How To Install GVM Vulnerability Scanner on Ubuntu 24.04 LTS

In this tutorial, we will show you how to install GVM Vulnerability Scanner on Ubuntu 24.04 LTS. In today’s rapidly evolving digital landscape, cybersecurity has become a paramount concern for organizations of all sizes. One of the most effective ways to bolster your network’s security is through vulnerability management. The Greenbone Vulnerability Management (GVM) system, formerly known as OpenVAS, stands out as a powerful, open-source solution for identifying and addressing security vulnerabilities in your IT infrastructure.

This article assumes you have at least basic knowledge of Linux, know how to use the shell, and most importantly, you host your site on your own VPS. The installation is quite simple and assumes you are running in the root account, if not you may need to add ‘sudo‘ to the commands to get root privileges. I will show you the step-by-step installation of the GVM Vulnerability Scanner on Ubuntu 24.04 (Noble Numbat). You can follow the same instructions for Ubuntu 22.04 and any other Debian-based distribution like Linux Mint, Elementary OS, Pop!_OS, and more as well.

Prerequisites

• A server running one of the following operating systems: Ubuntu and any other Debian-based distribution like Linux Mint.
• It’s recommended that you use a fresh OS install to prevent any potential issues.
• Basic familiarity with the command line interface.
• SSH access to the server (or just open Terminal if you’re on a desktop).
• At least 4GB of RAM (8GB recommended for optimal performance).
• 20GB of free disk space.
• A processor with at least 2 cores.
• An active internet connection. You’ll need an internet connection to download the necessary packages and dependencies.
• An Ubuntu 24.04 system with root access or a user with sudo privileges.

Install GVM Vulnerability Scanner on Ubuntu 24.04

Step 1. Updating the Package Repository.

 Begin by ensuring your system is up-to-date. Open a terminal and run the following commands:

sudo apt update
sudo apt upgrade

This step refreshes your package lists and upgrades all installed packages to their latest versions.

Step 2. Installing Required Dependencies.

GVM relies on a variety of libraries and tools. Install them using the following command:

sudo apt install gcc g++ make bison flex libksba-dev curl redis libpcap-dev cmake git pkg-config libglib2.0-dev libgpgme-dev nmap libgnutls28-dev uuid-dev libssh-gcrypt-dev libldap2-dev gnutls-bin libmicrohttpd-dev libhiredis-dev zlib1g-dev libxml2-dev libnet-dev libradcli-dev clang-format libldap2-dev doxygen gcc-mingw-w64 xml-twig-tools libical-dev perl-base heimdal-dev libpopt-dev libunistring-dev graphviz libsnmp-dev python3-setuptools python3-paramiko python3-lxml python3-defusedxml python3-dev gettext python3-polib xmltoman python3-pip texlive-fonts-recommended texlive-latex-extra xsltproc rsync libpaho-mqtt-dev libbsd-dev libjson-glib-dev python3-packaging python3-wrapt python3-cffi python3-psutil python3-redis python3-gnupg python3-paho-mqtt mosquitto libgcrypt20-dev redis-server libcurl4-gnutls-dev --no-install-recommends -y

This comprehensive list of packages provides the necessary tools and libraries for building and running GVM components.

Step 3. Installing NodeJS.

GVM’s web interface requires NodeJS. Install it using these commands:

curl -fsSL https://deb.nodesource.com/gpgkey/nodesource-repo.gpg.key | sudo gpg --dearmor -o /etc/apt/trusted.gpg.d/node.gpg
echo "deb https://deb.nodesource.com/node_20.x nodistro main" | sudo tee /etc/apt/sources.list.d/node.list
sudo apt update
sudo apt install nodejs

These commands add the NodeJS repository, update the package list, and install NodeJS.

Step 4. Installing PostgreSQL.

GVM uses PostgreSQL as its database. Install and configure it with these commands:

sudo apt install postgresql postgresql-contrib postgresql-server-dev-all
sudo -Hiu postgres createuser gvm
sudo -Hiu postgres createdb -O gvm gvmd
sudo -Hiu postgres psql gvmd -c "create role dba with superuser noinherit;"
sudo -Hiu postgres psql gvmd -c "grant dba to gvm;"
sudo systemctl restart postgresql
sudo systemctl enable postgresql

These commands install PostgreSQL, create a GVM user and database, and set up the necessary permissions.

Step 5. Create GVM User.

Create a dedicated user for GVM operations:

sudo useradd -r -d /opt/gvm -c "GVM User" -s /bin/bash gvm
sudo mkdir /opt/gvm && sudo chown gvm: /opt/gvm
echo "gvm ALL = NOPASSWD: $(which make) install, $(which python3)" | sudo tee /etc/sudoers.d/gvm
visudo -c -f /etc/sudoers.d/gvm

This step creates a non-privileged GVM user and grants necessary permissions for installation and execution.

Step 6. Build and Install GVM Components.

Now, we’ll build and install each GVM component from the source. This process is time-consuming but ensures you have the latest versions with all features.

GVM Libraries:

cd /opt/gvm/gvm-source
GVM_LIBS=22.9.1
wget https://github.com/greenbone/gvm-libs/archive/refs/tags/v${GVM_LIBS}.tar.gz -O gvm-libs-v${GVM_LIBS}.tar.gz
tar xzf gvm-libs-v${GVM_LIBS}.tar.gz
cd gvm-libs-${GVM_LIBS}
mkdir build && cd build
cmake ..
make && sudo make install

Greenbone Vulnerability Manager:

cd /opt/gvm/gvm-source
GVMD=23.2.0
wget https://github.com/greenbone/gvmd/archive/refs/tags/v${GVMD}.tar.gz -O gvmd-v${GVMD}.tar.gz
tar xzf gvmd-v${GVMD}.tar.gz
cd gvmd-${GVMD}
mkdir build && cd build
cmake ..
make && sudo make install

Step 7. Configure Redis for OpenVAS

Configure Redis to work with OpenVAS:

sudo cp /opt/gvm/gvm-source/openvas-scanner-23.2.0/config/redis-openvas.conf /etc/redis/
sudo chown redis:redis /etc/redis/redis-openvas.conf
echo "db_address = /run/redis-openvas/redis.sock" | sudo tee /etc/openvas/openvas.conf
sudo usermod -aG redis gvm
sudo systemctl restart redis-server

These commands set up Redis for use with OpenVAS, ensuring proper communication between components.

Step 8. Configure Mosquitto MQTT Broker.

Set up the Mosquitto MQTT broker:

echo "mqtt_server_uri = localhost:1883
table_driven_lsc = yes" | sudo tee -a /etc/openvas/openvas.conf
sudo systemctl enable --now mosquitto

This configuration enables MQTT communication, which is crucial for certain GVM features.

Step 9. Update Network Vulnerability Tests (NVTs).

Populate your GVM installation with the latest vulnerability tests:

sudo -Hiu gvm greenbone-nvt-sync
sudo -Hiu gvm sudo openvas --update-vt-info

These commands download and update the vulnerability test database, ensuring your scanner can detect the latest known vulnerabilities.

Step 10. Create Systemd Service Units.

Create systemd service units to manage GVM components:

sudo tee /etc/systemd/system/ospd-openvas.service << 'EOL'
[Unit]
Description=OSPd Wrapper for the OpenVAS Scanner (ospd-openvas)
After=network.target networking.service redis-server@openvas.service mosquitto.service
[Service]
Type=exec
User=gvm
Group=gvm
ExecStart=/usr/local/bin/ospd-openvas --foreground --unix-socket /run/ospd/ospd-openvas.sock --pid-file /run/ospd/ospd-openvas.pid --log-file /var/log/gvm/ospd-openvas.log
Restart=always
[Install]
WantedBy=multi-user.target
EOL
sudo systemctl daemon-reload
sudo systemctl enable --now ospd-openvas

Repeat this process for other GVM components (gvmd, gsad) to ensure they start automatically on system boot.

Step 11. Generate GVM Certificates

Generate the necessary certificates for secure communication:

sudo -Hiu gvm gvm-manage-certs -a

This command creates SSL certificates used by various GVM components for encrypted communication.

Step 12. Create GVM Admin User

Create an administrative user for accessing the GVM web interface:

sudo -Hiu gvm gvmd --create-user admin

Make sure to note down the password generated for this admin user, as you’ll need it to log in to the web interface.

Step 13. Access GVM Web Interface.

With the installation complete, you can now access the GVM web interface:

1. 1. Open a web browser and navigate to https://<your-server-ip>
   2. Accept the self-signed SSL certificate warning (or replace with a valid certificate for production use)
   3. Log in with the admin credentials created in the previous step

Congratulations! You have successfully installed OpenVAS. Thanks for using this tutorial for installing GVM Vulnerability Scanner on the Ubuntu 24.04 LTS system. For additional help or useful information, we recommend you check the official GVM website.