| Port details on branch 2023Q4 |
- gvm Greenbone vulnerability management (metaport)
- 22.9.0_1 security
 =0      22.9.0_1Version of this port present on the latest quarterly branch. - Maintainer: acm@FreeBSD.org
- Port Added: 2023-10-23 19:00:12
- Last Update: 2023-10-23 19:00:47
- Commit Hash: beff551
- License: NA
- WWW:
- https://www.openvas.org/
- Description:
- This is the metaport to install GVM applications and libraries.
When the OpenVAS project was created it only consisted of an engine for
scanning vulnerabilities. Shortly after Greenbone Networks was funded to
achieve professional support for vulnerability scanning. Greenbone started to
lead the development, added several software components and turned OpenVAS into
a vulnerability management solution still keeping the values of free software.
After several years it became obvious that using OpenVAS as the brand name for
the open source project and funding nearly all development of the project was
not recognized from the outside. Therefore after the release of the OpenVAS 9
framework it got renamed to Greenbone Vulnerability Management (GVM) and
released as Greenbone Source Edition (GSE).
  ¦  ¦  ¦  ¦ 
- Manual pages:
- FreshPorts has no man page information for this port.
- pkg-plist: as obtained via:
make generate-plist - Dependency lines:
-
- To install the port:
- cd /usr/ports/security/gvm/ && make install clean
- To add the package, run one of these commands:
- pkg install security/gvm
- pkg install gvm
NOTE: If this package has multiple flavors (see below), then use one of them instead of the name specified above.- PKGNAME: gvm
- Flavors: there is no flavor information for this port.
- distinfo:
- There is no distinfo for this port.
Packages (timestamps in pop-ups are UTC):
- Dependencies
- NOTE: FreshPorts displays only information on required and default dependencies. Optional dependencies are not covered.
- Build dependencies:
-
- python3.9 : lang/python39
- Test dependencies:
-
- python3.9 : lang/python39
- Runtime dependencies:
-
- libgvm_base.so : security/gvm-libs
- gvmd : security/gvmd
- ospd-openvas : security/py-ospd-openvas@py39
- openvas : security/openvas
- notus-scanner : security/py-notus-scanner
- greenbone-feed-sync : security/py-greenbone-feed-sync@py39
- gsad : security/gsad
- index.html : security/gsa
- gvm-cli : security/py-gvm-tools@py39
- py39-python-gvm>=0 : security/py-python-gvm@py39
- python3.9 : lang/python39
- There are no ports dependent upon this port
Configuration Options:- ===> The following configuration options are available for gvm-22.9.0_1:
GVM-TOOLS=on: Install GVM tools
PYTHON-GVM=on: Install GVM python API library
===> Use 'make config' to modify these settings
- Options name:
- security_gvm
- USES:
- metaport python
- pkg-message:
- For install:
- GVM ports were installed
If you are migrating to new version do not forget do the following:
# su -m gvm -c "gvmd --migrate"
Basic instructions for configure your gvm infraestruture are following:
1) Redis is a dependency of GVM. Please, configure redis-server for
listening on socket /var/run/redis/redis.sock. security/openvas scanner
needs it
# echo "db_address = /var/run/redis/redis.sock" > /usr/local/etc/openvas/openvas.conf
2) Mosquitto broker is a new dependency of GVM. Please configure net/mosquitto
service and add the following line to openvas configuration file
# echo "mqtt_server_uri = localhost:1883" >> /usr/local/etc/openvas/openvas.conf
3) security/py-notus-scanner is a new tool used by GVM. You must create a
notus-scanner.toml configuration file at usr/local/etc/gvm/ directory
# echo "[notus-scanner]" > /usr/local/etc/gvm/notus-scanner.toml
# echo 'mqtt-broker-address = "localhost"' >> /usr/local/etc/gvm/notus-scanner.toml
# echo 'mqtt-broker-port = "1883"' >> /usr/local/etc/gvm/notus-scanner.toml
# echo 'products-directory = "/var/lib/notus/products"' >> /usr/local/etc/gvm/notus-scanner.toml
# echo 'log-level = "INFO"' >> /usr/local/etc/gvm/notus-scanner.toml
# echo "disable-hashsum-verification = false" >> /usr/local/etc/gvm/notus-scanner.toml
Otherwise it can be defined into notus-scanner startup script. Take a look at
/usr/local/etc/rc.d/notus-scanner file
4) Add user gvm to redis group
# pw groupmod redis -M gvm
5) security/gvmd uses PostgreSQL database (server and contrib). Generally,
PostgreSQL must be installed in the same server where security/gvmd is running:
# su postgres
# createuser -DRS gvm
# createdb -O gvm gvmd
# psql gvmd
# create role dba with superuser noinherit;
# grant dba to gvm;
# create extension "uuid-ossp";
# create extension "pgcrypto";
# create extension "pg-gvm";
6) Add the following lines to /etc/rc.conf
# sysrc redis_enable="YES"
# sysrc gvmd_enable="YES"
# sysrc ospd_openvas_enable="YES"
# sysrc notus_scanner_enable="YES"
# sysrc gsad_enable="YES"
7) Start redis service
# service redis start
8) Currently, ospd_openvas should run as a user without elevated privileges
(gvm) and use sudo for run openvas scanner but it does not work properly.
Like a workaround you must run redis as root and the same with ospd_openvas.
Add the following lines to /etc/rc.conf
redis_user="root"
ospd_openvas_user="root"
Take in mind it is not the best configuration for run ospd_openvas and
openvas.
The following could avoid some scan issues with openvas
# echo "test_alive_hosts_only = no" >> /usr/local/etc/openvas/openvas.conf
9) The following steps are neccessary before of you can access to GVM web
interface (gsad):
Create certificates
# su -m gvm -c "gvm-manage-certs -a"
Sync gvmd Data, SCAP, CERT and NVT
# su -m gvm -c "greenbone-nvt-sync"
# su -m gvm -c "greenbone-feed-sync --type GVMD_DATA"
# su -m gvm -c "greenbone-feed-sync --type SCAP"
# su -m gvm -c "greenbone-feed-sync --type CERT"
Start gvmd service. It will listen on /var/run/gvmd/gvmd.sock by default
# service gvmd start
Create an admin user and set the Feed Import Owner
# su -m gvm -c "gvmd --create-user=myuser"
# su -m gvm -c "gvmd --user=myuser --new-password=yourpassword"
Set the Feed Import Owner (myuser user in this example)
# su -m gvm -c "gvmd --get-users --verbose"
myuser <uuid_of_user>
# su -m gvm -c "gvmd --modify-setting 78eceaec-3385-11ea-b237-28d24461215b --value <uuid_of_user>
10) Start OSPD-OpenVAS Wrapper service. It will listen on /var/run/ospd/ospd.sock by default
# service ospd_openvas start
you can test if ospd_openvas is connecting with openvas scanner with the following commands:
# su -m gvm -c "gvmd --get-scanners"
6acd0832-df90-11e4-b9d5-28d24461215b CVE 0 CVE
08b69003-5fc2-4037-a479-93b440211c73 OpenVAS /var/run/ospd/ospd.sock 0 OpenVAS Default
# su -m gvm -c "gvmd --verify-scanner=08b69003-5fc2-4037-a479-93b440211c73"
Scanner version: OpenVAS x.x.x
11) Start Notus Scanner service
# service notus_scanner start
12) Start GVM web interface. It will listen on http://127.0.0.1 by default
# service gsad start
13) Some openvas scanner tasks need access to /dev/bpf device. Add the
following lines to /etc/devfs.conf
own bpf root:gvm
perm bpf 0660
And restart service for apply the changes
# service devfs restart
14) gvm log files are stores to /var/log/gvm directory
15) gsad can export results to PDF. It needs print/tex-xetex port
# pkg install tex-xetex
16) If you need more configure information you can look at the following links:
https://github.com/greenbone/gvmd/blob/master/INSTALL.md
https://github.com/greenbone/openvas/blob/master/INSTALL.md
https://github.com/greenbone/ospd/blob/master/doc/INSTALL-ospd-scanner.md
https://github.com/greenbone/gsa/blob/master/INSTALL.md
https://github.com/greenbone/greenbone-feed-sync/blob/main/README.md
https://greenbone.github.io/docs/latest/index.html
and
# gvmd -h
# openvas -h
# ospd-openvas -h
# notus-scanner -h
# gsad -h
14) Enjoy it
- Master Sites:
- There is no master site for this port.
|
As an Amazon Associate I earn from qualifying purchases.
