Kali安装GVM
1、安装gvm
┌──(root💀kali)-[/home/kali]
└─# gvm-setup 1 ⨯
[>] Starting PostgreSQL service
[-] ERROR: The default PostgreSQL version (14) is not 15 that is required by libgvmd
[-] ERROR: Use pg_upgradecluster to update your PostgreSQL cluster2、更新PostgreSQL;查看已经安装的PostgreSQL版本
┌──(root💀kali)-[/home/kali]
└─# dpkg -l | grep postgresql 1 ⨯
ii postgresql 15+247 all object-relational SQL database (supported version)
ii postgresql-14 14.1-1 amd64 The World's Most Advanced Open Source Relational Database
ii postgresql-15 15.2-1 amd64 The World's Most Advanced Open Source Relational Database
ii postgresql-client-14 14.1-1 amd64 front-end programs for PostgreSQL 14
ii postgresql-client-15 15.2-1 amd64 front-end programs for PostgreSQL 15
ii postgresql-client-common 247 all manager for multiple PostgreSQL client versions
ii postgresql-common 247 all PostgreSQL database-cluster manager3、先删除15版本的目标集群,不然会升级不了。
┌──(root💀kali)-[/home/kali]
└─# sudo pg_dropcluster 15 main --stop4、开始升级
┌──(root💀kali)-[/home/kali]
└─# sudo pg_upgradecluster 14 main
...
省略
...
Success. Please check that the upgraded cluster works. If it does,
you can remove the old cluster with
pg_dropcluster 14 main
Ver Cluster Port Status Owner Data directory Log file
14 main 5433 down postgres /var/lib/postgresql/14/main /var/log/postgresql/postgresql-14-main.log
Ver Cluster Port Status Owner Data directory Log file
15 main 5432 online postgres /var/lib/postgresql/15/main /var/log/postgresql/postgresql-15-main.log5、开始安装,这里就不会报错了,安装好之后可以保存一次快照这里太费时间了,以免后面出问题要重新下载
┌──(root💀kali)-[/home/kali]
└─# gvm-setup
...
省略
...
[+] Done
[*] Please note the password for the admin user
[*] User created with password '28bf5a53-1441-4236-810f-438bed75d1be'.
[>] You can now run gvm-check-setup to make sure everything is correctly configured6、设置/var/log/gvm/openvas.log权限,在PostgreSQL把_gvm设置成管理员用户,创建管理员root用户(或者会改登录PostgreSQL的用户)
┌──(root💀kali)-[/home/kali]
└─# sudo -u postgres psql -d gvmd -c "CREATE ROLE root LOGIN SUPERUSER PASSWORD 'root'"
CREATE ROLE
┌──(root💀kali)-[/home/kali]
└─# sudo -u postgres psql -d gvmd -c "ALTER ROLE _gvm SUPERUSER"
ALTER ROLE
┌──(root💀kali)-[/home/kali]
└─# gvmd --get-users
admin
┌──(root💀kali)-[/home/kali]
└─# chmod 666 /var/log/gvm/openvas.log
┌──(root💀kali)-[/home/kali]
└─# sudo -u postgres psql -d gvmd -c "\du"
角色列表
角色名称 | 属性 | 成员属于
----------+--------------------------------------------+----------
_gvm | 超级用户 | {dba}
dba | 超级用户, 没有继承, 无法登录 | {}
msf | | {}
postgres | 超级用户, 建立角色, 建立 DB, 复制, 绕过RLS | {}
root | 超级用户 | {}上面看完就可以启动了,下面是出了一些问题但是有解释原因的,看不看都行。
接着上面第五步
66、现在还启动不了,发现是没有写入日志的权限
┌──(root💀kali)-[/home/kali]
└─# gvm-start
[>] Please wait for the GVM services to start.
[>]
[>] You might need to refresh your browser once it opens.
[>]
[>] Web UI (Greenbone Security Assistant): https://127.0.0.1:9392
Job for ospd-openvas.service failed because the control process exited with error code.
See "systemctl status ospd-openvas.service" and "journalctl -xeu ospd-openvas.service" for details.
┌──(root💀kali)-[/home/kali]
└─# journalctl -xeu ospd-openvas.service
// 启动不了的原因
kali openvas[46696]: init_logging: Can not open or create log file or directory. Please check permissions of log files listed in /etc/openvas/openvas_log.conf.77、 日志保存在/var/log/gvm/openvas.log,设置一下权限
┌──(root💀kali)-[/home/kali]
└─# chmod 666 /var/log/gvm/openvas.log88、现在可以启动但是登录不了,不是以为没有设置密码,看/var/log/gvm/gvmd.log发现gvm登录PostgreSQL用的是root账户,但是PostgreSQL没有root账户需要自己创建,如果会改gvm登录PostgreSQL的账户改一下也行,我没找到怎么改(一开始不知道_gvm也需要管理员,这里设置一下_gvm管理员也是可以成功的)
┌──(root💀kali)-[/home/kali]
└─# sudo -u postgres psql -c "CREATE ROLE root LOGIN SUPERUSER PASSWORD 'root'" 3 ⨯
CREATE ROLE
┌──(root💀kali)-[/home/kali]
└─# sudo -u postgres psql -c "\du"
角色列表
角色名称 | 属性 | 成员属于
----------+--------------------------------------------+----------
_gvm | | {dba}
dba | 超级用户, 没有继承, 无法登录 | {}
msf | | {}
postgres | 超级用户, 建立角色, 建立 DB, 复制, 绕过RLS | {}
root | 超级用户 | {}99、重启gvm,给admin改个密码,或者自己创建一个用户,gvmd --get-users显示内容就说明连接上数据库了
┌──(root💀kali)-[/home/kali]
└─# gvmd --user=admin --new-password=password
┌──(root💀kali)-[/home/kali]
└─# gvmd --get-users
admin
