Kali linux 2020.3 GVM使用
安装GVM
老版本的openvas只需要我们执行apt-get install openvas即可完成自动化的安装,新版本中需要我们手动安装GVM以及它的其他组件。
查看Kali版本
在安装前先看一下Kali的版本:
# uname -a 127 ↵
Linux F0rGeEk 5.10.0-kali7-amd64 #1 SMP Debian 5.10.28-1kali1 (2021-04-12) x86_64 GNU/Linux
安装组件
需要安装的组件有:
apt-get install gvmd gvmd-common gvmd-dbgsym
初始化
安装完成之后可以通过gvm-setup进行初始化:
# gvm-setup
ERROR: The default postgresql version is not 13 required by libgvmd
Error: Use pg_upgradecluster to update your postgres cluster
分析报错信息
通过执行初始化命令后,发现有报错信息无法进行初始化配置。分析报错信息可知,主要原因是postgresql版本的问题导致无法进行初始化。
查看postgresql版本
通过dpkg -l | grep postgresql 可以查看当前系统中安装的postgresql是什么版本:
# dpkg -l | grep postgresql 1 ↵
ii postgresql 13+225 all object-relational SQL database (supported version)
ii postgresql-11 11.6-2~sid1 amd64 object-relational SQL database, version 11 server
ii postgresql-12 12.4-3 amd64 object-relational SQL database, version 12 server
ii postgresql-13 13.2-1 amd64 The World's Most Advanced Open Source Relational Database
ii postgresql-client-11 11.6-2~sid1 amd64 front-end programs for PostgreSQL 11
ii postgresql-client-12 12.4-3 amd64 front-end programs for PostgreSQL 12
ii postgresql-client-13 13.2-1 amd64 front-end programs for PostgreSQL 13
ii postgresql-client-common 225 all manager for multiple PostgreSQL client versions
ii postgresql-common 225 all PostgreSQL database-cluster manager
通过查看可知,kali默认是在原有postgresql基础上进行更新,并且保留了历史版本。我这里有三个版本11、12、13,通过执行pg_lsclusters可以得知这三个版本的postgresql都在运行。新版本postgresql通过在默认5432这个端口的基础上进行累加从而避免端口占用。
查看postgresql监听端口
# pg_lsclusters
Ver Cluster Port Status Owner Data directory Log file
11 main 5432 online postgres /var/lib/postgresql/11/main /var/log/postgresql/postgresql-11-main.log
12 main 5433 online postgres /var/lib/postgresql/12/main /var/log/postgresql/postgresql-12-main.log
13 main 5434 online postgres /var/lib/postgresql/13/main /var/log/postgresql/postgresql-13-main.log
通过上述情况来看可以分析,GVM在启动的时候会去使用postgresql的默认端口5432去连接它,并且通过这个连接来判断当前postgresql版本。如果版本低于13则无法正常启动,因为GVM是基于postgresql 13 这个版本的。
经过一番查找发现,这是Kali2020.3这个版本的一个bug。官方也有人提过这个bug,当然也给出了解决方案。感兴趣的朋友可以根据bug编号去查看处理过程。
报错解决过程
过程综述
整个解决过程分为以下6步,每个步骤执行的详细过程下文会单独贴出来。
1. 停止pg_clusters
sudo pg_dropcluster 12 main --stop
sudo pg_dropcluster 13 main --stop
2. 确定所有clusters已停止
sudo pg_lsclusters
3. 重新执行gvm setup
sudo gvm-check-setup
4. 创建V13版本的pgsql并启动
sudo pg_createcluster 13 main
sudo pg_ctlcluster 13 main start
5. 操作pqsql数据库并创建用户
sudo runuser -u postgres -- /usr/share/gvm/create-postgresql-database
sudo runuser -u _gvm -- gvmd --create-user=admin --password=<your_password_not_mine_obviously>
6. 最后检查状态
sudo gvm-check-setup
sudo gvm-start
执行gvm-check-setup
首先执行gvm-check-setup,看看具体报错信息
gvm-check-setup
gvm-check-setup 20.8.0
Test completeness and readiness of GVM-20.8.0
Step 1: Checking OpenVAS (Scanner)...
OK: OpenVAS Scanner is present in version 20.8.1.
OK: Server CA Certificate is present as /var/lib/gvm/CA/servercert.pem.
Checking permissions of /var/lib/openvas/gnupg/*
OK: _gvm owns all files in /var/lib/openvas/gnupg
OK: redis-server is present.
OK: scanner (db_address setting) is configured properly using the redis-server socket: /var/run/redis-openvas/redis-server.sock
OK: redis-server is running and listening on socket: /var/run/redis-openvas/redis-server.sock.
OK: redis-server configuration is OK and redis-server is running.
ERROR: _gvm group or _gvm user does not own all the files in /var/lib/openvas/plugins
FIX: Run 'chown -R _gvm:_gvm /var/lib/openvas/plugins'
ERROR: Your GVM-20.8.0 installation is not yet complete!
Please follow the instructions marked with FIX above and run this
script again.
通过上面输出内容,我们发现gvm组和用户有问题,并提示执行"chown -R _gvm:_gvm /var/lib/openvas/plugins"进行修复。
修复并再次检查
# chown -R _gvm:_gvm /var/lib/openvas/plugins
# gvm-check-setup
gvm-check-setup 20.8.0
Test completeness and readiness of GVM-20.8.0
Step 1: Checking OpenVAS (Scanner)...
OK: OpenVAS Scanner is present in version 20.8.1.
OK: Server CA Certificate is present as /var/lib/gvm/CA/servercert.pem.
Checking permissions of /var/lib/openvas/gnupg/*
OK: _gvm owns all files in /var/lib/openvas/gnupg
OK: redis-server is present.
OK: scanner (db_address setting) is configured properly using the redis-server socket: /var/run/redis-openvas/redis-server.sock
OK: redis-server is running and listening on socket: /var/run/redis-openvas/redis-server.sock.
OK: redis-server configuration is OK and redis-server is running.
OK: _gvm owns all files in /var/lib/openvas/plugins
OK: NVT collection in /var/lib/openvas/plugins contains 61068 NVTs.
Checking that the obsolete redis database has been removed
OK: No old Redis DB
OK: ospd-OpenVAS is present in version 20.8.1.
Step 2: Checking GVMD Manager ...
OK: GVM Manager (gvmd) is present in version 20.08.1.
Step 3: Checking Certificates ...
OK: GVM client certificate is valid and present as /var/lib/gvm/CA/clientcert.pem.
OK: Your GVM certificate infrastructure passed validation.
Step 4: Checking data ...
OK: SCAP data found in /var/lib/gvm/scap-data.
OK: CERT data found in /var/lib/gvm/cert-data.
Step 5: Checking Postgresql DB and user ...
ERROR: The default postgresql version is not the one used for gvmd compilation: (11, need 13).
FIX: Please use pg_upgradecluster to upgrade your postgresql installation
ERROR: Your GVM-20.8.0 installation is not yet complete!
Please follow the instructions marked with FIX above and run this
script again.
这次报错主要是postgresql版本的问题,下面我们按照综述中的步骤依次解决:
停止pg_clusters
# pg_lsclusters
Ver Cluster Port Status Owner Data directory Log file
11 main 5432 online postgres /var/lib/postgresql/11/main /var/log/postgresql/postgresql-11-main.log
12 main 5433 online postgres /var/lib/postgresql/12/main /var/log/postgresql/postgresql-12-main.log
13 main 5434 online postgres /var/lib/postgresql/13/main /var/log/postgresql/postgresql-13-main.log
# pg_dropcluster 11 main --stop
╭─root@F0rGeEk ~
╰─# pg_dropcluster 12 main --stop
╭─root@F0rGeEk ~
╰─# pg_dropcluster 13 main --stop
#### 再次检查
# pg_lsclusters
Ver Cluster Port Status Owner Data directory Log file
╭─root@F0rGeEk ~
╰─# gvm-check-setup
gvm-check-setup 20.8.0
Test completeness and readiness of GVM-20.8.0
Step 1: Checking OpenVAS (Scanner)...
OK: OpenVAS Scanner is present in version 20.8.1.
OK: Server CA Certificate is present as /var/lib/gvm/CA/servercert.pem.
Checking permissions of /var/lib/openvas/gnupg/*
OK: _gvm owns all files in /var/lib/openvas/gnupg
OK: redis-server is present.
OK: scanner (db_address setting) is configured properly using the redis-server socket: /var/run/redis-openvas/redis-server.sock
OK: redis-server is running and listening on socket: /var/run/redis-openvas/redis-server.sock.
OK: redis-server configuration is OK and redis-server is running.
OK: _gvm owns all files in /var/lib/openvas/plugins
OK: NVT collection in /var/lib/openvas/plugins contains 61068 NVTs.
Checking that the obsolete redis database has been removed
OK: No old Redis DB
OK: ospd-OpenVAS is present in version 20.8.1.
Step 2: Checking GVMD Manager ...
OK: GVM Manager (gvmd) is present in version 20.08.1.
Step 3: Checking Certificates ...
OK: GVM client certificate is valid and present as /var/lib/gvm/CA/clientcert.pem.
OK: Your GVM certificate infrastructure passed validation.
Step 4: Checking data ...
OK: SCAP data found in /var/lib/gvm/scap-data.
OK: CERT data found in /var/lib/gvm/cert-data.
Step 5: Checking Postgresql DB and user ...
/usr/bin/gvm-check-setup: line 353: [: =: unary operator expected
/usr/bin/gvm-check-setup: line 359: [: -ne: unary operator expected
OK: Postgresql version and default port are OK.
psql: error: could not connect to server: No such file or directory
Is the server running locally and accepting
connections on Unix domain socket "/var/run/postgresql/.s.PGSQL.5432"?
ERROR: The Postgresql DB does not exist.
FIX: Run 'sudo runuser -u postgres -- /usr/share/gvm/create-postgresql-database'
ERROR: Your GVM-20.8.0 installation is not yet complete!
Please follow the instructions marked with FIX above and run this
script again.
通过上面检查结果可以看出,版本问题已解决,不再提示版本错误信息。这里的错误信息是说The Postgresql DB不存在,同时也给出了解决方法:“sudo runuser -u postgres -- /usr/share/gvm/create-postgresql-database”
启用V13版本postgresql并创建用户
# pg_createcluster 13 main
Creating new PostgreSQL cluster 13/main ...
/usr/lib/postgresql/13/bin/initdb -D /var/lib/postgresql/13/main --auth-local peer --auth-host md5
The files belonging to this database system will be owned by user "postgres".
This user must also own the server process.
The database cluster will be initialized with locale "en_US.UTF-8".
The default database encoding has accordingly been set to "UTF8".
The default text search configuration will be set to "english".
Data page checksums are disabled.
fixing permissions on existing directory /var/lib/postgresql/13/main ... ok
creating subdirectories ... ok
selecting dynamic shared memory implementation ... posix
selecting default max_connections ... 100
selecting default shared_buffers ... 128MB
selecting default time zone ... Asia/Ulaanbaatar
creating configuration files ... ok
running bootstrap script ... ok
performing post-bootstrap initialization ... ok
syncing data to disk ... ok
Success. You can now start the database server using:
pg_ctlcluster 13 main start
Ver Cluster Port Status Owner Data directory Log file
13 main 5432 down postgres /var/lib/postgresql/13/main /var/log/postgresql/postgresql-13-main.log
### 启动V13版本
╭─root@F0rGeEk ~
╰─# pg_ctlcluster 13 main start
### 创建数据库
╭─root@F0rGeEk ~
╰─# runuser -u postgres -- /usr/share/gvm/create-postgresql-database
CREATE ROLE
GRANT ROLE
CREATE EXTENSION
CREATE EXTENSION
### 创建用户
╭─root@F0rGeEk ~
╰─# runuser -u _gvm -- gvmd --create-user=admin --password=admin 1 ↵
User created.
再次检查
# gvm-check-setup
gvm-check-setup 20.8.0
Test completeness and readiness of GVM-20.8.0
Step 1: Checking OpenVAS (Scanner)...
OK: OpenVAS Scanner is present in version 20.8.1.
OK: Server CA Certificate is present as /var/lib/gvm/CA/servercert.pem.
Checking permissions of /var/lib/openvas/gnupg/*
OK: _gvm owns all files in /var/lib/openvas/gnupg
OK: redis-server is present.
OK: scanner (db_address setting) is configured properly using the redis-server socket: /var/run/redis-openvas/redis-server.sock
OK: redis-server is running and listening on socket: /var/run/redis-openvas/redis-server.sock.
OK: redis-server configuration is OK and redis-server is running.
OK: _gvm owns all files in /var/lib/openvas/plugins
OK: NVT collection in /var/lib/openvas/plugins contains 61068 NVTs.
Checking that the obsolete redis database has been removed
OK: No old Redis DB
OK: ospd-OpenVAS is present in version 20.8.1.
Step 2: Checking GVMD Manager ...
OK: GVM Manager (gvmd) is present in version 20.08.1.
Step 3: Checking Certificates ...
OK: GVM client certificate is valid and present as /var/lib/gvm/CA/clientcert.pem.
OK: Your GVM certificate infrastructure passed validation.
Step 4: Checking data ...
OK: SCAP data found in /var/lib/gvm/scap-data.
OK: CERT data found in /var/lib/gvm/cert-data.
Step 5: Checking Postgresql DB and user ...
OK: Postgresql version and default port are OK.
gvmd | _gvm | UTF8 | en_US.UTF-8 | en_US.UTF-8 |
OK: At least one user exists.
Step 6: Checking Greenbone Security Assistant (GSA) ...
Oops, secure memory pool already initialized
OK: Greenbone Security Assistant is present in version 20.08.1~git.
Step 7: Checking if GVM services are up and running ...
OK: ospd-openvas service is active.
OK: gvmd service is active.
Starting greenbone-security-assistant service
Waiting for greenbone-security-assistant service
OK: greenbone-security-assistant service is active.
Step 8: Checking few other requirements...
OK: nmap is present in version 20.08.1~git.
OK: ssh-keygen found, LSC credential generation for GNU/Linux targets is likely to work.
WARNING: Could not find makensis binary, LSC credential package generation for Microsoft Windows targets will not work.
SUGGEST: Install nsis.
OK: xsltproc found.
WARNING: Your password policy is empty.
SUGGEST: Edit the /etc/gvm/pwpolicy.conf file to set a password policy.
It seems like your GVM-20.8.0 installation is OK.
启动GVM
# gvm-start
[-] Something is already using port: 9392/tcp
COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME
gsad 445980 _gvm 5u IPv4 9849865 0t0 TCP localhost:9392 (LISTEN)
UID PID PPID C STIME TTY STAT TIME CMD
_gvm 445980 1 0 11:16 ? Sl 0:00 /usr/sbin/gsad --listen=127.0.0.1 --port=9392
### 查看gvmd服务状态
╭─root@F0rGeEk ~
╰─# service gvmd status
● gvmd.service - Greenbone Vulnerability Manager daemon (gvmd)
Loaded: loaded (/lib/systemd/system/gvmd.service; disabled; vendor preset: disabled)
Active: active (running) since Fri 2021-05-21 11:15:47 +08; 49s ago
Docs: man:gvmd(8)
Process: 445783 ExecStart=/usr/sbin/gvmd --osp-vt-update=/run/ospd/ospd.sock (code=exited, status=0/SUCCESS)
Main PID: 445785 (gvmd)
Tasks: 5 (limit: 18697)
Memory: 1.1G
CPU: 1min 29.686s
CGroup: /system.slice/gvmd.service
├─445785 gvmd: Waiting for incoming connections
├─445812 gpg-agent --homedir /var/lib/gvm/gvmd/gnupg --use-standard-socket --daemon
├─445822 gvmd: Reloading NVTs
├─445823 gvmd: Syncing SCAP: Updating CPEs
└─445824 gvmd: OSP: Updating NVT cache
May 21 11:15:45 F0rGeEk systemd[1]: Starting Greenbone Vulnerability Manager daemon (gvmd)...
May 21 11:15:45 F0rGeEk systemd[1]: gvmd.service: Can't open PID file /run/gvm/gvmd.pid (yet?) after start: Operation not permitted
May 21 11:15:47 F0rGeEk systemd[1]: Started Greenbone Vulnerability Manager daemon (gvmd).