The Greenbone Security Assistant HTTP Server is the server developed for the communication with the Greenbone Enterprise appliances.
It connects to the Greenbone Vulnerability Manager Daemon gvmd to provide a full-featured HTTP interface for vulnerability management.
All release files are signed with
the Greenbone Community Feed integrity key.
This gpg key can be downloaded at https://www.greenbone.net/GBCommunitySigningKey.asc
and the fingerprint is 8AE4 BE42 9B60 A59B 311C 2E73 9823 FAA6 0ED1 E580
.
If you are not familiar or comfortable building from source code, we recommend that you use the Greenbone Security Manager TRIAL (GSM TRIAL), a prepared virtual machine with a readily available setup. Information regarding the virtual machine is available at https://www.greenbone.net/en/testnow.
This module can be configured, built and installed with following commands:
cd path/to/gsad
mkdir build && cd build
cmake ..
make install
Please note: The reference system used by most of the developers is Debian GNU/Linux 'Buster' 10. The build might fail on any other system. Also, it is necessary to install dependent development packages.
See at the end of this section how to easily install these prerequisites on some supported platforms.
Prerequisites:
- libgvm_base, libgvm_util, libgvm_gmp >= 20.8.2
- gnutls >= 3.2.15
- libgcrypt
- cmake >= 3.0
- glib-2.0 >= 2.42
- libxml
- libmicrohttpd >= 0.9.0
- pkg-config
- gcc
- zlib >= 1.2
- libbrotli (optional, for Brotli compression)
Prerequisites for building documentation:
- Doxygen
- xmltoman (optional, for building man page)
Install prerequisites on Debian GNU/Linux:
apt-get install libmicrohttpd-dev libxml2-dev zlib1g-dev
If you have installed required libraries to a non-standard location, remember to
set the PKG_CONFIG_PATH
environment variable to the location of you pkg-config
files before configuring:
export PKG_CONFIG_PATH=/your/location/lib/pkgconfig:$PKG_CONFIG_PATH
Create a build directory and change into it with:
mkdir build && cd build
Then configure the build with:
cmake -DCMAKE_INSTALL_PREFIX=/path/to/your/installation ..
Or (if you want to use the default installation path /usr/local):
cmake ..
This only needs to be done once.
Thereafter, the following commands are useful:
make # build the scanner
make doc # build the documentation
make doc-full # build more developer-oriented documentation
make install # install the build
make rebuild_cache # rebuild the cmake cache
Please note that you may have to execute make install
as root, especially if
you have specified a prefix for which your user does not have full permissions.
To clean up the build environment, simply remove the contents of the build
directory you created above.
In case you have installed the Greenbone Security Assistant Daemon into a path
different from the other GVM modules, you might need to set some paths
explicitly before running cmake
. See the top-level CMakeLists.txt.
By default, gsad writes logs to the file
<install-prefix>/var/log/gvm/gsad.log
Logging is configured entirely by the file
<install-prefix>/etc/gvm/gsad_log.conf
The configuration is divided into domains like this one
[gsad main]
prepend=%t %p
prepend_time_format=%Y-%m-%d %Hh%M.%S %Z
file=/var/log/gvm/gsad.log
level=128
The level
field controls the amount of logging that is written.
The value of level
can be:
4 Errors.
8 Critical situation.
16 Warnings.
32 Messages.
64 Information.
128 Debug. (Lots of output.)
Enabling any level includes all the levels above it. So enabling Information will include Warnings, Critical situations and Errors.
To get absolutely all logging, set the level to 128 for all domains in the configuration file.
Logging to syslog
can be enabled in each domain like:
[gsad main]
prepend=%t %p
prepend_time_format=%Y-%m-%d %Hh%M.%S %Z
file=syslog
syslog_facility=daemon
level=128
In case everything was installed using the defaults, then starting the HTTP daemon of the Greenbone Security Assistant can be done with this simple command:
gsad
The daemon will listen on port 443, making the web interface
available in your network at https://<your host>
.
If port 443 was not available or the user has no root privileges,
gsad tries to serve at port 9392 as a fallback (https://<your host>:9392
).
To see all available command line options of gsad, enter this command:
gsad --help
For any question on the usage of gsad
please use the Greenbone Community
Portal. If you found a problem with the
software, please create an issue on
GitHub. If you are a Greenbone customer you may alternatively or additionally
forward your issue to the Greenbone Support Portal.
This project is maintained by Greenbone Networks GmbH.
Your contributions are highly appreciated. Please create a pull request on GitHub. Bigger changes need to be discussed with the development team via the issues section at github first.
Copyright (C) 2009-2024 Greenbone AG
Licensed under the GNU Affero General Public License v3.0 or later.