git: df8e0691ea05 - main - security/gvm: update to 22.4.0
- Go to: [ bottom of page ] [ top of archives ] [ this month ]
Date: Mon, 01 Aug 2022 21:00:32 UTC
The branch main has been updated by acm:
URL: https://cgit.FreeBSD.org/ports/commit/?id=df8e0691ea05e1297d35ff1ba2677b6115237fe0
commit df8e0691ea05e1297d35ff1ba2677b6115237fe0
Author: Jose Alonso Cardenas Marquez <acm@FreeBSD.org>
AuthorDate: 2022-08-01 20:58:04 +0000
Commit: Jose Alonso Cardenas Marquez <acm@FreeBSD.org>
CommitDate: 2022-08-01 20:58:04 +0000
security/gvm: update to 22.4.0
- Add security/py-notus-scanner like a dependency
- Modify pkg-message to newest way to config gvm suite
---
security/gvm/Makefile | 7 +++--
security/gvm/files/pkg-message.in | 58 ++++++++++++++++++++++++++++-----------
2 files changed, 47 insertions(+), 18 deletions(-)
diff --git a/security/gvm/Makefile b/security/gvm/Makefile
index 3a78a7032912..08dd06cf1d99 100644
--- a/security/gvm/Makefile
+++ b/security/gvm/Makefile
@@ -1,11 +1,11 @@
PORTNAME= gvm
-PORTVERSION= 21.4.4
+PORTVERSION= 22.4.0
CATEGORIES= security
MAINTAINER= acm@FreeBSD.org
COMMENT= Greenbone vulnerability management (metaport)
-USES= metaport python:3.6+
+USES= metaport python:3.7+
# Install GVM libraries
RUN_DEPENDS+= ${LOCALBASE}/lib/libgvm_base.so:security/gvm-libs
@@ -19,6 +19,9 @@ RUN_DEPENDS+= ${LOCALBASE}/bin/ospd-openvas:security/py-ospd-openvas@${PY_FLAVOR
# Install OpenVAS Scanner
RUN_DEPENDS+= ${LOCALBASE}/sbin/openvas:security/openvas
+# Install Notus Scanner
+RUN_DEPENDS+= ${LOCALBASE}/bin/notus-scanner:security/py-notus-scanner
+
# Install GVM Web Interface
RUN_DEPENDS+= ${LOCALBASE}/sbin/gsad:security/gsad
RUN_DEPENDS+= ${LOCALBASE}/share/gvm/gsad/web/index.html:security/gsa
diff --git a/security/gvm/files/pkg-message.in b/security/gvm/files/pkg-message.in
index fb6fed9cc012..45d9eea2d5e5 100644
--- a/security/gvm/files/pkg-message.in
+++ b/security/gvm/files/pkg-message.in
@@ -15,11 +15,29 @@ Basic instructions for configure your gvm infraestruture are following:
# echo "db_address = /var/run/redis/redis.sock" > /usr/local/etc/openvas/openvas.conf
-2) Add user gvm to redis group
+2) Mosquitto broker is a new dependency of GVM. Please configure net/mosquitto
+ service and add the following line to openvas configuration file
+
+ # echo "mqtt_server_uri = localhost:1883" >> /usr/local/etc/openvas/openvas.conf
+
+3) security/py-notus-scanner is a new tool used by GVM. You must create a
+ notus-scanner.toml configuration file at usr/local/etc/gvm/ directory
+
+ # echo "[notus-scanner]" > /usr/local/etc/gvm/notus-scanner.toml
+ # echo 'mqtt-broker-address = "localhost"' >> /usr/local/etc/gvm/notus-scanner.toml
+ # echo 'mqtt-broker-port = "1883"' >> /usr/local/etc/gvm/notus-scanner.toml
+ # echo 'products-directory = "/var/lib/openvas/plugins/notus/products"' >> /usr/local/etc/gvm/notus-scanner.toml
+ # echo 'log-level = "INFO"' >> /usr/local/etc/gvm/notus-scanner.toml
+ # echo "disable-hashsum-verification = false" >> /usr/local/etc/gvm/notus-scanner.toml
+
+ Otherwise it can be defined into notus-scanner startup script. Take a look at
+ /usr/local/etc/rc.d/notus-scanner file
+
+4) Add user gvm to redis group
# pw groupmod redis -M gvm
-3) security/gvmd uses PostgreSQL database. Generally, PostgreSQL must be
+5) security/gvmd uses PostgreSQL database. Generally, PostgreSQL must be
installed in the same server where security/gvmd is running:
# su postgres
@@ -30,19 +48,21 @@ Basic instructions for configure your gvm infraestruture are following:
# grant dba to gvm;
# create extension "uuid-ossp";
# create extension "pgcrypto";
+ # create extension "pg-gvm";
-4) Add the following lines to /etc/rc.conf
+6) Add the following lines to /etc/rc.conf
# sysrc redis_enable="YES"
# sysrc gvmd_enable="YES"
# sysrc ospd_openvas_enable="YES"
+ # sysrc notus_scanner_enable="YES"
# sysrc gsad_enable="YES"
-5) Start redis service
+7) Start redis service
# service redis start
-6) Currently, ospd_openvas should run as a user without elevated privileges
+8) Currently, ospd_openvas should run as a user without elevated privileges
(gvm) and use sudo for run openvas scanner but it does not work properly.
Like a workaround you must run redis as root and the same with ospd_openvas.
@@ -58,13 +78,9 @@ Basic instructions for configure your gvm infraestruture are following:
# echo "test_alive_hosts_only = no" >> /usr/local/etc/openvas/openvas.conf
-7) The following steps are neccessary before of you can access to GVM web
+9) The following steps are neccessary before of you can access to GVM web
interface (gsad):
- Start gvmd service. It will listen on /var/run/gvmd/gvmd.sock by default
-
- # service gvmd start
-
Create certificates
# su -m gvm -c "gvm-manage-certs -a"
@@ -76,6 +92,10 @@ Basic instructions for configure your gvm infraestruture are following:
# su -m gvm -c "greenbone-feed-sync --type SCAP"
# su -m gvm -c "greenbone-feed-sync --type CERT"
+ Start gvmd service. It will listen on /var/run/gvmd/gvmd.sock by default
+
+ # service gvmd start
+
Create an admin user and set the Feed Import Owner
# su -m gvm -c "gvmd --create-user=myuser"
@@ -88,7 +108,7 @@ Basic instructions for configure your gvm infraestruture are following:
# su -m gvm -c "gvmd --modify-setting 78eceaec-3385-11ea-b237-28d24461215b --value <uuid_of_user>
-8) Start OSPD-OpenVAS Wrapper service. It will listen on /var/run/ospd/ospd.sock by default
+10) Start OSPD-OpenVAS Wrapper service. It will listen on /var/run/ospd/ospd.sock by default
# service ospd_openvas start
@@ -101,11 +121,15 @@ Basic instructions for configure your gvm infraestruture are following:
# su -m gvm -c "gvmd --verify-scanner=08b69003-5fc2-4037-a479-93b440211c73"
Scanner version: OpenVAS x.x.x
-9) Start GVM web interface. It will listen on http://127.0.0.1 by default
+11) Start Notus Scanner service
+
+ # service notus_scanner start
+
+12) Start GVM web interface. It will listen on http://127.0.0.1 by default
# service gsad start
-10) Some openvas scanner tasks need access to /dev/bpf device. Add the
+13) Some openvas scanner tasks need access to /dev/bpf device. Add the
following lines to /etc/devfs.conf
own bpf root:gvm
@@ -115,26 +139,28 @@ Basic instructions for configure your gvm infraestruture are following:
# service devfs restart
-11) gvm log files are stores to /var/log/gvm directory
+14) gvm log files are stores to /var/log/gvm directory
-12) gsad can export results to PDF. It needs print/texlive-texmf port
+15) gsad can export results to PDF. It needs print/texlive-texmf port
# pkg install texlive-texmf
It will install 1G of data
-13) If you need more configure information you can look at the following links:
+16) If you need more configure information you can look at the following links:
https://github.com/greenbone/gvmd/blob/master/INSTALL.md
https://github.com/greenbone/openvas/blob/master/INSTALL.md
https://github.com/greenbone/ospd/blob/master/doc/INSTALL-ospd-scanner.md
https://github.com/greenbone/gsa/blob/master/INSTALL.md
+ https://greenbone.github.io/docs/latest/index.html
and
# gvmd -h
# openvas -h
# ospd-openvas -h
+ # notus-scanner -h
# gsad -h
14) Enjoy it