#!/bin/bash # OpenVAS installation script for Debian 13 systems. # Version: v1.0.0 # Purpose: Installs and configures OpenVAS from source following Greenbone Community Edition guidelines. # Repository: https://github.com/Kastervo/OpenVAS-Installation # # Copyright 2025 KASTERVO LTD # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. # You may obtain a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. # # Company: KASTERVO LTD # Address: Efesou 9, Paralimni, 5280, Famagusta, Cyprus # Contact: https://kastervo.com/contact # ----------------------------------- # Section: Environment Setup # ----------------------------------- # Sets up environment variables for the installation process. # Creates consistent paths for source, build, and install directories. set_environment() { log INFO "Starting environment variable setup..." export INSTALL_PREFIX=/usr/local export PATH=$PATH:$INSTALL_PREFIX/sbin export SOURCE_DIR=$HOME/source export BUILD_DIR=$HOME/build export INSTALL_DIR=$HOME/install export GNUPGHOME=/tmp/openvas-gnupg export OPENVAS_GNUPG_HOME=/etc/openvas/gnupg # Check disk space for directories for dir in "$SOURCE_DIR" "$BUILD_DIR" "$INSTALL_DIR"; do if ! mkdir -p "$dir" 2>/dev/null; then log ERROR "Failed to create directory $dir. Check permissions or disk space." exit 1 fi local free_space free_space=$(df -k "$dir" | tail -1 | awk '{print $4}') if [ "$free_space" -lt 1048576 ]; then # Less than 1GB log WARN "Low disk space in $dir: $((free_space/1024)) MB available. Recommend at least 1GB." fi done log INFO "Environment variable set: INSTALL_PREFIX=$INSTALL_PREFIX" log INFO "Environment variable set: PATH=$PATH" log INFO "Environment variable set: SOURCE_DIR=$SOURCE_DIR" log INFO "Environment variable set: BUILD_DIR=$BUILD_DIR" log INFO "Environment variable set: INSTALL_DIR=$INSTALL_DIR" log INFO "Environment variable set: GNUPGHOME=$GNUPGHOME" log INFO "Environment variable set: OPENVAS_GNUPG_HOME=$OPENVAS_GNUPG_HOME" } # ----------------------------------- # Section: Version Management # ----------------------------------- # Fetches the latest version of OpenVAS components from GitHub. # Exports version numbers as environment variables for use in installation. check_latest_version() { log INFO "Starting version check for OpenVAS components..." # Check network connectivity to GitHub API if ! curl --proto '=https' --tlsv1.2 -s -I "https://api.github.com" >/dev/null 2>&1; then log ERROR "No network connectivity to api.github.com. Check network settings." exit 1 fi declare -A component_vars=( ["gvm-libs"]="GVM_LIBS_VERSION" ["gvmd"]="GVMD_VERSION" ["pg-gvm"]="PG_GVM_VERSION" ["gsa"]="GSA_VERSION" ["gsad"]="GSAD_VERSION" ["openvas-smb"]="OPENVAS_SMB_VERSION" ["openvas-scanner"]="OPENVAS_SCANNER_VERSION" ["ospd-openvas"]="OSPD_OPENVAS_VERSION" ) for component in "${!component_vars[@]}"; do log INFO "Fetching latest version for $component..." local comp_ver comp_ver=$(curl --proto '=https' --tlsv1.2 -s "https://api.github.com/repos/greenbone/$component/releases/latest" | grep tag_name | cut -d '"' -f 4 | sed 's/v//') if [ -z "$comp_ver" ]; then log ERROR "Failed to fetch version for $component. Check network or GitHub API." exit 1 fi local var_name="${component_vars[$component]}" export "$var_name=$comp_ver" log INFO "Set $var_name=$comp_ver" if [ "$component" = "openvas-scanner" ]; then export OPENVAS_DAEMON="$comp_ver" log INFO "Set OPENVAS_DAEMON=$comp_ver" fi done log INFO "Completed version check for all components." } # ----------------------------------- # Section: Logging and Error Handling # ----------------------------------- # Structured logging with levels (INFO, WARN, ERROR) to a log file with colors. # Usage: log LOG_FILE=/var/log/openvas_install.log log() { local level=$1 shift local message="$*" local timestamp=$(date '+%Y-%m-%d %H:%M:%S') # ANSI color codes local COLOR_INFO="\033[1;36m" # Cyan for INFO local COLOR_WARN="\033[1;33m" # Yellow for WARN local COLOR_ERROR="\033[1;31m" # Red for ERROR local COLOR_RESET="\033[0m" # Reset color # Select color based on log level case "$level" in INFO) color=$COLOR_INFO ;; WARN) color=$COLOR_WARN ;; ERROR) color=$COLOR_ERROR ;; *) color=$COLOR_RESET ;; esac # Output to console with color and log to file without color echo -e "${color}${timestamp} [$level] $message${COLOR_RESET}" | tee -a "$LOG_FILE" } # Executes a command with error handling and logging. # Logs command execution and exits on failure with status code. run_command() { log INFO "Executing command: $*" "$@" local status=$? if [ $status -ne 0 ]; then log ERROR "Command '$*' failed with status $status." exit $status fi log INFO "Command '$*' completed successfully." } # ----------------------------------- # Section: System Checks # ----------------------------------- # Ensures the script is run as root to meet permission requirements. check_root() { log INFO "Checking for root privileges..." if [ "$EUID" -ne 0 ]; then log ERROR "This script must be run as root." exit 1 fi log INFO "Root privilege check passed." } # ----------------------------------- # Section: User and Group Management # ----------------------------------- # Creates a dedicated 'gvm' user and group for running OpenVAS services. create_gvm_user() { log INFO "Setting up GVM user and group..." if getent passwd gvm > /dev/null 2>&1; then log WARN "GVM user already exists, skipping creation. Verify user settings." else run_command useradd -r -M -U -G sudo -s /usr/sbin/nologin gvm if ! run_command usermod -aG gvm "$USER"; then log WARN "Failed to add $USER to gvm group. Manual addition may be required." else log INFO "Created GVM user and group, added $USER to gvm group." fi fi } # ----------------------------------- # Section: Dependency Installation # ----------------------------------- # Installs common build tools and dependencies required for all components. install_common_dep() { log INFO "Installing common build dependencies..." if ! run_command apt install -y --no-install-recommends --assume-yes \ build-essential curl cmake pkg-config python3 python3-pip gnupg; then log ERROR "Failed to install common dependencies. Check apt configuration." exit 1 fi if ! command -v cmake >/dev/null 2>&1; then log ERROR "cmake not found after installation. Dependency installation incomplete." exit 1 fi log INFO "Common dependencies installed." } # Installs dependencies for gvm-libs component. install_gvm_libs_dep() { log INFO "Installing gvm-libs dependencies..." # Required dependencies for gvm-libs if ! run_command apt install -y \ libcjson-dev libcurl4-gnutls-dev libgcrypt-dev libglib2.0-dev libgnutls28-dev libgpgme-dev libhiredis-dev libnet1-dev libpaho-mqtt-dev libpcap-dev libssh-dev libxml2-dev uuid-dev ; then log ERROR "Failed to install required dependencies for gvm-libs. Check apt configuration." exit 1 fi # Optional dependencies for gvm-libs if ! run_command apt install -y \ libldap2-dev libradcli-dev ; then log WARN "Optional gvm-libs dependencies (libldap2-dev, libradcli-dev) not installed. Some features may be limited." fi log INFO "gvm-libs dependencies installed." } # Installs dependencies for gvmd component. install_gvmd_dep() { log INFO "Installing gvmd dependencies..." # Required dependencies for gvmd if ! run_command apt install -y \ libbsd-dev libcjson-dev libglib2.0-dev libgnutls28-dev libgpgme-dev libical-dev libpq-dev postgresql-server-dev-all rsync xsltproc; then log ERROR "Failed to install required dependencies for gvmd. Check apt configuration." exit 1 fi # Optional dependencies for gvmd if ! run_command apt install -y --no-install-recommends \ dpkg fakeroot gnupg gnutls-bin gpgsm nsis openssh-client python3 python3-lxml rpm smbclient snmp socat sshpass texlive-fonts-recommended texlive-latex-extra wget xmlstarlet zip; then log WARN "Optional gvmd dependencies not installed. Some features may be limited." fi log INFO "gvmd dependencies installed." } # Installs dependencies for pg-gvm component. install_pg_gvm_dep() { log INFO "Installing pg-gvm dependencies..." # Required dependencies for pg-gvm if ! run_command apt install -y \ libglib2.0-dev libical-dev postgresql-server-dev-all; then log ERROR "Failed to install required dependencies for pg-gvm. Check apt configuration." exit 1 fi log INFO "pg-gvm dependencies installed." } # Installs dependencies for gsad component. install_gsad_dep() { log INFO "Installing gsad dependencies..." # Required dependencies for gsad if ! run_command apt install -y \ libbrotli-dev libglib2.0-dev libgnutls28-dev libmicrohttpd-dev libxml2-dev; then log ERROR "Failed to install required dependencies for gsad. Check apt configuration." exit 1 fi log INFO "gsad dependencies installed." } # Installs dependencies for openvas-smb component. install_openvas_smb_dep() { log INFO "Installing openvas-smb dependencies..." # Required dependencies for openvas-smb if ! run_command apt install -y \ gcc-mingw-w64 libgnutls28-dev libglib2.0-dev libpopt-dev libunistring-dev heimdal-multidev perl-base; then log ERROR "Failed to install required dependencies for openvas-smb. Check apt configuration." exit 1 fi log INFO "openvas-smb dependencies installed." } # Installs dependencies for openvas-scanner component. install_openvas_scanner_dep() { log INFO "Installing openvas-scanner dependencies..." # Required dependencies for openvas-scanner if ! run_command apt install -y \ bison libglib2.0-dev libgnutls28-dev libgcrypt20-dev libpcap-dev libgpgme-dev libksba-dev rsync nmap libjson-glib-dev libcurl4-gnutls-dev libbsd-dev krb5-multidev; then log ERROR "Failed to install required dependencies for openvas-scanner. Check apt configuration." exit 1 fi # Optional dependencies for openvas-scanner if ! run_command apt install -y \ python3-impacket libsnmp-dev; then log WARN "Optional openvas-scanner dependencies (python3-impacket, libsnmp-dev) not installed. Some features may be limited." fi log INFO "openvas-scanner dependencies installed." } # Installs dependencies for ospd-openvas component. install_ospd_openvas_dep() { log INFO "Installing ospd-openvas dependencies..." # Required dependencies for ospd-openvas if ! run_command apt install -y \ python3 python3-pip python3-setuptools python3-packaging python3-wrapt python3-cffi python3-psutil python3-lxml python3-defusedxml python3-paramiko python3-redis python3-gnupg python3-paho-mqtt; then log ERROR "Failed to install required dependencies for ospd-openvas. Check apt configuration." exit 1 fi log INFO "ospd-openvas dependencies installed." } # Installs dependencies for openvasd component. install_openvasd_dep() { log INFO "Installing openvasd dependencies..." # Required dependencies for openvasd if ! run_command apt install -y \ pkg-config libssl-dev; then log ERROR "Failed to install required dependencies for openvasd. Check apt configuration." exit 1 fi # Install Rust and Cargo for openvasd log INFO "Installing Rust and Cargo for openvasd..." # Check if rustc is already installed if command -v rustc >/dev/null 2>&1 && command -v cargo >/dev/null 2>&1; then log INFO "Rust and Cargo are already installed. Verifying versions..." local rustc_version rustc_version=$(rustc --version) local cargo_version cargo_version=$(cargo --version) log INFO "Found $rustc_version and $cargo_version" else # Download and install rustup if ! curl --proto '=https' --tlsv1.2 -sSf https://sh.rustup.rs -o /tmp/rustup-init.sh; then log ERROR "Failed to download rustup installer. Check network." exit 1 fi # Install rustup non-interactively if ! sh /tmp/rustup-init.sh -y --no-modify-path; then log ERROR "Failed to install Rust and Cargo. Check installation script." exit 1 fi # Clean up installer rm -f /tmp/rustup-init.sh log INFO "Rust and Cargo installed successfully." fi # Source Cargo environment if [ -f "$HOME/.cargo/env" ]; then # shellcheck disable=SC1091 . "$HOME/.cargo/env" else log ERROR "Cargo environment file not found at $HOME/.cargo/env." exit 1 fi # Verify Rust and Cargo installation if ! command -v rustc >/dev/null 2>&1 || ! command -v cargo >/dev/null 2>&1; then log ERROR "Rust or Cargo not found after installation. Check PATH or installation." exit 1 fi log INFO "Rust and Cargo verified: $(rustc --version), $(cargo --version)" log INFO "openvasd dependencies installed." } # Installs dependencies for gvm-tools component. install_gvm_tools_dep() { log INFO "Installing gvm-tools dependencies..." # Required dependencies for gvm-tools if ! run_command apt install -y \ python3 python3-lxml python3-packaging python3-paramiko python3-pip python3-setuptools python3-venv; then log ERROR "Failed to install required dependencies for gvm-tools. Check apt configuration." exit 1 fi log INFO "gvm-tools dependencies installed." } # Installs all required dependencies for OpenVAS components. install_packages() { log INFO "Starting installation of all dependencies..." for dep_func in install_common_dep install_gvm_libs_dep install_gvmd_dep install_pg_gvm_dep install_gsad_dep install_openvas_smb_dep install_openvas_scanner_dep install_ospd_openvas_dep install_openvasd_dep install_gvm_tools_dep; do if ! $dep_func; then log ERROR "Failed to install dependencies in $dep_func." exit 1 fi done log INFO "All dependencies installed successfully." } # ----------------------------------- # Section: Directory and Key Setup # ----------------------------------- # Creates directories for source, build, and installation. create_directories() { log INFO "Creating directories for source, build, and installation..." for dir in "$SOURCE_DIR" "$BUILD_DIR" "$INSTALL_DIR"; do if ! mkdir -p "$dir" 2>/dev/null; then log ERROR "Failed to create directory $dir. Check permissions or disk space." exit 1 fi if [ ! -w "$dir" ]; then log ERROR "Directory $dir is not writable. Check permissions." exit 1 fi done log INFO "Directories created: $SOURCE_DIR, $BUILD_DIR, $INSTALL_DIR" } # Imports Greenbone's GPG signing key for package verification. import_signing_key() { log INFO "Importing Greenbone Community Signing Key..." if ! run_command mkdir -p "$GNUPGHOME"; then log ERROR "Failed to create GPG home directory $GNUPGHOME." exit 1 fi if ! run_command curl -f -L https://www.greenbone.net/GBCommunitySigningKey.asc -o /tmp/GBCommunitySigningKey.asc; then log ERROR "Failed to download Greenbone signing key. Check network or URL." exit 1 fi if ! run_command gpg --homedir "$GNUPGHOME" --import /tmp/GBCommunitySigningKey.asc; then log ERROR "Failed to import Greenbone signing key. Check GPG configuration." exit 1 fi if ! gpg --homedir "$GNUPGHOME" --list-keys | grep -q "Greenbone"; then log WARN "Greenbone key imported but not found in keyring. Verification may fail." fi log INFO "Greenbone signing key imported." } # Generates a self-signed SSL certificate for gsad if not already present. generate_ssl_cert() { log INFO "Checking for gsad SSL certificate..." if [ -f /etc/gvm/gsad.crt ] && [ -f /etc/gvm/gsad.key ]; then log INFO "SSL certificate and key already exist, skipping generation." if [ "$(stat -c %U:%G /etc/gvm/gsad.crt)" != "gvm:gvm" ]; then log WARN "SSL certificate ownership is not gvm:gvm. Fixing permissions." run_command chown gvm:gvm /etc/gvm/gsad.crt /etc/gvm/gsad.key fi else log INFO "Generating self-signed SSL certificate for gsad..." if ! run_command mkdir -p /etc/gvm; then log ERROR "Failed to create /etc/gvm directory." exit 1 fi if ! run_command openssl req -x509 -nodes -days 365 -newkey rsa:2048 \ -keyout /etc/gvm/gsad.key -out /etc/gvm/gsad.crt \ -subj "/C=US/ST=State/L=City/O=Organization/OU=IT/CN=$(hostname)"; then log ERROR "Failed to generate SSL certificate for gsad." exit 1 fi if ! run_command chown gvm:gvm /etc/gvm/gsad.crt /etc/gvm/gsad.key; then log ERROR "Failed to set ownership for SSL certificate." exit 1 fi if ! run_command chmod 640 /etc/gvm/gsad.crt || ! run_command chmod 600 /etc/gvm/gsad.key; then log ERROR "Failed to set permissions for SSL certificate." exit 1 fi log WARN "Generated self-signed certificate. Replace with a trusted certificate for production use." fi } # ----------------------------------- # Section: Component Installation # ----------------------------------- # Builds and installs a generic OpenVAS component from source. build_install_component() { local comp_name=$1 local comp_ver=$2 local comp_args=$3 log INFO "Starting build and installation of $comp_name-$comp_ver..." # Set the source URL local comp_src="https://github.com/greenbone/$comp_name/archive/refs/tags/v$comp_ver.tar.gz" # Set the signature URL if [ "$comp_name" = "openvas-smb" ] || [ "$comp_name" = "openvas-scanner" ]; then local comp_sig="https://github.com/greenbone/$comp_name/releases/download/v$comp_ver/$comp_name-v$comp_ver.tar.gz.asc" else local comp_sig="https://github.com/greenbone/$comp_name/releases/download/v$comp_ver/$comp_name-$comp_ver.tar.gz.asc" fi # Download Sources if ! run_command curl -f -L "$comp_src" -o "$SOURCE_DIR/$comp_name-$comp_ver.tar.gz"; then log ERROR "Failed to download source for $comp_name-$comp_ver from $comp_src" exit 1 fi if ! run_command curl -f -L "$comp_sig" -o "$SOURCE_DIR/$comp_name-$comp_ver.tar.gz.asc"; then log ERROR "Failed to download signature for $comp_name-$comp_ver from $comp_sig" exit 1 fi # Verify GPG signature if ! gpg --homedir "$GNUPGHOME" --verify "$SOURCE_DIR/$comp_name-$comp_ver.tar.gz.asc" "$SOURCE_DIR/$comp_name-$comp_ver.tar.gz"; then log ERROR "GPG signature verification failed for $comp_name-$comp_ver" exit 1 fi # Extract Sources if ! run_command tar -C "$SOURCE_DIR" -xvzf "$SOURCE_DIR/$comp_name-$comp_ver.tar.gz"; then log ERROR "Failed to extract source for $comp_name-$comp_ver" exit 1 fi # Building if ! run_command mkdir -p "$BUILD_DIR/$comp_name"; then log ERROR "Failed to create build directory $BUILD_DIR/$comp_name" exit 1 fi if ! run_command cmake $comp_args; then log ERROR "CMake configuration failed for $comp_name-$comp_ver with args: $comp_args" exit 1 fi if ! run_command cmake --build "$BUILD_DIR/$comp_name" -j$(nproc); then log ERROR "Build failed for $comp_name-$comp_ver" exit 1 fi # Installing if ! run_command mkdir -p "$INSTALL_DIR/$comp_name"; then log ERROR "Failed to create install directory $INSTALL_DIR/$comp_name" exit 1 fi if ! run_command cd "$BUILD_DIR/$comp_name"; then log ERROR "Failed to change to build directory $BUILD_DIR/$comp_name" exit 1 fi if ! run_command make DESTDIR="$INSTALL_DIR/$comp_name" install; then log ERROR "Installation failed for $comp_name-$comp_ver" exit 1 fi if ! run_command cp -rv "$INSTALL_DIR/$comp_name"/* /; then log ERROR "Failed to copy installed files for $comp_name-$comp_ver to system directories" exit 1 fi log INFO "Successfully built and installed $comp_name-$comp_ver" } # Installs the GSA (Greenbone Security Assistant) web interface. build_install_gsa() { local comp_name=$1 local comp_ver=$2 log INFO "Starting installation of $comp_name-$comp_ver..." local comp_src="https://github.com/greenbone/gsa/releases/download/v$comp_ver/gsa-dist-$comp_ver.tar.gz" local comp_sig="https://github.com/greenbone/gsa/releases/download/v$comp_ver/gsa-dist-$comp_ver.tar.gz.asc" # Download and verify log INFO "Downloading $comp_name-$comp_ver source and signature..." if ! run_command curl -f -L "$comp_src" -o "$SOURCE_DIR/$comp_name-$comp_ver.tar.gz"; then log ERROR "Failed to download $comp_name-$comp_ver source." exit 1 fi if ! run_command curl -f -L "$comp_sig" -o "$SOURCE_DIR/$comp_name-$comp_ver.tar.gz.asc"; then log ERROR "Failed to download $comp_name-$comp_ver signature." exit 1 fi log INFO "Verifying GPG signature for $comp_name-$comp_ver..." if ! gpg --homedir "$GNUPGHOME" --verify "$SOURCE_DIR/$comp_name-$comp_ver.tar.gz.asc" "$SOURCE_DIR/$comp_name-$comp_ver.tar.gz"; then log ERROR "GPG signature verification failed for $comp_name-$comp_ver." exit 1 fi # Extract and install log INFO "Extracting and installing $comp_name-$comp_ver..." if ! run_command mkdir -p "$SOURCE_DIR/$comp_name-$comp_ver"; then log ERROR "Failed to create source directory for $comp_name-$comp_ver." exit 1 fi if ! run_command tar -C "$SOURCE_DIR/$comp_name-$comp_ver" -xvzf "$SOURCE_DIR/$comp_name-$comp_ver.tar.gz"; then log ERROR "Failed to extract $comp_name-$comp_ver." exit 1 fi if ! run_command mkdir -p "$INSTALL_PREFIX/share/gvm/gsad/web/"; then log ERROR "Failed to create web directory for $comp_name-$comp_ver." exit 1 fi if ! run_command cp -rv "$SOURCE_DIR/$comp_name-$comp_ver"/* "$INSTALL_PREFIX/share/gvm/gsad/web/"; then log ERROR "Failed to install $comp_name-$comp_ver web files." exit 1 fi log INFO "Completed installation of $comp_name-$comp_ver." } # Installs ospd-openvas using Python pip. build_install_opsd() { local comp_name=$1 local comp_ver=$2 log INFO "Starting installation of $comp_name-$comp_ver..." local comp_src="https://github.com/greenbone/ospd-openvas/archive/refs/tags/v$comp_ver.tar.gz" local comp_sig="https://github.com/greenbone/ospd-openvas/releases/download/v$comp_ver/ospd-openvas-v$comp_ver.tar.gz.asc" # Download and verify log INFO "Downloading $comp_name-$comp_ver source and signature..." if ! run_command curl -f -L "$comp_src" -o "$SOURCE_DIR/$comp_name-$comp_ver.tar.gz"; then log ERROR "Failed to download $comp_name-$comp_ver source." exit 1 fi if ! run_command curl -f -L "$comp_sig" -o "$SOURCE_DIR/$comp_name-$comp_ver.tar.gz.asc"; then log ERROR "Failed to download $comp_name-$comp_ver signature." exit 1 fi log INFO "Verifying GPG signature for $comp_name-$comp_ver..." if ! gpg --homedir "$GNUPGHOME" --verify "$SOURCE_DIR/$comp_name-$comp_ver.tar.gz.asc" "$SOURCE_DIR/$comp_name-$comp_ver.tar.gz"; then log ERROR "GPG signature verification failed for $comp_name-$comp_ver." exit 1 fi # Extract and install log INFO "Extracting and installing $comp_name-$comp_ver..." if ! run_command tar -C "$SOURCE_DIR" -xvzf "$SOURCE_DIR/$comp_name-$comp_ver.tar.gz"; then log ERROR "Failed to extract $comp_name-$comp_ver." exit 1 fi if ! run_command cd "$SOURCE_DIR/$comp_name-$comp_ver"; then log ERROR "Failed to change to $comp_name-$comp_ver directory." exit 1 fi if ! run_command mkdir -p "$INSTALL_DIR/$comp_name"; then log ERROR "Failed to create install directory for $comp_name." exit 1 fi if ! run_command python3 -m pip install --root="$INSTALL_DIR/$comp_name" --no-warn-script-location .; then log ERROR "Failed to install $comp_name-$comp_ver via pip." exit 1 fi if ! run_command cp -rv "$INSTALL_DIR/$comp_name"/* /; then log ERROR "Failed to copy $comp_name-$comp_ver to system directories." exit 1 fi log INFO "Completed installation of $comp_name-$comp_ver." } # Installs openvasd and scannerctl using Rust. build_install_openvasd() { local comp_name=$1 local comp_sub=$2 local comp_ver=$3 log INFO "Starting installation of $comp_sub-$comp_ver..." local comp_src="https://github.com/greenbone/openvas-scanner/archive/refs/tags/v$comp_ver.tar.gz" local comp_sig="https://github.com/greenbone/openvas-scanner/releases/download/v$comp_ver/openvas-scanner-v$comp_ver.tar.gz.asc" # Download and verify log INFO "Downloading $comp_name-$comp_ver source and signature..." if ! run_command curl -f -L "$comp_src" -o "$SOURCE_DIR/$comp_name-$comp_ver.tar.gz"; then log ERROR "Failed to download $comp_name-$comp_ver source." exit 1 fi if ! run_command curl -f -L "$comp_sig" -o "$SOURCE_DIR/$comp_name-$comp_ver.tar.gz.asc"; then log ERROR "Failed to download $comp_name-$comp_ver signature." exit 1 fi log INFO "Verifying GPG signature for $comp_name-$comp_ver..." if ! gpg --homedir "$GNUPGHOME" --verify "$SOURCE_DIR/$comp_name-$comp_ver.tar.gz.asc" "$SOURCE_DIR/$comp_name-$comp_ver.tar.gz"; then log ERROR "GPG signature verification failed for $comp_name-$comp_ver." exit 1 fi # Extract and build log INFO "Extracting and building $comp_sub-$comp_ver..." if ! run_command tar -C "$SOURCE_DIR" -xvzf "$SOURCE_DIR/$comp_name-$comp_ver.tar.gz"; then log ERROR "Failed to extract $comp_name-$comp_ver." exit 1 fi if ! run_command mkdir -p "$INSTALL_DIR/$comp_sub/usr/local/bin"; then log ERROR "Failed to create install directory for $comp_sub." exit 1 fi if ! run_command cd "$SOURCE_DIR/$comp_name-$comp_ver/rust/src/$comp_sub"; then log ERROR "Failed to change to $comp_sub directory." exit 1 fi if ! run_command cargo build --release; then log ERROR "Failed to build $comp_sub." exit 1 fi if ! run_command cd "$SOURCE_DIR/$comp_name-$comp_ver/rust/src/scannerctl"; then log ERROR "Failed to change to scannerctl directory." exit 1 fi if ! run_command cargo build --release; then log ERROR "Failed to build scannerctl." exit 1 fi # Install log INFO "Installing $comp_sub and scannerctl..." if ! run_command cp -v "../../target/release/$comp_sub" "$INSTALL_DIR/$comp_sub/usr/local/bin/"; then log ERROR "Failed to copy $comp_sub binary." exit 1 fi if ! run_command cp -v "../../target/release/scannerctl" "$INSTALL_DIR/$comp_sub/usr/local/bin/"; then log ERROR "Failed to copy scannerctl binary." exit 1 fi if ! run_command cp -rv "$INSTALL_DIR/$comp_sub"/* /; then log ERROR "Failed to copy $comp_sub binaries to system directories." exit 1 fi log INFO "Completed installation of $comp_sub-$comp_ver." } # Installs a Python-based component using pip. build_install_py() { local comp_name=$1 log INFO "Starting installation of $comp_name..." log INFO "Installing $comp_name via pip..." if ! run_command mkdir -p "$INSTALL_DIR/$comp_name"; then log ERROR "Failed to create install directory for $comp_name." exit 1 fi if ! run_command python3 -m pip install --root="$INSTALL_DIR/$comp_name" --no-warn-script-location "$comp_name"; then log ERROR "Failed to install $comp_name via pip." exit 1 fi if ! run_command cp -rv "$INSTALL_DIR/$comp_name"/* /; then log ERROR "Failed to copy $comp_name to system directories." exit 1 fi log INFO "Completed installation of $comp_name." } # ----------------------------------- # Section: System Configuration # ----------------------------------- # Configures Redis for OpenVAS and sets up service. perform_system_setup() { log INFO "Starting system setup for Redis..." if ! run_command apt install -y redis-server; then log ERROR "Failed to install redis-server." exit 1 fi if [ ! -f "$SOURCE_DIR/openvas-scanner-$OPENVAS_SCANNER_VERSION/config/redis-openvas.conf" ]; then log ERROR "Redis configuration file not found in source directory." exit 1 fi if ! run_command cp "$SOURCE_DIR/openvas-scanner-$OPENVAS_SCANNER_VERSION/config/redis-openvas.conf" /etc/redis/; then log ERROR "Failed to copy Redis configuration." exit 1 fi if ! run_command chown redis:redis /etc/redis/redis-openvas.conf; then log ERROR "Failed to set ownership for Redis configuration." exit 1 fi if ! run_command sh -c "echo 'db_address = /run/redis-openvas/redis.sock' >> /etc/openvas/openvas.conf"; then log ERROR "Failed to update openvas.conf." exit 1 fi if ! run_command systemctl start redis-server@openvas.service; then log ERROR "Failed to start redis-server@openvas.service." exit 1 fi if ! run_command systemctl enable redis-server@openvas.service; then log WARN "Failed to enable redis-server@openvas.service. Service may not start on boot." fi if ! run_command usermod -aG redis gvm; then log ERROR "Failed to add gvm user to redis group." exit 1 fi log INFO "Redis setup completed." } # Adjusts permissions for OpenVAS directories and binaries. adjusting_permissions() { log INFO "Adjusting permissions for OpenVAS directories and binaries..." for dir in /var/lib/notus /run/gvmd; do if ! run_command mkdir -p "$dir"; then log ERROR "Failed to create directory $dir." exit 1 fi done for dir in /var/lib/gvm /var/lib/openvas /var/lib/notus /var/log/gvm /run/gvmd; do if ! run_command chown -R gvm:gvm "$dir"; then log ERROR "Failed to set ownership for $dir." exit 1 fi if ! run_command chmod -R g+srw "$dir"; then log ERROR "Failed to set permissions for $dir." exit 1 fi if [ "$(stat -c %U:%G "$dir")" != "gvm:gvm" ]; then log WARN "Directory $dir ownership is not gvm:gvm after setting. Verify permissions." fi done if ! run_command chown gvm:gvm /usr/local/sbin/gvmd; then log ERROR "Failed to set ownership for gvmd." exit 1 fi if ! run_command chmod 6750 /usr/local/sbin/gvmd; then log ERROR "Failed to set permissions for gvmd." exit 1 fi log INFO "Permissions adjusted." } # Configures GPG for feed validation. feed_validation() { log INFO "Setting up feed validation with GPG..." if ! run_command curl -f -L https://www.greenbone.net/GBCommunitySigningKey.asc -o /tmp/GBCommunitySigningKey.asc; then log ERROR "Failed to download Greenbone signing key for feed validation." exit 1 fi if ! run_command mkdir -p "$GNUPGHOME"; then log ERROR "Failed to create GPG home directory $GNUPGHOME." exit 1 fi if ! run_command gpg --import /tmp/GBCommunitySigningKey.asc; then log ERROR "Failed to import Greenbone signing key for feed validation." exit 1 fi if ! run_command sh -c "echo '8AE4BE429B60A59B311C2E739823FAA60ED1E580:6:' | gpg --import-ownertrust"; then log ERROR "Failed to set owner trust for Greenbone signing key." exit 1 fi if ! run_command mkdir -p "$OPENVAS_GNUPG_HOME"; then log ERROR "Failed to create OpenVAS GPG directory $OPENVAS_GNUPG_HOME." exit 1 fi if ! run_command cp -r "$GNUPGHOME"/* "$OPENVAS_GNUPG_HOME"/; then log ERROR "Failed to copy GPG keys to $OPENVAS_GNUPG_HOME." exit 1 fi if ! run_command chown -R gvm:gvm "$OPENVAS_GNUPG_HOME"; then log ERROR "Failed to set ownership for $OPENVAS_GNUPG_HOME." exit 1 fi log INFO "Feed validation setup completed." } # Configures sudo for the gvm group to run openvas with elevated privileges. setting_up_sudo_for_scanning() { log INFO "Configuring sudo for gvm group..." if grep -Fxq "%gvm ALL = NOPASSWD: /usr/local/sbin/openvas" /etc/sudoers.d/gvm; then log INFO "Sudo already configured for gvm group." else log INFO "Setting up sudoers file for gvm group..." if ! run_command sh -c "echo '%gvm ALL = NOPASSWD: /usr/local/sbin/openvas' > /etc/sudoers.d/gvm"; then log ERROR "Failed to create sudoers file for gvm." exit 1 fi if ! run_command chmod 0440 /etc/sudoers.d/gvm; then log ERROR "Failed to set permissions for sudoers file." exit 1 fi if ! run_command visudo -c -f /etc/sudoers.d/gvm; then log ERROR "Sudoers file validation failed for /etc/sudoers.d/gvm." exit 1 fi log INFO "Sudo configuration for gvm group completed." fi } # Sets up PostgreSQL database for gvmd. setting_up_postgresql() { log INFO "Setting up PostgreSQL for gvmd..." if ! run_command apt install -y postgresql; then log ERROR "Failed to install PostgreSQL." exit 1 fi if ! run_command systemctl start postgresql@17-main; then log ERROR "Failed to start PostgreSQL service." exit 1 fi if ! runuser -l postgres -c 'createuser -DRS gvm'; then log ERROR "Failed to create PostgreSQL user gvm." exit 1 fi if ! runuser -l postgres -c 'createdb -O gvm gvmd'; then log ERROR "Failed to create gvmd database." exit 1 fi if ! runuser -l postgres -c 'psql gvmd -c "create role dba with superuser noinherit; grant dba to gvm;"'; then log ERROR "Failed to configure PostgreSQL roles for gvm." exit 1 fi log INFO "PostgreSQL setup completed." } # Creates an admin user for gvmd and captures the password. setting_up_an_admin_user() { log INFO "Creating admin user for gvmd..." local output output=$(/usr/local/sbin/gvmd --create-user=admin 2>&1) if [ $? -ne 0 ]; then log ERROR "Failed to create admin user for gvmd." exit 1 fi # Extract password from output. local password password=$(echo "$output" | grep -oP "User created with password '\K[^']+") if [ -z "$password" ]; then log ERROR "Failed to extract admin password from gvmd output." exit 1 fi # Store password in a temporary file with restricted permissions if ! echo "$password" > /tmp/gvm_admin_password; then log ERROR "Failed to store admin password." exit 1 fi if ! chmod 600 /tmp/gvm_admin_password; then log ERROR "Failed to set permissions for admin password file." exit 1 fi if ! chown gvm:gvm /tmp/gvm_admin_password; then log ERROR "Failed to set ownership for admin password file." exit 1 fi log INFO "Admin user created." } # Sets the feed import owner to the admin user. setting_the_feed_import_owner() { log INFO "Setting feed import owner to admin..." local admin_uuid admin_uuid=$(/usr/local/sbin/gvmd --get-users --verbose | grep admin | awk '{print $2}') if [ -z "$admin_uuid" ]; then log ERROR "Failed to retrieve admin user UUID." exit 1 fi if ! /usr/local/sbin/gvmd --modify-setting 78eceaec-3385-11ea-b237-28d24461215b --value "$admin_uuid"; then log ERROR "Failed to set feed import owner." exit 1 fi log INFO "Feed import owner set." } # Configures systemd services for OpenVAS components. setting_up_services_for_systemd() { log INFO "Setting up systemd services..." # ospd-openvas service log INFO "Creating ospd-openvas systemd service..." if ! cat << EOF > "$BUILD_DIR/ospd-openvas.service" [Unit] Description=OSPd Wrapper for the OpenVAS Scanner (ospd-openvas) Documentation=man:ospd-openvas(8) man:openvas(8) After=network.target networking.service redis-server@openvas.service openvasd.service Wants=redis-server@openvas.service openvasd.service ConditionKernelCommandLine=!recovery [Service] Type=exec User=gvm Group=gvm RuntimeDirectory=ospd RuntimeDirectoryMode=2775 PIDFile=/run/ospd/ospd-openvas.pid ExecStart=/usr/local/bin/ospd-openvas --foreground --unix-socket /run/ospd/ospd-openvas.sock --pid-file /run/ospd/ospd-openvas.pid --log-file /var/log/gvm/ospd-openvas.log --lock-file-dir /var/lib/openvas --socket-mode 0o770 --notus-feed-dir /var/lib/notus/advisories SuccessExitStatus=SIGKILL Restart=always RestartSec=60 [Install] WantedBy=multi-user.target EOF then log ERROR "Failed to create ospd-openvas systemd service file." exit 1 fi if ! run_command cp -v "$BUILD_DIR/ospd-openvas.service" /etc/systemd/system/; then log ERROR "Failed to install ospd-openvas systemd service." exit 1 fi # gvmd service log INFO "Creating gvmd systemd service..." if ! cat << EOF > "$BUILD_DIR/gvmd.service" [Unit] Description=Greenbone Vulnerability Manager daemon (gvmd) After=network.target networking.service postgresql.service ospd-openvas.service Wants=postgresql.service ospd-openvas.service Documentation=man:gvmd(8) ConditionKernelCommandLine=!recovery [Service] Type=exec User=gvm Group=gvm PIDFile=/run/gvmd/gvmd.pid RuntimeDirectory=gvmd RuntimeDirectoryMode=2775 ExecStart=/usr/local/sbin/gvmd --foreground --osp-vt-update=/run/ospd/ospd-openvas.sock --listen-group=gvm Restart=always TimeoutStopSec=10 [Install] WantedBy=multi-user.target EOF then log ERROR "Failed to create gvmd systemd service file." exit 1 fi if ! run_command cp -v "$BUILD_DIR/gvmd.service" /etc/systemd/system/; then log ERROR "Failed to install gvmd systemd service." exit 1 fi # gsad service log INFO "Creating gsad systemd service..." if ! cat << EOF > "$BUILD_DIR/gsad.service" [Unit] Description=Greenbone Security Assistant daemon (gsad) Documentation=man:gsad(8) https://www.greenbone.net After=network.target gvmd.service Wants=gvmd.service [Service] Type=exec User=gvm Group=gvm RuntimeDirectory=gsad RuntimeDirectoryMode=2775 PIDFile=/run/gsad/gsad.pid ExecStart=/usr/local/sbin/gsad --foreground --listen=0.0.0.0 --port=9392 --ssl-certificate=/etc/gvm/gsad.crt --ssl-private-key=/etc/gvm/gsad.key Restart=always TimeoutStopSec=10 [Install] WantedBy=multi-user.target Alias=greenbone-security-assistant.service EOF then log ERROR "Failed to create gsad systemd service file." exit 1 fi if ! run_command cp -v "$BUILD_DIR/gsad.service" /etc/systemd/system/; then log ERROR "Failed to install gsad systemd service." exit 1 fi # openvasd service log INFO "Creating openvasd systemd service..." if ! cat << EOF > "$BUILD_DIR/openvasd.service" [Unit] Description=OpenVASD Documentation=https://github.com/greenbone/openvas-scanner/tree/main/rust/openvasd ConditionKernelCommandLine=!recovery [Service] Type=exec User=gvm RuntimeDirectory=openvasd RuntimeDirectoryMode=2775 ExecStart=/usr/local/bin/openvasd --mode service_notus --products /var/lib/notus/products --advisories /var/lib/notus/advisories --listening 127.0.0.1:3000 SuccessExitStatus=SIGKILL Restart=always RestartSec=60 [Install] WantedBy=multi-user.target EOF then log ERROR "Failed to create openvasd systemd service file." exit 1 fi if ! run_command cp -v "$BUILD_DIR/openvasd.service" /etc/systemd/system/; then log ERROR "Failed to install openvasd systemd service." exit 1 fi log INFO "Reloading systemd daemon..." if ! run_command systemctl daemon-reload; then log ERROR "Failed to reload systemd daemon." exit 1 fi log INFO "Systemd services setup completed." } # Synchronizes Greenbone feed data. feed_synchronization() { log INFO "Starting feed synchronization..." if ! run_command /usr/local/bin/greenbone-feed-sync; then log ERROR "Failed to synchronize Greenbone feed." exit 1 fi log INFO "Feed synchronization completed." } # Starts and enables OpenVAS services. start_openvas() { log INFO "Starting and enabling OpenVAS services..." for service in ospd-openvas gvmd gsad openvasd; do if ! run_command systemctl start "$service"; then log ERROR "Failed to start $service service." exit 1 fi if ! run_command systemctl enable "$service"; then log WARN "Failed to enable $service service. Service may not start on boot." else log INFO "$service service started and enabled." fi done log INFO "OpenVAS services started and enabled." } # Displays login information for the OpenVAS web interface. login_info() { # ANSI color codes local COLOR_INFO="\033[1;36m" # Cyan for info local COLOR_RESET="\033[0m" local BOX_COLOR="\033[1;34m" # Blue for box borders local WIDTH=60 # Box width log INFO "Providing login information for OpenVAS web interface..." # Retrieve password securely local password if [ -f /tmp/gvm_admin_password ]; then password=$(cat /tmp/gvm_admin_password) else log ERROR "Admin password file not found at /tmp/gvm_admin_password." exit 1 fi # Get the primary network interface IP address local host_ip host_ip=$(ip -4 addr show | grep inet | awk '{print $2}' | cut -d'/' -f1 | grep -v '127.0.0.1' | head -n 1) if [ -z "$host_ip" ]; then log WARN "Could not determine host IP address. Using 'localhost' for URL." host_ip="localhost" fi local login_url="https://${host_ip}:9392" # Print boxed login information printf "\n${BOX_COLOR}%*s${COLOR_RESET}\n" "$WIDTH" | tr ' ' '#' # Top border printf "${BOX_COLOR}#${COLOR_RESET} OpenVAS Web Interface Login%*s${BOX_COLOR}${COLOR_RESET}\n" $((WIDTH-28)) "" printf "${BOX_COLOR}${COLOR_RESET}%*s${BOX_COLOR}${COLOR_RESET}\n" $WIDTH | tr ' ' '-' # Separator printf "${BOX_COLOR}#${COLOR_RESET} Username : admin%*s${BOX_COLOR}${COLOR_RESET}\n" $((WIDTH-24)) "" printf "${BOX_COLOR}#${COLOR_RESET} Password : %s%*s${BOX_COLOR}${COLOR_RESET}\n" "$password" $((WIDTH-19-${#password})) "" printf "${BOX_COLOR}#${COLOR_RESET} URL : %s%*s${BOX_COLOR}${COLOR_RESET}\n" "$login_url" $((WIDTH-19-${#login_url})) "" printf "${BOX_COLOR}%*s${COLOR_RESET}\n" "$WIDTH" | tr ' ' '#' # Bottom border printf "\n${COLOR_INFO}Consider changing the administrator password with the following command:${COLOR_RESET}\n" printf "\n${COLOR_INFO}/usr/local/sbin/gvmd --user=admin --new-password=${COLOR_RESET}\n" printf "\n" # Clean up the password file if ! rm -f /tmp/gvm_admin_password; then log WARN "Failed to remove temporary password file /tmp/gvm_admin_password." fi } # ----------------------------------- # Section: Cleanup # ----------------------------------- # Cleans up temporary directories used during installation. cleanup() { log INFO "Cleaning up temporary directories..." if ! rm -rf "$SOURCE_DIR" "$BUILD_DIR" "$INSTALL_DIR" 2>/dev/null; then log WARN "Failed to fully clean up temporary directories. Check permissions." fi log INFO "Cleanup completed." } # Trap errors and cleanup on exit trap 'log ERROR "Script terminated due to an error."; cleanup' ERR trap cleanup EXIT # ----------------------------------- # Section: Main Execution # ----------------------------------- # Main function to orchestrate the OpenVAS installation process. main() { log INFO "Starting OpenVAS installation on $(date '+%Y-%m-%d %H:%M:%S')..." # Check if the installation is running as root check_root # Install the required packeges for OpenVAS install_packages # Set the apropriate environment variables for the installation set_environment # Check for the latest component versions check_latest_version # Creating a User and a Group # URL: https://greenbone.github.io/docs/latest/22.4/source-build/index.html#creating-a-user-and-a-group create_gvm_user # Setting a Source, Build and Install Directory # URL: https://greenbone.github.io/docs/latest/22.4/source-build/index.html#setting-a-source-build-and-install-directory create_directories # Importing the Greenbone Signing Key # URL: https://greenbone.github.io/docs/latest/22.4/source-build/index.html#importing-the-greenbone-signing-key import_signing_key # Generate self-signed SSL certificate for gsad generate_ssl_cert # Install gvm-libs # URL: https://greenbone.github.io/docs/latest/22.4/source-build/index.html#pg-gvm build_install_component \ "gvm-libs" \ "$GVM_LIBS_VERSION" \ "-S $SOURCE_DIR/gvm-libs-$GVM_LIBS_VERSION -B $BUILD_DIR/gvm-libs -DCMAKE_INSTALL_PREFIX=$INSTALL_PREFIX -DCMAKE_BUILD_TYPE=Release -DSYSCONFDIR=/etc -DLOCALSTATEDIR=/var" # Install gvmd # URL: https://greenbone.github.io/docs/latest/22.4/source-build/index.html#pg-gvm build_install_component \ "gvmd" \ "$GVMD_VERSION" \ "-S $SOURCE_DIR/gvmd-$GVMD_VERSION -B $BUILD_DIR/gvmd -DCMAKE_INSTALL_PREFIX=$INSTALL_PREFIX -DCMAKE_BUILD_TYPE=Release -DLOCALSTATEDIR=/var -DSYSCONFDIR=/etc -DGVM_DATA_DIR=/var -DGVM_LOG_DIR=/var/log/gvm -DGVMD_RUN_DIR=/run/gvmd -DOPENVAS_DEFAULT_SOCKET=/run/ospd/ospd-openvas.sock -DGVM_FEED_LOCK_PATH=/var/lib/gvm/feed-update.lock -DLOGROTATE_DIR=/etc/logrotate.d" # Install pg-gvm # URL: https://greenbone.github.io/docs/latest/22.4/source-build/index.html#pg-gvm build_install_component \ "pg-gvm" \ "$PG_GVM_VERSION" \ "-S $SOURCE_DIR/pg-gvm-$PG_GVM_VERSION -B $BUILD_DIR/pg-gvm -DCMAKE_BUILD_TYPE=Release" # Install gsa # URL: https://greenbone.github.io/docs/latest/22.4/source-build/index.html#gsa build_install_gsa \ "gsa" \ "$GSA_VERSION" # Install gsad # URL: https://greenbone.github.io/docs/latest/22.4/source-build/index.html#gsad build_install_component \ "gsad" \ "$GSAD_VERSION" \ "-S $SOURCE_DIR/gsad-$GSAD_VERSION -B $BUILD_DIR/gsad -DCMAKE_INSTALL_PREFIX=$INSTALL_PREFIX -DCMAKE_BUILD_TYPE=Release -DSYSCONFDIR=/etc -DLOCALSTATEDIR=/var -DGVMD_RUN_DIR=/run/gvmd -DGSAD_RUN_DIR=/run/gsad -DGVM_LOG_DIR=/var/log/gvm -DLOGROTATE_DIR=/etc/logrotate.d" # Install openvas-smb # URL: https://greenbone.github.io/docs/latest/22.4/source-build/index.html#openvas-smb build_install_component \ "openvas-smb" \ "$OPENVAS_SMB_VERSION" \ "-S $SOURCE_DIR/openvas-smb-$OPENVAS_SMB_VERSION -B $BUILD_DIR/openvas-smb -DCMAKE_INSTALL_PREFIX=$INSTALL_PREFIX -DCMAKE_BUILD_TYPE=Release" # Install openvas-scanner # URL: https://greenbone.github.io/docs/latest/22.4/source-build/index.html#openvas-scanner build_install_component \ "openvas-scanner" \ "$OPENVAS_SCANNER_VERSION" \ "-S $SOURCE_DIR/openvas-scanner-$OPENVAS_SCANNER_VERSION -B $BUILD_DIR/openvas-scanner -DCMAKE_INSTALL_PREFIX=$INSTALL_PREFIX -DCMAKE_BUILD_TYPE=Release -DSYSCONFDIR=/etc -DLOCALSTATEDIR=/var -DOPENVAS_FEED_LOCK_PATH=/var/lib/openvas/feed-update.lock -DOPENVAS_RUN_DIR=/run/ospd" # Install ospd-openvas # URL: https://greenbone.github.io/docs/latest/22.4/source-build/index.html#ospd-openvas build_install_opsd \ "ospd-openvas" \ "$OSPD_OPENVAS_VERSION" # Install openvasd # URL: https://greenbone.github.io/docs/latest/22.4/source-build/index.html#openvasd build_install_openvasd \ "openvas-scanner" \ "openvasd" \ "$OPENVAS_DAEMON" # Install greenbone-feed-sync # URL: https://greenbone.github.io/docs/latest/22.4/source-build/index.html#greenbone-feed-sync build_install_py \ "greenbone-feed-sync" # Install greenbone-feed-sync # URL: https://greenbone.github.io/docs/latest/22.4/source-build/index.html#gvm-tools build_install_py \ "gvm-tools" # Performing a System Setup # URL: https://greenbone.github.io/docs/latest/22.4/source-build/index.html#performing-a-system-setup perform_system_setup # Adjusting Permissions # URL: https://greenbone.github.io/docs/latest/22.4/source-build/index.html#adjusting-permissions adjusting_permissions # Feed Validation # URL: https://greenbone.github.io/docs/latest/22.4/source-build/index.html#feed-validation feed_validation # Setting up sudo for Scanning # URL: https://greenbone.github.io/docs/latest/22.4/source-build/index.html#setting-up-sudo-for-scanning setting_up_sudo_for_scanning # Setting up PostgreSQL # URL: https://greenbone.github.io/docs/latest/22.4/source-build/index.html#setting-up-postgresql setting_up_postgresql # Setting up an Admin User setting_up_an_admin_user # Setting the Feed Import Owner setting_the_feed_import_owner # Setting up Services for Systemd setting_up_services_for_systemd # Performing a Feed Synchronization feed_synchronization # Starting the Greenbone Community Edition Services start_openvas # Providing Login Information login_info # Cleanup temporary directories cleanup log INFO "OpenVAS installation completed successfully." } main