- Building 22.4 from Source#
- Hardware Requirements#
- Prerequisites#
- Creating a User and a Group#
- Adjusting the Current User#
- Choosing an Install Prefix#
- Setting the PATH#
- Creating a Source, Build and Install Directory#
- Choosing the Installation Source#
- Installing Common Build Dependencies#
- Importing the Greenbone Signing Key#
- Building and Installing the Components#
- gvm-libs#
- gvmd#
Building 22.4 from Source#
Additionally, a basic knowledge about the architecture of the Greenbone Community Edition is required to follow this guide.
This guide is intended for developers who want to try out the newest features and/or want to get familiar with the source code. It is not intended for production setups.
Currently the docs support the following distributions
Most likely, other Debian derivatives like Mint and Kali will also work with only minor adjustments required.
Hardware Requirements#
Prerequisites#
Please follow the guide step by step. Later steps might require settings or output of a previous command.
The command sudo is used for executing commands that require privileged access on the system.
Creating a User and a Group#
The services provided by the Greenbone Community Edition should run as a dedicated user and group. Therefore a gvm user and a group with the same name will be created.
sudo useradd -r -M -U -G sudo -s /usr/sbin/nologin gvm
sudo useradd -r -M -U -G wheel -s /usr/sbin/nologin gvm
Adjusting the Current User#
To allow the current user to run gvmd he must be added to the gvm group. To make the group change effective either logout and login again or use su.
sudo usermod -aG gvm $USER su $USER
Choosing an Install Prefix#
Before building the software stack, a (root) directory must be chosen where the built software will finally be installed. For example, when building packages, the distribution developers set this path to /usr .
By default, it is /usr/local which is also used in this guide. This directory will be stored in an environment variable INSTALL_PREFIX to be able to reference it later.
export INSTALL_PREFIX=/usr/local
Setting the PATH#
On Debian systems the locations /sbin , /usr/sbin and /usr/local/sbin are not in the PATH of normal users. To run gvmd which is located in /usr/local/sbin the PATH environment variable should be adjusted.
export PATH=$PATH:$INSTALL_PREFIX/sbin
Creating a Source, Build and Install Directory#
To separate the sources and the build artifacts, a source and a build directory must be created.
This source directory will be used later in this guide via an environment variable SOURCE_DIR . Accordingly, a variable BUILD_DIR will be set for the build directory. Both can be set to any directory to which the current user has write permissions. Therefore directories in the current user’s home directory are chosen in this guide.
export SOURCE_DIR=$HOME/source mkdir -p $SOURCE_DIR
export BUILD_DIR=$HOME/build mkdir -p $BUILD_DIR
Additionally, an install directory will be set as an environment variable INSTALL_DIR . It is used as a temporary installation directory before moving all built artifacts to the final destination.
export INSTALL_DIR=$HOME/install mkdir -p $INSTALL_DIR
Choosing the Installation Source#
For building the GVM software stack, three different sources can be chosen depending on the desired stability:
- Building from release tarballs
- Building from git tags
- Building from release branches
Linux distributions use the release tarballs because it is the most common and well known method to share source code.
Newer build systems may stick with the git tags.
If you are a developer and very familiar with building from source already, you may also try out using the git release branches. These have the advantage that they contain the newest fixes which may not yet be included in the release tarballs or git tags. As a downside, the release branches may contain only partially fixed issues and need to be updated more often.
This guide will use the tarballs to build the software.
Installing Common Build Dependencies#
For downloading, configuring, building and installing the Greenbone Community Edition components, several tools and applications are required. To install this requirements the following commands can be used:
sudo apt update sudo apt install --no-install-recommends --assume-yes \ build-essential \ curl \ cmake \ pkg-config \ python3 \ python3-pip \ gnupg
sudo dnf upgrade -y sudo dnf groupinstall 'Development Tools' -y sudo dnf install -y \ cmake \ python3-pip \ tar \ gcc-c++ sudo tee /etc/ld.so.conf.d/local.conf /usr/local/lib /usr/local/lib64 EOF sudo ldconfig sudo dnf remove net-snmp net-snmp-devel sudo dnf install -y \ systemd \ gcc \ openssl-devel \ bzip2-devel \ elfutils-devel \ libselinux-devel \ elfutils-libelf-devel \ rpm-devel \ perl-devel \ procps \ python3-devel \ python3-setuptools \ chrpath \ mariadb-connector-c-devel curl -O https://netcologne.dl.sourceforge.net/project/net-snmp/net-snmp/5.9.1/net-snmp-5.9.1.tar.gz tar xzf net-snmp-5.9.1.tar.gz cd net-snmp-5.9.1 ./configure make sedscript make -j$(nproc) sudo make install
sudo dnf config-manager --set-enabled crb sudo dnf install -y epel-release epel-next-release sudo dnf upgrade -y sudo dnf groupinstall 'Development Tools' -y sudo dnf install -y \ cmake \ python3-pip \ tar \ gcc-c++ \ doxygen \ xmltoman sudo tee /etc/ld.so.conf.d/local.conf /usr/local/lib /usr/local/lib64 EOF sudo ldconfig sudo dnf remove net-snmp net-snmp-devel sudo dnf install -y \ systemd \ gcc \ openssl-devel \ bzip2-devel \ elfutils-devel \ libselinux-devel \ elfutils-libelf-devel \ rpm-devel \ perl-devel \ procps \ python3-devel \ python3-setuptools \ chrpath \ mariadb-connector-c-devel curl -O https://netcologne.dl.sourceforge.net/project/net-snmp/net-snmp/5.9.1/net-snmp-5.9.1.tar.gz tar xzf net-snmp-5.9.1.tar.gz cd net-snmp-5.9.1 ./configure make -j$(nproc) sudo make install curl -o paho.mqtt.c.tar.gz https://codeload.github.com/eclipse/paho.mqtt.c/tar.gz/refs/tags/v1.3.10 tar xzf paho.mqtt.c.tar.gz cd paho.mqtt.c-1.3.10 mkdir build && cd build cmake .. make -j$(nproc) sudo make install
Importing the Greenbone Signing Key#
To validate the integrity of the downloaded source files, GnuPG is used. It requires downloading the Greenbone Community Signing public key and importing it into the current user’s keychain.
curl -f -L https://www.greenbone.net/GBCommunitySigningKey.asc -o /tmp/GBCommunitySigningKey.asc gpg --import /tmp/GBCommunitySigningKey.asc
For understanding the validation output of the gpg tool, it is best to mark the Greenbone Community Signing key as fully trusted.
echo "8AE4BE429B60A59B311C2E739823FAA60ED1E580:6:" | gpg --import-ownertrust
Building and Installing the Components#
The components should be build and installed in the listed order.
gvm-libs#
gvm-libs is a C library providing basic functionality like XML parsing and network communication. It is used in openvas-scanner, gvmd, gsad and pg-gvm.
export GVM_LIBS_VERSION=22.6.3
sudo apt install -y \ libglib2.0-dev \ libgpgme-dev \ libgnutls28-dev \ uuid-dev \ libssh-gcrypt-dev \ libhiredis-dev \ libxml2-dev \ libpcap-dev \ libnet1-dev \ libpaho-mqtt-dev
sudo apt install -y \ libldap2-dev \ libradcli-dev
sudo dnf install -y \ glib2-devel \ gpgme-devel \ gnutls-devel \ libgcrypt-devel \ libuuid-devel \ libssh-devel \ hiredis-devel \ libxml2-devel \ libpcap-devel \ libnet-devel \ paho-c-devel
sudo dnf install -y \ openldap-devel \ radcli-devel
sudo dnf install -y \ glib2-devel \ gpgme-devel \ gnutls-devel \ libgcrypt-devel \ libuuid-devel \ libssh-devel \ hiredis-devel \ libxml2-devel \ libpcap-devel \ libnet-devel \ uuid-devel
sudo dnf install -y \ openldap-devel \ radcli-devel
curl -f -L https://github.com/greenbone/gvm-libs/archive/refs/tags/v$GVM_LIBS_VERSION.tar.gz -o $SOURCE_DIR/gvm-libs-$GVM_LIBS_VERSION.tar.gz curl -f -L https://github.com/greenbone/gvm-libs/releases/download/v$GVM_LIBS_VERSION/gvm-libs-v$GVM_LIBS_VERSION.tar.gz.asc -o $SOURCE_DIR/gvm-libs-$GVM_LIBS_VERSION.tar.gz.asc
gpg --verify $SOURCE_DIR/gvm-libs-$GVM_LIBS_VERSION.tar.gz.asc $SOURCE_DIR/gvm-libs-$GVM_LIBS_VERSION.tar.gz
The output of the last command should be similar to:
gpg: Signature made Fri Apr 16 08:31:02 2021 UTC gpg: using RSA key 9823FAA60ED1E580 gpg: Good signature from "Greenbone Community Feed integrity key" [ultimate]
If the signature is valid, the tarball can be extracted.
tar -C $SOURCE_DIR -xvzf $SOURCE_DIR/gvm-libs-$GVM_LIBS_VERSION.tar.gz
Afterwards, gvm-libs can be build and installed.
mkdir -p $BUILD_DIR/gvm-libs && cd $BUILD_DIR/gvm-libs cmake $SOURCE_DIR/gvm-libs-$GVM_LIBS_VERSION \ -DCMAKE_INSTALL_PREFIX=$INSTALL_PREFIX \ -DCMAKE_BUILD_TYPE=Release \ -DSYSCONFDIR=/etc \ -DLOCALSTATEDIR=/var make -j$(nproc)
mkdir -p $BUILD_DIR/gvm-libs && cd $BUILD_DIR/gvm-libs cmake $SOURCE_DIR/gvm-libs-$GVM_LIBS_VERSION \ -DCMAKE_INSTALL_PREFIX=$INSTALL_PREFIX \ -DCMAKE_BUILD_TYPE=Release \ -DSYSCONFDIR=/etc \ -DLOCALSTATEDIR=/var \ -DCMAKE_C_FLAGS="-O2" \ -DCMAKE_C_FLAGS_RELEASE="-O2" make -j$(nproc)
mkdir -p $INSTALL_DIR/gvm-libs make DESTDIR=$INSTALL_DIR/gvm-libs install sudo cp -rv $INSTALL_DIR/gvm-libs/* /
gvmd#
The Greenbone Vulnerability Management Daemon (gvmd) is the main service of the Greenbone Community Edition. It handles authentication, scan management, vulnerability information, reporting, alerting, scheduling and much more. As a storage backend, it uses a PostgreSQL database.
sudo apt install -y \ libglib2.0-dev \ libgnutls28-dev \ libpq-dev \ postgresql-server-dev-15 \ libical-dev \ xsltproc \ rsync \ libbsd-dev \ libgpgme-dev
sudo apt install -y --no-install-recommends \ texlive-latex-extra \ texlive-fonts-recommended \ xmlstarlet \ zip \ rpm \ fakeroot \ dpkg \ nsis \ gnupg \ gpgsm \ wget \ sshpass \ openssh-client \ socat \ snmp \ python3 \ smbclient \ python3-lxml \ gnutls-bin \ xml-twig-tools
sudo apt install -y \ libglib2.0-dev \ libgnutls28-dev \ libpq-dev \ postgresql-server-dev-14 \ libical-dev \ xsltproc \ rsync \ libbsd-dev \ libgpgme-dev
sudo apt install -y --no-install-recommends \ texlive-latex-extra \ texlive-fonts-recommended \ xmlstarlet \ zip \ rpm \ fakeroot \ dpkg \ nsis \ gnupg \ gpgsm \ wget \ sshpass \ openssh-client \ socat \ snmp \ python3 \ smbclient \ python3-lxml \ gnutls-bin \ xml-twig-tools
sudo dnf install -y \ glib2-devel \ gnutls-devel \ postgresql-server-devel \ libical-devel \ xsltproc \ rsync \ libbsd-devel \ gpgme-devel
sudo dnf install -y --setopt=install_weak_deps=False \ texlive-scheme-medium \ texlive-fontawesome \ texlive-fontmfizz \ texlive-fonts-churchslavonic \ texlive-fontsetup \ texlive-fontsize \ texlive-fonttable \ fontawesome-fonts \ gnupg2-smime \ openssh-clients \ xmlstarlet \ zip \ rpm \ fakeroot \ dpkg \ mingw64-nsis \ gnupg \ wget \ sshpass \ socat \ samba-client \ python3-lxml \ gnutls-utils \ perl-XML-Twig
sudo dnf install -y \ glib2-devel \ gnutls-devel \ postgresql-server-devel \ libical-devel \ libxslt \ rsync \ libbsd-devel \ gpgme-devel
sudo dnf install -y --setopt=install_weak_deps=False \ texlive* \ gnupg2-smime \ openssh-clients \ xmlstarlet \ zip \ rpm \ fakeroot \ dpkg \ gnupg \ wget \ sshpass \ socat \ samba-client \ python3-lxml \ gnutls-utils \ perl-XML-Twig
curl -f -L https://github.com/greenbone/gvmd/archive/refs/tags/v$GVMD_VERSION.tar.gz -o $SOURCE_DIR/gvmd-$GVMD_VERSION.tar.gz curl -f -L https://github.com/greenbone/gvmd/releases/download/v$GVMD_VERSION/gvmd-$GVMD_VERSION.tar.gz.asc -o $SOURCE_DIR/gvmd-$GVMD_VERSION.tar.gz.asc
gpg --verify $SOURCE_DIR/gvmd-$GVMD_VERSION.tar.gz.asc $SOURCE_DIR/gvmd-$GVMD_VERSION.tar.gz
The output of the last command should be similar to:
gpg: Signature made Fri Apr 16 08:31:02 2021 UTC gpg: using RSA key 9823FAA60ED1E580 gpg: Good signature from "Greenbone Community Feed integrity key" [ultimate]
If the signature is valid the tarball can be extracted.
tar -C $SOURCE_DIR -xvzf $SOURCE_DIR/gvmd-$GVMD_VERSION.tar.gz
mkdir -p $BUILD_DIR/gvmd && cd $BUILD_DIR/gvmd cmake $SOURCE_DIR/gvmd-$GVMD_VERSION \ -DCMAKE_INSTALL_PREFIX=$INSTALL_PREFIX \ -DCMAKE_BUILD_TYPE=Release \ -DLOCALSTATEDIR=/var \ -DSYSCONFDIR=/etc \ -DGVM_DATA_DIR=/var \ -DGVMD_RUN_DIR=/run/gvmd \ -DOPENVAS_DEFAULT_SOCKET=/run/ospd/ospd-openvas.sock \ -DGVM_FEED_LOCK_PATH=/var/lib/gvm/feed-update.lock \ -DSYSTEMD_SERVICE_DIR=/lib/systemd/system \ -DLOGROTATE_DIR=/etc/logrotate.d make -j$(nproc)
mkdir -p $BUILD_DIR/gvmd && cd $BUILD_DIR/gvmd cmake $SOURCE_DIR/gvmd-$GVMD_VERSION \ -DCMAKE_INSTALL_PREFIX=$INSTALL_PREFIX \ -DCMAKE_BUILD_TYPE=Release \ -DLOCALSTATEDIR=/var \ -DSYSCONFDIR=/etc \ -DGVM_DATA_DIR=/var \ -DGVMD_RUN_DIR=/run/gvmd \ -DOPENVAS_DEFAULT_SOCKET=/run/ospd/ospd-openvas.sock \ -DGVM_FEED_LOCK_PATH=/var/lib/gvm/feed-update.lock \ -DSYSTEMD_SERVICE_DIR=/lib/systemd/system \ -DLOGROTATE_DIR=/etc/logrotate.d sudo mkdir /usr/include/postgresql sudo cp /usr/include/libpq-fe.h /usr/include/postgresql/libpq-fe.h make -j$(nproc)