How To Install GVM Vulnerability Scanner on Ubuntu 24.04 LTS
In this tutorial, we will show you how to install GVM Vulnerability Scanner on Ubuntu 24.04 LTS. In today’s rapidly evolving digital landscape, cybersecurity has become a paramount concern for organizations of all sizes. One of the most effective ways to bolster your network’s security is through vulnerability management. The Greenbone Vulnerability Management (GVM) system, formerly known as OpenVAS, stands out as a powerful, open-source solution for identifying and addressing security vulnerabilities in your IT infrastructure.
This article assumes you have at least basic knowledge of Linux, know how to use the shell, and most importantly, you host your site on your own VPS. The installation is quite simple and assumes you are running in the root account, if not you may need to add ‘sudo‘ to the commands to get root privileges. I will show you the step-by-step installation of the GVM Vulnerability Scanner on Ubuntu 24.04 (Noble Numbat). You can follow the same instructions for Ubuntu 22.04 and any other Debian-based distribution like Linux Mint, Elementary OS, Pop!_OS, and more as well.
Prerequisites
- A server running one of the following operating systems: Ubuntu and any other Debian-based distribution like Linux Mint.
- It’s recommended that you use a fresh OS install to prevent any potential issues.
- Basic familiarity with the command line interface.
- SSH access to the server (or just open Terminal if you’re on a desktop).
- At least 4GB of RAM (8GB recommended for optimal performance).
- 20GB of free disk space.
- A processor with at least 2 cores.
- An active internet connection. You’ll need an internet connection to download the necessary packages and dependencies.
- An Ubuntu 24.04 system with root access or a user with sudo privileges.
Install GVM Vulnerability Scanner on Ubuntu 24.04
Step 1. Updating the Package Repository.
Begin by ensuring your system is up-to-date. Open a terminal and run the following commands:
sudo apt update sudo apt upgrade
This step refreshes your package lists and upgrades all installed packages to their latest versions.
Step 2. Installing Required Dependencies.
GVM relies on a variety of libraries and tools. Install them using the following command:
sudo apt install gcc g++ make bison flex libksba-dev curl redis libpcap-dev cmake git pkg-config libglib2.0-dev libgpgme-dev nmap libgnutls28-dev uuid-dev libssh-gcrypt-dev libldap2-dev gnutls-bin libmicrohttpd-dev libhiredis-dev zlib1g-dev libxml2-dev libnet-dev libradcli-dev clang-format libldap2-dev doxygen gcc-mingw-w64 xml-twig-tools libical-dev perl-base heimdal-dev libpopt-dev libunistring-dev graphviz libsnmp-dev python3-setuptools python3-paramiko python3-lxml python3-defusedxml python3-dev gettext python3-polib xmltoman python3-pip texlive-fonts-recommended texlive-latex-extra xsltproc rsync libpaho-mqtt-dev libbsd-dev libjson-glib-dev python3-packaging python3-wrapt python3-cffi python3-psutil python3-redis python3-gnupg python3-paho-mqtt mosquitto libgcrypt20-dev redis-server libcurl4-gnutls-dev --no-install-recommends -y
This comprehensive list of packages provides the necessary tools and libraries for building and running GVM components.
Step 3. Installing NodeJS.
GVM’s web interface requires NodeJS. Install it using these commands:
curl -fsSL https://deb.nodesource.com/gpgkey/nodesource-repo.gpg.key | sudo gpg --dearmor -o /etc/apt/trusted.gpg.d/node.gpg echo "deb https://deb.nodesource.com/node_20.x nodistro main" | sudo tee /etc/apt/sources.list.d/node.list sudo apt update sudo apt install nodejs
These commands add the NodeJS repository, update the package list, and install NodeJS.
Step 4. Installing PostgreSQL.
GVM uses PostgreSQL as its database. Install and configure it with these commands:
sudo apt install postgresql postgresql-contrib postgresql-server-dev-all sudo -Hiu postgres createuser gvm sudo -Hiu postgres createdb -O gvm gvmd sudo -Hiu postgres psql gvmd -c "create role dba with superuser noinherit;" sudo -Hiu postgres psql gvmd -c "grant dba to gvm;" sudo systemctl restart postgresql sudo systemctl enable postgresql
These commands install PostgreSQL, create a GVM user and database, and set up the necessary permissions.
Step 5. Create GVM User.
Create a dedicated user for GVM operations:
sudo useradd -r -d /opt/gvm -c "GVM User" -s /bin/bash gvm sudo mkdir /opt/gvm && sudo chown gvm: /opt/gvm echo "gvm ALL = NOPASSWD: $(which make) install, $(which python3)" | sudo tee /etc/sudoers.d/gvm visudo -c -f /etc/sudoers.d/gvm
This step creates a non-privileged GVM user and grants necessary permissions for installation and execution.
Step 6. Build and Install GVM Components.
Now, we’ll build and install each GVM component from the source. This process is time-consuming but ensures you have the latest versions with all features.
GVM Libraries:
cd /opt/gvm/gvm-source
GVM_LIBS=22.9.1
wget https://github.com/greenbone/gvm-libs/archive/refs/tags/v${GVM_LIBS}.tar.gz -O gvm-libs-v${GVM_LIBS}.tar.gz
tar xzf gvm-libs-v${GVM_LIBS}.tar.gz
cd gvm-libs-${GVM_LIBS}
mkdir build && cd build
cmake ..
make && sudo make install
Greenbone Vulnerability Manager:
cd /opt/gvm/gvm-source
GVMD=23.2.0
wget https://github.com/greenbone/gvmd/archive/refs/tags/v${GVMD}.tar.gz -O gvmd-v${GVMD}.tar.gz
tar xzf gvmd-v${GVMD}.tar.gz
cd gvmd-${GVMD}
mkdir build && cd build
cmake ..
make && sudo make install
Step 7. Configure Redis for OpenVAS
Configure Redis to work with OpenVAS:
sudo cp /opt/gvm/gvm-source/openvas-scanner-23.2.0/config/redis-openvas.conf /etc/redis/ sudo chown redis:redis /etc/redis/redis-openvas.conf echo "db_address = /run/redis-openvas/redis.sock" | sudo tee /etc/openvas/openvas.conf sudo usermod -aG redis gvm sudo systemctl restart redis-server
These commands set up Redis for use with OpenVAS, ensuring proper communication between components.
Step 8. Configure Mosquitto MQTT Broker.
Set up the Mosquitto MQTT broker:
echo "mqtt_server_uri = localhost:1883 table_driven_lsc = yes" | sudo tee -a /etc/openvas/openvas.conf sudo systemctl enable --now mosquitto
This configuration enables MQTT communication, which is crucial for certain GVM features.
Step 9. Update Network Vulnerability Tests (NVTs).
Populate your GVM installation with the latest vulnerability tests:
sudo -Hiu gvm greenbone-nvt-sync sudo -Hiu gvm sudo openvas --update-vt-info
These commands download and update the vulnerability test database, ensuring your scanner can detect the latest known vulnerabilities.
Step 10. Create Systemd Service Units.
Create systemd service units to manage GVM components:
sudo tee /etc/systemd/system/ospd-openvas.service << 'EOL' [Unit] Description=OSPd Wrapper for the OpenVAS Scanner (ospd-openvas) After=network.target networking.service redis-server@openvas.service mosquitto.service [Service] Type=exec User=gvm Group=gvm ExecStart=/usr/local/bin/ospd-openvas --foreground --unix-socket /run/ospd/ospd-openvas.sock --pid-file /run/ospd/ospd-openvas.pid --log-file /var/log/gvm/ospd-openvas.log Restart=always [Install] WantedBy=multi-user.target EOL sudo systemctl daemon-reload sudo systemctl enable --now ospd-openvas
Repeat this process for other GVM components (gvmd, gsad) to ensure they start automatically on system boot.
Step 11. Generate GVM Certificates
Generate the necessary certificates for secure communication:
sudo -Hiu gvm gvm-manage-certs -a
This command creates SSL certificates used by various GVM components for encrypted communication.
Step 12. Create GVM Admin User
Create an administrative user for accessing the GVM web interface:
sudo -Hiu gvm gvmd --create-user admin
Make sure to note down the password generated for this admin user, as you’ll need it to log in to the web interface.
Step 13. Access GVM Web Interface.
With the installation complete, you can now access the GVM web interface:
-
- Open a web browser and navigate to
https://<your-server-ip> - Accept the self-signed SSL certificate warning (or replace with a valid certificate for production use)
- Log in with the admin credentials created in the previous step
- Open a web browser and navigate to
Congratulations! You have successfully installed OpenVAS. Thanks for using this tutorial for installing GVM Vulnerability Scanner on the Ubuntu 24.04 LTS system. For additional help or useful information, we recommend you check the official GVM website.
