|
Greenbone Security Assistant
7.0.0
|
|
Greenbone Security Assistant
7.0.0
|
About Greenbone Security Assistant
----------------------------------
The Greenbone Security Assistant is a web application that
connects to the OpenVAS Manager to provide for a full-featured user interface
for vulnerability management.
Greenbone Security Assistant is licensed under GNU General Public License
Version 2 or any later version. Please see file COPYING for details.
All parts of Greenbone Security Assistant are
Copyright (C) by Greenbone Networks GmbH (see http://www.greenbone.net).
Howto use
---------
For example, if openvasmd (OpenVAS Manager daemon) is running on
port 9390, the following command starts Greenbone Security
Assistant daemon on port 443.
gsad
The program usage message follows.
Usage:
gsad [OPTION...] - Greenbone Security Assistant Daemon
Help Options:
-h, --help Show help options
Application Options:
--drop-privileges Drop privileges.
-f, --foreground Run in foreground.
--http-only Serve HTTP only, without SSL.
--listen=<address> Listen on <address>.
--mlisten=<address> Manager address.
-p, --port=<number> Use port number <number>.
-m, --mport=<number> Use manager port number <number>.
-r, --rport=<number> Redirect HTTP from this port number <number>.
-R, --redirect Redirect HTTP to HTTPS.
-v, --verbose Print progress messages.
-V, --version Print version and exit.
-k, --ssl-private-key=<file> Use <file> as the private key for HTTPS
-c, --ssl-certificate=<file> Use <file> as the certificate for HTTPS
--do-chroot Do chroot.
--secure-cookie Use a secure cookie (implied when using HTTPS).
--timeout=<number> Minutes of user idle time before session expires.
--debug-tls=<level> Enable TLS debugging at <level>
--gnutls-priorities=<string> GnuTLS priorities string.
--face=<dir> Use interface files from subdirectory <dir>
INSTALLATION INSTRUCTIONS FOR GREENBONE SECURITY ASSISTANT
==========================================================
Please note: The reference system used by most of the developers is Debian
GNU/Linux 'Jessie' 8. The build might fail on any other system. Also it is
necessary to install dependent development packages.
Prerequisites for Greenbone Security Assistant
----------------------------------------------
See at the end of this section how to easily install these prerequisites on
some supported platforms.
Prerequisites:
* libopenvas_omp, libopenvas_base, libopenvas_misc >= 9.0.0
* gnutls >= 3.2.15
* libgcrypt
* cmake >= 2.8
* glib-2.0 >= 2.32
* libxml
* libxslt
* libmicrohttpd >= 0.9.0
* libexslt
* pkg-config
* xsltproc
Prerequisites for using translations:
* gettext
(when building from source)
* an installed English UTF-8 locale (e.g. "en_US.UTF8", "en_GB.UTF8")
(See "Setting up translations")
Prerequisites for building documentation:
* Doxygen
* xmltoman (optional, for building man page)
Prerequisites to work on the translations from C and XSLT based sources and
also to build the JavaScript translations:
* python-polib
Install prerequisites on Debian GNU/Linux:
# apt-get install libmicrohttpd-dev libxml2-dev libxslt1-dev
Compiling Greenbone Security Assistant
--------------------------------------
If you have installed required libraries to a non-standard location, remember to
set the PKG_CONFIG_PATH environment variable to the location of you pkg-config
files before configuring:
$ export PKG_CONFIG_PATH=/your/location/lib/pkgconfig:$PKG_CONFIG_PATH
Create a build directory and change into it with
$ mkdir build
$ cd build
Then configure the build with
$ cmake -DCMAKE_INSTALL_PREFIX=/path/to/your/installation ..
or (if you want to use the default installation path /usr/local)
$ cmake ..
This only needs to be done once. Note: It is assumed that the other OpenVAS
components are installed to the same path. If not, you need to set some paths
separately, see below for details.
Thereafter, the following commands are useful.
$ make # build the Greenbone Security Assistant
$ make doc # build the documentation
$ make doc-full # build more developer-oriented documentation
$ make install # install the build
$ make rebuild_cache # rebuild the cmake cache
In case you have installed the Greenbone Security Assistant into a path
different from the other OpenVAS modules, you might need to set some paths
explicitly before running cmake. The certificate and key locations in
OPENVAS_SERVER_CERTIFICATE, OPENVAS_SERVER_KEY and OPENVAS_CA_CERTIFICATE in
the top level CMakeLists.txt may need modifying.
Logging Configuration
---------------------
By default GSA writes logs to the file
<install-prefix>/var/log/openvas/gsad.log
Logging is configured entirely by the file
<install-prefix>/etc/openvas/gsad_log.conf
The configuration is divided into domains like this one
[gsad main]
prepend=%t %p
prepend_time_format=%Y-%m-%d %Hh%M.%S %Z
file=/var/log/openvas/gsad.log
level=128
The "level" field controls the amount of logging that is written.
The value of "level" can be
4 Errors.
8 Critical situation.
16 Warnings.
32 Messages.
64 Information.
128 Debug. (Lots of output.)
Enabling any level includes all the levels above it. So enabling Information
will include Warnings, Critical situations and Errors.
To get absolutely all logging, set the level to 128 for all domains in the
configuration file.
Setting up translations
-----------------------
To build the translation .mo files, you need to have the gettext tools like
msgfmt installed. Once the .mo files are built, the tools are no longer
needed.
(For more information on the creation of translation files, see i18n-howto.txt
in the GSA source documentation.)
To use the translations you need to have an English locale with UTF-8 encoding
installed, for example "en_US.UTF8" or "en_GB.UTF8".
The name of this locale then has to be assigned to an environment variable
recognized by the libc function "setlocale" like LANG, LC_MESSAGES or LC_ALL.
If these environment variables are all unset, set to "C" or an equivalent like
"POSIX" or invalid, translations will be disabled.
Static code analysis with the Clang Static Analyzer
---------------------------------------------------
If you want to use the Clang Static Analyzer (http://clang-analyzer.llvm.org/)
to do a static code analysis, you can do so by adding the following parameter
when configuring the build:
-DCMAKE_C_COMPILER=/usr/share/clang/scan-build/ccc-analyzer
Note that the example above uses the default location of ccc-analyzer in Debian
GNU/Linux and may be different in other environments.
To have the analysis results aggregated into a set of HTML files, use the
following command:
$ scan-build make
The tool will provide a hint on how to launch a web browser with the results.
It is recommended to do this analysis in a separate, empty build directory and
to empty the build directory before "scan-build" call.
Specifying Diffie-Hellman parameters file
---------------------------------------------------
For --dh-params' value to take effect, LibmicroHTTPD version 0.9.35 or higher is
required.
License information about Greenbone Security Assistant ------------------------------------------------------ The effective license of the module as a whole is the GNU General Public License Version 2 or any later version (GNU GPLv2+). Most files, are licensed under GNU General Public License Version 2 or any later version (GNU GPLv2+). Some files have a different, but compatible licenses (BSD 3-clause and MIT). GPLv2: See file COPYING.GPLv2 BSD-3: See file COPYING.BSD3 MIT: See file COPYING.MIT These are the files that are not licensed GPLv2+, any others are licensed under GPLv2+: src/html/classic/js/lib/d3.v3.js, src/html/classic/js/lib/min/d3.v3.js: License: BSD-3 Copyright: Michael Bostock Origin: http://d3js.org/ src/html/classic/js/lib/d3.layout.cloud.js: License: BSD-3 Copyright: Jason Davies Origin: https://github.com/jasondavies/d3-cloud src/html/classic/js/lib/d3.tip.js: License: MIT Copyright: Justin Palmer Origin: https://github.com/Caged/d3-tip src/html/classic/js/lib/jquery-2.1.4.js, src/html/classic/js/lib/min/jquery-2.1.4.js, src/html/classic/js/lib/min/jquery-2.1.4.js.map: License: MIT Copyright: jQuery Foundation, Inc. and other contributors Origin: http://jquery.com/download/ src/html/classic/css/jquery-ui.structure.css, src/html/classic/css/jquery-ui.structure.min.css, src/html/classic/css/jquery-ui.theme.css, src/html/classic/css/jquery-ui.theme.min.css, src/html/classic/css/images/ui-bg_diagonals-thick_18_aa0000_40x40.png, src/html/classic/css/images/ui-bg_diagonals-thick_30_666666_40x40.png, src/html/classic/css/images/ui-bg_flat_10_000000_40x100.png, src/html/classic/css/images/ui-bg_glass_65_ffffff_1x400.png, src/html/classic/css/images/ui-bg_highlight-hard_35_66c430_1x100.png, src/html/classic/css/images/ui-bg_highlight-soft_100_519032_1x100.png, src/html/classic/css/images/ui-bg_highlight-soft_100_87d050_1x100.png, src/html/classic/css/images/ui-bg_highlight-soft_100_eeeeee_1x100.png, src/html/classic/css/images/ui-bg_highlight-soft_75_fdc300_1x100.png, src/html/classic/css/images/ui-icons_222222_256x240.png, src/html/classic/css/images/ui-icons_519032_256x240.png, src/html/classic/css/images/ui-icons_87d050_256x240.png, src/html/classic/css/images/ui-icons_aa0000_256x240.png, src/html/classic/css/images/ui-icons_fdc300_256x240.png, src/html/classic/css/images/ui-icons_ffffff_256x240.png, src/html/classic/js/lib/jquery-ui.js, src/html/classic/js/lib/min/jquery-ui.js: License: MIT Copyright: jQuery Foundation, Inc. and other contributors Origin: http://jqueryui.com/download/ src/html/classic/css/select2.css, src/html/classic/css/select2.min.css, src/html/classic/js/lib/select2.js, src/html/classic/js/lib/min/select2.js: License: MIT Copyright: Kevin Brown, Igor Vaynberg, and Select2 contributors Origin: https://github.com/select2/select2/releases src/html/classic/js/lib/i18next-2.3.4.js src/html/classic/js/lib/min/i18next-2.3.4.js src/html/classic/js/lib/i18next-languagedetector-0.2.2.js src/html/classic/js/lib/min/i18next-languagedetector-0.2.2.js src/html/classic/js/lib/i18next-xhr-0.5.3.js src/html/classic/js/lib/min/i18next-xhr-0.5.3.js Licence: MIT Copyright: Copyright (c) 2015 i18next Origin: https://github.com/i18next/i18next
1.8.8