1. Kali升级#
apt-get update
apt-get dist-upgrade
2. 升级完成后,启动GVM(OpenVas)发现打不开#
oot@Fkali:~# gvm-start
[*] Please wait for the GVM / OpenVAS services to start.
[*]
[*] You might need to refresh your browser once it opens.
[*]
[*] Web UI (Greenbone Security Assistant): https://127.0.0.1:9392
Job for gvmd.service failed because a timeout was exceeded.
See "systemctl status gvmd.service" and "journalctl -xe" for details.
3. 按照要求检测原因#
oot@Fkali:~# systemctl status gvmd.service
● gvmd.service - Greenbone Vulnerability Manager daemon (gvmd)
Loaded: loaded (/lib/systemd/system/gvmd.service; disabled; vendor preset: disabled)
Active: activating (start) since Thu 2021-08-05 16:42:08 HKT; 31s ago
Docs: man:gvmd(8)
Process: 10055 ExecStart=/usr/sbin/gvmd --osp-vt-update=/run/ospd/ospd.sock (code=exited, status=0/SUCCESS)
Tasks: 0 (limit: 12492)
Memory: 4.0K
CPU: 14ms
CGroup: /system.slice/gvmd.service
Aug 05 16:42:08 Fkali systemd[1]: Starting Greenbone Vulnerability Manager daemon (gvmd)...
Aug 05 16:42:08 Fkali systemd[1]: gvmd.service: Can't open PID file /run/gvm/gvmd.pid (yet?) after start: Operation not permitted
4. 查看PID文件#
查看PID文件,发现没有上面的路径:
root@Fkali:~# cd /run/gvm/
root@Fkali:/run/gvm# ls
5. 重新检测安装#
oot@Fkali:/run/gvm# sudo gvm-check-setup
shell-init: error retrieving current directory: getcwd: cannot access parent directories: No such file or directory
gvm-check-setup 21.4.1
Test completeness and readiness of GVM-21.4.1
chdir: error retrieving current directory: getcwd: cannot access parent directories: No such file or directory
Step 1: Checking OpenVAS (Scanner)...
OK: OpenVAS Scanner is present in version 21.4.1.
OK: Server CA Certificate is present as /var/lib/gvm/CA/servercert.pem.
Checking permissions of /var/lib/openvas/gnupg/*
OK: _gvm owns all files in /var/lib/openvas/gnupg
OK: redis-server is present.
OK: scanner (db_address setting) is configured properly using the redis-server socket: /var/run/redis-openvas/redis-server.sock
OK: redis-server is running and listening on socket: /var/run/redis-openvas/redis-server.sock.
OK: redis-server configuration is OK and redis-server is running.
OK: _gvm owns all files in /var/lib/openvas/plugins
OK: NVT collection in /var/lib/openvas/plugins contains 58045 NVTs.
Checking that the obsolete redis database has been removed
OK: No old Redis DB
OK: ospd-OpenVAS is present in version 21.4.1.
Step 2: Checking GVMD Manager ...
OK: GVM Manager (gvmd) is present in version 21.4.2.
Step 3: Checking Certificates ...
OK: GVM client certificate is valid and present as /var/lib/gvm/CA/clientcert.pem.
OK: Your GVM certificate infrastructure passed validation.
Step 4: Checking data ...
OK: SCAP data found in /var/lib/gvm/scap-data.
OK: CERT data found in /var/lib/gvm/cert-data.
Step 5: Checking Postgresql DB and user ...
OK: Postgresql version and default port are OK.
gvmd | _gvm | UTF8 | en_HK.UTF-8 | en_HK.UTF-8 |
Database is wrong version.
ERROR: Database is wrong version. You have installed a new gvmd version
FIX: Run 'sudo runuser -u _gvm -- gvmd --migrate'
ERROR: Your GVM-21.4.1 installation is not yet complete!
Please follow the instructions marked with FIX above and run this
script again.
6. 执行兼容处理后,再次检测安装#
root@Fkali:/run/gvm# sudo gvm-check-setup
shell-init: error retrieving current directory: getcwd: cannot access parent directories: No such file or directory
gvm-check-setup 21.4.1
Test completeness and readiness of GVM-21.4.1
chdir: error retrieving current directory: getcwd: cannot access parent directories: No such file or directory
Step 1: Checking OpenVAS (Scanner)...
OK: OpenVAS Scanner is present in version 21.4.1.
OK: Server CA Certificate is present as /var/lib/gvm/CA/servercert.pem.
Checking permissions of /var/lib/openvas/gnupg/*
OK: _gvm owns all files in /var/lib/openvas/gnupg
OK: redis-server is present.
OK: scanner (db_address setting) is configured properly using the redis-server socket: /var/run/redis-openvas/redis-server.sock
OK: redis-server is running and listening on socket: /var/run/redis-openvas/redis-server.sock.
OK: redis-server configuration is OK and redis-server is running.
OK: _gvm owns all files in /var/lib/openvas/plugins
OK: NVT collection in /var/lib/openvas/plugins contains 58045 NVTs.
Checking that the obsolete redis database has been removed
OK: No old Redis DB
OK: ospd-OpenVAS is present in version 21.4.1.
Step 2: Checking GVMD Manager ...
OK: GVM Manager (gvmd) is present in version 21.4.2.
Step 3: Checking Certificates ...
OK: GVM client certificate is valid and present as /var/lib/gvm/CA/clientcert.pem.
OK: Your GVM certificate infrastructure passed validation.
Step 4: Checking data ...
OK: SCAP data found in /var/lib/gvm/scap-data.
OK: CERT data found in /var/lib/gvm/cert-data.
Step 5: Checking Postgresql DB and user ...
OK: Postgresql version and default port are OK.
gvmd | _gvm | UTF8 | en_HK.UTF-8 | en_HK.UTF-8 |
OK: At least one user exists.
Step 6: Checking Greenbone Security Assistant (GSA) ...
Oops, secure memory pool already initialized
ERROR: Greenbone Security Assistant too old or too new: 21.4.1~dev1
FIX: Please install Greenbone Security Assistant >= 21.04.
ERROR: Your GVM-21.4.1 installation is not yet complete!
Please follow the instructions marked with FIX above and run this
script again.
7. 查找安装路径,修改配置文件#
root@Fkali:/run/gvm# whereis gvm-check-setup
root@Fkali:/run/gvm# sed -i"" 's/GSA_MAJOR="21.04"/GSA_MAJOR="21.4"/g' $^Cusr/bin/gvm-check-setup
8. 重新安装#
root@Fkali:/run/gvm# gvm-setup
shell-init: error retrieving current directory: getcwd: cannot access parent directories: No such file or directory
Creating openvas-scanner's certificate files
sh: 0: getcwd() failed: No such file or directory
[>] Creating database
shell-init: error retrieving current directory: getcwd: cannot access parent directories: No such file or directory
could not identify current directory: No such file or directory
createuser: error: creation of new role failed: ERROR: role "_gvm" already exists
could not identify current directory: No such file or directory
createdb: error: database creation failed: ERROR: database "gvmd" already exists
shell-init: error retrieving current directory: getcwd: cannot access parent directories: No such file or directory
could not identify current directory: No such file or directory
could not identify current directory: No such file or directory
psql: fatal: could not find own program executable
shell-init: error retrieving current directory: getcwd: cannot access parent directories: No such file or directory
could not identify current directory: No such file or directory
could not identify current directory: No such file or directory
psql: fatal: could not find own program executable
shell-init: error retrieving current directory: getcwd: cannot access parent directories: No such file or directory
could not identify current directory: No such file or directory
could not identify current directory: No such file or directory
psql: fatal: could not find own program executable
shell-init: error retrieving current directory: getcwd: cannot access parent directories: No such file or directory
could not identify current directory: No such file or directory
could not identify current directory: No such file or directory
psql: fatal: could not find own program executable
[>] Migrating database
[>] Checking for admin user
shell-init: error retrieving current directory: getcwd: cannot access parent directories: No such file or directory
could not identify current directory: No such file or directory
could not identify current directory: No such file or directory
psql: fatal: could not find own program executable
[*] Define Feed Import Owner
shell-init: error retrieving current directory: getcwd: cannot access parent directories: No such file or directory
[>] Updating OpenVAS feeds
[*] Updating: NVT
sh: 0: getcwd() failed: No such file or directory
sh: 0: getcwd() failed: No such file or directory
rsync: [Receiver] getcwd(): No such file or directory (2)
rsync error: errors selecting input/output files, dirs (code 3) at util.c(1088) [Receiver=3.2.3]
[>] Uploading plugins in Redis
[*] Updating: GVMD Data
sh: 0: getcwd() failed: No such file or directory
rsync: [Receiver] getcwd(): No such file or directory (2)
rsync error: errors selecting input/output files, dirs (code 3) at util.c(1088) [Receiver=3.2.3]
[*] Updating: Scap Data
sh: 0: getcwd() failed: No such file or directory
rsync: [Receiver] getcwd(): No such file or directory (2)
rsync error: errors selecting input/output files, dirs (code 3) at util.c(1088) [Receiver=3.2.3]
[*] Updating: Cert Data
sh: 0: getcwd() failed: No such file or directory
rsync: [Receiver] getcwd(): No such file or directory (2)
rsync error: errors selecting input/output files, dirs (code 3) at util.c(1088) [Receiver=3.2.3]
[*] Checking Default scanner
08b69003-5fc2-4037-a479-93b440211c73 OpenVAS /var/run/ospd/ospd.sock 0 OpenVAS Default
[+] Done
9. 再次检测安装#
root@Fkali:/run/gvm# sudo gvm-check-setup
shell-init: error retrieving current directory: getcwd: cannot access parent directories: No such file or directory
gvm-check-setup 21.4.1
Test completeness and readiness of GVM-21.4.1
chdir: error retrieving current directory: getcwd: cannot access parent directories: No such file or directory
Step 1: Checking OpenVAS (Scanner)...
OK: OpenVAS Scanner is present in version 21.4.1.
OK: Server CA Certificate is present as /var/lib/gvm/CA/servercert.pem.
Checking permissions of /var/lib/openvas/gnupg/*
OK: _gvm owns all files in /var/lib/openvas/gnupg
OK: redis-server is present.
OK: scanner (db_address setting) is configured properly using the redis-server socket: /var/run/redis-openvas/redis-server.sock
OK: redis-server is running and listening on socket: /var/run/redis-openvas/redis-server.sock.
OK: redis-server configuration is OK and redis-server is running.
OK: _gvm owns all files in /var/lib/openvas/plugins
OK: NVT collection in /var/lib/openvas/plugins contains 58045 NVTs.
Checking that the obsolete redis database has been removed
OK: No old Redis DB
OK: ospd-OpenVAS is present in version 21.4.1.
Step 2: Checking GVMD Manager ...
OK: GVM Manager (gvmd) is present in version 21.4.2.
Step 3: Checking Certificates ...
OK: GVM client certificate is valid and present as /var/lib/gvm/CA/clientcert.pem.
OK: Your GVM certificate infrastructure passed validation.
Step 4: Checking data ...
OK: SCAP data found in /var/lib/gvm/scap-data.
OK: CERT data found in /var/lib/gvm/cert-data.
Step 5: Checking Postgresql DB and user ...
OK: Postgresql version and default port are OK.
gvmd | _gvm | UTF8 | en_HK.UTF-8 | en_HK.UTF-8 |
OK: At least one user exists.
Step 6: Checking Greenbone Security Assistant (GSA) ...
Oops, secure memory pool already initialized
OK: Greenbone Security Assistant is present in version 21.4.1~dev1.
Step 7: Checking if GVM services are up and running ...
OK: ospd-openvas service is active.
Starting gvmd service
Waiting for gvmd service
OK: gvmd service is active.
Starting greenbone-security-assistant service
Waiting for greenbone-security-assistant service
OK: greenbone-security-assistant service is active.
Step 8: Checking few other requirements...
OK: nmap is present in version 21.4.1~dev1.
OK: ssh-keygen found, LSC credential generation for GNU/Linux targets is likely to work.
WARNING: Could not find makensis binary, LSC credential package generation for Microsoft Windows targets will not work.
SUGGEST: Install nsis.
OK: xsltproc found.
WARNING: Your password policy is empty.
SUGGEST: Edit the /etc/gvm/pwpolicy.conf file to set a password policy.
It seems like your GVM-21.4.1 installation is OK.
10. 启动成功#
root@Fkali:/run/gvm# gvm-start
shell-init: error retrieving current directory: getcwd: cannot access parent directories: No such file or directory
[*] Please wait for the GVM / OpenVAS services to start.
[*]
[*] You might need to refresh your browser once it opens.
[*]
[*] Web UI (Greenbone Security Assistant): https://127.0.0.1:9392
● greenbone-security-assistant.service - Greenbone Security Assistant (gsad)
Loaded: loaded (/lib/systemd/system/greenbone-security-assistant.service; disabled; vendor preset: disabled)
Active: active (running) since Thu 2021-08-05 17:30:51 HKT; 7ms ago
Docs: man:gsad(8)
https://www.greenbone.net
Process: 12680 ExecStart=/usr/sbin/gsad --listen=127.0.0.1 --port=9392 (code=exited, status=0/SUCCESS)
Main PID: 12681 (gsad)
Tasks: 3 (limit: 12492)
Memory: 2.1M
CPU: 10ms
CGroup: /system.slice/greenbone-security-assistant.service
├─12681 /usr/sbin/gsad --listen=127.0.0.1 --port=9392
└─12682 /usr/sbin/gsad --listen=127.0.0.1 --port=9392
Aug 05 17:30:51 Fkali systemd[1]: Starting Greenbone Security Assistant (gsad)...
Aug 05 17:30:51 Fkali gsad[12680]: Oops, secure memory pool already initialized
Aug 05 17:30:51 Fkali systemd[1]: Started Greenbone Security Assistant (gsad).
● gvmd.service - Greenbone Vulnerability Manager daemon (gvmd)
Loaded: loaded (/lib/systemd/system/gvmd.service; disabled; vendor preset: disabled)
Active: active (running) since Thu 2021-08-05 17:30:46 HKT; 5s ago
Docs: man:gvmd(8)
Process: 12653 ExecStart=/usr/sbin/gvmd --osp-vt-update=/run/ospd/ospd.sock (code=exited, status=0/SUCCESS)
Main PID: 12655 (gvmd)
Tasks: 1 (limit: 12492)
Memory: 73.2M
CPU: 296ms
CGroup: /system.slice/gvmd.service
└─12655 gvmd: Waiting for incoming connections
Aug 05 17:30:45 Fkali systemd[1]: Starting Greenbone Vulnerability Manager daemon (gvmd)...
Aug 05 17:30:45 Fkali systemd[1]: gvmd.service: Can't open PID file /run/gvm/gvmd.pid (yet?) after start: Operation not permitted
Aug 05 17:30:46 Fkali systemd[1]: Started Greenbone Vulnerability Manager daemon (gvmd).
● ospd-openvas.service - OpenVAS Wrapper of the Greenbone Vulnerability Management (ospd-openvas)
Loaded: loaded (/lib/systemd/system/ospd-openvas.service; disabled; vendor preset: disabled)
Active: active (running) since Thu 2021-08-05 17:30:45 HKT; 5s ago
Docs: man:ospd-openvas(8)
man:openvas(8)
Process: 12645 ExecStart=/usr/bin/ospd-openvas --unix-socket /run/ospd/ospd.sock --pid-file /run/ospd/ospd-openvas.pid --log-file /var/log/gvm/ospd-openvas.log --lock-file-dir /var/lib/openvas (code=exited, status=0/SUCCESS)
Main PID: 12647 (ospd-openvas)
Tasks: 4 (limit: 12492)
Memory: 20.2M
CPU: 194ms
CGroup: /system.slice/ospd-openvas.service
├─12647 /usr/bin/python3 /usr/bin/ospd-openvas --unix-socket /run/ospd/ospd.sock --pid-file /run/ospd/ospd-openvas.pid --log-file /var/log/gvm/ospd-openvas.log --lock-file-dir /var/lib/openvas
└─12649 /usr/bin/python3 /usr/bin/ospd-openvas --unix-socket /run/ospd/ospd.sock --pid-file /run/ospd/ospd-openvas.pid --log-file /var/log/gvm/ospd-openvas.log --lock-file-dir /var/lib/openvas
Aug 05 17:30:45 Fkali systemd[1]: Starting OpenVAS Wrapper of the Greenbone Vulnerability Management (ospd-openvas)...
Aug 05 17:30:45 Fkali systemd[1]: Started OpenVAS Wrapper of the Greenbone Vulnerability Management (ospd-openvas).
[*] Opening Web UI (https://127.0.0.1:9392) in: 5... 4... 3... 2... 1...
root@Fkali:~/Desktop# ospd-openvas