Install GVM 21.4.2 Ubuntu 20.04

Hello @DeeAnn I’m using GVM 21.04 running on Ubuntu 20.04 for installation I followed steps from this link Greenbone Vulnerability Manager | Libellux

Cool and thanks! I’ll move it back into place.

(edit- done)

I found out if I set the port for listening to 443 or 444 service is not starting. If I set the port to for example 8080 service is able to start… Is there any way hot to use port 443?
Thank you

Hello @pwk yes you can set GSA to run behind NGINX proxy if you really need it to use port 443. I’ve had other people request to add the chapter back on how-to run GSA using NGINX proxy… if it’s something you want me to do… I’ll add it back to my documentation :slight_smile:

1 Like

I can’t start GSAD, assumedly because I did not enter the right IP into the startup config. I’m installing this on a Hyper-V VM so what should this IP be? I tried both the LAN IP and my network’s public IP and neither works. Sorry for the noob question; I assume I am missing something.

Hello @safla if you type ip addr in the console of the VM you should see the IP address for your virtual machine. Then set the systemd unit file (gsa) too: ExecStart=/usr/local/sbin/gsad --listen=YOUR_IP --port=9392

You’ll also have to reload the systemd control daemon sudo systemctl daemon-reload and then restart GSA.

1 Like

Is this not possible with a bridged network adapter? Typing ip addr only gives me the local IP address. Thanks for your patience.

Hello @libellux It’s not necessary to have it but it is like nice to have :slight_smile:

1 Like

I found another “Issue” I was not able to set the alert to send reports to the windows share. At the end I installed smbclient and it start working.
I’m not sure if this was the correct way how to solve it but it is working :slight_smile:

1 Like

Have been busy with work lately so haven’t had time to update my GVM guide for awhile. Will do a revision of the guide starting this weekend to make sure its up-to-date and also include requests i’ve received from you readers. Thanks alot for your input.

2 Likes

Made an revision for GVMD 21.4.5. No issues encountered so far.

2 Likes

Hi libellux!
I followed the installation step by step GVM 21.4.4 (this link: Greenbone Vulnerability Manager | Libellux | export GVM_VERSION=21.4.5 | export GVM_LIBS_VERSION=21.4.4) on Ubuntu 20.04.
It’s working, but it doesn’t update the version Version (show 21.4.3 on web interface. Feeds are updated, except GVMD_DATA: 20220128T1556 Too old (79 days) Please check the automatic synchronization of your system.):
image
Any Ideas?
Tankyou.

1 Like

I can confirm this issue as well and state that in my case, it appears that it just gets stuck at the update process. Removing the lockfile at /var/lib/gvm/feed-update.lock then resets the status display to show feeds with their expiry date before then resetting back to “Updating in progress” again. Here is a log snippet showing what happens when I delete the lockfile

md manage:WARNING:2022-04-19 15h45.46 UTC:16895: update_scap: No SCAP db present, rebuilding SCAP db from scratch
md manage:   INFO:2022-04-19 15h45.47 UTC:16895: update_scap: Updating data from feed
md manage:   INFO:2022-04-19 15h45.47 UTC:16895: Updating CPEs
md manage:WARNING:2022-04-19 15h45.52 UTC:16906: /usr/local/bin/greenbone-nvt-sync returned a non-zero exit code.
md manage:WARNING:2022-04-19 15h45.55 UTC:16935: /usr/local/bin/greenbone-nvt-sync returned a non-zero exit code.

1 Like

@flb the version shown in the about section is just a miss they’ve made with the latest release, nothing to worry about.

In regard to the GVMD_DATA I’m checking it now and if I find the issue i’ll update here cc: @poccadmin

Cannot find any issue in regard to the GVMD data, maybe @DeeAnn or @bricks could help confirm if the latest version of the Greenbone Community gvmd Data Feed is: 20220128T1556

Hi @libellux

I had to correct install dependencies on Ubuntu Bullseye

libgcrypt-dev - correct version “libgcrypt20-dev”
libopenvas-dev - not exist anymore

and correct installation part for GVM component:

  • Use GVMD_RUN_DIR instead of GVM_RUN_DIR 4ad3fa76a
  • Use full path GVMD_PID_PATH for PID files a9be3d718

apt command here

sodo apt-get install -y cmake pkg-config gcc-mingw-w64 \
gnutls-bin libgnutls28-dev libxml2-dev libssh-dev libssl-dev libunistring-dev \
libldap2-dev libgcrypt20-dev libpcap-dev libgpgme-dev libradcli-dev libglib2.0-dev \
libksba-dev libical-dev libpq-dev libpopt-dev libnet1-dev \
libmicrohttpd-dev redis-server libhiredis-dev doxygen xsltproc uuid-dev \
graphviz bison postgresql postgresql-contrib postgresql-server-dev-all \
heimdal-dev xmltoman nmap npm nodejs virtualenv gnupg rsync yarnpkg \
python3-paramiko python3-lxml python3-defusedxml python3-pip python3-psutil \
python3-setuptools python3-packaging python3-wrapt python3-cffi python3-redis \
xmlstarlet texlive-fonts-recommended texlive-latex-extra perl-base xml-twig-tools
1 Like

Hi @libellux,

Yep, 20220128T1556 is the most recent gvmd Data Feed.

2 Likes

Thanks for the clarification, libellux.
Best regards.

1 Like

Is there any documentation available on how-to run GSA using NGINX proxy?
I’d love to have my vm running 21.4.4 answering in its ip (other than localhost) and on TCP 443 instead of 9392.

Thank you!

You just need to for example set GSA to listen to your localhost then create a nginx proxy looking something like (this is on older conf I used to run):

server {
    listen 443 ssl http2;
    listen [::]:443 ssl http2;
    server_name openvas.example.com;

    allow 127.0.0.1;
    deny all;

    ssl_certificate /etc/nginx/ssl/openvas.example.com/500232/server.crt;
    ssl_certificate_key /etc/nginx/ssl/openvas.example.com/500232/server.key;

    ssl_protocols TLSv1.2;
    ssl_ciphers ECDHE-RSA-AES256-GCM-SHA512:DHE-RSA-AES256-GCM-SHA512:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA384;
    ssl_prefer_server_ciphers on;
    ssl_dhparam /etc/nginx/dhparams.pem;

    add_header X-Frame-Options "SAMEORIGIN";
    add_header X-XSS-Protection "1; mode=block";
    add_header X-Content-Type-Options "nosniff";

    index index.html index.htm index.php;

    charset utf-8;

    location / {
        proxy_set_header   Host             $http_host;
        proxy_set_header   X-Real-IP        $remote_addr;
        proxy_set_header   REMOTE_HOST      $remote_addr;
        proxy_set_header   X-Forwarded-For  $proxy_add_x_forwarded_for;
        proxy_set_header   X-FORWARDED-PROTOCOL $scheme;  
        proxy_pass https://127.0.0.1:4000;
    }

    location = /favicon.ico { access_log off; log_not_found off; }
    location = /robots.txt  { access_log off; log_not_found off; }

    access_log off;
    error_log  /var/log/nginx/openvas.example.com-error.log error;

    location ~ /\.(?!well-known).* {
        deny all;
    }
}

And dont forget to add the redirect from port 80 to 443:

server {
    listen 80;
    listen [::]:80;

    server_name .openvas.example.com;
    return 301 https://$host$request_uri;
}
1 Like