### Install gvm-manage-certs Example Configuration (CMake) Source: https://github.com/greenbone/gvmd/blob/main/CMakeLists.txt This command installs an example configuration file for 'gvm-manage-certs'. The file is placed in the gvm documentation directory. ```cmake install( FILES ${CMAKE_BINARY_DIR}/docs/example-gvm-manage-certs.conf DESTINATION ${DATADIR}/doc/gvm/ ) ``` -------------------------------- ### Start gvmd Service Source: https://github.com/greenbone/gvmd/blob/main/README.md Command to start the Greenbone Vulnerability Manager daemon. This assumes a default installation. For more options, use the --help flag. ```sh gvmd ``` -------------------------------- ### Compile and Install gvmd Source: https://github.com/greenbone/gvmd/blob/main/INSTALL.md Commands to compile, build documentation, run tests, and install the Greenbone Vulnerability Manager Daemon (gvmd) after the build environment has been configured. The `make install` command may require root privileges. ```bash make # build the scanner make doc # build the documentation make doc-full # build more developer-oriented documentation make tests # build tests make install # install the build make rebuild_cache # rebuild the cmake cache ``` -------------------------------- ### Install gersemi for CMake Formatting Source: https://github.com/greenbone/gvmd/blob/main/README.md Instructions to install the 'gersemi' tool, used for formatting CMake files. This typically involves using pipx, a Python package installer for isolated environments. ```sh sudo apt install pipx pipx install gersemi ``` -------------------------------- ### Install Man Page Source: https://github.com/greenbone/gvmd/blob/main/docs/CMakeLists.txt This installation rule installs the generated gvmd man page (gvmd.8) to the man8 directory. It is part of the 'doc' component. ```cmake install(FILES gvmd.8 DESTINATION share/man/man8/ COMPONENT doc) ``` -------------------------------- ### Install GMP HTML Documentation Source: https://github.com/greenbone/gvmd/blob/main/docs/CMakeLists.txt This installation rule installs the generated GMP HTML documentation to the appropriate share directory. It requires xsltproc to be available. ```cmake if(XSLTPROC_EXECUTABLE) install( FILES ${CMAKE_CURRENT_BINARY_DIR}/gmp.html DESTINATION share/doc/gvm/html/ COMPONENT doc ) endif(XSLTPROC_EXECUTABLE) ``` -------------------------------- ### Configure, Build, and Install gvmd Source: https://github.com/greenbone/gvmd/blob/main/README.md Standard CMake build process for the Greenbone Vulnerability Manager. This involves configuring the project, compiling it, and then installing it to the system. Ensure you have the necessary build tools and dependencies installed. ```sh cmake . make install ``` -------------------------------- ### Install PostgreSQL and Dependencies (Debian/Ubuntu) Source: https://github.com/greenbone/gvmd/blob/main/INSTALL.md Installs PostgreSQL, its contrib package, and development headers required for gvmd integration. This is a foundational step for database setup. ```sh apt install postgresql postgresql-contrib postgresql-server-dev-all ``` -------------------------------- ### Install gvm-manage-certs Manual Page (CMake) Source: https://github.com/greenbone/gvmd/blob/main/CMakeLists.txt This command installs the manual page for the 'gvm-manage-certs' utility. The man page file is copied to the appropriate location in the system's man directory. ```cmake install( FILES ${CMAKE_SOURCE_DIR}/docs/gvm-manage-certs.1 DESTINATION ${DATADIR}/man/man1 ) ``` -------------------------------- ### Include Subdirectories for Source, Config, Docs, and Install with CMake Source: https://github.com/greenbone/gvmd/blob/main/CMakeLists.txt This snippet shows how CMake's `add_subdirectory` and `install` commands are used to manage the project structure. It includes subdirectories for source code, configuration files, documentation, and defines installation rules for various files and directories. ```cmake if(NOT SKIP_SRC) add_subdirectory(src) endif(NOT SKIP_SRC) ## Configs (e.g. systemd service file) add_subdirectory(config) ## Documentation add_subdirectory(docs) ## Install install(DIRECTORY DESTINATION ${GVMD_STATE_DIR}) install( FILES ${CMAKE_BINARY_DIR}/src/gvmd_log.conf DESTINATION ${GVM_SYSCONF_DIR} ) install( FILES ${CMAKE_SOURCE_DIR}/src/pwpolicy.conf DESTINATION ${GVM_SYSCONF_DIR} ) ``` -------------------------------- ### Install Packages for PDF Report Generation (Debian) Source: https://github.com/greenbone/gvmd/blob/main/INSTALL.md These commands install the necessary packages on Debian GNU/Linux 'Stretch' 9 to fulfill the prerequisites for generating PDF reports. This includes packages for LaTeX and recommended fonts. ```bash apt-get install texlive-latex-extra --no-install-recommends ``` ```bash apt-get install texlive-fonts-recommended ``` -------------------------------- ### Install NSIS Template File (CMake) Source: https://github.com/greenbone/gvmd/blob/main/CMakeLists.txt This command installs a template file for Nullsoft Scriptable Install System (NSIS). The file is placed in the gvmd data directory with read permissions. ```cmake install( FILES ${CMAKE_SOURCE_DIR}/tools/template.nsis DESTINATION ${GVMD_DATA_DIR} PERMISSIONS OWNER_WRITE OWNER_READ GROUP_READ WORLD_READ ) ``` -------------------------------- ### Install gvm-manage-certs Utility (CMake) Source: https://github.com/greenbone/gvmd/blob/main/CMakeLists.txt This command installs the compiled 'gvm-manage-certs' executable to the system's binary directory. It sets execute permissions for the owner, group, and world, along with read and write permissions for the owner. ```cmake install( FILES ${CMAKE_BINARY_DIR}/tools/gvm-manage-certs DESTINATION ${BINDIR} PERMISSIONS OWNER_EXECUTE OWNER_READ OWNER_WRITE GROUP_READ GROUP_EXECUTE WORLD_READ WORLD_EXECUTE ) ``` -------------------------------- ### Installing gvmd and gvm-pg-server in CMake Source: https://github.com/greenbone/gvmd/blob/main/src/CMakeLists.txt This CMake code defines installation rules for the `gvmd` executable and the `gvm-pg-server` library. It specifies the destination directories on the target system, ensuring that the compiled binaries and libraries are placed in their standard locations after installation. ```cmake install( TARGETS gvmd RUNTIME DESTINATION ${SBINDIR} LIBRARY DESTINATION ${LIBDIR} ARCHIVE DESTINATION ${LIBDIR}/static ) install(TARGETS gvm-pg-server LIBRARY DESTINATION ${GVM_LIB_INSTALL_DIR}) ``` -------------------------------- ### Configure gvmd Build Environment Source: https://github.com/greenbone/gvmd/blob/main/INSTALL.md Sets up the build environment for Greenbone Vulnerability Manager Daemon (gvmd). This involves exporting the PKG_CONFIG_PATH if libraries are installed in non-standard locations, creating a build directory, and configuring the build using CMake. ```bash export PKG_CONFIG_PATH=/your/location/lib/pkgconfig:$PKG_CONFIG_PATH mkdir build cd build cmake -DCMAKE_INSTALL_PREFIX=/path/to/your/installation .. # Or for default path: cmake .. ``` -------------------------------- ### Create PostgreSQL User and Database for gvmd Source: https://github.com/greenbone/gvmd/blob/main/INSTALL.md Sets up a dedicated PostgreSQL user and database for gvmd. The user 'mattm' is created with specific privileges, and the 'gvmd' database is owned by this user. ```sh sudo -u postgres bash createuser -DRS mattm # mattm is your OS login name createdb -O mattm gvmd ``` -------------------------------- ### Install Alert Method Scripts (CMake) Source: https://github.com/greenbone/gvmd/blob/main/CMakeLists.txt This snippet demonstrates the installation of various alert method scripts for gvmd. It uses the CMake install command to copy script files to their respective destination directories with specific file permissions for owner, group, and world. ```cmake install( FILES src/alert_methods/SCP/alert DESTINATION ${GVMD_DATA_DIR}/global_alert_methods/2db07698-ec49-11e5-bcff-28d24461215b/ PERMISSIONS OWNER_WRITE OWNER_READ OWNER_EXECUTE GROUP_READ GROUP_EXECUTE WORLD_READ WORLD_EXECUTE ) install( FILES src/alert_methods/Send/alert DESTINATION ${GVMD_DATA_DIR}/global_alert_methods/4a398d42-87c0-11e5-a1c0-28d24461215b/ PERMISSIONS OWNER_WRITE OWNER_READ OWNER_EXECUTE GROUP_READ GROUP_EXECUTE WORLD_READ WORLD_EXECUTE ) install( FILES src/alert_methods/SMB/alert DESTINATION ${GVMD_DATA_DIR}/global_alert_methods/c427a688-b653-40ab-a9d0-d6ba842a9d63/ PERMISSIONS OWNER_WRITE OWNER_READ OWNER_EXECUTE GROUP_READ GROUP_EXECUTE WORLD_READ WORLD_EXECUTE ) install( FILES src/alert_methods/SNMP/alert DESTINATION ${GVMD_DATA_DIR}/global_alert_methods/9d435134-15d3-11e6-bf5c-28d24461215b/ PERMISSIONS OWNER_WRITE OWNER_READ OWNER_EXECUTE GROUP_READ GROUP_EXECUTE WORLD_READ WORLD_EXECUTE ) install( FILES src/alert_methods/Sourcefire/alert DESTINATION ${GVMD_DATA_DIR}/global_alert_methods/cd1f5a34-6bdc-11e0-9827-002264764cea/ PERMISSIONS OWNER_WRITE OWNER_READ OWNER_EXECUTE GROUP_READ GROUP_EXECUTE WORLD_READ WORLD_EXECUTE ) install( FILES src/alert_methods/TippingPoint/alert DESTINATION ${GVMD_DATA_DIR}/global_alert_methods/5b39c481-9137-4876-b734-263849dd96ce/ PERMISSIONS OWNER_WRITE OWNER_READ OWNER_EXECUTE GROUP_READ GROUP_EXECUTE WORLD_READ WORLD_EXECUTE ) install( FILES src/alert_methods/verinice/alert DESTINATION ${GVMD_DATA_DIR}/global_alert_methods/f9d97653-f89b-41af-9ba1-0f6ee00e9c1a/ PERMISSIONS OWNER_WRITE OWNER_READ OWNER_EXECUTE GROUP_READ GROUP_EXECUTE WORLD_READ WORLD_EXECUTE ) install( FILES src/alert_methods/vFire/alert DESTINATION ${GVMD_DATA_DIR}/global_alert_methods/159f79a5-fce8-4ec5-aa49-7d17a77739a3/ PERMISSIONS OWNER_WRITE OWNER_READ OWNER_EXECUTE GROUP_READ GROUP_EXECUTE WORLD_READ WORLD_EXECUTE ) ``` -------------------------------- ### Install Wizard XML Files (CMake) Source: https://github.com/greenbone/gvmd/blob/main/CMakeLists.txt This snippet installs multiple XML files that define various wizards for gvmd. The files are copied to the specified wizard directory with read permissions for owner, group, and world. ```cmake install( FILES src/wizards/quick_first_scan.xml src/wizards/get_tasks_deep.xml src/wizards/delete_task_deep.xml src/wizards/quick_auth_scan.xml src/wizards/quick_task.xml src/wizards/reset_task.xml src/wizards/modify_task.xml DESTINATION ${GVMD_DATA_DIR}/wizards/ PERMISSIONS OWNER_WRITE OWNER_READ GROUP_READ WORLD_READ ) ``` -------------------------------- ### Install Debian Prerequisites for gvmd Source: https://github.com/greenbone/gvmd/blob/main/INSTALL.md Installs essential development packages required for building the Greenbone Vulnerability Manager Daemon on Debian stable systems. These packages include build tools, libraries, and development headers. ```bash apt-get install \ cmake \ gcc \ libcjson-dev \ libglib2.0-dev \ libgnutls28-dev \ libgpgme-dev \ libical-dev \ libpq-dev \ pkg-config \ postgresql-server-dev-all \ xsltproc ``` -------------------------------- ### Install TippingPoint Report Conversion Script (CMake) Source: https://github.com/greenbone/gvmd/blob/main/CMakeLists.txt This CMake command installs the Python script used for converting reports from TippingPoint. It places the script in the same directory as the TippingPoint alert method and sets appropriate file permissions. ```cmake install( FILES src/alert_methods/TippingPoint/report-convert.py DESTINATION ${GVMD_DATA_DIR}/global_alert_methods/5b39c481-9137-4876-b734-263849dd96ce/ PERMISSIONS OWNER_WRITE OWNER_READ OWNER_EXECUTE GROUP_READ GROUP_EXECUTE WORLD_READ WORLD_EXECUTE ) ``` -------------------------------- ### Install GMP Brief XML Schema Format File Source: https://github.com/greenbone/gvmd/blob/main/CMakeLists.txt Installs the GMP.xsl file, representing a brief XML schema format, into a specific versioned directory. This is used for generating concise XML representations. Permissions are set for owner and group read/write, and world read. ```cmake install( FILES src/schema_formats/XML-brief/GMP.xsl DESTINATION ${GVMD_DATA_DIR}/global_schema_formats/d6cf255e-947c-11e1-829a-406186ea4fc5/ PERMISSIONS OWNER_WRITE OWNER_READ GROUP_READ WORLD_READ ) ``` -------------------------------- ### Install RNC and RNC Schema Format Files Source: https://github.com/greenbone/gvmd/blob/main/CMakeLists.txt Installs RNC schema format XSL files into a specific versioned directory. This command installs both the main RNC XSL and a specific RNC XSL, supporting different RNC processing configurations. Permissions are set for owner and group read/write, and world read. ```cmake install( FILES src/schema_formats/rnc.xsl src/schema_formats/RNC/RNC.xsl DESTINATION ${GVMD_DATA_DIR}/global_schema_formats/787a4a18-dabc-11df-9486-002264764cea/ PERMISSIONS OWNER_WRITE OWNER_READ GROUP_READ WORLD_READ ) ``` -------------------------------- ### Get gvmd User List Source: https://github.com/greenbone/gvmd/blob/main/INSTALL.md Retrieves a verbose list of all users configured in gvmd, including their UUIDs. This is useful for obtaining the UUID required for setting the Feed Import Owner. ```sh gvmd --get-users --verbose ``` -------------------------------- ### Static Code Analysis with Clang Static Analyzer Source: https://github.com/greenbone/gvmd/blob/main/INSTALL.md These commands prefix the CMake and Make build commands with 'scan-build' to perform static code analysis using the Clang Static Analyzer. It is recommended to perform this analysis in a separate, empty build directory. ```bash scan-build cmake .. ``` ```bash scan-build make ``` -------------------------------- ### Listing GPG Keys for Encryption Management Source: https://github.com/greenbone/gvmd/blob/main/INSTALL.md This command lists all GPG keys, including private keys, stored in the specified homedir. It is used to identify the key ID required for managing or disabling the current encryption key. ```bash gpg --homedir /var/lib/gvm/gvmd/gnupg -K ``` -------------------------------- ### Install XSL Transformation Files (CMake) Source: https://github.com/greenbone/gvmd/blob/main/CMakeLists.txt This command installs XSL stylesheet files used for transforming CPE and CVE data. The files are copied to their respective resource directories with read permissions. ```cmake install( FILES tools/cpe_getbyname.xsl tools/cve_getbyname.xsl DESTINATION ${GVM_SCAP_RES_DIR} PERMISSIONS OWNER_WRITE OWNER_READ GROUP_READ WORLD_READ ) install( FILES tools/cert_bund_getbyname.xsl tools/dfn_cert_getbyname.xsl DESTINATION ${GVM_CERT_RES_DIR} PERMISSIONS OWNER_WRITE OWNER_READ GROUP_READ WORLD_READ ) ``` -------------------------------- ### Install Brief XML Schema Format Generator Source: https://github.com/greenbone/gvmd/blob/main/CMakeLists.txt Installs the 'generate' script for the brief XML schema format into a specific versioned directory. This script is responsible for creating brief XML schema outputs. It grants execute permissions to owner, group, and world, along with read and write for the owner. ```cmake install( FILES src/schema_formats/XML-brief/generate DESTINATION ${GVMD_DATA_DIR}/global_schema_formats/d6cf255e-947c-11e1-829a-406186ea4fc5/ PERMISSIONS OWNER_WRITE OWNER_READ OWNER_EXECUTE GROUP_READ GROUP_EXECUTE WORLD_READ WORLD_EXECUTE ) ``` -------------------------------- ### CMake: Configure and Install Systemd Service Source: https://github.com/greenbone/gvmd/blob/main/config/CMakeLists.txt This CMake code snippet configures and installs the systemd service file for gvmd. It uses the 'configure_file' command to process a template file (gvmd.service.in) and then 'install' to copy the generated service file to the specified systemd service directory. This ensures the service is correctly set up for systemd management. ```cmake configure_file(gvmd.service.in gvmd.service) install( FILES ${CMAKE_CURRENT_BINARY_DIR}/gvmd.service DESTINATION ${SYSTEMD_SERVICE_DIR}/ ) ``` -------------------------------- ### Creating New Credentials Encryption Key with gvmd Source: https://github.com/greenbone/gvmd/blob/main/INSTALL.md This command instructs gvmd to create a new encryption key for credentials. This is performed after the old key has been disabled or removed. ```bash gvmd --create-credentials-encryption-key ``` -------------------------------- ### HTTP Header Example for API Key Authentication Source: https://github.com/greenbone/gvmd/blob/main/docs/integration-authentication.md This example illustrates the format of an HTTP header used for API key authentication. The 'X-API-KEY' header is followed by a colon and a space, then the actual API key token. This is a common method for authenticating requests to services like the HTTP Scanner. ```http X-API-KEY: ``` -------------------------------- ### CMake: Configure and Install Logrotate Configuration Source: https://github.com/greenbone/gvmd/blob/main/config/CMakeLists.txt This CMake code snippet configures and installs the logrotate configuration file for gvmd. It uses 'configure_file' to process a template (gvmd.logrotate.in) and then 'install' to copy the generated file to the logrotate directory, renaming it to 'gvmd'. This ensures log rotation is correctly configured for the gvmd service. ```cmake configure_file(gvmd.logrotate.in gvmd.logrotate) install( FILES ${CMAKE_CURRENT_BINARY_DIR}/gvmd.logrotate DESTINATION ${LOGROTATE_DIR}/ RENAME gvmd ) ``` -------------------------------- ### Create gvmd Administrator User Source: https://github.com/greenbone/gvmd/blob/main/INSTALL.md Creates a new administrator user for gvmd using the command-line interface. The password for the new user is printed to standard output upon successful creation. ```sh gvmd --create-user=myuser ``` -------------------------------- ### Install GMP XML Schema Format File Source: https://github.com/greenbone/gvmd/blob/main/CMakeLists.txt Installs the GMP.xml file, representing the XML schema format, into a specific versioned directory. This file is crucial for XML schema validation and processing. Permissions are set for owner and group read/write, and world read. ```cmake install( FILES ${CMAKE_BINARY_DIR}/src/schema_formats/XML/GMP.xml DESTINATION ${GVMD_DATA_DIR}/global_schema_formats/18e826fc-dab6-11df-b913-002264764cea/ PERMISSIONS OWNER_WRITE OWNER_READ GROUP_READ WORLD_READ ) ``` -------------------------------- ### Install LSC Creator Scripts (CMake) Source: https://github.com/greenbone/gvmd/blob/main/CMakeLists.txt This command installs scripts used for creating Local Security Controller (LSC) packages in different formats (deb, exe, rpm). The scripts are copied to the GVM data directory and are marked as executable. ```cmake install( FILES ${CMAKE_SOURCE_DIR}/tools/gvm-lsc-deb-creator ${CMAKE_SOURCE_DIR}/tools/gvm-lsc-exe-creator ${CMAKE_SOURCE_DIR}/tools/gvm-lsc-rpm-creator DESTINATION ${GVM_DATA_DIR} PERMISSIONS OWNER_EXECUTE OWNER_READ OWNER_WRITE GROUP_READ GROUP_EXECUTE WORLD_READ WORLD_EXECUTE ) ``` -------------------------------- ### Install HTML Schema Format Generator Source: https://github.com/greenbone/gvmd/blob/main/CMakeLists.txt Installs the 'generate' script for the HTML schema format into a specific versioned directory. This enables the generation of HTML-based schema outputs. It grants execute permissions to owner, group, and world, along with read and write for the owner. ```cmake install( FILES src/schema_formats/HTML/generate DESTINATION ${GVMD_DATA_DIR}/global_schema_formats/02052818-dab6-11df-9be4-002264764cea/ PERMISSIONS OWNER_WRITE OWNER_READ OWNER_EXECUTE GROUP_READ GROUP_EXECUTE WORLD_READ WORLD_EXECUTE ) ``` -------------------------------- ### Install RNC Schema Format Files Source: https://github.com/greenbone/gvmd/blob/main/CMakeLists.txt Installs the RNC schema format XSL file to the global schema formats directory. This ensures the RNC schema is available for processing. It sets read and write permissions for the owner and read permissions for the group and world. ```cmake install( FILES src/schema_formats/rnc.xsl DESTINATION ${GVMD_DATA_DIR}/global_schema_formats/ PERMISSIONS OWNER_WRITE OWNER_READ GROUP_READ WORLD_READ ) ``` -------------------------------- ### Install RNC and HTML Schema Format Files Source: https://github.com/greenbone/gvmd/blob/main/CMakeLists.txt Installs both RNC and HTML schema format XSL files into a specific versioned directory within the global schema formats. This allows for different versions or types of schema processing. Permissions are set for owner and group read/write, and world read. ```cmake install( FILES src/schema_formats/rnc.xsl src/schema_formats/HTML/HTML.xsl DESTINATION ${GVMD_DATA_DIR}/global_schema_formats/02052818-dab6-11df-9be4-002264764cea/ PERMISSIONS OWNER_WRITE OWNER_READ GROUP_READ WORLD_READ ) ``` -------------------------------- ### Install XML Schema Format Generator Source: https://github.com/greenbone/gvmd/blob/main/CMakeLists.txt Installs the 'generate' script for the XML schema format into a specific versioned directory. This script facilitates the creation of XML schema outputs. It grants execute permissions to owner, group, and world, along with read and write for the owner. ```cmake install( FILES src/schema_formats/XML/generate DESTINATION ${GVMD_DATA_DIR}/global_schema_formats/18e826fc-dab6-11df-b913-002264764cea/ PERMISSIONS OWNER_WRITE OWNER_READ OWNER_EXECUTE GROUP_READ GROUP_EXECUTE WORLD_READ WORLD_EXECUTE ) ``` -------------------------------- ### Find PostgreSQL and Check Version (CMake) Source: https://github.com/greenbone/gvmd/blob/main/src/CMakeLists.txt This snippet demonstrates how to locate the PostgreSQL client executable and libraries, then verifies the installed version to ensure it meets the minimum requirement of 9.6. ```cmake message(STATUS "Looking for PostgreSQL...\n") find_program(PG_CONFIG_EXECUTABLE pg_config DOC "pg_config") execute_process( COMMAND ${PG_CONFIG_EXECUTABLE} --includedir-server OUTPUT_VARIABLE PostgreSQL_SERVER_INCLUDE_DIRS OUTPUT_STRIP_TRAILING_WHITESPACE ) set(PostgreSQL_ADDITIONAL_SEARCH_PATHS ${PostgreSQL_SERVER_INCLUDE_DIRS}) find_package(PostgreSQL REQUIRED) if(NOT PostgreSQL_FOUND) message(SEND_ERROR "The PostgreSQL library is required.") endif(NOT PostgreSQL_FOUND) string( REGEX MATCH "^[ \t]*\([0-9]+\)\.\([0-9]+\)\(.*\)" TEMP "${PostgreSQL_VERSION_STRING}" ) if(NOT CMAKE_MATCH_1) message(SEND_ERROR "Error matching PostgreSQL version.") elseif( (CMAKE_MATCH_1 EQUAL 9 AND CMAKE_MATCH_2 LESS 6) OR (CMAKE_MATCH_1 LESS 9) ) message(SEND_ERROR "PostgreSQL version >= 9.6 is required") message( STATUS "PostgreSQL version ${CMAKE_MATCH_1}.${CMAKE_MATCH_2}${CMAKE_MATCH_3}" ) endif(NOT CMAKE_MATCH_1) ``` -------------------------------- ### Configure PostgreSQL Permissions for gvmd Source: https://github.com/greenbone/gvmd/blob/main/INSTALL.md Grants administrative privileges to the gvmd user ('mattm') within the PostgreSQL database. This ensures gvmd can perform necessary operations on the 'gvmd' database. ```sh sudo -u postgres bash # if you logged out after step 4 psql gvmd create role dba with superuser noinherit; grant dba to mattm; # mattm is the user created in step 4 ``` -------------------------------- ### Generate gvmd Certificates Source: https://github.com/greenbone/gvmd/blob/main/INSTALL.md Provides a command to quickly generate the necessary TLS certificates for Greenbone Vulnerability Manager Daemon (gvmd) using the `gvm-manage-certs` script. This is crucial for secure TCP-based communication. ```bash gvm-manage-certs -a ``` -------------------------------- ### Checking GPG Secret Keys Source: https://github.com/greenbone/gvmd/blob/main/INSTALL.md This command checks for the existence of GPG secret keys associated with the Greenbone Vulnerability Manager daemon's credential encryption. It is useful for verifying if the encryption key has been generated. ```bash gpg --homedir /var/lib/gvm/gvmd/gnupg --list-secret-keys ``` -------------------------------- ### Access PostgreSQL Database for gvmd Source: https://github.com/greenbone/gvmd/blob/main/INSTALL.md Connects to the PostgreSQL database named 'gvmd' using the psql client. This is used for running SQL commands and managing the database. ```sh psql gvmd ``` -------------------------------- ### Optimize gvmd database with analyze Source: https://github.com/greenbone/gvmd/blob/main/INSTALL.md This command updates internal database statistics for Greenbone Vulnerability Manager (gvmd) to optimize query performance. It relies on the underlying database's ANALYZE command to improve query execution plans. ```bash gvmd --optimize=analyze ``` -------------------------------- ### gvmd Logging Configuration (gvmd_log.conf) Source: https://github.com/greenbone/gvmd/blob/main/INSTALL.md This snippet illustrates the structure of the `gvmd_log.conf` file used for configuring logging in Greenbone Vulnerability Manager (gvmd). It details settings for log file paths, message prefixes, time formats, and logging levels. The `level` field determines the verbosity, with higher values including more detailed logs. ```ini [md main] prepend=%t %p prepend_time_format=%Y-%m-%d %Hh%M.%S %Z file=/var/log/gvm/gvmd.log level=128 ``` -------------------------------- ### Enable Agent Control Support in CMake Source: https://github.com/greenbone/gvmd/blob/main/INSTALL.md This command enables agent management and integration with the Agent Control service by setting the ENABLE_AGENTS flag during the CMake configuration process. This ensures gvmd is built with the necessary support for agent-based components. ```bash cmake -DENABLE_AGENTS=1 .. ``` -------------------------------- ### Configure gvmd Network Connection Source: https://github.com/greenbone/gvmd/blob/main/INSTALL.md Demonstrates how to configure Greenbone Vulnerability Manager Daemon (gvmd) to listen on either a UNIX domain socket or a TCP socket. It shows the default UNIX socket location and how to specify a TCP listener with an IP address. ```bash # Default UNIX domain socket at: /var/run/gvmd.sock # Override with: gvmd --unix-socket=/path/to/socket # Use TCP socket: gvmd --listen=127.0.0.1 ``` -------------------------------- ### Cleanup gvmd sequences Source: https://github.com/greenbone/gvmd/blob/main/INSTALL.md This command optimizes database sequences, preventing potential exhaustion issues that can arise from regular feed updates. It is particularly useful for sequences related to configuration preferences. ```bash gvmd --optimize=cleanup-sequences ``` -------------------------------- ### Configure CPack for GVM Packaging in CMake Source: https://github.com/greenbone/gvmd/blob/main/CMakeLists.txt This section configures CPack, CMake's packaging module, for the GVM project. It specifies the generator (Unix Makefiles), archive format (TGZ), installation details, resource files (license, README), and source ignore patterns. The package version and filename are derived from project settings. ```cmake ## CPack configuration set(CPACK_CMAKE_GENERATOR "Unix Makefiles") set(CPACK_GENERATOR "TGZ") set(CPACK_INSTALL_CMAKE_PROJECTS ".;gvm;ALL;/") set(CPACK_MODULE_PATH "") set(CPACK_RESOURCE_FILE_LICENSE "${CMAKE_SOURCE_DIR}/COPYING") set(CPACK_RESOURCE_FILE_README "${CMAKE_SOURCE_DIR}/README.md") set(CPACK_RESOURCE_FILE_WELCOME "${CMAKE_SOURCE_DIR}/README.md") set(CPACK_SOURCE_GENERATOR "TGZ") set(CPACK_SOURCE_TOPLEVEL_TAG "") set(CPACK_SYSTEM_NAME "") set(CPACK_TOPLEVEL_TAG "") set(CPACK_PACKAGE_VERSION "${PROJECT_VERSION_STRING}${PROJECT_VERSION_GIT}") set(CPACK_PACKAGE_FILE_NAME "${PROJECT_NAME}-${CPACK_PACKAGE_VERSION}") set(CPACK_SOURCE_PACKAGE_FILE_NAME "${PROJECT_NAME}-${CPACK_PACKAGE_VERSION}") set(CPACK_PACKAGE_VENDOR "Greenbone AG") set(CPACK_SOURCE_IGNORE_FILES "${CMAKE_BINARY_DIR}" "/.git/" "swp$") include(CPack) ``` -------------------------------- ### Get Scanner and User Information (gvmd) Source: https://github.com/greenbone/gvmd/blob/main/docs/gvmd.html These options list the configured scanners or users and then exit the daemon. This is useful for auditing or obtaining identifiers needed for other operations, such as modification or deletion. ```bash gvmd --get-scanners gvmd --get-users ``` -------------------------------- ### Configuring SSL/TLS Certificates and Keys in CMake Source: https://github.com/greenbone/gvmd/blob/main/src/CMakeLists.txt This set of CMake commands uses `add_definitions` to pass paths to SSL/TLS certificates and keys as preprocessor macros. This is crucial for gvmd's secure communication setup, allowing the application to load the necessary credentials during runtime. ```cmake if(GVM_SCANNER_CERTIFICATE) add_definitions(-DSCANNERCERT="${GVM_SCANNER_CERTIFICATE}") endif(GVM_SCANNER_CERTIFICATE) if(GVM_SCANNER_KEY) add_definitions(-DSCANNERKEY="${GVM_SCANNER_KEY}") endif(GVM_SCANNER_KEY) if(GVM_CLIENT_CERTIFICATE) add_definitions(-DCLIENTCERT="${GVM_CLIENT_CERTIFICATE}") endif(GVM_CLIENT_CERTIFICATE) if(GVM_CLIENT_KEY) add_definitions(-DCLIENTKEY="${GVM_CLIENT_KEY}") endif(GVM_CLIENT_KEY) if(GVM_CA_CERTIFICATE) add_definitions(-DCACERT="${GVM_CA_CERTIFICATE}") endif(GVM_CA_CERTIFICATE) if(GVM_CA_DIR) add_definitions(-DCA_DIR="${GVM_CA_DIR}") endif(GVM_CA_DIR) ``` -------------------------------- ### Cleanup gvmd config preferences Source: https://github.com/greenbone/gvmd/blob/main/INSTALL.md This command cleans up Scan Configs by removing duplicate preferences and correcting broken values. It requires up-to-date NVT preferences in the database to function correctly. ```bash gvmd --optimize=cleanup-config-prefs ``` -------------------------------- ### Rename PostgreSQL Databases for Release Switching Source: https://github.com/greenbone/gvmd/blob/main/INSTALL.md Demonstrates how to rename PostgreSQL databases, typically used when switching between different versions of gvmd. It renames the active 'gvmd' database and the master database. ```sh sudo -u postgres psql -q --command='ALTER DATABASE gvmd RENAME TO gvmd_10;' sudo -u postgres psql -q --command='ALTER DATABASE gvmd_master RENAME TO gvmd;' ``` -------------------------------- ### Optimize gvmd database with vacuum Source: https://github.com/greenbone/gvmd/blob/main/INSTALL.md This command optimizes the Greenbone Vulnerability Manager (gvmd) database by freeing unused storage space. This operation can reduce the database file size and improve performance. It relies on the underlying database's VACUUM command. ```bash gvmd --optimize=vacuum ``` -------------------------------- ### Modify gvmd Setting: Max Rows Per Page Source: https://github.com/greenbone/gvmd/blob/main/INSTALL.md This command modifies the global 'Max Rows Per Page' setting for gvmd, controlling the maximum number of resources returned by GMP GET commands. It can also be used to set this value for a specific user by adding the --user flag. The setting '0' indicates no limit. ```bash gvmd --modify-setting 76374a7a-0569-11e6-b6da-28d24461215b \ --value 100 ``` -------------------------------- ### Add feed permissions with gvmd optimize Source: https://github.com/greenbone/gvmd/blob/main/INSTALL.md This command adds necessary read permissions on all feed data objects for roles defined in 'Feed Import Roles' if they don't already exist. It ensures proper access to feed data and is owned by the feed import owner. ```bash gvmd --optimize=add-feed-permissions ``` -------------------------------- ### Modifying Scanner Configuration with gvmd Source: https://github.com/greenbone/gvmd/blob/main/INSTALL.md This command updates the configuration of a specific scanner within the Greenbone Vulnerability Manager. It allows for the modification of CA certificates, client certificates, and client private keys used for scanner authentication. ```bash gvmd --modify-scanner \ --scanner-ca-pub \ --scanner-key-pub \ --scanner-key-priv ``` -------------------------------- ### CMake: Set Logrotate Directory Source: https://github.com/greenbone/gvmd/blob/main/config/CMakeLists.txt This CMake code snippet defines the installation directory for logrotate configuration files. If the LOGROTATE_DIR variable is not already set, it defaults to a path based on the SYSCONFDIR variable. This ensures logrotate configuration files are placed in the standard location for system configuration. ```cmake if(NOT LOGROTATE_DIR) set(LOGROTATE_DIR "${SYSCONFDIR}/logrotate.d") endif(NOT LOGROTATE_DIR) ``` -------------------------------- ### Enable syslog logging in gvmd Source: https://github.com/greenbone/gvmd/blob/main/INSTALL.md This snippet demonstrates how to configure Greenbone Vulnerability Manager (gvmd) to send logs to syslog. By setting the `file` parameter to `syslog` and specifying a `syslog_facility`, logs can be managed through the system's logging daemon. ```ini [md main] prepend=%t %p prepend_time_format=%Y-%m-%d %Hh%M.%S %Z file=syslog syslog_facility=daemon level=128 ``` -------------------------------- ### Cleanup gvmd port names Source: https://github.com/greenbone/gvmd/blob/main/INSTALL.md This command standardizes port name formats in the database, removing extraneous information like application names. It ensures consistency for filtering results and delta reports by enforcing the `/` format. ```bash gvmd --optimize=cleanup-port-names ``` -------------------------------- ### GVMD CMake Variable Definitions Source: https://github.com/greenbone/gvmd/blob/main/CMakeLists.txt This snippet defines various configuration variables for GVMD using CMake. These variables control aspects like database versions, installation directories for binaries, libraries, configuration files, and data. Conditional logic is used to set default values or use user-specified paths. ```cmake set(GVMD_DATABASE_VERSION 262) set(GVMD_SCAP_DATABASE_VERSION 22) set(GVMD_CERT_DATABASE_VERSION 8) if(ENABLE_AGENTS OR ENABLE_CONTAINER_SCANNING) # Set a to the next GMP version if unstable features are enabled set(GMP_VERSION "22.8") else(ENABLE_AGENTS OR ENABLE_CONTAINER_SCANNING) set(GMP_VERSION "22.7") endif(ENABLE_AGENTS OR ENABLE_CONTAINER_SCANNING) if(SYSCONF_INSTALL_DIR) set(SYSCONFDIR "${SYSCONF_INSTALL_DIR}") endif(SYSCONF_INSTALL_DIR) if(NOT SYSCONFDIR) set(SYSCONFDIR "/etc") endif(NOT SYSCONFDIR) if(NOT EXEC_PREFIX) set(EXEC_PREFIX "${CMAKE_INSTALL_PREFIX}") endif(NOT EXEC_PREFIX) if(NOT BINDIR) set(BINDIR "${EXEC_PREFIX}/bin") endif(NOT BINDIR) if(NOT SBINDIR) set(SBINDIR "${EXEC_PREFIX}/sbin") endif(NOT SBINDIR) if(NOT LIBDIR) set(LIBDIR "${EXEC_PREFIX}/lib") endif(NOT LIBDIR) if(NOT LOCALSTATEDIR) set(LOCALSTATEDIR "/var") endif(NOT LOCALSTATEDIR) if(NOT DATADIR) set(DATADIR "${CMAKE_INSTALL_PREFIX}/share") endif(NOT DATADIR) if(NOT INCLUDEDIR) set(INCLUDEDIR "${CMAKE_INSTALL_PREFIX}/include") endif(NOT INCLUDEDIR) set(GVM_SYSCONF_DIR "${SYSCONFDIR}/gvm") set(GVM_DATA_DIR "${DATADIR}/gvm") if(NOT GVMD_DATA_DIR) set(GVMD_DATA_DIR "${GVM_DATA_DIR}/gvmd") endif(NOT GVMD_DATA_DIR) if(NOT GVM_STATE_DIR) set(GVM_STATE_DIR "${LOCALSTATEDIR}/lib/gvm") else(NOT GVM_STATE_DIR) set(GVM_STATE_DIR "${GVM_STATE_DIR}") endif(NOT GVM_STATE_DIR) if(NOT GVMD_STATE_DIR) set(GVMD_STATE_DIR "${GVM_STATE_DIR}/gvmd") endif(NOT GVMD_STATE_DIR) if(NOT GVMD_LOG_FILE) if(GVM_LOG_DIR) set(GVMD_LOG_FILE "${GVM_LOG_DIR}/gvmd.log") else(GVM_LOG_DIR) set(GVMD_LOG_FILE "-") endif(GVM_LOG_DIR) endif(NOT GVMD_LOG_FILE) set(GVM_SCAP_RES_DIR "${GVM_DATA_DIR}/scap") set(GVM_CERT_RES_DIR "${GVM_DATA_DIR}/cert") set(GVM_CA_DIR "${GVMD_STATE_DIR}/trusted_certs") if(NOT GVM_LIB_INSTALL_DIR) set(GVM_LIB_INSTALL_DIR "${LIBDIR}") else(NOT GVM_LIB_INSTALL_DIR) set(GVM_LIB_INSTALL_DIR "${GVM_LIB_INSTALL_DIR}") endif(NOT GVM_LIB_INSTALL_DIR) set(GVM_SCANNER_CERTIFICATE "${GVM_STATE_DIR}/CA/servercert.pem") set(GVM_SCANNER_KEY "${GVM_STATE_DIR}/private/CA/serverkey.pem") set(GVM_CLIENT_CERTIFICATE "${GVM_STATE_DIR}/CA/clientcert.pem") set(GVM_CLIENT_KEY "${GVM_STATE_DIR}/private/CA/clientkey.pem") set(GVM_CA_CERTIFICATE "${GVM_STATE_DIR}/CA/cacert.pem") if(NOT GVMD_RUN_DIR) set(GVMD_RUN_DIR "/run/gvmd") endif(NOT GVMD_RUN_DIR) if(NOT GVMD_PID_PATH) set(GVMD_PID_PATH "${GVMD_RUN_DIR}/gvmd.pid") endif(NOT GVMD_PID_PATH) if(NOT GVM_FEED_LOCK_PATH) set(GVM_FEED_LOCK_PATH "${GVM_STATE_DIR}/feed-update.lock") endif(NOT GVM_FEED_LOCK_PATH) add_definitions(-DGVM_FEED_LOCK_PATH="${GVM_FEED_LOCK_PATH}") if(NOT OPENVAS_DEFAULT_SOCKET) set(OPENVAS_DEFAULT_SOCKET "/run/ospd/ospd-openvas.sock") endif(NOT OPENVAS_DEFAULT_SOCKET) add_definitions(-DOPENVAS_DEFAULT_SOCKET="${OPENVAS_DEFAULT_SOCKET}") # TODO: Once we separate the RFP signatures out of "plugins" and # into var/lib/gvm/rfpsigs/ (via a sync script) then we do not need # to know about the NVT_DIR anymore. if(NOT GVM_NVT_DIR) set(GVM_NVT_DIR "${LOCALSTATEDIR}/lib/openvas/plugins/") endif(NOT GVM_NVT_DIR) if(NOT DATA_OBJECTS_FEED_DIR) set(DATA_OBJECTS_FEED_DIR "${LOCALSTATEDIR}/lib/gvm/data-objects") endif(NOT DATA_OBJECTS_FEED_DIR) if(NOT GVMD_FEED_DIR) set(GVMD_FEED_DIR "${DATA_OBJECTS_FEED_DIR}/gvmd") endif(NOT GVMD_FEED_DIR) if(NOT GVM_ACCESS_KEY_DIR) set(GVM_ACCESS_KEY_DIR "${GVM_SYSCONF_DIR}") endif(NOT GVM_ACCESS_KEY_DIR) if(NOT GVM_CERT_DATA_DIR) set(GVM_CERT_DATA_DIR "${GVM_STATE_DIR}/cert-data") endif(NOT GVM_CERT_DATA_DIR) if(NOT GVM_SCAP_DATA_DIR) set(GVM_SCAP_DATA_DIR "${GVM_STATE_DIR}/scap-data") endif(NOT GVM_SCAP_DATA_DIR) # System username to use when dropping privileges if(NOT GVM_DEFAULT_DROP_USER) set(GVM_DEFAULT_DROP_USER "") endif(NOT GVM_DEFAULT_DROP_USER) ``` -------------------------------- ### Configure Project Version and Documentation Files with CMake Source: https://github.com/greenbone/gvmd/blob/main/CMakeLists.txt This snippet shows how CMake's `configure_file` command is used to generate configuration files, including the project version and Doxygen documentation files. It replaces placeholders in template files with actual values from the CMake build environment. ```cmake ## Version set(GVMD_VERSION "${PROJECT_VERSION_STRING}") # Configure Doxyfile with version number configure_file(docs/Doxyfile.in docs/Doxyfile) configure_file(docs/Doxyfile_full.in docs/Doxyfile_full) configure_file(docs/Doxyfile_xml.in docs/Doxyfile_xml) configure_file( docs/example-gvm-manage-certs.conf.in docs/example-gvm-manage-certs.conf @ONLY ) configure_file(VERSION.in VERSION) configure_file(src/gvmd_log_conf.cmake_in src/gvmd_log.conf) configure_file( src/schema_formats/XML/GMP.xml.in src/schema_formats/XML/GMP.xml @ONLY ) configure_file(tools/gvm-manage-certs.in tools/gvm-manage-certs @ONLY) ``` -------------------------------- ### Format Code with make format Source: https://github.com/greenbone/gvmd/blob/main/README.md Command to automatically format the project's code according to the defined style guidelines. This is a recommended step before submitting code changes. ```sh make format ``` -------------------------------- ### Build HTML Documentation with Doxygen Source: https://github.com/greenbone/gvmd/blob/main/docs/CMakeLists.txt This snippet defines custom targets and commands for building HTML documentation using Doxygen. It checks for the presence of the Doxygen executable and specifies dependencies and output files. ```cmake set_directory_properties(PROPERTIES CLEAN_NO_CUSTOM true) set_directory_properties( PROPERTIES ADDITIONAL_MAKE_CLEAN_FILES ".built-html;.built-html_full" ) include(FindDoxygen) if(NOT DOXYGEN_EXECUTABLE) message(STATUS "WARNING: Doxygen is required to build the HTML docs.") else(NOT DOXYGEN_EXECUTABLE) add_custom_target( doc COMMENT "Building documentation..." DEPENDS ${CMAKE_CURRENT_BINARY_DIR}/gvmd.8 ${CMAKE_CURRENT_BINARY_DIR}/Doxyfile ${CMAKE_CURRENT_BINARY_DIR}/.built-html ) add_custom_command( OUTPUT .built-html COMMAND sh ARGS -c "${DOXYGEN_EXECUTABLE} ${CMAKE_CURRENT_BINARY_DIR}/Doxyfile && touch ${CMAKE_CURRENT_BINARY_DIR}/.built-html;" DEPENDS ${CMAKE_CURRENT_BINARY_DIR}/gvmd.html ${CMAKE_CURRENT_BINARY_DIR}/Doxyfile ) add_custom_target( doc-full COMMENT "Building documentation..." DEPENDS ${CMAKE_CURRENT_BINARY_DIR}/gvmd.8 ${CMAKE_CURRENT_BINARY_DIR}/Doxyfile_full ${CMAKE_CURRENT_BINARY_DIR}/.built-html_full ) add_custom_command( OUTPUT .built-html_full COMMAND sh ARGS -c "${DOXYGEN_EXECUTABLE} ${CMAKE_CURRENT_BINARY_DIR}/Doxyfile_full && touch ${CMAKE_CURRENT_BINARY_DIR}/.built-html_full;" DEPENDS ${CMAKE_CURRENT_BINARY_DIR}/gvmd.html ${CMAKE_CURRENT_BINARY_DIR}/Doxyfile_full ) add_custom_target( doc-xml COMMENT "Building documentation (XML)..." DEPENDS ${CMAKE_CURRENT_BINARY_DIR}/Doxyfile_xml ${CMAKE_CURRENT_BINARY_DIR}/.built-xml ) add_custom_command( OUTPUT .built-xml COMMAND sh ARGS -c "${DOXYGEN_EXECUTABLE} ${CMAKE_CURRENT_BINARY_DIR}/Doxyfile_xml && touch ${CMAKE_CURRENT_BINARY_DIR}/.built-xml;" DEPENDS ${CMAKE_CURRENT_BINARY_DIR}/Doxyfile_xml ) endif(NOT DOXYGEN_EXECUTABLE) ``` -------------------------------- ### Format CMake Files with gersemi Source: https://github.com/greenbone/gvmd/blob/main/README.md Command to format all CMake files within the current directory and its subdirectories using the 'gersemi' tool. This ensures consistency in CMake build scripts. ```sh gersemi -i cmake . ``` -------------------------------- ### Display gvmd Command Line Options Source: https://github.com/greenbone/gvmd/blob/main/README.md Command to view all available command-line options for the Greenbone Vulnerability Manager. This is useful for understanding and customizing its behavior. ```sh gvmd --help ``` -------------------------------- ### Foreground Operation and Help (gvmd) Source: https://github.com/greenbone/gvmd/blob/main/docs/gvmd.html The '-f' or '--foreground' option runs gvmd in the foreground, useful for debugging or when running under a process manager that expects this behavior. The '-h' or '--help' option displays all available command-line options and their descriptions. ```bash gvmd -f gvmd -h ```