Install latest GVM 22.4.x on Ubuntu 22.04

libellux · September 10, 2023, 8:19pm

I’ve recently updated my website on how-to install the latest GVM 22.4.x on Ubuntu 22.04. Feel free to use it. This guide is now 100% working, haven’t had any issues so far. I’ve skipped the SSL certification for the time being. Will look into it in next update. Enjoy!

Guide found at: Greenbone Vulnerability Manager | Libellux

Seems to be permissions issues starting e.g. gsad: gsad main:CRITICAL:2023-09-12 18h59.42 utc:31038: main: Could not load private SSL key from /var/lib/gvm/private/CA/serverkey.pem: Failed to open file “/var/lib/gvm/private/CA/serverkey.pem”: Permission denied

Will retry later without the SSL cert.

Notus-scanner won’t start nor any error log created (will try use the prior version as it worked before).

Also @bricks I’ve noticed in the official docs python installs are done without sudo permissions - does this mean it needs to be ran/installed by root? or specifically give gvm:gvm permissions… this was not the case previously. As I noticed once during my tries that a new TCP_SOCKET/STACK was blocked due to insufficient permissions with boreas (and no kernel nor syslog entries).

Best regards,
Fredrik

libellux · September 10, 2023, 8:25pm

@bricks when I did update my docs I couldn’t find the correct download path for GSA 22.7.0. The *.tar.gz file worked but couldn’t figure out the correct path *.tar.gz.asc file. The following worked for 22.6.0:

export GSA_VERSION=22.6.0 && \
curl -f -L https://github.com/greenbone/gsa/archive/refs/tags/v$GSA_VERSION.tar.gz -o $SOURCE_DIR/gsa-$GSA_VERSION.tar.gz && \
curl -f -L https://github.com/greenbone/gsa/releases/download/v$GSA_VERSION/gsa-dist-$GSA_VERSION.tar.gz.asc -o $SOURCE_DIR/gsa-$GSA_VERSION.tar.gz.asc && \
gpg --verify $SOURCE_DIR/gsa-$GSA_VERSION.tar.gz.asc $SOURCE_DIR/gsa-$GSA_VERSION.tar.gz

Switching to 22.7.0 renders a 404 for the *.tar.gz.asc file.

cfi · September 12, 2023, 6:21am

IIUC these should be now available after the updates for / via:

Add step to install npm dependencies in release-pontos.yml by timopollmeier · Pull Request #3866 · greenbone/gsa · GitHub
[22.7.0] dist + nodes packages are missing · Issue #3862 · greenbone/gsa · GitHub

libellux · September 12, 2023, 5:16pm

Thanks! Will re-run the installation again with the latest packages and update accordingly. Did re-run it and with lot of testing and troubleshooting @cfi I got it to run smoothly to 99%. Will do last changes tomorrow and make sure it works as it should for ubuntu 22.04.

cc: @bricks after testing I suppose the /usr/local/bin/gvm-manage-certs -a command is no longer supported as it will render in failed to open SSL key from /var/lib/gvm/private/CA/serverkey.pem: Failed to open file “/var/lib/gvm/private/CA/serverkey.pem”: Permission denied. Would be nice if you could confirm this or if permissions needs to be updated/changed as it worked in prior version.

libellux · October 8, 2023, 2:01pm

Working update posted here.

libellux · October 12, 2023, 3:49pm

Added support for Kali Linux 2023.3.

└─$ sudo systemctl | egrep 'notus-scanner|ospd-openvas|gvmd|gsad'
  gsad.service                                                                        loaded active running   Greenbone Security Assistant daemon (gsad)
  gvmd.service                                                                        loaded active running   Greenbone Vulnerability Manager daemon (gvm )
  notus-scanner.service                                                               loaded active running   Notus Scanner
  ospd-openvas.service                                                                loaded active running   OSPd Wrapper for the OpenVAS Scanner (ospd-openvas)

@DeeAnn I guess you can move this thread to source build category

bricks · December 14, 2023, 3:24pm

A post was split to a new topic: Failed to open file “/ var/lib /gvm/private/CA/serverkey.pem”