libellux / libellux-up-and-running Goto Github PK

Describe the bug
location: https://www.libellux.com/openvas/#scheduled-jobs, the Ubuntu parts
see also: https://community.greenbone.net/t/problem-with-update-cron-job-on-gsa-21-4-3/12098

I can confirm the OP is saying, tested OP's solution and added some things.

This: (the greenbone-feed-sync is found in sbin, not bin, will result in not performing greenbone-feed-sync)

/usr/local/bin/greenbone-nvt-sync
/usr/local/bin/greenbone-feed-sync --type GVMD_DATA
/usr/local/bin/greenbone-feed-sync --type SCAP
/usr/local/bin/greenbone-feed-sync --type CERT

Suggested changes:

/usr/local/bin/greenbone-nvt-sync
/usr/local/sbin/greenbone-feed-sync --type GVMD_DATA
/usr/local/sbin/greenbone-feed-sync --type SCAP
/usr/local/sbin/greenbone-feed-sync --type CERT

And this, missing step how to get to root:
Edit the root crontab and add the file you created to check for daily updates.
server@ubuntu:~$ crontab -e
Suggested changes:
Edit the root crontab and add the file you created to check for daily updates.
server@ubuntu:~$ sudo su
[enter password]
root@ubuntu:~$ crontab -e

And this:
0 0 * * * gvm /usr/local/bin/openvas-update
(this will result in error that gvm command could not be found)
Suggested changes:
0 0 * * * sudo -u gvm /usr/local/bin/openvas-update

Suggested addition at the end:
While in root, test your update of the feed:
(while in root user):
root@ubuntu:~$ sudo -u gvm /usr/local/bin/openvas-update

Environment (please complete the following information):

• OS: Ubuntu
• Version: 20.04
• GVM: GVM 21.4.5

https://www.libellux.com/ossec/#troubleshooting

OSSEC is a full platform to monitor and control your systems. It mixes together all the aspects of HIDS (host-based intrusion detection), log monitoring and SIM/SIEM together in a simple, powerful and open source solution.

https://www.libellux.com/ossec/

OSSEC is a full platform to monitor and control your systems. It mixes together all the aspects of HIDS (host-based intrusion detection), log monitoring and SIM/SIEM together in a simple, powerful and open source solution.

Environment:

• OS: Ubuntu
• Version 22.04.2 LTS

Describe the bug
On a fresh minimal install of Ubuntu 22.04.2 LTS running script ubuntu-22_04_GVM-22.4.0.sh` as root use from root home directory.

First it ends for me being in visudo editor. After i exit vi the script ends with:

visudo: /etc/sudoers.tmp unchanged
./ubuntu-22_04_GVM-22.4.0.sh: line 286: syntax error near unexpected token `('
./ubuntu-22_04_GVM-22.4.0.sh: line 286: `%sudo   ALL=(ALL:ALL) ALL'

After commenting out the lines, doing the visudo part manually and relaunching the script i end up in a bash prompt as postgres user:

postgres@ubuntu:/root/source/notus-scanner-22.4.0$

After i exit from the shell back into root shell the script ends with:

createuser: error: connection to server on socket "/var/run/postgresql/.s.PGSQL.5432" failed: FATAL:  role "root" does not exist
createdb: error: connection to server on socket "/var/run/postgresql/.s.PGSQL.5432" failed: FATAL:  role "root" does not exist
psql: error: connection to server on socket "/var/run/postgresql/.s.PGSQL.5432" failed: FATAL:  role "root" does not exist
./ubuntu-22_04_GVM-22.4.0.sh: line 300: create: command not found
./ubuntu-22_04_GVM-22.4.0.sh: line 301: grant: command not found
./ubuntu-22_04_GVM-22.4.0.sh: line 302: create: command not found
./ubuntu-22_04_GVM-22.4.0.sh: line 303: create: command not found

I stopped there for now because of time constraints. I am sure this will get fixed, and i want to thank you for your hard work on this one.

https://www.libellux.com/pcp/

Libellux Up and Running is a collection of personal notes and documentation regarding open-source software configuration. The focus is to build a so called Zero Trust Network using a central authentication server to enhance the security for our existing applications. We will manage our network using an open-source software tool for provisioning and configuration management to automate and speed up productivity.

https://www.libellux.com/jira/

Libellux Up and Running is a collection of personal notes and documentation regarding open-source software configuration. The focus is to build a so called Zero Trust Network using a central authentication server to enhance the security for our existing applications. We will manage our network using an open-source software tool for provisioning and configuration management to automate and speed up productivity.

Hi guys. @libellux
Perform the GVM 20.08 installation, but when trying to open the reports tab, it shows the following message:

• OS: Ubuntu
• Version: 20.04

I try run so to get all the syncs up-to-date:

/opt/gvm/sbin/greenbone-feed-sync --type GVMD_DATA
/opt/gvm/sbin/greenbone-feed-sync --type SCAP
/opt/gvm/sbin/greenbone-feed-sync --type CERT

I can see the report formats tab, it shows the following list:

The log error report does not show any connection errors:
gsad.log gvmd.log openvas.log ospd-openvas.log

i can see in Console Log:

<envelope><version>20.08.1~git-fc9e55140-gsa-20.08</version><vendor_version></vendor_version><token>9145c23c-4f71-48e4-be9f-973a1e22bee2</token><time>Fri Feb 5 22:45:39 2021 UTC</time><login>gvmadmin</login><role>Admin</role><i18n>es_ES</i18n><client_address>192.168.0.133</client_address><gsad_response><title>Error: get_entities:999 (GSA 20.08.1~git-fc9e55140-gsa-20.08)</title><message>Report format must be active</message></gsad_response><capabilities><help_response status="200" status_text="OK">

Best regards,
Joseph

Ansible simple IT automation section

• Client installation playbooks
• OSSEC agent playbook + bash script
• WireGuard VPN network playbook

Revise M/Monit section to make it up-to-date but also on how-to pass data to logtail/better uptime.

https://www.libellux.com/openvas/

OpenVAS is a full-featured vulnerability scanner. Its capabilities include unauthenticated testing, authenticated testing, various high level and low level Internet and industrial protocols, performance tuning for large-scale scans and a powerful internal programming language to implement any type of vulnerability test.

I wonder if you have looked into the setup of https://github.com/greenbone/ospd-openvas
You have been of great help with your page to setup openvas.

Is it possible to add a guide on this?

https://www.libellux.com/privacyidea/#enterprise-solutions

privacyIDEA is a modular authentication server that can be used to enhance the security of your existing applications like local login, VPN, remote access, SSH connections, access to web sites or web portals with two factor authentication.

https://www.libellux.com/openvas/

OpenVAS is a full-featured vulnerability scanner. Its capabilities include unauthenticated testing, authenticated testing, various high level and low level Internet and industrial protocols, performance tuning for large-scale scans and a powerful internal programming language to implement any type of vulnerability test.

https://www.libellux.com/clamav/#troubleshooting

ClamAV is an open source antivirus engine for detecting trojans, viruses, malware & other malicious threats.

Add documentation on how-to use Logtail together with Better Uptime together with OSSEC alerts.json using vector.

WireShark first revision

https://www.libellux.com/graylog/

Graylog is a leading centralized log management solution

https://www.libellux.com/mmonit/

Monit is a small popular Open Source utility for managing and monitoring Unix systems. M/Monit builds on Monit's capabilities and provides monitoring and management of all your Monit enabled hosts via a modern, clean and well designed user interface which also works on mobile devices.

At this section, it says the path for the greenbone-feed-sync is /usr/local/bin/greenbone-feed-sync, but on Ubuntu 20.04, it is in /usr/local/sbin/greenbone-feed-sync.

Could be a mistype in the doc, or am I missing something here?

https://www.libellux.com/wireguard/

WireGuard fast, modern, secure VPN tunnel

Add xml-twig-tools dependency for all sections and distributions. For more info see #88

echo "db_address = /run/redis-openvas/redis.sock" | sudo tee -a /etc/openvas/openvas.conf

This line seems to be wrong, redis is actually at run/redis-openvas/redis-server.sock after following the guide.

OSSEC revision 3

• Run installation test for all distros
• Fix incorrect configuration files
• Update for version 3.7
• Update Atomicorp chapter

Hi,
I followed the script for installation but it is giving an error to start the gmvd service.

Below the captured log:

root@openvas:~ tail -n 20 /var/log/gvm/gvmd.log
md manage:WARNING:2022-08-02 12h38.00 utc:20526: sql_exec_internal: SQL: SELECT value FROM public.meta WHERE name = 'database_version';
md manage:WARNING:2022-08-02 12h38.00 utc:20526: sql_x: sql_exec_internal failed
md manage:MESSAGE:2022-08-02 12h38.00 utc:20526: No SCAP database found
md manage:MESSAGE:2022-08-02 12h38.00 utc:20526: No CERT database found
md manage:MESSAGE:2022-08-02 12h38.00 utc:20526: db_extension_available: Extension 'pg-gvm' is not available.
md manage:WARNING:2022-08-02 12h38.00 utc:20526: check_db_extensions: A required extension is not available.
md manage:WARNING:2022-08-02 12h38.00 utc:20526: init_manage_create_functions: failed to create functions
md main:MESSAGE:2022-08-02 12h39.31 utc:20536: Greenbone Vulnerability Manager version 22.4.0~dev1 (DB revision 250)
md manage:WARNING:2022-08-02 12h39.31 utc:20537: sql_exec_internal: PQexec failed: ERROR: relation "public.meta" does not exist
LINE 1: SELECT value FROM public.meta WHERE name = 'database_version...
md manage:WARNING:2022-08-02 12h39.31 utc:20537: sql_exec_internal: SQL: SELECT value FROM public.meta WHERE name = 'database_version';
md manage:WARNING:2022-08-02 12h39.31 utc:20537: sql_x: sql_exec_internal failed
md manage:MESSAGE:2022-08-02 12h39.31 utc:20537: No SCAP database found
md manage:MESSAGE:2022-08-02 12h39.31 utc:20537: No CERT database found
md manage:MESSAGE:2022-08-02 12h39.31 utc:20537: db_extension_available: Extension 'pg-gvm' is not available.
md manage:WARNING:2022-08-02 12h39.31 utc:20537: check_db_extensions: A required extension is not available.
md manage:WARNING:2022-08-02 12h39.31 utc:20537: init_manage_create_functions: failed to create functions

Any tips?

Update GVM (22.4.0) documentation to cover both support for Ubuntu 20.04 and 22.04

credit @kh_sergey

Hi, thank you for the installation instructions, but I there is a small problem with one of the commands.

After calling:

sudo /usr/local/sbin/gvmd --create-user=admin --password=admin

this error appears:

/usr/local/sbin/gvmd: error while loading shared libraries: libgvm_base.so.21: cannot open shared object file: No such file or directory

Do you know how to resolve it?

Describe the question
Single IP scan takes ages with default configs

Environment - Virtual Machine (NAT) VMware Workstation v16

• OS: Ubuntu
• Version 20.04

Additional context
Is there a way to tune it to work fine scanning the public IPs
these IPs are reachable from the VM where this setup is hosted.

Revise WireGuard and make the section up-to-date.

Hi,
There is a problem inside scanner results, related to nmap scanner. I have just a log message with warning:
WARNING: You requested the Nmap scan type -PE (ICMP echo probe) which requires root privileges but scanner is running under an unprivileged user. Nmap has used TCP ping scan instead, if you want use -PE start the scanner as root.

Environment (please complete the following information):

• OS: Ubuntu
• Version 20.04

Additional context
I was following installation instructions from here: https://www.libellux.com/openvas -> Everything is well described, however I couldn't find a way how to solve this issue, especially that nmap command is working fine when executed as:
sudo -u gvm nmap ...

Sudoers file is configured the same way as inside tutorial. I'm just wondering what kind of hack is needed here. Thanks in advance for you input.

GVM revision 9 to include installation of GVM 22.4.0 on Ubuntu 22.04.

• ClamAV revision 4 with latest version 1.0.5.0

https://www.libellux.com/psad/

PSAD (Port Scan Attack Detector) is a collection of three lightweight system daemons (two main daemons and one helper daemon) that run on Linux machines and analyze iptables log messages to detect port scans and other suspicious traffic. A typical deployment is to run PSAD on the iptables firewall where it has the fastest access to log data.

https://www.libellux.com/privacyidea/

privacyIDEA is a modular authentication server that can be used to enhance the security of your existing applications like local login, VPN, remote access, SSH connections, access to web sites or web portals with two factor authentication.

Describe the bug
A 404 error is received when certain files is been accessed.

https://github.com/greenbone/gvm-libs/archive/refs/tags/v$GVM_LIBS_VERSION.tar.gz
https://github.com/greenbone/gvm-libs/releases/download/v$GVM_LIBS_VERSION/gvm-libs-$GVM_LIBS_VERSION.tar.gz.asc

Screenshots
If applicable, add screenshots to help explain your problem.

Environment (please complete the following information):

• OS: Ubuntu]
• Version [e.g. 20.04]

Additional context
Inability to download the files severely limits the planned installation

https://www.libellux.com/privacyidea/#enterprise-solutions

privacyIDEA is a modular authentication server that can be used to enhance the security of your existing applications like local login, VPN, remote access, SSH connections, access to web sites or web portals with two factor authentication.

Revision 3 of PSAD intrusion detection. Updated support for Ubuntu 22.04 and Rocky 9.

• Ubuntu 22.04 support
• Rocky Linux 9 support
• Diagram
• Firewalld support
• Fix broken links

Hi,

I was following your new documentation for ubuntu 22.04 and I hit an issue like below:

ubuntu@openvas-22-04:~$ cd $SOURCE_DIR/ospd-openvas-$OSPD_OPENVAS_VERSION
ubuntu@openvas-22-04:~/source/ospd-openvas-22.4.0$ sudo python3 -m pip install . --prefix /usr/local --no-warn-script-location --no-dependencies
Processing /home/ubuntu/source/ospd-openvas-22.4.0
  Installing build dependencies ... done
  Getting requirements to build wheel ... done
  Preparing metadata (pyproject.toml) ... done
Building wheels for collected packages: ospd-openvas
  Building wheel for ospd-openvas (pyproject.toml) ... done
  Created wheel for ospd-openvas: filename=ospd_openvas-22.4.0-py3-none-any.whl size=124241 sha256=a619fa244a34e0abb67067e02ae2708e96b022c3d5d45131afcad5f148b99962
  Stored in directory: /root/.cache/pip/wheels/35/ea/80/7b594c2c726edf07c8c05d1bca6d9e8d678c1abff06986f4f3
Successfully built ospd-openvas
Installing collected packages: ospd-openvas
  Attempting uninstall: ospd-openvas
    Found existing installation: ospd-openvas 22.4.0
    Uninstalling ospd-openvas-22.4.0:
      Successfully uninstalled ospd-openvas-22.4.0
Successfully installed ospd-openvas-22.4.0
WARNING: Running pip as the 'root' user can result in broken permissions and conflicting behaviour with the system package manager. It is recommended to use a virtual environment instead: https://pip.pypa.io/warnings/venv
ubuntu@openvas-22-04:~/source/ospd-openvas-22.4.0$ cd $INSTALL_DIR/
ubuntu@openvas-22-04:~/install$ ls
ubuntu@openvas-22-04:~/install$ pwd
/home/ubuntu/install
ubuntu@openvas-22-04:~/install$ ls /home/ubuntu/install
ubuntu@openvas-22-04:~/install$ 

I'm discussing about lines 202-207 from here: https://github.com/libellux/Libellux-Up-and-Running/blob/master/docs/openvas/config/ubuntu-22_04_GVM-22.4.0.sh

Seems that directory is empty, so final copy:
sudo cp -rv $INSTALL_DIR/* / && \ will not work - is that on purpose or something wrong is here?

Thanks in advance for explanation.

Best regards,
Jan

Update ClamAV with the latest LTS version of v0.104+ and add support for Windows 11 client.

Add descriptive diagrams to following chapters:

• ClamAV
• OSSEC
• GVM
• PSAD
• WireGuard

https://www.libellux.com/u2f/

Universal 2nd Factor (U2F) is an open standard that strengthens and simplifies two-factor authentication (2FA) using specialized Universal Serial Bus (USB) or near-field communication (NFC) devices based on similar security technology found in smart cards. While initially developed by Google and Yubico, with contribution from NXP Semiconductors, the standard is now hosted by the FIDO Alliance.

https://www.libellux.com/rsyslog/

Libellux Up and Running is a collection of personal notes and documentation regarding open-source software configuration. The focus is to build a so called Zero Trust Network using a central authentication server to enhance the security for our existing applications. We will manage our network using an open-source software tool for provisioning and configuration management to automate and speed up productivity.

Hi,

I would just like to ask what am I doing wrong. I am getting an error when typing lines 193-195

sudo cp $SOURCE_DIR/openvas-scanner-21.4.3/config/redis-openvas.conf /etc/redis/ && \

sudo chown redis:redis /etc/redis/redis-openvas.conf &&
echo "db_address = /run/redis-openvas/redis.sock" | sudo tee -a /etc/openvas/openvas.conf
cp: cannot create regular file '/etc/redis/': Not a directory

• Ubuntu
• Version 20.04

Im just starting out and part of the work is to install OPENVAS and I am currently stuck. Thank you for your help

https://www.libellux.com/radius/

The world's leading RADIUS server. The project includes a GPL AAA server, BSD licensed client and PAM and Apache modules. Full support is available from NetworkRADIUS.

Improve the content and descriptions to be more intuitive. Increase the level of information and reasoning behind each section.

https://www.libellux.com/wireguard/

WireGuard fast, modern, secure VPN tunnel

https://www.libellux.com/radius/

The world's leading RADIUS server. The project includes a GPL AAA server, BSD licensed client and PAM and Apache modules. Full support is available from NetworkRADIUS.

https://www.libellux.com/psad/

PSAD (Port Scan Attack Detector) is a collection of three lightweight system daemons (two main daemons and one helper daemon) that run on Linux machines and analyze iptables log messages to detect port scans and other suspicious traffic. A typical deployment is to run PSAD on the iptables firewall where it has the fastest access to log data.

Update GVM 22.4.x with latest releases for Ubuntu 22.04.

Describe the question - GVM
Is there a way we can have the remote OSP scanner (slave) -> communicate towards the Master gvmd remotely ?
I am able to configure it successfully from Master -> Slave but not the other way

Environment (please complete the following information):

• OS: Ubuntu
• Version 20.04

Additional context
The reason i want to deploy this way is that i need the scanners to poll the Manager for any available scans assigned to them. This would allow only to open the ports towards the manager.

Thank you for the precise installation guide. I followed it and got OpenVAS from source code to running. I am on 21.4.2 now, but I see it is outdated and the latest version is 21.4.5.
How can I update my system the easiest, using the fresh source code? Is it practically a full installation, apart from the user and database creation?

• OS: Ubuntu
• Version: 20.04.4 LTS