Greenbone Vulnerability Management

Greenbone Vulnerability Management version 22.04 (GVM-22) is the current stable major release of tools offering a comprehensive and powerful vulnerability scanning and vulnerability management solution. GVM is developed for and as part of the commercial product line Greenbone Security Manager. It is developed by Greenbone and licenced as Open Source.

More info at: https://community.greenbone.net/

** NEW **
A set of docker images based on this PPA are avialble at docker hub. It could be used to setup GVM on any distribution of GNU/Linux.
More info: https://github.com/admirito/gvm-containers

===

To install the Greenbone Vulnerability Management 22.04 packages on Ubuntu 22.04 Jammy Jellyfish first you need to install PostgreSQL database server (if you don't already have one--it could also be installed on a remote machine):

sudo apt install postgresql

Then use the following commands to install GVM:

sudo add-apt-repository ppa:mrazavi/gvm
sudo apt install gvm

Finally, you have to update the greenbone nvt/cert/scap data with these commands:

sudo -u gvm -g gvm greenbone-nvt-sync
sudo -u gvm -g gvm greenbone-feed-sync-legacy --type CERT
sudo -u gvm -g gvm greenbone-feed-sync-legacy --type SCAP
sudo -u gvm -g gvm greenbone-feed-sync-legacy --type GVMD_DATA

To remove NVT db, and rebuild it from the scanner:

export $(sudo cat /etc/default/gvmd-pg)
sudo -E -u gvm -g gvm gvmd --rebuild

You can access the Greenbone Security Assistant web interface at:

http://localhost:9392

The default username/password is as follows:

Username: admin
Password: admin

You can check the status of greenbone daemons with systemctl:

systemctl status ospd-openvas # scanner
systemctl status gvmd # manager
systemctl status gsad # web ui

If you want to run gvm components (e.g. gvmd, openvas, etc.) manually, always run them with sudo -E -u gvm -g gvm. Also, if you need to access the gvmd database, you should first load the database credentials:

export $(sudo cat /etc/default/gvmd-pg)
sudo -E -u gvm -g gvm gvmd [more arguments...]

A note for GVM 21.04 users:

The new greenbone-feed-sync package will install the new script that is the new recommended way to update the gvm feed. Although gvmd-common package still provides the old feed sync scripts with a -legacy suffix.

The ospd library package is now merged into ospd-openvas and the new postgresql-14-gvm package will now install the gvm postgresql extensions.

The new notus-scanner package is now available that could be used to detect vulnerable products in system environments. It will not be installed by default, but you can manually install it via "apt install" command.

This PPA also provides a nodejs version 18 alongside a fixed version of yarnpkg for Ubuntu 22.04 Jammy Jellyfish. They are required for building the gsa module but are not a requirement for its installation.

A note for GVM 20.08 users:

The default GSA settings in the GVM-21 is now enables gsad daemon on http instead of https. You can change /etc/default/gsad file for tweaking the settings.

It is also worth mentioning that openvas package is renamed to openvas-scanner by the upstream source.

A note for GVM 11 users:

Certain resources that were previously part of the gvm packages are now shipped via the feed. An example is the config "Full and Fast".

So, in the new version, it is importat to sync the new "GVMD_DATA" feed as well as other feeds (nvt/cert/scap). It is worth noting that "GVMD_DATA" sync will not be completed unless other feeds are already synced.

More info at: https://github.com/greenbone/gvmd/blob/v20.8.1/INSTALL.md#set-the-feed-import-owner

A note for GVM 10 users:

GVM-10 supported both SQLite and PostgreSQL as database backend for gvmd. Unfortunately GVM-11 only supports PostgreSQL, so if you are using SQLite backend, you have to migrate to PostgreSQL. More info is available on https://github.com/greenbone/gvmd/blob/v9.0.0/INSTALL.md#migrating-from-sqlite-to-postgresql

Another new change in GVM-11 is that openvas-scanner package is now renamed to openvas. The new openvas package doesn't provide a daemon. Instead there is a new ospd-openvas package/daemon which executes openvas binary and gvmd connects to ospd-openvas with OSP protocol to perform the vulnerability scans.

Finally, if you were using PostgreSQL backend with GVM-10 it is worth noting that gvmd package will migrate the database automatically for you. But if you have problems with the database you can run the following commands to do it manually:

. /etc/default/gvmd
gvmd --migrate

And if gvmd is complaining it cannot connect to openvas it maybe because the scanner defined in the database is outdated. You can always recreate a new database with:

# IMPORTANT NOTE: if you choose to reinstall the database the old database
# will be deleted and you will loose the associated data
# e.g. all the scans, reports, etc. WILL BE DELETED.
sudo dpkg-reconfigure gvmd-pg

Also GVM 10 nvticache in the redis is not compatible with GVM 11 so you have to flush the cache in the redis after upgrading the GVM:

sudo redis-cli -s /var/run/redis/redis.sock FLUSHALL
m/greenbone/gvmd/blob/v8.0.0/INSTALL.md#migrating-to-version-80