OpenVAS 9从源码安装到使用(填坑铺路)

直接写了一个python脚本来安装以下的步骤和检查版本,包括nmap5.51和redis(2016-12-27)

https://github.com/rikonaka/openvas9-check-depends


我是先从openvas-libraries-9.0.0这个包开始的

安装顺序呢是根据那个Openvas官网上那个列表的顺序的,其实从哪个开始都无所谓,但是包太多,为了知道哪个包没有装,我决定还是安装官网上的那个源码包从上到下的安装。

首先我们看一下他的INSTALL文件

截取的一段

General build environment:
* a C compiler (e.g. gcc)
* bison
* flex
* cmake >= 2.8
* pkg-config

基础build环境

这个大家都看得懂我就不翻译了,我们先来check一下吧,我这个刚刚装好热乎乎的虚拟机,所以基本啥都没有,here we go

我们先装一下编译器,这里使用的是gcc

sudo apt-get install gcc, flex, cmake pkg-config

一步到位

然后我们继续看INSTALL

Specific development libraries:
* libglib >= 2.32
* libgnutls >= 3.2.15
* libgcrypt
* zlib
* libpcap
* libgpgme >= 1.1.2
* uuid-dev (from e2fsprogs)
* libssh >= 0.5.0
* libhiredis >= 0.10.1
* libksba >= 1.0.7

特殊开发环境
好嘛,我们一个一个来检查我们的环境富不符合要求
第一个是libglib
不过它这里写的是名称而不是版本号,所以为了得到版本号,我们可以这样

sudo apt-cache search libglib

当然你也可以用

sudo aptitude search libglib

aptitude出来的结果更具体一点

hero@hero-VirtualBox ~/Documents/openvas9/openvas-libraries-9.0.0 $ sudo apt-cache search libglib
libglib2.0-0 - GLib library of C routines
libglib2.0-0-dbg - Debugging symbols for the GLib libraries
libglib2.0-bin - Programs for the GLib library
libglib2.0-cil - CLI binding for the GLib utility library 2.12
libglib2.0-cil-dev - CLI binding for the GLib utility library 2.12
libglib2.0-data - Common files for GLib library
libglib2.0-dev - Development files for the GLib library
libglib2.0-doc - Documentation files for the GLib library
libglibmm-2.4-1v5 - C++ wrapper for the GLib toolkit (shared libraries)
libglibmm-2.4-dbg - C++ wrapper for the GLib toolkit (debug symbols)
libglibmm-2.4-dev - C++ wrapper for the GLib toolkit (development files)
libglibmm-2.4-doc - C++ wrapper for the GLib toolkit (documentation)
libglib-object-introspection-perl - Perl bindings for gobject-introspection libraries
libglib-perl - interface to the GLib and GObject libraries
libglib2.0-0-refdbg - GLib library of C routines - refdbg library
libglib2.0-tests - GLib library of C routines - installed tests
libglib3.0-cil - CLI binding for the GLib library of C routines
libglib3.0-cil-dev - CLI binding for the GLib utility library 2.12

如果没装的同学直接装一下,装第一个就行,一般都有预装了的,除非你是邪教Arch,然后我们check版本

aptitude show libglib2.0-0
hero@hero-VirtualBox ~/Documents/openvas9/openvas-libraries-9.0.0 $ aptitude show libglib2.0-0
Package: libglib2.0-0                    
State: installed
Automatically installed: no
Multi-Arch: same
Version: 2.48.1-1~ubuntu16.04.1
Priority: standard
Section: libs
Maintainer: Ubuntu Developers <ubuntu-devel-discuss@lists.ubuntu.com>
Architecture: amd64
Uncompressed Size: 5,081 k
Depends: libc6 (>= 2.17), libffi6 (>= 3.0.4), libpcre3, libselinux1 (>= 1.32), zlib1g (>= 1:1.2.2)
Recommends: libglib2.0-data, shared-mime-info, xdg-user-dirs
Breaks: glib-networking (< 2.33.12), glib-networking:i386 (< 2.33.12), libgnome-desktop-3-2 (< 3.4.2-2),
        python-gi (< 3.7.2), python-gi:i386 (< 3.7.2), libglib2.0-0:i386 (!= 2.48.1-1~ubuntu16.04.1)
Replaces: libglib2.0-0:i386 (< 2.48.1-1~ubuntu16.04.1)
Description: GLib library of C routines
 GLib is a library containing many useful C routines for things such as trees, hashes, lists, and
 strings.  It is a useful general-purpose C library used by projects such as GTK+, GIMP, and GNOME. 

 This package contains the shared libraries.
Homepage: http://www.gtk.org/

看到

Version: 2.48.1-1~ubuntu16.04.1

这一行然后我们去看看要求是

libglib >= 2.32

ok,符合了
继续

hero@hero-VirtualBox ~/Documents/openvas9/openvas-libraries-9.0.0 $ aptitude search libgnutls
p   libgnutls-dev                               - GNU TLS library - development files                   
p   libgnutls-dev:i386                          - GNU TLS library - development files                   
v   libgnutls-openssl-dev                       -                                                       
v   libgnutls-openssl-dev:i386                  -                                                       
i   libgnutls-openssl27                         - GNU TLS library - OpenSSL wrapper                     
p   libgnutls-openssl27:i386                    - GNU TLS library - OpenSSL wrapper                     
p   libgnutls28-dev                             - dummy transitional package for GNU TLS library - devel
p   libgnutls28-dev:i386                        - dummy transitional package for GNU TLS library - devel
i   libgnutls30                                 - GNU TLS library - main runtime library                
i   libgnutls30:i386                            - GNU TLS library - main runtime library                
p   libgnutlsxx28                               - GNU TLS library - C++ runtime library                 
p   libgnutlsxx28:i386                          - GNU TLS library - C++ runtime library

p代表就是没有安装,我们安装一下就行

sudo apt-get install libgnutls-dev
hero@hero-VirtualBox ~/Documents/openvas9/openvas-libraries-9.0.0 $ aptitude show libgnutls-dev
Package: libgnutls-dev                   
State: installed
Automatically installed: no
Multi-Arch: same
Version: 3.4.10-4ubuntu1.1
Priority: optional
Section: libdevel
Maintainer: Ubuntu Developers <ubuntu-devel-discuss@lists.ubuntu.com>
Architecture: amd64
Uncompressed Size: 3,056 k
Depends: libgnutls30 (= 3.4.10-4ubuntu1.1), libgnutls-openssl27 (= 3.4.10-4ubuntu1.1), libgnutlsxx28 (=
         3.4.10-4ubuntu1.1), nettle-dev, libc6-dev | libc-dev, zlib1g-dev, libtasn1-6-dev,
         libp11-kit-dev, libidn11-dev (>= 1.31)
Suggests: gnutls-doc, gnutls-bin, guile-gnutls
Conflicts: gnutls-dev, gnutls-dev:i386
Breaks: libgnutls-dev:i386 (!= 3.4.10-4ubuntu1.1)
Replaces: gnutls-dev, gnutls-dev:i386, libgnutls-dev:i386 (< 3.4.10-4ubuntu1.1)
Provides: gnutls-dev, libgnutls-openssl-dev
Description: GNU TLS library - development files
 GnuTLS is a portable library which implements the Transport Layer Security (TLS 1.0, 1.1, 1.2) and
 Secure Sockets Layer (SSL) 3.0 and Datagram Transport Layer Security (DTLS 1.0, 1.2) protocols. 

 GnuTLS features support for: 
 * TLS extensions: server name indication, max record size, opaque PRF input, etc. 
 * authentication using the SRP protocol. 
 * authentication using both X.509 certificates and OpenPGP keys. 
 * TLS Pre-Shared-Keys (PSK) extension. 
 * Inner Application (TLS/IA) extension. 
 * X.509 and OpenPGP certificate handling. 
 * X.509 Proxy Certificates (RFC 3820). 
 * all the strong encryption algorithms (including SHA-256/384/512 and Camellia (RFC 4132)). 

 This package contains the GnuTLS development files.
Homepage: http://www.gnutls.org/

看到这一行说明也是符合的

Version: 3.4.10-4ubuntu1.1

继续

hero@hero-VirtualBox ~/Documents/openvas9/openvas-libraries-9.0.0 $ aptitude search libgcrypt
v   libgcrypt-dev                               -                                                       
v   libgcrypt-dev:i386                          -                                                       
p   libgcrypt11-dev                             - transitional libgcrypt11-dev package                  
i   libgcrypt20                                 - LGPL Crypto library - runtime library                 
i   libgcrypt20:i386                            - LGPL Crypto library - runtime library                 
p   libgcrypt20-dev                             - LGPL Crypto library - development files               
p   libgcrypt20-dev:i386                        - LGPL Crypto library - development files               
p   libgcrypt20-doc                             - LGPL Crypto library - documentation

除了i以为,都是没安装的,所以安装呗

sudo apt-get install libgcrypt-dev

这个包不要求版本,我们继续

下一个zlib

hero@hero-VirtualBox ~/Documents/openvas9/openvas-libraries-9.0.0 $ aptitude search zlib
p   clisp-module-zlib                           - clisp module that adds zlib support for vectors       
p   clisp-module-zlib:i386                      - clisp module that adds zlib support for vectors       
p   erlang-p1-zlib                              - erlang interface to zlib                              
p   erlang-p1-zlib:i386                         - erlang interface to zlib                              
p   gambas3-gb-compress-bzlib2                  - Gambas bzlib2 component                               
p   gambas3-gb-compress-bzlib2:i386             - Gambas bzlib2 component                               
p   gambas3-gb-compress-zlib                    - Gambas zlib compression component                     
p   gambas3-gb-compress-zlib:i386               - Gambas zlib compression component                     
p   gauche-zlib                                 - zlib binding for Gauche                               
p   gauche-zlib:i386                            - zlib binding for Gauche                               
v   haskell-zlib-doc                            -                                                       
p   libcompress-raw-zlib-perl                   - low-level interface to zlib compression library       
p   libcompress-raw-zlib-perl:i386              - low-level interface to zlib compression library       
v   libcompress-zlib-perl                       -                                                       
v   libcompress-zlib-perl:i386                  -                                                       
p   libghc-bzlib-dev                            - Haskell bindings to the bzip2 library                 
p   libghc-bzlib-dev:i386                       - Haskell bindings to the bzip2 library                 
v   libghc-bzlib-dev-0.5.0.5-38977              -                                                       
v   libghc-bzlib-dev-0.5.0.5-b1e77:i386         -                                                       
p   libghc-bzlib-doc                            - Documentation for the Haskell bindings to the bzip2 li
p   libghc-bzlib-prof                           - Profiling libraries for the Haskell bindings to the bz
p   libghc-bzlib-prof:i386                      - Profiling libraries for the Haskell bindings to the bz
v   libghc-bzlib-prof-0.5.0.5-38977             -                                                       
v   libghc-bzlib-prof-0.5.0.5-b1e77:i386        -                                                       
p   libghc-pipes-zlib-dev                       - Zlib compression and decompression for Pipes streams  
p   libghc-pipes-zlib-dev:i386                  - Zlib compression and decompression for Pipes streams  
v   libghc-pipes-zlib-dev-0.4.0.1-3c90f:i386    -                                                       
v   libghc-pipes-zlib-dev-0.4.0.1-4740a         -                                                       
p   libghc-pipes-zlib-doc                       - Zlib compression and decompression for Pipes streams; 
p   libghc-pipes-zlib-prof                      - Zlib compression and decompression for Pipes streams; 
p   libghc-pipes-zlib-prof:i386                 - Zlib compression and decompression for Pipes streams; 
v   libghc-pipes-zlib-prof-0.4.0.1-3c90f:i386   -                                                       
v   libghc-pipes-zlib-prof-0.4.0.1-4740a        -                                                       
p   libghc-zlib-bindings-dev                    - low-level bindings to zlib                            
p   libghc-zlib-bindings-dev:i386               - low-level bindings to zlib                            
v   libghc-zlib-bindings-dev-0.1.1.5-2b461:i386 -                                                       
v   libghc-zlib-bindings-dev-0.1.1.5-c36e1      -                                                       
p   libghc-zlib-bindings-doc                    - low-level bindings to zlib; documentation             
p   libghc-zlib-bindings-prof                   - low-level bindings to zlib; profiling libraries       
p   libghc-zlib-bindings-prof:i386              - low-level bindings to zlib; profiling libraries       
v   libghc-zlib-bindings-prof-0.1.1.5-2b461:i38 -                                                       
v   libghc-zlib-bindings-prof-0.1.1.5-c36e1     -                                                       
p   libghc-zlib-dev                             - Compression and decompression in the gzip and zlib for
p   libghc-zlib-dev:i386                        - Compression and decompression in the gzip and zlib for
v   libghc-zlib-dev-0.6.1.1-15b43               -                                                       
v   libghc-zlib-dev-0.6.1.1-2fdeb:i386          -                                                       
p   libghc-zlib-doc                             - Compression and decompression in the gzip and zlib for
p   libghc-zlib-enum-dev                        - enumerator interface for zlib compression             
p   libghc-zlib-enum-dev:i386                   - enumerator interface for zlib compression             
v   libghc-zlib-enum-dev-0.2.3.1-51aa9:i386     -                                                       
v   libghc-zlib-enum-dev-0.2.3.1-54a11          -                                                       
p   libghc-zlib-enum-doc                        - enumerator interface for zlib compression; documentati
p   libghc-zlib-enum-prof                       - enumerator interface for zlib compression; profiling l
p   libghc-zlib-enum-prof:i386                  - enumerator interface for zlib compression; profiling l
v   libghc-zlib-enum-prof-0.2.3.1-51aa9:i386    -                                                       
v   libghc-zlib-enum-prof-0.2.3.1-54a11         -                                                       
p   libghc-zlib-prof                            - Compression and decompression in the gzip and zlib for
p   libghc-zlib-prof:i386                       - Compression and decompression in the gzip and zlib for
v   libghc-zlib-prof-0.6.1.1-15b43              -                                                       
v   libghc-zlib-prof-0.6.1.1-2fdeb:i386         -                                                       
v   libio-compress-zlib-perl                    -                                                       
v   libio-compress-zlib-perl:i386               -                                                       
v   libio-zlib-perl                             -                                                       
p   libjzlib-java                               - Java Zlib implementation                              
p   lua-zlib                                    - zlib library for the Lua language                     
p   lua-zlib:i386                               - zlib library for the Lua language                     
p   lua-zlib-dev                                - zlib development files for the Lua language           
p   lua-zlib-dev:i386                           - zlib development files for the Lua language           
v   lua5.1-zlib                                 -                                                       
v   lua5.1-zlib:i386                            -                                                       
v   lua5.1-zlib-dev                             -                                                       
v   lua5.1-zlib-dev:i386                        -                                                       
v   lua5.2-zlib                                 -                                                       
v   lua5.2-zlib:i386                            -                                                       
v   lua5.2-zlib-dev                             -                                                       
v   lua5.2-zlib-dev:i386                        -                                                       
p   node-zlib                                   - zlib bindings for node.js                             
p   node-zlib:i386                              - zlib bindings for node.js                             
p   zlib-gst                                    - Zlib bindings for GNU Smalltalk                       
p   zlib-gst:i386                               - Zlib bindings for GNU Smalltalk                       
i   zlib1g                                      - compression library - runtime                         
i   zlib1g:i386                                 - compression library - runtime                         
p   zlib1g-dbg                                  - compression library - development                     
p   zlib1g-dbg:i386                             - compression library - development                     
i A zlib1g-dev                                  - compression library - development                     
p   zlib1g-dev:i386                             - compression library - development                     
v   zlib1g:i386                                 -                                                       
p   zlibc                                       - An on-fly auto-uncompressing C library                
p   zlibc:i386                                  - An on-fly auto-uncompressing C library

主要就是两个包

zliblg zliblg-dev

看aptitude中都已经安装了,继续

hero@hero-VirtualBox ~/Documents/openvas9/openvas-libraries-9.0.0 $ aptitude search libpcap
p   libpcap-dev                                 - development library for libpcap (transitional package)
i   libpcap0.8                                  - system interface for user-level packet capture        
p   libpcap0.8:i386                             - system interface for user-level packet capture        
p   libpcap0.8-dbg                              - debugging symbols for libpcap0.8                      
p   libpcap0.8-dbg:i386                         - debugging symbols for libpcap0.8                      
p   libpcap0.8-dev                              - development library and header files for libpcap0.8   
p   libpcap0.8-dev:i386                         - development library and header files for libpcap0.8   
p   libpcapnav0                                 - wrapper to libpcap that allows arbitrary navigation   
p   libpcapnav0:i386                            - wrapper to libpcap that allows arbitrary navigation   
p   libpcapnav0-dev                             - development files for libpcapnav                      
p   libpcapnav0-dev:i386                        - development files for libpcapnav                      
p   python-libpcap                              - Python wrapper for libpcap packet capture library     
p   python-libpcap:i386                         - Python wrapper for libpcap packet capture library     
v   python2.7-libpcap                           -                                                       
v   python2.7-libpcap:i386                      - 

这次我们安装libcap

libcap显示是p未安装状态

sudo apt-get install libpcap-dev

安装一下就好

下面我们继续安装libgpgme

hero@hero-VirtualBox ~/Documents/openvas9/openvas-libraries-9.0.0 $ aptitude search libgpgme
p   libgpgme++2v5                               - c++ wrapper library for gpgme                         
p   libgpgme++2v5:i386                          - c++ wrapper library for gpgme                         
i   libgpgme11                                  - GPGME - GnuPG Made Easy (library)                     
p   libgpgme11:i386                             - GPGME - GnuPG Made Easy (library)                     
p   libgpgme11-dev                              - GPGME - GnuPG Made Easy (development files)           
p   libgpgme11-dev:i386                         - GPGME - GnuPG Made Easy (development files)
hero@hero-VirtualBox ~/Documents/openvas9/openvas-libraries-9.0.0 $ sudo apt-cache search libgpgme
libgpgme11 - GPGME - GnuPG Made Easy (library)
libgpgme11-dev - GPGME - GnuPG Made Easy (development files)
libgpgme++2v5 - c++ wrapper library for gpgme

然后我们看到aptitude中libgpgme-dev的状态是p
所以安装一下dev

sudo apt-get install libgpgme11-dev
hero@hero-VirtualBox ~/Documents/openvas9/openvas-libraries-9.0.0 $ aptitude show libgpgme11-dev
Package: libgpgme11-dev                  
State: installed
Automatically installed: no
Version: 1.6.0-1
Priority: optional
Section: libdevel
Maintainer: Ubuntu Developers <ubuntu-devel-discuss@lists.ubuntu.com>
Architecture: amd64
Uncompressed Size: 1,408 k
Depends: libassuan-dev, libc6-dev, libgpg-error-dev, libgpgme11 (= 1.6.0-1)
Conflicts: libgpgme-dev, libgpgme10-dev, libgpgme11-dev:i386
Description: GPGME - GnuPG Made Easy (development files)
 GPGME is a wrapper library which provides a C API to access some of the GnuPG functions, such as
 encrypt, decrypt, sign, verify, ... 

 This package contains the headers and other files needed to compile against this library.
Homepage: https://www.gnupg.org/related_software/gpgme/
Version: 1.6.0-1

符合要求

然后继续检查lib
uuid-dev

hero@hero-VirtualBox ~/Documents/openvas9/openvas-libraries-9.0.0 $ aptitude search uuid-dev
p   golang-github-nu7hatch-gouuid-dev           - pure Go UUID implementation as specified in RFC 4122  
p   golang-github-pborman-uuid-dev              - Go bindings to work with UUIDs                        
p   golang-uuid-dev                             - Transitional package for golang-github-pborman-uuid-de
p   libghc-uuid-dev                             - create, compare, parse and print Universally Unique Id
p   libghc-uuid-dev:i386                        - create, compare, parse and print Universally Unique Id
v   libghc-uuid-dev-1.3.11-be09e                -                                                       
v   libghc-uuid-dev-1.3.11-e0983:i386           -                                                       
p   libossp-uuid-dev                            - OSSP uuid ISO-C and C++ - headers and static libraries
p   libossp-uuid-dev:i386                       - OSSP uuid ISO-C and C++ - headers and static libraries
p   uuid-dev                                    - Universally Unique ID library - headers and static lib
p   uuid-dev:i386                               - Universally Unique ID library - headers and static lib

显示未安装

sudo apt-get install uuid-dev

下面检查libssh

hero@hero-VirtualBox ~/Documents/openvas9/openvas-libraries-9.0.0 $ aptitude search libssh
p   libssh-4                                    - tiny C SSH library (OpenSSL flavor)                   
p   libssh-4:i386                               - tiny C SSH library (OpenSSL flavor)                   
p   libssh-dbg                                  - tiny C SSH library. Debug symbols                     
p   libssh-dbg:i386                             - tiny C SSH library. Debug symbols                     
p   libssh-dev                                  - tiny C SSH library. Development files (OpenSSL flavor)
p   libssh-dev:i386                             - tiny C SSH library. Development files (OpenSSL flavor)
p   libssh-doc                                  - tiny C SSH library. Documentation files               
p   libssh-gcrypt-4                             - tiny C SSH library (gcrypt flavor)                    
p   libssh-gcrypt-4:i386                        - tiny C SSH library (gcrypt flavor)                    
p   libssh-gcrypt-dev                           - tiny C SSH library. Development files (gcrypt flavor) 
p   libssh-gcrypt-dev:i386                      - tiny C SSH library. Development files (gcrypt flavor) 
i A libssh2-1                                   - SSH2 client-side library                              
p   libssh2-1:i386                              - SSH2 client-side library                              
p   libssh2-1-dbg                               - SSH2 client-side library (debug package)              
p   libssh2-1-dbg:i386                          - SSH2 client-side library (debug package)              
p   libssh2-1-dev                               - SSH2 client-side library (development headers)        
p   libssh2-1-dev:i386                          - SSH2 client-side library (development headers)        
p   python-libssh2                              - Python binding for libssh2 library                    
p   python-libssh2:i386                         - Python binding for libssh2 library                    
v   python2.7-libssh2                           -                                                       
v   python2.7-libssh2:i386                      -  

可以看到libssh2-1已经安装了但是libssh2-1-dev没装
检查版本

hero@hero-VirtualBox ~/Documents/openvas9/openvas-libraries-9.0.0 $ aptitude show libssh2-1
Package: libssh2-1                       
State: installed
Automatically installed: yes
Multi-Arch: same
Version: 1.5.0-2
Priority: optional
Section: universe/libs
Maintainer: Ubuntu Developers .ubuntu.com>
Architecture: amd64
Uncompressed Size: 273 k
Depends: libc6 (>= 2.14), libgcrypt20 (>= 1.6.1), zlib1g (>= 1:1.1.4)
PreDepends: multiarch-support
Breaks: libssh2-1:i386 (!= 1.5.0-2)
Replaces: libssh2-1:i386 (< 1.5.0-2)
Description: SSH2 client-side library
 libssh2 is a client-side C library implementing the SSH2 protocol. It supports regular terminal, SCP
 and SFTP (v1-v5) sessions; port forwarding, X11 forwarding; password, key-based and
 keyboard-interactive authentication. 

 This package contains the runtime library.
Homepage: http://libssh2.org/

version符合要求

然后我们装dev包

sudo apt-get install libssh2-1-dev

现在检查libhiredis

hero@hero-VirtualBox ~/Documents/openvas9/openvas-libraries-9.0.0 $ aptitude search libhiredis
p   libhiredis-dbg                              - minimalistic C client library for Redis (debug)       
p   libhiredis-dbg:i386                         - minimalistic C client library for Redis (debug)       
p   libhiredis-dev                              - minimalistic C client library for Redis (development f
p   libhiredis-dev:i386                         - minimalistic C client library for Redis (development f
p   libhiredis0.13                              - minimalistic C client library for Redis               
p   libhiredis0.13:i386                         - minimalistic C client library for Redis

装吧

sudo aptitude install libhiredis-dev

检查版本

hero@hero-VirtualBox ~/Documents/openvas9/openvas-libraries-9.0.0 $ aptitude show libhiredis-devPackage: libhiredis-dev                  
State: installed
Automatically installed: no
Multi-Arch: same
Version: 0.13.3-2
Priority: optional
Section: universe/libdevel
Maintainer: Ubuntu Developers 
Architecture: amd64
Uncompressed Size: 167 k
Depends: libhiredis0.13 (= 0.13.3-2)
Breaks: libhiredis-dev:i386 (!= 0.13.3-2)
Replaces: libhiredis-dev:i386 (< 0.13.3-2)
Description: minimalistic C client library for Redis (development files)
 Hiredis is a minimalistic C client library for the Redis database. It is minimalistic because it just
 adds minimal support for the protocol, but at the same time it uses an high level printf-alike API in
 order to make it much higher level than otherwise suggested by its minimal code base and the lack of
 explicit bindings for every Redis command. 

 Apart from supporting sending commands and receiving replies, it comes with a reply parser that is
 decoupled from the I/O layer. It is a stream parser designed for easy reusability, which can for
 instance be used in higher level language bindings for efficient reply parsing. 

 Hiredis only supports the binary-safe Redis protocol, so you can use it with any Redis version >=
 1.2.0. 

 The library comes with multiple APIs. There is the synchronous API, the asynchronous API and the reply
 parsing API. 

 This package provides the development files for hiredis.
Homepage: https://github.com/redis/hiredis

符合的

检查
libksba
这个与上面相同,没有,安装吧

sudo apt-get install libksba-dev

然后检查下一个文档构建的东西

Prerequisites for building documentation:
* doxygen
* xmltoman (optional, for building man page)
* sqlfairy (optional, for producing database diagram)

一样的办法找,如果没装那就装一下

废话我就不写了哈哈哈,大家把这些个依赖啥的安装检查安装完毕之后

大家把剩余的这些自己检查一下

Prerequisites for building documentation:
* doxygen
* xmltoman (optional, for building man page)
* sqlfairy (optional, for producing database diagram)

Recommended to have WMI support:
* openvas-smb >= 1.0.1

Recommended to have improved SNMP support:
* netsnmp

Recommended to have LDAP support:
* libldap >= 2.4.11
  (LDAP can be disabled with -DBUILD_WITHOUT_LDAP=1)

Recommended to have RADIUS support:
* libfreeradius-client >= 1.1.6
  (RADIUS can be enabled with -DBUILD_WITH_RADIUS=1)

然后最后还有一个

Install prerequisites on Debian GNU/Linux 'Jessie' 8:
# apt-get install dpkg-dev pkg-config libssh-dev libgnutls28-dev libglib2.0-dev \
  libpcap-dev libgpgme11-dev uuid-dev bison libksba-dev libhiredis-dev \
  libsnmp-dev libgcrypt20-dev libldap2-dev

也就是

sudo apt-get install dpkg-dev pkg-config libssh-dev libgnutls28-dev libglib2.0-dev libpcap-dev libgpgme11-dev uuid-dev bison libksba-dev libhiredis-dev libsnmp-dev libgcrypt20-dev libldap2-dev

然后我们开始把lib迁移到他该有的地方,不迁移也可以,就怕以后不小心改到了哈哈哈

然后我们创建一个build目录

mkdir build(此时我们在openvas-libvariy9.0.0目录下)
cd build

然后执行cmake

cmake ..

然后

make                # build the libraries
make doc            # build the documentation
make doc-full       # build more developer-oriented documentation
sudo make install   # install the build
make rebuild_cache  # rebuild the cmake cache

执行这些

然后openvas9-lib就安装完了

我们下一步进行安装Scanner 5.1.0

依旧是检查包,这个就不重复了

然后进去Scanner的目录

mkdir build
cd build
cmake ..

依旧是

make                # build the libraries
make doc            # build the documentation
make doc-full       # build more developer-oriented documentation
sudo make install   # install the build
make rebuild_cache  # rebuild the cmake cache

然后是安装Manager 7.0.0

这里要查看一个我们以前没有检查过的glib

aptitude search glib

然后发现glib其实就是我们之前的libglib

还有一个libsqlite3也要查查

sudo apt-get install libsqlite3-dev libpq-dev

这里我们还要装一个这个

sudo apt-get install xsltproc

不然没法make doc

还是没法make doc
还缺这个

sudo apt-get install libgd-gd2-perl

然后就可以了

然后依旧是make doc-full

这里要用root来make

sudo make doc-full

才可以的

然后安装方法以及是

sudo make install

下面我们安装 Greenbone Security Assistant (GSA) 7.0.0

这是缺的几个库

sudo apt-get install python-polib ibmicrohttpd-dev libxml2-dev libxslt1-dev

然后依旧是老方法

下面 Commandline Interface (CLI) 1.4.5

openvas-cli-1.4.5

这里需要一个这个

sudo apt-get install clang-3.8 libclang1-3.8 

然后安装 openvas-smb 1.0.2
需要这几个

sudo apt-get install gcc-mingw-w64 libgnutls-dev perl-base heimdal-dev heimdal-multidev libpopt-dev libglib2.0-dev

现在一般都是64位系统了,如果 你32的

sudo apt-get install gcc-mingw32 libgnutls-dev perl-base heimdal-dev heimdal-multidev libpopt-dev libglib2.0-dev

然后我们安装 OSPd 1.2.0

sudo apt-get install python-setuptools python-paramiko

然后就直接装了

sudo python setup.py install

默认是安装在/usr/local/下,如果要自己改安装目录参考INSTALL文件

剩下的也是直接用setup.py安装就行

安装完后,我们还要继续做

启动redis

redis-server

同步漏洞库

sudo greenbone-nvt-sync

openvas-manager 重新build

sudo openvasmd --rebuild

这一步的时间有点长,大概有个好几十分钟,我也没注意看,反正不是马上就会好的,大家耐心一点

然后我们创建一个用户

sudo openvasmd --create-user=<username> --role=Admin

然后改密码

sudo openvasmd --user=<username> --new-password=12345

然后我们同步一下其他数据

sudo greenbone-scapdata-sync

这一步是最费时间的。。。好多的数据,从2002年到如今的,好多的

然后还得继续同步数据

sudo greenbone-certdata-sync

这几个同步数据的可执行文件都放在/usr/local/sbin/下面

然后我们还要安装一个叫certtool的玩意

但是这东西在任何地方都搜不到源码安装包啥的
我们这样安装

sudo apt install gnutls-bin

任何再用这个check一个安装好没有

certtool -h

如果出现帮助信息说明安装好了

然后继续安装证书

sudo openvas-manage-certs -a

然后我们开一个窗口打开openvasmd

sudo openvasmd

然后也是一样的找个窗口开启gsad

sudo gsad

然后为了扩展功能我们要安装一个nmap

sudo apt-get install nmap

但是这里有个问题,我们现在源里有的nmap不是他要求的5.51的(2016.12.20)

WARNING: Your version of nmap is not fully supported: 7.31
SUGGEST: You should install nmap 5.51 if you plan to use the nmap NSE NVTs.

我们还得从官网下5.51的来编译安装

(“▔□▔)额

nmap官网

找到download page然后下载就行了

直接wget命令

wget https://nmap.org/dist/nmap-5.51.tar.bz2

解压命令有点奇葩哈哈

bzip2 -cd nmap-5.51.tar.bz2 | tar xvf -

然后依旧老规矩

./configure
make
sudo make install

然后依旧是安装

sudo apt install texlive-latex-base

上面这一步是为了这个warning的提示

WARNING: Could not find pdflatex binary, the PDF report format will not work.
SUGGEST: Install pdflatex.

pdflatex是没有这个安装包的,我们安装texlive-latex-base就行了

这个包有100M多。。。

然后安装rpm

sudo apt install rpm

然后继续安装,缺啥装啥

sudo apt install nsis

还是继续装

sudo apt-get install texlive-full

他说这个pdflatex缺少latex组件 o( ̄ヘ ̄o#)握拳!
还不指定缺哪个。。。

我们最后可以把这个openvas-check软件铐到本地

用来检查openvas有没有安装好了

注:
链接地址可能以后会变动,请大家上openvas的官网找到openvas-check-setup自行下载(2016.12.19)

wget https://svn.wald.intevation.org/svn/openvas/trunk/tools/openvas-check-setup
chmod +x openvas-check-setup
sudo ./openvas-check-setup --v9

--v9
说明我们的版本是9的版本,最好这里指明版本号,以免不必要的麻烦

如果check都没问题了,那说明装好了

然后我们打开浏览器直接输入localhost

这就出来了

OpenVAS 9从源码安装到使用(填坑铺路)_第1张图片

下一次启动的时候

启动redis

redis-server /etc/myredis.conf

说道redis时候,这里有个坑,就是如果你用openvas-check-setup,然后报错说是redis-server is not running or bound in /tmp/redis.sock,然后这个错误我是没法从源下载的redis-server解决的,解决办法是从redis官网下载redis的源码包自己编译安装,然后她源码包里面有个redis.conf,记住这个redis.conf,你把他拷到/etc/下或者哪里,然后里面有个unix sock的选项, 你把他的注释去掉,然后启动的时候指定配置文件,就像我刚刚上面那个命令一样,如果嫌redis的输出不好看,你可以试试用screen命令来让它在后台运行,或者加&也行

redis-server /etc/myredis.conf &

但是这样你看不见redis的输出也是很麻烦的,建议还是screen命令

先用screen创建一个叫redis的窗口进程

screen -S redis

然后现在你就马上切换到这个窗口了

然后在运行redis

最后按住ctrl依次按 A D,注意是依次,然后就切换会原来的界面了,redis就在刚刚那个窗口在跑着,如果想回到那个窗口

screen -r redis

如果想杀死这个窗口,切换到这个窗口后直接ctrl+D一直按,按到窗口切换会原来

然后启动其他的

sudo openvassd
sudo openvasmd
sudo gsad

这里有个小脚本openvas_start.sh,启动openvas的

#!/bin/bash

# This script mush run as root

redis-server /etc/myredis.conf
if [$? -ne 0]; then
    echo "redis-server have NOT started"
    exit 1

openvasssd
if [$? -ne 0]; then
    echo "openvassd have NOT started"
    exit 1

openvasmd
if [$? -ne 0]; then
    echo "openvasmd have NOT started"
    exit 1

gsad
if [$? -ne 0]; then
    echo "gsad have NOT started"
    exit 1

echo "Openvas9 is ok now"

直接用加一个权限然后sudo来run就行了

chmod +x openvas_start.sh
sudo ./opevas_start.sh

每次重启机子后都有启动openvas一遍,直接用这个脚本或者手输命令行就行

OpenVAS 9从源码安装到使用(填坑铺路)_第2张图片

你可能感兴趣的:(安全)