Openvas源码安装及驱使关联

1.服务启动：

/usr/bin/openvas-start

#!/bin/bash
echo "Starting     OpenVas Services"
service greenbone-security-assistant start
service openvas-scanner start

service openvas-manager start

2.服务停止：

/usr/bin/openvas-stop

#!/bin/bash
echo "Stopping     OpenVas Services"
service greenbone-security-assistant stop
service openvas-scanner stop

service openvas-manager stop

3.启动脚本路径：

/etc/init.d/greenbone-security-assistant             启动gsad进程，监听端口9392

/etc/init.d/openvas-scanner                                启动openvassd进程

/etc/init.d/openvas-manager                              启动openvasmd进程，监听端口9390

DAEMON=/usr/sbin/openvassd            进程

PIDFILE=/var/run/openvassd.pid           进程ID

DAEMON=/usr/sbin/openvasmd          进程

PIDFILE=/var/run/openvasmd.pid         进程ID

DAEMON=/usr/sbin/gsad                     进程

PIDFILE=/var/run/gsad.pid                    进程ID

4.进程间对应源码

Openvas CLI：  greenbone-gvm-tools  使用命令行模拟web发送扫描任务(gvm-cli --xml "")

                          openvas-cli-1.4.5 

Greenboon Security Assistant:  openvas-manager-7.0.2

openvas-scanner:  openvas-scanner-5.1.1

ospd（Open Scanner Protocol --->osp协议）:    ospd-1.2.0

                   ospd-debsecan-1.2b1

                   ospd-nmap-1.0b1         封装nmap调用

传输协议：OpenVAS Management Protocol (OMP)

                      OpenVAS Transfer Protocol（OTP）

1）gnutls
GnuTLS 是一个加密协议库，实现了 SSL、TLS 和 DTLS 协议和相关技术，提供了简单的 C 语言编程接口用来访问这些安全通讯协议，提供解析和读写 X.509、PKCS #12、OpenPGP 和其他相关结构。
2）micro_httpd
micro_httpd is a very small Unix-based HTTP server
3）xsltproc
定义
xsltproc是由DanielVeillard用来C语言编写的是一个快速XSLT引擎,它可以将通过XSL层叠样式表把XML转换为相应格式的文件，比如：HTML,XHTML,PDF...

基本使用
将XML转换为HTML
xsltproc xsl-html.xsl hoto.xml -o html.html

4.GnuPG（GNU Privacy Guard或GPG）
是一个以GNU通用公共许可证释出的开放源码用于加密或签名的软件，可用来取代PGP。
大多数gpg软件仅支持命令行方式，一般人较难掌握。由于gpg软件开放源代码，很难隐藏后门，因此比pgp等商业软件安全。

5.源码安装及对应关系

说明：

1）编译参考目录下的INSTALL指示进行安装

2）通用安装命令

#apt-get update             命令即可更新源
#apt-get upgrade           更新软件

#apt-get install XXX
#apt-cache search XXX
例如：
apt-get install libgnomeui-dev
#apt-get install libsqlite3-dev
#apt-get install gcc-mingw-w64

#mkdir build
#cd build

执行cmake生成Makefile，如果出现错误则是校验需要的版本确实，需要使用apt-get命令进行安装
#cmake -DCMAKE_INSTALL_PREFIX=/usr ..           

#make                编译生成目标文件
#make install        将生成的目标文件安装到期望位置/usr

5.1 greenbone-gvm-tools安装（参照说明README.rst）

安装日志：

Processing /home/student/share/openvas/greenbone-gvm-tools-77352f8dfa2e
Requirement already satisfied: lxml in /usr/lib/python2.7/dist-packages (from gvm-tools==1.2.0)
Requirement already satisfied: paramiko in /usr/lib/python2.7/dist-packages (from gvm-tools==1.2.0)
Building wheels for collected packages: gvm-tools
  Running setup.py bdist_wheel for gvm-tools ... done
  Stored in directory: /root/.cache/pip/wheels/76/2a/ca/d0fde67b4223e0f177fab63673bf3c58f707e94ad281b2e377
Successfully built gvm-tools
Installing collected packages: gvm-tools
Successfully installed gvm-tools-1.2.0

5.2 openvas-cli-1.4.5 安装（参照CMakeLists.txt ）

使用说明：  omp [OPTION...] - OpenVAS OMP Command Line Interface

安装日志：

 $ mkdir build
 $ cd build
Then configure the build with

 $ cmake -DCMAKE_INSTALL_PREFIX=/path/to/your/installation ..

or (if you want to use the default installation path /usr/local)

 $ cmake ..

This only needs to be done once.  Note: It is assumed that the other
OpenVAS components are installed to the same path.

Thereafter, the following commands are useful.

    $ make                # build openvas-cli
    $ make doc            # build the documentation
    $ make doc-full       # build more developer-oriented documentation
    $ make install        # install the build
    $ make rebuild_cache  # rebuild the cmake cache

root@topsec:/home/student/openvas/openvas-cli-1.4.5/build# cmake ..
-- Configuring openvas-cli ...
CMake Deprecation Warning at CMakeLists.txt:32 (cmake_policy):
  The OLD behavior for policy CMP0005 will be removed from a future version
  of CMake.

  The cmake-policies(7) manual explains that the OLD behaviors of all
  policies are deprecated and that a policy should be set to OLD only under
  specific short-term circumstances.  Projects should be ported to the NEW
  behavior and not rely on setting a policy to OLD.


-- Install prefix: /home/student/local/bin
-- Looking for xmltoman...
-- Looking for xmltoman... XMLTOMAN_EXECUTABLE-NOTFOUND
-- Looking for xmlmantohtml... XMLMANTOHTML_EXECUTABLE-NOTFOUND
-- Could NOT find Doxygen (missing: DOXYGEN_EXECUTABLE) 
-- Doxygen is required to build the HTML docs.
-- WARNING: xmltoman is required to generate manpages.
-- WARNING: xmlmantohtml is required for manpage in HTML docs.
-- Configuring done
-- Generating done
-- Build files have been written to: /home/student/openvas/openvas-cli-1.4.5/build
root@topsec:/home/student/openvas/openvas-cli-1.4.5/build# scan-build make
scan-build: Using '/usr/lib/llvm-4.0/bin/clang' for static analysis
[ 50%] Built target omp
[100%] Built target check_omp
scan-build: Removing directory '/tmp/scan-build-2018-03-01-144739-933-1' because it contains no reports.
scan-build: No bugs found.

安装目录在/home/student/local/bin

5.3 openvas-manager 安装（参照CMakeLists.txt ）

安装日志：

mkdir build

cd build

cmake -DCMAKE_INSTALL_PREFIX=/usr ..

cmake安装过程中报错

1）libopenvas_omp库文件找不到

解决方案：将该库文件找到，copy到/lib或者/lib64

2) sqlite3显示未安装，实际上已经安装有 

解决方案：

搜索sqlite相关的安装包 $apt-cache search sqlite

安装libsqlite3-dev        $apt-get install libsqlite3-dev

然后再执行cmake -DCMAKE_INSTALL_PREFIX=/usr ..即可生成Makefile文件

$make

$make install

最后生成的可执行文件为openvasmd -> openvasmd-sqlite

5.4 openvas-scanner 安装（参照CMakeLists.txt ）

安装日志：

$mkdir build;cd build

$cmake -DCMAKE_INSTALL_PREFIX=/usr ..

$make

make编译遇到错误

error: this statement may fall through [-Werror=implicit-fallthrough]

root@topsec:/home/student/openvas/openvas-scanner-5.1.1/build# make
Scanning dependencies of target openvassd
[  6%] Building C object src/CMakeFiles/openvassd.dir/attack.c.o
[ 12%] Building C object src/CMakeFiles/openvassd.dir/comm.c.o
[ 18%] Building C object src/CMakeFiles/openvassd.dir/hosts.c.o
[ 25%] Building C object src/CMakeFiles/openvassd.dir/log.c.o
[ 31%] Building C object src/CMakeFiles/openvassd.dir/nasl_plugins.c.o
[ 37%] Building C object src/CMakeFiles/openvassd.dir/ntp.c.o
[ 43%] Building C object src/CMakeFiles/openvassd.dir/openvassd.c.o
[ 50%] Building C object src/CMakeFiles/openvassd.dir/otp.c.o
[ 56%] Building C object src/CMakeFiles/openvassd.dir/pluginlaunch.c.o
[ 62%] Building C object src/CMakeFiles/openvassd.dir/pluginload.c.o
[ 68%] Building C object src/CMakeFiles/openvassd.dir/pluginscheduler.c.o
/home/student/openvas/openvas-scanner-5.1.1/src/pluginscheduler.c: In function ‘plugins_scheduler_next’:
/home/student/openvas/openvas-scanner-5.1.1/src/pluginscheduler.c:688:40: error: this statement may fall through [-Werror=implicit-fallthrough]
               l->plugin->running_state = PLUGIN_STATUS_DONE_AND_CLEANED;
/home/student/openvas/openvas-scanner-5.1.1/src/pluginscheduler.c:690:13: note: here
             case PLUGIN_STATUS_DONE_AND_CLEANED:
             ^~~~
cc1: all warnings being treated as errors
src/CMakeFiles/openvassd.dir/build.make:302: recipe for target 'src/CMakeFiles/openvassd.dir/pluginscheduler.c.o' failed
make[2]: *** [src/CMakeFiles/openvassd.dir/pluginscheduler.c.o] Error 1
CMakeFiles/Makefile2:122: recipe for target 'src/CMakeFiles/openvassd.dir/all' failed
make[1]: *** [src/CMakeFiles/openvassd.dir/all] Error 2
Makefile:162: recipe for target 'all' failed
make: *** [all] Error 2

解决方案：

此时在这段代码里面加一句话即可 __attribute__((fallthrough));

            case PLUGIN_STATUS_DONE:
              scheduler_rm_running_ports (h, l->plugin);
              l->plugin->running_state = PLUGIN_STATUS_DONE_AND_CLEANED;
              /* no break - we remove it right away */
              __attribute__((fallthrough));
            case PLUGIN_STATUS_DONE_AND_CLEANED:

启动过程遇到问题

其中，check-setup遇到的问题解决：

①redis-server is not running or not listening on socket: /tmp/redis.sock

解决方法：

vi/etc/redis/redis.conf

依次更改：

port 0 # prevent redis from listening on a TCP socket

unixsocket /tmp/redis.sock

unixsocketperm 700

timeout 0

之后利用指定配置开启redis服务：

redis-server /etc/redis/redis.conf

由于目录变了，所以需要执行openvas-setup再次下载相关内容。

比如

/var/lib/openvas# ls

CA  cert-data  mgr  openvasmd  plugins  private  scap-data  users

该目录下的一些证书、插件、漏洞库都需要再次下载。或者直接拷贝。

执行openvas-setup

启动成功后的状态

root@topsec:/etc/init.d# service greenbone-security-assistant status
● greenbone-security-assistant.service - Greenbone Security Assistant
   Loaded: loaded (/lib/systemd/system/greenbone-security-assistant.service; disabled; vendor preset: disabled)
   Active: active (running) since Tue 2018-03-06 11:04:55 CST; 1min 45s ago
     Docs: man:gsad(8)
           http://www.openvas.org/
 Main PID: 2540 (gsad)
    Tasks: 10 (limit: 19660)
   CGroup: /system.slice/greenbone-security-assistant.service
           ├─2540 /usr/sbin/gsad --foreground --listen=0.0.0.0 --port=9392 --mlisten=127.0.0.1 --mport=9390
           └─2551 /usr/sbin/gsad --foreground --listen=0.0.0.0 --port=9392 --mlisten=127.0.0.1 --mport=9390

3月 06 11:04:55 topsec systemd[1]: Started Greenbone Security Assistant.
3月 06 11:04:55 topsec gsad[2540]: Warning: MHD_USE_THREAD_PER_CONNECTION must be used only with MHD_USE_INTERNAL_POLLING_THREAD. Flag MHD_USE_
3月 06 11:04:55 topsec gsad[2540]: Warning: MHD_USE_THREAD_PER_CONNECTION must be used only with MHD_USE_INTERNAL_POLLING_THREAD. Flag MHD_USE_
root@topsec:/etc/init.d# service openvas-manager status             
● openvas-manager.service - Open Vulnerability Assessment System Manager Daemon
   Loaded: loaded (/lib/systemd/system/openvas-manager.service; disabled; vendor preset: disabled)
   Active: active (running) since Tue 2018-03-06 11:04:56 CST; 1min 53s ago
     Docs: man:openvasmd(8)
           http://www.openvas.org/
  Process: 2542 ExecStart=/usr/sbin/openvasmd --listen=127.0.0.1 --port=9390 --database=/usr/var/lib/openvas/mgr/tasks.db (code=exited, status=
 Main PID: 2550 (openvasmd)
    Tasks: 1 (limit: 19660)
   CGroup: /system.slice/openvas-manager.service
           └─2550 openvasmd

3月 06 11:04:55 topsec systemd[1]: Starting Open Vulnerability Assessment System Manager Daemon...
3月 06 11:04:56 topsec systemd[1]: Started Open Vulnerability Assessment System Manager Daemon.
root@topsec:/etc/init.d# service openvas-scanner status             
● openvas-scanner.service - Open Vulnerability Assessment System Scanner Daemon
   Loaded: loaded (/lib/systemd/system/openvas-scanner.service; disabled; vendor preset: disabled)
   Active: active (running) since Tue 2018-03-06 11:04:56 CST; 2min 3s ago
     Docs: man:openvassd(8)
           http://www.openvas.org/
  Process: 2541 ExecStart=/usr/sbin/openvassd --unix-socket=/var/run/openvassd.sock (code=exited, status=0/SUCCESS)
 Main PID: 2591 (openvassd)
    Tasks: 1 (limit: 19660)
   CGroup: /system.slice/openvas-scanner.service
           └─2591 openvassd: Waiting for incoming connections

3月 06 11:04:55 topsec systemd[1]: Starting Open Vulnerability Assessment System Scanner Daemon...
3月 06 11:04:56 topsec systemd[1]: Started Open Vulnerability Assessment System Scanner Daemon.

4.日志目录：

/var/log/openvas

openvas-scanner（扫描器）：担任调用各种破绽检测插件，完成实践的扫描操作。

5.源码分析

1.openvassd.c

openvassd -V  显示版本信息

openvassd -s  打印全局配置

openvassd -y  目录/etc

函数：

/*
 * @brief Starts a process to handle client requests while the scanner is
 * loading.
 *
 * @return process id of loading handler.
 */

static pid_t loading_handler_start ()

/*
 * @brief Stops the loading handler process.
 *
 * @param[in]   handler_pid Pid of loading handler.
 */
void loading_handler_stop (pid_t handler_pid)

/**
 * @brief Initializes main scanner process' signal handlers.
 */

static void init_signal_handlers ()

/*
 * main function for loading all the plugins 初始化插件
 */

int plugins_init (void)

/*主循环函数*/

static void main_loop ()

/**
 * @brief Sets the process' title.
 *
 * @param[in]   new_title   Format string for new process title.
 * @param[in]   ...         Arguments for format string.
 */

void proctitle_set (const char *new_title, ...)

create_process ---> scanner_thread

                        ----> handle_client

                        ----> attack_network

                        ----> attack_start

                        ----> attack_host  (start scan开始扫描)

                        ----> launch_plugin (Launches a nvt)

                        ----> plugin_launch (Start the plugin)

                        ----> nasl_plugin_launch (Launch a NASL plugin)

                        ----> nasl_thread (nasl线程)