Greenbone Vulnerability Management

PPA description

Greenbone Vulnerability Management version 20.08 (GVM-20) is the current stable major release of tools offering a comprehensive and powerful vulnerability scanning and vulnerability management solution. GVM is developed for and as part of the commercial product line Greenbone Security Manager. It is developed by Greenbone and licenced as Open Source.

More info at: https://community.greenbone.net/

** NEW **
A set of docker images based on this PPA are avialble at docker hub. It could be used to setup GVM on any distribution of GNU/Linux.
More info: https://github.com/admirito/gvm-containers

===

To install the Greenbone Vulnerability Management 20.08 packages on Ubuntu 20.04 Focal Fossa first you need to install PostgreSQL database server (if you don't already have one--it could also be installed on a remote machine):

sudo apt install postgresql

Then use the following commands to install GVM:

sudo add-apt-repository ppa:mrazavi/gvm
sudo apt install gvm

Finally, you have to update the greenbone nvt/cert/scap data with these commands:

sudo -u gvm -g gvm greenbone-nvt-sync
sudo -u gvm -g gvm greenbone-feed-sync --type CERT
sudo -u gvm -g gvm greenbone-feed-sync --type SCAP
sudo -u gvm -g gvm greenbone-feed-sync --type GVMD_DATA

To remove NVT db, and rebuild it from the scanner:

export $(sudo cat /etc/default/gvmd-pg)
sudo -E -u gvm -g gvm gvmd --rebuild

You can access the Greenbone Security Assistant web interface at:

https://localhost:9392

The default username/password is as follows:

Username: admin
Password: admin

You can check the status of greenbone daemons with systemctl:

systemctl status ospd-openvas # scanner
systemctl status gvmd # manager
systemctl status gsad # web ui

If you want to run gvm components (e.g. gvmd, openvas, etc.) manually, always run them with sudo -E -u gvm -g gvm. Also, if you need to access the gvmd database, you should first load the database credentials:

export $(sudo cat /etc/default/gvmd-pg)
sudo -E -u gvm -g gvm gvmd [more arguments...]

A note for GVM 11 users:

Certain resources that were previously part of the gvm packages are now shipped via the feed. An example is the config "Full and Fast".

So, in the new version, it is importat to sync the new "GVMD_DATA" feed as well as other feeds (nvt/cert/scap). It is worth noting that "GVMD_DATA" sync will not be completed unless other feeds are already synced.

More info at: https://github.com/greenbone/gvmd/blob/v20.8.1/INSTALL.md#set-the-feed-import-owner

A note for GVM 10 users:

GVM-10 supported both SQLite and PostgreSQL as database backend for gvmd. Unfortunately GVM-11 only supports PostgreSQL, so if you are using SQLite backend, you have to migrate to PostgreSQL. More info is available on https://github.com/greenbone/gvmd/blob/v9.0.0/INSTALL.md#migrating-from-sqlite-to-postgresql

Another new change in GVM-11 is that openvas-scanner package is now renamed to openvas. The new openvas package doesn't provide a daemon. Instead there is a new ospd-openvas package/daemon which executes openvas binary and gvmd connects to ospd-openvas with OSP protocol to perform the vulnerability scans.

Finally, if you were using PostgreSQL backend with GVM-10 it is worth noting that gvmd package will migrate the database automatically for you. But if you have problems with the database you can run the following commands to do it manually:

. /etc/default/gvmd
gvmd --migrate

And if gvmd is complaining it cannot connect to openvas it maybe because the scanner defined in the database is outdated. You can always recreate a new database with:

# IMPORTANT NOTE: if you choose to reinstall the database the old database
# will be deleted and you will loose the associated data
# e.g. all the scans, reports, etc. WILL BE DELETED.
sudo dpkg-reconfigure gvmd-pg

Also GVM 10 nvticache in the redis is not compatible with GVM 11 so you have to flush the cache in the redis after upgrading the GVM:

sudo redis-cli -s /var/run/redis/redis.sock FLUSHALL

A note for OpenVAS 9 users:

The new gvm-10 packages of this PPA are not compatible with openvas-9 series. To upgrade from openvas-9 to gvm-10, you have to first backup your data, most importantly the "mgr" directory containing the tasks.db database located at /var/lib/openvas/mgr; then purge the old packages with the following commands:

sudo systemctl stop openvas-manager
mkdir ~/openvas-backup
sudo cp -a /var/lib/openvas ~/openvas-backup/lib
sudo cp -a /etc/openvas ~/openvas-backup/etc

sudo apt purge 'openvas9*' 'libopenvas9*'
sudo rm -rf /var/log/openvas /var/lib/openvas /var/cache/openvas/

Then, you can install gvm-10 with the previous instructions of the PPA. Finally you can restore the tasks.db by the following commands:

sudo systemctl stop gvmd
sudo rm -f /var/lib/gvm/gvmd/gvmd.db*
echo .dump | sudo sqlite3 ~/openvas-backup/lib/mgr/tasks.db | \
             sudo sqlite3 /var/lib/gvm/gvmd/gvmd.db
sudo gvmd --migrate
sudo systemctl start gvmd

For more information read the gvmd manual at: https://github.com/greenbone/gvmd/blob/v8.0.0/INSTALL.md#migrating-to-version-80

Adding this PPA to your system

You can update your system with unsupported packages from this untrusted PPA by adding ppa:mrazavi/gvm to your system's Software Sources. (Read about installing)

sudo add-apt-repository ppa:mrazavi/gvm
sudo apt-get update
        
Technical details about this PPA

This PPA can be added to your system manually by copying the lines below and adding them to your system's software sources.

Display sources.list entries for:
deb http://ppa.launchpad.net/mrazavi/gvm/ubuntu YOUR_UBUNTU_VERSION_HERE main 
deb-src http://ppa.launchpad.net/mrazavi/gvm/ubuntu YOUR_UBUNTU_VERSION_HERE main 
Signing key:
1024R/CF38C8D889ADEAC0265E36983C453D244AA450E0 (What is this?)
Fingerprint:
CF38C8D889ADEAC0265E36983C453D244AA450E0

For questions and bugs with software in this PPA please contact Mohammad Razavi.

PPA statistics

Activity
0 updates added during the past month.
View package details

Overview of published packages

124 of 24 results
Package Version Uploaded by
gsa 20.8.1-1 Mohammad Razavi ()
gsa 9.0.0-1 Mohammad Razavi ()
gsa-nodejs-build-dependencies 3.0.0 Mohammad Razavi ()
gsa-nodejs-build-dependencies 2.0.0 Mohammad Razavi ()
gvm-libs 20.8.1-1 Mohammad Razavi ()
gvm-libs 11.0.0-1 Mohammad Razavi ()
gvm-tools 21.1.0-1 Mohammad Razavi ()
gvm-tools 2.0.0-1 Mohammad Razavi ()
gvmd 20.8.1-1 Mohammad Razavi ()
gvmd 9.0.0-1 Mohammad Razavi ()
openvas 1:20.8.1-2 Mohammad Razavi ()
openvas 1:7.0.0-2 Mohammad Razavi ()
openvas-scanner 6.0.0-3 Mohammad Razavi ()
openvas-smb 1.0.5-2 Mohammad Razavi ()
openvas-smb 1.0.5-1 Mohammad Razavi ()
ospd 20.8.2-1 Mohammad Razavi ()
ospd 2.0.0-1 Mohammad Razavi ()
ospd-openvas 20.8.1-1 Mohammad Razavi ()
ospd-openvas 1.0.0-3 Mohammad Razavi ()
polib 1.1.0-4 (Newer version available) Mohammad Razavi ()
python-gvm 21.1.3-1 Mohammad Razavi ()
python-gvm 1.0.0-1 Mohammad Razavi ()
python-redis 3.3.11-2 Mohammad Razavi ()
yarn 1.13.0-1 Mohammad Razavi ()
124 of 24 results

Latest updates

  • openvas 22 weeks ago
    Successfully built
  • gvm-tools 24 weeks ago
    Successfully built
  • ospd-openvas 24 weeks ago
    Successfully built
  • gvmd 24 weeks ago
    Successfully built
  • gsa 24 weeks ago
    Successfully built