hcvv
You’re right! Absolutely, strings should be enclosed to prevent injection and accidental execution! But, that’s more of an issue when scripting (and distributing scripts) and very unlikely an issue when entering the zypper command manually…
But, a FYI to anyone who is following this thread…
I’ve been able to take this install with me,
And can report that eventually the script will complete without error…
But there a lot of “gotchas” which I’ll describe next along with a general description of some things that had to be done.
The Following is a continuation of my previous post that describes Preparation and Installation
Things the “openvas-check-setup” script will prompt you to do…
- SQLite3 needs to be installed before you can add a User (Admin role and setting password)
zypper in sqlite3
You’ll be prompted to set up a User, but it’s useless (more on this later)
openvasmd --create-user=tsu --role=Admin && openvasmd --user=tsu --new-password=123
- Rebuild the database several times
openvasmd --rebuild
- Update the scapdata database
openvas-scapdata-sync
- Create new or use the default certificate for downloading data from some sources, the following uses the default certificate
openvas-certdata-sync
- Configure the Password Policy. The following command opens the default policy, you need to modify it in some way to disable the error. You can use your graphical text editor to do this if you wish (with root permissions)
vi /etc/openvas/pwpolicy.conf
An example if you want to use kwrite with root permissions… First open a root console (su- ) and then execute the following
kwrite /etc/openvas/pwpolicy.conf
Install greenbone
zypper in greenbone-security-assistant
Now, in addition to the above,** I recommend the following** which will automatically start up various parts of OpenVAS (except redis which will still be started manually. If people want to have redis start up automatically, I’ll post that separately since it’s not a simple procedure)
First start Redis manually in a console referencing the config file as I described earlier
redis-server /etc/redis/default.conf
To start openvas manager automatically
systemctl start openvas-manager.service
systemctl enable openvas-manager.service
To start the openvas scanner service automatically
systemctl enable openvas-scanner.service
systemctl start openvas-scanner.service
Run the check script which besides checking also starts up openvas to verify nothing else needs to be fixed.
It should state some warnings about pdflatex, nmap and nsis.
If you install** texlive**(zypper install textlive), you’ll get pdflatex, but there’s still an unknown problem and may not work.
You can install nmap, but the script will complain about nmap being too new. I haven’t yet checked if this is an issue (IMO an important issue if not working).
You can’t install nsis because it’s distributed only as a Windows binary so can run only in something like Wine.
Optional]
Now if you want to, you can reboot if you wish to test your setup when it newly boots.
When your system has booted, every required sub-system except redis should have started automatically.
Start redis in a console, then run the check script again to verify everything is working properly and continue.
Now to address the problem of a non-working account. To install a working User account, run the following and copy the generated password
openvasmd --create-user *Username*
Open a web browser to localhost if on the same machine as your OpenVAS to localhost
localhost
The Greenbone Securiity Assistant should open.
Enter the Username you configured above, and paste the password into its field.
When you’re authenticated, you can go in and change the password to something easier to remember.
One more observation…
The steps described result in a generally **unsafe **configuration, susceptible to hacking. Do not expose to the Internet, in fact I’d recommend you install this in a VM which can always be shut down except when you’re running it.
HTH for anyone,
TSU