Install and Setup GVM 11 on Ubuntu 20.04

148
4690

In this guide, we are going to learn how to install and setup GVM 11 on Ubuntu 20.04. Greenbone Vulnerability Management (GVM), was previously known as OpenVAS, is a network security scanner which provides a set of network vulnerability tests (NVTs) to detect security loopholes in systems and applications. As of this writing, GVM 11 is the current stable release.

Install and Setup GVM 11 on Ubuntu 20.04

Prerequisites

In this demo, we will be building GVM 11 on Ubuntu 20.04 from source code. As such, below are the system requirements I would personally recommend.

  • At least 4 GB RAM
  • At least 4 vCPUs
  • More than 8 GB disk space (We used 16 GB in this demo)

These requirements will vary depending on your use cases, however. Just be sure to give “enough”.

Run System Update

To begin with, update and upgrade your system packages;

apt update
apt upgrade

Create GVM User

In this demo, we are going to run GVM as a non privileged system user. As such, we are going to create gvm user and group.

useradd -r -d /opt/gvm -c "GVM User" -s /bin/bash gvm

Create the GVM user directory as specified by option -d in the command above and set the user and group ownership to gvm.

mkdir /opt/gvm
chown gvm:gvm /opt/gvm

Install Required Build Tools

In order to successfully build GVM 11 on Ubuntu 20.04, you need to install a number of required dependencies and build tools.

apt install gcc g++ make bison flex libksba-dev curl redis libpcap-dev \
cmake git pkg-config libglib2.0-dev libgpgme-dev nmap libgnutls28-dev uuid-dev \
libssh-gcrypt-dev libldap2-dev gnutls-bin libmicrohttpd-dev libhiredis-dev \
zlib1g-dev libxml2-dev libradcli-dev clang-format libldap2-dev doxygen \
gcc-mingw-w64 xml-twig-tools libical-dev perl-base heimdal-dev libpopt-dev \
libsnmp-dev python3-setuptools python3-paramiko python3-lxml python3-defusedxml python3-dev gettext python3-polib xmltoman \
python3-pip texlive-fonts-recommended texlive-latex-extra --no-install-recommends xsltproc

Install Yarn on Ubuntu 20.04

Next, install Yarn JavaScript package manager

curl -sS https://dl.yarnpkg.com/debian/pubkey.gpg | apt-key add -
echo "deb https://dl.yarnpkg.com/debian/ stable main" | tee /etc/apt/sources.list.d/yarn.list
apt update
apt install yarn -y

Install PostgreSQL on#install-postgresql-ubuntu20.04 Ubuntu 20.04

GVM 11 has dropped support for sqlite3 and it currently support only PostgreSQL as the backend database. Therefore, you need to install PostgreSQL on Ubuntu 20.04;

apt install postgresql postgresql-contrib postgresql-server-dev-all

Create PostgreSQL User and Database

Once the installation is done, create the PostgreSQL user and database for Greenbone Vulnerability Management Daemon (gvmd). Note that the database and user should be created as PostgreSQL user, postgres.

sudo -Hiu postgres
createuser gvm
createdb -O gvm gvmd

Grant PostgreSQL User DBA Roles

psql gvmd
create role dba with superuser noinherit;
grant dba to gvm;
create extension "uuid-ossp";
\q
exit

Once that is done, restart PostgreSQL;

systemctl restart postgresql
systemctl enable postgresql

Building GVM 11 from Source Code

There are different tools required to install and setup GVM 11 on Ubuntu 20.04. These include;

  • GVM Libraries
  • OpenVAS Scanner
  • OSPd
  • ospd-openvas
  • Greenbone Vulnerability Manager
  • Greenbone Security Assistant
  • Python-GVM
  • GVM-Tools
  • OpenVAS SMB

Every component has README.md and a INSTALL.md file that explains how to build and install it.

Since we are running GVM as non-privileged user, gvm, then we will install all the GVM configuration files and libraries under, /opt/gvm.

Update the PATH environment variable on /etc/environment, to include the GVM binary path such that it looks like;

vim /etc/environment
PATH="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/usr/games:/usr/local/games:/opt/gvm/bin:/opt/gvm/sbin:/opt/gvm/.local/bin"

Add GVM library path to /etc/ld.so.conf.d.

echo "/opt/gvm/lib" > /etc/ld.so.conf.d/gvm.conf

Build and Install GVM 11

Switch to GVM user, gvm and create a temporary directory to store GVM source files.

su - gvm
mkdir /tmp/gvm-source

Download GVM Source Files

Navigate to temporary directory created above and run the subsequent commands to clone the GVM github branch files.

cd /tmp/gvm-source
git clone -b gvm-libs-11.0 https://github.com/greenbone/gvm-libs.git
git clone https://github.com/greenbone/openvas-smb.git
git clone -b openvas-7.0 https://github.com/greenbone/openvas.git
git clone -b ospd-2.0 https://github.com/greenbone/ospd.git
git clone -b ospd-openvas-1.0 https://github.com/greenbone/ospd-openvas.git
git clone -b gvmd-9.0 https://github.com/greenbone/gvmd.git
git clone -b gsa-9.0 https://github.com/greenbone/gsa.git

Once the source files are in place, proceed to build and install GVM on Ubuntu 20.04.

[email protected]:/tmp/gvm-source$ ls
gsa gvmd gvm-libs openvas openvas-smb ospd ospd-openvas

Note that we will install all GVM files and libraries to a non-standard location, /opt/gvm. As such, you need to set the PKG_CONFIG_PATH environment variable to the location of your pkg-config
files before configuring:

export PKG_CONFIG_PATH=/opt/gvm/lib/pkgconfig:$PKG_CONFIG_PATH

Be sure to replace the path, /opt/gvm, accordingly.

Build and Install GVM 11 Libraries

Change to GVM libraries directory;

cd gvm-libs

Create a build directory and change into it;

mkdir build
cd build

Configure the build;

cmake .. -DCMAKE_INSTALL_PREFIX=/opt/gvm

Next, compile and install GVM libraries

make
make install

Build and Install OpenVAS scanner and OpenVAS SMB

Open Vulnerability Assessment Scanner (OpenVAS) is a full-featured scan engine that executes a continuously updated and extended feed of Network Vulnerability Tests (NVTs).

OpenVAS SMB provides modules for the OpenVAS Scanner to interface with Microsoft Windows Systems through the Windows Management Instrumentation API and a winexe binary to execute processes remotely on that system.

Build and install openvas-smb;

cd ../../openvas-smb/
mkdir build
cd build
cmake .. -DCMAKE_INSTALL_PREFIX=/opt/gvm
make
make install

Build and install OpenVAS scanner;

cd ../../openvas

Proceed to build and install openvas.

mkdir build
cd build
cmake .. -DCMAKE_INSTALL_PREFIX=/opt/gvm
make
make install

If you encounter the error, ...error: ‘pcap_lookupdev’ is deprecated: use 'pcap_findalldevs'... while compiling openvas, edit the CMakeLists.txt file and replace the line as shown below.

vim ../../openvas/CMakeLists.txt
...
#set (CMAKE_C_FLAGS_DEBUG "${CMAKE_C_FLAGS_DEBUG} ${COVERAGE_FLAGS}")
set (CMAKE_C_FLAGS_DEBUG "${CMAKE_C_FLAGS_DEBUG} -Werror -Wno-error=deprecated-declarations")
...

Once done, save and exit the file and rerun the installation.

Configuring OpenVAS Scanner

The host scan information is stored temporarily on Redis server. The default configuration of Redis server is /etc/redis/redis.conf.

Switch back to privileged user and proceed.

exit

To begin run the command below to create the cache to the installed shared libraries;

ldconfig

Next, copy OpenVAS scanner Redis configuration file, redis-openvas.conf, to the same Redis config directory;

cp /tmp/gvm-source/openvas/config/redis-openvas.conf /etc/redis/

Update the ownership of the configuration.

chown redis:redis /etc/redis/redis-openvas.conf

Update the path to Redis unix socket on the /opt/gvm/etc/openvas/openvas.conf using the db_address parameter as follows;

echo "db_address = /run/redis-openvas/redis.sock" > /opt/gvm/etc/openvas/openvas.conf

Note, the Unix socket path is defined on /etc/redis/redis-openvas.conf file.

chown gvm:gvm /opt/gvm/etc/openvas/openvas.conf

Add gvm user to redis group;

usermod -aG redis gvm

You can also optimize Redis server itself improve the performance by making the following adjustments;

Increase the value of somaxconn in order to avoid slow clients connections issues.

echo "net.core.somaxconn = 1024" >> /etc/sysctl.conf

Redis background save may fail under low memory condition. To avoid this, enable memory overcommit (man 5 proc).

echo 'vm.overcommit_memory = 1' >> /etc/sysctl.conf

Reload sysctl variables created above.

sysctl -p

To avoid creation of latencies and memory usage issues with Redis, disable Linux Kernel’s support for Transparent Huge Pages (THP). To easily work around this, create a systemd service unit for this purpose.

vim /etc/systemd/system/disable_thp.service
[Unit]
Description=Disable Kernel Support for Transparent Huge Pages (THP)

[Service]
Type=simple
ExecStart=/bin/sh -c "echo 'never' > /sys/kernel/mm/transparent_hugepage/enabled && echo 'never' > /sys/kernel/mm/transparent_hugepage/defrag"

[Install]
WantedBy=multi-user.target

Reload systemd configurations;

systemctl daemon-reload

Start and enable this service to run on system boot.

systemctl enable --now disable_thp

Restart OpenVAS Redis server

systemctl enable --now [email protected]

A number of Network Vulnerability Tests (NVTs) require root privileges to perform certain operations. Since openvas is launched from an ospd-openvas process, via sudo, add the line below to sudoers file to ensure that the gvm user used in this demo can run the openvas with elevated rights using passwordless sudo.

echo "gvm ALL = NOPASSWD: /opt/gvm/sbin/openvas" > /etc/sudoers.d/gvm

Also, update the secure_path to include the GVM /sbin paths, /opt/gvm/sbin.

visudo
Defaults secure_path="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/snap/bin:/opt/gvm/sbin"

Also, enable gvm user to run GSA web application daemon, gsad, with passwordless sudo.

echo "gvm ALL = NOPASSWD: /opt/gvm/sbin/gsad" >> /etc/sudoers.d/gvm

Update NVTs

Update Network Vulnerability Tests feed from Greenbone Security Feed/Community Feed using the greenbone-nvt-sync command.

The greenbone-nvt-sync command must not be executed as privileged user root, hence switch back to GVM user we created above and update the NVTs.

su - gvm

Next, update the NVTs as openvas user;

greenbone-nvt-sync

Once the update is done, you need to update Redis server with the same VT info from VT files;

sudo openvas --update-vt-info

Build and Install Greenbone Vulnerability Manager

export PKG_CONFIG_PATH=/opt/gvm/lib/pkgconfig:$PKG_CONFIG_PATH
cd /tmp/gvm-source/gvmd
mkdir build
cd build
cmake .. -DCMAKE_INSTALL_PREFIX=/opt/gvm
make
make install

Build and Install Greenbone Security Assistant

cd ../../gsa
mkdir build
cd build
cmake .. -DCMAKE_INSTALL_PREFIX=/opt/gvm
make
make install

Update GVM CERT and SCAP data from the feed servers;

greenbone-scapdata-sync
greenbone-certdata-sync

Consider setting cron jobs to run the nvts, cert and scap data update scripts at your preferred frequency to pull updates from the feed servers.

Next, run the command below to generate certificates gvmd. Server certificates are used for authentication while client certificates are primarily used for authorization. More on man gvm-manage-certs.

gvm-manage-certs -a

Build and Install OSPd and OSPd-OpenVAS

Open Scanner Protocol (OSP) creates a unified interface for different security scanners and makes their control flow and scan results consistently available under the central Greenbone Vulnerability Manager service.

export PKG_CONFIG_PATH=/opt/gvm/lib/pkgconfig:$PKG_CONFIG_PATH
mkdir -p /opt/gvm/lib/python3.8/site-packages/
export PYTHONPATH=/opt/gvm/lib/python3.8/site-packages
cd /tmp/gvm-source/ospd
python3 setup.py install --prefix=/opt/gvm
cd ../ospd-openvas
python3 setup.py install --prefix=/opt/gvm

Start OpenVAS Scanner, GSA and GVM services

Run the commands below as gvm user to start OpenVAS scanner, GSA (WebUI service) and GVM daemon. Execute the commands in the presented order.

Start OpenVAS

/usr/bin/python3 /opt/gvm/bin/ospd-openvas \
--pid-file /opt/gvm/var/run/ospd-openvas.pid \
--log-file /opt/gvm/var/log/gvm/ospd-openvas.log \
--lock-file-dir /opt/gvm/var/run -u /opt/gvm/var/run/ospd.sock

Start GVM

gvmd --osp-vt-update=/opt/gvm/var/run/ospd.sock

Start GSA

sudo gsad

Consider creating systemd service unit files for these services to enable you manage them easily. See below

Check the status;

ps aux | grep -E "ospd-openvas|gsad|gvmd" | grep -v grep

Sample output;

gvm         8221  0.0  0.0  81196  1436 ?        Ss   10:47   0:00 gpg-agent --homedir /opt/gvm/var/lib/gvm/gvmd/gnupg --use-standard-socket --daemon
gvm         8475  2.0  6.0 382248 122184 pts/0   Sl   10:54   1:23 /usr/bin/python3 /opt/gvm/bin/ospd-openvas --pid-file /opt/gvm/var/run/ospd-openvas.pid --log-file /opt/gvm/var/log/gvm/ospd-openvas.log --lock-file-dir /opt/gvm/var/run -u /opt/gvm/var/run/ospd.sock
gvm         8523  0.1 10.1 295648 206108 pts/0   S    10:57   0:06 gvmd: Waiting for incoming connections
postgres    8541  0.1  7.7 225436 157888 ?       SLs  10:57   0:05 postgres: 12/main: gvm gvmd [local] idle
root        8599  0.0  0.8 664696 17064 pts/0    Sl   10:58   0:00 gsad
root        8600  0.0  0.1 205912  3608 pts/0    Sl   10:58   0:00 gsad
gvm        11911  0.0  9.7 295648 198056 pts/0   S    12:01   0:00 gvmd: Reloading NVTs
gvm        11913  0.0  9.8 295648 201172 pts/0   S    12:01   0:00 gvmd: OSP: Updating NVT cache
postgres   11917  0.1  0.9 217796 19544 ?        Ss   12:01   0:00 postgres: 12/main: gvm gvmd [local] idle

You can also find the logs at, <install-prefix>/var/log/gvm/, which in this case is /opt/gvm/var/log/gvm.

Creating Systemd Service units for GVM services

The services below are based on what Kevin (in the comments section) did on his script.

If you had run the services commands above, be sure to stop them before you can rerun using systemd.

Create OpenVAS service

vim /etc/systemd/system/openvas.service
[Unit]
Description=Control the OpenVAS service
After=redis.service
After=postgresql.service

[Service]
ExecStartPre=-rm -rf /opt/gvm/var/run/ospd-openvas.pid /opt/gvm/var/run/ospd.sock /opt/gvm/var/run/gvmd.sock
Type=simple
User=gvm
Group=gvm
Environment=PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/usr/games:/usr/local/games:/opt/gvm/bin:/opt/gvm/sbin:/opt/gvm/.local/bin
Environment=PYTHONPATH=/opt/gvm/lib/python3.8/site-packages
ExecStart=/usr/bin/python3 /opt/gvm/bin/ospd-openvas \
--pid-file /opt/gvm/var/run/ospd-openvas.pid \
--log-file /opt/gvm/var/log/gvm/ospd-openvas.log \
--lock-file-dir /opt/gvm/var/run -u /opt/gvm/var/run/ospd.sock
RemainAfterExit=yes

[Install]
WantedBy=multi-user.target

Save and exit the file and start OpenVas.

systemctl daemon-reload
systemctl start openvas

Check the status of the service;

systemctl status openvas
● openvas.service - Control the OpenVAS service
     Loaded: loaded (/etc/systemd/system/openvas.service; disabled; vendor preset: enabled)
     Active: active (exited) since Fri 2020-08-28 05:16:50 UTC; 4s ago
    Process: 27483 ExecStartPre=/usr/bin/rm -rf /opt/gvm/var/run/ospd-openvas.pid /opt/gvm/var/run/ospd.sock /opt/gvm/var/run/gvmd.sock (code=exited, status=0/SUCCESS)
    Process: 27484 ExecStart=/usr/bin/python3 /opt/gvm/bin/ospd-openvas --pid-file /opt/gvm/var/run/ospd-openvas.pid --log-file /opt/gvm/var/log/gvm/ospd-openvas.log --loc>
   Main PID: 27484 (code=exited, status=0/SUCCESS)
      Tasks: 1 (limit: 2282)
     Memory: 42.8M
     CGroup: /system.slice/openvas.service
             └─27501 /usr/bin/python3 /opt/gvm/bin/ospd-openvas --pid-file /opt/gvm/var/run/ospd-openvas.pid --log-file /opt/gvm/var/log/gvm/ospd-openvas.log --lock-file-d>

Aug 28 05:16:50 ubuntu20 systemd[1]: Starting Control the OpenVAS service...
Aug 28 05:16:50 ubuntu20 systemd[1]: Started Control the OpenVAS service.

Enable OpenVAS scanner to run on system boot;

systemctl enable openvas

Create GSA Service Unit file

vim /etc/systemd/system/gsa.service
[Unit]
Description=Control the OpenVAS GSA service
After=openvas.service

[Service]
Type=simple
User=gvm
Group=gvm
Environment=PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/usr/games:/usr/local/games:/opt/gvm/bin:/opt/gvm/sbin:/opt/gvm/.local/bin
Environment=PYTHONPATH=/opt/gvm/lib/python3.8/site-packages
ExecStart=/usr/bin/sudo /opt/gvm/sbin/gsad
RemainAfterExit=yes

[Install]
WantedBy=multi-user.target
vim /etc/systemd/system/gsa.path
[Unit]
Description=Start the OpenVAS GSA service when gvmd.sock is available

[Path]
PathChanged=/opt/gvm/var/run/gvmd.sock
Unit=gsa.service

[Install]
WantedBy=multi-user.target

Create GVM Service unit file

vim /etc/systemd/system/gvm.service
[Unit]
Description=Control the OpenVAS GVM service
After=openvas.service

[Service]
Type=simple
User=gvm
Group=gvm
Environment=PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/usr/games:/usr/local/games:/opt/gvm/bin:/opt/gvm/sbin:/opt/gvm/.local/bin
Environment=PYTHONPATH=/opt/gvm/lib/python3.8/site-packages
ExecStart=/opt/gvm/sbin/gvmd --osp-vt-update=/opt/gvm/var/run/ospd.sock
RemainAfterExit=yes

[Install]
WantedBy=multi-user.target
vim /etc/systemd/system/gvm.path
[Unit]
Description=Start the OpenVAS GVM service when opsd.sock is available

[Path]
PathChanged=/opt/gvm/var/run/ospd.sock
Unit=gvm.service

[Install]
WantedBy=multi-user.target

Reload system unit configs and start the services;

systemctl daemon-reload
systemctl enable --now gvm.{path,service}
systemctl enable --now gsa.{path,service}

Create GVM Scanner

Since we launched the scanner and set it to use our non-standard scanner host path (/opt/gvm/var/run/ospd.sock), we need to create and register our scanner;

sudo -Hiu gvm gvmd --create-scanner="Kifarunix-demo OpenVAS Scanner" --scanner-type="OpenVAS" --scanner-host=/opt/gvm/var/run/ospd.sock

Next, you need to verify your scanner. For this, you first need to get the scanner identifier;

sudo -Hiu gvm gvmd --get-scanners
08b69003-5fc2-4037-a479-93b440211c73 OpenVAS /tmp/ospd.sock 0 OpenVAS Default
6acd0832-df90-11e4-b9d5-28d24461215b CVE 0 CVE
9c6f2214-eb7c-4613-96bd-21551b259cf1 OpenVAS /opt/gvm/var/run/ospd.sock 9390 Kifarunix-demo OpenVAS Scanner

Based on the output above, our scanner UUID is, 9c6f2214-eb7c-4613-96bd-21551b259cf1.

Verify the scanner;

sudo -Hiu gvm gvmd --verify-scanner=9c6f2214-eb7c-4613-96bd-21551b259cf1

Create OpenVAS (GVM 11) Admin User

Create OpenVAS administrative user by running the command below;

sudo -Hiu gvm gvmd --create-user gvmadmin

This command generates a random password for the user.

If you want to create a user and at the same time create your own password;

sudo -Hiu gvm gvmd --create-user gvmadmin [email protected]

Otherwise, you can reset the password of an already existing user;

sudo -Hiu gvm gvmd --user=<USERNAME> --new-password=<PASSWORD>

Accessing GVM 11 (OpenVAS)

Greenbone Security Assistant (GSA) WebUI daemon opens port 443 and listens on all interfaces. If firewall is running, open this port to allow external access.

ufw allow 443/tcp

You can now access GSA via the url https:<serverIP-OR-hostname>. Accept the self-signed SSL warning and proceed.

Install and Setup GVM 11 on Ubuntu 20.04

Login with the administrative credentials generated above.

Install and Setup GVM 11 on Ubuntu 20.04
Install and Setup GVM 11 on Ubuntu 20.04

And there you go. That is all it take to install and Setup GVM 11 on Ubuntu 20.04. You can now start running your scans.

NOTE: When creating a scan task, be sure to select the Scanner we created above.

Install and Setup GVM 11 on Ubuntu 20.04

See example scan report below for Windows 7.

Install and Setup GVM 11 on Ubuntu 20.04

Vulnerability report;

Install and Setup GVM 11 on Ubuntu 20.04

Did I miss anything, drop it in the comments section!! Enjoy

Reference

Source files README.md and INSTALL.md files

Related Tutorials

Install OpenVAS 10 (GVM) on Debian 10 Buster

Install OpenVAS 9 with PostgreSQL in Ubuntu 18.04

How to Add and Scan a Target for Vulnerabilities on OpenVAS Scanner

How to Install and Setup OpenVAS 9 Vulnerability Scanner on Ubuntu 18.04

How to Install and Use WPScan WordPress Vulnerability Scanner Ubuntu 18.04

148 COMMENTS

  1. Thank you for making this guide. it is the best I have found, clear concise and explains the steps.
    Most importantly at the end I have a working system.

  2. hi koromicha,I set up this system according to your tutorial, but encountered the following error when starting gsad: Oops, secure memory pool already initialized; and when performing a scan after ignoring this error, the scanner could not be connected.
    md manage: WARNING: 2020-04-29 11h56.32 CST: 69734: Could not connect to Scanner at /tmp/ospd.sock
    md manage: WARNING: 2020-04-29 11h56.33 CST: 69734: OSP start_scan a32d00f0-7cb1-445c-8f59-f33379ccf80b: Could not connect to Scanner
    Have you ever encountered this situation? My English is not good, please understand

    • Hello Carle, in regards to;
      1. Oops, secure memory pool already initialized, i would say ignore this.
      2. For Scanner, you need to choose your scanner when creating a task and select your scanner that you created.
      Try and let us know how it goes.

      • Thank you for your suggestion, this problem has been solved, but now there is a new problem, all scan tasks I performed have Severity of 0.0, and the following prompt appears in the report:
        The report is empty. The filter does not match any of the 10 results.
        The following filter is currently applied:
        apply_overrides = 0 levels = hml rows = 100 min_qod = 70 first = 1 sort-reverse = severity
        Is my method or procedure wrong? I found this problem while installing GVM 10 and it has not been solved

  3. Hi koromicha,

    your post is great!! I have followed your instruction and completed the installation but I got the issue when performing the task, Wizar task not working… perform the task with multiple or singer host will get the issue is “Could not connect to Scanner” and “Severity” will be “error”

    Could you advise how to resolving it?

    Thanks and regards,

  4. Great Guide! Came across an error when running the “python3 setup.py install –prefix=/opt/gvm” command saying that the directory did not support .pth files. It was showing that this command was trying to use 3.8 whereas it was installed with 3.6. Adding the 3.6 path it was mentioning to the PYTHONPATH variable seemed to allow it to proceed. This is a brand new dedicated build of 18.04 not 20.04 so not sure if that was any issue 🙂

  5. hi, i’ve a problem when i try to start opevans:
    —/tmp/gvm-source/ospd-openvas$ /usr/bin/python3 /opt/gvm/bin/ospd-openvas \
    > –pid-file /opt/gvm/var/run/ospd-openvas.pid \
    > –log-file /opt/gvm/var/log/gvm/ospd-openvas.log \
    > –lock-file-dir /opt/gvm/var/run -u /opt/gvm/var/run/ospd.sock
    ERROR: get_db_connection: Not possible to run openvas. [Errno 2] No such file or directory: ‘openvas’

    • I think the issue othin ran into is that the PYTHONPATH isn’t set. I ran into the same thing while I was creating a systemd unit file for it. Re-running “export PYTHONPATH=/opt/gvm/lib/python3.8/site-packages” as the gvm user should allow it to start.

      • Hi Kevin,
        I am also getting the error which othin saw, I have re-run the “export PYTHONPATH=/opt/gvm/lib/python3.8/site-packages” as you suggested.

        [email protected]:/tmp/gvm-source/ospd-openvas$ /usr/bin/python3 /opt/gvm/bin/ospd-openvas \
        > –pid-file /opt/gvm/var/run/ospd-openvas.pid \
        > –log-file /opt/gvm/var/log/gvm/ospd-openvas.log \
        > –lock-file-dir /opt/gvm/var/run -u /opt/gvm/var/run/ospd.sock
        ERROR: get_db_connection: Not possible to run openvas. [Errno 2] No such file or directory: ‘openvas’

        Is there anything else i can do to resolve this so i can continue with the setup?
        Thanks
        Shane

          • I tried all these mentioned recommendation, but no luck.

            /usr/bin/python3 /opt/gvm/bin/ospd-openvas \
            > –pid-file /opt/gvm/var/run/ospd-openvas.pid \
            > –log-file /opt/gvm/var/log/gvm/ospd-openvas.log \
            > –lock-file-dir /opt/gvm/var/run -u /opt/gvm/var/run/ospd.sock

            Similarly:
            # gvmd –osp-vt-update=/opt/gvm/var/run/ospd.sock
            bash: gvmd: command not found

            # sudo gsad
            sudo: gsad: command not found

            Can someone really help here?

    • Managed to get GVM running thanks to your script Kevin.

      However, I’m not able to run any scan tasks as it will give an error “Could not connect to Scanner”. Do you face issue as well?

      • Hi Khairi,

        I got something similar where I ran the original version of the script on a fresh Ubuntu 20.04 server install. It was complaining about nmap not being installed. Seems it’s not included by default. I’ve updated the script to install nmap along with its other apt-get installs but if you’ve already run the installer try ‘sudo apt-get install nmap’. Then, be sure to select the ‘Created OpenVAS Scanner’ from the drop-down when creating a task.

      • Hi Maurizio,

        Humm, that’s odd. Lines 2 through 16 are all comments in it so I’m not sure why it would be complaining about something on line 7 for you. I should’ve mentioned doing a chmod u+x on it as I didn’t have the executable permission set but I don’t think that’s the issue you’re running into.

        Open the file in a text editor and take a look at line 7 to see if there’s an unexpected newline in your copy of it.

        kev.

  6. Hello,
    Excellent Guide!!!! I have only one problem, I can’t export in PDF, I obtain a file with 0 bytes.

    I assume I don’t have some dependency for the report, could you tell me which are the dependencies to create it?

    Thanks
    Alejandro

  7. Hello !
    First thank you for the good job ! 😮
    Just a question, who are the services you need to start for make it work after a reboot of the server ? :/
    Thank again 🙂

    • Thanks Matth.
      All the three services. You can create systemd service unit files for them and enable them to start on system boot.

  8. Hi Koromicha,

    Many thanks for such a comprehensive and clear installation guide, much appreciated. Installing OpenVas following this guide was a blast!

    One question: You created user gvm in Postgres database without a password. Is that correct? Is that database being accessed only locally by gvmd?

    Cheers!!

    • Hello eMarcel, thanks for the feedback.
      The database is used locally by GVM to store various configs.
      Cheers!

  9. Thanks for the guide. However, during the greenbone-nvt-sync connection gets lost and no NVT’s are loaded. I tried 3 times (including running the install script in the comments).
    When I download the NVT’s manually i see the feed in feed info but still no NVT’s are loaded.

    • Hi Pieter,
      Did you try to append the –curl or –rsync option to the nvt update command, as in, greenbone-nvt-sync --curl?

    • Hi Pieter,

      It could be that the server was having issues. There’s also the fact that they only ever allow one connection at a time so if you’re behind an IPv4 NAT it seems that the connection can be held open even after the machine is done with it. That’s why I put all those sleep commands in the installer. It’s a kludgy workaround that worked for me but if your NAT device is holding the connection open longer than mine it may fail on its subsequent connections after the initial one.

      kev.

    • Greenbones officially states that IPv6 should be mainly used instead of IPv4. In a NAT environment, the problems you stated are common.

      Simple trick:
      ssh -D 4711 CLOUD_SERVER
      apt install proxychains
      edit /etc/proxychains to use SOCKS5 as localhost:4711
      proxychains greenbone-certdata-sync works now perfectly. Same with scapdata.

      BR from CTG, Thomas

    • Try deleting the PID file in /opt/gvm/var/run (it gets left there when nvt-sync doesn’t complete). That should get the script going itself. The other thing I found is that the permissions (700) on the ospd.sock file in /opt/gvm/var/run were insufficient to allow the load of the VTs from the feed. Try setting that file to 777

  10. Hello, first of all enorabuena for this fantastic post.
    I have followed this tutorial as is and it throws me this error, and I don’t know what to do. I have tried to find it but I cannot solve it. thanks to everyone

    Archive /opt/gvm/var/log/gvm/gvmd.log

    md manage:WARNING:2020-05-19 16h10.41 utc:5368: manage_update_nvt_cache_osp: failed to connect to /opt/gvm/var/run/ospd.sock

      • Openvas does not run the scans, I just saw that when it starts a scan on the web interface (https: // localhost / login) just later in the state of the same it reports an error. I don’t know what to do the truth

    • Hi Rafael,

      Ya, I started getting this too now. It was going after I first set it up–even did a scan with it. Checked that it was working after a reboot too. Then, left it off for a few days. When I fired it up again the other day I started getting this in gvmd.log too.

      Humm…

      kev.

      • Okay, I think I’ve got this sorted out. In the “Configuring the OpenVAS Scanner” section one of the lines is “systemctl start [email protected]” but there’s not a “systemctl enable [email protected]” line. So, when a reboot happens [email protected] doesn’t get started and /var/run/redis-openvas doesn’t get created which is where the socket is supposed to be. So, when the openvas.service goes looking for it, it doesn’t find the redis socket. Which in turn causes it to fail to open it’s ospd socket which GVM then is unable to connect to. This generates the messages in /opt/gvm/var/log/gvm/gvmd.log that we’re seeing.

        So doing “sudo systemctl enable [email protected]” seems to be a fix.

        • Well, it was a fix for a while at least. It worked for a few reboots but now I’m getting the ‘failed to connect to /opt/gvm/var/run/ospd.sock’ messages showing up in /opt/gvm/var/log/gvm/gvmd.log again.

          I’ve also noticed as others have pointed out that the task wizard doesn’t seem to be functioning. I suspect that it’s broken in the code cloned from the git repos at the moment. I’d open an issue if there isn’t one already but I’m not sure which component is responsible for it.

          kev.

  11. Hi @Kevin

    I have followed your instructions, as prescribed to othin May 8, 2020 At 10:37, the export does the trick but still gets the error “failed to connect to /opt/gvm/var/run/ospd.sock” as per below:

    [email protected]:~$ export PYTHONPATH=/opt/gvm/lib/python3.8/site-packages
    [email protected]:~$ /usr/bin/python3 /opt/gvm/bin/ospd-openvas –pid-file /opt/gvm/var/run/ospd-openvas.pid –log-file /opt/gvm/var/log/gvm/ospd-openvas.log –lock-file-dir /opt/gvm/var/run -u /opt/gvm/var/run/ospd.sock
    [email protected]:~$ tail -f /opt/gvm/var/log/gvm/gvmd.log
    md manage:WARNING:2020-05-21 09h22.46 utc:64620: manage_update_nvt_cache_osp: failed to connect to /opt/gvm/var/run/ospd.sock
    md manage:WARNING:2020-05-21 09h22.56 utc:64627: manage_update_nvt_cache_osp: failed to connect to /opt/gvm/var/run/ospd.sock
    ^C

  12. Thank for the guide!
    I installed everything, without any error, but I cannot run any scan.
    Better, I can run a scan but it’ll only last a few seconds and it’ll be done with no results.
    I’m using the created scanner.

    • koromicha can you give me a help into this? I have my taskss configured but every task is reporting 0.0 even if I change QoD to like 30%.

      • Hello Diogo,
        Looks this is an issue everyone is facing, we will look further into the issue and we will advise as soon as possible.

  13. Hi everyone,

    I installed Openvas according to the instructions and get the same error after restarting the server:
    manage_update_nvt_cache_osp: failed to connect to /opt/gvm/var/run/ospd.sock

    In the WebUI: Could not connect to Scanner

    Directly after the installation the first test works.
    I have executed the command sudo systemctl enable [email protected] during the installation. /var/run/redis-openvas also exists after a restart.

    Does anyone have an idea?

  14. Hi,

    Koromicha, Gen_too and Kevin.

    This is an excellent guide at setting up this complicated system and the best I have found anywhere on the web. I’m just so frustrated at that last hurdle that everyone else is also experiencing, ie: “manage_update_nvt_cache_osp: failed to connect to /opt/gvm/var/run/ospd.sock” I set up the system, as well as with Kevin’s fix by enabling the “[email protected]” I ran a scan and it worked beautifully but somehow that dreaded failure to connect to ospd.sock happened again for me.

    Just wanted to say thank you for your efforts in trying to resolve this issue.

    Sal

    • Not sure why it keeps failing. But try to ensure that ospd-openvas as well as redis are running and retry.

      • Hi Gen_too,

        I re-installed the GVM setup, thinking maybe there might be a corruption, somewhere, but I get the exact same issue. The Server is a fresh install of Ubuntu 20.04 and followed the setup to the tee. I get exactly the same issue. Even the Task Wizard gives me this error:

      • I’m officially stumped, after 2 weeks of constantly trying (and re-installing OS & GVM) and scouring the web for additional supprt, it just doesn’t work for me:

        [email protected]:/root$ ps aux | grep -E “ospd-openvas|gsad|gvmd” | grep -v grep
        root 1093 0.0 0.4 558180 27492 ? Sl Jun01 0:03 /opt/gvm/sbin/gsad
        root 1094 0.0 0.0 132180 3604 ? Sl Jun01 0:00 /opt/gvm/sbin/gsad
        gvm 1096 0.1 2.3 297764 142944 ? S Jun01 0:59 gvmd: Waiting for incoming connections
        postgres 1130 0.0 0.5 225768 30548 ? SLs Jun01 0:24 postgres: 12/main: gvm gvmd [local] idle
        root 40898 0.0 0.0 132180 5668 pts/0 Sl 08:15 0:00 gsad
        gvm 42427 8.8 10.8 751588 660956 ? S 08:42 0:20 gvmd: Syncing SCAP: Updating CVEs
        postgres 42429 68.0 3.7 428340 225024 ? Rs 08:42 2:37 postgres: 12/main: gvm gvmd [local] DELETE

        [email protected] service is running

        [email protected]:/root$ gvmd –verify-scanner=79918dd2-6bd3-4fbd-9e37-417f5ba8571f
        Failed to verify scanner.

        It is a fresh install of Ubuntu 20.04 and followed this how to, to the tee. I see just a few people are reporting on this issue, are the rest of the people’s systems working? Even before starting anything or tampering with the system, I also see that the Task Wizard doesn’t work. Is your system working Gen_too?

          • Hello Andras, with the script Kevin should be able to advice. However, did you get any issue with the steps outlined on the tutorial?

  15. Hi,
    when I trying to run this command () I receiving a lot of data but the script stops because it stops at this line with error: Connection refused
    230 100% 0.22kB/s 0:00:01 (xfr#59863, to-chk=0/60608)

    sent 1,145,002 bytes received 275,471,743 bytes 204,825.43 bytes/sec
    total size is 270,428,720 speedup is 0.98
    rsync: failed to connect to feed.community.greenbone.net (45.135.106.142): Connection refused (111)
    rsync: failed to connect to feed.community.greenbone.net (2a0e:6b40:20:106:20c:29ff:fe67:cbb5): Network is unreachable (101)
    rsync error: error in socket IO (code 10) at clientserver.c(127) [Receiver=3.1.3]
    I tried to restart script but it do nothing.
    Please can you help me to solve this problem?
    Thank you

    • Hi Maurizio,

      From what I’ve read that message usually is caused by the fact that the server that hosts the data only every allows one connection at a time from any one source. So, if you’re on IPv4 behind a NAT router what ends up happening is your machine tells the gateway router that it wants a connection to the host. The router then sets that up and the data starts flowing to your machine. When it’s done your computer tells the router that it’s done with the connection but some routers in some configurations will hold that connection open for a certain amount of time in case the machine wants to reuse it. When the update scripts start a second download though rather than re-using the existing connection they try to start a new one. That second connection gets refused because of how their server is configured to only every allow one connection at a time.

      So, I’ve read some posts suggesting that the problem doesn’t exist on IPv6 because each machine gets it’s own public IP address and manages it’s own connection rather than relying on a NAT. I’m set up with only IPv4 myself so I can neither confirm nor deny if this resolves the issue. What I’ve tried to do in the script is to add enough time between calls to the server to allow the NAT router to fully close the connection before it tries to open another. However, it may or may not be enough depending on your circumstance. Adjusting the lines with the sleep commands in it before running may help.

  16. Excellent guide, thanks for your work. I have an issue though with emailing reports with attached PDFs using alerts. I get an email with the following message and not attachment: “Note: This report exceeds the maximum length of 1048576 characters and thus was truncated.”. I have tried running below commands with different values, rebooting as well, and still the same issue. Anyone has any ideas to make alerts send reports with attachments? Emails with reports attached are successfully received with smaller tasks with few hosts to scan but larger ones come up with the above truncated message and no PDF attachment.

  17. The commands i’ve run without any impact are these:
    gvmd –max-email-attachment-size=40000000
    gvmd –max-email-include-size=40000000
    gvmd –max-email-message-size=40000000

  18. Hi.
    Almost everything works well.
    But the postgres process with the xml_split process in turn constantly uses 100% of the one CPU core. Without scanning.

    cat /opt/gvm/var/log/gvm/gvmd.log contains repeating lines every 5 minutes:
    md manage: INFO:2020-06-01 15h52.37 utc:358685: update_scap: Updating data from feed
    md manage: INFO:2020-06-01 15h52.37 utc:358685: Updating CPEs
    md manage: INFO:2020-06-01 15h53.16 utc:358685: Updating /opt/gvm/var/lib/gvm/scap-data/nvdcve-2.0-*.xml

  19. I’m now getting the following error when trying to start openvas:

    pkg_resources.DistributionNotFound: The ‘ospd-openvas==1.0.1’ distribution was not found and is required by the application

    Any ideas as to how to fix?

    • Same error here. After installation works, but after first reboot it fails to start. Something is messed up in the install script and I cant figure out what it is.

      • Hi there,

        The step by step guide is very helpful, thank you for it.
        After having this error after reboot, I repeated the entire installation process from scratch, assuming I had made a mistake, but I sill end up in pkg_resources.DistributionNotFound: The ‘ospd-openvas==1.0.1’ distribution was not found and is required by the application after the host is rebooted.

        Did anyone manage to find out which part of the installation actions is not persistent?

        Thank you,

        Zsolt

    • I got this working my performing the exports again.

      export PKG_CONFIG_PATH=/opt/gvm/lib/pkgconfig:$PKG_CONFIG_PATH
      export PYTHONPATH=/opt/gvm/lib/python3.8/site-packages

      But I am not seeing gpg-agent working

    • Here my 2 cents! 😀
      At every reboot you need to initialize path again using:

      export PKG_CONFIG_PATH=/opt/gvm/lib/pkgconfig:$PKG_CONFIG_PATH
      export PYTHONPATH=/opt/gvm/lib/python3.8/site-packages

      But this solution is a crap so starting for these install scripts:
      https://community.greenbone.net/t/full-gvm-11-build-guide-for-centos-8/5425

      I’ve modified the first script, to start ospd-openvas daemon at boot.
      Here my /etc/systemd/system/ospd.service:

      [Unit]
      Description=Job that runs the ospd-openvas daemon
      Documentation=man:gvm
      After=postgresql.service

      [Service]
      Environment=PATH=/opt/gvm/bin/ospd-

      scanner/bin:/opt/gvm/bin:/opt/gvm/sbin:/opt/gvm/.local/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
      Environment=PYTHONPATH=/opt/gvm/lib/python3.8/site-packages
      Type=simple
      User=gvm
      Group=gvm
      WorkingDirectory=/opt/gvm
      PIDFile=/opt/gvm/var/run/ospd-openvas.pid
      ExecStartPre=-rm /opt/gvm/var/run/ospd-openvas.pid /opt/gvm/var/run/ospd.sock /opt/gvm/var/run/gvmd.sock
      ExecStartPre=bash -c “export PKG_CONFIG_PATH=/opt/gvm/lib/pkgconfig:$PKG_CONFIG_PATH”
      ExecStart=/usr/bin/python3 /opt/gvm/bin/ospd-openvas –pid-file /opt/gvm/var/run/ospd-openvas.pid –unix-socket /opt/gvm/var/run/ospd.sock —

      log-file /opt/gvm/var/log/gvm/ospd-openvas.log –lock-file-dir /opt/gvm/var/run

      [Install]
      WantedBy=multi-user.target
      EOF

      For gvm and gsa I’ve used the unmodified script founded here:
      https://community.greenbone.net/t/full-gvm-11-build-guide-for-centos-8/5425

      Bye
      Alessandro

  20. Hi all. Thanks for this guide! 🙂

    After install i have some problems:
    1) scanning does not start, although I chose the scanner that I created myself.
    2) I can’t open the task wizard, it just doesn’t respond to pressing
    Sorry for my English 🙂

  21. Hi,

    After struggling long and hard, finally got my scans to work but does anyone have a clue what this error means?

    event task:MESSAGE:2020-06-03 20h00.12 UTC:101674: Status of task Test Environment Scan (99ae1367-244f-452c-adba-ce7142727865) has changed to Requested
    event task:MESSAGE:2020-06-03 20h00.12 UTC:101674: Task Test Environment Scan (99ae1367-244f-452c-adba-ce7142727865) has been requested to start by gvmadmin
    event task:MESSAGE:2020-06-03 20h01.03 UTC:101677: Status of task Test Environment Scan (99ae1367-244f-452c-adba-ce7142727865) has changed to Running
    md gmp:WARNING:2020-06-03 20h11.45 utc:136432: Authentication failure for ‘admin’ from unix_socket
    md gmp:WARNING:2020-06-03 20h11.45 utc:136445: Authentication failure for ‘sadmin’ from unix_socket
    md gmp:WARNING:2020-06-03 20h11.45 utc:136455: Authentication failure for ‘admin’ from unix_socket
    md gmp:WARNING:2020-06-03 20h11.45 utc:136459: Authentication failure for ‘gmp’ from unix_socket
    md gmp:WARNING:2020-06-03 20h11.45 utc:136468: Authentication failure for ‘omp’ from unix_socket
    md gmp:WARNING:2020-06-03 20h11.45 utc:136476: Authentication failure for ‘observer’ from unix_socket
    md gmp:WARNING:2020-06-03 20h11.45 utc:136486: Authentication failure for ‘webadmin’ from unix_socket
    event task:MESSAGE:2020-06-03 20h33.44 UTC:101677: Status of task Test Environment Scan (99ae1367-244f-452c-adba-ce7142727865) has changed to Done

    S

  22. Very helpful!
    My machine was complaining about the missing package xsltproc at ‘cmake .. -DCMAKE_INSTALL_PREFIX=/opt/gvm’ for the build of gvmd.

  23. I did the automated installation with the help of Kevin, but I can’t scan, it always shows an error, does anyone have the same error?

    • Hello Danilo,

      Am sure Kevin should be able to help on this. But please paste the error that you get.

      • when I use the command gvmd –verify-scanner = 08b69003-5fc2-4037-a479-93b440211c73
        Failed to verify scanner.
        Displays the message, Failed to verify scanner.

          • Same error here. It will be nice to have a fix. Even after created another scanner it cannot verify or use it.

    • I’ve been getting this now too. I suspect it’s related to the “failed to connect to /opt/gvm/var/run/ospd.sock” that myself and others have run into. I’m starting to wonder if something’s broken in the master branches of one or more of the github repos we’re cloning out of.

      • Thank you very much Kevin, are you still looking for a solution? I realize that several people encounter the same problem.

        • Hi,

          Try this (it works for me 😉 ):

          sudo chown gvm.gvm /opt/gvm/var/log/gvm/openvas.log
          sudo systemctl stop gvmd
          sudo systemctl stop gsad
          sudo systemctl stop ospd-openvas

          Remove the lock file in the directory /opt/gvm/var/run/ospd/

          Do the NVT update:

          sudo su – gvm
          /opt/gvm/bin/greenbone-nvt-sync
          /opt/gvm/sbin/greenbone-certdata-sync
          /opt/gvm/sbin/greenbone-scapdata-sync
          /opt/gvm/sbin/openvas –update-vt-info

          Check if the “file” /run/redis-openvas/redis.sock exists.

          Run service ospd-openvas (as gvm user):

          systemctl start ospd-openvas
          Wait until NVT are reloaded (you can see the progress using “systemctl status ospd-openvas”). Wait until the “file” appears /opt/gvm/var/run/ospd.sock

          Run services (as gvm user) gvmd and gsad:
          systemctl start gvmd
          systemctl start gsad

          You can also try /opt/gvm/sbin/gvmd –rebuild

          Regards,
          Bogdan

          • Bogdan,

            Do you mind sharing what you have configured for your gvmd, gsad, and ospd-openvas unit files?

            Thanks for the steps.

          • I’ve got a fix for this. The issue is that not all of the runtime files are cleaned up properly on exit. If these runtime files exist the scanner fails to launch properly. To resolve the issue in the openvas.service file insert the line:

            ExecStartPre=-rm /opt/gvm/var/run/ospd-openvas.pid /opt/gvm/var/run/ospd.sock /opt/gvm/var/run/gvmd.sock

            This will delete the files if they exist and allow the service to come up cleanly after a server restart.

  24. Hello Kevin Good morning friend, with your help to successfully complete the installation, but unfortunately I can’t make a scanner after the installation, always displays the error information.

  25. Hi Kevin Good morning friend, with your help to complete the installation successfully, but unfortunately I can’t make a scanner after installation, it starts the scanner, takes a few seconds, but always displays the error information,
    Severity error, when creating the task I chose Openvas.

    I’m sorry for the bad English.

    • This is expected unless you create systemd services for the OpenVAS, gmvd and gsad to auto start them on boot.

        • I have this same problem…. I created service files using Kevin’s script but GVMD doesn’t seem to want to start.. When I try to log in, I get GMP service is down. Can someone post complete functional service files for this?

          • I have this same problem. I installed Kevin’s script, but when I ligin in system I got a message: “GMP Service is down”. When I check status gvmd I saw that the service is active, but also got a message: ” gvm rm[39809]: /usr/bin/rm: cannot remove ‘/opt/gvm/var/run/ospd.sock’: No such file or directory”.
            How can this be fixed?

  26. Hi,
    In first, I’m sorry form y english… i’ve a problem when i try to start opevans:
    —/tmp/gvm-source/ospd-openvas$ /usr/bin/python3 /opt/gvm/bin/ospd-openvas \
    > –pid-file /opt/gvm/var/run/ospd-openvas.pid \
    > –log-file /opt/gvm/var/log/gvm/ospd-openvas.log \
    > –lock-file-dir /opt/gvm/var/run -u /opt/gvm/var/run/ospd.sock
    ERROR: get_db_connection: Not possible to run openvas. [Errno 2] No such file or directory: ‘openvas’
    I have to re running Re-running “export PYTHONPATH=/opt/gvm/lib/python3.8/site-packages but the problem persists… Can you help me please?

  27. Hi Guys,
    My issue is that everything seems to be running but:
    1. I can’t update NVTs the script does nothing when run it simply does not start:
    [email protected]:~$ greenbone-nvt-sync –verbose
    [email protected]:~$ …. nothing happens :/
    2. SCAP and CERT update is working fine.

    What might be the problem? I tried all of above and that dem script is not doing anything.

    • Hi,
      already had the same problem.
      My solution was to remove the feed-update.lock file.
      $install_prefix/var/run/feed-update.lock
      See if this helps.

  28. Hi Kevin,
    i just installed GVM11, thanks to your script.
    Everything is working fine, except one little problem.
    I tried to connect GVM11 to Splunk, i configured everything correct, but as soon as i test the Alert i receive the Testen of the alert “Connection_test_splunk” has failed. Alert script failed.
    Do you know any solution?
    Thank you!

  29. Guide was easy to follow and my task is running with the scan I have configured. The scan quickly finishes(1minute) and provides 0 severity and the report is blank.

    The server I am scanning has hits on the firewall from the scanner. Here are the dports it hits in order:
    65533
    65534
    0
    111
    Firewall log then gets a PROTO=63

    Previous versions, the scan would hit the firewall on lots of ports and take a long time to complete/supply results.

    Any ideas?

  30. Hi,
    When i had to do this command :
    “greenbone-vt-sync”

    This error occured :

    “Command ‘greenbone-nvt-sync’ not found, but can be installed with:

    apt install openvas-scanner
    Please ask your administrator.”

    i tried to do sudo su so but i have this :
    “Sorry, user gvm is not allowed to execute ‘/usr/bin/su’ as root on openvas.”

    Please help me.

  31. hi koromicha

    I have done the whole process and the system loads very well, however, when performing the scan it is not generating results. I have chosen the scanner that was previously created in the step by step. Is it possible that something else is needed?

    Thank you

    • Cristian, did you install nmap on your server ?

      this is a port scanner mandatory to make the whole show working 🙂

  32. Excellent tutorial ! very good job 🙂

    From far the best I have seen.

    Therefore a simple remark : you should add ‘nmap’ in the list of mandatory packages ; else the scanner will return each time a 0.0 (log) and, for a not curious user, he can imagine everything is perfect (even if the tool is complaining about missing port scanner in report).

    Thank you !
    Eric

  33. When running OpenVAS and GVM in the instructions, they’re both set to bind to ospd.sock. Is that correct? I was seeing this error in /opt/gvm/var/log/gvm/gvmd.log: manage_update_nvt_cache_osp: failed to connect to /opt/gvm/var/run/ospd.sock. I changed my gvm to bind to gvmd.sock and I’m not seeing that error anymore.

  34. I am seeing these errors in my /opt/gvm/var/log/gvm/gvmd.log “osp_get_vts_version: element VTS missing.” and “manage_update_nvt_cache_osp: failed to get scanner_version”
    On my Scans/Tasks page I’m getting the error “An internal error occurred while getting resources list. The current list of resources is not available. Diagnostics: Failure to receive response from manager daemon.”
    I’m not sure that these errors are connected. Can anyone help?

  35. I performed the installation through the script and when performing a scanner I get the error message: Could not connect to Scanner

    Below is the error that occurred during the execution of the script.

    Using / usr / lib / python3 / dist-packages
    Finished processing dependencies for ospd-openvas == 1.0.1
    Oops, secure memory pool already initialized
    Scanner created.
    08b69003-5fc2-4037-a479-93b440211c73 OpenVAS /tmp/ospd.sock 0 OpenVAS Default
    6acd0832-df90-11e4-b9d5-28d24461215b CVE 0 CVE
    ccd96c36-ab7e-4a91-91e9-94bd0fa7a7d8 OpenVAS /opt/gvm/var/run/ospd.sock 9390 Created OpenVAS Scanner
    Failed to verify scanner.

    What to do to solve this problem

    • I am also having a problem with this, there is a discussion that refers to this problem (https://github.com/greenbone/ospd-openvas/issues/175) by creating an OSP scanner and using the related certificates but I haven’t had any luck in creating the OSP scanner myself as I’m very new to Linux. Anyone else have any success with this? I was able to update the source code files to 11.0.1 and all other relevant source code files but this is my only hold up from completing the fully up to date installation.

    • I tried to run the scanner manually and got this error, how to solve this problem

      / usr / bin / python3 / opt / gvm / bin / ospd-openvas \
      > –pid-file /opt/gvm/var/run/ospd-openvas.pid \
      > –log-file /opt/gvm/var/log/gvm/ospd-openvas.log \
      > –lock-file-dir / opt / gvm / var / run -u /opt/gvm/var/run/ospd.sock
      Traceback (most recent call last):
      File “/ opt / gvm / bin / ospd-openvas”, line 6, in
      from pkg_resources import load_entry_point
      File “/usr/lib/python3/dist-packages/pkg_resources/__init__.py”, line 3254, in
      def _initialize_master_working_set ():
      File “/usr/lib/python3/dist-packages/pkg_resources/__init__.py”, line 3237, in _call_aside
      f (* args, ** kwargs)
      File “/usr/lib/python3/dist-packages/pkg_resources/__init__.py”, line 3266, in _initialize_master_working_set
      working_set = WorkingSet._build_master ()
      File “/usr/lib/python3/dist-packages/pkg_resources/__init__.py”, line 584, in _build_master
      ws.require (__ requires__)
      File “/usr/lib/python3/dist-packages/pkg_resources/__init__.py”, line 901, in require
      needed = self.resolve (parse_requirements (requirements))
      File “/usr/lib/python3/dist-packages/pkg_resources/__init__.py”, line 787, in resolve
      raise DistributionNotFound (req, requirers)
      pkg_resources.DistributionNotFound: The ‘ospd-openvas == 1.0.1’ distribution was not found and is required by the application

      • Hi,
        i got exactly the same. Moreover no services are running, no services can be started and the whole “gvm-source”-directory is gone.
        Weird thing is, i can reach openVAS via IP. All accounts i set arent working so i cant login.

        If i try to start a service i get the message “ospd-openvas.service could not be found.”

  36. Everything was working and I was scanning but I had to do a system reboot and now I get the error “Could not connect to Scanner” and I have no idea why or how to fix it. None of my scans that previously working work anymore. I installed it via the script Kevin had provided.

  37. Hello all,

    I’m missing the Network Source Interface information. I tired to add manually but it’s not working. Can someone tell me how to fix?

  38. Hi Kevin,

    I messed up my ubuntu, im new to linux so im looking for a quick guide to uninstall this from my computer. I’ve done my research but couldn’t find the right direction to completely and safely remove it. Thanks in advance.

  39. The instruction is flawless during installation. However I am getting this error after rebooting the server and restarting the service:
    ospd-openvas -f –pid-file /opt/gvm/var/run/ospd-openvas.pid \
    > –unix-socket=/opt/gvm/var/run/ospd.sock \
    > –log-file /opt/gvm/var/log/gvm/ospd-scanner.log \
    > –log-level DEBUG
    Traceback (most recent call last):
    File “/opt/gvm/bin/ospd-openvas”, line 6, in
    from pkg_resources import load_entry_point
    File “/usr/lib/python3/dist-packages/pkg_resources/__init__.py”, line 3254, in
    def _initialize_master_working_set():
    File “/usr/lib/python3/dist-packages/pkg_resources/__init__.py”, line 3237, in _call_aside
    f(*args, **kwargs)
    File “/usr/lib/python3/dist-packages/pkg_resources/__init__.py”, line 3266, in _initialize_master_working_set
    working_set = WorkingSet._build_master()
    File “/usr/lib/python3/dist-packages/pkg_resources/__init__.py”, line 584, in _build_master
    ws.require(__requires__)
    File “/usr/lib/python3/dist-packages/pkg_resources/__init__.py”, line 901, in require
    needed = self.resolve(parse_requirements(requirements))
    File “/usr/lib/python3/dist-packages/pkg_resources/__init__.py”, line 787, in resolve
    raise DistributionNotFound(req, requirers)
    pkg_resources.DistributionNotFound: The ‘ospd-openvas==1.0.1’ distribution was not found and is required by the application

  40. Hi everyone,
    I’m having trouble getting passed by the “createuser gvm”.
    It’s asking for postgres password?. I’ve been trying many ways but i can’t find nor the password, does anyone know what i might be doing wrong?

  41. Hi.
    I used script to install the Openvas. But terminal wanted to me gvm password 2 times at the installiation process.
    I didn’t assign any password for gvm user before. I tried several known passwords including blank.
    How can ı solve this issue?

  42. Hi Koromicha,

    Thanks for the superb crystal clear step by step guide setup. I just finished it with ease and running like a charm. The tips is make sure not to missed or skip the steps and just ignore the “Oops, secure memory pool already initialized” when you run the “sudo gsad” command.

    Keep up the good work. Appreciate it.

  43. Thanks man, I change the python path to 3.6 on Ubuntu 18.04.1 and it all went well. Bit slow on the scanner check but its working none the less.

    Great guide/.

    Do i need to add the GVM stuff to the init.d to start it at boot?

    Damian

    • Yes you can so you can have the services autostart automatically on boot. See the comments above. Someone made the service files

  44. hi there ,
    when i create a new user with gvmd , it takes too much time and i don’t get a response ,
    has anyone here faced this error
    thanks

  45. Hi there,
    first of all, thank you for this detailed guide its awesome and easy to understand.
    unfortunately i got an error at point “Build and Install Greenbone Vulnerability Manager”.
    I run make and get 2 errors in manage.c

    Can someone help me with this or can give me some advice please?

    best regards,
    Noah

    — Found Git: /usr/bin/git (found version “2.25.1”)
    [ 0%] Built target revisiontag
    [ 4%] Building C object src/CMakeFiles/gvmd.dir/manage.c.o
    /tmp/gvm-source/gvmd/src/manage.c: In function ‘launch_osp_openvas_task’:
    /tmp/gvm-source/gvmd/src/manage.c:4181:16: error: too few arguments to function ‘osp_target_new’
    4181 | osp_target = osp_target_new (hosts_str, ports_str, exclude_hosts_str);
    | ^~~~~~~~~~~~~~
    In file included from /tmp/gvm-source/gvmd/src/manage.h:40,
    from /tmp/gvm-source/gvmd/src/manage.c:50:
    /opt/gvm/include/gvm/osp/osp.h:203:1: note: declared here
    203 | osp_target_new (const char *, const char *, const char *, int, int, int);
    | ^~~~~~~~~~~~~~
    /tmp/gvm-source/gvmd/src/manage.c:4415:18: error: ‘osp_start_scan_opts_t’ {aka ‘struct ’} has no member named ‘parallel’
    4415 | start_scan_opts.parallel = 1;
    | ^
    make[2]: *** [src/CMakeFiles/gvmd.dir/build.make:115: src/CMakeFiles/gvmd.dir/manage.c.o] Error 1
    make[1]: *** [CMakeFiles/Makefile2:159: src/CMakeFiles/gvmd.dir/all] Error 2
    make: *** [Makefile:163: all] Error 2

  46. Hello,

    I have followed exactly the same steps but could not verify the scanner. One more thing I was not able to sync the certdata as well. Still i proceed further into this. and get stuck at the verification. Below are the results of the command

    gvmd –get-scanners

    Output :
    08b69003-5fc2-4037-a479-93b440211c73 OpenVAS /tmp/ospd.sock 0 OpenVAS Default
    6acd0832-df90-11e4-b9d5-28d24461215b CVE 0 CVE
    24297757-83f1-442e-90f4-2539a4334350 OpenVAS /opt/gvm/var/run/ospd.sock 9390 Kifarunix-demo OpenVAS Scanner

    Then

    gvmd –verify-scanner=24297757-83f1-442e-90f4-2539a4334350

    But it says as below :

    Failed to verify scanner.

    Though I have created the users but the openvas i.e. GSA 11 is not opening using the local ip of the machine.


    Please help the with the same.

  47. Hi. Thank you for this detailed guide its awesome and easy to understand. But now I have a problem with scaner. I recived “Error” when I start new scan.
    When I did it: cat /opt/gvm/var/log/gvm/gvmd.log
    I recived:
    md manage:WARNING:2020-08-28 07h52.38 UTC:11631: Could not connect to Scanner at /tmp/ospd.sock
    md manage:WARNING:2020-08-28 07h52.38 UTC:11631: OSP start_scan b737ee29-2d81-44b2-b698-1eea7a7468c9: Could not connect to Scanner
    event task:MESSAGE:2020-08-28 07h52.38 UTC:11631: Status of task Unnamed (5a7e8dba-fcb4-4968-a29b-1a8e01961070) has changed to Done

    Please help the with the same.

  48. I followed all the steps and it authenticates me but my scanner does not work, by giving it: sudo -Hiu gvm gvmd –verify-scanner = bdb4fd8d-df6f-4b21-bbf1-b42dcd0e9678
    Failed to verify scanner
    Someone with the same problem? We could create a telegram group to carry out tests and put it to work. Sorry my bad english.

  49. Hi,
    until now everything is without the error, but when am I running:’sudo -Hiu gvm gvmd –get-scanners’ by root, I can`t get any UUID, I try to use the gvm user to re-run it, it shows the gvm user don’t have permission to run /bin/bash -c gvmd –get-scanners, do I miss something?

  50. /tmp/gvm-source/openvas/nasl/CMakeLists.txt also needs the deprecated -Wno-error=deprecated-declarations flag in the CMAKE_C_FLAGS_DEBUG line. Otherwise make won’t succeed due to the same pcap_lookupdev deprecated errors.

LEAVE A REPLY

Please enter your comment!
Please enter your name here