centos7安装漏洞分析软件openvas9
参考文章:
http://blog.sina.com.cn/s/blog_17943a64f0102xmbr.html
https://blog.csdn.net/weixin_41515615/article/details/84635765
下载链接:
https://wald.intevation.org/frs/?group_id=29
安装系统:centos7
注:1.国内网络安装初始化会很慢,因为下载网站都在国外;
2.源码安装只有同步病毒库慢,偶尔网络卡顿导致病毒库没有,自行决定安装方式
一、网络安装
关闭selinux:
vim /etc/selinux/config
修改参数:
SELINUX=disabled
重启,查看
安装依赖:
yum install -y wget bzip2 texlive net-tools alien gnutls-utils
添加仓库:
wget -q -O - https://www.atomicorp.com/installers/atomic | sh
安装:
yum install openvas -y #国内网有点慢
编辑文件:
vim /etc/redis.conf
修改配置:
unixsocket /tmp/redis.sock
unixsocketperm 700
重启redis:
systemctl enable redis && systemctl restart redis
启动openvas初始环境配置:
openvas-setup #国内网此段需要很久很久
最后有一段交互,输入登陆账号及密码
默认提示显示服务开启的是9392端口,实际查看是443端口
防火墙开启443端口,使用https://ip的方式即可访问
firewall-cmd --permanent --add-port=443/tcp
firewall-cmd --reload
网络安装到此结束
二、源码安装
准备安装包:
openvas-libraries-9.0.1.tar.gz、openvas-scanner-5.1.1.tar.gz、openvas-manager-7.0.2.tar.gz、greenbone-security-assistant-7.0.2.tar.gz
关闭selinux:
vim /etc/selinux/config
修改参数:
SELINUX=disabled
重启,查看
依赖下载:
yum -y install gcc cmake bison pkgconfig libuuid-devel openldap-devel libgcrypt-devel libksba-devel gnutls-devel glib2-devel openssl-devel gpgme-devel zlib-devel net-snmp-devel libssh-devel sqlite-devel sqlite libmicrohttpd-devel libmicrohttpd-devel libxslt-devel gnutls-utils libpcap.x86_64 libpcap-devel.x86_64 libxml2.x86_64 libxml2-devel.x86_64
yum install epel-release -y
yum install -y hiredis.x86_64 hiredis-devel.x86_64 redis libpcap.x86_64 libpcap-devel.x86_64 python doxygen.x86_64 bzip2
修改参数
export PKG_CONFIG_PATH=/usr/local/lib/pkgconfig
echo "/usr/local/lib" >> /etc/ld.so.conf.d/openvas.conf
echo "/usr/local/lib64" >> /etc/ld.so.conf.d/openvas.conf
ldconfig
mkdir -p /opt/openvas
cd /opt/openvas
tar zxf openvas-libraries-9.0.1.tar.gz && cd openvas-libraries-9.0.1
mkdir build && cd build && cmake ..
make && make install
cp -rf /usr/local/lib64/* /usr/local/lib/
cd /opt/openvas
tar zxf openvas-scanner-5.1.1.tar.gz && cd openvas-scanner-5.1.1
mkdir build && cd build
cmake ..
make && make install
cd /opt/openvas
tar zxf openvas-manager-7.0.2.tar.gz && cd openvas-manager-7.0.2
mkdir build && cd build
cmake ..
vim src/CMakeFiles/openvasmd-sqlite.dir/link.txt
添加:-lgpg-error
make && make install
cd /opt/openvas
tar zxf greenbone-security-assistant-7.0.2.tar.gz && cd greenbone-security-assistant-7.0.2
mkdir build && cd build
cmake ..
make && make install
编辑文件:
vim /etc/redis.conf
修改配置:
unixsocket /tmp/redis.sock
unixsocketperm 700
启动redis:
systemctl enable redis && systemctl start redis
同步漏洞库
greenbone-nvt-sync #国内网很慢
同步其他数据
greenbone-scapdata-sync
ldconfig
创建用户
openvasmd --create-user=admin --role=Admin
User created with password 'd4818697-8999-4355-ba08-f039eb582d2b'
修改密码
openvasmd --user=admin --new-password=linsec8888
安装证书
openvas-manage-certs -a
启动
openvasmd
openvassd
gsad --http-only --listen="0.0.0.0"
防火墙开启80端口,使用http://ip的方式即可访问
firewall-cmd --permanent --add-port=80/tcp
firewall-cmd --reload
安装到此结束
-----------日常记录---------------