Address Family Not Supported by Protocol - Socket(2)
How to install Greenbone Vulnerability Management (GVM) (formerly OpenVAS) on Kali Linux
OpenVAS is at present renamed Greenbone Vulnerability Management (GVM)
When the OpenVAS project was created, it only consisted of a vulnerability scanning engine. Greenbone Networks received funding shortly thereafter to provide professional vulnerability scanning support. Greenbone took over development leadership, added a few software components, and turned OpenVAS into a multi-pronged vulnerability management solution that still retains the value of open and free software.
Over the years, it became apparent that the use of OpenVAS as a trademark for an open source projection and funding for almost all of the project'due south development had not been appreciated from outside. Therefore, subsequently the release of the OpenVAS ix platform, it was renamed Greenbone Vulnerability Management (GVM) and released every bit Greenbone Source Edition (GSE). Since GVM 10, the term OpenVAS is used only for the scanner component, as it was at the beginning of the projection.
Greenbone Vulnerability Management (GVM) packages: https://github.com/greenbone
Errors when installing and starting GVM, OpenVAS
During the installation and launch process, I encountered quite a few errors, which, nevertheless, were resolved. Under the assumption that these errors are common to everyone (not just my detail installation), I described these errors right during the installation process, as a result of which the instructions became cluttered.
If during the installation process yous do not run into the described errors, please write virtually information technology in the comments – if the errors do not appear for anybody, then I will put them at the very end of the article, due to which, in full general, the instruction volition go clearer.
How to install OpenVAS (GVM)
Since the authors renamed openvas to gvm (more precisely, divided it into different packages), now the chief package is gvm, when it is installed, all other necessary packages will also be obtained equally dependencies.
Installation is done similar this:
sudo apt update sudo apt install gvm
Setting up OpenVAS
Let'southward first by setting upwards the Open Vulnerability Assessment Scanner (OpenVAS) for Greenbone Vulnerability Direction (GVM) solution.
Information technology is used in Greenbone Security Manager and is a full-fledged scan engine that performs constantly updated and expanded submissions of Network Vulnerability Tests (NVTs).
The scanner needs a running Redis server to temporarily store the nerveless information on the scanned hosts. Configuring the Redis server is done similar this (these commands need to be executed once):
wget https://raw.githubusercontent.com/greenbone/openvas-scanner/master/config/redis-openvas.conf sudo cp redis-openvas.conf /etc/redis/ sudo chown redis:redis /etc/redis/redis-openvas.conf echo 'db_address = /run/redis-openvas/redis.sock' | sudo tee /etc/openvas/openvas.conf
Starting the Redis server (must exist done later on every computer restart):
sudo systemctl start redis-server@openvas.service
Or, if yous like, add information technology to startup:
sudo systemctl enable redis-server@openvas.service
The Greenbone Vulnerability Management (gvmd) service acts as an OSP client to connect to and manage scanners. openvas does not act every bit an OSP service – you need the OSPD-OpenVAS module for that. Actual user interfaces (like GSA or GVM-Tools) will only collaborate with gvmd and/or ospd-openvas, not the scanner. You can run openvas to load plugins in Redis using the post-obit command:
sudo openvas -u
merely ospd-openvas will update automatically.
Please note that although you tin can run openvas as a non-elevated user, it is recommended that you run openvas as root because some network vulnerability tests (NVTs) require root privileges to perform sure operations, such as package spoofing. If you run openvas every bit a user without permission to perform these operations, the browse results are probable to be incomplete.
Since openvas will be launched from the ospd-openvas process using sudo, the following configuration is required in the sudoers file:
sudo visudo
add this line to allow the user running ospd-openvas to run openvas as root
USERNAME ALL = NOPASSWD: /usr/sbin/openvas
Supercede USERNAME with your Linux username.
You tin notice out the username with the command:
repeat $USER
If something does non work, and so you lot can view the log with the command:
cat /var/log/gvm/openvas.log
Configuring Greenbone Vulnerability Management (GVM)
Greenbone Vulnerability Managing director is the key management service between security scanners and user clients.
It manages the storage of any vulnerability management configuration and scan results. Information, command commands, and workflows are accessed through the XML-based Greenbone Management Protocol (GMP). Scanners such as OpenVAS are controlled through the Open Scanner Protocol (OSP).
Deployment script (instead of openvas-setup):
sudo gvm-setup
This script needs to exist run but once.
The script ended with an fault:
sent 2,908 bytes received 1,097,808,438 bytes 405,171.nineteen bytes/sec total size is 1,097,537,923 speedup is 1.00 [*] Updating: Cert Data rsync: [Receiver] failed to connect to feed.customs.greenbone.internet (45.135.106.142): Connection refused (111) rsync: [Receiver] failed to connect to feed.community.greenbone.net (2a0e:6b40:twenty:106:20c:29ff:fe67:cbb5): Network is unreachable (101) rsync fault: mistake in socket IO (code ten) at clientserver.c(137) [Receiver=3.ii.iii] [*] Checking Default scanner Can not open '/var/log/gvm/gvmd.log' logfile: Permission denied ** (procedure:2450): Fault (recursed) **: Tin can not open up '/var/log/gvm/gvmd.log' logfile: Permission denied[*] Modifying Default Scanner Tin not open '/var/log/gvm/gvmd.log' logfile: Permission denied ** (process:2452): ERROR (recursed) **: Tin can non open up '/var/log/gvm/gvmd.log' logfile: Permission denied [+] Washed
Running check:
sudo gvm-check-setup
also showed an mistake in the fourth step:
gvm-bank check-setup 20.eight.0 Exam completeness and readiness of GVM-20.8.0 Step 1: Checking OpenVAS (Scanner)... OK: OpenVAS Scanner is nowadays in version xx.8.ane. OK: Server CA Certificate is present as /var/lib/gvm/CA/servercert.pem. Checking permissions of /var/lib/openvas/gnupg/* OK: _gvm owns all files in /var/lib/openvas/gnupg OK: redis-server is present. OK: scanner (db_address setting) is configured properly using the redis-server socket: /run/redis-openvas/redis.sock OK: redis-server is running and listening on socket: /run/redis-openvas/redis.sock. OK: redis-server configuration is OK and redis-server is running. OK: _gvm owns all files in /var/lib/openvas/plugins OK: NVT drove in /var/lib/openvas/plugins contains 66548 NVTs. Checking that the obsolete redis database has been removed Could not connect to Redis at /var/run/redis-openvas/redis-server.sock: No such file or directory OK: No old Redis DB OK: ospd-OpenVAS is present in version 20.8.one. Step ii: Checking GVMD Director ... OK: GVM Manager (gvmd) is nowadays in version twenty.08.one. Step 3: Checking Certificates ... OK: GVM client certificate is valid and present as /var/lib/gvm/CA/clientcert.pem. OK: Your GVM certificate infrastructure passed validation. Step 4: Checking data ... OK: SCAP data found in /var/lib/gvm/scap-data. Error: CERT data are missing. FIX: Run the CERT synchronization script greenbone-feed-sync. sudo runuser -u _gvm -- greenbone-feed-sync --type CERT. ERROR: Your GVM-xx.8.0 installation is not however complete! Delight follow the instructions marked with Set to a higher place and run this script over again.
To ready the fault "ERROR: CERT data are missing. FIX: Run the CERT synchronization script greenbone-feed-sync" run the following control:
sudo runuser -u _gvm -- greenbone-feed-sync --type CERT
Re-running the bank check showed an mistake at the fifth footstep:
Step v: Checking Postgresql DB and user ... OK: Postgresql version and default port are OK. gvmd | _gvm | UTF8 | ru_RU.UTF-8 | ru_RU.UTF-eight | Tin non open '/var/log/gvm/gvmd.log' logfile: Permission denied ** (process:2699): ERROR (recursed) **: Tin can not open up '/var/log/gvm/gvmd.log' logfile: Permission denied Fault: No users plant. You need to create at to the lowest degree one user to log in. Set up: create a user by running 'sudo runuser -u _gvm -- gvmd --create-user=<name> --password=<password>' ERROR: Your GVM-xx.8.0 installation is non however consummate! Please follow the instructions marked with FIX in a higher place and run this script again.
There are several errors at once, but the cardinal one is "ERROR: No users found. You lot need to create at least one user to log in.", To ready it, run a command similar this:
sudo runuser -u _gvm -- gvmd --create-user=<USERNAME> --countersign=<Countersign>
For example, to create a user named mial and password ii:
sudo runuser -u _gvm -- gvmd --create-user=mial --password=two
The previous command failed:
Can not open '/var/log/gvm/gvmd.log' logfile: Permission denied ** (process:2807): Mistake (recursed) **: Tin can not open '/var/log/gvm/gvmd.log' logfile: Permission denied
The essence of the error is that the control does not accept plenty permissions to write to the /var/log/gvm/gvmd.log file, fifty-fifty though the previous command was run with sudo. To ready the mistake, run the following command:
sudo chmod 666 /var/log/gvm/gvmd.log
And so run the new user creation over again.
And i more error at the 7th stride:
Step 7: Checking if GVM services are up and running ... OK: ospd-openvas service is active. Starting gvmd service Waiting for gvmd service OK: gvmd service is agile. Starting greenbone-security-assistant service Task for greenbone-security-assistant.service failed considering a fatal bespeak was delivered to the control process. See "systemctl condition greenbone-security-assistant.service" and "journalctl -xe" for details. Waiting for greenbone-security-assistant service Mistake: greenbone-security-banana service did not start. Please check journalctl -xe and /var/log/gvm/gsad.log ERROR: Your GVM-20.8.0 installation is not yet consummate! Please follow the instructions marked with Set up to a higher place and run this script once again.
I don't know how to solve it completely, but I know how to get around it.
Let's movement on to starting the necessary services.
Do non forget that before starting the service you demand to start the Redis server, that is, type following before executing the primary command:
sudo systemctl beginning redis-server@openvas.service
Main service start:
sudo gvm-start
And we get the post-obit:
[*] Please wait for the GVM / OpenVAS services to showtime. [*] [*] You lot might need to refresh your browser once it opens. [*] [*] Spider web UI (Greenbone Security Banana): https://127.0.0.1:9392 Job for greenbone-security-banana.service failed considering a fatal indicate was delivered to the control process. See "systemctl status greenbone-security-assistant.service" and "journalctl -xe" for details.
The essence of the letters is that everything started fine, except for the greenbone-security-assistant, that is, gsa, that is, Web UI (Greenbone Security Assistant), that is, the web interface.
You tin can run into the contents of the log file:
cat /var/log/gvm/gsad.log
Output:
gsad master:Bulletin:2021-04-15 09h07.55 utc:1650: Starting GSAD version 20.08.1~git gsad master:CRITICAL:2021-04-fifteen 09h07.55 utc:1651: main: start_https_daemon failed!
https daemon failed to start .
gsad has a --http-only option which just runs HTTP without HTTPS. Permit's use information technology:
sudo gsad --http-just
Over again, the next message will be displayed that something is wrong:
Oops, secure memory pool already initialized
All the same, the spider web interface is now bachelor at http://127.0.0.1:9392 (but non bachelor at https://127.0.0.1:9392!).
Log in using the credentials that you lot came up with when creating a new user.
To cease the service:
sudo gvm-end
Other:
sudo gvm-cli sudo gvm-feed-update sudo gvm-manage-certs sudo gvm-pyshell gvm-script
In the time to come, sometimes run the command to update signatures:
sudo runuser -u _gvm -- greenbone-nvt-sync
If something does non piece of work, and so y'all can view the log with the command:
sudo cat /var/log/gvm/gvmd.log
Conclusion
One of the following instructions will be devoted to how to work in Greenbone Vulnerability Management (GVM) (formerly OpenVAS).
And do non forget to write – take you encountered the described errors during installation?
Source: https://miloserdov.org/?p=6060
0 Response to "Address Family Not Supported by Protocol - Socket(2)"
Post a Comment