\n<p>Note that we will install all GVM 21.04 files and libraries to a non-standard location,&nbsp;<code>\/opt\/gvm<\/code>.<\/p>\n\n\n\n<p>As such, you need to set the&nbsp;<code>PKG_CONFIG_PATH<\/code>&nbsp;environment variable to the location of your pkg-config files before running the installation.<\/p>\n\n\n\n<p><strong>Pay attention to the export command<\/strong>.<\/p>\n\n\n\n<p>Be sure to replace the path,&nbsp;<code><strong>\/opt\/gvm<\/strong><\/code>, accordingly.<\/p>\n\n\n\n<h4 class=\"wp-block-heading\" id=\"install-gvm-11-libraries\">Build and Install GVM 11 Libraries<\/h4>\n\n\n\n<p>From within the source directory,&nbsp;<strong><code>\/opt\/gvm\/gvm-source<\/code><\/strong>, in this setup, change to GVM libraries directory;<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>cd gvm-libs\nmkdir build &amp;&amp; cd build\nexport PKG_CONFIG_PATH=\/opt\/gvm\/lib\/pkgconfig:$PKG_CONFIG_PATH\ncmake .. -DCMAKE_INSTALL_PREFIX=\/opt\/gvm\nmake\nsudo make install<\/code><\/pre>\n\n\n\n<h4 class=\"wp-block-heading\" id=\"install-openvas-scanner-smb\">Build and Install OpenVAS scanner and OpenVAS SMB<\/h4>\n\n\n\n<p>Open Vulnerability Assessment Scanner (OpenVAS) is a full-featured scan engine that executes a continuously updated and extended feed of Network Vulnerability Tests (NVTs).<\/p>\n\n\n\n<p>OpenVAS SMB provides modules for the OpenVAS Scanner to interface with Microsoft Windows Systems through the Windows Management Instrumentation API and a&nbsp;<code>winexe<\/code>&nbsp;binary to execute processes remotely on that system.<\/p>\n\n\n\n<p>Build and install openvas-smb;<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>cd ..\/..\/openvas-smb\/\nmkdir build &amp;&amp; cd build\nexport PKG_CONFIG_PATH=\/opt\/gvm\/lib\/pkgconfig:\/opt\/heimdal\/lib\/pkgconfig:$PKG_CONFIG_PATH\ncmake .. -DCMAKE_INSTALL_PREFIX=\/opt\/gvm\nmake\nsudo make install<\/code><\/pre>\n\n\n\n<p>Build and install OpenVAS scanner;<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>cd ..\/..\/openvas\nmkdir build &amp;&amp; cd build\ncmake .. -DCMAKE_INSTALL_PREFIX=\/opt\/gvm\nmake\nmake install<\/code><\/pre>\n\n\n\n<h4 class=\"wp-block-heading\" id=\"configure-openvas-scanner-gvm11\">Configuring OpenVAS Scanner<\/h4>\n\n\n\n<p>The host scan information is stored temporarily on Redis server. The default configuration of Redis server is&nbsp;<code>\/etc\/redis\/redis.conf<\/code>.<\/p>\n\n\n\n<p>Switch back to privileged user and proceed.<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>exit<\/code><\/pre>\n\n\n\n<p>To begin run the command below to create the cache to the installed shared libraries;<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>ldconfig<\/code><\/pre>\n\n\n\n<p>Next, copy OpenVAS scanner Redis configuration file,&nbsp;<code>redis-openvas.conf<\/code>, to the same Redis configuration file;<\/p>\n\n\n\n<pre class=\"wp-block-preformatted\"><code>mv \/etc\/redis.conf{,.original}<\/code><\/pre>\n\n\n\n<pre class=\"wp-block-preformatted\"><code>cp \/opt\/gvm\/gvm-source\/openvas\/config\/redis-openvas.conf \/etc\/redis.conf<\/code><\/pre>\n\n\n\n<p>Update the ownership of the configuration.<\/p>\n\n\n\n<pre class=\"wp-block-preformatted\"><code>chown redis: \/etc\/redis.conf<\/code><\/pre>\n\n\n\n<p>Update the path to Redis unix socket on the \/etc\/redis.conf:<\/p>\n\n\n\n<pre class=\"wp-block-preformatted\"><code>sed -i 's#\/run\/redis-openvas\/redis.sock#\/tmp\/redis.sock#' \/etc\/redis.conf<\/code><\/pre>\n\n\n\n<p>Similarly, specify the path to Redis socket file on the&nbsp;<code><strong>\/etc\/openvas\/openvas.conf<\/strong><\/code>&nbsp;configuration file using the&nbsp;<strong><code>db_address<\/code><\/strong>&nbsp;parameter as follows.<\/p>\n\n\n\n<pre class=\"wp-block-preformatted\"><code>echo \"db_address = <strong>\/tmp\/redis.sock<\/strong>\" &gt; \/etc\/openvas\/openvas.conf<\/code><\/pre>\n\n\n\n<pre class=\"wp-block-preformatted\"><code>chown gvm: \/etc\/openvas\/openvas.conf<\/code><\/pre>\n\n\n\n<p>Add gvm user to redis group;<\/p>\n\n\n\n<pre class=\"wp-block-preformatted\"><code>usermod -aG redis gvm<\/code><\/pre>\n\n\n\n<p>You can also optimize Redis server itself improve the performance by making the following adjustments;<\/p>\n\n\n\n<p>Increase the value of somaxconn in order to avoid slow clients connections issues.<\/p>\n\n\n\n<pre class=\"wp-block-preformatted\"><code>echo \"net.core.somaxconn = 1024\" &gt;&gt; \/etc\/sysctl.conf<\/code><\/pre>\n\n\n\n<p>Redis background save may fail under low memory condition. To avoid this, enable memory overcommit (<strong>man 5 proc)<\/strong>.<\/p>\n\n\n\n<pre class=\"wp-block-preformatted\"><code>echo 'vm.overcommit_memory = 1' &gt;&gt; \/etc\/sysctl.conf<\/code><\/pre>\n\n\n\n<p>Reload sysctl variables created above.<\/p>\n\n\n\n<pre class=\"wp-block-preformatted\"><code>sysctl -p<\/code><\/pre>\n\n\n\n<p>To avoid creation of latencies and memory usage issues with Redis, disable Linux Kernel\u2019s support for Transparent Huge Pages (THP). To easily work around this, create a systemd service unit for this purpose.<\/p>\n\n\n\n<pre class=\"scroll-box\"><code>cat &gt; \/etc\/systemd\/system\/disable_thp.service &lt;&lt; 'EOL'\n[Unit]\nDescription=Disable Kernel Support for Transparent Huge Pages (THP)\n\n[Service]\nType=simple\nExecStart=\/bin\/sh -c \"echo 'never' &gt; \/sys\/kernel\/mm\/transparent_hugepage\/enabled &amp;&amp; echo 'never' &gt; \/sys\/kernel\/mm\/transparent_hugepage\/defrag\"\n\n[Install]\nWantedBy=multi-user.target\nEOL\n<\/code><\/pre>\n\n\n\n<p>Reload systemd configurations;<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>systemctl daemon-reload<\/code><\/pre>\n\n\n\n<p>Start and enable this service to run on system boot.<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>systemctl enable --now disable_thp<\/code><\/pre>\n\n\n\n<p>Start and enable Redis to run on system boot;<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>systemctl enable --now redis<\/code><\/pre>\n\n\n\n<p>A number of Network Vulnerability Tests (NVTs) require root privileges to perform certain operations. Since&nbsp;<code>openvas<\/code>&nbsp;is launched from an&nbsp;<code>ospd-openvas<\/code>&nbsp;process, via sudo, add the line below to sudoers file to ensure that the&nbsp;<code>gvm<\/code>&nbsp;user used in this demo can run the openvas with elevated rights using passwordless sudo.<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>echo \"gvm ALL = NOPASSWD: \/opt\/gvm\/sbin\/openvas\" &gt; \/etc\/sudoers.d\/gvm<\/code><\/pre>\n\n\n\n<p>Also, update the&nbsp;<code><strong>secure_path<\/strong><\/code>&nbsp;to include the GVM&nbsp;<code>\/sbin<\/code>&nbsp;paths,&nbsp;<code><strong>\/opt\/gvm\/sbin<\/strong><\/code>.<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>sed -i.bak '\/secure_path\/ s|$|:\/opt\/gvm\/sbin|' \/etc\/sudoers<\/code><\/pre>\n\n\n\n<h4 class=\"wp-block-heading\">Update NVTs<\/h4>\n\n\n\n<p>Update Network Vulnerability Tests feed from Greenbone Security Feed\/Community Feed using the&nbsp;<code>greenbone-nvt-sync<\/code>&nbsp;command.<\/p>\n\n\n\n<p>The&nbsp;<code>greenbone-nvt-sync<\/code>&nbsp;command&nbsp;<strong>must not<\/strong>&nbsp;be executed as privileged user root, hence switch back to GVM user we created above and update the NVTs.<\/p>\n\n\n\n<p>Ensure that user can write to OpenVAS libraries directory,&nbsp;<code><strong>\/var\/lib\/openvas\/<\/strong><\/code>, directory.<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>chown -R gvm: \/var\/lib\/openvas\/<\/code><\/pre>\n\n\n\n<pre class=\"wp-block-code\"><code>su - gvm<\/code><\/pre>\n\n\n\n<p>Next, update the NVTs as openvas user;<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>greenbone-nvt-sync<\/code><\/pre>\n\n\n\n<p>Once the update is done, you need to update Redis server with the same VT info from VT files;<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>sudo openvas --update-vt-info<\/code><\/pre>\n\n\n\n<h4 class=\"wp-block-heading\" id=\"install-gvm-ubuntu20.04\">Build and Install Greenbone Vulnerability Manager<\/h4>\n\n\n\n<pre class=\"wp-block-code\"><code>export PKG_CONFIG_PATH=\/opt\/gvm\/lib\/pkgconfig:\/opt\/heimdal\/lib\/pkgconfig:$PKG_CONFIG_PATH\ncd gvm-source\/gvmd\nmkdir build &amp;&amp; cd build\ncmake .. -DCMAKE_INSTALL_PREFIX=\/opt\/gvm\nmake\nsudo make install<\/code><\/pre>\n\n\n\n<h4 class=\"wp-block-heading\" id=\"install-gsa-ubuntu20.04\">Build and Install Greenbone Security Assistant<\/h4>\n\n\n\n<pre class=\"wp-block-code\"><code>export PKG_CONFIG_PATH=\/opt\/gvm\/lib\/pkgconfig:\/opt\/heimdal\/lib\/pkgconfig:$PKG_CONFIG_PATH\ncd ..\/..\/gsa\nmkdir build &amp;&amp; cd build\ncmake .. -DCMAKE_INSTALL_PREFIX=\/opt\/gvm\nmake\nsudo make install<\/code><\/pre>\n\n\n\n<p>Exit the gvm user;<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>exit<\/code><\/pre>\n\n\n\n<p>Enable&nbsp;<code>gvm<\/code>&nbsp;user to run GSA web application daemon,&nbsp;<code>gsad<\/code>, with passwordless sudo.<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>echo \"gvm ALL = NOPASSWD: \/opt\/gvm\/sbin\/gsad\" &gt;&gt; \/etc\/sudoers.d\/gvm<\/code><\/pre>\n\n\n\n<h4 class=\"wp-block-heading\">Keeping the feeds up-to-date<\/h4>\n\n\n\n<p>The gvmd&nbsp;<code><strong>Data<\/strong><\/code>,&nbsp;<strong><code>SCAP<\/code><\/strong>&nbsp;and&nbsp;<code><strong>CERT<\/strong><\/code>&nbsp;Feeds should be kept up-to-date by calling the&nbsp;<code>greenbone-feed-sync<\/code>&nbsp;script regularly (e.g. via a cron entry):<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>chown -R gvm: \/var\/lib\/gvm<\/code><\/pre>\n\n\n\n<pre class=\"wp-block-code\"><code>sudo -Hiu gvm greenbone-feed-sync --type GVMD_DATA<\/code><\/pre>\n\n\n\n<pre class=\"wp-block-code\"><code>sudo -Hiu gvm greenbone-feed-sync --type SCAP<\/code><\/pre>\n\n\n\n<pre class=\"wp-block-code\"><code>sudo -Hiu gvm greenbone-feed-sync --type CERT<\/code><\/pre>\n\n\n\n<p>Please note: <strong>The&nbsp;<code>CERT<\/code>&nbsp;feed sync depends on data provided by the&nbsp;<code>SCAP<\/code>&nbsp;feed and should be called after syncing the later.<\/strong><\/p>\n\n\n\n<p>Consider setting cron jobs to run the nvts, cert and scap data update scripts at your preferred frequency to pull updates from the feed servers.<\/p>\n\n\n\n<p>Next, run the command below to generate certificates gvmd. Server certificates are used for authentication while client certificates are primarily used for authorization. More on&nbsp;<code><strong>man gvm-manage-certs<\/strong><\/code>.<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>gvm-manage-certs -a<\/code><\/pre>\n\n\n\n<pre class=\"wp-block-code\"><code>chown -R gvm: \/opt\/gvm\/ \/var\/lib\/gvm<\/code><\/pre>\n\n\n\n<h4 class=\"wp-block-heading\" id=\"build-install-ospd-ospd-openvas\">Build and Install OSPd and OSPd-OpenVAS<\/h4>\n\n\n\n<p>Open Scanner Protocol (OSP) creates a unified interface for different security scanners and makes their control flow and scan results consistently available under the central Greenbone Vulnerability Manager service.<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>su - gvm<\/code><\/pre>\n\n\n\n<pre class=\"wp-block-code\"><code>export PKG_CONFIG_PATH=\/opt\/gvm\/lib\/pkgconfig:$PKG_CONFIG_PATH<\/code><\/pre>\n\n\n\n<p>Based on the current version of Python installed, set the PYTHONPATH. We use Python 3.7 in this demo.<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>export PYTHONPATH=\/opt\/gvm\/lib\/python3.7\/site-packages<\/code><\/pre>\n\n\n\n<pre class=\"wp-block-code\"><code>mkdir -p \/opt\/gvm\/lib\/python3.7\/site-packages<\/code><\/pre>\n\n\n\n<p>Build OSPD<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>cd \/opt\/gvm\/gvm-source\/ospd<\/code><\/pre>\n\n\n\n<pre class=\"wp-block-preformatted\"><code>python3.7 setup.py install --prefix=\/opt\/gvm<\/code><\/pre>\n\n\n\n<p>Build OSPD-OpenVAS<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>cd \/opt\/gvm\/gvm-source\/ospd-openvas<\/code><\/pre>\n\n\n\n<pre class=\"wp-block-code\"><code>python3.7 setup.py install --prefix=\/opt\/gvm<\/code><\/pre>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"running-gvm11-services-ubuntu20.04\">Running OpenVAS Scanner, GSA and GVM services<\/h3>\n\n\n\n<p>In order to make the management of OpenVAS scanner, GSA (WebUI service) and GVM daemon, create systemd service unit files for each of them as follows.<\/p>\n\n\n\n<p>Log out as&nbsp;<code><strong>gvm<\/strong><\/code>&nbsp;user and execute the commands below as a privileged user.<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>exit<\/code><\/pre>\n\n\n\n<pre class=\"wp-block-code\"><code>sudo chown -R gvm: \/opt\/gvm\/<\/code><\/pre>\n\n\n\n<h4 class=\"wp-block-heading\" id=\"create-gvm11-systemd-services\">Creating Systemd Service units for GVM services<\/h4>\n\n\n\n<h5 class=\"wp-block-heading\" id=\"create-gvm-11-openvas-service\">Create OSPD OpenVAS systemd service<\/h5>\n\n\n\n<pre class=\"scroll-box\"><code>\ncat > \/etc\/systemd\/system\/ospd-openvas.service << 'EOL'\n[Unit]\nDescription=Description=OSPd Wrapper for the OpenVAS Scanner (ospd-openvas)\nAfter=redis.service\nAfter=postgresql.service\n\n[Service]\nExecStartPre=-rm -rf \/run\/gvm\/ospd-openvas.pid \/run\/gvm\/ospd-openvas.sock\nType=simple\nUser=gvm\nGroup=gvm\nRuntimeDirectory=gvm\nEnvironment=PATH=\/usr\/local\/sbin:\/usr\/local\/bin:\/usr\/sbin:\/usr\/bin:\/sbin:\/bin:\/usr\/games:\/usr\/local\/games:\/opt\/gvm\/bin:\/opt\/gvm\/sbin\nEnvironment=PYTHONPATH=\/opt\/gvm\/lib\/python3.7\/site-packages\nExecStart=\/opt\/gvm\/bin\/ospd-openvas \\\n--pid-file \/run\/gvm\/ospd-openvas.pid \\\n--log-file \/var\/log\/gvm\/ospd-openvas.log \\\n--lock-file-dir \/run\/gvm\/ -u \/run\/gvm\/ospd-openvas.sock\nRemainAfterExit=yes\n\n[Install]\nWantedBy=multi-user.target\nEOL\n<\/code><\/pre>\n\n\n\n<pre class=\"wp-block-code\"><code>chown -R gvm: \/run\/gvm \/var\/log\/gvm<\/code><\/pre>\n\n\n\n<p>Reload systemd service unit configurations.<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>systemctl daemon-reload<\/code><\/pre>\n\n\n\n<pre class=\"wp-block-code\"><code>systemctl start ospd-openvas<\/code><\/pre>\n\n\n\n<p>Check the status of the service;<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>systemctl status ospd-openvas<\/code><\/pre>\n\n\n\n<pre class=\"scroll-box\"><code>\u25cf ospd-openvas.service - Description=OSPd Wrapper for the OpenVAS Scanner (ospd-openvas)\n   Loaded: loaded (\/etc\/systemd\/system\/ospd-openvas.service; enabled; vendor preset: disabled)\n   Active: active (exited) since Thu 2021-09-30 06:41:59 EAT; 3min 38s ago\n  Process: 967 ExecStart=\/opt\/gvm\/bin\/ospd-openvas --pid-file \/run\/gvm\/ospd-openvas.pid --log-file \/var\/log\/gvm\/ospd-openvas.log --lock-file-dir \/run\/gvm\/ -u \/run\/gvm\/ospd&gt;\n  Process: 965 ExecStartPre=\/usr\/bin\/rm -rf \/run\/gvm\/ospd-openvas.pid \/run\/gvm\/ospd-openvas.sock (code=exited, status=0\/SUCCESS)\n Main PID: 967 (code=exited, status=0\/SUCCESS)\n    Tasks: 4 (limit: 29841)\n   Memory: 630.1M\n   CGroup: \/system.slice\/ospd-openvas.service\n           \u251c\u25001694 \/usr\/local\/bin\/python3.7 \/opt\/gvm\/bin\/ospd-openvas --pid-file \/run\/gvm\/ospd-openvas.pid --log-file \/var\/log\/gvm\/ospd-openvas.log --lock-file-dir \/run\/gvm&gt;\n           \u2514\u25001696 \/usr\/local\/bin\/python3.7 \/opt\/gvm\/bin\/ospd-openvas --pid-file \/run\/gvm\/ospd-openvas.pid --log-file \/var\/log\/gvm\/ospd-openvas.log --lock-file-dir \/run\/gvm&gt;\n\nSep 30 06:41:59 rocky8 systemd[1]: Starting Description=OSPd Wrapper for the OpenVAS Scanner (ospd-openvas)...\nSep 30 06:41:59 rocky8 systemd[1]: Started Description=OSPd Wrapper for the OpenVAS Scanner (ospd-openvas).\n<\/code><\/pre>\n\n\n\n<p>Check the logs;<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>tail -f \/var\/log\/gvm\/ospd-openvas.log<\/code><\/pre>\n\n\n\n<p>Enable OpenVAS scanner to run on system boot;<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>systemctl enable ospd-openvas<\/code><\/pre>\n\n\n\n<h5 class=\"wp-block-heading\" id=\"create-gvm-service-unit-file\">Create GVMD Systemd Service files<\/h5>\n\n\n\n<pre class=\"wp-block-code\"><code>cp \/lib\/systemd\/system\/gvmd.service{,.bak}<\/code><\/pre>\n\n\n\n<pre class=\"scroll-box\"><code>\ncat > \/lib\/systemd\/system\/gvmd.service << 'EOL'\n[Unit]\nDescription=Greenbone Vulnerability Manager daemon (gvmd)\nAfter=ospd-openvas.service\nWants=postgresql.service ospd-openvas.service\n\n[Service]\nType=simple\nUser=gvm\nGroup=gvm\nRuntimeDirectory=gvm\nEnvironment=PATH=\/usr\/local\/sbin:\/usr\/local\/bin:\/usr\/sbin:\/usr\/bin:\/sbin:\/bin:\/usr\/games:\/usr\/local\/games:\/opt\/gvm\/bin:\/opt\/gvm\/sbin\nEnvironment=PYTHONPATH=\/opt\/gvm\/lib\/python3.7\/site-packages\nExecStart=\/opt\/gvm\/sbin\/gvmd --osp-vt-update=\/run\/gvm\/ospd-openvas.sock --unix-socket=\/run\/gvm\/gvmd.sock\nRemainAfterExit=yes\n\n[Install]\nWantedBy=multi-user.target\nEOL\n<\/code><\/pre>\n\n\n\n<p>Reload systemd configs and start GVMD.<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>systemctl daemon-reload<\/code><\/pre>\n\n\n\n<pre class=\"wp-block-code\"><code>systemctl start gvmd<\/code><\/pre>\n\n\n\n<p>Check the status;<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>systemctl status gvmd<\/code><\/pre>\n\n\n\n<pre class=\"scroll-box\"><code>\u25cf gvmd.service - Greenbone Vulnerability Manager daemon (gvmd)\n   Loaded: loaded (\/usr\/lib\/systemd\/system\/gvmd.service; enabled; vendor preset: disabled)\n   Active: active (exited) since Thu 2021-09-30 06:41:59 EAT; 6min ago\n  Process: 968 ExecStart=\/opt\/gvm\/sbin\/gvmd --osp-vt-update=\/run\/gvm\/ospd-openvas.sock --unix-socket=\/run\/gvm\/gvmd.sock (code=exited, status=0\/SUCCESS)\n Main PID: 968 (code=exited, status=0\/SUCCESS)\n    Tasks: 1 (limit: 29841)\n   Memory: 116.3M\n   CGroup: \/system.slice\/gvmd.service\n           \u2514\u25001113 gvmd: Waiting for incoming connections\n\nSep 30 06:41:59 rocky8 systemd[1]: Started Greenbone Vulnerability Manager daemon (gvmd).\n<\/code><\/pre>\n\n\n\n<h5 class=\"wp-block-heading\" id=\"create-gsa-service-unit-file\">Create GSA systemd service Unit file<\/h5>\n\n\n\n<pre class=\"wp-block-code\"><code>cp \/lib\/systemd\/system\/gsad.service{,.bak}<\/code><\/pre>\n\n\n\n<pre class=\"scroll-box\"><code>\ncat > \/etc\/systemd\/system\/gsad.service << 'EOL'\n[Unit]\nDescription=Greenbone Security Assistant daemon (gsad)\nDocumentation=man:gsad(8) https:\/\/www.greenbone.net\nAfter=network.target gvmd.service\nWants=gvmd.service\n\n[Service]\nType=forking\nUser=gvm\nGroup=gvm\n#PIDFile=\/run\/gvm\/gsad.pid\nEnvironment=PATH=\/usr\/local\/sbin:\/usr\/local\/bin:\/usr\/sbin:\/usr\/bin:\/sbin:\/bin:\/usr\/games:\/usr\/local\/games:\/opt\/gvm\/bin:\/opt\/gvm\/sbin:\/opt\/gvm\/.local\/bin\nEnvironment=PYTHONPATH=\/opt\/gvm\/lib\/python3.7\/site-packages\nExecStart=\/usr\/bin\/sudo \/opt\/gvm\/sbin\/gsad --munix-socket=\/run\/gvm\/gvmd.sock -k \/var\/lib\/gvm\/private\/CA\/clientkey.pem -c \/var\/lib\/gvm\/CA\/clientcert.pem\nRemainAfterExit=yes\n\n[Install]\nWantedBy=multi-user.target\nAlias=greenbone-security-assistant.service\nEOL\n<\/code><\/pre>\n\n\n\n<p>Reload system unit configs and start the services;<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>systemctl daemon-reload\nsystemctl enable --now gsad<\/code><\/pre>\n\n\n\n<p>Checking the status;<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>systemctl status gsad<\/code><\/pre>\n\n\n\n<pre class=\"scroll-box\"><code>\u25cf gsad.service - Greenbone Security Assistant daemon (gsad)\n   Loaded: loaded (\/usr\/lib\/systemd\/system\/gsad.service; enabled; vendor preset: disabled)\n   Active: active (exited) since Thu 2021-09-30 06:54:51 EAT; 33s ago\n     Docs: man:gsad(8)\n           https:\/\/www.greenbone.net\n  Process: 2242 ExecStart=\/usr\/bin\/sudo \/opt\/gvm\/sbin\/gsad --munix-socket=\/run\/gvm\/gvmd.sock -k \/var\/lib\/gvm\/private\/CA\/clientkey.pem -c \/var\/lib\/gvm\/CA\/clientcert.pem (co&gt;\n\nSep 30 06:54:51 rocky8 systemd[1]: Starting Greenbone Security Assistant daemon (gsad)...\nSep 30 06:54:51 rocky8 sudo[2242]:      gvm : TTY=unknown ; PWD=\/ ; USER=root ; COMMAND=\/opt\/gvm\/sbin\/gsad --munix-socket=\/run\/gvm\/gvmd.sock -k \/var\/lib\/gvm\/private\/CA\/cli&gt;\nSep 30 06:54:51 rocky8 systemd[1]: Started Greenbone Security Assistant daemon (gsad).\n<\/code><\/pre>\n\n\n\n<h4 class=\"wp-block-heading\">Create GVM Scanner<\/h4>\n\n\n\n<p>Since we launched the scanner and set it to use our non-standard scanner host path (<strong>\/run\/gvm\/ospd-openvas.sock<\/strong>), we need to create and register our scanner;<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>sudo -Hiu gvm gvmd --create-scanner=\"Kifarunix-demo OpenVAS Scanner\" --scanner-type=\"OpenVAS\" --scanner-host=\/run\/gvm\/ospd-openvas.sock<\/code><\/pre>\n\n\n\n<p>Next, you need to verify your scanner. For this, you first need to get the scanner identifier;<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>sudo -Hiu gvm gvmd --get-scanners<\/code><\/pre>\n\n\n\n<pre class=\"wp-block-code\"><code>08b69003-5fc2-4037-a479-93b440211c73  OpenVAS  \/run\/ospd\/ospd-openvas.sock  0  OpenVAS Default\n6acd0832-df90-11e4-b9d5-28d24461215b  CVE    0  CVE\n18258727-8815-46ec-b3e6-4d8ce5dcc956  OpenVAS  \/run\/gvm\/ospd-openvas.sock  9390  Kifarunix-demo OpenVAS Scanner<\/code><\/pre>\n\n\n\n<p>Based on the output above, our scanner UUID is,&nbsp;<strong><code>18258727-8815-46ec-b3e6-4d8ce5dcc956<\/code><\/strong>.<\/p>\n\n\n\n<p>Verify the scanner;<\/p>\n\n\n\n<pre class=\"wp-block-preformatted\"><code>sudo -Hiu gvm gvmd --verify-scanner=<strong>18258727-8815-46ec-b3e6-4d8ce5dcc956<\/strong><\/code><\/pre>\n\n\n\n<p>Command output;<\/p>\n\n\n\n<pre class=\"wp-block-preformatted\"><code>Scanner version: OpenVAS 21.4.3~dev1~git-e0012eb5-openvas-21.04.<\/code><\/pre>\n\n\n\n<h4 class=\"wp-block-heading\" id=\"create-gvm11-admin-user\">Create OpenVAS (GVM) Admin User<\/h4>\n\n\n\n<p>Create OpenVAS administrative user by running the command below;<\/p>\n\n\n\n<pre class=\"wp-block-preformatted\"><code>sudo -Hiu gvm gvmd --create-user admin<\/code><\/pre>\n\n\n\n<p>This command generates a random password for the user. See sample output below;<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>User created with password 'fee42e66-117c-42f8-9b48-429e51194a13'.<\/code><\/pre>\n\n\n\n<p>If you want to create a user and at the same time create your own password;<\/p>\n\n\n\n<pre class=\"wp-block-preformatted\"><code>sudo -Hiu gvm gvmd --create-user gvmadmin --password=StronGP@SS<\/code><\/pre>\n\n\n\n<p>Otherwise, you can reset the password of an already existing user;<\/p>\n\n\n\n<pre class=\"wp-block-preformatted\"><code>sudo -Hiu gvm gvmd --user=&lt;USERNAME&gt; --new-password=&lt;PASSWORD&gt;<\/code><\/pre>\n\n\n\n<p>An administrator user can later create further users or administrators via clients like the Greenbone Security Assistant (GSA).<\/p>\n\n\n\n<h4 class=\"wp-block-heading\">Set the Feed Import Owner<\/h4>\n\n\n\n<p>According to&nbsp;<code><strong>gvmd\/INSTALL.md<\/strong><\/code>, certain resources that were previously part of the gvmd source code are now shipped via the feed. An example is the config \u201cFull and Fast\u201d.<\/p>\n\n\n\n<p>gvmd will only create these resources if a \u201cFeed Import Owner\u201d is configured:<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>sudo -Hiu gvm gvmd --modify-setting 78eceaec-3385-11ea-b237-28d24461215b --value &lt;uuid_of_user&gt;<\/code><\/pre>\n\n\n\n<p>The UUIDs of all created users can be found using<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>sudo -Hiu gvm gvmd --get-users --verbose<\/code><\/pre>\n\n\n\n<p>Sample output;<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>admin 9a9e5070-d2f0-4802-971e-c9d61e682c21<\/code><\/pre>\n\n\n\n<p>Then modify the gvmd settings with the user UUID.<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>sudo -Hiu gvm gvmd --modify-setting 78eceaec-3385-11ea-b237-28d24461215b --value 9a9e5070-d2f0-4802-971e-c9d61e682c21<\/code><\/pre>\n\n\n\n<h4 class=\"wp-block-heading\">GVM Log Files<\/h4>\n\n\n\n<p>Various Log files are located under the&nbsp;<code><strong>\/opt\/gvm\/var\/log\/gvm<\/strong><\/code>&nbsp;directory.<\/p>\n\n\n\n<pre class=\"wp-block-preformatted\"><code>ls \/opt\/gvm\/var\/log\/gvm<\/code><\/pre>\n\n\n\n<pre class=\"wp-block-code\"><code>gsad.log<\/code><\/pre>\n\n\n\n<pre class=\"wp-block-code\"><code>ls -1 \/var\/log\/gvm\/<\/code><\/pre>\n\n\n\n<pre class=\"wp-block-code\"><code>gvmd.log\nopenvas.log\nospd-openvas.log<\/code><\/pre>\n\n\n\n<h3 class=\"wp-block-heading\">Accessing GVM 21.04 (OpenVAS)<\/h3>\n\n\n\n<p>Greenbone Security Assistant (GSA) WebUI daemon opens port 443 and listens on all interfaces. If firewall is running, open this port to allow external access.<\/p>\n\n\n\n<pre class=\"wp-block-preformatted\"><code>firewall-cmd --add-port=443\/tcp --permanent\nfirewall-cmd --reload<\/code><\/pre>\n\n\n\n<p>You can now access GSA via the url&nbsp;<code><strong>https:&lt;serverIP-OR-hostname&gt;<\/strong><\/code>. Accept the self-signed SSL warning and proceed.<a href=\"https:\/\/kifarunix.com\/wp-content\/uploads\/2021\/02\/gvm-login-page.png\"><\/a><\/p>\n\n\n\n<figure class=\"wp-block-image size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"1420\" height=\"791\" src=\"https:\/\/kifarunix.com\/wp-content\/uploads\/2021\/07\/gvm-login.png\" alt=\"\" class=\"wp-image-9865\" title=\"\" srcset=\"https:\/\/kifarunix.com\/wp-content\/uploads\/2021\/07\/gvm-login.png?v=1627418952 1420w, https:\/\/kifarunix.com\/wp-content\/uploads\/2021\/07\/gvm-login-768x428.png?v=1627418952 768w\" sizes=\"(max-width: 1420px) 100vw, 1420px\" \/><\/figure>\n\n\n\n<p>Login with the administrative credentials generated above.<\/p>\n\n\n\n<figure class=\"wp-block-image size-full\"><img loading=\"lazy\" decoding=\"async\" width=\"1915\" height=\"773\" src=\"https:\/\/kifarunix.com\/wp-content\/uploads\/2021\/09\/gvm-21.04-rocky-linux.png\" alt=\"\" class=\"wp-image-10572\" title=\"\" srcset=\"https:\/\/kifarunix.com\/wp-content\/uploads\/2021\/09\/gvm-21.04-rocky-linux.png?v=1632974980 1915w, https:\/\/kifarunix.com\/wp-content\/uploads\/2021\/09\/gvm-21.04-rocky-linux-768x310.png?v=1632974980 768w, https:\/\/kifarunix.com\/wp-content\/uploads\/2021\/09\/gvm-21.04-rocky-linux-1536x620.png?v=1632974980 1536w\" sizes=\"(max-width: 1915px) 100vw, 1915px\" \/><\/figure>\n\n\n\n<p>Secinfo<a href=\"https:\/\/kifarunix.com\/wp-content\/uploads\/2021\/02\/gvm-cves.png\"><\/a><\/p>\n\n\n\n<figure class=\"wp-block-image size-full\"><img loading=\"lazy\" decoding=\"async\" width=\"1920\" height=\"914\" src=\"https:\/\/kifarunix.com\/wp-content\/uploads\/2021\/09\/sec-info.png\" alt=\"\" class=\"wp-image-10573\" title=\"\" srcset=\"https:\/\/kifarunix.com\/wp-content\/uploads\/2021\/09\/sec-info.png?v=1632974997 1920w, https:\/\/kifarunix.com\/wp-content\/uploads\/2021\/09\/sec-info-768x366.png?v=1632974997 768w, https:\/\/kifarunix.com\/wp-content\/uploads\/2021\/09\/sec-info-1536x731.png?v=1632974997 1536w\" sizes=\"(max-width: 1920px) 100vw, 1920px\" \/><\/figure>\n\n\n\n<p>Port lists<\/p>\n\n\n\n<figure class=\"wp-block-image\"><img loading=\"lazy\" decoding=\"async\" width=\"1898\" height=\"543\" src=\"https:\/\/kifarunix.com\/wp-content\/uploads\/2021\/02\/gvm-port-lists.png\" alt=\"\" class=\"wp-image-7903\" title=\"\" srcset=\"https:\/\/kifarunix.com\/wp-content\/uploads\/2021\/02\/gvm-port-lists.png?v=1612815295 1898w, https:\/\/kifarunix.com\/wp-content\/uploads\/2021\/02\/gvm-port-lists-768x220.png?v=1612815295 768w, https:\/\/kifarunix.com\/wp-content\/uploads\/2021\/02\/gvm-port-lists-1536x439.png?v=1612815295 1536w, https:\/\/kifarunix.com\/wp-content\/uploads\/2021\/02\/gvm-port-lists-150x43.png?v=1612815295 150w, https:\/\/kifarunix.com\/wp-content\/uploads\/2021\/02\/gvm-port-lists-300x86.png?v=1612815295 300w, https:\/\/kifarunix.com\/wp-content\/uploads\/2021\/02\/gvm-port-lists-696x199.png?v=1612815295 696w, https:\/\/kifarunix.com\/wp-content\/uploads\/2021\/02\/gvm-port-lists-1068x306.png?v=1612815295 1068w, https:\/\/kifarunix.com\/wp-content\/uploads\/2021\/02\/gvm-port-lists-1468x420.png?v=1612815295 1468w\" sizes=\"(max-width: 1898px) 100vw, 1898px\" \/><\/figure>\n\n\n\n<p>And there you go. That is all it take to install and Setup GVM 21.04 on Rocky Linux 8. You can now start running your scans.<\/p>\n\n\n\n<p><strong>NOTE<\/strong>: When creating a scan task, be sure to select the Scanner we created above.<\/p>\n\n\n\n<figure class=\"wp-block-image\"><img loading=\"lazy\" decoding=\"async\" width=\"1215\" height=\"671\" src=\"https:\/\/kifarunix.com\/wp-content\/uploads\/2020\/08\/scanner.png\" alt=\"\" class=\"wp-image-6845\" title=\"\" srcset=\"https:\/\/kifarunix.com\/wp-content\/uploads\/2020\/08\/scanner.png?v=1598636617 1215w, https:\/\/kifarunix.com\/wp-content\/uploads\/2020\/08\/scanner-768x424.png?v=1598636617 768w\" sizes=\"(max-width: 1215px) 100vw, 1215px\" \/><\/figure>\n\n\n\n<p><a href=\"https:\/\/kifarunix.com\/wp-content\/uploads\/2020\/08\/scanner.png\"><\/a><\/p>\n\n\n\n<p>Sample Scan results;<a href=\"https:\/\/kifarunix.com\/wp-content\/uploads\/2021\/02\/gvm-port-lists.png\"><\/a><\/p>\n\n\n\n<figure class=\"wp-block-image size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"1915\" height=\"496\" src=\"https:\/\/kifarunix.com\/wp-content\/uploads\/2021\/07\/sample-scan-result.png\" alt=\"\" class=\"wp-image-9869\" title=\"\" srcset=\"https:\/\/kifarunix.com\/wp-content\/uploads\/2021\/07\/sample-scan-result.png?v=1627419400 1915w, https:\/\/kifarunix.com\/wp-content\/uploads\/2021\/07\/sample-scan-result-768x199.png?v=1627419400 768w, https:\/\/kifarunix.com\/wp-content\/uploads\/2021\/07\/sample-scan-result-1536x398.png?v=1627419400 1536w\" sizes=\"(max-width: 1915px) 100vw, 1915px\" \/><\/figure>\n\n\n\n<p>You can now create your target hosts to scan and schedule the scans to run at your own preferred time.<\/p>\n\n\n\n<p>That marks the end of our tutorial on how to install and setup GVM 21.04 on Rocky Linux 8.<\/p>\n\n\n\n<p>Did I miss anything, drop it in the comments section!! Enjoy<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">Reference<\/h3>\n\n\n\n<p>Source files&nbsp;<strong>README.md&nbsp;<\/strong>and&nbsp;<strong>INSTALL.md<\/strong>&nbsp;files.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">Other Tutorials<\/h3>\n\n\n\n<p><a href=\"https:\/\/kifarunix.com\/install-nikto-web-scanner-on-rocky-linux-8\/\" target=\"_blank\" rel=\"noreferrer noopener\">Install Nikto Web Scanner on Rocky Linux 8<\/a><\/p>\n\n\n\n<p><a href=\"https:\/\/kifarunix.com\/install-and-use-nikto-web-scanner-on-ubuntu-20-04\/\" target=\"_blank\" rel=\"noreferrer noopener\">Install and Use Nikto Web Scanner on Ubuntu 20.04<\/a><\/p>\n\n\n\n<p><a href=\"https:\/\/kifarunix.com\/install-and-setup-gvm-20-08-on-debian\/\" target=\"_blank\" rel=\"noreferrer noopener\">Install and setup GVM 20.08 on Debian 10<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>In this guide, you will learn how to install &nbsp;GVM 21.04&nbsp;on Rocky Linux 8.&nbsp;Greenbone&nbsp;Vulnerability&nbsp;Management (GVM), previously known as OpenVAS, is a network security scanner which<\/p>\n","protected":false},"author":1,"featured_media":9878,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"rank_math_lock_modified_date":false,"footnotes":""},"categories":[34,121,370,150],"tags":[3903,3900,3901,3902],"class_list":["post-9377","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-security","category-howtos","category-openvas","category-vulnerability-scanners","tag-install-gvm","tag-install-gvm-rocky-linux","tag-openvas-rocky-linux","tag-rocky-linux-8-gvm-install","generate-columns","tablet-grid-50","mobile-grid-100","grid-parent","grid-50","resize-featured-image"],"_links":{"self":[{"href":"https:\/\/kifarunix.com\/wp-json\/wp\/v2\/posts\/9377"}],"collection":[{"href":"https:\/\/kifarunix.com\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/kifarunix.com\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/kifarunix.com\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/kifarunix.com\/wp-json\/wp\/v2\/comments?post=9377"}],"version-history":[{"count":63,"href":"https:\/\/kifarunix.com\/wp-json\/wp\/v2\/posts\/9377\/revisions"}],"predecessor-version":[{"id":21714,"href":"https:\/\/kifarunix.com\/wp-json\/wp\/v2\/posts\/9377\/revisions\/21714"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/kifarunix.com\/wp-json\/wp\/v2\/media\/9878"}],"wp:attachment":[{"href":"https:\/\/kifarunix.com\/wp-json\/wp\/v2\/media?parent=9377"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/kifarunix.com\/wp-json\/wp\/v2\/categories?post=9377"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/kifarunix.com\/wp-json\/wp\/v2\/tags?post=9377"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}