in general we (Greenbone) don’t give advises about preferring any linux distribution nor package repository. Some are updated more often, some use different settings, some are more stable. Thus the rating depends on your personal choice and experiences.
Currently the ppa:mrazavi/openvas repo seems to be more up to date as the main repo for 18.04.
Just to better understand, usually the advantage in using Linux distributions and their official repositories is related to the security offered by the vendor managing it’s repositories.
So, If I use Red Hat Enterprise Linux, it’s suggested to update system packages with it’s official repository.
In this case, you are suggesting me to compile OpenVAS from the source avoiding using Ubuntu official repository because it’s insecure.
Can you explain me why OpenVAS installation should be insecure if installed from Ubuntu repositories?
Who is in charge of OpenVAS packages maintenance on the Ubuntu repository?
My experience with Openvas since 2 years now on Ubuntu is that you should consider the ppa from mrazavi. This is the most up to date set of built packages for your distro. The only drawback of this ppa is that currently it’s locked to 7.0.3, while Openvas9 is available in 7.0.4.
Compiling the sources will quickly becomes a nightmare given the number of dependencies and the lack of documentation regarding proper installation on Ubuntu. I have tried, and while I finally succeeded, it wasn’t a easy job. So unless you like to play with source packages, stick to the deb packages available.
That’s my advice as an experienced user of OpenVAS on Ubuntu.
The problem is there is no official Openvas repositoy for Ubuntu. To get the deb, you need to use the non-official repository of mrazavi, which as explained below is not up to date and not very secure.
Having said that, on Ubuntu 18.04, if you want to compile the sources of Openvas, then you will need to install the following packages first:
On top of this, if you plan to use PostgreSQL as the main database, you need to install: sudo apt-get install postgresql postgresql-doc postgresql-server-dev-all
For gvm-tools you will need to do: apt-get install python3-pip pip3 install setuptools wheel pip3 install gvm-tools
Then you can compile openvas packages from sources. This apply to the latest stable release (7.0.4) only. Also make sure you have enough free space and a good internet connection as the upon commands will download and install dozens of other packages not in the list…!
Well, in that case that means you need to run gsad as root. Which is against all basics security best practice (and btw not recommended as discussed in this post: Running openvas as a non privileged user?).
Thanks cfi I never noticed these options. In that case I understand the secure setup. I’ll give it a try !
And regarding openvasmd, what’s the solution if you need to run it as a slave ? by default it runs on port 9390. Is there similar options ? I havn’t seen that.
I’m testing gsad in this setup but I have an issue with chrooting. Dropping privileges works as expected, but chrooting immediately fails:
** (process:5966): ERROR (recursed) **: Can not open ‘gsad.log’ logfile: Permission deniedAborted (core dumped)
So obviously gsad cannot access it’s logfile; but: gsad user has a home directory set to /var/run/gsad fully writeable and I can’t find any logfiles there, while it should be able to create one.
Currently this directory is empty. If gsad is chrooted in it; I suppose it should have all it’s files inside this directory ? But then how do you manage connection with openvasmd socket which is necessarily outside of it?
stracing the program shows that gsad is trying to chroot itself under /usr/local/share/openvas/gsa.
chroot("/usr/local/share/openvas/gsa") = 0
This obviously cannot work as the openvasmd socket is not available from that place. I can’t find any option to specify chroot directory to gsad. Specifiying it in the /etc/passwd as anyone would expect this to be has no effect