OpenVAS Documentation #103
Open
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
DaintyJet
reviewed
Nov 26, 2024
| @@ -0,0 +1,419 @@ | |||
| # OpenVAS (Greenbone Vulnerability Manager) | |||
There was a problem hiding this comment.
Would be good to add a little Author note, something like
Suggested change
| # OpenVAS (Greenbone Vulnerability Manager) | |
| # OpenVAS (Greenbone Vulnerability Manager) | |
| Written By: Ryan Widdop | |
| --- |
Not sure how to spell your last name, this is just from your Github username.
DaintyJet
reviewed
Nov 26, 2024
Comment on lines
+16
to
+33
| ``` | ||
| sudo install -m 0755 -d /etc/apt/keyrings | ||
| ``` | ||
| ``` | ||
| curl -fsSL https://download.docker.com/linux/ubuntu/gpg | sudo gpg --dearmor -o /etc/apt/keyrings/docker.gpg | ||
| ``` | ||
| ``` | ||
| sudo chmod a+r /etc/apt/keyrings/docker.gpg | ||
| ``` | ||
| ``` | ||
| echo \ | ||
| "deb [arch="$(dpkg --print-architecture)" signed-by=/etc/apt/keyrings/docker.gpg] https://download.docker.com/linux/ubuntu \ | ||
| "$(. /etc/os-release && echo "$VERSION_CODENAME")" stable" | \ | ||
| sudo tee /etc/apt/sources.list.d/docker.list > /dev/null | ||
| ``` | ||
| ``` | ||
| sudo apt update | ||
| ``` |
There was a problem hiding this comment.
Maybe it would be good to do a little bullet point between each of the commands in order to give a little background of why we are doing this and what it does?
So if the commands do not work in the future we have more to work off. similar feedback for other points.
DaintyJet
reviewed
Nov 26, 2024
Comment on lines
+102
to
+103
| <details> | ||
| <summary>Example docker-compose.yml (Click):</summary> |
There was a problem hiding this comment.
Neet, I have seen this done in others but we should use it more (That is HTML in MD docs)
DaintyJet
reviewed
Nov 26, 2024
|
|
||
| 5. **Starting The Docker Containers** | ||
|
|
||
| > [!NOTE] This process could take a long time (Possibly several hours) depending on your machine's resources. Consider using tmux to run commands in order to save and come back. |
There was a problem hiding this comment.
Probably modify this to IMPORTANT since it is a good note, but we want them to stand out more and it is quite important they know this will take a long time.
Also it is not rendered properly
Suggested change
| > [!NOTE] This process could take a long time (Possibly several hours) depending on your machine's resources. Consider using tmux to run commands in order to save and come back. | |
| > [!IMPORTANT] | |
| > This process could take a long time (Possibly several hours) depending on your machine's resources. Consider using tmux to run commands in order to save and come back. |
DaintyJet
reviewed
Nov 26, 2024
Comment on lines
+369
to
+370
| docker compose -f $DOWNLOAD_DIR/docker-compose.yml -p greenbone-community-edition \ | ||
| exec -u gvmd gvmd gvmd --user=admin --new-password='<PASSWORD>' |
There was a problem hiding this comment.
Might be good to add a point that they should replace . I think it is common knowledge to replace anything between the brackets but always good to be safe.
DaintyJet
reviewed
Nov 26, 2024
| By clicking on a vulnerability you can see a description. It will you show you a summary, score, insight, detection method, impact, and solution for each vulnerability. Additionally, it will give you links to the vulnerability disclosure which you can use to see methods of exploiting the vulnerability. | ||
| <img src="Images/WebCVE.png"> | ||
|
|
||
| >[!NOTE]This concludes the guide for OpenVAS. This guide is mainly for the setup of OpenVAS / GVM. It is a powerfull tool and has many use cases that are not shown in this demonstration. |
There was a problem hiding this comment.
This is not rendered properly
Suggested change
| >[!NOTE]This concludes the guide for OpenVAS. This guide is mainly for the setup of OpenVAS / GVM. It is a powerfull tool and has many use cases that are not shown in this demonstration. | |
| > [!NOTE] | |
| > This concludes the guide for OpenVAS. This guide is mainly for the setup of OpenVAS / GVM. It is a powerfull tool and has many use cases that are not shown in this demonstration. |
DaintyJet
reviewed
Nov 26, 2024
| ``` | ||
| sudo chmod 660 /home/<USER>/docker_keys/serverkey.pem | ||
| ``` | ||
| >[!WARNING] This is not secure, however, I have not found a better way. Using the default permissions (600), the gvm user inside the gsa container is unable to access the file once passed in. |
There was a problem hiding this comment.
This does not render properly
Suggested change
| >[!WARNING] This is not secure, however, I have not found a better way. Using the default permissions (600), the gvm user inside the gsa container is unable to access the file once passed in. | |
| > [!WARNING] | |
| > This is not secure, however, I have not found a better way. Using the default permissions (600), the gvm user inside the gsa container is unable to access the file once passed in. |
DaintyJet
reviewed
Nov 26, 2024
| Navigate to the **gsa** image and change the ports from `127.0.0.1:9392:90` to either `0.0.0.0:9392:80` or `<EXTERNAL_IP>:9392:80` | ||
| <img src="Images/gsaHTTPS.png"> | ||
| - **Configure `https` instead of `http`** | ||
| >[!WARNING] DO NOT USE HTTP |
There was a problem hiding this comment.
This does not render properly
Also may want to be more specific in the warning
Suggested change
| >[!WARNING] DO NOT USE HTTP | |
| >[!WARNING] | |
| > Unless you have no other options you should not use HTTP as all communications (Including found vulnerabilities) will be unencrypted. |
DaintyJet
reviewed
Nov 26, 2024
| @@ -0,0 +1,419 @@ | |||
| # OpenVAS (Greenbone Vulnerability Manager) | |||
| >[!NOTE] This install guide uses the Greenbone Community Containers. Running on VM with 2 CPUs and 4 GB ram GVM runs slow. GVM Documentation: https://greenbone.github.io/docs/latest/22.4/container/index.html | |||
There was a problem hiding this comment.
This does not render properly.
Suggested change
| >[!NOTE] This install guide uses the Greenbone Community Containers. Running on VM with 2 CPUs and 4 GB ram GVM runs slow. GVM Documentation: https://greenbone.github.io/docs/latest/22.4/container/index.html | |
| > [!NOTE] | |
| > This install guide uses the Greenbone Community Containers. Running on VM with 2 CPUs and 4 GB ram GVM runs slow. GVM Documentation: https://greenbone.github.io/docs/latest/22.4/container/index.html |
DaintyJet
reviewed
Nov 26, 2024
| >[!NOTE] This install guide uses the Greenbone Community Containers. Running on VM with 2 CPUs and 4 GB ram GVM runs slow. GVM Documentation: https://greenbone.github.io/docs/latest/22.4/container/index.html | ||
|
|
||
| ## Prerequisites | ||
| 1. **Install GVM Dependencies** |
There was a problem hiding this comment.
What is GVM (Greenbone Vulnerability Manger? something similar?)
DaintyJet
reviewed
Nov 26, 2024
| ``` | ||
| export DOWNLOAD_DIR=$HOME/greenbone-community-container && mkdir -p $DOWNLOAD_DIR | ||
| ``` | ||
| - Creates directory `greenbone-community-container` in the users home directory. |
There was a problem hiding this comment.
Tab this in one so it is nested under point 2:
Suggested change
| - Creates directory `greenbone-community-container` in the users home directory. | |
| - Creates directory `greenbone-community-container` in the users home directory. |
DaintyJet
reviewed
Nov 26, 2024
| ``` | ||
| cd $DOWNLOAD_DIR && curl -f -L https://greenbone.github.io/docs/latest/_static/docker-compose-22.4.yml -o docker-compose.yml | ||
| ``` | ||
| - Downloads `docker-compose.yml` to the greenbone download directory. |
There was a problem hiding this comment.
Tab this in one so it is nested under point 3:
Suggested change
| - Downloads `docker-compose.yml` to the greenbone download directory. | |
| - Downloads `docker-compose.yml` to the Greenbone download directory. |
Maybe capitalize Greenbone?
DaintyJet
reviewed
Nov 26, 2024
| Navigate to `Scans > Reports` on the left side menu. Wait while the scan runs. The percentage on the task will update as the scan progresses. | ||
| <img src="Images/WebReports.png"> | ||
|
|
||
| Once the scan finishes, navigate to `Scans > Vulnerabilities` on the left side The scans can take a while depending on what configuration you chose. Scanning many IPs at once will take a while. All of the vulnerabilities found will be listed here in order of severity. |
There was a problem hiding this comment.
Maybe you wanted a period?
Suggested change
| Once the scan finishes, navigate to `Scans > Vulnerabilities` on the left side The scans can take a while depending on what configuration you chose. Scanning many IPs at once will take a while. All of the vulnerabilities found will be listed here in order of severity. | |
| Once the scan finishes, navigate to `Scans > Vulnerabilities` on the left side. The scans can take a while depending on what configuration you chose. Scanning many IPs at once will take a while. All of the vulnerabilities found will be listed here in order of severity. |
DaintyJet
requested changes
Nov 26, 2024
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Overview of Changes
Added documentation for the setup of OpenVAS (GVM) using community docker containers and a brief demonstration on how to use it.
Reason for Modification
There was no pre-existing documentation for OpenVAS. Setting up OpenVAS is a nightmare and nobody should have to do it without instructions.☹️
Verification
Images.