From owner-svn-ports-all@freebsd.org Wed Jan 6 09:17:33 2021 Return-Path: Delivered-To: svn-ports-all@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id C5F4A4C98B7; Wed, 6 Jan 2021 09:17:33 +0000 (UTC) (envelope-from acm@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4D9kKT5CwWz3F8p; Wed, 6 Jan 2021 09:17:33 +0000 (UTC) (envelope-from acm@FreeBSD.org) Received: from repo.freebsd.org (repo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:0]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id A65E41BE5A; Wed, 6 Jan 2021 09:17:33 +0000 (UTC) (envelope-from acm@FreeBSD.org) Received: from repo.freebsd.org ([127.0.1.37]) by repo.freebsd.org (8.15.2/8.15.2) with ESMTP id 1069HX22095089; Wed, 6 Jan 2021 09:17:33 GMT (envelope-from acm@FreeBSD.org) Received: (from acm@localhost) by repo.freebsd.org (8.15.2/8.15.2/Submit) id 1069HXQ6095086; Wed, 6 Jan 2021 09:17:33 GMT (envelope-from acm@FreeBSD.org) Message-Id: <202101060917.1069HXQ6095086@repo.freebsd.org> X-Authentication-Warning: repo.freebsd.org: acm set sender to acm@FreeBSD.org using -f From: Jose Alonso Cardenas Marquez Date: Wed, 6 Jan 2021 09:17:33 +0000 (UTC) To: ports-committers@freebsd.org, svn-ports-all@freebsd.org, svn-ports-head@freebsd.org Subject: svn commit: r560485 - in head/security/gvm: . files X-SVN-Group: ports-head X-SVN-Commit-Author: acm X-SVN-Commit-Paths: in head/security/gvm: . files X-SVN-Commit-Revision: 560485 X-SVN-Commit-Repository: ports MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-BeenThere: svn-ports-all@freebsd.org X-Mailman-Version: 2.1.34 Precedence: list List-Id: SVN commit messages for the ports tree List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 06 Jan 2021 09:17:33 -0000 Author: acm Date: Wed Jan 6 09:17:32 2021 New Revision: 560485 URL: https://svnweb.freebsd.org/changeset/ports/560485 Log: - New port: security/gvm This is the metaport to install GVM applications and libraries. WWW: https://www.openvas.org/ Added: head/security/gvm/ head/security/gvm/Makefile (contents, props changed) head/security/gvm/files/ head/security/gvm/files/pkg-message.in (contents, props changed) head/security/gvm/pkg-descr (contents, props changed) Added: head/security/gvm/Makefile ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ head/security/gvm/Makefile Wed Jan 6 09:17:32 2021 (r560485) @@ -0,0 +1,38 @@ +# $FreeBSD$ + +PORTNAME= gvm +PORTVERSION= 20.8.0 +CATEGORIES= security + +MAINTAINER= acm@FreeBSD.org +COMMENT= Greenbone vulnerability management (metaport) + +USES= metaport python + +# Install GVM libraries +RUN_DEPENDS+= ${LOCALBASE}/lib/libgvm_base.so:security/gvm-libs + +# Install GVM Manager +RUN_DEPENDS+= ${LOCALBASE}/sbin/gvmd:security/gvmd + +# Install Scanner wrapper for OSP +RUN_DEPENDS+= ${LOCALBASE}/bin/ospd-openvas:security/py-ospd-openvas@${PY_FLAVOR} + +# Install OpenVAS Scanner +RUN_DEPENDS+= ${LOCALBASE}/sbin/openvas:security/openvas + +# Install GVM Web Interface +RUN_DEPENDS+= ${LOCALBASE}/sbin/gsad:security/greenbone-security-assistant + +SUB_FILES= pkg-message + +OPTIONS_DEFINE= PYTHON-GVM GVM-TOOLS +OPTIONS_DEFAULT= PYTHON-GVM GVM-TOOLS + +PYTHON-GVM_DESC= Install GVM python API library +GVM-TOOLS_DESC= Install GVM tools + +PYTHON-GVM_RUN_DEPENDS= ${PYTHON_PKGNAMEPREFIX}gvm>=0:security/py-python-gvm@${PY_FLAVOR} +GVM-TOOLS_RUN_DEPENDS= gvm-cli:security/py-gvm-tools@${PY_FLAVOR} + +.include Added: head/security/gvm/files/pkg-message.in ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ head/security/gvm/files/pkg-message.in Wed Jan 6 09:17:32 2021 (r560485) @@ -0,0 +1,118 @@ +[ +{ type: install + message: < /usr/local/etc/openvas/openvas.conf + +2) Add user gvm to redis group + + # pw groupmod redis -M gvm + +3) security/gvmd uses PostgreSQL database. Generally, PostgreSQL must be + installed in the same server where security/gvmd is running: + + # su postgres + # createuser -DRS gvm + # createdb -O gvm gvmd + # psql gvmd + # create role dba with superuser noinherit; + # grant dba to gvm + # create extension "uuid-ossp"; + # create extension "pgcrypto" + +4) Add the following lines to /etc/rc.conf + + redis_enable="YES" + gvmd_enable="YES" + ospd_openvas_enable="YES" + gsad_enable="YES" + +5) The following steps are neccessary before of you can access to GVM web + interface (gsad): + + Start gvmd service. It will listen on /var/run/gvmd/gvmd.sock by default + + # service gvmd start + + Create certificates + + # su -m gvm -c "gvm-manage-certs -s" + + Sync gvmd Data, SCAP and CERT + + # su -m gvm -c "greenbone-feed-sync --type GVMD_DATA" + # su -m gvm -c "greenbone-feed-sync --type SCAP" + # su -m gvm -c "greenbone-feed-sync --type CERT" + + Create an admin user and set the Feed Import Owner + + # su -m gvm -c "gvmd --create-user=myuser" + # su -m gvm -c "gvmd --user=myuser --new-password=yourpassword" + + Set the Feed Import Owner (myuser user in this example) + + # su -m gvm -c "gvmd --get-users --verbose" + myuser + + # su -m gvm -c "gvmd --modify-setting 78eceaec-3385-11ea-b237-28d24461215b --value + +6) Start OSPD-OpenVAS Wrapper service. It will listen on /var/run/ospd/ospd.sock by default + + # service ospd_openvas start + + you can test if ospd_openvas is connecting with openvas scanner with the following commands: + + # su -m gvm -c "gvmd --get-scanners" + 6acd0832-df90-11e4-b9d5-28d24461215b CVE 0 CVE + 08b69003-5fc2-4037-a479-93b440211c73 OpenVAS /var/run/ospd/ospd.sock 0 OpenVAS Default + + # su -m gvm -c "gvmd --verify-scanner=08b69003-5fc2-4037-a479-93b440211c73" + Scanner version: OpenVAS x.x.x + +7) Start GVM web interface. It will listen on http://127.0.0.1 by default + + # service gsad start + +8) Some openvas scanner tasks need access to /dev/bpf device. Add the + following lines to /etc/devfs.conf + + own bpf root:gvm + perm bpf 0660 + + And restart service for apply the changes + + # service devfs restart + +9) gvm log files are stores to /var/log/gvm directory + +10) gsad can export results to PDF. It needs print/texlive-texmf port + + # pkg install texlive-texmf + + It will install 1G of data + +11) If you need more configure information you can look at the following links: + + https://github.com/greenbone/gvmd/blob/master/INSTALL.md + https://github.com/greenbone/openvas/blob/master/INSTALL.md + https://github.com/greenbone/ospd/blob/master/doc/INSTALL-ospd-scanner.md + https://github.com/greenbone/gsa/blob/master/INSTALL.md + + and + + # gvmd -h + # openvas -h + # ospd-openvas -h + # gsad -h + +12) Enjoy it +EOM +} +] Added: head/security/gvm/pkg-descr ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ head/security/gvm/pkg-descr Wed Jan 6 09:17:32 2021 (r560485) @@ -0,0 +1,3 @@ +This is the metaport to install GVM applications and libraries. + +WWW: https://www.openvas.org/