Greenbone Vulnerability Management

PPA description

Greenbone Vulnerability Management version 21.04 (GVM-21) is the current stable major release of tools offering a comprehensive and powerful vulnerability scanning and vulnerability management solution. GVM is developed for and as part of the commercial product line Greenbone Security Manager. It is developed by Greenbone and licenced as Open Source.

More info at: https://community.greenbone.net/

** NEW **
A set of docker images based on this PPA are avialble at docker hub. It could be used to setup GVM on any distribution of GNU/Linux.
More info: https://github.com/admirito/gvm-containers

===

To install the Greenbone Vulnerability Management 21.04 packages on Ubuntu 20.04 Focal Fossa first you need to install PostgreSQL database server (if you don't already have one--it could also be installed on a remote machine):

sudo apt install postgresql

Then use the following commands to install GVM:

sudo add-apt-repository ppa:mrazavi/gvm
sudo apt install gvm

Finally, you have to update the greenbone nvt/cert/scap data with these commands:

sudo -u gvm -g gvm greenbone-nvt-sync
sudo -u gvm -g gvm greenbone-feed-sync --type CERT
sudo -u gvm -g gvm greenbone-feed-sync --type SCAP
sudo -u gvm -g gvm greenbone-feed-sync --type GVMD_DATA

To remove NVT db, and rebuild it from the scanner:

export $(sudo cat /etc/default/gvmd-pg)
sudo -E -u gvm -g gvm gvmd --rebuild

You can access the Greenbone Security Assistant web interface at:

http://localhost:9392

The default username/password is as follows:

Username: admin
Password: admin

You can check the status of greenbone daemons with systemctl:

systemctl status ospd-openvas # scanner
systemctl status gvmd # manager
systemctl status gsad # web ui

If you want to run gvm components (e.g. gvmd, openvas, etc.) manually, always run them with sudo -E -u gvm -g gvm. Also, if you need to access the gvmd database, you should first load the database credentials:

export $(sudo cat /etc/default/gvmd-pg)
sudo -E -u gvm -g gvm gvmd [more arguments...]

A note for GVM 20.08 users:

The default GSA settings in the GVM-21 is now enables gsad daemon on http instead of https. You can change /etc/default/gsad file for tweaking the settings.

It is also worth mentioning that openvas package is renamed to openvas-scanner by the upstream source.

A note for GVM 11 users:

Certain resources that were previously part of the gvm packages are now shipped via the feed. An example is the config "Full and Fast".

So, in the new version, it is importat to sync the new "GVMD_DATA" feed as well as other feeds (nvt/cert/scap). It is worth noting that "GVMD_DATA" sync will not be completed unless other feeds are already synced.

More info at: https://github.com/greenbone/gvmd/blob/v20.8.1/INSTALL.md#set-the-feed-import-owner

A note for GVM 10 users:

GVM-10 supported both SQLite and PostgreSQL as database backend for gvmd. Unfortunately GVM-11 only supports PostgreSQL, so if you are using SQLite backend, you have to migrate to PostgreSQL. More info is available on https://github.com/greenbone/gvmd/blob/v9.0.0/INSTALL.md#migrating-from-sqlite-to-postgresql

Another new change in GVM-11 is that openvas-scanner package is now renamed to openvas. The new openvas package doesn't provide a daemon. Instead there is a new ospd-openvas package/daemon which executes openvas binary and gvmd connects to ospd-openvas with OSP protocol to perform the vulnerability scans.

Finally, if you were using PostgreSQL backend with GVM-10 it is worth noting that gvmd package will migrate the database automatically for you. But if you have problems with the database you can run the following commands to do it manually:

. /etc/default/gvmd
gvmd --migrate

And if gvmd is complaining it cannot connect to openvas it maybe because the scanner defined in the database is outdated. You can always recreate a new database with:

# IMPORTANT NOTE: if you choose to reinstall the database the old database
# will be deleted and you will loose the associated data
# e.g. all the scans, reports, etc. WILL BE DELETED.
sudo dpkg-reconfigure gvmd-pg

Also GVM 10 nvticache in the redis is not compatible with GVM 11 so you have to flush the cache in the redis after upgrading the GVM:

sudo redis-cli -s /var/run/redis/redis.sock FLUSHALL
m/greenbone/gvmd/blob/v8.0.0/INSTALL.md#migrating-to-version-80

Adding this PPA to your system

You can update your system with unsupported packages from this untrusted PPA by adding ppa:mrazavi/gvm to your system's Software Sources. (Read about installing)

sudo add-apt-repository ppa:mrazavi/gvm
sudo apt update
        
Technical details about this PPA

This PPA can be added to your system manually by copying the lines below and adding them to your system's software sources.

Display sources.list entries for:
deb https://ppa.launchpadcontent.net/mrazavi/gvm/ubuntu YOUR_UBUNTU_VERSION_HERE main 
deb-src https://ppa.launchpadcontent.net/mrazavi/gvm/ubuntu YOUR_UBUNTU_VERSION_HERE main 
Signing key:
1024R/CF38C8D889ADEAC0265E36983C453D244AA450E0 (What is this?)
Fingerprint:
CF38C8D889ADEAC0265E36983C453D244AA450E0

For questions and bugs with software in this PPA please contact Mohammad Razavi.

PPA statistics

Activity
0 updates added during the past month.
View package details

Overview of published packages

126 of 26 results
Package Version Uploaded by
gsa 21.4.4-2 Mohammad Razavi ()
gsa 9.0.0-1 Mohammad Razavi ()
gsa-nodejs-build-dependencies 4.2.0 Mohammad Razavi ()
gsa-nodejs-build-dependencies 2.0.0 Mohammad Razavi ()
gsad 21.4.4-1 Mohammad Razavi ()
gvm-libs 21.4.4-1 Mohammad Razavi ()
gvm-libs 11.0.0-1 Mohammad Razavi ()
gvm-tools 21.10.0-1 Mohammad Razavi ()
gvm-tools 2.0.0-1 Mohammad Razavi ()
gvmd 21.4.5-1 Mohammad Razavi ()
gvmd 9.0.0-1 Mohammad Razavi ()
openvas 1:20.8.1-2 Mohammad Razavi ()
openvas 1:7.0.0-2 Mohammad Razavi ()
openvas-scanner 1:21.4.4-1 Mohammad Razavi ()
openvas-scanner 6.0.0-3 Mohammad Razavi ()
openvas-smb 21.4.0-1 Mohammad Razavi ()
openvas-smb 1.0.5-1 Mohammad Razavi ()
ospd 21.4.4-1 Mohammad Razavi ()
ospd 2.0.0-1 Mohammad Razavi ()
ospd-openvas 21.4.3-1 Mohammad Razavi ()
ospd-openvas 1.0.0-3 Mohammad Razavi ()
polib 1.1.0-4 (Newer version available) Mohammad Razavi ()
python-gvm 21.10.0-1 Mohammad Razavi ()
python-gvm 1.0.0-1 Mohammad Razavi ()
python-redis 3.3.11-2 Mohammad Razavi ()
yarn 1.13.0-1 Mohammad Razavi ()
126 of 26 results

Latest updates

  • gsa 17 weeks ago
    Successfully built
  • gsad 17 weeks ago
    Successfully built
  • gvmd 17 weeks ago
    Successfully built
  • openvas-scanner 17 weeks ago
    Successfully built
  • gvm-libs 17 weeks ago
    Successfully built