OpenVAS Debian 12
As root:
apt-get install sudo vim sudo useradd -r -M -U -G sudo -s /usr/sbin/nologin gvm sudo usermod -aG gvm em1069 sudo usermod -aG sudo em1069
As em1069:
echo 'set mouse=-a' > $HOME/.vimrc echo 'syntax on' > $HOME/.vimrc sudo apt-get update sudo apt-get install --no-install-recommends --assume-yes build-essential curl cmake pkg-config python3 python3-pip gnupg libglib2.0-dev libgpgme-dev libgnutls28-dev uuid-dev libssh-gcrypt-dev libhiredis-dev libxml2-dev libpcap-dev libnet1-dev libpaho-mqtt-dev libldap2-dev libradcli-dev libpq-dev postgresql-server-dev-15 libical-dev xsltproc rsync libbsd-dev texlive-latex-extra texlive-fonts-recommended xmlstarlet zip rpm fakeroot dpkg nsis gpgsm wget sshpass openssh-client socat snmp smbclient python3-lxml gnutls-bin xml-twig-tools libmicrohttpd-dev git gcc-mingw-w64 libpopt-dev libunistring-dev heimdal-dev perl-base bison libgcrypt20-dev libksba-dev nmap libjson-glib-dev python3-impacket libsnmp-dev python3-setuptools python3-packaging python3-wrapt python3-cffi python3-psutil python3-defusedxml python3-paramiko python3-redis python3-gnupg python3-paho-mqtt python3-venv redis-server mosquitto postgresql libcjson-dev libcurl4-openssl-dev cd $HOME export SOURCE_DIR=$HOME/source mkdir -p $SOURCE_DIR export GVM_LIBS_VERSION=22.10.0 curl -f -L https://github.com/greenbone/gvm-libs/archive/refs/tags/v$GVM_LIBS_VERSION.tar.gz -o $SOURCE_DIR/gvm-libs-$GVM_LIBS_VERSION.tar.gz tar -C $SOURCE_DIR -xvzf $SOURCE_DIR/gvm-libs-$GVM_LIBS_VERSION.tar.gz cd $SOURCE_DIR/gvm-libs-$GVM_LIBS_VERSION mkdir build cd build cmake ../ \ -DCMAKE_BUILD_TYPE=Release \ -DSYSCONFDIR=/etc \ -DLOCALSTATEDIR=/var make -j$(nproc) sudo make install cd $HOME export GVMD_VERSION=23.8.1 curl -f -L https://github.com/greenbone/gvmd/archive/refs/tags/v$GVMD_VERSION.tar.gz -o $SOURCE_DIR/gvmd-$GVMD_VERSION.tar.gz tar -C $SOURCE_DIR -xvzf $SOURCE_DIR/gvmd-$GVMD_VERSION.tar.gz cd $SOURCE_DIR/gvmd-$GVMD_VERSION mkdir build cd build cmake ../ \ -DCMAKE_BUILD_TYPE=Release \ -DLOCALSTATEDIR=/var \ -DSYSCONFDIR=/etc \ -DGVM_DATA_DIR=/var \ -DGVMD_RUN_DIR=/run/gvmd \ -DOPENVAS_DEFAULT_SOCKET=/run/ospd/ospd-openvas.sock \ -DGVM_FEED_LOCK_PATH=/var/lib/gvm/feed-update.lock \ -DSYSTEMD_SERVICE_DIR=/lib/systemd/system \ -DLOGROTATE_DIR=/etc/logrotate.d make -j$(nproc) sudo make install cd $HOME export PG_GVM_VERSION=22.6.5 curl -f -L https://github.com/greenbone/pg-gvm/archive/refs/tags/v$PG_GVM_VERSION.tar.gz -o $SOURCE_DIR/pg-gvm-$PG_GVM_VERSION.tar.gz tar -C $SOURCE_DIR -xvzf $SOURCE_DIR/pg-gvm-$PG_GVM_VERSION.tar.gz cd $SOURCE_DIR/pg-gvm-$PG_GVM_VERSION mkdir build cd build cmake ../ \ -DCMAKE_BUILD_TYPE=Release make -j$(nproc) sudo make install cd $HOME export GSA_VERSION=23.2.1 curl -f -L https://github.com/greenbone/gsa/releases/download/v$GSA_VERSION/gsa-dist-$GSA_VERSION.tar.gz -o $SOURCE_DIR/gsa-$GSA_VERSION.tar.gz mkdir -p $SOURCE_DIR/gsa-$GSA_VERSION tar -C $SOURCE_DIR/gsa-$GSA_VERSION -xvzf $SOURCE_DIR/gsa-$GSA_VERSION.tar.gz sudo mkdir -p /usr/local/share/gvm/gsad/web/ sudo cp -rv $SOURCE_DIR/gsa-$GSA_VERSION/* /usr/local/share/gvm/gsad/web/ cd $HOME export GSAD_VERSION=22.11.0 curl -f -L https://github.com/greenbone/gsad/archive/refs/tags/v$GSAD_VERSION.tar.gz -o $SOURCE_DIR/gsad-$GSAD_VERSION.tar.gz tar -C $SOURCE_DIR -xvzf $SOURCE_DIR/gsad-$GSAD_VERSION.tar.gz cd $SOURCE_DIR/gsad-$GSAD_VERSION mkdir build cd build cmake ../ \ -DCMAKE_BUILD_TYPE=Release \ -DSYSCONFDIR=/etc \ -DLOCALSTATEDIR=/var \ -DGVMD_RUN_DIR=/run/gvmd \ -DGSAD_RUN_DIR=/run/gsad \ -DLOGROTATE_DIR=/etc/logrotate.d make -j$(nproc) sudo make install cd $HOME export OPENVAS_SMB_VERSION=22.5.6 curl -f -L https://github.com/greenbone/openvas-smb/archive/refs/tags/v$OPENVAS_SMB_VERSION.tar.gz -o $SOURCE_DIR/openvas-smb-$OPENVAS_SMB_VERSION.tar.gz tar -C $SOURCE_DIR -xvzf $SOURCE_DIR/openvas-smb-$OPENVAS_SMB_VERSION.tar.gz cd $SOURCE_DIR/openvas-smb-$OPENVAS_SMB_VERSION mkdir build cd build cmake ../ \ -DCMAKE_BUILD_TYPE=Release make -j$(nproc) sudo make install cd $HOME export OPENVAS_SCANNER_VERSION=23.8.4 curl -f -L https://github.com/greenbone/openvas-scanner/archive/refs/tags/v$OPENVAS_SCANNER_VERSION.tar.gz -o $SOURCE_DIR/openvas-scanner-$OPENVAS_SCANNER_VERSION.tar.gz tar -C $SOURCE_DIR -xvzf $SOURCE_DIR/openvas-scanner-$OPENVAS_SCANNER_VERSION.tar.gz cd $SOURCE_DIR/openvas-scanner-$OPENVAS_SCANNER_VERSION mkdir build cd build cmake ../ \ -DCMAKE_BUILD_TYPE=Release \ -DINSTALL_OLD_SYNC_SCRIPT=OFF \ -DSYSCONFDIR=/etc \ -DLOCALSTATEDIR=/var \ -DOPENVAS_FEED_LOCK_PATH=/var/lib/openvas/feed-update.lock \ -DOPENVAS_RUN_DIR=/run/ospd make -j$(nproc) sudo make install cd $HOME export OSPD_OPENVAS_VERSION=22.7.1 curl -f -L https://github.com/greenbone/ospd-openvas/archive/refs/tags/v$OSPD_OPENVAS_VERSION.tar.gz -o $SOURCE_DIR/ospd-openvas-$OSPD_OPENVAS_VERSION.tar.gz tar -C $SOURCE_DIR -xvzf $SOURCE_DIR/ospd-openvas-$OSPD_OPENVAS_VERSION.tar.gz cd $SOURCE_DIR/ospd-openvas-$OSPD_OPENVAS_VERSION sudo python3 -m pip install --root=/ --no-warn-script-location . cd $HOME export NOTUS_VERSION=22.6.3 curl -f -L https://github.com/greenbone/notus-scanner/archive/refs/tags/v$NOTUS_VERSION.tar.gz -o $SOURCE_DIR/notus-scanner-$NOTUS_VERSION.tar.gz tar -C $SOURCE_DIR -xvzf $SOURCE_DIR/notus-scanner-$NOTUS_VERSION.tar.gz cd $SOURCE_DIR/notus-scanner-$NOTUS_VERSION sudo python3 -m pip install --root=/ --no-warn-script-location . cd $HOME sudo python3 -m pip install --root=/ --no-warn-script-location greenbone-feed-sync sudo python3 -m pip install --root=/ --no-warn-script-location gvm-tools sudo cp $SOURCE_DIR/openvas-scanner-$OPENVAS_SCANNER_VERSION/config/redis-openvas.conf /etc/redis/ sudo chown redis:redis /etc/redis/redis-openvas.conf echo "db_address = /run/redis-openvas/redis.sock" | sudo tee -a /etc/openvas/openvas.conf sudo systemctl start [email protected] sudo systemctl enable [email protected] sudo usermod -aG redis gvm sudo systemctl start mosquitto.service sudo systemctl enable mosquitto.service echo -e "mqtt_server_uri = localhost:1883\ntable_driven_lsc = yes" | sudo tee -a /etc/openvas/openvas.conf sudo mkdir -p /var/lib/notus sudo mkdir -p /run/gvmd sudo chown -R gvm:gvm /var/lib/gvm sudo chown -R gvm:gvm /var/lib/openvas sudo chown -R gvm:gvm /var/lib/notus sudo chown -R gvm:gvm /var/log/gvm sudo chown -R gvm:gvm /run/gvmd sudo chmod -R g+srw /var/lib/gvm sudo chmod -R g+srw /var/lib/openvas sudo chmod -R g+srw /var/log/gvm sudo chown gvm:gvm /usr/local/sbin/gvmd sudo chmod 6750 /usr/local/sbin/gvmd curl -f -L https://www.greenbone.net/GBCommunitySigningKey.asc -o /tmp/GBCommunitySigningKey.asc export GNUPGHOME=/tmp/openvas-gnupg mkdir -p $GNUPGHOME gpg --import /tmp/GBCommunitySigningKey.asc echo "8AE4BE429B60A59B311C2E739823FAA60ED1E580:6:" | gpg --import-ownertrust export OPENVAS_GNUPG_HOME=/etc/openvas/gnupg sudo mkdir -p $OPENVAS_GNUPG_HOME sudo cp -r /tmp/openvas-gnupg/* $OPENVAS_GNUPG_HOME/ sudo chown -R gvm:gvm $OPENVAS_GNUPG_HOME sudo systemctl start postgresql@15-main sudo systemctl enable postgresql@15-main sudo -u postgres createuser -DRS gvm sudo -u postgres createdb -O gvm gvmd sudo -u postgres psql gvmd -c "create role dba with superuser noinherit; grant dba to gvm;" sudo ldconfig sudo -u gvm /usr/local/sbin/gvmd --create-user=admin --password=manager sudo -u gvm /usr/local/sbin/gvmd --modify-setting 78eceaec-3385-11ea-b237-28d24461215b --value $(sudo -u gvm /usr/local/sbin/gvmd --get-users --verbose | grep admin | awk '{print $2}') sudo bash -c 'cat << EOF > /etc/systemd/system/ospd-openvas.service [Unit] Description=OSPd Wrapper for the OpenVAS Scanner (ospd-openvas) Documentation=man:ospd-openvas(8) man:openvas(8) After=network.target networking.service [email protected] mosquitto.service [email protected] mosquitto.service notus-scanner.service ConditionKernelCommandLine=!recovery [Service] Type=exec User=gvm Group=gvm RuntimeDirectory=ospd RuntimeDirectoryMode=2775 PIDFile=/run/ospd/ospd-openvas.pid ExecStart=/usr/local/bin/ospd-openvas --foreground --unix-socket /run/ospd/ospd-openvas.sock --pid-file /run/ospd/ospd-openvas.pid --log-file /var/log/gvm/ospd-openvas.log --lock-file-dir /var/lib/openvas --socket-mode 0o770 --mqtt-broker-address localhost --mqtt-broker-port 1883 --notus-feed-dir /var/lib/notus/advisories SuccessExitStatus=SIGKILL Restart=always RestartSec=60 [Install] WantedBy=multi-user.target EOF' sudo bash -c 'cat << EOF > /etc/systemd/system/notus-scanner.service [Unit] Description=Notus Scanner Documentation=https://github.com/greenbone/notus-scanner After=mosquitto.service Wants=mosquitto.service ConditionKernelCommandLine=!recovery [Service] Type=exec User=gvm RuntimeDirectory=notus-scanner RuntimeDirectoryMode=2775 PIDFile=/run/notus-scanner/notus-scanner.pid ExecStart=/usr/local/bin/notus-scanner --foreground --products-directory /var/lib/notus/products --log-file /var/log/gvm/notus-scanner.log SuccessExitStatus=SIGKILL Restart=always RestartSec=60 [Install] WantedBy=multi-user.target EOF' sudo bash -c 'cat << EOF > /etc/systemd/system/gvmd.service [Unit] Description=Greenbone Vulnerability Manager daemon (gvmd) After=network.target networking.service postgresql.service ospd-openvas.service Wants=postgresql.service ospd-openvas.service Documentation=man:gvmd(8) ConditionKernelCommandLine=!recovery [Service] Type=exec User=gvm Group=gvm PIDFile=/run/gvmd/gvmd.pid RuntimeDirectory=gvmd RuntimeDirectoryMode=2775 ExecStart=/usr/local/sbin/gvmd --foreground --osp-vt-update=/run/ospd/ospd-openvas.sock --listen-group=gvm Restart=always TimeoutStopSec=10 [Install] WantedBy=multi-user.target EOF' sudo bash -c 'cat << EOF > /etc/systemd/system/gsad.service [Unit] Description=Greenbone Security Assistant daemon (gsad) Documentation=man:gsad(8) https://www.greenbone.net After=network.target gvmd.service Wants=gvmd.service [Service] Type=exec User=gvm Group=gvm RuntimeDirectory=gsad RuntimeDirectoryMode=2775 PIDFile=/run/gsad/gsad.pid ExecStart=/usr/local/sbin/gsad --foreground --listen=0.0.0.0 --port=9392 --http-only Restart=always TimeoutStopSec=10 [Install] WantedBy=multi-user.target Alias=greenbone-security-assistant.service EOF' sudo systemctl daemon-reload sudo /usr/local/bin/greenbone-feed-sync sudo systemctl start notus-scanner sudo systemctl start ospd-openvas sudo systemctl start gvmd sudo systemctl start gsad sudo systemctl enable notus-scanner sudo systemctl enable ospd-openvas sudo systemctl enable gvmd sudo systemctl enable gsad