From 1f6d7651ca0859b0228f0b941b7299928e7338c7 Mon Sep 17 00:00:00 2001 From: Joseph Lee Date: Tue, 16 Jan 2024 16:28:50 +0800 Subject: [PATCH 01/26] First draft of full Greenbone CE for Kali Linux documentation --- src/22.4/kali/feed-sync.md | 9 + src/22.4/kali/file-system.md | 18 ++ src/22.4/kali/index.md | 19 ++ src/22.4/kali/installation.md | 91 +++++++++ src/22.4/kali/introduction.md | 1 + src/22.4/kali/optional-configs.md | 35 ++++ src/22.4/kali/troubleshooting.md | 310 ++++++++++++++++++++++++++++++ src/index.md | 1 + 8 files changed, 484 insertions(+) create mode 100644 src/22.4/kali/feed-sync.md create mode 100644 src/22.4/kali/file-system.md create mode 100644 src/22.4/kali/index.md create mode 100644 src/22.4/kali/installation.md create mode 100644 src/22.4/kali/introduction.md create mode 100644 src/22.4/kali/optional-configs.md create mode 100644 src/22.4/kali/troubleshooting.md diff --git a/src/22.4/kali/feed-sync.md b/src/22.4/kali/feed-sync.md new file mode 100644 index 00000000..b573f08d --- /dev/null +++ b/src/22.4/kali/feed-sync.md @@ -0,0 +1,9 @@ +## Community Feed Synchronization + +The Kali Linux Greenbone CE installation includes its own feed-sync script `gvm-feed-update` which acts as a wrapper for the various `greenbone-feed-sync` commands. However, this script is not maintained by Greeenbone and any bugs should be reported to the [Kali Linux Bug Tracker](https://bugs.kali.org/main_page.php). The `gvm-feed-update` script must be executed with superuser privileges: + +```bash +sudo gvm-feed-update +``` + +The standard `greenbone-feed-sync` commands, can also be executed directly. A detailed guide on using the `greenbone-feed-sync` command is [available here](../source-build/feed-sync.md). diff --git a/src/22.4/kali/file-system.md b/src/22.4/kali/file-system.md new file mode 100644 index 00000000..a1196afc --- /dev/null +++ b/src/22.4/kali/file-system.md @@ -0,0 +1,18 @@ +## Log And Configuration File Locations + +Here are the locations of the various Greenbone CE log and configuration files. + +```{code-block} +:caption: View all Greenbone CE log files +ls /var/log/gvm +``` + +```{code-block} +:caption: View the OpenVAS configuration files +ls /etc/openvas +``` + +```{code-block} +:caption: View the other Greenbone CE configuration files +ls /etc/gvm +``` diff --git a/src/22.4/kali/index.md b/src/22.4/kali/index.md new file mode 100644 index 00000000..71f952fd --- /dev/null +++ b/src/22.4/kali/index.md @@ -0,0 +1,19 @@ +# Kali Linux Install Guide + +```{include} /22.4/kali/introduction.md +``` + +```{include} /22.4/kali/installation.md +``` + +```{include} /22.4/kali/feed-sync.md +``` + +```{include} /22.4/kali/optional-configs.md +``` + +```{include} /22.4/kali/troubleshooting.md +``` + +```{include} /22.4/kali/file-system.md +``` diff --git a/src/22.4/kali/installation.md b/src/22.4/kali/installation.md new file mode 100644 index 00000000..7256d988 --- /dev/null +++ b/src/22.4/kali/installation.md @@ -0,0 +1,91 @@ +## Installing Greenbone Community Edition + +### Quick Start Install + +For those who want a quick start guide, here is an overview of the standard installation process: + +> 1. Update Kali Linux with `sudo apt update`. +> 2. Install Greenbone with `sudo apt install gvm`. +> 3. Configure Greenbone CE with `sudo gvm-setup` and note the provided *admin* password from the output +> 4. Check the install status with `gvm-check-setup`. +> 5. Visit [https://127.0.0.1:9392](https://127.0.0.1:9392) and log in using the credentials output in step 3. +> 6. Verify the feed status before starting your first scan. + +### Detailed Installation Instructions + +In this section we will take a more detailed look at each step of the installation process. + +### 1. Update Kali Linux + +The first step is to update the system's local package lists for repositories and PPAs (Personal Package Archives). Kali Linux is a "rolling" distribution which means that it continuously updates all of its software (the kernel, libraries, applications, and other system software) to the latest versions without requiring a complete OS reinstallation. Rolling releases typically offer the latest versions of software soon after they are released. + +Therefore, It's highly advised to also do a full package `upgrade` before installing `gvm` since Greenbone CE requires the newest version of PostgreSQL. If you are having trouble upgrading and configuring PostgreSQL during the installation process, see the [troubleshooting section](troubleshooting.md). + +```{warning} System upgrades may result in changes to the existing kernel, libraries, and software that could interfere with existing functionality. Before doing an upgrade you should make a complete backup of all critical files on your system including the contents of your PostgreSQL database. +``` +```{code-block} +:caption: Full package list update and system upgrade +sudo apt update && sudo apt upgrade +``` + +### 2. Install Greenbone Community Edition + +Greenbone CE and required dependencies can be installed with a single command: + +```bash +sudo apt install gvm -y +``` +Note that this is the same as executing the command: +```bash +sudo apt install openvas -y +``` + +### 3. Run The Automatic Configuration Script + +After installing the required packages, a configuration script must be run to complete the installation. To run the automatic configuration execute the command: + +```{note} +During `gvm-setup` you must record the default password created for the GVM admin user. +``` + +```bash +sudo gvm-setup +``` + +### 4. Verify The Installation + +The Kali Linux native installation includes a script to verify the installed services. This script can be run using the command: + +```bash +sudo gvm-check-setup +``` + +If your installation has been successfully configured, you will see the following message at the end of the verification out: + +``` +It seems like your GVM-22.5.0 installation is OK. +``` + +#### Starting And Stopping Greenbone CE + +The following commands can be used to start and stop Greenbone CE and all its required services: + +```{code-block} +:caption: Start all Greenbone CE services +sudo gvm-start +``` + +```{code-block} +:caption: Stop all Greenbone CE services +sudo gvm-stop +``` + +### 5. Log Into The Greenbone Web Interface + +Once the installation is complete you can log into the {term}`GSA` web interface by visiting [https://127.0.0.1:9392](https://127.0.0.1:9392) in your browser and providing the default admin credentials from step 3. + +### 6. Verify The Feed Status + +Before starting the first scan, Greenbone needs to parse the vulnerability feeds and store them into the `gvmd` PostgreSQL database. This process is initialized during the setup stage, but typically takes anywhere from a few minutes to several hours to complete, depending on your system resources. + +The feed status can be checked by going to the `Feed Status` page from the `Configuration` section in the top menu bar. diff --git a/src/22.4/kali/introduction.md b/src/22.4/kali/introduction.md new file mode 100644 index 00000000..ba8e7f6d --- /dev/null +++ b/src/22.4/kali/introduction.md @@ -0,0 +1 @@ +This documentation provides instructions on how to install {term}`Greenbone Community Edition` (CE) from the Kali Linux native repository. The install packages are maintained by [Offensive Security](https://www.kali.org/tools/gvm/). Any bugs discovered during installation or use should be reported to [Kali Linux Bug Tracker](https://bugs.kali.org/main_page.php). Guidelines for submitting bugs to Kali Linux can be [found here](https://www.kali.org/docs/community/submitting-issues-kali-bug-tracker/). diff --git a/src/22.4/kali/optional-configs.md b/src/22.4/kali/optional-configs.md new file mode 100644 index 00000000..be6cad45 --- /dev/null +++ b/src/22.4/kali/optional-configs.md @@ -0,0 +1,35 @@ +## Optional Configurations + +The Greenbone CE Kali Linux installation relies on the sub-system components as the [source code installation](/22.4/source-build/index.md) and all configuration options are available. Here we will cover some common custom configurations. + +### Configure Remote Access To The Web Interface + +By default Greenbone CE is installed with only `localhost` access to the {term}`GSA` web interface. This means Greenbone CE can only be accessed via the IP address `127.0.0.1`. To enable remote access to the web interface, the {term}`gsad` systemd service file must be modified. + +```{code-block} +:caption: Find the location of the gsad.sevice file +sudo find / -name gsad.service -type f +``` + +Edit the contents of the `gsad.service` systemd service file: + +```{code-block} +:caption: Use nano to edit the gsad.sevice file +nano /usr/lib/systemd/service/gsad.service +``` + +Change the value of the `--listen` argument to `0.0.0.0` and optionally change the value of `--port` to the standard SSL/TLS port 443: + +```diff +-ExecStart=/usr/local/sbin/gsad --foreground --listen=127.0.0.1 --port=9392 ++ExecStart=/usr/local/sbin/gsad --foreground --listen=0.0.0.0 --port=443 +``` + +### Setting A Password Policy + +The password policy configuration file defines the rules for user passwords such as minimum length, complexity, and expiration period, ensuring that all user passwords adhere to the desired security standards. + +```{code-block} +:caption: Edit the Greenbone CE password policy configuration +nano /etc/gvm/pwpolicy.conf +``` diff --git a/src/22.4/kali/troubleshooting.md b/src/22.4/kali/troubleshooting.md new file mode 100644 index 00000000..ac646f99 --- /dev/null +++ b/src/22.4/kali/troubleshooting.md @@ -0,0 +1,310 @@ +## Troubleshooting A Kali Linux Installation + +Here are some common issues encountered during installation and steps to fix them. + +### Upgrading The Default PostgreSQL Version + +If you encounter an error regarding the PostgreSQL version when running `sudo gvm-setup`, you must upgrade the installed version of PostgreSQL to the newest version required by the Kali native `gvm` package. In the example below shows the upgrade from PostgreSQL version 15 to version 16, but these steps will work to upgrade between any versions. + +[MORE: Can this be avoided by doing `sudo apt upgrade` before installation?] + +```{code-block} +:caption: Error indicating the need to upgrade your PostgreSQL cluster +┌──(dev㉿kali)-[~] +└─$ sudo gvm-setup + +[>] Starting PostgreSQL service +[-] ERROR: The default PostgreSQL version (15) is not 16 that is required by libgvmd +[-] ERROR: libgvmd needs PostgreSQL 16 to use the port 5432 +[-] ERROR: Use pg_upgradecluster to update your PostgreSQL cluster +``` + +To complete the Greenbone CE setup you must: + +1. Migrate PostgreSQL settings and data to a new upgraded cluster +2. Configure the new cluster to use port `5432` +3. Install the newest pg-gvm extension +4. Fix the gmvd database COLLATION mismatch +5. Resolve Any Outstanding Dependencies +6. Complete the Greenbone CE Setup + +### 1. Upgrade PostgreSQL Cluster + +```{warning} You should consider the contents of your existing PostgreSQL database and complete any backups of that data before you complete the following steps. It's also important to consider that upgrading Kali Linux packages could disrupt the functionality of your system. +``` + +You can list all existing PostgreSQL clusters using the command `pg_lsclusters`. + + ```{code-block} + :caption: Listing the existing PostgreSQL clusters +┌──(dev㉿kali)-[~] +└─$ pg_lsclusters +Ver Cluster Port Status Owner Data directory Log file +15 main 5432 online postgres /var/lib/postgresql/15/main /var/log/postgresql/postgresql-15-main.log +16 main 5433 online postgres /var/lib/postgresql/16/main /var/log/postgresql/postgresql-16-main.log +``` + +Here we see two online clusters listening on ports `5432` and `5433`. Since the target cluster `16/main` already exists, we must temporarily delete it. Otherwise we will encounter an error `Error: target cluster 16/main already exists`. The existence of the `16/main` cluster does not necessarily mean that the old cluster has already been upgraded; it simply means that a cluster for that version is present. + +```{code-block} +:caption: Trying to upgrade to an existing cluster will fail. +┌──(dev㉿kali)-[~] +└─$ sudo pg_upgradecluster 15 main 16 +Error: target cluster 16/main already exists +``` + +To complete the upgrade we must first stop and delete the `16/main` cluster. + +```bash +sudo pg_ctlcluster 16 main stop +sudo pg_dropcluster 16 main +``` + +Now we can upgrade the old cluster to a new one. The `pg_upgradecluster` command migrates databases from the old cluster to the new cluster. + +```{code-block} +:caption: The basic syntax of the pg_upgradecluster command. +pg_upgradecluster [options] oldversion oldclustername [newversion] +``` + +To upgrade your PostgreSQL cluster, you should use the following command: + +```bash +sudo pg_upgradecluster 15 main +``` + +If you do not need the older PostgreSQL cluster, you should delete it. + +```bash +sudo pg_dropcluster 15 main +``` + +And remove the PostgreSQL 15 packages + +```bash +sudo apt autoremove +``` + +Now we are left with only the new PostgreSQL cluster. + +```{code-block} +:caption: Listing the existing PostgreSQL clusters +┌──(dev㉿kali)-[~] +└─$ pg_lsclusters +Ver Cluster Port Status Owner Data directory Log file +16 main 5433 online postgres /var/lib/postgresql/16/main /var/log/postgresql/postgresql-16-main.log +``` +### 2. Configure The PostgreSQL Port + +Typically, the `pg_upgradecluster` will also configure the new version of PostgreSQL to use the standard port `5432`, which is required by Greenbone CE. However, if the port is not automatically changed, you must change it manually by editing the `postgresql.conf` configuration file and restarting the PostgreSQL systemd service. On Kali the `postgresql.conf` configuration file is located in the `/etc/postgresql//main` directory, but to be sure you can issue a command to locate the configuration file. + +```bash +sudo -u postgres psql -c 'SHOW config_file' +``` + +```{code-block} +:caption: Executing command to locate the PostgreSQL config file +┌──(dev㉿kali)-[~] +└─$ sudo -u postgres psql -c 'SHOW config_file' + + config_file +----------------------------------------- + /etc/postgresql/16/main/postgresql.conf +(1 row) +``` + +Edit the configuration file and change the connection settings port to `5432` and restart the PostgreSQL port. + +```{code-block} +:caption: Use nano to edit the postgresql.conf file +sudo nano /etc/postgresql/16/main/postgresql.conf +``` + +```diff +# - Connection Settings - + +#listen_addresses = 'localhost' # what IP address(es) to listen on; + # comma-separated list of addresses; + # defaults to 'localhost'; use '*' for all + # (change requires restart) +-port = 5433 # (change requires restart) ++port = 5432 # (change requires restart) +max_connections = 100 # (change requires restart) +#reserved_connections = 0 # (change requires restart) +#superuser_reserved_connections = 3 # (change requires restart) +``` + +```{code-block} +:caption: Restart the PostgreSQL systemd service +sudo systemctl restart postgresql +``` + +### 3. Install The Newest pg-gvm Extension For PostgreSQL + +When upgrading PostgreSQL cluster to a newer version, the `pg-gvm` package must also be updated. If you do not update this package before running `sudo gvm-check-setup`, you will encounter the following error when rebuilding the `gvmd` database: + +```{code-block} +:caption: Missing pg-gvm extention error when running gvm-check-setup +[*] Creating extension pg-gvm +ERROR: extension "pg-gvm" is not available +DETAIL: Could not open extension control file "/usr/share/postgresql/16/extension/pg-gvm.control": No such file or directory. +HINT: The extension must first be installed on the system where PostgreSQL is running. +``` + +You can find all available versions of `pg-gvm` using the `apt-cache search` command: + +```{code-block} +:caption: Searching the Linux package repository for all versions of pg-gvm +┌──(dev㉿kali)-[~] +└─$ apt-cache search pg-gvm +postgresql-16-pg-gvm - PostgreSQL extension for ical object manipulation +``` + +After updating the aptitude package repository is `postgresql-16-pg-gvm` which matches the new PostgreSQL version. So, you need to install that package: + +```bash +sudo apt install postgresql-16-pg-gvm -y +``` + +### 4. Fixing The gvmd COLLATION Version Mismatch + +During a PostgreSQL cluster upgrade you may encounter a COLLATION mismatch warning. This warning must be resolved before `gvm-setup` can be completed. + +```{code-block} +:caption: Error message indicating a COLLATION version mismatch +WARNING: database "gvmd" has a collation version mismatch +DETAIL: The database was created using collation version 2.36, but the operating system provides version 2.37. +HINT: Rebuild all objects in this database that use the default collation and run ALTER DATABASE gvmd REFRESH COLLATION VERSION, or build PostgreSQL with the right library version. +``` + +To fix the collation mismatch, login to the `psql` command line and execute the suggested commands to update all databases in the cluster. This will at least include the `gvmd` and `postgres` databases. + +```{code-block} +:caption: Become the postgres user to access the psql shell as a superadmin +sudo su postgres +``` + +```{code-block} +:caption: Start the PostgreSQL shell +psql +``` + +```{code-block} +:caption: Update each database COLLATION version +postgres=# ALTER DATABASE postgres REFRESH COLLATION VERSION; +NOTICE: changing version from 2.36 to 2.37 +ALTER DATABASE +postgres=# ALTER DATABASE gvmd REFRESH COLLATION VERSION; +NOTICE: changing version from 2.36 to 2.37 +ALTER DATABASE +postgres-# \q +postgres@kali:/home/dev$ exit +``` + +### 5. Resolve Any Outstanding Dependencies + +In order to complete the database cluster migration, you may also need to update various outdated extensions depending on the particular changes between PostgreSQL versions. For example, when migrating between PostgreSQL 15 and 16, the `pgcrypto` module must be updated. To update any unresolved dependencies... + + +```bash +sudo apt install pgcrypto + +``` + +### 6. Complete The Greenbone CE Setup + +You can now run the `gvm-setup` command to complete the setup. + +``` +sudo gvm-setup +``` + +```{note} +During setup it's important to note and record the default password created for the GVM admin user. +``` + +```{code-block} +:caption: The admin password is included in gvm-setup output +[+] Done +[*] Please note the password for the admin user +[*] User created with password 'ff006a29-8977-4ffa-882c-cd430fdc9bb8'. + +[>] You can now run gvm-check-setup to make sure everything is correctly configured +``` + +## Other Common Setup Errors + +```{note} +Here are some other common setup errors you may encounter when installing Greenbone CE from the native Kali Linux package. In most cases, hints are available in the `gvm-setup` and `gvm-check-setup` command output. +``` + +### ERROR: extention "pg-gvm" is not available + +[See the instructions here](#3-install-the-newest-pg-gvm-extension-for-postgresql) to find and install the latest version of `pg-gvm`. + +### ERROR: No users found + +If you encounter the error **ERROR: No users found.** when running `sudo gvm-check-setup`, you will need to create at least one an admin user. Replace `` with your own password. + +```bash +sudo runuser -u _gvm -- gvmd --create-user=admin --password= +``` + +### ERROR: The Postgresql DB does not exist + +If the PostgreSQL database was not created during initial setup of Greenbone CE, or not transferred when migrating to a new cluster, you must manually create the database with the following command: + +``` +sudo runuser -u postgres -- /usr/share/gvm/create-postgresql-database +``` + +### ERROR: Required systemd service did not start + +If the ospd-openvas service or any other required Greenbone `systemd` services did not start during the setup or initialization, you can attempt to manually start the process. Here is an example for troubleshooting the `ospd-openvas` systemd service, but you can use this process for other services as well: + +```{code-block} +:caption: Try to manually start the service +sudo systemctl start ospd-openvas +``` + +If the service still fails to start properly, you can check for errors using the following methods: + +```{code-block} +:caption: Display the systemd service status including any errors +sudo systemctl status ospd-openvas | less +``` + +```{code-block} +:caption: View detailed system logs with extended output +journalctl -xe +``` + +```{code-block} +:caption: View most recent items in the ospd-openvas log file +tail -20 /var/log/gvm/ospd-openvas.log +``` + +```{note} +You can find all the Greenbone CE log files in the `/var/log/gvm` directory. +``` + +### ERROR: The client certificate file of GVM is not valid + +If the required SSL/TLS certificates failed to generate during the standard setup process, or if the existing certificates are not valid any longer, you must generate the necessary SSL/TLS certificate files. The script `gvm-manage-certs` is used for managing the certificates required by Greenbone CE. + +```{code-block} +:caption: Generate all required SSL/TLS certificates +sudo runuser -u _gvm -- gvm-manage-certs -a -f +``` + +### ERROR: Database is wrong version. You have installed a new gvmd version + +When upgrading Greenbone CE, you may need to also update the `gvmd` PostgreSQL database schema. You can update the `gvmd` database to the with the following command: + +```bash +sudo runuser -u _gvm -- gvmd --migrate +``` + +### ERROR: No postgresql version uses the port 5432. + +Greenbone CE requires a PostgreSQL connection on port 5432. [See instructions here](#2-configure-the-postgresql-port) to change the PostgreSQL port. diff --git a/src/index.md b/src/index.md index 38e0c9fc..dd7ee273 100644 --- a/src/index.md +++ b/src/index.md @@ -32,6 +32,7 @@ Edition. background 22.4/source-build/index 22.4/container/index +22.4/kali/index faq troubleshooting glossary From 88c9a21de163b4ede57a7a8c9d780d5359be3671 Mon Sep 17 00:00:00 2001 From: Joseph Lee Date: Tue, 16 Jan 2024 16:28:50 +0800 Subject: [PATCH 02/26] First draft of full Greenbone CE for Kali Linux documentation --- src/22.4/kali/feed-sync.md | 9 + src/22.4/kali/file-system.md | 18 ++ src/22.4/kali/index.md | 19 ++ src/22.4/kali/installation.md | 91 +++++++++ src/22.4/kali/introduction.md | 1 + src/22.4/kali/optional-configs.md | 35 ++++ src/22.4/kali/troubleshooting.md | 310 ++++++++++++++++++++++++++++++ src/index.md | 1 + 8 files changed, 484 insertions(+) create mode 100644 src/22.4/kali/feed-sync.md create mode 100644 src/22.4/kali/file-system.md create mode 100644 src/22.4/kali/index.md create mode 100644 src/22.4/kali/installation.md create mode 100644 src/22.4/kali/introduction.md create mode 100644 src/22.4/kali/optional-configs.md create mode 100644 src/22.4/kali/troubleshooting.md diff --git a/src/22.4/kali/feed-sync.md b/src/22.4/kali/feed-sync.md new file mode 100644 index 00000000..b573f08d --- /dev/null +++ b/src/22.4/kali/feed-sync.md @@ -0,0 +1,9 @@ +## Community Feed Synchronization + +The Kali Linux Greenbone CE installation includes its own feed-sync script `gvm-feed-update` which acts as a wrapper for the various `greenbone-feed-sync` commands. However, this script is not maintained by Greeenbone and any bugs should be reported to the [Kali Linux Bug Tracker](https://bugs.kali.org/main_page.php). The `gvm-feed-update` script must be executed with superuser privileges: + +```bash +sudo gvm-feed-update +``` + +The standard `greenbone-feed-sync` commands, can also be executed directly. A detailed guide on using the `greenbone-feed-sync` command is [available here](../source-build/feed-sync.md). diff --git a/src/22.4/kali/file-system.md b/src/22.4/kali/file-system.md new file mode 100644 index 00000000..a1196afc --- /dev/null +++ b/src/22.4/kali/file-system.md @@ -0,0 +1,18 @@ +## Log And Configuration File Locations + +Here are the locations of the various Greenbone CE log and configuration files. + +```{code-block} +:caption: View all Greenbone CE log files +ls /var/log/gvm +``` + +```{code-block} +:caption: View the OpenVAS configuration files +ls /etc/openvas +``` + +```{code-block} +:caption: View the other Greenbone CE configuration files +ls /etc/gvm +``` diff --git a/src/22.4/kali/index.md b/src/22.4/kali/index.md new file mode 100644 index 00000000..71f952fd --- /dev/null +++ b/src/22.4/kali/index.md @@ -0,0 +1,19 @@ +# Kali Linux Install Guide + +```{include} /22.4/kali/introduction.md +``` + +```{include} /22.4/kali/installation.md +``` + +```{include} /22.4/kali/feed-sync.md +``` + +```{include} /22.4/kali/optional-configs.md +``` + +```{include} /22.4/kali/troubleshooting.md +``` + +```{include} /22.4/kali/file-system.md +``` diff --git a/src/22.4/kali/installation.md b/src/22.4/kali/installation.md new file mode 100644 index 00000000..7256d988 --- /dev/null +++ b/src/22.4/kali/installation.md @@ -0,0 +1,91 @@ +## Installing Greenbone Community Edition + +### Quick Start Install + +For those who want a quick start guide, here is an overview of the standard installation process: + +> 1. Update Kali Linux with `sudo apt update`. +> 2. Install Greenbone with `sudo apt install gvm`. +> 3. Configure Greenbone CE with `sudo gvm-setup` and note the provided *admin* password from the output +> 4. Check the install status with `gvm-check-setup`. +> 5. Visit [https://127.0.0.1:9392](https://127.0.0.1:9392) and log in using the credentials output in step 3. +> 6. Verify the feed status before starting your first scan. + +### Detailed Installation Instructions + +In this section we will take a more detailed look at each step of the installation process. + +### 1. Update Kali Linux + +The first step is to update the system's local package lists for repositories and PPAs (Personal Package Archives). Kali Linux is a "rolling" distribution which means that it continuously updates all of its software (the kernel, libraries, applications, and other system software) to the latest versions without requiring a complete OS reinstallation. Rolling releases typically offer the latest versions of software soon after they are released. + +Therefore, It's highly advised to also do a full package `upgrade` before installing `gvm` since Greenbone CE requires the newest version of PostgreSQL. If you are having trouble upgrading and configuring PostgreSQL during the installation process, see the [troubleshooting section](troubleshooting.md). + +```{warning} System upgrades may result in changes to the existing kernel, libraries, and software that could interfere with existing functionality. Before doing an upgrade you should make a complete backup of all critical files on your system including the contents of your PostgreSQL database. +``` +```{code-block} +:caption: Full package list update and system upgrade +sudo apt update && sudo apt upgrade +``` + +### 2. Install Greenbone Community Edition + +Greenbone CE and required dependencies can be installed with a single command: + +```bash +sudo apt install gvm -y +``` +Note that this is the same as executing the command: +```bash +sudo apt install openvas -y +``` + +### 3. Run The Automatic Configuration Script + +After installing the required packages, a configuration script must be run to complete the installation. To run the automatic configuration execute the command: + +```{note} +During `gvm-setup` you must record the default password created for the GVM admin user. +``` + +```bash +sudo gvm-setup +``` + +### 4. Verify The Installation + +The Kali Linux native installation includes a script to verify the installed services. This script can be run using the command: + +```bash +sudo gvm-check-setup +``` + +If your installation has been successfully configured, you will see the following message at the end of the verification out: + +``` +It seems like your GVM-22.5.0 installation is OK. +``` + +#### Starting And Stopping Greenbone CE + +The following commands can be used to start and stop Greenbone CE and all its required services: + +```{code-block} +:caption: Start all Greenbone CE services +sudo gvm-start +``` + +```{code-block} +:caption: Stop all Greenbone CE services +sudo gvm-stop +``` + +### 5. Log Into The Greenbone Web Interface + +Once the installation is complete you can log into the {term}`GSA` web interface by visiting [https://127.0.0.1:9392](https://127.0.0.1:9392) in your browser and providing the default admin credentials from step 3. + +### 6. Verify The Feed Status + +Before starting the first scan, Greenbone needs to parse the vulnerability feeds and store them into the `gvmd` PostgreSQL database. This process is initialized during the setup stage, but typically takes anywhere from a few minutes to several hours to complete, depending on your system resources. + +The feed status can be checked by going to the `Feed Status` page from the `Configuration` section in the top menu bar. diff --git a/src/22.4/kali/introduction.md b/src/22.4/kali/introduction.md new file mode 100644 index 00000000..ba8e7f6d --- /dev/null +++ b/src/22.4/kali/introduction.md @@ -0,0 +1 @@ +This documentation provides instructions on how to install {term}`Greenbone Community Edition` (CE) from the Kali Linux native repository. The install packages are maintained by [Offensive Security](https://www.kali.org/tools/gvm/). Any bugs discovered during installation or use should be reported to [Kali Linux Bug Tracker](https://bugs.kali.org/main_page.php). Guidelines for submitting bugs to Kali Linux can be [found here](https://www.kali.org/docs/community/submitting-issues-kali-bug-tracker/). diff --git a/src/22.4/kali/optional-configs.md b/src/22.4/kali/optional-configs.md new file mode 100644 index 00000000..be6cad45 --- /dev/null +++ b/src/22.4/kali/optional-configs.md @@ -0,0 +1,35 @@ +## Optional Configurations + +The Greenbone CE Kali Linux installation relies on the sub-system components as the [source code installation](/22.4/source-build/index.md) and all configuration options are available. Here we will cover some common custom configurations. + +### Configure Remote Access To The Web Interface + +By default Greenbone CE is installed with only `localhost` access to the {term}`GSA` web interface. This means Greenbone CE can only be accessed via the IP address `127.0.0.1`. To enable remote access to the web interface, the {term}`gsad` systemd service file must be modified. + +```{code-block} +:caption: Find the location of the gsad.sevice file +sudo find / -name gsad.service -type f +``` + +Edit the contents of the `gsad.service` systemd service file: + +```{code-block} +:caption: Use nano to edit the gsad.sevice file +nano /usr/lib/systemd/service/gsad.service +``` + +Change the value of the `--listen` argument to `0.0.0.0` and optionally change the value of `--port` to the standard SSL/TLS port 443: + +```diff +-ExecStart=/usr/local/sbin/gsad --foreground --listen=127.0.0.1 --port=9392 ++ExecStart=/usr/local/sbin/gsad --foreground --listen=0.0.0.0 --port=443 +``` + +### Setting A Password Policy + +The password policy configuration file defines the rules for user passwords such as minimum length, complexity, and expiration period, ensuring that all user passwords adhere to the desired security standards. + +```{code-block} +:caption: Edit the Greenbone CE password policy configuration +nano /etc/gvm/pwpolicy.conf +``` diff --git a/src/22.4/kali/troubleshooting.md b/src/22.4/kali/troubleshooting.md new file mode 100644 index 00000000..ac646f99 --- /dev/null +++ b/src/22.4/kali/troubleshooting.md @@ -0,0 +1,310 @@ +## Troubleshooting A Kali Linux Installation + +Here are some common issues encountered during installation and steps to fix them. + +### Upgrading The Default PostgreSQL Version + +If you encounter an error regarding the PostgreSQL version when running `sudo gvm-setup`, you must upgrade the installed version of PostgreSQL to the newest version required by the Kali native `gvm` package. In the example below shows the upgrade from PostgreSQL version 15 to version 16, but these steps will work to upgrade between any versions. + +[MORE: Can this be avoided by doing `sudo apt upgrade` before installation?] + +```{code-block} +:caption: Error indicating the need to upgrade your PostgreSQL cluster +┌──(dev㉿kali)-[~] +└─$ sudo gvm-setup + +[>] Starting PostgreSQL service +[-] ERROR: The default PostgreSQL version (15) is not 16 that is required by libgvmd +[-] ERROR: libgvmd needs PostgreSQL 16 to use the port 5432 +[-] ERROR: Use pg_upgradecluster to update your PostgreSQL cluster +``` + +To complete the Greenbone CE setup you must: + +1. Migrate PostgreSQL settings and data to a new upgraded cluster +2. Configure the new cluster to use port `5432` +3. Install the newest pg-gvm extension +4. Fix the gmvd database COLLATION mismatch +5. Resolve Any Outstanding Dependencies +6. Complete the Greenbone CE Setup + +### 1. Upgrade PostgreSQL Cluster + +```{warning} You should consider the contents of your existing PostgreSQL database and complete any backups of that data before you complete the following steps. It's also important to consider that upgrading Kali Linux packages could disrupt the functionality of your system. +``` + +You can list all existing PostgreSQL clusters using the command `pg_lsclusters`. + + ```{code-block} + :caption: Listing the existing PostgreSQL clusters +┌──(dev㉿kali)-[~] +└─$ pg_lsclusters +Ver Cluster Port Status Owner Data directory Log file +15 main 5432 online postgres /var/lib/postgresql/15/main /var/log/postgresql/postgresql-15-main.log +16 main 5433 online postgres /var/lib/postgresql/16/main /var/log/postgresql/postgresql-16-main.log +``` + +Here we see two online clusters listening on ports `5432` and `5433`. Since the target cluster `16/main` already exists, we must temporarily delete it. Otherwise we will encounter an error `Error: target cluster 16/main already exists`. The existence of the `16/main` cluster does not necessarily mean that the old cluster has already been upgraded; it simply means that a cluster for that version is present. + +```{code-block} +:caption: Trying to upgrade to an existing cluster will fail. +┌──(dev㉿kali)-[~] +└─$ sudo pg_upgradecluster 15 main 16 +Error: target cluster 16/main already exists +``` + +To complete the upgrade we must first stop and delete the `16/main` cluster. + +```bash +sudo pg_ctlcluster 16 main stop +sudo pg_dropcluster 16 main +``` + +Now we can upgrade the old cluster to a new one. The `pg_upgradecluster` command migrates databases from the old cluster to the new cluster. + +```{code-block} +:caption: The basic syntax of the pg_upgradecluster command. +pg_upgradecluster [options] oldversion oldclustername [newversion] +``` + +To upgrade your PostgreSQL cluster, you should use the following command: + +```bash +sudo pg_upgradecluster 15 main +``` + +If you do not need the older PostgreSQL cluster, you should delete it. + +```bash +sudo pg_dropcluster 15 main +``` + +And remove the PostgreSQL 15 packages + +```bash +sudo apt autoremove +``` + +Now we are left with only the new PostgreSQL cluster. + +```{code-block} +:caption: Listing the existing PostgreSQL clusters +┌──(dev㉿kali)-[~] +└─$ pg_lsclusters +Ver Cluster Port Status Owner Data directory Log file +16 main 5433 online postgres /var/lib/postgresql/16/main /var/log/postgresql/postgresql-16-main.log +``` +### 2. Configure The PostgreSQL Port + +Typically, the `pg_upgradecluster` will also configure the new version of PostgreSQL to use the standard port `5432`, which is required by Greenbone CE. However, if the port is not automatically changed, you must change it manually by editing the `postgresql.conf` configuration file and restarting the PostgreSQL systemd service. On Kali the `postgresql.conf` configuration file is located in the `/etc/postgresql//main` directory, but to be sure you can issue a command to locate the configuration file. + +```bash +sudo -u postgres psql -c 'SHOW config_file' +``` + +```{code-block} +:caption: Executing command to locate the PostgreSQL config file +┌──(dev㉿kali)-[~] +└─$ sudo -u postgres psql -c 'SHOW config_file' + + config_file +----------------------------------------- + /etc/postgresql/16/main/postgresql.conf +(1 row) +``` + +Edit the configuration file and change the connection settings port to `5432` and restart the PostgreSQL port. + +```{code-block} +:caption: Use nano to edit the postgresql.conf file +sudo nano /etc/postgresql/16/main/postgresql.conf +``` + +```diff +# - Connection Settings - + +#listen_addresses = 'localhost' # what IP address(es) to listen on; + # comma-separated list of addresses; + # defaults to 'localhost'; use '*' for all + # (change requires restart) +-port = 5433 # (change requires restart) ++port = 5432 # (change requires restart) +max_connections = 100 # (change requires restart) +#reserved_connections = 0 # (change requires restart) +#superuser_reserved_connections = 3 # (change requires restart) +``` + +```{code-block} +:caption: Restart the PostgreSQL systemd service +sudo systemctl restart postgresql +``` + +### 3. Install The Newest pg-gvm Extension For PostgreSQL + +When upgrading PostgreSQL cluster to a newer version, the `pg-gvm` package must also be updated. If you do not update this package before running `sudo gvm-check-setup`, you will encounter the following error when rebuilding the `gvmd` database: + +```{code-block} +:caption: Missing pg-gvm extention error when running gvm-check-setup +[*] Creating extension pg-gvm +ERROR: extension "pg-gvm" is not available +DETAIL: Could not open extension control file "/usr/share/postgresql/16/extension/pg-gvm.control": No such file or directory. +HINT: The extension must first be installed on the system where PostgreSQL is running. +``` + +You can find all available versions of `pg-gvm` using the `apt-cache search` command: + +```{code-block} +:caption: Searching the Linux package repository for all versions of pg-gvm +┌──(dev㉿kali)-[~] +└─$ apt-cache search pg-gvm +postgresql-16-pg-gvm - PostgreSQL extension for ical object manipulation +``` + +After updating the aptitude package repository is `postgresql-16-pg-gvm` which matches the new PostgreSQL version. So, you need to install that package: + +```bash +sudo apt install postgresql-16-pg-gvm -y +``` + +### 4. Fixing The gvmd COLLATION Version Mismatch + +During a PostgreSQL cluster upgrade you may encounter a COLLATION mismatch warning. This warning must be resolved before `gvm-setup` can be completed. + +```{code-block} +:caption: Error message indicating a COLLATION version mismatch +WARNING: database "gvmd" has a collation version mismatch +DETAIL: The database was created using collation version 2.36, but the operating system provides version 2.37. +HINT: Rebuild all objects in this database that use the default collation and run ALTER DATABASE gvmd REFRESH COLLATION VERSION, or build PostgreSQL with the right library version. +``` + +To fix the collation mismatch, login to the `psql` command line and execute the suggested commands to update all databases in the cluster. This will at least include the `gvmd` and `postgres` databases. + +```{code-block} +:caption: Become the postgres user to access the psql shell as a superadmin +sudo su postgres +``` + +```{code-block} +:caption: Start the PostgreSQL shell +psql +``` + +```{code-block} +:caption: Update each database COLLATION version +postgres=# ALTER DATABASE postgres REFRESH COLLATION VERSION; +NOTICE: changing version from 2.36 to 2.37 +ALTER DATABASE +postgres=# ALTER DATABASE gvmd REFRESH COLLATION VERSION; +NOTICE: changing version from 2.36 to 2.37 +ALTER DATABASE +postgres-# \q +postgres@kali:/home/dev$ exit +``` + +### 5. Resolve Any Outstanding Dependencies + +In order to complete the database cluster migration, you may also need to update various outdated extensions depending on the particular changes between PostgreSQL versions. For example, when migrating between PostgreSQL 15 and 16, the `pgcrypto` module must be updated. To update any unresolved dependencies... + + +```bash +sudo apt install pgcrypto + +``` + +### 6. Complete The Greenbone CE Setup + +You can now run the `gvm-setup` command to complete the setup. + +``` +sudo gvm-setup +``` + +```{note} +During setup it's important to note and record the default password created for the GVM admin user. +``` + +```{code-block} +:caption: The admin password is included in gvm-setup output +[+] Done +[*] Please note the password for the admin user +[*] User created with password 'ff006a29-8977-4ffa-882c-cd430fdc9bb8'. + +[>] You can now run gvm-check-setup to make sure everything is correctly configured +``` + +## Other Common Setup Errors + +```{note} +Here are some other common setup errors you may encounter when installing Greenbone CE from the native Kali Linux package. In most cases, hints are available in the `gvm-setup` and `gvm-check-setup` command output. +``` + +### ERROR: extention "pg-gvm" is not available + +[See the instructions here](#3-install-the-newest-pg-gvm-extension-for-postgresql) to find and install the latest version of `pg-gvm`. + +### ERROR: No users found + +If you encounter the error **ERROR: No users found.** when running `sudo gvm-check-setup`, you will need to create at least one an admin user. Replace `` with your own password. + +```bash +sudo runuser -u _gvm -- gvmd --create-user=admin --password= +``` + +### ERROR: The Postgresql DB does not exist + +If the PostgreSQL database was not created during initial setup of Greenbone CE, or not transferred when migrating to a new cluster, you must manually create the database with the following command: + +``` +sudo runuser -u postgres -- /usr/share/gvm/create-postgresql-database +``` + +### ERROR: Required systemd service did not start + +If the ospd-openvas service or any other required Greenbone `systemd` services did not start during the setup or initialization, you can attempt to manually start the process. Here is an example for troubleshooting the `ospd-openvas` systemd service, but you can use this process for other services as well: + +```{code-block} +:caption: Try to manually start the service +sudo systemctl start ospd-openvas +``` + +If the service still fails to start properly, you can check for errors using the following methods: + +```{code-block} +:caption: Display the systemd service status including any errors +sudo systemctl status ospd-openvas | less +``` + +```{code-block} +:caption: View detailed system logs with extended output +journalctl -xe +``` + +```{code-block} +:caption: View most recent items in the ospd-openvas log file +tail -20 /var/log/gvm/ospd-openvas.log +``` + +```{note} +You can find all the Greenbone CE log files in the `/var/log/gvm` directory. +``` + +### ERROR: The client certificate file of GVM is not valid + +If the required SSL/TLS certificates failed to generate during the standard setup process, or if the existing certificates are not valid any longer, you must generate the necessary SSL/TLS certificate files. The script `gvm-manage-certs` is used for managing the certificates required by Greenbone CE. + +```{code-block} +:caption: Generate all required SSL/TLS certificates +sudo runuser -u _gvm -- gvm-manage-certs -a -f +``` + +### ERROR: Database is wrong version. You have installed a new gvmd version + +When upgrading Greenbone CE, you may need to also update the `gvmd` PostgreSQL database schema. You can update the `gvmd` database to the with the following command: + +```bash +sudo runuser -u _gvm -- gvmd --migrate +``` + +### ERROR: No postgresql version uses the port 5432. + +Greenbone CE requires a PostgreSQL connection on port 5432. [See instructions here](#2-configure-the-postgresql-port) to change the PostgreSQL port. diff --git a/src/index.md b/src/index.md index 38e0c9fc..dd7ee273 100644 --- a/src/index.md +++ b/src/index.md @@ -32,6 +32,7 @@ Edition. background 22.4/source-build/index 22.4/container/index +22.4/kali/index faq troubleshooting glossary From 06ac8c45ca0f2ca2c84a93b17183273d2e0cf358 Mon Sep 17 00:00:00 2001 From: Joseph Lee Date: Tue, 16 Jan 2024 16:48:33 +0800 Subject: [PATCH 03/26] Replaced use of the word 'we' with better grammar. --- src/22.4/kali/installation.md | 2 +- src/22.4/kali/optional-configs.md | 2 +- src/22.4/kali/troubleshooting.md | 8 ++++---- 3 files changed, 6 insertions(+), 6 deletions(-) diff --git a/src/22.4/kali/installation.md b/src/22.4/kali/installation.md index 7256d988..d44efb67 100644 --- a/src/22.4/kali/installation.md +++ b/src/22.4/kali/installation.md @@ -13,7 +13,7 @@ For those who want a quick start guide, here is an overview of the standard inst ### Detailed Installation Instructions -In this section we will take a more detailed look at each step of the installation process. +In this section includes a more detailed look at each step of the installation process. ### 1. Update Kali Linux diff --git a/src/22.4/kali/optional-configs.md b/src/22.4/kali/optional-configs.md index be6cad45..a44c6c41 100644 --- a/src/22.4/kali/optional-configs.md +++ b/src/22.4/kali/optional-configs.md @@ -1,6 +1,6 @@ ## Optional Configurations -The Greenbone CE Kali Linux installation relies on the sub-system components as the [source code installation](/22.4/source-build/index.md) and all configuration options are available. Here we will cover some common custom configurations. +The Greenbone CE Kali Linux installation relies on the sub-system components as the [source code installation](/22.4/source-build/index.md) and all configuration options are available. Let's cover some common custom configurations. ### Configure Remote Access To The Web Interface diff --git a/src/22.4/kali/troubleshooting.md b/src/22.4/kali/troubleshooting.md index ac646f99..777737f6 100644 --- a/src/22.4/kali/troubleshooting.md +++ b/src/22.4/kali/troubleshooting.md @@ -44,7 +44,7 @@ Ver Cluster Port Status Owner Data directory Log file 16 main 5433 online postgres /var/lib/postgresql/16/main /var/log/postgresql/postgresql-16-main.log ``` -Here we see two online clusters listening on ports `5432` and `5433`. Since the target cluster `16/main` already exists, we must temporarily delete it. Otherwise we will encounter an error `Error: target cluster 16/main already exists`. The existence of the `16/main` cluster does not necessarily mean that the old cluster has already been upgraded; it simply means that a cluster for that version is present. +The output above shows two online clusters listening on ports `5432` and `5433`. Since the target cluster `16/main` already exists, it must be temporarily deleted to avoid the error `Error: target cluster 16/main already exists`. The existence of the `16/main` cluster does not necessarily mean that the old cluster has already been upgraded; it simply means that a cluster for that version is present. ```{code-block} :caption: Trying to upgrade to an existing cluster will fail. @@ -53,14 +53,14 @@ Here we see two online clusters listening on ports `5432` and `5433`. Since the Error: target cluster 16/main already exists ``` -To complete the upgrade we must first stop and delete the `16/main` cluster. +To complete the upgrade the `16/main` cluster must first be stopped and deleted. ```bash sudo pg_ctlcluster 16 main stop sudo pg_dropcluster 16 main ``` -Now we can upgrade the old cluster to a new one. The `pg_upgradecluster` command migrates databases from the old cluster to the new cluster. +Now upgrade the old cluster to a new one. The `pg_upgradecluster` command migrates databases from the old cluster to the new cluster. ```{code-block} :caption: The basic syntax of the pg_upgradecluster command. @@ -85,7 +85,7 @@ And remove the PostgreSQL 15 packages sudo apt autoremove ``` -Now we are left with only the new PostgreSQL cluster. +Now only the new PostgreSQL cluster exists. ```{code-block} :caption: Listing the existing PostgreSQL clusters From 9a7ee46facf2d5917bf1605d8a1c05d76281a709 Mon Sep 17 00:00:00 2001 From: Joseph Lee Date: Tue, 16 Jan 2024 16:56:39 +0800 Subject: [PATCH 04/26] Fixed unresovlved conflicts --- src/22.4/kali/installation.md | 4 ---- src/22.4/kali/optional-configs.md | 4 ---- 2 files changed, 8 deletions(-) diff --git a/src/22.4/kali/installation.md b/src/22.4/kali/installation.md index ec6fc2df..d44efb67 100644 --- a/src/22.4/kali/installation.md +++ b/src/22.4/kali/installation.md @@ -13,11 +13,7 @@ For those who want a quick start guide, here is an overview of the standard inst ### Detailed Installation Instructions -<<<<<<< HEAD In this section includes a more detailed look at each step of the installation process. -======= -In this section we will take a more detailed look at each step of the installation process. ->>>>>>> 1f6d7651ca0859b0228f0b941b7299928e7338c7 ### 1. Update Kali Linux diff --git a/src/22.4/kali/optional-configs.md b/src/22.4/kali/optional-configs.md index 3c8b712b..a44c6c41 100644 --- a/src/22.4/kali/optional-configs.md +++ b/src/22.4/kali/optional-configs.md @@ -1,10 +1,6 @@ ## Optional Configurations -<<<<<<< HEAD The Greenbone CE Kali Linux installation relies on the sub-system components as the [source code installation](/22.4/source-build/index.md) and all configuration options are available. Let's cover some common custom configurations. -======= -The Greenbone CE Kali Linux installation relies on the sub-system components as the [source code installation](/22.4/source-build/index.md) and all configuration options are available. Here we will cover some common custom configurations. ->>>>>>> 1f6d7651ca0859b0228f0b941b7299928e7338c7 ### Configure Remote Access To The Web Interface From 417a6b1e5399a4259283027d0eac99152921c8e0 Mon Sep 17 00:00:00 2001 From: Joseph <141339740+syspect-sec@users.noreply.github.com> Date: Tue, 16 Jan 2024 21:19:00 +0800 Subject: [PATCH 05/26] Update src/22.4/kali/introduction.md MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Co-authored-by: Björn Ricks --- src/22.4/kali/introduction.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/22.4/kali/introduction.md b/src/22.4/kali/introduction.md index ba8e7f6d..54c53349 100644 --- a/src/22.4/kali/introduction.md +++ b/src/22.4/kali/introduction.md @@ -1 +1 @@ -This documentation provides instructions on how to install {term}`Greenbone Community Edition` (CE) from the Kali Linux native repository. The install packages are maintained by [Offensive Security](https://www.kali.org/tools/gvm/). Any bugs discovered during installation or use should be reported to [Kali Linux Bug Tracker](https://bugs.kali.org/main_page.php). Guidelines for submitting bugs to Kali Linux can be [found here](https://www.kali.org/docs/community/submitting-issues-kali-bug-tracker/). +This documentation provides instructions on how to install {term}`Greenbone Community Edition` from the Kali Linux native repository. The install packages are maintained by [Offensive Security](https://www.kali.org/tools/gvm/). Any bugs discovered during installation or use should be reported to [Kali Linux Bug Tracker](https://bugs.kali.org/main_page.php). Guidelines for submitting bugs to Kali Linux can be [found here](https://www.kali.org/docs/community/submitting-issues-kali-bug-tracker/). From 0e8b1501d97c29d57e0eadb77fd8d6f0274a6756 Mon Sep 17 00:00:00 2001 From: Joseph <141339740+syspect-sec@users.noreply.github.com> Date: Tue, 16 Jan 2024 21:21:55 +0800 Subject: [PATCH 06/26] Update src/22.4/kali/installation.md MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Co-authored-by: Björn Ricks --- src/22.4/kali/installation.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/22.4/kali/installation.md b/src/22.4/kali/installation.md index d44efb67..12b99709 100644 --- a/src/22.4/kali/installation.md +++ b/src/22.4/kali/installation.md @@ -5,7 +5,7 @@ For those who want a quick start guide, here is an overview of the standard installation process: > 1. Update Kali Linux with `sudo apt update`. -> 2. Install Greenbone with `sudo apt install gvm`. +> 2. Install Greenbone Community Edition with `sudo apt install gvm`. > 3. Configure Greenbone CE with `sudo gvm-setup` and note the provided *admin* password from the output > 4. Check the install status with `gvm-check-setup`. > 5. Visit [https://127.0.0.1:9392](https://127.0.0.1:9392) and log in using the credentials output in step 3. From d345bb998bfe61d45705cee386f19c7414370b88 Mon Sep 17 00:00:00 2001 From: Joseph <141339740+syspect-sec@users.noreply.github.com> Date: Tue, 16 Jan 2024 21:23:20 +0800 Subject: [PATCH 07/26] Update src/22.4/kali/installation.md MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Co-authored-by: Björn Ricks --- src/22.4/kali/installation.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/22.4/kali/installation.md b/src/22.4/kali/installation.md index 12b99709..3361e031 100644 --- a/src/22.4/kali/installation.md +++ b/src/22.4/kali/installation.md @@ -1,4 +1,4 @@ -## Installing Greenbone Community Edition +## Installing Greenbone Community Edition on Kali Linux ### Quick Start Install From 1c52665fda5d599787461740f72ffb0fc49c8242 Mon Sep 17 00:00:00 2001 From: Joseph <141339740+syspect-sec@users.noreply.github.com> Date: Tue, 16 Jan 2024 21:23:46 +0800 Subject: [PATCH 08/26] Update src/22.4/kali/installation.md MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Co-authored-by: Björn Ricks --- src/22.4/kali/installation.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/22.4/kali/installation.md b/src/22.4/kali/installation.md index 3361e031..2f2abc84 100644 --- a/src/22.4/kali/installation.md +++ b/src/22.4/kali/installation.md @@ -6,7 +6,7 @@ For those who want a quick start guide, here is an overview of the standard inst > 1. Update Kali Linux with `sudo apt update`. > 2. Install Greenbone Community Edition with `sudo apt install gvm`. -> 3. Configure Greenbone CE with `sudo gvm-setup` and note the provided *admin* password from the output +> 3. Configure Greenbone Community Edition with `sudo gvm-setup` and note the provided *admin* password from the output > 4. Check the install status with `gvm-check-setup`. > 5. Visit [https://127.0.0.1:9392](https://127.0.0.1:9392) and log in using the credentials output in step 3. > 6. Verify the feed status before starting your first scan. From 4740a4d009f4a57cb3b3b03d5fe57fce0704d195 Mon Sep 17 00:00:00 2001 From: Joseph <141339740+syspect-sec@users.noreply.github.com> Date: Tue, 16 Jan 2024 21:23:56 +0800 Subject: [PATCH 09/26] Update src/22.4/kali/installation.md MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Co-authored-by: Björn Ricks --- src/22.4/kali/installation.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/22.4/kali/installation.md b/src/22.4/kali/installation.md index 2f2abc84..37848ecb 100644 --- a/src/22.4/kali/installation.md +++ b/src/22.4/kali/installation.md @@ -19,7 +19,7 @@ In this section includes a more detailed look at each step of the installation p The first step is to update the system's local package lists for repositories and PPAs (Personal Package Archives). Kali Linux is a "rolling" distribution which means that it continuously updates all of its software (the kernel, libraries, applications, and other system software) to the latest versions without requiring a complete OS reinstallation. Rolling releases typically offer the latest versions of software soon after they are released. -Therefore, It's highly advised to also do a full package `upgrade` before installing `gvm` since Greenbone CE requires the newest version of PostgreSQL. If you are having trouble upgrading and configuring PostgreSQL during the installation process, see the [troubleshooting section](troubleshooting.md). +Therefore, It's highly advised to also do a full package `upgrade` before installing `gvm` since Greenbone Community Edition requires the newest version of PostgreSQL. If you are having trouble upgrading and configuring PostgreSQL during the installation process, see the [troubleshooting section](troubleshooting.md). ```{warning} System upgrades may result in changes to the existing kernel, libraries, and software that could interfere with existing functionality. Before doing an upgrade you should make a complete backup of all critical files on your system including the contents of your PostgreSQL database. ``` From bdef2c8567c0441b718d375d2f05df965312bb2c Mon Sep 17 00:00:00 2001 From: Joseph <141339740+syspect-sec@users.noreply.github.com> Date: Tue, 16 Jan 2024 21:24:04 +0800 Subject: [PATCH 10/26] Update src/22.4/kali/troubleshooting.md MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Co-authored-by: Björn Ricks --- src/22.4/kali/troubleshooting.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/22.4/kali/troubleshooting.md b/src/22.4/kali/troubleshooting.md index 51aee7dd..d0cd0ab2 100644 --- a/src/22.4/kali/troubleshooting.md +++ b/src/22.4/kali/troubleshooting.md @@ -307,4 +307,4 @@ sudo runuser -u _gvm -- gvmd --migrate ### ERROR: No postgresql version uses the port 5432. -Greenbone CE requires a PostgreSQL connection on port 5432. [See instructions here](#2-configure-the-postgresql-port) to change the PostgreSQL port. +Greenbone Community Edition requires a PostgreSQL connection on port 5432. [See instructions here](#2-configure-the-postgresql-port) to change the PostgreSQL port. From afd1e5fcaeb6ff3d6f7ec0a3e9c46c2808b38b4d Mon Sep 17 00:00:00 2001 From: Joseph <141339740+syspect-sec@users.noreply.github.com> Date: Tue, 16 Jan 2024 21:24:12 +0800 Subject: [PATCH 11/26] Update src/22.4/kali/file-system.md MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Co-authored-by: Björn Ricks --- src/22.4/kali/file-system.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/22.4/kali/file-system.md b/src/22.4/kali/file-system.md index a1196afc..2e1c10c7 100644 --- a/src/22.4/kali/file-system.md +++ b/src/22.4/kali/file-system.md @@ -1,6 +1,6 @@ ## Log And Configuration File Locations -Here are the locations of the various Greenbone CE log and configuration files. +Here are the locations of the various Greenbone Community Edition log and configuration files. ```{code-block} :caption: View all Greenbone CE log files From 0c9cb81c8b4c874bed0d448576e937e5974252ad Mon Sep 17 00:00:00 2001 From: Joseph <141339740+syspect-sec@users.noreply.github.com> Date: Tue, 16 Jan 2024 21:24:22 +0800 Subject: [PATCH 12/26] Update src/22.4/kali/file-system.md MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Co-authored-by: Björn Ricks --- src/22.4/kali/file-system.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/22.4/kali/file-system.md b/src/22.4/kali/file-system.md index 2e1c10c7..5ef3bd5b 100644 --- a/src/22.4/kali/file-system.md +++ b/src/22.4/kali/file-system.md @@ -3,7 +3,7 @@ Here are the locations of the various Greenbone Community Edition log and configuration files. ```{code-block} -:caption: View all Greenbone CE log files +:caption: View all Greenbone Community Edition log files ls /var/log/gvm ``` From 82fe1444ee2929a534289892ab25a6d225df4107 Mon Sep 17 00:00:00 2001 From: Joseph <141339740+syspect-sec@users.noreply.github.com> Date: Tue, 16 Jan 2024 21:24:38 +0800 Subject: [PATCH 13/26] Update src/22.4/kali/file-system.md MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Co-authored-by: Björn Ricks --- src/22.4/kali/file-system.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/22.4/kali/file-system.md b/src/22.4/kali/file-system.md index 5ef3bd5b..c53f2294 100644 --- a/src/22.4/kali/file-system.md +++ b/src/22.4/kali/file-system.md @@ -8,7 +8,7 @@ ls /var/log/gvm ``` ```{code-block} -:caption: View the OpenVAS configuration files +:caption: View the OpenVAS Scanner configuration files ls /etc/openvas ``` From 0f280b8a3a6dd5b2484699c2c874d00cc496171c Mon Sep 17 00:00:00 2001 From: Joseph <141339740+syspect-sec@users.noreply.github.com> Date: Tue, 16 Jan 2024 21:24:45 +0800 Subject: [PATCH 14/26] Update src/22.4/kali/file-system.md MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Co-authored-by: Björn Ricks --- src/22.4/kali/file-system.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/22.4/kali/file-system.md b/src/22.4/kali/file-system.md index c53f2294..7dd0121f 100644 --- a/src/22.4/kali/file-system.md +++ b/src/22.4/kali/file-system.md @@ -13,6 +13,6 @@ ls /etc/openvas ``` ```{code-block} -:caption: View the other Greenbone CE configuration files +:caption: View the other Greenbone Community Edition configuration files ls /etc/gvm ``` From eb1e2325f94627e866afcae86d772014e6aab1f9 Mon Sep 17 00:00:00 2001 From: Joseph <141339740+syspect-sec@users.noreply.github.com> Date: Tue, 16 Jan 2024 21:27:48 +0800 Subject: [PATCH 15/26] Update src/22.4/kali/installation.md MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Co-authored-by: Björn Ricks --- src/22.4/kali/installation.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/22.4/kali/installation.md b/src/22.4/kali/installation.md index 37848ecb..8bc96e6d 100644 --- a/src/22.4/kali/installation.md +++ b/src/22.4/kali/installation.md @@ -30,7 +30,7 @@ sudo apt update && sudo apt upgrade ### 2. Install Greenbone Community Edition -Greenbone CE and required dependencies can be installed with a single command: +Greenbone Community Edition and required dependencies can be installed with a single command: ```bash sudo apt install gvm -y From eaa37e0994235a73995dca1c077ddfab04c82fef Mon Sep 17 00:00:00 2001 From: Joseph <141339740+syspect-sec@users.noreply.github.com> Date: Tue, 16 Jan 2024 21:28:39 +0800 Subject: [PATCH 16/26] Update src/22.4/kali/installation.md MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Co-authored-by: Björn Ricks --- src/22.4/kali/installation.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/22.4/kali/installation.md b/src/22.4/kali/installation.md index 8bc96e6d..c36a0918 100644 --- a/src/22.4/kali/installation.md +++ b/src/22.4/kali/installation.md @@ -68,7 +68,7 @@ It seems like your GVM-22.5.0 installation is OK. #### Starting And Stopping Greenbone CE -The following commands can be used to start and stop Greenbone CE and all its required services: +The following commands can be used to start and stop Greenbone Community Edition and all its required services: ```{code-block} :caption: Start all Greenbone CE services From ca6e5b8a0c1114b9e01b7ba01b0c31d0f0f4069f Mon Sep 17 00:00:00 2001 From: Joseph <141339740+syspect-sec@users.noreply.github.com> Date: Wed, 17 Jan 2024 13:10:41 +0800 Subject: [PATCH 17/26] Update src/22.4/kali/installation.md MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Co-authored-by: Björn Ricks --- src/22.4/kali/installation.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/22.4/kali/installation.md b/src/22.4/kali/installation.md index c36a0918..a1a604a1 100644 --- a/src/22.4/kali/installation.md +++ b/src/22.4/kali/installation.md @@ -71,7 +71,7 @@ It seems like your GVM-22.5.0 installation is OK. The following commands can be used to start and stop Greenbone Community Edition and all its required services: ```{code-block} -:caption: Start all Greenbone CE services +:caption: Start all services sudo gvm-start ``` From 1a9159a4e5354e2a50c3dd24c3d8047d051512ea Mon Sep 17 00:00:00 2001 From: Joseph <141339740+syspect-sec@users.noreply.github.com> Date: Wed, 17 Jan 2024 13:21:02 +0800 Subject: [PATCH 18/26] Apply suggestions from code review MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Changing 'CE' to 'Community Edition' and other minor changes. Co-authored-by: Björn Ricks --- src/22.4/kali/installation.md | 4 ++-- src/22.4/kali/optional-configs.md | 8 ++------ src/22.4/kali/troubleshooting.md | 23 +++++++++++------------ 3 files changed, 15 insertions(+), 20 deletions(-) diff --git a/src/22.4/kali/installation.md b/src/22.4/kali/installation.md index a1a604a1..c4291043 100644 --- a/src/22.4/kali/installation.md +++ b/src/22.4/kali/installation.md @@ -76,7 +76,7 @@ sudo gvm-start ``` ```{code-block} -:caption: Stop all Greenbone CE services +:caption: Stop all services sudo gvm-stop ``` @@ -86,6 +86,6 @@ Once the installation is complete you can log into the {term}`GSA` web interface ### 6. Verify The Feed Status -Before starting the first scan, Greenbone needs to parse the vulnerability feeds and store them into the `gvmd` PostgreSQL database. This process is initialized during the setup stage, but typically takes anywhere from a few minutes to several hours to complete, depending on your system resources. +Before starting the first scan, Greenbone needs to parse the vulnerability feeds and store them into the `gvmd` PostgreSQL database. This process is initialized during the setup stage, but typically takes anywhere from a few minutes to several hours to complete, depending on your system resources. The feed status can be checked by going to the `Feed Status` page from the `Configuration` section in the top menu bar. diff --git a/src/22.4/kali/optional-configs.md b/src/22.4/kali/optional-configs.md index a44c6c41..01c930ca 100644 --- a/src/22.4/kali/optional-configs.md +++ b/src/22.4/kali/optional-configs.md @@ -4,12 +4,8 @@ The Greenbone CE Kali Linux installation relies on the sub-system components as ### Configure Remote Access To The Web Interface -By default Greenbone CE is installed with only `localhost` access to the {term}`GSA` web interface. This means Greenbone CE can only be accessed via the IP address `127.0.0.1`. To enable remote access to the web interface, the {term}`gsad` systemd service file must be modified. +By default Greenbone Community Edition is installed with only `localhost` access to the {term}`GSA` web interface. This means Greenbone Community Edition can only be accessed via the IP address `127.0.0.1`. To enable remote access to the web interface, the {term}`gsad` systemd service file must be modified. -```{code-block} -:caption: Find the location of the gsad.sevice file -sudo find / -name gsad.service -type f -``` Edit the contents of the `gsad.service` systemd service file: @@ -30,6 +26,6 @@ Change the value of the `--listen` argument to `0.0.0.0` and optionally change t The password policy configuration file defines the rules for user passwords such as minimum length, complexity, and expiration period, ensuring that all user passwords adhere to the desired security standards. ```{code-block} -:caption: Edit the Greenbone CE password policy configuration +:caption: Edit the Greenbone Community Edition password policy configuration nano /etc/gvm/pwpolicy.conf ``` diff --git a/src/22.4/kali/troubleshooting.md b/src/22.4/kali/troubleshooting.md index d0cd0ab2..556b5cc2 100644 --- a/src/22.4/kali/troubleshooting.md +++ b/src/22.4/kali/troubleshooting.md @@ -6,7 +6,6 @@ Here are some common issues encountered during installation and steps to fix the If you encounter an error regarding the PostgreSQL version when running `sudo gvm-setup`, you must upgrade the installed version of PostgreSQL to the newest version required by the Kali native `gvm` package. In the example below shows the upgrade from PostgreSQL version 15 to version 16, but these steps will work to upgrade between any versions. -[MORE: Can this be avoided by doing `sudo apt upgrade` before installation?] ```{code-block} :caption: Error indicating the need to upgrade your PostgreSQL cluster @@ -19,14 +18,14 @@ If you encounter an error regarding the PostgreSQL version when running `sudo gv [-] ERROR: Use pg_upgradecluster to update your PostgreSQL cluster ``` -To complete the Greenbone CE setup you must: +To complete the Greenbone Community Edition setup you must: 1. Migrate PostgreSQL settings and data to a new upgraded cluster 2. Configure the new cluster to use port `5432` 3. Install the newest pg-gvm extension 4. Fix the gmvd database COLLATION mismatch 5. Resolve Any Outstanding Dependencies -6. Complete the Greenbone CE Setup +6. Complete the Greenbone Community Edition Setup ### 1. Upgrade PostgreSQL Cluster @@ -96,7 +95,7 @@ Ver Cluster Port Status Owner Data directory Log file ``` ### 2. Configure The PostgreSQL Port -Typically, the `pg_upgradecluster` will also configure the new version of PostgreSQL to use the standard port `5432`, which is required by Greenbone CE. However, if the port is not automatically changed, you must change it manually by editing the `postgresql.conf` configuration file and restarting the PostgreSQL systemd service. On Kali the `postgresql.conf` configuration file is located in the `/etc/postgresql//main` directory, but to be sure you can issue a command to locate the configuration file. +Typically, the `pg_upgradecluster` will also configure the new version of PostgreSQL to use the standard port `5432`, which is required by Greenbone Community Edition. However, if the port is not automatically changed, you must change it manually by editing the `postgresql.conf` configuration file and restarting the PostgreSQL systemd service. On Kali the `postgresql.conf` configuration file is located in the `/etc/postgresql//main` directory, but to be sure you can issue a command to locate the configuration file. ```bash sudo -u postgres psql -c 'SHOW config_file' @@ -211,7 +210,7 @@ sudo apt install pgcrypto ``` -### 6. Complete The Greenbone CE Setup +### 6. Complete The Greenbone Community Edition Setup You can now run the `gvm-setup` command to complete the setup. @@ -235,7 +234,7 @@ During setup it's important to note and record the default password created for ## Other Common Setup Errors ```{note} -Here are some other common setup errors you may encounter when installing Greenbone CE from the native Kali Linux package. In most cases, hints are available in the `gvm-setup` and `gvm-check-setup` command output. +Here are some other common setup errors you may encounter when installing Greenbone Community Edition from the native Kali Linux package. In most cases, hints are available in the `gvm-setup` and `gvm-check-setup` command output. ``` ### ERROR: extention "pg-gvm" is not available @@ -247,12 +246,12 @@ Here are some other common setup errors you may encounter when installing Greenb If you encounter the error **ERROR: No users found.** when running `sudo gvm-check-setup`, you will need to create at least one an admin user. Replace `` with your own password. ```bash -sudo runuser -u _gvm -- gvmd --create-user=admin --password= +sudo runuser -u _gvm -- gvmd --create-user=admin --password='' ``` ### ERROR: The Postgresql DB does not exist -If the PostgreSQL database was not created during initial setup of Greenbone CE, or not transferred when migrating to a new cluster, you must manually create the database with the following command: +If the PostgreSQL database was not created during initial setup of Greenbone Community Edition, or not transferred when migrating to a new cluster, you must manually create the database with the following command: ``` sudo runuser -u postgres -- /usr/share/gvm/create-postgresql-database @@ -260,7 +259,7 @@ sudo runuser -u postgres -- /usr/share/gvm/create-postgresql-database ### ERROR: Required systemd service did not start -If the ospd-openvas service or any other required Greenbone `systemd` services did not start during the setup or initialization, you can attempt to manually start the process. Here is an example for troubleshooting the `ospd-openvas` systemd service, but you can use this process for other services as well: +If the ospd-openvas service or any other required Greenbone `systemd` services did not start during the setup or initialization, you can attempt to manually start the process. Here is an example for troubleshooting the `ospd-openvas` systemd service, but you can use this process for other services as well: ```{code-block} :caption: Try to manually start the service @@ -285,12 +284,12 @@ tail -20 /var/log/gvm/ospd-openvas.log ``` ```{note} -You can find all the Greenbone CE log files in the `/var/log/gvm` directory. +You can find all the Greenbone Community Edition log files in the `/var/log/gvm` directory. ``` ### ERROR: The client certificate file of GVM is not valid -If the required SSL/TLS certificates failed to generate during the standard setup process, or if the existing certificates are not valid any longer, you must generate the necessary SSL/TLS certificate files. The script `gvm-manage-certs` is used for managing the certificates required by Greenbone CE. +If the required SSL/TLS certificates failed to generate during the standard setup process, or if the existing certificates are not valid any longer, you must generate the necessary SSL/TLS certificate files. The script `gvm-manage-certs` is used for managing the certificates required by Greenbone Community Edition. ```{code-block} :caption: Generate all required SSL/TLS certificates @@ -299,7 +298,7 @@ sudo runuser -u _gvm -- gvm-manage-certs -a -f ### ERROR: Database is wrong version. You have installed a new gvmd version -When upgrading Greenbone CE, you may need to also update the `gvmd` PostgreSQL database schema. You can update the `gvmd` database to the with the following command: +When upgrading Greenbone Community Edition, you may need to also update the `gvmd` PostgreSQL database schema. You can update the `gvmd` database to the with the following command: ```bash sudo runuser -u _gvm -- gvmd --migrate From 1128e7beba8343184b719fa4f64e0f17c197c8c4 Mon Sep 17 00:00:00 2001 From: Joseph <141339740+syspect-sec@users.noreply.github.com> Date: Wed, 17 Jan 2024 13:23:08 +0800 Subject: [PATCH 19/26] Apply suggestions from code review MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Changing 'CE' to 'Community Edition' Co-authored-by: Björn Ricks --- src/22.4/kali/optional-configs.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/22.4/kali/optional-configs.md b/src/22.4/kali/optional-configs.md index 01c930ca..2957253f 100644 --- a/src/22.4/kali/optional-configs.md +++ b/src/22.4/kali/optional-configs.md @@ -1,6 +1,6 @@ ## Optional Configurations -The Greenbone CE Kali Linux installation relies on the sub-system components as the [source code installation](/22.4/source-build/index.md) and all configuration options are available. Let's cover some common custom configurations. +The Greenbone Community Edition on Kali Linux installation relies on the same sub-system components as the [source code installation](/22.4/source-build/index.md) and all configuration options are available. Let's cover some common custom configurations. ### Configure Remote Access To The Web Interface From cec9e87b9cea7e1c30d53125d50c5c1a1320fa51 Mon Sep 17 00:00:00 2001 From: Joseph <141339740+syspect-sec@users.noreply.github.com> Date: Wed, 17 Jan 2024 15:04:09 +0800 Subject: [PATCH 20/26] Apply suggestions from code review MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Adding next minor change. Co-authored-by: Björn Ricks --- src/22.4/kali/troubleshooting.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/22.4/kali/troubleshooting.md b/src/22.4/kali/troubleshooting.md index 556b5cc2..02ac46fd 100644 --- a/src/22.4/kali/troubleshooting.md +++ b/src/22.4/kali/troubleshooting.md @@ -287,7 +287,7 @@ tail -20 /var/log/gvm/ospd-openvas.log You can find all the Greenbone Community Edition log files in the `/var/log/gvm` directory. ``` -### ERROR: The client certificate file of GVM is not valid +### ERROR: The client certificate file of gsad is not valid If the required SSL/TLS certificates failed to generate during the standard setup process, or if the existing certificates are not valid any longer, you must generate the necessary SSL/TLS certificate files. The script `gvm-manage-certs` is used for managing the certificates required by Greenbone Community Edition. From 16cf01dac4bfb57f77cf79a84f6c70cef634369e Mon Sep 17 00:00:00 2001 From: Joseph <141339740+syspect-sec@users.noreply.github.com> Date: Wed, 17 Jan 2024 15:04:37 +0800 Subject: [PATCH 21/26] Update src/22.4/kali/installation.md MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Co-authored-by: Björn Ricks --- src/22.4/kali/installation.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/22.4/kali/installation.md b/src/22.4/kali/installation.md index c4291043..f75f5f81 100644 --- a/src/22.4/kali/installation.md +++ b/src/22.4/kali/installation.md @@ -66,7 +66,7 @@ If your installation has been successfully configured, you will see the followin It seems like your GVM-22.5.0 installation is OK. ``` -#### Starting And Stopping Greenbone CE +#### Starting And Stopping Greenbone Community Edition The following commands can be used to start and stop Greenbone Community Edition and all its required services: From 8d680a6a7c39e5e5a006a45a1545c8c37d0f3218 Mon Sep 17 00:00:00 2001 From: Joseph <141339740+syspect-sec@users.noreply.github.com> Date: Wed, 17 Jan 2024 15:07:33 +0800 Subject: [PATCH 22/26] Update feed-sync.md Removed reference to `gvm-update-feed` --- src/22.4/kali/feed-sync.md | 8 +------- 1 file changed, 1 insertion(+), 7 deletions(-) diff --git a/src/22.4/kali/feed-sync.md b/src/22.4/kali/feed-sync.md index b573f08d..6dca6265 100644 --- a/src/22.4/kali/feed-sync.md +++ b/src/22.4/kali/feed-sync.md @@ -1,9 +1,3 @@ ## Community Feed Synchronization -The Kali Linux Greenbone CE installation includes its own feed-sync script `gvm-feed-update` which acts as a wrapper for the various `greenbone-feed-sync` commands. However, this script is not maintained by Greeenbone and any bugs should be reported to the [Kali Linux Bug Tracker](https://bugs.kali.org/main_page.php). The `gvm-feed-update` script must be executed with superuser privileges: - -```bash -sudo gvm-feed-update -``` - -The standard `greenbone-feed-sync` commands, can also be executed directly. A detailed guide on using the `greenbone-feed-sync` command is [available here](../source-build/feed-sync.md). +The standard `greenbone-feed-sync` commands must be used to maintain current security information. A detailed guide on using the `greenbone-feed-sync` command is [available here](../source-build/feed-sync.md). From 8c76076fc436e28bbb12e8174c99c9cd919de82e Mon Sep 17 00:00:00 2001 From: Joseph <141339740+syspect-sec@users.noreply.github.com> Date: Wed, 17 Jan 2024 15:08:41 +0800 Subject: [PATCH 23/26] Apply suggestions from code review MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Co-authored-by: Björn Ricks --- src/22.4/kali/installation.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/22.4/kali/installation.md b/src/22.4/kali/installation.md index f75f5f81..4b3b19df 100644 --- a/src/22.4/kali/installation.md +++ b/src/22.4/kali/installation.md @@ -45,7 +45,7 @@ sudo apt install openvas -y After installing the required packages, a configuration script must be run to complete the installation. To run the automatic configuration execute the command: ```{note} -During `gvm-setup` you must record the default password created for the GVM admin user. +During `gvm-setup` you must record the default password created for the admin user. ``` ```bash From e958e2d1fd3281ac9e8475d1caab366fa26bc6f4 Mon Sep 17 00:00:00 2001 From: Joseph <141339740+syspect-sec@users.noreply.github.com> Date: Wed, 17 Jan 2024 15:11:22 +0800 Subject: [PATCH 24/26] Update installation.md Changed the first sentence to include a warning about starting scans before the feed sync is complete. --- src/22.4/kali/installation.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/22.4/kali/installation.md b/src/22.4/kali/installation.md index 4b3b19df..179c3c7d 100644 --- a/src/22.4/kali/installation.md +++ b/src/22.4/kali/installation.md @@ -86,6 +86,6 @@ Once the installation is complete you can log into the {term}`GSA` web interface ### 6. Verify The Feed Status -Before starting the first scan, Greenbone needs to parse the vulnerability feeds and store them into the `gvmd` PostgreSQL database. This process is initialized during the setup stage, but typically takes anywhere from a few minutes to several hours to complete, depending on your system resources. +Before starting the first scan, Greenbone needs to parse the vulnerability feeds and store them into the `gvmd` PostgreSQL database, otherwise, it will not be able to initialize or complete scans without errors. This process is initialized during the setup stage, but typically takes anywhere from a few minutes to several hours to complete, depending on your system resources. The feed status can be checked by going to the `Feed Status` page from the `Configuration` section in the top menu bar. From ab61a0df4e104f9aade533ccc6a9d2f64450550b Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Bj=C3=B6rn=20Ricks?= Date: Wed, 17 Jan 2024 07:59:35 +0100 Subject: [PATCH 25/26] Change: Use own PR template for docs Docs don't have tests but require a manual entry in the file. --- .github/PULL_REQUEST_TEMPLATE.md | 22 ++++++++++++++++++++++ 1 file changed, 22 insertions(+) create mode 100644 .github/PULL_REQUEST_TEMPLATE.md diff --git a/.github/PULL_REQUEST_TEMPLATE.md b/.github/PULL_REQUEST_TEMPLATE.md new file mode 100644 index 00000000..13154a60 --- /dev/null +++ b/.github/PULL_REQUEST_TEMPLATE.md @@ -0,0 +1,22 @@ +## What + + + +## Why + + + +## References + + + +## Checklist + + + +- [ ] [Changelog](src/changelog.md) entry + + From f9d4d200b6ba99fa35e05f5f565a9dbf1ca7e447 Mon Sep 17 00:00:00 2001 From: Joseph Lee Date: Wed, 17 Jan 2024 15:51:06 +0800 Subject: [PATCH 26/26] Added to Kali install to changelog --- src/changelog.md | 1 + 1 file changed, 1 insertion(+) diff --git a/src/changelog.md b/src/changelog.md index fddffb7c..bcff4095 100644 --- a/src/changelog.md +++ b/src/changelog.md @@ -6,6 +6,7 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/), and this project adheres to [Calendar Versioning](https://calver.org). ## Latest +* Add instructions for Kali Linux installation * Add instructions to enable SSL/TLS * Quote passwords when creating an admin user via `gvmd`