參考文章:
http://blog.sina.com.cn/s/blog_17943a64f0102xmbr.html
https://blog.csdn.net/weixin_41515615/article/details/84635765
下載鏈接:
https://wald.intevation.org/frs/?group_id=29
安裝系統:centos7
注:1.國內網絡安裝初始化會很慢,因爲下載網站都在國外;
2.源碼安裝只有同步病毒庫慢,偶爾網絡卡頓導致病毒庫沒有,自行決定安裝方式
一、網絡安裝
關閉selinux:
vim /etc/selinux/config
修改參數:
SELINUX=disabled
重啓,查看
安裝依賴:
yum install -y wget bzip2 texlive net-tools alien gnutls-utils
添加倉庫:
wget -q -O - https://www.atomicorp.com/installers/atomic | sh
安裝:
yum install openvas -y #國內網有點慢
編輯文件:
vim /etc/redis.conf
修改配置:
unixsocket /tmp/redis.sock
unixsocketperm 700
重啓redis:
systemctl enable redis && systemctl restart redis
啓動openvas初始環境配置:
openvas-setup #國內網此段需要很久很久
最後有一段交互,輸入登陸賬號及密碼
默認提示顯示服務開啓的是9392端口,實際查看是443端口
防火牆開啓443端口,使用https://ip的方式即可訪問
firewall-cmd --permanent --add-port=443/tcp
firewall-cmd --reload
網絡安裝到此結束
二、源碼安裝
準備安裝包:
openvas-libraries-9.0.1.tar.gz、openvas-scanner-5.1.1.tar.gz、openvas-manager-7.0.2.tar.gz、greenbone-security-assistant-7.0.2.tar.gz
關閉selinux:
vim /etc/selinux/config
修改參數:
SELINUX=disabled
重啓,查看
依賴下載:
yum -y install gcc cmake bison pkgconfig libuuid-devel openldap-devel libgcrypt-devel libksba-devel gnutls-devel glib2-devel openssl-devel gpgme-devel zlib-devel net-snmp-devel libssh-devel sqlite-devel sqlite libmicrohttpd-devel libmicrohttpd-devel libxslt-devel gnutls-utils libpcap.x86_64 libpcap-devel.x86_64 libxml2.x86_64 libxml2-devel.x86_64
yum install epel-release -y
yum install -y hiredis.x86_64 hiredis-devel.x86_64 redis libpcap.x86_64 libpcap-devel.x86_64 python doxygen.x86_64 bzip2
修改參數
export PKG_CONFIG_PATH=/usr/local/lib/pkgconfig
echo "/usr/local/lib" >> /etc/ld.so.conf.d/openvas.conf
echo "/usr/local/lib64" >> /etc/ld.so.conf.d/openvas.conf
ldconfig
mkdir -p /opt/openvas
cd /opt/openvas
tar zxf openvas-libraries-9.0.1.tar.gz && cd openvas-libraries-9.0.1
mkdir build && cd build && cmake ..
make && make install
cp -rf /usr/local/lib64/* /usr/local/lib/
cd /opt/openvas
tar zxf openvas-scanner-5.1.1.tar.gz && cd openvas-scanner-5.1.1
mkdir build && cd build
cmake ..
make && make install
cd /opt/openvas
tar zxf openvas-manager-7.0.2.tar.gz && cd openvas-manager-7.0.2
mkdir build && cd build
cmake ..
vim src/CMakeFiles/openvasmd-sqlite.dir/link.txt
添加:-lgpg-error
make && make install
cd /opt/openvas
tar zxf greenbone-security-assistant-7.0.2.tar.gz && cd greenbone-security-assistant-7.0.2
mkdir build && cd build
cmake ..
make && make install
編輯文件:
vim /etc/redis.conf
修改配置:
unixsocket /tmp/redis.sock
unixsocketperm 700
啓動redis:
systemctl enable redis && systemctl start redis
同步漏洞庫
greenbone-nvt-sync #國內網很慢
同步其他數據
greenbone-scapdata-sync
ldconfig
創建用戶
openvasmd --create-user=admin --role=Admin
User created with password 'd4818697-8999-4355-ba08-f039eb582d2b'
修改密碼
openvasmd --user=admin --new-password=linsec8888
安裝證書
openvas-manage-certs -a
啓動
openvasmd
openvassd
gsad --http-only --listen="0.0.0.0"
防火牆開啓80端口,使用http://ip的方式即可訪問
firewall-cmd --permanent --add-port=80/tcp
firewall-cmd --reload
安裝到此結束
-----------日常記錄---------------