Hello everyone,
I wanted to share my experience as a fist time user of greenbone openvas/gsm. I downloaded the iso image and created a VM in virtualbox as the instructions clearly stated. So far so good.
-
Once the installation and the two reboots completed successfully, I used the admin credentials to login, to what apparently is a bunch of options running the dialog shell command. Interesting, I used dialog when I was a kid, many decades ago, so it was funny to see it again after so many years.
-
The instructions claimed to let it run for a while, so that background processes may download the required files. This clearly did not work. I let it sit for 30 minutes and the VM console filled with errors… weird.
-
Since nothing was being downloaded, the “Greenbone OS” (apparently based on Debian) didn’t have internet access but had received an IP address via DHCP. Every OS that I know, receives all the required details via DHCP but this “Greenbone OS” could not. I had to use the dialog interface to manually set the DNS and gateway… weird.
-
Now that the VM had full internet access was still not downloading anything. It appeared to try to open various TCP connections. Time to get root privileges and look inside. Wow… someone truly wanted to stop root access, since its hidden away under layers of garbage options and rather silly messages “Use this only if our support told you to do so…” wtf. I had to navigate to Advanced → Support → Superuser (really? superuser? this is Linux, its called root), then enable the “superuser” (!!) and eventually nothing happens. Then I had to enable sshd under Network → Services… still no go, ssh does not allow root login, so I have to ssh as my admin account, then navigate again to Advanced → Support → Shell → click “Continue” on the box and drop to a shell, which requires su to get to root.
-
After 15 min, I am root and looked at the logs, the daemons and found out some errors like:
gsm gsad main[478]: MHD: Error: received handshake message out of context
-
Clearly the download process failed. Looking around I found the cron process:
/etc/cron.daily/70-gsm-feed-sync
which executes the service:
system start gsm-feed.update
-
At this point I discovered that the whole download procedure is based on rsync. A rather outdated method, I would expect something equivalent to dnf/rpm “delta” feature, that would avoid rsync’s excessive file-by-file tests and the data would be properly gpg signed and protected.
-
I let the feed procedure run and monitored its progress via /var/log/full.log, once it was finished I logged in via the web interface to start using this thing.
-
So how was the scan you ask? It clearly does not scan. I used the wizard, typed a local IP address and the scan ends immediately with an empty report with zero results.
Summary of my experience so far
-
Quite a lot of work to get a pre-configured appliance to work, when most of the above steps should be automated.
-
Overall it was horrible to end up without any results, a waste of my time.
I would appreciate your thoughts and suggestions