碼上快樂

相關內容    簡體    繁體

【Kali】Kali linux 2020.3版本openvas升級gvmd&gvmd無法啟動解決方法

本文轉載自   查看原文   2021-05-21 17:03   5663    openvas/ Kali Linux/ GVM

Kali linux 2020.3 GVM使用

安裝GVM

  老版本的openvas只需要我們執行apt-get install openvas即可完成自動化的安裝,新版本中需要我們手動安裝GVM以及它的其他組件。

查看Kali版本

在安裝前先看一下Kali的版本:

# uname -a                                                                                                                                127 ↵
Linux F0rGeEk 5.10.0-kali7-amd64 #1 SMP Debian 5.10.28-1kali1 (2021-04-12) x86_64 GNU/Linux

安裝組件

需要安裝的組件有:

apt-get install gvmd gvmd-common gvmd-dbgsym

初始化

安裝完成之后可以通過gvm-setup進行初始化:

# gvm-setup
ERROR: The default postgresql version is not 13 required by libgvmd
Error: Use pg_upgradecluster to update your postgres cluster

分析報錯信息

  通過執行初始化命令后,發現有報錯信息無法進行初始化配置。分析報錯信息可知,主要原因是postgresql版本的問題導致無法進行初始化。

查看postgresql版本

通過dpkg -l | grep postgresql 可以查看當前系統中安裝的postgresql是什么版本:

# dpkg -l | grep postgresql                                                                                                                 1 ↵
ii  postgresql                               13+225                              all          object-relational SQL database (supported version)
ii  postgresql-11                            11.6-2~sid1                         amd64        object-relational SQL database, version 11 server
ii  postgresql-12                            12.4-3                              amd64        object-relational SQL database, version 12 server
ii  postgresql-13                            13.2-1                              amd64        The World's Most Advanced Open Source Relational Database
ii  postgresql-client-11                     11.6-2~sid1                         amd64        front-end programs for PostgreSQL 11
ii  postgresql-client-12                     12.4-3                              amd64        front-end programs for PostgreSQL 12
ii  postgresql-client-13                     13.2-1                              amd64        front-end programs for PostgreSQL 13
ii  postgresql-client-common                 225                                 all          manager for multiple PostgreSQL client versions
ii  postgresql-common                        225                                 all          PostgreSQL database-cluster manager

  通過查看可知,kali默認是在原有postgresql基礎上進行更新,並且保留了歷史版本。我這里有三個版本11、12、13,通過執行pg_lsclusters可以得知這三個版本的postgresql都在運行。新版本postgresql通過在默認5432這個端口的基礎上進行累加從而避免端口占用。

查看postgresql監聽端口

# pg_lsclusters
Ver Cluster Port Status Owner    Data directory              Log file
11  main    5432 online postgres /var/lib/postgresql/11/main /var/log/postgresql/postgresql-11-main.log
12  main    5433 online postgres /var/lib/postgresql/12/main /var/log/postgresql/postgresql-12-main.log
13  main    5434 online postgres /var/lib/postgresql/13/main /var/log/postgresql/postgresql-13-main.log

  通過上述情況來看可以分析,GVM在啟動的時候會去使用postgresql的默認端口5432去連接它,並且通過這個連接來判斷當前postgresql版本。如果版本低於13則無法正常啟動,因為GVM是基於postgresql 13 這個版本的。
  經過一番查找發現,這是Kali2020.3這個版本的一個bug。官方也有人提過這個bug,當然也給出了解決方案。感興趣的朋友可以根據bug編號去查看處理過程。

報錯解決過程

過程綜述

  整個解決過程分為以下6步,每個步驟執行的詳細過程下文會單獨貼出來。

1. 停止pg_clusters
sudo pg_dropcluster 12 main --stop
sudo pg_dropcluster 13 main --stop

2. 確定所有clusters已停止
sudo pg_lsclusters

3. 重新執行gvm setup
sudo gvm-check-setup

4. 創建V13版本的pgsql並啟動
sudo pg_createcluster 13 main
sudo pg_ctlcluster 13 main start

5. 操作pqsql數據庫並創建用戶
sudo runuser -u postgres -- /usr/share/gvm/create-postgresql-database
sudo runuser -u _gvm -- gvmd --create-user=admin --password=<your_password_not_mine_obviously>

6. 最后檢查狀態
sudo gvm-check-setup
sudo gvm-start

執行gvm-check-setup

  首先執行gvm-check-setup,看看具體報錯信息

gvm-check-setup
gvm-check-setup 20.8.0
  Test completeness and readiness of GVM-20.8.0
Step 1: Checking OpenVAS (Scanner)...
        OK: OpenVAS Scanner is present in version 20.8.1.
        OK: Server CA Certificate is present as /var/lib/gvm/CA/servercert.pem.
Checking permissions of /var/lib/openvas/gnupg/*
        OK: _gvm owns all files in /var/lib/openvas/gnupg
        OK: redis-server is present.
        OK: scanner (db_address setting) is configured properly using the redis-server socket: /var/run/redis-openvas/redis-server.sock
        OK: redis-server is running and listening on socket: /var/run/redis-openvas/redis-server.sock.
        OK: redis-server configuration is OK and redis-server is running.
        ERROR: _gvm group or _gvm user does not own all the files in /var/lib/openvas/plugins
        FIX: Run 'chown -R _gvm:_gvm /var/lib/openvas/plugins'

 ERROR: Your GVM-20.8.0 installation is not yet complete!

Please follow the instructions marked with FIX above and run this
script again.

  通過上面輸出內容,我們發現gvm組和用戶有問題,並提示執行"chown -R _gvm:_gvm /var/lib/openvas/plugins"進行修復。

修復並再次檢查

# chown -R _gvm:_gvm /var/lib/openvas/plugins
# gvm-check-setup
gvm-check-setup 20.8.0
  Test completeness and readiness of GVM-20.8.0
Step 1: Checking OpenVAS (Scanner)...
        OK: OpenVAS Scanner is present in version 20.8.1.
        OK: Server CA Certificate is present as /var/lib/gvm/CA/servercert.pem.
Checking permissions of /var/lib/openvas/gnupg/*
        OK: _gvm owns all files in /var/lib/openvas/gnupg
        OK: redis-server is present.
        OK: scanner (db_address setting) is configured properly using the redis-server socket: /var/run/redis-openvas/redis-server.sock
        OK: redis-server is running and listening on socket: /var/run/redis-openvas/redis-server.sock.
        OK: redis-server configuration is OK and redis-server is running.
        OK: _gvm owns all files in /var/lib/openvas/plugins
        OK: NVT collection in /var/lib/openvas/plugins contains 61068 NVTs.
Checking that the obsolete redis database has been removed
        OK: No old Redis DB
        OK: ospd-OpenVAS is present in version 20.8.1.
Step 2: Checking GVMD Manager ...
        OK: GVM Manager (gvmd) is present in version 20.08.1.
Step 3: Checking Certificates ...
        OK: GVM client certificate is valid and present as /var/lib/gvm/CA/clientcert.pem.
        OK: Your GVM certificate infrastructure passed validation.
Step 4: Checking data ...
        OK: SCAP data found in /var/lib/gvm/scap-data.
        OK: CERT data found in /var/lib/gvm/cert-data.
Step 5: Checking Postgresql DB and user ...
        ERROR: The default postgresql version is not the one used for gvmd compilation: (11, need 13).
        FIX: Please use pg_upgradecluster to upgrade your postgresql installation

 ERROR: Your GVM-20.8.0 installation is not yet complete!

Please follow the instructions marked with FIX above and run this
script again.

  這次報錯主要是postgresql版本的問題,下面我們按照綜述中的步驟依次解決:

停止pg_clusters

#  pg_lsclusters                                                                                                                            
Ver Cluster Port Status Owner    Data directory              Log file
11  main    5432 online postgres /var/lib/postgresql/11/main /var/log/postgresql/postgresql-11-main.log
12  main    5433 online postgres /var/lib/postgresql/12/main /var/log/postgresql/postgresql-12-main.log
13  main    5434 online postgres /var/lib/postgresql/13/main /var/log/postgresql/postgresql-13-main.log

# pg_dropcluster 11 main --stop
╭─root@F0rGeEk ~
╰─# pg_dropcluster 12 main --stop
╭─root@F0rGeEk ~
╰─# pg_dropcluster 13 main --stop
 #### 再次檢查
# pg_lsclusters
Ver Cluster Port Status Owner Data directory Log file

╭─root@F0rGeEk ~ 
╰─# gvm-check-setup 
gvm-check-setup 20.8.0
  Test completeness and readiness of GVM-20.8.0
Step 1: Checking OpenVAS (Scanner)... 
        OK: OpenVAS Scanner is present in version 20.8.1.
        OK: Server CA Certificate is present as /var/lib/gvm/CA/servercert.pem.
Checking permissions of /var/lib/openvas/gnupg/*
        OK: _gvm owns all files in /var/lib/openvas/gnupg
        OK: redis-server is present.
        OK: scanner (db_address setting) is configured properly using the redis-server socket: /var/run/redis-openvas/redis-server.sock
        OK: redis-server is running and listening on socket: /var/run/redis-openvas/redis-server.sock.
        OK: redis-server configuration is OK and redis-server is running.
        OK: _gvm owns all files in /var/lib/openvas/plugins
        OK: NVT collection in /var/lib/openvas/plugins contains 61068 NVTs.
Checking that the obsolete redis database has been removed
        OK: No old Redis DB
        OK: ospd-OpenVAS is present in version 20.8.1.
Step 2: Checking GVMD Manager ... 
        OK: GVM Manager (gvmd) is present in version 20.08.1.
Step 3: Checking Certificates ... 
        OK: GVM client certificate is valid and present as /var/lib/gvm/CA/clientcert.pem.
        OK: Your GVM certificate infrastructure passed validation.
Step 4: Checking data ... 
        OK: SCAP data found in /var/lib/gvm/scap-data.
        OK: CERT data found in /var/lib/gvm/cert-data.
Step 5: Checking Postgresql DB and user ... 
/usr/bin/gvm-check-setup: line 353: [: =: unary operator expected
/usr/bin/gvm-check-setup: line 359: [: -ne: unary operator expected
        OK: Postgresql version and default port are OK.
psql: error: could not connect to server: No such file or directory
	Is the server running locally and accepting
	connections on Unix domain socket "/var/run/postgresql/.s.PGSQL.5432"?
        ERROR: The Postgresql DB does not exist.
        FIX: Run 'sudo runuser -u postgres -- /usr/share/gvm/create-postgresql-database'

 ERROR: Your GVM-20.8.0 installation is not yet complete!

Please follow the instructions marked with FIX above and run this
script again.

  通過上面檢查結果可以看出,版本問題已解決,不再提示版本錯誤信息。這里的錯誤信息是說The Postgresql DB不存在,同時也給出了解決方法:“sudo runuser -u postgres -- /usr/share/gvm/create-postgresql-database”

啟用V13版本postgresql並創建用戶

# pg_createcluster 13 main                                                                                                                 
Creating new PostgreSQL cluster 13/main ...
/usr/lib/postgresql/13/bin/initdb -D /var/lib/postgresql/13/main --auth-local peer --auth-host md5
The files belonging to this database system will be owned by user "postgres".
This user must also own the server process.

The database cluster will be initialized with locale "en_US.UTF-8".
The default database encoding has accordingly been set to "UTF8".
The default text search configuration will be set to "english".

Data page checksums are disabled.

fixing permissions on existing directory /var/lib/postgresql/13/main ... ok
creating subdirectories ... ok
selecting dynamic shared memory implementation ... posix
selecting default max_connections ... 100
selecting default shared_buffers ... 128MB
selecting default time zone ... Asia/Ulaanbaatar
creating configuration files ... ok
running bootstrap script ... ok
performing post-bootstrap initialization ... ok
syncing data to disk ... ok

Success. You can now start the database server using:

    pg_ctlcluster 13 main start

Ver Cluster Port Status Owner    Data directory              Log file
13  main    5432 down   postgres /var/lib/postgresql/13/main /var/log/postgresql/postgresql-13-main.log
 ### 啟動V13版本
╭─root@F0rGeEk ~ 
╰─# pg_ctlcluster 13 main start
 ### 創建數據庫
╭─root@F0rGeEk ~ 
╰─# runuser -u postgres -- /usr/share/gvm/create-postgresql-database
CREATE ROLE
GRANT ROLE
CREATE EXTENSION
CREATE EXTENSION
 ### 創建用戶
╭─root@F0rGeEk ~ 
╰─# runuser -u _gvm -- gvmd --create-user=admin --password=admin                                                                              1 ↵
User created.

  再次檢查

#  gvm-check-setup
gvm-check-setup 20.8.0
  Test completeness and readiness of GVM-20.8.0
Step 1: Checking OpenVAS (Scanner)... 
        OK: OpenVAS Scanner is present in version 20.8.1.
        OK: Server CA Certificate is present as /var/lib/gvm/CA/servercert.pem.
Checking permissions of /var/lib/openvas/gnupg/*
        OK: _gvm owns all files in /var/lib/openvas/gnupg
        OK: redis-server is present.
        OK: scanner (db_address setting) is configured properly using the redis-server socket: /var/run/redis-openvas/redis-server.sock
        OK: redis-server is running and listening on socket: /var/run/redis-openvas/redis-server.sock.
        OK: redis-server configuration is OK and redis-server is running.
        OK: _gvm owns all files in /var/lib/openvas/plugins
        OK: NVT collection in /var/lib/openvas/plugins contains 61068 NVTs.
Checking that the obsolete redis database has been removed
        OK: No old Redis DB
        OK: ospd-OpenVAS is present in version 20.8.1.
Step 2: Checking GVMD Manager ... 
        OK: GVM Manager (gvmd) is present in version 20.08.1.
Step 3: Checking Certificates ... 
        OK: GVM client certificate is valid and present as /var/lib/gvm/CA/clientcert.pem.
        OK: Your GVM certificate infrastructure passed validation.
Step 4: Checking data ... 
        OK: SCAP data found in /var/lib/gvm/scap-data.
        OK: CERT data found in /var/lib/gvm/cert-data.
Step 5: Checking Postgresql DB and user ... 
        OK: Postgresql version and default port are OK.
 gvmd      | _gvm     | UTF8     | en_US.UTF-8 | en_US.UTF-8 | 
        OK: At least one user exists.
Step 6: Checking Greenbone Security Assistant (GSA) ... 
Oops, secure memory pool already initialized
        OK: Greenbone Security Assistant is present in version 20.08.1~git.
Step 7: Checking if GVM services are up and running ... 
        OK: ospd-openvas service is active.
        OK: gvmd service is active.
        Starting greenbone-security-assistant service
        Waiting for greenbone-security-assistant service
        OK: greenbone-security-assistant service is active.
Step 8: Checking few other requirements...
        OK: nmap is present in version 20.08.1~git.
        OK: ssh-keygen found, LSC credential generation for GNU/Linux targets is likely to work.
        WARNING: Could not find makensis binary, LSC credential package generation for Microsoft Windows targets will not work.
        SUGGEST: Install nsis.
        OK: xsltproc found.
        WARNING: Your password policy is empty.
        SUGGEST: Edit the /etc/gvm/pwpolicy.conf file to set a password policy.

It seems like your GVM-20.8.0 installation is OK.

啟動GVM

# gvm-start
[-] Something is already using port: 9392/tcp
COMMAND    PID USER   FD   TYPE  DEVICE SIZE/OFF NODE NAME
gsad    445980 _gvm    5u  IPv4 9849865      0t0  TCP localhost:9392 (LISTEN)

UID          PID    PPID  C STIME TTY      STAT   TIME CMD
_gvm      445980       1  0 11:16 ?        Sl     0:00 /usr/sbin/gsad --listen=127.0.0.1 --port=9392

### 查看gvmd服務狀態

╭─root@F0rGeEk ~
╰─# service gvmd status                                                                                                                       
● gvmd.service - Greenbone Vulnerability Manager daemon (gvmd)
     Loaded: loaded (/lib/systemd/system/gvmd.service; disabled; vendor preset: disabled)
     Active: active (running) since Fri 2021-05-21 11:15:47 +08; 49s ago
       Docs: man:gvmd(8)
    Process: 445783 ExecStart=/usr/sbin/gvmd --osp-vt-update=/run/ospd/ospd.sock (code=exited, status=0/SUCCESS)
   Main PID: 445785 (gvmd)
      Tasks: 5 (limit: 18697)
     Memory: 1.1G
        CPU: 1min 29.686s
     CGroup: /system.slice/gvmd.service
             ├─445785 gvmd: Waiting for incoming connections
             ├─445812 gpg-agent --homedir /var/lib/gvm/gvmd/gnupg --use-standard-socket --daemon
             ├─445822 gvmd: Reloading NVTs
             ├─445823 gvmd: Syncing SCAP: Updating CPEs
             └─445824 gvmd: OSP: Updating NVT cache

May 21 11:15:45 F0rGeEk systemd[1]: Starting Greenbone Vulnerability Manager daemon (gvmd)...
May 21 11:15:45 F0rGeEk systemd[1]: gvmd.service: Can't open PID file /run/gvm/gvmd.pid (yet?) after start: Operation not permitted
May 21 11:15:47 F0rGeEk systemd[1]: Started Greenbone Vulnerability Manager daemon (gvmd).

大工告成


免責聲明!

本站轉載的文章為個人學習借鑒使用,本站對版權不負任何法律責任。如果侵犯了您的隱私權益,請聯系本站郵箱yoyou2525@163.com刪除。



猜您在找 Kali Linux更新后無法啟動解決了 Hadoop在linux下無法啟動DataNode解決方法 VirtualBox安裝kali linux過程及安裝后無法全屏問題解決方法(2) 【Kali】Kali Linux升級內核5.8.0后VMware Workstation無法啟動 kali無法獲取ip地址的解決方法 codeblocks20版本無法找到編譯器的解決方法 64位版本的Windows不兼容,masm無法運行解決方法 Apache服務無法啟動的解決方法 iReport - 無法正常啟動的解決方法 mysql無法啟動的解決方法
 
粵ICP備18138465號   © 2018-2025 CODEPRJ.COM