Date: Wed, 6 Jan 2021 09:17:33 +0000 (UTC) From: Jose Alonso Cardenas Marquez <acm@FreeBSD.org> To: ports-committers@freebsd.org, svn-ports-all@freebsd.org, svn-ports-head@freebsd.org Subject: svn commit: r560485 - in head/security/gvm: . files Message-ID: <202101060917.1069HXQ6095086@repo.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: acm Date: Wed Jan 6 09:17:32 2021 New Revision: 560485 URL: https://svnweb.freebsd.org/changeset/ports/560485 Log: - New port: security/gvm This is the metaport to install GVM applications and libraries. WWW: https://www.openvas.org/ Added: head/security/gvm/ head/security/gvm/Makefile (contents, props changed) head/security/gvm/files/ head/security/gvm/files/pkg-message.in (contents, props changed) head/security/gvm/pkg-descr (contents, props changed) Added: head/security/gvm/Makefile ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ head/security/gvm/Makefile Wed Jan 6 09:17:32 2021 (r560485) @@ -0,0 +1,38 @@ +# $FreeBSD$ + +PORTNAME= gvm +PORTVERSION= 20.8.0 +CATEGORIES= security + +MAINTAINER= acm@FreeBSD.org +COMMENT= Greenbone vulnerability management (metaport) + +USES= metaport python + +# Install GVM libraries +RUN_DEPENDS+= ${LOCALBASE}/lib/libgvm_base.so:security/gvm-libs + +# Install GVM Manager +RUN_DEPENDS+= ${LOCALBASE}/sbin/gvmd:security/gvmd + +# Install Scanner wrapper for OSP +RUN_DEPENDS+= ${LOCALBASE}/bin/ospd-openvas:security/py-ospd-openvas@${PY_FLAVOR} + +# Install OpenVAS Scanner +RUN_DEPENDS+= ${LOCALBASE}/sbin/openvas:security/openvas + +# Install GVM Web Interface +RUN_DEPENDS+= ${LOCALBASE}/sbin/gsad:security/greenbone-security-assistant + +SUB_FILES= pkg-message + +OPTIONS_DEFINE= PYTHON-GVM GVM-TOOLS +OPTIONS_DEFAULT= PYTHON-GVM GVM-TOOLS + +PYTHON-GVM_DESC= Install GVM python API library +GVM-TOOLS_DESC= Install GVM tools + +PYTHON-GVM_RUN_DEPENDS= ${PYTHON_PKGNAMEPREFIX}gvm>=0:security/py-python-gvm@${PY_FLAVOR} +GVM-TOOLS_RUN_DEPENDS= gvm-cli:security/py-gvm-tools@${PY_FLAVOR} + +.include <bsd.port.mk> Added: head/security/gvm/files/pkg-message.in ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ head/security/gvm/files/pkg-message.in Wed Jan 6 09:17:32 2021 (r560485) @@ -0,0 +1,118 @@ +[ +{ type: install + message: <<EOM +GVM ports were installed + +Basic instructions for configure your gvm infraestruture are following: + +1) Redis is a dependency of GVM. Please, configure redis-server for + listening on socket /var/run/redis/redis.sock. security/openvas scanner + needs it + + # echo "db_address = /var/run/redis/redis.sock" > /usr/local/etc/openvas/openvas.conf + +2) Add user gvm to redis group + + # pw groupmod redis -M gvm + +3) security/gvmd uses PostgreSQL database. Generally, PostgreSQL must be + installed in the same server where security/gvmd is running: + + # su postgres + # createuser -DRS gvm + # createdb -O gvm gvmd + # psql gvmd + # create role dba with superuser noinherit; + # grant dba to gvm + # create extension "uuid-ossp"; + # create extension "pgcrypto" + +4) Add the following lines to /etc/rc.conf + + redis_enable="YES" + gvmd_enable="YES" + ospd_openvas_enable="YES" + gsad_enable="YES" + +5) The following steps are neccessary before of you can access to GVM web + interface (gsad): + + Start gvmd service. It will listen on /var/run/gvmd/gvmd.sock by default + + # service gvmd start + + Create certificates + + # su -m gvm -c "gvm-manage-certs -s" + + Sync gvmd Data, SCAP and CERT + + # su -m gvm -c "greenbone-feed-sync --type GVMD_DATA" + # su -m gvm -c "greenbone-feed-sync --type SCAP" + # su -m gvm -c "greenbone-feed-sync --type CERT" + + Create an admin user and set the Feed Import Owner + + # su -m gvm -c "gvmd --create-user=myuser" + # su -m gvm -c "gvmd --user=myuser --new-password=yourpassword" + + Set the Feed Import Owner (myuser user in this example) + + # su -m gvm -c "gvmd --get-users --verbose" + myuser <uuid_of_user> + + # su -m gvm -c "gvmd --modify-setting 78eceaec-3385-11ea-b237-28d24461215b --value <uuid_of_user> + +6) Start OSPD-OpenVAS Wrapper service. It will listen on /var/run/ospd/ospd.sock by default + + # service ospd_openvas start + + you can test if ospd_openvas is connecting with openvas scanner with the following commands: + + # su -m gvm -c "gvmd --get-scanners" + 6acd0832-df90-11e4-b9d5-28d24461215b CVE 0 CVE + 08b69003-5fc2-4037-a479-93b440211c73 OpenVAS /var/run/ospd/ospd.sock 0 OpenVAS Default + + # su -m gvm -c "gvmd --verify-scanner=08b69003-5fc2-4037-a479-93b440211c73" + Scanner version: OpenVAS x.x.x + +7) Start GVM web interface. It will listen on http://127.0.0.1 by default + + # service gsad start + +8) Some openvas scanner tasks need access to /dev/bpf device. Add the + following lines to /etc/devfs.conf + + own bpf root:gvm + perm bpf 0660 + + And restart service for apply the changes + + # service devfs restart + +9) gvm log files are stores to /var/log/gvm directory + +10) gsad can export results to PDF. It needs print/texlive-texmf port + + # pkg install texlive-texmf + + It will install 1G of data + +11) If you need more configure information you can look at the following links: + + https://github.com/greenbone/gvmd/blob/master/INSTALL.md + https://github.com/greenbone/openvas/blob/master/INSTALL.md + https://github.com/greenbone/ospd/blob/master/doc/INSTALL-ospd-scanner.md + https://github.com/greenbone/gsa/blob/master/INSTALL.md + + and + + # gvmd -h + # openvas -h + # ospd-openvas -h + # gsad -h + +12) Enjoy it +EOM +} +] Added: head/security/gvm/pkg-descr ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ head/security/gvm/pkg-descr Wed Jan 6 09:17:32 2021 (r560485) @@ -0,0 +1,3 @@ +This is the metaport to install GVM applications and libraries. + +WWW: https://www.openvas.org/
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?202101060917.1069HXQ6095086>