Skip to content

Instantly share code, notes, and snippets.

@vigindian

vigindian/install_gvm20.sh

Created April 27, 2023 06:35
Show Gist options
  • Save vigindian/e1f5aeaa9b086dab4baa4a4cfcd3c02b to your computer and use it in GitHub Desktop.
Save vigindian/e1f5aeaa9b086dab4baa4a4cfcd3c02b to your computer and use it in GitHub Desktop.
Download ZIP
Install GVM v20 on Ubuntu 20
Raw
install_gvm20.sh
#!/bin/bash
##########################################################################
# Install GVM v20 on Ubuntu
#
# VN
#
# Reference: https://kifarunix.com/install-and-setup-gvm-20-08-on-ubuntu/
##########################################################################
function gvmuser() {
useradd -r -d /opt/gvm -c "GVM User" -s /bin/bash gvm
mkdir /opt/gvm
chown gvm: /opt/gvm
}
function pgSetup() {
apt install postgresql postgresql-contrib postgresql-server-dev-all
sudo su - postgres -c "createuser gvm"
sudo su - postgres -c "createdb -O gvm gvmd"
sudo su - postgres -c "psql -d gvmd -c 'create role dba with superuser noinherit;'"
sudo su - postgres -c "psql -d gvmd -c 'grant dba to gvm;'"
sudo su - postgres -c "psql -d gvmd -c 'create extension \"uuid-ossp\";'"
sudo su - postgres -c "psql -d gvmd -c 'create extension pgcrypto;'"
sudo systemctl restart postgresql
sudo systemctl enable postgresql
}
function redisSetup() {
cp /opt/gvm/gvm-source/openvas/config/redis-openvas.conf /etc/redis/
chown redis:redis /etc/redis/redis-openvas.conf
echo "db_address = /run/redis-openvas/redis.sock" > /opt/gvm/etc/openvas/openvas.conf
chown gvm:gvm /opt/gvm/etc/openvas/openvas.conf
#Add gvm user to redis group
usermod -aG redis gvm
echo "net.core.somaxconn = 1024" >> /etc/sysctl.conf
echo 'vm.overcommit_memory = 1' >> /etc/sysctl.conf
sysctl -p
cat > /etc/systemd/system/disable_thp.service << 'EOFILE'
[Unit]
Description=Disable Kernel Support for Transparent Huge Pages (THP)
[Service]
Type=simple
ExecStart=/bin/sh -c "echo 'never' > /sys/kernel/mm/transparent_hugepage/enabled && echo 'never' > /sys/kernel/mm/transparent_hugepage/defrag"
[Install]
WantedBy=multi-user.target
EOFILE
systemctl daemon-reload
systemctl enable --now disable_thp
systemctl enable --now redis-server@openvas
}
function servicesSetup(){
cat > /etc/systemd/system/openvas.service << 'EOL'
[Unit]
Description=Control the OpenVAS service
After=redis.service
After=postgresql.service
[Service]
ExecStartPre=-rm -rf /opt/gvm/var/run/ospd-openvas.pid /opt/gvm/var/run/ospd.sock /opt/gvm/var/run/gvmd.sock
Type=simple
User=gvm
Group=gvm
Environment=PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/usr/games:/usr/local/games:/opt/gvm/bin:/opt/gvm/sbin:/opt/gvm/.local/bin
Environment=PYTHONPATH=/opt/gvm/lib/python3.8/site-packages
ExecStart=/usr/bin/python3 /opt/gvm/bin/ospd-openvas \
--pid-file /opt/gvm/var/run/ospd-openvas.pid \
--log-file /opt/gvm/var/log/gvm/ospd-openvas.log \
--lock-file-dir /opt/gvm/var/run -u /opt/gvm/var/run/ospd.sock
RemainAfterExit=yes
[Install]
WantedBy=multi-user.target
EOL
systemctl daemon-reload
systemctl start openvas
systemctl enable openvas
cat > /etc/systemd/system/gsa.service << 'EOL'
[Unit]
Description=Control the OpenVAS GSA service
After=openvas.service
[Service]
Type=simple
User=gvm
Group=gvm
Environment=PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/usr/games:/usr/local/games:/opt/gvm/bin:/opt/gvm/sbin:/opt/gvm/.local/bin
Environment=PYTHONPATH=/opt/gvm/lib/python3.8/site-packages
ExecStart=/usr/bin/sudo /opt/gvm/sbin/gsad
RemainAfterExit=yes
[Install]
WantedBy=multi-user.target
EOL
cat > /etc/systemd/system/gsa.path << 'EOL'
[Unit]
Description=Start the OpenVAS GSA service when gvmd.sock is available
[Path]
PathChanged=/opt/gvm/var/run/gvmd.sock
Unit=gsa.service
[Install]
WantedBy=multi-user.target
EOL
cat > /etc/systemd/system/gvm.service << 'EOL'
[Unit]
Description=Control the OpenVAS GVM service
After=openvas.service
[Service]
Type=simple
User=gvm
Group=gvm
Environment=PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/usr/games:/usr/local/games:/opt/gvm/bin:/opt/gvm/sbin:/opt/gvm/.local/bin
Environment=PYTHONPATH=/opt/gvm/lib/python3.8/site-packages
ExecStart=/opt/gvm/sbin/gvmd --osp-vt-update=/opt/gvm/var/run/ospd.sock
RemainAfterExit=yes
[Install]
WantedBy=multi-user.target
EOL
cat > /etc/systemd/system/gvm.path << 'EOL'
[Unit]
Description=Start the OpenVAS GVM service when opsd.sock is available
[Path]
PathChanged=/opt/gvm/var/run/ospd.sock
Unit=gvm.service
[Install]
WantedBy=multi-user.target
EOL
systemctl daemon-reload
systemctl enable --now gvm.{path,service}
systemctl enable --now gsa.{path,service}
}
function gvmRestart(){
sudo systemctl restart openvas
sudo systemctl restart gvm.{path,service}
sudo systemctl restart gsa.{path,service}
sudo systemctl restart redis-server
}
function gvmStatus(){
systemctl status openvas
systemctl status gvm.{path,service}
systemctl status gsa.{path,service}
}
function buildthis(){
app=$1
echo "build and install ${app}"
sudo su - gvm -c "mkdir ${SOURCEDIR}/${app}/build"
#sudo su - gvm -c "export PKG_CONFIG_PATH=/opt/gvm/lib/pkgconfig:$PKG_CONFIG_PATH && cd ${SOURCEDIR}/${app}/build && cmake .. -DCMAKE_INSTALL_PREFIX=/opt/gvm"
#sudo su - gvm -c "export PKG_CONFIG_PATH=/opt/gvm/lib/pkgconfig:$PKG_CONFIG_PATH && cd ${SOURCEDIR}/${app}/build && make"
#sudo su - gvm -c "export PKG_CONFIG_PATH=/opt/gvm/lib/pkgconfig:$PKG_CONFIG_PATH && cd ${SOURCEDIR}/${app}/build && make install"
export PKG_CONFIG_PATH=/opt/gvm/lib/pkgconfig:$PKG_CONFIG_PATH && cd ${SOURCEDIR}/${app}/build && cmake .. -DCMAKE_INSTALL_PREFIX=/opt/gvm
export PKG_CONFIG_PATH=/opt/gvm/lib/pkgconfig:$PKG_CONFIG_PATH && cd ${SOURCEDIR}/${app}/build && make
export PKG_CONFIG_PATH=/opt/gvm/lib/pkgconfig:$PKG_CONFIG_PATH && cd ${SOURCEDIR}/${app}/build && make install
chown -R gvm:users ${SOURCEDIR}/${app}
}
#########
# MAIN
#########
#setup GVM user and home directory
gvmuser
#prereq packages
apt-get -y install gcc g++ make bison flex libksba-dev curl redis libpcap-dev \
cmake git pkg-config libglib2.0-dev libgpgme-dev nmap libgnutls28-dev uuid-dev \
libssh-gcrypt-dev libldap2-dev gnutls-bin libmicrohttpd-dev libhiredis-dev \
zlib1g-dev libxml2-dev libradcli-dev clang-format libldap2-dev doxygen \
gcc-mingw-w64 xml-twig-tools libical-dev perl-base heimdal-dev libpopt-dev \
libsnmp-dev python3-setuptools python3-paramiko python3-lxml python3-defusedxml python3-dev gettext python3-polib xmltoman \
python3-pip texlive-fonts-recommended texlive-latex-extra --no-install-recommends xsltproc libunistring-dev
#yarn
curl -sS https://dl.yarnpkg.com/debian/pubkey.gpg | apt-key add -
echo "deb https://dl.yarnpkg.com/debian/ stable main" | tee /etc/apt/sources.list.d/yarn.list
apt-get -y update
apt-get -y install yarn -y
#setup Postgres
pgSetup
#gvm-libs
echo "/opt/gvm/lib" > /etc/ld.so.conf.d/gvm.conf
#build
SOURCEDIR="/opt/gvm/gvm-source"
sudo su - gvm -c "mkdir ${SOURCEDIR} 2>/dev/null"
#cd ${SOURCEDIR}
sudo su - gvm -c "git clone -b gvm-libs-20.08 https://github.com/greenbone/gvm-libs.git ${SOURCEDIR}/gvm-libs"
sudo su - gvm -c "git clone -b master https://github.com/greenbone/openvas-smb.git ${SOURCEDIR}/openvas-smb"
sudo su - gvm -c "git clone -b openvas-20.08 https://github.com/greenbone/openvas.git ${SOURCEDIR}/openvas"
sudo su - gvm -c "git clone -b ospd-20.08 https://github.com/greenbone/ospd.git ${SOURCEDIR}/ospd"
sudo su - gvm -c "git clone -b ospd-openvas-20.08 https://github.com/greenbone/ospd-openvas.git ${SOURCEDIR}/ospd-openvas"
sudo su - gvm -c "git clone -b gvmd-20.08 https://github.com/greenbone/gvmd.git ${SOURCEDIR}/gvmd"
sudo su - gvm -c "git clone -b gsa-20.08 https://github.com/greenbone/gsa.git ${SOURCEDIR}/gsa"
APPS2BUILD="gvm-libs openvas-smb openvas"
for app in ${APPS2BUILD}
do
buildthis ${app}
done
#update libs
sudo ldconfig
#redis setup
redisSetup
echo "gvm ALL = NOPASSWD: /opt/gvm/sbin/openvas" > /etc/sudoers.d/gvm
echo "gvm ALL = NOPASSWD: /opt/gvm/sbin/gsad" >> /etc/sudoers.d/gvm
#visudo secure_path append /opt/gvm/sbin
#update NVTs
sudo su - gvm -c "greenbone-nvt-sync"
sudo openvas --update-vt-info
APPS2BUILD2="gvmd gsa"
for app in ${APPS2BUILD2}
do
buildthis ${app}
done
#Keeping the feeds up-to-date
sudo su - gvm -c "greenbone-feed-sync --type GVMD_DATA"
sudo su - gvm -c "greenbone-feed-sync --type SCAP"
sudo su - gvm -c "greenbone-feed-sync --type CERT"
#Build and Install OSPd and OSPd-OpenVAS
sudo su - gvm -c "export PKG_CONFIG_PATH=/opt/gvm/lib/pkgconfig:$PKG_CONFIG_PATH && cd /opt/gvm/gvm-source/ospd && python3 setup.py install --prefix=/opt/gvm"
sudo su - gvm -c "export PKG_CONFIG_PATH=/opt/gvm/lib/pkgconfig:$PKG_CONFIG_PATH && cd /opt/gvm/gvm-source/ospd-openvas && python3 setup.py install --prefix=/opt/gvm"
servicesSetup
#create scanner
sudo -Hiu gvm gvmd --create-scanner="Demo OpenVAS Scanner" --scanner-type="OpenVAS" --scanner-host=/opt/gvm/var/run/ospd.sock
#list scanners
sudo -Hiu gvm gvmd --get-scanners
#create user
#sudo -Hiu gvm gvmd --create-user gvmadmin --password=strongpasswordgoeshere
#list users
sudo -Hiu gvm gvmd --get-users --verbose
echo "Set the Feed Import Owner. gvmd will only create these resources if a 'Feed Import Owner' is configured. Execute command for each scan type eg. 'Full and Fast'"
echo "sudo -Hiu gvm gvmd --modify-setting 78eceaec-3385-11ea-b237-28d24461215b --value <uuid_of_user>"
#setup & start apps
gvmRestart
gvmStatus
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment