Hello,
Hope this helps someone. Thanks to devs for good software.
Ubuntu users wanting openvas would first try for packages. So I tried
Ubuntu pkgs and failed, due to Ubuntu repo not keeping current with
available packages. Plugins downloaded from openvas.org do not work
with Ubuntu pkg version (3.4 I think) - some format difference.
Next I try and fail with Debian pkgs for openvas6 ->
openvas.org/install-packages-v6.html
Pkgs will install, but will not run correctly.
missing /etc/openvas/openvassd.conf
missing cert-db sqlite3 creation template
For me, openvas6 debian pkg install probably failed due to missing
.sql file used to create cert-db. ?
With no useful package install possible, apt-get purge the deb pkgs
and fetch source -> openvas.org/install-source.html
----------------------------------------
Build libs v7.0.9 according to INSTALL instructions.
Follow prerequisites.
Build libs Fail 1 missing gcrypt.h
Fix: apt-get install libgcrypt-dev
Build and install libs GOOD
----------------------------------------
Build manager v5.0.0
Follow prerequisites.
Build manager Fail 1
no sqlite3 pkg found -
Pkg is installed, but dev pkg is not
Fix: apt-get install libsqlite3-dev
Build manager Fail 2
undefined reference
[100%] Building C object src/CMakeFiles/openvasmd.dir/ompd.c.o
Linking C executable openvasmd
/usr/local/lib/libopenvas_misc.so: undefined reference to `gcry_check_version'
/usr/local/lib/libopenvas_misc.so: undefined reference to `gcry_create_nonce'
/usr/local/lib/libopenvas_misc.so: undefined reference to
`gcry_md_get_algo_dlen'
/usr/local/lib/libopenvas_misc.so: undefined reference to `gcry_md_algo_info'
/usr/local/lib/libopenvas_misc.so: undefined reference to `gcry_strerror'
/usr/local/lib/libopenvas_misc.so: undefined reference to `gcry_control'
/usr/local/lib/libopenvas_misc.so: undefined reference to `gcry_md_hash_buffer'
collect2: error: ld returned 1 exit status
Found helpful post
lists.wald.intevation.org/pipermail/openvas-devel/2013-May/003209.html
Fix: Edited src/CMakeLists.txt as referenced. Added -lgcrypt as
below, now it compiles.
target_link_libraries (manage m "${SQLITE3_LDFLAGS} ${GLIB_LDFLAGS}
${OPENVAS_LDFLAGS} -lgcrypt")
Build and install manager GOOD
----------------------------------------
Build cli v1.3.1
Follow prerequisites.
Build cli Fail 1 with same undefined reference err as above
Fix: edit omp/src/CMakeLists
add -lgcrypt as indicated in lines below
target_link_libraries (omp "${OPENVAS_LDFLAGS} -lgpg-error -lgpgme -lgcrypt")
else (BUILD_STATIC_OMP)
target_link_libraries (omp "${GNUTLS_LDFLAGS} ${GLIB_LDFLAGS}
${OPENVAS_LDFLAGS} -lgcrypt")
Build cli Fail 2 - same err for nagios directory
Same fix as above
Build and install cli GOOD
----------------------------------------
Build scanner 4.0.6 GOOD
----------------------------------------
All elements compiled and installed.
But..
openvassd.conf does not exist
no logfile directories are made
no init scripts are created
Fix:
manually create scanner conf file
manually create log directory and expected log files
run without init scripts for now
Since we built everything with default prefix = /usr/local/
now openvas looks in /usr/local/var/lib
----------------------------------------
Follow setup instructions -> openvas.org/install-packages-v6.html
----------------------------------------
/usr/local/sbin/openvas-scapdata-sync
GOOD
----------------------------------------
/usr/local/sbin/cert-data-sync
GOOD
----------------------------------------
Run openvas-check-setup script
ERROR: No client certificate file of OpenVAS Manager found.
FIX: Run 'openvas-mkcert-client -n -i'
Follow instruction.
----------------------------------------
Run openvas-check-setup again
ERROR: No users found. You need to create at least one user to log
in. It is recommended to have at least one user with role Admin.
FIX: create a user by running 'openvasmd
--create-user=<name> --role=Admin && openvasmd --user=<name>
--new-password=<password>'
Could not get this to work
Fix: *until* openvasmd is running as daemon.
/usr/local/sbin/openvasmd -p 9392 -s 9391
Now in another terminal, create user with Admin role
/usr/local/sbin/openvasmd \
--create-user=admin --role=Admin
User created with password
'5b456885-7fd2-47f3-a994-5097ef82f244'.
Assign user their new password
/usr/local/sbin/openvasmd \
--user=admin --new-password=admin123
----------------------------------------
Run openvas-check-setup again
It says config appears to be ok.
Done with openvas-check-setup.
----------------------------------------
Connect to gsad using browser on same host -eg https://localhost:9392
Had trouble with ssl cert. Firefox35 refused to accept server cert.
Duplicate serial number error.
Fix: Recreate webserver self signed cert. Perform openssl command
from /usr/local/var/lib/openvas
openssl req -x509 -newkey rsa:2048 \
-keyout private/CA/newkey.pem -out CA/newcert.pem \
-days 365 -nodes
All Fixed;
Browser running on openvas server could connect via localhost.
Admin can login and use the application.
Scan Task that is Scheduled actually scans and logs.
Lacking a well documented conf file and a startup script, but it works.
----------------------------------------
Manual Startup process;
# start scanner daemon
# should sleep until all nvt's load
# about 30 sec on a NUC
/usr/local/sbin/openvassd \
-c /usr/local/etc/openvas/openvassd.conf \
-p 9391
# start manager daemon
/usr/local/sbin/openvasmd -p 9390 -s 9391
# start greenbone daemon
# replace the path as needed
# replace the names of cert files as needed
/usr/local/sbin/gsad -p 9392 -m 9390 \
-c /usr/local/var/lib/openvas/CA/newcert.pem \
-k /usr/local/var/lib/openvas/private/CA/newkey.pem
Run browser (on same host as openvas)
https://localhost:9392
Login as admin
----------------------------------------
openvassd.conf
# possibly incomplete
plugins_folder=/usr/local/var/lib/openvas/plugins
logfile=/var/log/openvas/openvassd.messages
max_checks=4
max_hosts=24
be_nice=yes
log_whole_attack=yes
dumpfile=/var/log/openvas/plugins_errdump.log
port-range=1-33000
optimize_test=yes
plugins_timeout=300
auto_enable_dependencies=yes
----------------------------------------
_______________________________________________
Openvas-discuss mailing list
[email protected]
https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss
