{"id":5032,"date":"2024-06-01T12:33:49","date_gmt":"2024-06-01T17:33:49","guid":{"rendered":"https:\/\/dev.iachieved.it\/iachievedit\/?p=5032"},"modified":"2024-06-01T14:08:07","modified_gmt":"2024-06-01T19:08:07","slug":"installing-greenbone-openvas-on-ubuntu-24-04","status":"publish","type":"post","link":"https:\/\/dev.iachieved.it\/iachievedit\/installing-greenbone-openvas-on-ubuntu-24-04\/","title":{"rendered":"Installing Greenbone OpenVAS on Ubuntu 24.04"},"content":{"rendered":"

Ubuntu 24.04 LTS<\/a>, the “Noble Numbat”, has arrived, and I wanted to get Greenbone OpenVAS<\/a> up and running on it. OpenVAS is a powerful, but complex, collection of software, used by many to perform vulnerability scans against their IT infrastructure. With more than a half-dozen components and use of external data feeds, Redis, Postgres, and an MQTT broker, installing and running it successfully can be a challenge.<\/p>\n

The overview below, and resulting Github repository<\/a>, is based upon following the source build<\/a> instructions. I also recommend reading the OpenVAS glossary<\/a> to familiarize yourself with the terms.<\/p>\n

First, a warning! I’ve personally executed these steps a half-dozen times and tested the outcome (a running OpenVAS installation). However<\/i>, you should understand the basics of the commands and be up to the challenge of troubleshooting in case you run in trouble.<\/p>\n

Another couple of warnings. My scripts do not use GPG to verify the `tar` signatures of Greenbone’s packages. You will also be running these commands as `root`. There are some that might object to that, and insist on using `sudo`. I can assure you that doing so will cause heartburn.<\/p>\n

Alright, with that out of the way, I recommend you start with a VM with a fresh install of Ubuntu 24.04. If you can, configure the VM with 4 to 8 cores, at least 8GB of RAM, and 64GB of disk space. Then:<\/p>\n

sudo su\r\ncd \/tmp\r\ngit clone https:\/\/github.com\/iachievedit\/build_openvas\r\ncd build_openvas\r\n<\/pre>\n
Make note of the two top-level scripts `exports.sh` and `install.sh`. `exports.sh` is sourced by individual scripts in `scripts\/`, primarily to allow you to run scripts independently.<\/p>\n
Quick Start<\/h1>\n
So, this won’t necessarily be quick<\/i>, as it does take some time to build OpenVAS and bootstrap the feeds.  For a VM running on an M3 Max (8 cores, 16GB of RAM), it took 44 minutes total, but again, much of that was downloading the feed.<\/p>\n
\r\nroot@openvas:\/tmp\/build_openvas\r\ntime .\/install.sh\r\n...\r\nreal 44m16.502s\r\nuser 10m38.669s\r\nsys  0m57.051s\r\n<\/pre>\n
One by One<\/h1>\n
If you prefer, you can execute each script one at a time.  I, in fact, recommend this, if you want to get a feel for how OpenVAS is built from the ground up.<\/p>\n
Setting Up<\/h2>\n
The first three scripts set the stage for the build by creating the `gvm` user and group, making the source, build, and install directories, and then installing all of the primary dependencies (and there are a lot). There is one nuance you’ll find and that is `python3-packaging` has been explicitly removed from the install list, and when building `osp-openvas` it is removed. For whatever reason having it present causes problems.<\/p>\n
Building<\/h2>\n
Scripts 10 through 18 download, build, and install everything. These should be executed in order, and that order matches the canonical build instructions here<\/a>.<\/p>\n
Architecture Configuration<\/h2>\n
Scripts 90 through 95 cobble together “the architecture”. `redis`, `postgres`, and `mosquitto` are all installed and configured. Interestingly `mosquitto` was omitted as a dependency in the installation instructions, but it is most definitely required as the MQTT broker (“aka MQTT message bus”).<\/p>\n
Bootstrapping<\/h2>\n
The longest part of the installation and configuration of OpenVAS is `greenbone-feed-sync`, which is responsible for downloading Notus, NASL, and SCAP files.<\/p>\n
root@openvas:\/tmp\/build_openvas\/scripts# .\/97_sync.sh\r\n+ This will take some time.\r\nRunning as root. Switching to user 'gvm' and group 'gvm'.\r\nTrying to acquire lock on \/var\/lib\/openvas\/feed-update.lock\r\nAcquired lock on \/var\/lib\/openvas\/feed-update.lock\r\n\u280f Downloading Notus files from rsync:\/\/feed.community.greenbone.net\/community\/vulnerability-feed\/22.04\/vt-data\/notus\/ to \/var\/lib\/notus\r\n\u2826 Downloading NASL files from rsync:\/\/feed.community.greenbone.net\/community\/vulnerability-feed\/22.04\/vt-data\/nasl\/ to \/var\/lib\/openvas\/plugins\r\nReleasing lock on \/var\/lib\/openvas\/feed-update.lock\r\n\r\nTrying to acquire lock on \/var\/lib\/gvm\/feed-update.lock\r\nAcquired lock on \/var\/lib\/gvm\/feed-update.lock\r\n\u2834 Downloading SCAP data from rsync:\/\/feed.community.greenbone.net\/community\/vulnerability-feed\/22.04\/scap-data\/ to \/var\/lib\/gvm\/scap-data\r\n\u280f Downloading CERT-Bund data from rsync:\/\/feed.community.greenbone.net\/community\/vulnerability-feed\/22.04\/cert-data\/ to \/var\/lib\/gvm\/cert-data\r\n\u280b Downloading gvmd data from rsync:\/\/feed.community.greenbone.net\/community\/data-feed\/22.04\/ to \/var\/lib\/gvm\/data-objects\/gvmd\/22.04\r\nReleasing lock on \/var\/lib\/gvm\/feed-update.lock\r\n<\/pre>\n
Start!<\/h2>\n
Finally, start everything up!<\/p>\n
 .\/99_start.sh\r\n+ Go for launch\r\nCreated symlink \/etc\/systemd\/system\/multi-user.target.wants\/ospd-openvas.service \u2192 \/etc\/systemd\/system\/ospd-openvas.service.\r\nCreated symlink \/etc\/systemd\/system\/multi-user.target.wants\/gvmd.service \u2192 \/etc\/systemd\/system\/gvmd.service.\r\nCreated symlink \/etc\/systemd\/system\/greenbone-security-assistant.service \u2192 \/etc\/systemd\/system\/gsad.service.\r\nCreated symlink \/etc\/systemd\/system\/multi-user.target.wants\/gsad.service \u2192 \/etc\/systemd\/system\/gsad.service.\r\nCreated symlink \/etc\/systemd\/system\/multi-user.target.wants\/openvasd.service \u2192 \/etc\/systemd\/system\/openvasd.service.\r\n<\/pre>\n
root@openvas:\/var\/log\/gvm# ls -l\r\ntotal 16\r\n-rw-r--r-- 1 gvm gvm   79 May 27 21:53 gsad.log\r\n-rw------- 1 gvm gvm 8126 May 27 21:53 gvmd.log\r\n-rw-r--r-- 1 gvm gvm    0 May 27 21:53 openvas.log\r\n-rw-r--r-- 1 gvm gvm  381 May 27 21:53 ospd-openvas.log\r\n<\/pre>\n
If you look at the logs you should see lines like:<\/p>\n
“`
\nFinished loading VTs. The VT cache has been updated from version 0 to 202405270604.
\nUpdated NVT cache from version 0 to 202405270604
\n“`<\/p>\n
Pay particular attention to the `gvmd.log` as it is the best indicator of when things “are ready.”<\/p>\n
First Scan<\/h1>\n
The scripts created a default `admin` password and left it in `adminpass.txt`. In a browser, go to http:\/\/YOUR_MACHINE:9392 and you should see:<\/p>\n
\"\"<\/a><\/p>\n
\"\"<\/a><\/p>\n
A Quick Scan<\/h2>\n
A quick scan starts with going to the Tasks<\/b> menu item under Scans<\/b>.  From here, click on the “wand” icon to bring up the Task Wizard<\/b>.<\/p>\n
\"\"<\/a><\/p>\n
Enter the IP address of the host you want to scan (or, if DNS is configured, the FQDN).  In our case we’ll scan a Proxmox hypervisor.<\/p>\n
\"\"<\/a><\/p>\n
Click Start Scan<\/b> and be patient as OpenVAS performs the scan.<\/p>\n
\"\"<\/a><\/p>\n
As with any “percent complete” UI, you’ll get to 99% complete quickly, only to wait a bit for it to finish.<\/p>\n
Next Steps<\/h2>\n
You will want to secure your connection with HTTPS.  The most straightforward way to do so is to change the the `ExecStart` for GSAD (`\/etc\/systemd\/system\/gsad.service`) from <\/p>\n
\r\nExecStart=\/usr\/local\/sbin\/gsad --foreground --listen=0.0.0.0 --port=9392 --http-only\r\n<\/pre>\n
to<\/p>\n
\r\nExecStart=\/usr\/local\/sbin\/gsad --foreground --listen=0.0.0.0 --port=9392 -c  -k  --no-redirect\r\n<\/pre>\n
where `CERT_PATH` and `PRIVKEY_PATH` are full paths to your certificate and private key.  I typically use Let’s Encrypt<\/a> to obtain these.<\/p>\n
After updating the GSAD unit file, make sure and issue `systemctl daemon-reload` and then restart GSAD with `systemctl restart gsad`.<\/p>\n","protected":false},"excerpt":{"rendered":"
Ubuntu 24.04 LTS, the “Noble Numbat”, has arrived, and I wanted to get Greenbone OpenVAS up and running on it. OpenVAS is a powerful, but complex, collection of software, used by many to perform vulnerability scans against their IT infrastructure. With more than a half-dozen components and use of external data feeds, Redis, Postgres, and […]<\/p>\n","protected":false},"author":1,"featured_media":5071,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[22],"tags":[],"class_list":["post-5032","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-hacking"],"_links":{"self":[{"href":"https:\/\/dev.iachieved.it\/iachievedit\/wp-json\/wp\/v2\/posts\/5032"}],"collection":[{"href":"https:\/\/dev.iachieved.it\/iachievedit\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/dev.iachieved.it\/iachievedit\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/dev.iachieved.it\/iachievedit\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/dev.iachieved.it\/iachievedit\/wp-json\/wp\/v2\/comments?post=5032"}],"version-history":[{"count":34,"href":"https:\/\/dev.iachieved.it\/iachievedit\/wp-json\/wp\/v2\/posts\/5032\/revisions"}],"predecessor-version":[{"id":5074,"href":"https:\/\/dev.iachieved.it\/iachievedit\/wp-json\/wp\/v2\/posts\/5032\/revisions\/5074"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/dev.iachieved.it\/iachievedit\/wp-json\/wp\/v2\/media\/5071"}],"wp:attachment":[{"href":"https:\/\/dev.iachieved.it\/iachievedit\/wp-json\/wp\/v2\/media?parent=5032"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/dev.iachieved.it\/iachievedit\/wp-json\/wp\/v2\/categories?post=5032"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/dev.iachieved.it\/iachievedit\/wp-json\/wp\/v2\/tags?post=5032"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}