From 2024922574c76aeb95ea2ebbe5a22f4bb8902640 Mon Sep 17 00:00:00 2001 From: Kent Fritz Date: Sun, 22 Feb 2015 07:20:19 +0700 Subject: network/greenbone-security-assistant: Added (UI for OpenVAS). Signed-off-by: Willy Sudiarto Raharjo --- network/greenbone-security-assistant/README | 107 ++++++++++++++++++++++++++++ 1 file changed, 107 insertions(+) create mode 100644 network/greenbone-security-assistant/README (limited to 'network/greenbone-security-assistant/README') diff --git a/network/greenbone-security-assistant/README b/network/greenbone-security-assistant/README new file mode 100644 index 000000000000..64548f852a10 --- /dev/null +++ b/network/greenbone-security-assistant/README @@ -0,0 +1,107 @@ +greenbone-security-assistant (UI for OpenVAS) + +This is the UI the Open Vulnerability Assessment System (OpenVAS). + +###### Known Problems ###### + +- PDF report generation is broken. This may get fixed in a future slackbuild. + +- The libssh-0.5.4 shipped with Slackware (at the time of this writing) is + broken. If you need to run "credentialed" scans against targets running + OpenSSH 6.7 or beyond (including Slackware), you have 2 options: + 1. Enable diffie-hellman-group1-sha1 as a KexAlgorithm in the sshd_config + of your targets. + 2. Update your libssh to the latest. + You also may have problems with targets running Dropbear SSH server. See + this thread on LinuxQuestions for more information: + http://www.linuxquestions.org/questions/showthread.php?t=4175533193 + +- All the daemons run as root. There's no (working) configuration options + or documentation to change this behavior. + +- There are a number of tests that depend on other software packages that are + not available as slackbuilds at this time. Stay tuned. + +###### Installation Instructions ###### + +These instructions assume you're familiar with slackbuilds. If not, please +refer to http://slackbuilds.org/howto/ . + +1. Build and install openvas-libraries. + +2. Build and install openvas-scanner. + +3. You need a Certificate Authority and server certificate. Run the following + command: +# openvas-mkcert + +4. You need the NVT's (Network Vulnerability Tests). Run the following + command to sync. In the future, you can do this through the + greenbone-security-assistant interface. This will take a minute or so + with a blazing fast internet connection. YMMV. +# openvas-nvt-sync + +5. Start the openvas-scanner daemon. +# /etc/rc.d/rc.openvassd start + +6. Build and install openvas-manager. + +7. You need client certificates for manager to talk to scanner. Use the + following command. +# openvas-mkcert-client -n -i + +8. Initialize the manager database. This will take a while, so be patient. +# openvasmd --rebuild + +9. [Optional] If you want encrypted credentials in the DB, do this now. +# openvasmd --create-credentials-encryption-key + This may take a while, so it's best to create some entropy by skipping to + #11-#13 and then coming back, if needed. + +10. Create a user. +# openvasmd --create-user=cary + If you find the assigned password hard to remember, you can change it + right now. +# openvasmd --user=cary --new-password=mekmitasdigoat + +11. Sync SCAP data. This will take some time. +# openvas-scapdata-sync + +12. Sync CERT data. +# openvas-certdata-sync + +13. Update port names. +# wget http://www.iana.org/assignments/service-names-port-numbers/service-names-port-numbers.xml +# openvas-portnames-update service-names-port-numbers.xml +# rm service-names-port-numbers.xml + +14. Start the openvas-manager daemon. +# /etc/rc.d/rc.openvasmd start + +15. Build and install libmicrohttpd. + +16. Build and install greenbone-security-assistant. + +17. Launch the greenbone-security-assistant. +# /etc/rc.d/rc.gsad start + +18. Point your browser at https://:9392 + You'll get a certificate error, of course (fixing this is left as an + excercise for the reader). Log in with your username/password from #10. + +19. [Optional] Build and install openvas-cli. You'll need this if you ever + want to script tests. + +That's it! If you run into any problems, you can try running the +openvas-check-setup script found here: + https://svn.wald.intevation.org/svn/openvas/trunk/tools/openvas-check-setup + +If you don't have a web-server running, you can edit the /etc/rc.d/rc.gsad +script to remove the "-p 9392" option, and it will run on port 443. + +Please let me know if you run into any problems. Patches welcome! + +Have Fun! + +Kent Fritz +mailto:fritz.kent@gmail.com -- cgit v1.2.3