git: df8e0691ea05 - main - security/gvm: update to 22.4.0

Go to: [ bottom of page ] [ top of archives ] [ this month ]
From: Jose Alonso Cardenas Marquez <acm_at_FreeBSD.org>
Date: Mon, 01 Aug 2022 21:00:32 UTC
The branch main has been updated by acm:

URL: https://cgit.FreeBSD.org/ports/commit/?id=df8e0691ea05e1297d35ff1ba2677b6115237fe0

commit df8e0691ea05e1297d35ff1ba2677b6115237fe0
Author:     Jose Alonso Cardenas Marquez <acm@FreeBSD.org>
AuthorDate: 2022-08-01 20:58:04 +0000
Commit:     Jose Alonso Cardenas Marquez <acm@FreeBSD.org>
CommitDate: 2022-08-01 20:58:04 +0000

    security/gvm: update to 22.4.0
    
    - Add security/py-notus-scanner like a dependency
    - Modify pkg-message to newest way to config gvm suite
---
 security/gvm/Makefile             |  7 +++--
 security/gvm/files/pkg-message.in | 58 ++++++++++++++++++++++++++++-----------
 2 files changed, 47 insertions(+), 18 deletions(-)

diff --git a/security/gvm/Makefile b/security/gvm/Makefile
index 3a78a7032912..08dd06cf1d99 100644
--- a/security/gvm/Makefile
+++ b/security/gvm/Makefile
@@ -1,11 +1,11 @@
 PORTNAME=	gvm
-PORTVERSION=	21.4.4
+PORTVERSION=	22.4.0
 CATEGORIES=	security
 
 MAINTAINER=	acm@FreeBSD.org
 COMMENT=	Greenbone vulnerability management (metaport)
 
-USES=		metaport python:3.6+
+USES=		metaport python:3.7+
 
 # Install GVM libraries
 RUN_DEPENDS+=	${LOCALBASE}/lib/libgvm_base.so:security/gvm-libs
@@ -19,6 +19,9 @@ RUN_DEPENDS+=	${LOCALBASE}/bin/ospd-openvas:security/py-ospd-openvas@${PY_FLAVOR
 # Install OpenVAS Scanner
 RUN_DEPENDS+=   ${LOCALBASE}/sbin/openvas:security/openvas
 
+# Install Notus Scanner
+RUN_DEPENDS+=	${LOCALBASE}/bin/notus-scanner:security/py-notus-scanner
+
 # Install GVM Web Interface
 RUN_DEPENDS+=	${LOCALBASE}/sbin/gsad:security/gsad
 RUN_DEPENDS+=	${LOCALBASE}/share/gvm/gsad/web/index.html:security/gsa
diff --git a/security/gvm/files/pkg-message.in b/security/gvm/files/pkg-message.in
index fb6fed9cc012..45d9eea2d5e5 100644
--- a/security/gvm/files/pkg-message.in
+++ b/security/gvm/files/pkg-message.in
@@ -15,11 +15,29 @@ Basic instructions for configure your gvm infraestruture are following:
 
   # echo "db_address = /var/run/redis/redis.sock" > /usr/local/etc/openvas/openvas.conf
 
-2) Add user gvm to redis group
+2) Mosquitto broker is a new dependency of GVM. Please configure net/mosquitto
+   service and add the following line to openvas configuration file
+
+  # echo "mqtt_server_uri = localhost:1883" >> /usr/local/etc/openvas/openvas.conf
+
+3) security/py-notus-scanner is a new tool used by GVM. You must create a
+   notus-scanner.toml configuration file at usr/local/etc/gvm/ directory
+
+   # echo "[notus-scanner]" > /usr/local/etc/gvm/notus-scanner.toml
+   # echo 'mqtt-broker-address = "localhost"' >> /usr/local/etc/gvm/notus-scanner.toml
+   # echo 'mqtt-broker-port = "1883"' >> /usr/local/etc/gvm/notus-scanner.toml
+   # echo 'products-directory = "/var/lib/openvas/plugins/notus/products"' >> /usr/local/etc/gvm/notus-scanner.toml
+   # echo 'log-level = "INFO"' >> /usr/local/etc/gvm/notus-scanner.toml
+   # echo "disable-hashsum-verification = false" >> /usr/local/etc/gvm/notus-scanner.toml
+
+   Otherwise it can be defined into notus-scanner startup script. Take a look at 
+   /usr/local/etc/rc.d/notus-scanner file
+
+4) Add user gvm to redis group
 
   # pw groupmod redis -M gvm
 
-3) security/gvmd uses PostgreSQL database. Generally, PostgreSQL must be 
+5) security/gvmd uses PostgreSQL database. Generally, PostgreSQL must be 
    installed in the same server where security/gvmd is running: 
 
   # su postgres
@@ -30,19 +48,21 @@ Basic instructions for configure your gvm infraestruture are following:
   # grant dba to gvm;
   # create extension "uuid-ossp";
   # create extension "pgcrypto";
+  # create extension "pg-gvm";
 
-4) Add the following lines to /etc/rc.conf
+6) Add the following lines to /etc/rc.conf
 
   # sysrc redis_enable="YES"
   # sysrc gvmd_enable="YES"
   # sysrc ospd_openvas_enable="YES"
+  # sysrc notus_scanner_enable="YES"
   # sysrc gsad_enable="YES"
 
-5) Start redis service
+7) Start redis service
 
   # service redis start
 
-6) Currently, ospd_openvas should run as a user without elevated privileges 
+8) Currently, ospd_openvas should run as a user without elevated privileges 
    (gvm) and use sudo for run openvas scanner but it does not work properly. 
    Like a workaround you must run redis as root and the same with ospd_openvas.
 
@@ -58,13 +78,9 @@ Basic instructions for configure your gvm infraestruture are following:
 
    # echo "test_alive_hosts_only = no" >> /usr/local/etc/openvas/openvas.conf
 
-7) The following steps are neccessary before of you can access to GVM web 
+9) The following steps are neccessary before of you can access to GVM web 
    interface (gsad):
 
-  Start gvmd service. It will listen on /var/run/gvmd/gvmd.sock by default
-
-  # service gvmd start
-
   Create certificates
 
   # su -m gvm -c "gvm-manage-certs -a"
@@ -76,6 +92,10 @@ Basic instructions for configure your gvm infraestruture are following:
   # su -m gvm -c "greenbone-feed-sync --type SCAP"
   # su -m gvm -c "greenbone-feed-sync --type CERT"
 
+  Start gvmd service. It will listen on /var/run/gvmd/gvmd.sock by default
+
+  # service gvmd start
+
   Create an admin user and set the Feed Import Owner
 
   # su -m gvm -c "gvmd --create-user=myuser"
@@ -88,7 +108,7 @@ Basic instructions for configure your gvm infraestruture are following:
    
   # su -m gvm -c "gvmd --modify-setting 78eceaec-3385-11ea-b237-28d24461215b --value <uuid_of_user>
 
-8) Start OSPD-OpenVAS Wrapper service. It will listen on /var/run/ospd/ospd.sock by default
+10) Start OSPD-OpenVAS Wrapper service. It will listen on /var/run/ospd/ospd.sock by default
 
   # service ospd_openvas start
 
@@ -101,11 +121,15 @@ Basic instructions for configure your gvm infraestruture are following:
   # su -m gvm -c "gvmd --verify-scanner=08b69003-5fc2-4037-a479-93b440211c73"
   Scanner version: OpenVAS x.x.x
 
-9) Start GVM web interface. It will listen on http://127.0.0.1 by default
+11) Start Notus Scanner service
+
+  # service notus_scanner start
+
+12) Start GVM web interface. It will listen on http://127.0.0.1 by default
 
   # service gsad start
 
-10) Some openvas scanner tasks  need access to /dev/bpf device. Add the 
+13) Some openvas scanner tasks  need access to /dev/bpf device. Add the 
    following lines to /etc/devfs.conf
 
    own     bpf     root:gvm
@@ -115,26 +139,28 @@ Basic instructions for configure your gvm infraestruture are following:
 
    # service devfs restart
 
-11) gvm log files are stores to /var/log/gvm directory
+14) gvm log files are stores to /var/log/gvm directory
 
-12) gsad can export results to PDF. It needs print/texlive-texmf port
+15) gsad can export results to PDF. It needs print/texlive-texmf port
   
   # pkg install texlive-texmf
 
   It will install 1G of data
 
-13) If you need more configure information you can look at the following links:
+16) If you need more configure information you can look at the following links:
 
    https://github.com/greenbone/gvmd/blob/master/INSTALL.md
    https://github.com/greenbone/openvas/blob/master/INSTALL.md
    https://github.com/greenbone/ospd/blob/master/doc/INSTALL-ospd-scanner.md
    https://github.com/greenbone/gsa/blob/master/INSTALL.md
+   https://greenbone.github.io/docs/latest/index.html
 
    and
 
    # gvmd -h
    # openvas -h
    # ospd-openvas -h
+   # notus-scanner -h
    # gsad -h
 
 14) Enjoy it