Accessing and Installing GSM Community Edition – OpenVAS

Version: 4.2.17 (includes OpenVAS-9)

Download: https://dl.greenbone.net/download/VM/gsm_ce_4.2.17.iso (350 MByte)

sha256sum: a4490e1c1d5b93c52b67eb533da8aa0ebe435551f89c8cea1619e6a772733a97

Compatibility: VirtualBox, ESXi, Hyper-V

Minimum requirements: 2 CPU Cores, 2 GByte RAM

The GSM Community Edition is a derivate of the GSM ONE and allows a quick and easy option on Windows, Linux or Mac to give the solution a trial. No particular know-how is needed.

In contrast to the commercial solution the Community Feed instead of the Greenbone Security Feed is used. Also some management functions like for TLS certificates are not included. Feed updates happen on a regular basis, but the system itself can not be updated. The commercial version can be updated seamless and also includes access to the Greenbone Support.

The Community Edition as well as the GSM ONE are designed for use with a laptop. The full feature set for a vulnerability management process (schedules, alarms, sensors) are only available with the bigger GSM models (see here for an overview) and can be obtained from Greenbone as an evaluation unit.

Startup Community Edition:

Create a virtual image:

VirtualBox by hand via “New”:

Type: Linux
Version: Other Linux (64bit)
Memory: 2048M
Harddisk: 9G
CPUs: 2
Create a new hard disk for the virtual machine.

Take care that the network connection works inside-out and outside-in:
The system needs access to the internet for the setup.
For using the systems’ web interface you need to access the system from where your web browser runs.

Audio, USB and Floppy should be disabled.

Now choose the downloaded ISO image as medium for the CD drive and start the virtual machine.

Hyper-V by hand via “New – Virtual Computer”:

Generation: Generation 1

Startup memory: 2048MB

Use Dynamic Memory: deactivate

Network: Select a connection that has access to the Internet. The system needs access to the internet for the setup. For using the systems’ web interface you need to access the system from where your web browser runs.

Virtual hard disk: create an new, with an minimum of 9GB

Installation Options: Now choose the downloaded iso image as medium.

After saving, change the number of processors to 2

ESXi / VMWare:

Basically follow the hints as in “VirtualBox by hand”.

In the menu choose the option “Setup” and confirm that the hard disk can be overwritten.

The installation process will now run for a while. You will be asked for a username and password for the administrative account. Notice this account because there will be no other way to administrate the system.

Follow the instructions up to the reboot. The system will automatically reboot a second time.

As soon as the login prompt “Welcome to Greenbone OS” appears, log in with the previously created administration account.

You now enter the setup wizard which guides you through the final steps:

Web-User: Creation of an administration account for the web interface. There, you can later create more account as needed.

Greenbone Subscription Key: In case you have a received an evaluation key from Greenbone, you can now upload it. If you don’t have one, the system will use the Greenbone Community Feed instead of the Greenbone Security Feed. It is possible to upload a evaluation key any time later and change the feed.

Download Feed: Without a feed you can not do any scans and the SecInfo section remains empty. So the download is highly recommended, but requires internet access.

The feed update now runs in the background and you are on the main menu of the administration. Via “About” you can have a look at the key properties of your setup, especially the address of the web interface and whether there still runs the Feed update as a system operation.

Log in to the web interface with the web administrator account. During the installation a self-signed TLS certificate was created. Your browser will regard it insecure and you need to tell your browser to accept it as an exception.

Only after the feed update completed there will be all information in the SecInfo area and first scans possible. This could take half an hour or even longer.

Documentation and guides are available at the Greenbone TechDoc Portal. However, the user interface is self-explaining. Just give it a start. The wizard will help you to create and run your first scan task.

Please note: Shutting down the virtual machine should only be done via the menu Maintenance->Power to ensure that important system processes like the Feed update are not interrupted.

Copyright, licenses and sources:

The Feed and Greenbone OS consists of various components with various Copyrights and (Open Source) Licenses. In essence the product can be used for any purpose but for re-distribution the conditions of the licenses have to be considered. Details are summarized in the License Information. There, you will also find the offer for source code access according to GNU GPL.

0 replies

Leave a Reply

Want to join the discussion?
Feel free to contribute!

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.