NB: This guide is designed for Postgres 9.6, Kali have after releasing this guide updated to Postgres 10. Make sure you have Postgres 9.6 installed (and not 10) when using this guide. If you make Postgres 10 work with this guide, let me know the steps you took and I'll incorporate it in the guide.
Inspired by 0x4E0x650x6FŽ guide: Install Openvas 8 with Postgres on Kali linux Rolling
Sadly 0x4E0x650x6FŽ guide doesn't work for the newest version of the OpenVAS-Mangager, as it have been changed with Openvas-9.
This guide is an updated version of 0x4E0x650x6FŽ guide, and goes through the steeps needed to compile OpenVAS-manager to use PostgreSQL and how-to set up OpenVAS so that it runs using PostgreSQL as the database instead of SQLite.
This guide is made for Kali rolling, but it might work for other systems. Please also keep in mind that all versions number are from when this guide was made, so newer versions may have been released since then. So if a specific package can’t be found, it may because a newer version have replaced it.
All of the commands run in this guide is run as a superuser.
Install and setup PostgreSQL
First of PostgreSQL needs to be installed
Code:
apt-get install postgresql
service postgresql start
Next setup the user and database with is going to be used by the OpenVAS-manager. These commands needs to be run as the postgres user, as it is the default super user for PostgreSQL.
Code:
sudo -u postgres createuser root
sudo -u postgres createdb -O root tasks
Next up the newly created database need to be setup so that the OpenVAS-manager can use it. Start by opening the database (still as the postgres user).
Code:
sudo -u postgres psql tasks
Run the following queries to configure the database.
Code:
create role dba with superuser noinherit;
grant dba to root;
create extension "uuid-ossp";
That is all for configuring the database. Use \q to exit the database.
Finally install a couple of dependences needed to OpenVAS to use the database.
Code:
apt-get install postgresql-contrib
apt-get install postgresql-server-dev-9.6
Building and install the OpenVAS-manager
First of find a place to download the OpenVAS-manager source code to. I create a folder openvas to keep all the files in.
Code:
cd /
mkdir -p openvas/debs
cd openvas/
Next up we need to configure apt-get to also include the Kali source repositories. Edit the file “/etc/apt/sources.list” and remove the out commenting of the line “deb-src http://http.kali.org/kali kali-rolling main non-free contrib”. I use nano for this.
Code:
nano /etc/apt/sources.list
# Enable deb-src by uncommenting it
Finally, we need the dpkg-dev package, to be able to build and install from the OpenVAS-manager source.
Code:
apt-get install dpkg-dev
We are now ready to retrieve the OpenVAS-manager source.
Code:
apt-get source openvas-manager
Before compiling the source, we need to check for any missing dependences and make some minor adjustment so that the OpenVAS-manager will use the PostgreSQL database. First we check for missing dependencies for the manager.
Code:
cd openvas-manager-7.0.2/
dpkg-checkbuilddeps
This returns a list of missing dependences needed for the OpenVAS-manager. If it didn’t return anything, you already got everything you need so everything’s great, if it did return missing dependences, you need to apt-get install each of them.
When you got all the dependences, we need to configure the source code to use PostgreSQL instead of SQLite. First of we need to change the Debian build rules located in “debain/rules” and add the following command "-DBACKEND=POSTGRESQL" to the “override_dh_auto_configure” command. Ones again I use nano for this.
Code:
nano debain/rules
# Added "-DBACKEND=POSTGRESQL" to the “override_dh_auto_configure” command
Next we need to added ad PostgrSQL to the installation content and configure the manager service to use PostgreSQL instead of the default SQLite database.
Code:
echo "usr/lib/openvasmd/pg" >> debian/openvas-manager.dirs
echo "usr/lib/openvasmd/pg" >> debian/openvas-manager.install
sed -i -- 's/\/var\/lib\/openvas\/mgr\/tasks.db/tasks/g' debian/openvas-manager.service
The OpenVAS-manager is now ready for compilation and installation. If you already have the OpenVAS-manager installed, you should remove it before installing the new one.
Code:
# ONLY IF YOU HAVE OPENVAS-MANAGER ALREADY INSTALLED
openvas-stop
apt-get remove openvasmd
Now for compiling and installing the manager. We use dpkg to build and install the manager. Also I move all the Debian installation file to the openvas/debain folder, to keep order in the files.
Code:
dpkg-buildpackage -uc -us
mv ../*.deb ../debs/
dpkg -i ../debs/openvas-manager*.deb
The installation may fail, if any dependencies are found to be missing. In the case apt-get install the missing dependencies and rerun the dpkg command.
After installing the openvas-manager you should hold all its packages so it is not accidently overridden by a SQLite version in a later update (remember you have to manually update the openvas-manager from the source code).
Code:
apt-mark hold openvas-manager
apt-mark hold openvas-manager-common
apt-mark hold openvas-manager-dbgsym
If you’re installing OpenVAS from scratch, you can now install the rest of OpenVAS
Code:
# Only if installing OpenVAS from scrath
apt-get install openvas
Setting up OpenVAS to the use manager
If you’re migrating an existing OpenVAS solution from SQLite, you need to FIRST run the migrate command
Code:
# Only if migrating exsiting OpenVAS from SQLite
openvas-migrate-to-postgres
Next we need to (re)build the database
If you are doing a fresh installation of ZAP we also need to complete the ZAP setup
Code:
#Only if installing OpenVAS from scrath
openvas-setup
Finally we need to update the greenbone data.
Code:
greenbone-scapdata-sync
greenbone-certdata-sync
greenbone-nvt-sync
That should be all, you should now be able to start up OpenVAS, with should now be using PostgreSQL instead of SQLite.