Skip to content

Instantly share code, notes, and snippets.

@ZEROF

ZEROF/openvas-backbox4.sh

Last active August 10, 2024 16:21
Show Gist options
  • Save ZEROF/fb790b35098be3bafcaf to your computer and use it in GitHub Desktop.
Save ZEROF/fb790b35098be3bafcaf to your computer and use it in GitHub Desktop.
Download ZIP
OpenVAS 7 BackBox 4 installation
Raw
openvas-backbox4.sh
#!/bin/bash
# Install OpenVas 7 with BackBox 4.0
# Author ZEROF <zerof at backbox dot org>
# Orginal idea (not working any more): http://www.mockel.se/index.php/2014/02/openvas-7-beta-on-ubuntu-14-04-lts-beta/
# This installation guide was update and translated to script by ZEROF for BackBox 4 users.
# -OpenVas packages updated to last version /x2
# -Fixed installation erros
# -Installing gpg key for feeds upgrade
# -Setting user and password
# -Remove script was upgraded and remove menu option included
# -Add service option to BackBox menu start/stop/restart/update (new 100% recoded)
# If you like Linux and security join https://forum.backbox.org
# Script version 0.4b
# This script is distributed under a DO WHAT THE F*** YOU WANT TO PUBLIC LICENSE.
# https://pentester.iz.rs/blog/licence
# Check user for root
if [ $USER != 'root' ]; then
echo "[!]Are you root? NO. Then try again."
exit
fi
#Just to keep eye inside terminal
function enter () {
echo ""
read -sn 1 -p "Press any key to continue..."
clear
}
# Run system upgrade and install dependencies
function packages () {
apt-get update
apt-get upgrade -y
apt-get install -y build-essential devscripts dpatch libassuan-dev \
libglib2.0-dev libgpgme11-dev libpcre3-dev libpth-dev libwrap0-dev libgmp-dev libgmp3-dev \
libgpgme11-dev libopenvas2 libpcre3-dev libpth-dev quilt cmake pkg-config \
libssh-dev libglib2.0-dev libpcap-dev libgpgme11-dev uuid-dev bison libksba-dev \
doxygen sqlfairy xmltoman sqlite3 libsqlite3-dev wamerican \
libmicrohttpd-dev libxml2-dev libxslt1-dev xsltproc libssh2-1-dev libldap2-dev autoconf nmap libgnutls-dev
}
#Get OpenVAS last sources
function source () {
cd /usr/local/src/
mkdir openvas
cd openvas/
wget http://wald.intevation.org/frs/download.php/1907/openvas-libraries-7.0.7.tar.gz
wget http://wald.intevation.org/frs/download.php/1844/openvas-scanner-4.0.5.tar.gz
wget http://wald.intevation.org/frs/download.php/1911/openvas-manager-5.0.8.tar.gz
wget http://wald.intevation.org/frs/download.php/1915/greenbone-security-assistant-5.0.5.tar.gz
wget http://wald.intevation.org/frs/download.php/1803/openvas-cli-1.3.1.tar.gz
find . -name \*.gz -exec tar zxvfp {} \;
rm -rf *.tar.gz
}
# OpenVas libraries installation
function libraries () {
cd /usr/local/src/openvas
cd openvas-libraries-7.0.7
mkdir build
cd build
cmake ..
make
make doc-full
make install
cd /usr/local/src/openvas
}
# OpenVas scanner installation
function scanner () {
cd /usr/local/src/openvas
cd openvas-scanner-4.0.5
mkdir build
cd build/
cmake ..
make
make doc-full
make install
cd /usr/local/src/openvas
}
# Install OpenVas certificate, reload libraries, OpenVas feed gpg key
function certificate () {
openvas-mkcert -f
ldconfig
cd /usr/local/etc/openvas
wget http://www.openvas.org/OpenVAS_TI.asc
gpg --homedir=/usr/local/etc/openvas/gnupg/ --import OpenVAS_TI.asc
cd /usr/local/src
}
# Install OpenVas manager
function manager () {
cd /usr/local/src/openvas
cd openvas-manager-5.0.8
mkdir build
cd build/
cmake ..
make
make doc-full
make install
cd /usr/local/src/openvas
}
# Install OpenVas CLI
function cli () {
cd /usr/local/src/openvas
cd openvas-cli-1.3.1
mkdir build
cd build/
cmake ..
make
make doc-full
make install
cd /usr/local/src/openvas
}
# Install OpenVas GSA
function gsa () {
cd /usr/local/src/openvas
cd greenbone-security-assistant-5.0.5
mkdir build
cd build/
cmake ..
make
make doc-full
make install
cd /usr/local/src/openvas
}
# NVT, CERT and SCAP installation
function repos () {
openvas-scapdata-sync
openvas-certdata-sync
openvas-nvt-sync --wget
}
# Start OpenVas 7
function start () {
echo "You can ignore 'no process found' messages (for now)"
echo ""
sleep 3
killall openvassd
killall openvasmd
killall gsad
touch /usr/local/var/lib/openvas/mgr/tasks.db
/usr/local/sbin/openvassd --port 9391
openvas-mkcert-client -n -i
echo ""
echo "___________________"
echo ""
echo -e "You need to wait for about 5-10min before OpenVas synchronization with NVT feeds, patient ...\n
On 2nd terminal run command ps -ef | grep openvassd, and if you get message like openvassd: ... NTVs (10% / ETA: 00.31) and not \n
openvassd: Waiting for incoming connetion, your will be in position to use OpenVas."
echo ""
sleep 300
# /usr/local/sbin/openvasmd --backup
/usr/local/sbin/openvasmd --rebuild --progress
/usr/local/sbin/openvasmd --listen=127.0.0.1 --port=9390
/usr/local/sbin/gsad --http-only --listen=127.0.0.1 --port=9392 --mlisten=127.0.0.1 --mport=9390
echo ""
# Spelling error(s) reported by weVeg. Thank you bro, you are the winner :)
echo "TO LOGIN WITH OPENVAS GSA TYPE THIS IN NEW TERMINAL WINDOW OR OPEN IP WITH Firefox"
echo "firefox 127.0.0.1:9392 &"
echo ""
sleep 10
}
# Add user admin/backbox
function user () {
openvasmd --create-user=admin --role=Admin
echo -e "New user name is admin\n"
sleep 5
openvasmd --user=admin --new-password=backbox
echo "New user password is backbox"
sleep 5
cd /usr/local/src/openvas
openvas-mkcert-client -n -i
}
# Check OpenVas 7 installation
function checkit () {
wget http://linux.gungoos.com/openvas-check-setup
chmod 755 openvas-check-setup
./openvas-check-setup --v7 --server
rm -rf openvas-check-setup
}
# Remove OpenVas 7 installation
function blank () {
killall openvassd
killall openvasmd
killall gsad
FILES="/usr/local/src/openvas
/usr/local/var/lib/openvas
/usr/local/var/log/openvas
/usr/local/var/cache/openvas
/usr/local/include/openvas
/usr/local/etc/openvas
/usr/local/share/openvas
/etc/init.d/openvas-services
/usr/share/applications/services-openvas-services-start.desktop
/usr/share/applications/services-openvas-services-stop.desktop
/usr/local/sbin/openvassd
/usr/local/sbin/openvasmd
/usr/local/sbin/gsad
/usr/local/sbin/openvas-scapdata-sync
/usr/local/sbin/openvas-scapdata-sync"
for f in $FILES
do
echo "Removing OpenVas 7 from your system ..."
rm -rf $f
done
}
# Remove OpenVas 7 from BackBox menu
function blank_menu () {
FILES="/usr/share/applications/services-openvas-services-start.desktop
/usr/share/applications/services-openvas-services-stop.desktop
/usr/share/applications/services-openvas-services-restart.desktop
/usr/share/applications/services-openvas-services-update.desktop"
for f in $FILES
do
echo "Removing OpenVas 7 from BackBox 4 menu ..."
rm -rf $f
done
}
# OpenVas BackBox start option
function service_start () {
cat > /usr/share/applications/services-openvas-services-start.desktop <<EOF
[Desktop Entry]
Type=Application
Name=OpenVas start
GenericName=OpenVAS Services
Comment=OpenVas start
TryExec=openvassd openvasmd gsad
Exec=sh -c "sudo openvassd --port 9391;sleep 60;sudo openvasmd --rebuild --progress;sudo openvasmd --listen=127.0.0.1 --port=9390;sudo gsad --http-only --listen=127.0.0.1 --port=9392 --mlisten=127.0.0.1 --mport=9390;echo '';echo 'OpenVas is running now';echo ''; ${SHELL:-bash}"
Icon=utilities-terminal
Terminal=true
Categories=BackBox-Services-OpenVAS;
EOF
}
# OpenVas BackBox stop option
function service_stop () {
cat > /usr/share/applications/services-openvas-services-stop.desktop <<EOF
[Desktop Entry]
Type=Application
Name=OpenVas stop
GenericName=OpenVAS Services
Comment=OpenVas stop
TryExec=killall
Exec=sh -c "sudo killall openvassd;sudo killall openvasdm;sudo killall gsad;echo '';echo 'OpenVas is stopped'; ${SHELL:-bash}"
Icon=utilities-terminal
Terminal=true
Categories=BackBox-Services-OpenVAS;
EOF
}
# OpenVas BackBox restart option
function service_restart () {
cat > /usr/share/applications/services-openvas-services-restart.desktop <<EOF
[Desktop Entry]
Type=Application
Name=OpenVas restart
GenericName=OpenVAS Services
Comment=service openvas-services restart
TryExec=killall openvassd openvasmd gsad
Exec=sh -c "sudo killall openvassd;sudo killall openvasdm;sudo killall gsad;sudo openvassd --port 9391;sleep 60;sudo openvasmd --rebuild --progress; sudo openvasmd --listen=127.0.0.1 --port=9390;sudo gsad --http-only --listen=127.0.0.1 --port=9392 --mlisten=127.0.0.1 --mport=9390; echo'';echo 'Done';echo'';${SHELL:-bash}"
Icon=utilities-terminal
Terminal=true
Categories=BackBox-Services-OpenVAS;
EOF
}
# OpenVas BackBox update option
function service_update () {
cat > /usr/share/applications/services-openvas-services-update.desktop <<EOF
[Desktop Entry]
Type=Application
Name=OpenVas update
GenericName=OpenVAS Services
Comment=OpenVas update
TryExec=openvas-scapdata-sync openvas-certdata-sync
Exec=sh -c "sudo openvas-scapdata-sync;sudo openvas-certdata-sync;echo'';echo -e 'OpenVas update:\nDone.';echo'';${SHELL:-bash}"
Icon=utilities-terminal
Terminal=true
Categories=BackBox-Services-OpenVAS;
EOF
}
# Script menu
function print_menu()
{
echo""
echo -e "\n$up \e[40;38;5;82m SETTING OPENVAS 7 WITH BACKBOX 4 \e[0m\n"
echo ""
echo "[1] - system update, upgrade and dependencies installation."
echo "[2]- download source packages."
echo "[3] - install OpenVas libraries."
echo "[4] - install OpenVas scanner."
echo "[5] - install OpenVas certificate."
echo "[6] - install OpenVas manager."
echo "[7] - install OpenVas CLI."
echo "[8] - install OpenVSA GSA."
echo "[9] - NVT, CERT and SCAP feeds installation."
echo "[10] - start OpenVas 7 only once with this option."
echo "[11] - add new GSA user and pass before first login(admin/backbox)."
echo "[12] - check OpenVas 7 installation."
echo "[13] - add OpenVas start/stop/restart/update services to BackBox Services menu."
echo "[14] - remove OpenVas 7 installation."
echo "[15] - remove OpenVas 7 from BackBox menu."
echo ""
echo "[0] - exit program"
echo ""
echo -e -n "$up Enter selection: "
}
# Menu source
selection=
until [ "$selection" = "0" ]; do
print_menu
read selection
echo ""
case $selection in
1 ) packages;enter;clear ;;
2 ) source;enter;clear ;;
3 ) libraries;enter;clear ;;
4 ) scanner;enter;clear ;;
5 ) certificate;enter;clear ;;
6 ) manager;enter;clear ;;
7 ) cli;enter;clear ;;
8 ) gsa;enter; clear ;;
9 ) repos;enter;clear ;;
10 ) start;enter; clear ;;
11 ) user;enter;echo "Now you can login with user admin and password backbox.";enter; clear ;;
12 ) checkit;enter; clear ;;
13 ) service_stop;service_start;service_restart;service_update;enter ;;
14 ) blank;enter;clear ;;
15 ) blank_menu;enter;clear ;;
0 ) exit ;;
* ) echo -e "$up Please enter 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15 or 0"
esac
done
@Sxx77Sulawesi
Copy link

GUE BUTUH BANTUAN

@ZEROF
Copy link
Author

ZEROF commented Aug 10, 2024
edited
Loading

GUE BUTUH BANTUAN

Hi,

Please use English. This is outdated script, you should not use it. Now OpenVas deployment is much easier with Docker. This is how to do:

mkdir openvas
cd openvas
nano docker-compose.yml

Copy this to docker-compose.yml.

services:
  vulnerability-tests:
    image: greenbone/vulnerability-tests
    environment:
      STORAGE_PATH: /var/lib/openvas/22.04/vt-data/nasl
    volumes:
      - vt_data_vol:/mnt

  notus-data:
    image: greenbone/notus-data
    volumes:
      - notus_data_vol:/mnt

  scap-data:
    image: greenbone/scap-data
    volumes:
      - scap_data_vol:/mnt

  cert-bund-data:
    image: greenbone/cert-bund-data
    volumes:
      - cert_data_vol:/mnt

  dfn-cert-data:
    image: greenbone/dfn-cert-data
    volumes:
      - cert_data_vol:/mnt
    depends_on:
      - cert-bund-data

  data-objects:
    image: greenbone/data-objects
    volumes:
      - data_objects_vol:/mnt

  report-formats:
    image: greenbone/report-formats
    volumes:
      - data_objects_vol:/mnt
    depends_on:
      - data-objects

  gpg-data:
    image: greenbone/gpg-data
    volumes:
      - gpg_data_vol:/mnt

  redis-server:
    image: greenbone/redis-server
    restart: on-failure
    volumes:
      - redis_socket_vol:/run/redis/

  pg-gvm:
    image: greenbone/pg-gvm:stable
    restart: on-failure
    volumes:
      - psql_data_vol:/var/lib/postgresql
      - psql_socket_vol:/var/run/postgresql

  gvmd:
    image: greenbone/gvmd:stable
    restart: on-failure
    volumes:
      - gvmd_data_vol:/var/lib/gvm
      - scap_data_vol:/var/lib/gvm/scap-data/
      - cert_data_vol:/var/lib/gvm/cert-data
      - data_objects_vol:/var/lib/gvm/data-objects/gvmd
      - vt_data_vol:/var/lib/openvas/plugins
      - psql_data_vol:/var/lib/postgresql
      - gvmd_socket_vol:/run/gvmd
      - ospd_openvas_socket_vol:/run/ospd
      - psql_socket_vol:/var/run/postgresql
    depends_on:
      pg-gvm:
        condition: service_started
      scap-data:
        condition: service_completed_successfully
      cert-bund-data:
        condition: service_completed_successfully
      dfn-cert-data:
        condition: service_completed_successfully
      data-objects:
        condition: service_completed_successfully
      report-formats:
        condition: service_completed_successfully

  gsa:
    image: greenbone/gsa:stable
    restart: on-failure
    ports:
      - 127.0.0.1:9392:80
    volumes:
      - gvmd_socket_vol:/run/gvmd
    depends_on:
      - gvmd
  # Sets log level of openvas to the set LOG_LEVEL within the env
  # and changes log output to /var/log/openvas instead /var/log/gvm
  # to reduce likelyhood of unwanted log interferences
  configure-openvas:
    image: greenbone/openvas-scanner:stable
    volumes:
      - openvas_data_vol:/mnt
      - openvas_log_data_vol:/var/log/openvas
    command:
      - /bin/sh
      - -c
      - |
        printf "table_driven_lsc = yes\nopenvasd_server = http://openvasd:80\n" > /mnt/openvas.conf
        sed "s/127/128/" /etc/openvas/openvas_log.conf | sed 's/gvm/openvas/' > /mnt/openvas_log.conf
        chmod 644 /mnt/openvas.conf
        chmod 644 /mnt/openvas_log.conf
        touch /var/log/openvas/openvas.log
        chmod 666 /var/log/openvas/openvas.log

  # shows logs of openvas
  openvas:
    image: greenbone/openvas-scanner:stable
    restart: on-failure
    volumes:
      - openvas_data_vol:/etc/openvas
      - openvas_log_data_vol:/var/log/openvas
    command:
      - /bin/sh
      - -c
      - |
        cat /etc/openvas/openvas.conf
        tail -f /var/log/openvas/openvas.log
    depends_on:
      configure-openvas:
        condition: service_completed_successfully

  openvasd:
    image: greenbone/openvas-scanner:stable
    restart: on-failure
    environment:
      # `service_notus` is set to disable everything but notus,
      # if you want to utilize openvasd directly removed `OPENVASD_MODE`
      OPENVASD_MODE: service_notus
      GNUPGHOME: /etc/openvas/gnupg
      LISTENING: 0.0.0.0:80
    volumes:
      - openvas_data_vol:/etc/openvas
      - openvas_log_data_vol:/var/log/openvas
      - gpg_data_vol:/etc/openvas/gnupg
      - notus_data_vol:/var/lib/notus
    # enable port forwarding when you want to use the http api from your host machine
    # ports:
    #   - 127.0.0.1:3000:80
    depends_on:
      vulnerability-tests:
        condition: service_completed_successfully
      configure-openvas:
        condition: service_completed_successfully
      gpg-data:
        condition: service_completed_successfully
    networks:
      default:
        aliases:
          - openvasd

  ospd-openvas:
    image: greenbone/ospd-openvas:stable
    restart: on-failure
    hostname: ospd-openvas.local
    cap_add:
      - NET_ADMIN # for capturing packages in promiscuous mode
      - NET_RAW # for raw sockets e.g. used for the boreas alive detection
    security_opt:
      - seccomp=unconfined
      - apparmor=unconfined
    command:
      [
        "ospd-openvas",
        "-f",
        "--config",
        "/etc/gvm/ospd-openvas.conf",
        "--notus-feed-dir",
        "/var/lib/notus/advisories",
        "-m",
        "666"
      ]
    volumes:
      - gpg_data_vol:/etc/openvas/gnupg
      - vt_data_vol:/var/lib/openvas/plugins
      - notus_data_vol:/var/lib/notus
      - ospd_openvas_socket_vol:/run/ospd
      - redis_socket_vol:/run/redis/
      - openvas_data_vol:/etc/openvas/
      - openvas_log_data_vol:/var/log/openvas
    depends_on:
      redis-server:
        condition: service_started
      gpg-data:
        condition: service_completed_successfully
      vulnerability-tests:
        condition: service_completed_successfully
      configure-openvas:
        condition: service_completed_successfully

  gvm-tools:
    image: greenbone/gvm-tools
    volumes:
      - gvmd_socket_vol:/run/gvmd
      - ospd_openvas_socket_vol:/run/ospd
    depends_on:
      - gvmd
      - ospd-openvas

volumes:
  gpg_data_vol:
  scap_data_vol:
  cert_data_vol:
  data_objects_vol:
  gvmd_data_vol:
  psql_data_vol:
  vt_data_vol:
  notus_data_vol:
  psql_socket_vol:
  gvmd_socket_vol:
  ospd_openvas_socket_vol:
  redis_socket_vol:
  openvas_data_vol:
  openvas_log_data_vol:

And start OpenVas docker containers using this command
docker compose up -d

Wait few minutes and go to http://127.0.0.1:9392/login from your browser. Login as admin/admin (update default password latter on). To stop containers:
docker compose down

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment