Results 1 to 9 of 9

Thread: Install Openvas 9 with Postgres on Kali linux Rolling

  1. #1
    Join Date

    Install Openvas 9 with Postgres on Kali linux Rolling

    NB: This guide is designed for Postgres 9.6, Kali have after releasing this guide updated to Postgres 10. Make sure you have Postgres 9.6 installed (and not 10) when using this guide. If you make Postgres 10 work with this guide, let me know the steps you took and I'll incorporate it in the guide.

    Inspired by 0x4E0x650x6FŽ guide: Install Openvas 8 with Postgres on Kali linux Rolling
    Sadly 0x4E0x650x6FŽ guide doesn't work for the newest version of the OpenVAS-Mangager, as it have been changed with Openvas-9.
    This guide is an updated version of 0x4E0x650x6FŽ guide, and goes through the steeps needed to compile OpenVAS-manager to use PostgreSQL and how-to set up OpenVAS so that it runs using PostgreSQL as the database instead of SQLite.

    This guide is made for Kali rolling, but it might work for other systems. Please also keep in mind that all versions number are from when this guide was made, so newer versions may have been released since then. So if a specific package can’t be found, it may because a newer version have replaced it.

    All of the commands run in this guide is run as a superuser.

    Install and setup PostgreSQL
    First of PostgreSQL needs to be installed
    apt-get install postgresql
    service postgresql start
    Next setup the user and database with is going to be used by the OpenVAS-manager. These commands needs to be run as the postgres user, as it is the default super user for PostgreSQL.
    sudo -u postgres createuser root
    sudo -u postgres createdb -O root tasks
    Next up the newly created database need to be setup so that the OpenVAS-manager can use it. Start by opening the database (still as the postgres user).
    sudo -u postgres psql tasks
    Run the following queries to configure the database.
    create role dba with superuser noinherit;
    grant dba to root;
    create extension "uuid-ossp";
    That is all for configuring the database. Use \q to exit the database.
    Finally install a couple of dependences needed to OpenVAS to use the database.
    apt-get install postgresql-contrib
    apt-get install postgresql-server-dev-9.6
    Building and install the OpenVAS-manager
    First of find a place to download the OpenVAS-manager source code to. I create a folder openvas to keep all the files in.
    cd / 
    mkdir -p openvas/debs
    cd openvas/
    Next up we need to configure apt-get to also include the Kali source repositories. Edit the file “/etc/apt/sources.list” and remove the out commenting of the line “deb-src kali-rolling main non-free contrib”. I use nano for this.
    nano /etc/apt/sources.list
    # Enable deb-src by uncommenting it
    Finally, we need the dpkg-dev package, to be able to build and install from the OpenVAS-manager source.
    apt-get install dpkg-dev
    We are now ready to retrieve the OpenVAS-manager source.
    apt-get source openvas-manager
    Before compiling the source, we need to check for any missing dependences and make some minor adjustment so that the OpenVAS-manager will use the PostgreSQL database. First we check for missing dependencies for the manager.
    cd openvas-manager-7.0.2/
    This returns a list of missing dependences needed for the OpenVAS-manager. If it didn’t return anything, you already got everything you need so everything’s great, if it did return missing dependences, you need to apt-get install each of them.
    When you got all the dependences, we need to configure the source code to use PostgreSQL instead of SQLite. First of we need to change the Debian build rules located in “debain/rules” and add the following command "-DBACKEND=POSTGRESQL" to the “override_dh_auto_configure” command. Ones again I use nano for this.
    nano debain/rules
    # Added "-DBACKEND=POSTGRESQL" to the “override_dh_auto_configure” command
    Next we need to added ad PostgrSQL to the installation content and configure the manager service to use PostgreSQL instead of the default SQLite database.
    echo "usr/lib/openvasmd/pg" >> debian/openvas-manager.dirs
    echo "usr/lib/openvasmd/pg" >> debian/openvas-manager.install
    sed -i -- 's/\/var\/lib\/openvas\/mgr\/tasks.db/tasks/g' debian/openvas-manager.service
    The OpenVAS-manager is now ready for compilation and installation. If you already have the OpenVAS-manager installed, you should remove it before installing the new one.
    apt-get remove openvasmd
    Now for compiling and installing the manager. We use dpkg to build and install the manager. Also I move all the Debian installation file to the openvas/debain folder, to keep order in the files.
    dpkg-buildpackage -uc -us
    mv ../*.deb ../debs/
    dpkg -i ../debs/openvas-manager*.deb
    The installation may fail, if any dependencies are found to be missing. In the case apt-get install the missing dependencies and rerun the dpkg command.
    After installing the openvas-manager you should hold all its packages so it is not accidently overridden by a SQLite version in a later update (remember you have to manually update the openvas-manager from the source code).
    apt-mark hold openvas-manager
    apt-mark hold openvas-manager-common
    apt-mark hold openvas-manager-dbgsym
    If you’re installing OpenVAS from scratch, you can now install the rest of OpenVAS
    # Only if installing OpenVAS from scrath
    apt-get install openvas
    Setting up OpenVAS to the use manager
    If you’re migrating an existing OpenVAS solution from SQLite, you need to FIRST run the migrate command
    # Only if migrating exsiting OpenVAS from SQLite
    Next we need to (re)build the database
    opevasmd –rebuild
    If you are doing a fresh installation of ZAP we also need to complete the ZAP setup
    #Only if installing OpenVAS from scrath
    Finally we need to update the greenbone data.
    That should be all, you should now be able to start up OpenVAS, with should now be using PostgreSQL instead of SQLite.
    Last edited by Egerod; 2018-02-27 at 08:39. Reason: Added note about using Postgres 9.6.

  2. #2
    And thank you for this guide. Given that we are now about 3 months later, on my Kaliy 2017.3, Postgres is at version 10.

    Can I assume that I just need to change the version in the install of the server-dev files?

    Thanks again!

  3. #3
    Join Date
    Hello i have error on this step
    dpkg-buildpackage -uc -us

    How to fix it?

  4. #4
    Join Date
    dpkg-buildpackage -uc -us
    gets error on -DBECKEND=POSTGRESQL , same as Veter.
    any idea?

  5. #5
    Join Date
    From my testing Postgres v10 doesn't work with the setup in this guide, and that is most likely the cause of the errors, as Postgres have been updated to v10 on the latest Kali distribution.
    To make the current guide work you should use Postgres 9.6.
    If I get the time, I'll have a look at updating the guide to use Postgres 10. If anyone else figures it out in the meantime let me know, and I'll update the guide.

  6. #6
    Join Date
    Try this (debian/rules):

    dh_auto_configure -- -DPOSTGRESQL_LIBRARY=/usr/lib/x86_64-linux-gnu/ -DPostgreSQL_TYPE_INCLUDE_DIR=/usr/include/postgresql/ -DBACKEND=POSTGRESQL -DCMAKE_INSTALL_PREFIX=/usr -DSYSCONFDIR=/etc -DLOCALSTATEDIR=/var

    I got it working myself using PostgreSQL 10

  7. #7
    Join Date
    Hey everyone, I'm trying to migrate our installation to Postgres and the migration script is failing with a duplicate key error. I've opened the SQLite tasks.db file and looked at the table but cannot find a duplicate for the entry mentioned. Here is the error:

    <31>Sep 27 15:40:05 openvas-migrate-to-postgres: PG: SELECT string_agg ('"' || column_name || '"', ',') from (select column_name from information_schema.columns where table_schema = 'public' and table_name = 'nvt_preferences' order by ordinal_position) as sub;
    <31>Sep 27 15:40:05 openvas-migrate-to-postgres: COLS: "id","name","value"
    <31>Sep 27 15:40:05 openvas-migrate-to-postgres: PG: COPY nvt_preferences ( "id","name","value") FROM STDIN DELIMITER ',' CSV
    ERROR: duplicate key value violates unique constraint "nvt_preferences_name_key"
    DETAIL: Key (name)=(IT-Grundschutz M5.009: Protokollierung am Server[checkbox]:Alle Logfile-Eintr?ge Auflisten) already exists.
    CONTEXT: COPY nvt_preferences, line 100
    <27>Sep 27 15:40:05 openvas-migrate-to-postgres: COPY nvt_preferences ( "id","name","value") FROM STDIN DELIMITER ',' CSV: psql exited with code 1 for sql: COPY nvt_preferences ( "id","name","value") FROM STDIN DELIMITER ',' CSV.
    <27>Sep 27 15:40:05 openvas-migrate-to-postgres: Could not generate CSV for nvt_preferences: sql command exited with code 1.

    UPDATE 1:
    I was able to get the migration script to finish by modifying it so that it doesn't export duplicate keys from the nvt_preferences table by modifying line 1179.

    This is the changes I made:

    if [ "$TABLE" != "nvt_preferences" ]

    Now everything is migrated over and the database seems to be using postgres. I'm able to login and see my reports, scan configs, and tasks. However, I have an issue on the dashboard where it is giving an error: "SCAP and/or CERT database missing on OMP server." Sure enough if I got to SecInfo -> All Security Info it comes back empty. Tried running the greenbone-*-sync scripts and openvasmd --rebuild but it didn't seem to fix it.

    Is there a way to manually repopulate this information into the database or fix this?

    UPDATE 2:
    Ok, I think I'm moving closer...

    I found that the sync scripts had POSTGRES=0 set and changed that to 1.

    I was able to initialize the Postgres Vulns schemas but doing the following:

    cd /usr/share/openvas/cert
    psql tasks < cert_db_init.sql

    cd /usr/share/openvas/scap
    psql tasks < scap_db_init.sql

    I had then hoped running the sync scripts would populate the tables with data, but no such luck. It seems the scripts are not working. Do I need to get different versions of the scripts to use with Postgres? Here is the version numbers for the scripts:

    Last edited by maiki; 2018-09-28 at 11:29. Reason: Merge posts

  8. #8
    Join Date
    Hey everyone, I was able to figure out how to get the Secinfo DB to be updated. I looked through the update scripts and noticed that I could enable logger to display to stderr by adding a -s switch. This allowed me to then run the scripts and notice that they kept saying that the DB was up to date and didn't need to by synced. It turns out that it was updating the old SQLite DB files. I simply deleted those and deleted all the data in the CERT_DIR and SCAP_DIR directories and then ran the scripts again. This then redownloaded the content and inserted it into the DB.

    In short:
    If your SecInfo DB is empty after migrating to Postgres and the scripts aren't updating them, delete all the CERT_DIR and SCAP_DIR data and then rerun the update scripts.

  9. #9
    I deleted the CERT_DIR and SCAP_DIR daos and then ran the update scripts but it gives me a halfway error, what can I be doing wrong?

Similar Threads

  1. Replies: 0
    Last Post: 2016-09-19, 02:02
  2. Install Openvas 8 with Postgres on Kali linux Rolling
    By 0x4E0x650x6FŽ in forum How-To Archive
    Replies: 0
    Last Post: 2016-08-02, 16:28

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts