Install GVM Vulnerability Scanner on Ubuntu 24.04 Using Containers

 在 Ubuntu 下使用 Docker 安裝 OpenVAS 

參考來源：  https://medium.com/@ma7moudsabra/install-gvm-vulnerability-scanner-on-ubuntu-24-04-using-containers-fd38935b7121

 

1. Set up Docker’s apt repository.

# Add Docker's official GPG key:
sudo apt-get update
sudo apt-get install ca-certificates curl
sudo install -m 0755 -d /etc/apt/keyrings
sudo curl -fsSL https://download.docker.com/linux/ubuntu/gpg -o /etc/apt/keyrings/docker.asc
sudo chmod a+r /etc/apt/keyrings/docker.asc

# Add the repository to Apt sources:
echo \
  "deb [arch=$(dpkg --print-architecture) signed-by=/etc/apt/keyrings/docker.asc] https://download.docker.com/linux/ubuntu \
  $(. /etc/os-release && echo "$VERSION_CODENAME") stable" | \
  sudo tee /etc/apt/sources.list.d/docker.list > /dev/null
sudo apt-get update

 如果是使用 Linux Mint 22.1 的環境，上面的 $VERSION_CODENAME 這裡會不正確，手動改為 noble 就可以了。 

 

2. Install the Docker and dependencies packages.

sudo apt-get install gnupg docker-ce docker-ce-cli containerd.io docker-buildx-plugin docker-compose-plugin

3. Verify that the installation is successful by running the hello-world image:

sudo docker run hello-world

 

 

4. Manage Docker as a non-root user

sudo groupadd docker
sudo usermod -aG docker $USER
newgrp docker

5. Verify that you can run docker commands without sudo.

docker run hello-world

6. For downloading the Greenbone Community Edition docker compose file, a destination directory should be created.

export DOWNLOAD_DIR=$HOME/greenbone-community-container && mkdir -p $DOWNLOAD_DIR

7. Download the file

cd $DOWNLOAD_DIR && curl -f -L https://greenbone.github.io/docs/latest/_static/docker-compose-22.4.yml -o docker-compose.yml

 

 

8. To allow remote access to the Greenbone Web Interface, you need to modify the docker compose file to configure the web server (gsad) to listen on all network interfaces.

  gsa:
    image: greenbone/gsa:stable
    restart: on-failure
    ports:
      - 127.0.0.1:9392:80 #before
    volumes:
      - gvmd_socket_vol:/run/gvmd
    depends_on:
      - gvmd
---- 
  gsa:
    image: greenbone/gsa:stable
    restart: on-failure
    ports:
      - 9392:80     #After
    volumes:
      - gvmd_socket_vol:/run/gvmd
    depends_on:
      - gvmd

9. Start the Greenbone Community Edition container.

docker compose -f $DOWNLOAD_DIR/docker-compose.yml -p greenbone-community-edition up -d

Accessing OpenVAS

OpenVAS is now installed and running on your Ubuntu 24.04 LTS system. To access the OpenVAS web interface:

1. Open a web browser and navigate to http://localhost:9392.

2. Log in using the default credentials:

• Username: admin
• Password: admin

 

 

 

 

 

 

 

 

Linux Mint / Ubuntu 的 GPG error

VSCode

 參考這篇 https://medium.com/@lpramithamj/fixing-the-gpg-key-error-for-visual-studio-code-on-ubuntu-f29562a38182

 How to Fix the GPG Key Error

Step 1: Download and Install the Microsoft GPG Key 

 wget -qO - https://packages.microsoft.com/keys/microsoft.asc | sudo gpg --dearmor -o /usr/share/keyrings/microsoft.gpg

Step 2: Update the Microsoft Repository List

echo "deb [signed-by=/usr/share/keyrings/microsoft.gpg arch=amd64] https://packages.microsoft.com/repos/code stable main" | sudo tee /etc/apt/sources.list.d/vscode.list

Step 3: Update and Upgrade Packages

sudo apt update && sudo apt upgrade -y

以上動作應該就可以修正 VSCode 的問題。

 

 

 

 

 

 

ubuntu bind9 設定

 ref: https://www.linuxbabe.com/ubuntu/set-up-local-dns-resolver-ubuntu-20-04-bind9

 

這篇說明的還滿好的，簡單、明瞭，直接實作、除錯、檢測。 

sudo journalctl -eu named

這個指令，抓到我的設定檔的問題。 

ubuntu 24.04 install LAMP

 

sudo apt update
sudo apt upgrade

sudo apt install apache2 mariadb-server php8.3-fpm php8.3 libapache2-mod-php8.3 php8.3-common php8.3-mysql php8.3-xml php8.3-xmlrpc php8.3-curl php8.3-gd php8.3-imagick php8.3-cli php8.3-imap php8.3-mbstring php8.3-opcache php8.3-soap php8.3-zip php8.3-intl php8.3-bcmath unzip phpmyadmin python3-certbot-apache

sudo systemctl enable apache2
apache2 -v

sudo systemctl enable mariadb
sudo mysql_secure_installation
mariadb --version
sudo mysql -uroot -p
grant all on *.* to root@localhost identified by '123456';

sudo gedit /etc/php/8.1/apache2/php.ini
  upload_max_filesize = 2000M
  max_file_uploads = 2000
  post_max_size = 2000M
  max_execution_time = 600
  max_input_time = 1000
  max_input_vars = 3000
  memory_limit = 1024M
  session.gc_maxlifetime = 86400

iptables 設定拒絕所有連線，只允許 80, 443 連線

# 清除現有規則  
sudo iptables -F  

# 設置預設策略為拒絕  
sudo iptables -P INPUT DROP  
sudo iptables -P FORWARD DROP  
sudo iptables -P OUTPUT ACCEPT  

# 允許回環接口  
sudo iptables -A INPUT -i lo -j ACCEPT  

# 允許已建立的連接  
sudo iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT  

# 允許HTTP和HTTPS流量  
sudo iptables -A INPUT -p tcp -m multiport --dports 80,443 -j ACCEPT

# 保存以上的設定
service iptables save