diff options
author | Jose Alonso Cardenas Marquez <acm@FreeBSD.org> | 2021-01-06 09:17:32 +0000 |
---|---|---|
committer | Jose Alonso Cardenas Marquez <acm@FreeBSD.org> | 2021-01-06 09:17:32 +0000 |
commit | 33dfd5ca7ef23f498041a4229a8109b4ac9bdabc (patch) | |
tree | 13bdb75c3065f22191be58f4498ed2d8bd419292 /security/gvm | |
parent | 61c2cadda4b168e5ada62c0479bddaa2f1c09637 (diff) | |
download | ports-33dfd5ca7ef23f498041a4229a8109b4ac9bdabc.tar.gz ports-33dfd5ca7ef23f498041a4229a8109b4ac9bdabc.zip |
- New port: security/gvm
This is the metaport to install GVM applications and libraries.
WWW: https://www.openvas.org/
Notes
Notes:
svn path=/head/; revision=560485
Diffstat (limited to 'security/gvm')
-rw-r--r-- | security/gvm/Makefile | 38 | ||||
-rw-r--r-- | security/gvm/files/pkg-message.in | 118 | ||||
-rw-r--r-- | security/gvm/pkg-descr | 3 |
3 files changed, 159 insertions, 0 deletions
diff --git a/security/gvm/Makefile b/security/gvm/Makefile new file mode 100644 index 000000000000..42bc81336d9f --- /dev/null +++ b/security/gvm/Makefile @@ -0,0 +1,38 @@ +# $FreeBSD$ + +PORTNAME= gvm +PORTVERSION= 20.8.0 +CATEGORIES= security + +MAINTAINER= acm@FreeBSD.org +COMMENT= Greenbone vulnerability management (metaport) + +USES= metaport python + +# Install GVM libraries +RUN_DEPENDS+= ${LOCALBASE}/lib/libgvm_base.so:security/gvm-libs + +# Install GVM Manager +RUN_DEPENDS+= ${LOCALBASE}/sbin/gvmd:security/gvmd + +# Install Scanner wrapper for OSP +RUN_DEPENDS+= ${LOCALBASE}/bin/ospd-openvas:security/py-ospd-openvas@${PY_FLAVOR} + +# Install OpenVAS Scanner +RUN_DEPENDS+= ${LOCALBASE}/sbin/openvas:security/openvas + +# Install GVM Web Interface +RUN_DEPENDS+= ${LOCALBASE}/sbin/gsad:security/greenbone-security-assistant + +SUB_FILES= pkg-message + +OPTIONS_DEFINE= PYTHON-GVM GVM-TOOLS +OPTIONS_DEFAULT= PYTHON-GVM GVM-TOOLS + +PYTHON-GVM_DESC= Install GVM python API library +GVM-TOOLS_DESC= Install GVM tools + +PYTHON-GVM_RUN_DEPENDS= ${PYTHON_PKGNAMEPREFIX}gvm>=0:security/py-python-gvm@${PY_FLAVOR} +GVM-TOOLS_RUN_DEPENDS= gvm-cli:security/py-gvm-tools@${PY_FLAVOR} + +.include <bsd.port.mk> diff --git a/security/gvm/files/pkg-message.in b/security/gvm/files/pkg-message.in new file mode 100644 index 000000000000..4cb71331bcb0 --- /dev/null +++ b/security/gvm/files/pkg-message.in @@ -0,0 +1,118 @@ +[ +{ type: install + message: <<EOM +GVM ports were installed + +Basic instructions for configure your gvm infraestruture are following: + +1) Redis is a dependency of GVM. Please, configure redis-server for + listening on socket /var/run/redis/redis.sock. security/openvas scanner + needs it + + # echo "db_address = /var/run/redis/redis.sock" > /usr/local/etc/openvas/openvas.conf + +2) Add user gvm to redis group + + # pw groupmod redis -M gvm + +3) security/gvmd uses PostgreSQL database. Generally, PostgreSQL must be + installed in the same server where security/gvmd is running: + + # su postgres + # createuser -DRS gvm + # createdb -O gvm gvmd + # psql gvmd + # create role dba with superuser noinherit; + # grant dba to gvm + # create extension "uuid-ossp"; + # create extension "pgcrypto" + +4) Add the following lines to /etc/rc.conf + + redis_enable="YES" + gvmd_enable="YES" + ospd_openvas_enable="YES" + gsad_enable="YES" + +5) The following steps are neccessary before of you can access to GVM web + interface (gsad): + + Start gvmd service. It will listen on /var/run/gvmd/gvmd.sock by default + + # service gvmd start + + Create certificates + + # su -m gvm -c "gvm-manage-certs -s" + + Sync gvmd Data, SCAP and CERT + + # su -m gvm -c "greenbone-feed-sync --type GVMD_DATA" + # su -m gvm -c "greenbone-feed-sync --type SCAP" + # su -m gvm -c "greenbone-feed-sync --type CERT" + + Create an admin user and set the Feed Import Owner + + # su -m gvm -c "gvmd --create-user=myuser" + # su -m gvm -c "gvmd --user=myuser --new-password=yourpassword" + + Set the Feed Import Owner (myuser user in this example) + + # su -m gvm -c "gvmd --get-users --verbose" + myuser <uuid_of_user> + + # su -m gvm -c "gvmd --modify-setting 78eceaec-3385-11ea-b237-28d24461215b --value <uuid_of_user> + +6) Start OSPD-OpenVAS Wrapper service. It will listen on /var/run/ospd/ospd.sock by default + + # service ospd_openvas start + + you can test if ospd_openvas is connecting with openvas scanner with the following commands: + + # su -m gvm -c "gvmd --get-scanners" + 6acd0832-df90-11e4-b9d5-28d24461215b CVE 0 CVE + 08b69003-5fc2-4037-a479-93b440211c73 OpenVAS /var/run/ospd/ospd.sock 0 OpenVAS Default + + # su -m gvm -c "gvmd --verify-scanner=08b69003-5fc2-4037-a479-93b440211c73" + Scanner version: OpenVAS x.x.x + +7) Start GVM web interface. It will listen on http://127.0.0.1 by default + + # service gsad start + +8) Some openvas scanner tasks need access to /dev/bpf device. Add the + following lines to /etc/devfs.conf + + own bpf root:gvm + perm bpf 0660 + + And restart service for apply the changes + + # service devfs restart + +9) gvm log files are stores to /var/log/gvm directory + +10) gsad can export results to PDF. It needs print/texlive-texmf port + + # pkg install texlive-texmf + + It will install 1G of data + +11) If you need more configure information you can look at the following links: + + https://github.com/greenbone/gvmd/blob/master/INSTALL.md + https://github.com/greenbone/openvas/blob/master/INSTALL.md + https://github.com/greenbone/ospd/blob/master/doc/INSTALL-ospd-scanner.md + https://github.com/greenbone/gsa/blob/master/INSTALL.md + + and + + # gvmd -h + # openvas -h + # ospd-openvas -h + # gsad -h + +12) Enjoy it +EOM +} +] diff --git a/security/gvm/pkg-descr b/security/gvm/pkg-descr new file mode 100644 index 000000000000..9fe61740cc6c --- /dev/null +++ b/security/gvm/pkg-descr @@ -0,0 +1,3 @@ +This is the metaport to install GVM applications and libraries. + +WWW: https://www.openvas.org/ |