Greenbone Vulnerability Scanner
What is Vulnerability Management?
"Vulnerability management is an IT security process that aims to find vulnerabilities in the IT infrastructure, classify their severity and, in addition, provide a list of actions to be taken to address the vulnerabilities. The goal is to eliminate vulnerabilities so that they can no longer pose a risk." - taken from the greenbone.net website.
First steps...
In an effort to play with as many tools as I can I decided
to install Greenbone Vulnerability Scanner. It’s a tool that has featured in
some of the online training platforms I’ve used like Try Hack Me so it was a
good choice to try. I’ve already got a Nessus Essentials scanner but seeing how many
different tools work can be useful to see which I prefer and which works best
for me. This is a bit of a long one so go grab a brew now then strap in….
I kicked off the research by watching a couple of YouTube video’s and installation looked pretty simple so I went ahead and installed a fresh Kali Purple VM on my ProxMox machine. Probably not the best choice of OS as I found out after a few issues but it was the OS used in the videos and it seemed to work for the presenters. GVM is the package used to install the scanner, manager, portal and all the dependencies required to make it work.
Sometimes it doesn't always work out...
My first attempt failed miserably. I installed Kali and updated it, installed GVM and ran the setup script. After running the “check-setup” script
to make sure everything had gone to plan I tried to connect to the Web Portal
from a different computer to find that it wasn’t reachable. So, I went back to
the Kali VM and launched Firefox to connect to the portal on the loopback
address … but that didn’t work either. I had the right address each time and
the port number but nothing would connect. Then, I realised a major mistake I’d
made … I didn’t take a snapshot of the VM after installing and updating Kali. I
was so rushed to get the tool installed and get playing with it I carried out a
cardinal sin! Nothing I tried would resolve the issue and after turning to
Google for a bit of research I discovered that Kali is NOT a supported OS to
run GVM on and people who’d had the same issue as me didn’t seem to get any other
answers than “install it on a supported OS”. Well, I’d seen it work on Kali so
being as it’s a VM I hit the big delete button and started again.
If at first you don't succeed...
This time I installed Kali, ran the updates and then took a snapshot, I wasn’t going to waste all that time again! After that, I installed GVM and then went and watched some TV whilst the setup ran. Coming back to the VM I had my login password and was feeling hopeful. I ran the check set up script and all looked good. This time, I fired up Firefox, punched in the Loopback address and port and … Hey Presto! I’m in!
I’d seen some other issues that people had had with GVM so I tried to execute a quick scan and encountered the same as a lot of the others … a “Failed to find config” error. Luckily, there was a YouTube video to help. The fix suggested was to run the feed update scripts to update the feeds and scan configs then everything magically works. NO it doesn’t – well not for me anyway. Back to Google where I found a forum where this very issues was being discussed (and the obligatory “Kali isn’t a supported OS” message was repeated many times. The fix offered was to run individual feed update scripts (instead of the default bulk one that I had done) and then I read the important bit at the bottom … “WAIT!”. Turns out that updating the feeds pulls down the updates, then GVM needs to import them for things to work properly (which it does as part of the script but in the background). You need to check the ‘Administration/Feed Status’ page and wait for all the entries to turn to current. So, I ran the scripts one by one and watched some more TV. On my return I checked the terminal to make sure all was complete and noticed that this time, the scripts seemed to had pulled down incremental files, which may have been what was needed to complete the update. I checked the Scan Configs and BOOM! There they were, all the Feed updates showed as ‘Current’.
I was so excited to go run my first scan, I almost forgot ….. SNAPSHOT! Snapshot taken and my very first Greenbone scan was under way. The good news … “0’s” across the board 😊.
Next steps for me...
I’m planning to move this ProxMox machine to my IOT network
so I can scan all of the lovely speakers and camera’s etc I have to see just
how secure they are, and if I spot a few older ones with some nice
vulnerabilities … well, they may get replaced with new ones and then the old ones used
as targets!
Final thoughts and process...
I wouldn’t say that this was a quick project, although it
was all done in a day I was hoping for more like a couple of hours but there
again, I did come across issues. So, here’s basically the steps needed to
install, setup and update the Greenbone Vulnerability Scanner:
Install / use a Linux VM as the base OS – Greenbone suggested on their forum post from May 2022 that “Debian 11 should be fine” but I can confirm that this works on Kali! (Missing scan configuration - Archive / Greenbone Community Edition - Greenbone Community Forum)
- On the Linux machine, run “sudo apt update” – to make sure your repos are cleaned up and up to date.
- Now run sudo apt install gvm – this installs the GVM program and any dependencies, but you can’t use it yet!
- Once the install has completed, run sudo gvm-setup – this may take a while, grab a brew.
- Once the setup has completed a system generated password for the ‘admin’ user account will be shown near the end of the setup output. It’s big! Copy it and paste it into a text file and save it. There are ways to get around it if you don’t but it just makes life easier if you do.
- Now run sudo gvm-check-setup -h – this should only take a couple of minutes, check the output to see if there was any errors, you should get a line at the bottom to say it looks ok.
- Once the check is complete, run sudo gvm-feed-update -h – this will trigger the feed updates … and may take a while … grab a brew! You can also connect to the portal now at: “hxxps://127.0.0.1:9392”, log in with user name “admin” and your system generated password (you did save it didn’t you???) and navigate to ‘Administration/Feed Updates’ to monitor their progress.
- Once everything is showing as complete, you can try a quick scan to see if it works. If it does, congratulations, you now have a Greenbone Vulnerability Scanner. If it presents an error message then run these additional steps, one at a time:
o Run sudo runuser -u _gvm -- greenbone-nvt-sync and wait for it to complete
o Run sudo runuser -u _gvm -- greenbone-feed-sync --type SCAP and wait for it to
complete
o Run sudo runuser -u _gvm -- greenbone-feed-sync --type CERT and wait for it to complete
o Run sudo runuser -u _gvm -- greenbone-feed-sync --type GVMD_DATA and wait for it to
complete
o Now
go to the Feed Updates page on the portal and wait for them all to complete ...
maybe time for another brew! Possibly some biscuits? Well, you do have the
time!
o Once
they’re all complete try a quick scan. If it still doesn't work after
this, my only advice is to leave it running and try again later. After that,
revert to an earlier snapshot before you installed GVM and start it again … wait
… you did take a snapshot right?
Thanks for reading,
Rich.
Credits:
Vulnerability Management | Open Source and GDPR-compliant - Greenbone
Kali Linux 2023.1 Release (Kali Purple & Python Changes) | Kali Linux Blog
No comments:
Post a Comment