Vous êtes ici : Formations en Ligne Gratuites » Catalogue » workbooks » Debian » 11 » LDF400 - Administration de la Sécurité » LDF406 - Sécurité Applicative

Différences

Ci-dessous, les différences entre deux révisions de la page.

Lien vers cette vue comparative

--- elearning:workbooks:debian:11:sec:l106 [2025/11/30 15:24] – admin
+++ elearning:workbooks:debian:11:sec:l106 [2025/12/04 09:40] (Version actuelle) – admin
@@ Ligne 1: / Ligne 1: @@
 ~~PDF:LANDSCAPE~~
-SNORT
 Version : **2026.01**
@@ Ligne 7: / Ligne 5: @@
 Dernière mise-à-jour : ~~LASTMOD~~
-======LDF406 - Balayage des Ports======
+======LDF406 - Sécurité Applicative======
 =====Contenu du Module=====
-  * **LDF406 - Balayage des Ports**
+  * **LDF406 - Sécurité Applicative**
     * Contenu du Module
     * Le Problématique
-      * LAB #1 - Utilisation de nmap et de netcat
+    * Préparation
-        * 1.1 - nmap
+    * Les Outils
-          * Installation
+      * LAB #1 - Netwox
-          * Utilisation
+        * 1.1 - Installation
-          * Fichiers de Configuration
+        * 1.2 - Utilisation
-          * Scripts
+        * 1.3 - Avertissement important
-        * 1.2 - netcat
+      * LAB #2 - Greenbone Vulnerability Management (GVM)
-          * Utilisation
+        * 2.1 - Présentation
-    * Les Contre-Mesures
+        * 2.2 - Préparation
-      * LAB #2 - Mise en place du Système de Détection d'Intrusion Snort
+        * 2.3 - Installation
-        * 2.1 - Installation
+        * 2.4 - Configuration
-        * 2.2 - Configuration de Snort
+        * 2.5 - Utilisation
-          * Editer le fichier /etc/snort/snort.conf
+        * 2.6 - Analyse des Résultats
-        * 2.3 - Utilisation de snort en mode "packet sniffer"
+    * Les Contres-Mesures
-        * 2.4 - Utilisation de snort en mode "packet logger"
+      * LAB #3 - La commande chroot
-        * 2.5 - Journalisation
-      * LAB #3 - Mise en place du Système de Détection et de Prévention d'Intrusion Portsentry
-        * 3.1 - Installation
-        * 3.2 - Configuration
-        * 3.3 - Utilisation
 =====Le Problématique=====
-Un **Cheval de Troie** est un binaire qui se cache dans un autre. Il est exécuté suite à l'exécution du binaire hôte par la cible ou par un utilisateur. Le but principal du Cheval de Troie est d'ouvrir une //trappe// (//backdoor//). Les Chevaux de Troie les plus connus sont :
+La plupart des failles de sécurité ne sont pas du fait du système d'exploitation mais des applications installées.
-  * Back Orifice 2000 - tcp/8787, tcp/54320-21,
+=====Préparation=====
-  * Backdoor - tcp/1999,
-  * Subseven - tcp/1243, tcp/ 2773, tcp/6711-6713, tcp/7215, tcp/27374, tcp/27573, tcp/54283,
-  * Socket de Troie - tcp/5001, tcp/30303, tcp/50505.
-Le **scan** consiste à balayer les ports d'une machine afin de :
+=====Les Outils=====
-  * connaître les ports qui sont ouverts,
+==== LAB #1 - Netwox ====
-  * déterminer le système d'exploitation,
-  * identifier les services ouverts.
-Plusieurs scanners existent dont :
+Le programme **netwox** est un utilitaire puissant de vérification de la sécurité.
-  * nmap
+===1.1 - Installation===
-  * netcat
-====LAB #1 - Utilisation de nmap et de netcat====
+Netwox s'installe en utilisant APT :
-=== 1.1 - nmap ===
+<code>
+root@debian12:~# cd /tmp
-==Installation==
+root@debian12:/tmp# cd ~
+root@debian12:~# apt install netwox -y
+</code>
-Sous Debian 12, **nmap** n'est pas installé par défaut :
+===1.2 - Utilisation===
 <code>
-root@debian12:~# which nmap
+root@debian12:~# netwox
-root@debian12:~#
+Netwox toolbox version 5.39.0. Netwib library version 5.39.0.
+######################## MAIN MENU #########################
+- leave netwox
+- search tools
+- display help of one tool
+- run a tool selecting parameters on command line
+- run a tool selecting parameters from keyboard
+ a + information
+ b + network protocol
+ c + application protocol
+ d + sniff (capture network packets)
+ e + spoof (create and send packets)
+ f + record (file containing captured packets)
+ g + client
+ h + server
+ i + ping (check if a computer if reachable)
+ j + traceroute (obtain list of gateways)
+ k + scan (computer and port discovery)
+ l + network audit
+ m + brute force (check if passwords are weak)
+ n + remote administration
+ o + tools not related to network
+Select a node (key in 03456abcdefghijklmno):
 </code>
-Installez donc nmap en utilisant APT :
+L'utilisation de **netwox** en mode interactif se fait a l'aide des menus proposés. Dans notre cas, nous souhaitons utiliser un des outils de la section **network audit**. Il convient donc de choisir le menu **l** :
 <code>
-root@debian12:~# apt install nmap
+Select a node (key in 03456abcdefghijklmno): l
+###################### network audit #######################
+- leave netwox
+- go to main menu
+- go to previous menu
+- search tools
+- display help of one tool
+- run a tool selecting parameters on command line
+- run a tool selecting parameters from keyboard
+ a + network audit using Ethernet
+ b + network audit using IP
+ c + network audit using TCP
+ d + network audit using ICMP
+ e + network audit using ARP
+Select a node (key in 0123456abcde):
 </code>
-==Utilisation==
+Choisissez ensuite le menu **c** :
-Pour connaître la liste des ports ouverts sur votre machine virtuelle, saisissez la commande suivante :
+<code>
+Select a node (key in 0123456abcde): c
+################# network audit using TCP ##################
+- leave netwox
+- go to main menu
+- go to previous menu
+- search tools
+- display help of one tool
+- run a tool selecting parameters on command line
+- run a tool selecting parameters from keyboard
+ a - 76:Synflood
+ b - 77:Check if seqnum are predictible
+ c - 78:Reset every TCP packet
+ d - 79:Acknowledge every TCP SYN
+Select a node (key in 0123456abcd):
+</code>
+Notre choix de test s'arrête sur un test du type **Synflood** sur un de nos serveurs internes. Nous choisissons donc le menu **a** :
 <code>
-root@debian12:~# nmap 127.0.0.1
+Select a node (key in 0123456abcd): a
-Starting Nmap 7.93 ( https://nmap.org ) at 2025-11-27 16:48 CET
-Nmap scan report for localhost (127.0.0.1)
-Host is up (0.0000090s latency).
-Not shown: 996 closed tcp ports (reset)
-PORT     STATE SERVICE
-/tcp   open  ssh
-/tcp   open  http
-/tcp  open  ipp
-/tcp open  vnc
-Nmap done: 1 IP address (1 host up) scanned in 0.10 seconds
+################# help for tool number 76 ##################
+Title: Synflood
++------------------------------------------------------------------------+
+| This tool sends a lot of TCP SYN packets.                              |
+| It permits to check how a firewall behaves when receiving packets      |
+| which have to be ignored.                                              |
+| Parameter --spoofip indicates how to generate link layer for spoofing. |
+| Values 'best', 'link' or 'raw' are common choices for --spoofip. Here  |
+| is the list of accepted values:                                        |
+|  - 'raw' means to spoof at IP4/IP6 level (it uses system IP stack). If |
+|    a firewall is installed, or on some systems, this might not work.   |
+|  - 'linkf' means to spoof at link level (currently, only Ethernet is   |
+|    supported). The 'f' means to Fill source Ethernet address.          |
+|    However, if source IP address is spoofed, it might be impossible    |
+|    to Fill it. So, linkf will not work: use linkb or linkfb instead.   |
+|  - 'linkb' means to spoof at link level. The 'b' means to left a Blank |
+|    source Ethernet address (0:0:0:0:0:0, do not try to Fill it).       |
+|  - 'linkfb' means to spoof at link level. The 'f' means to try to Fill |
+|    source Ethernet address, but if it is not possible, it is left      |
+|    Blank.                                                              |
+|  - 'rawlinkf' means to try 'raw', then try 'linkf'                     |
+|  - 'rawlinkb' means to try 'raw', then try 'linkb'                     |
+|  - 'rawlinkfb' means to try 'raw', then try 'linkfb'                   |
+|  - 'linkfraw' means to try 'linkf', then try 'raw'                     |
+|  - 'linkbraw' means to try 'linkb', then try 'raw'                     |
+|  - 'linkfbraw' means to try 'linkfb', then try 'raw'                   |
+|  - 'link' is an alias for 'linkfb'                                     |
+|  - 'rawlink' is an alias for 'rawlinkfb'                               |
+|  - 'linkraw' is an alias for 'linkfbraw'                               |
+|  - 'best' is an alias for 'linkraw'. It should work in all cases.      |
+|                                                                        |
+| This tool may need to be run with admin privilege in order to spoof.   |
++------------------------------------------------------------------------+
+Usage: netwox 76 -i ip -p port [-s spoofip]
+Parameters:
+ -i|--dst-ip ip                 destination IP address {5.6.7.8}
+ -p|--dst-port port             destination port number {80}
+ -s|--spoofip spoofip           IP spoof initialization type {linkbraw}
+Example: netwox 76 -i "5.6.7.8" -p "80"
+Example: netwox 76 --dst-ip "5.6.7.8" --dst-port "80"
+Press 'r' or 'k' to run this tool, or any other key to continue
 </code>
-<WRAP center round important 50%>
+Il convient ensuite d'appuyer sur la touche [r] ou [k] pour lancer l'utilitaire.
-**Important** - Pour connaître les ports ouverts sur une machine distante, la procédure est identique sauf que vous devez utiliser l'adresse IP de votre cible.
-</WRAP>
-==Fichiers de Configuration==
+Il est a noter que **netwox**  peut être utilisé sans faire appel au menus interactifs, à condition de connaître le numéro **netwox** du test à lancer:
-**nmap** utilise un fichier spécifique pour identifier les ports. Ce fichier est **/usr/share/nmap/nmap-services**:
+  # netwox 76 -i "10.0.2.3" -p "80"
-<code>
+===1.3 - Avertissement important===
-root@debian12:~# more /usr/share/nmap/nmap-services
-# THIS FILE IS GENERATED AUTOMATICALLY FROM A MASTER - DO NOT EDIT.
-# EDIT /nmap-private-dev/nmap-services-all IN SVN INSTEAD.
-# Well known service port numbers -*- mode: fundamental; -*-
-# From the Nmap Security Scanner ( https://nmap.org/ )
-#
-# $Id: nmap-services 38442 2022-08-31 22:53:46Z dmiller $
-#
-# Derived from IANA data and our own research
-#
-# This collection of service data is (C) 1996-2020 by Insecure.Com
-# LLC.  It is distributed under the Nmap Public Source license as
-# provided in the LICENSE file of the source distribution or at
-# https://svn.nmap.org/nmap/LICENSE .  Note that this license
-# requires you to license your own work under a compatable open source
-# license.  If you wish to embed Nmap technology into proprietary
-# software, we sell alternative licenses (contact sales@insecure.com).
-# Dozens of software vendors already license Nmap technology such as
-# host discovery, port scanning, OS detection, and version detection.
-# For more details, see https://nmap.org/book/man-legal.html
-#
-# Fields in this file are: Service name, portnum/protocol, open-frequency, optional comments
-#
-tcpmux  1/tcp   0.001995        # TCP Port Service Multiplexer [rfc-1078] | TCP Port Service Multiplexer
-tcpmux  1/udp   0.001236        # TCP Port Service Multiplexer
-compressnet     2/tcp   0.000013        # Management Utility
-compressnet     2/udp   0.001845        # Management Utility
-compressnet     3/tcp   0.001242        # Compression Process
-compressnet     3/udp   0.001532        # Compression Process
-unknown 4/tcp   0.000477
-rje     5/tcp   0.000000        # Remote Job Entry
-rje     5/udp   0.000593        # Remote Job Entry
-unknown 6/tcp   0.000502
-echo    7/sctp  0.000000
-echo    7/tcp   0.004855
-echo    7/udp   0.024679
-unknown 8/tcp   0.000013
-discard 9/sctp  0.000000        # sink null
-discard 9/tcp   0.003764        # sink null
-discard 9/udp   0.015733        # sink null
-unknown 10/tcp  0.000063
-systat  11/tcp  0.000075        # Active Users
-systat  11/udp  0.000577        # Active Users
-unknown 12/tcp  0.000063
-daytime 13/tcp  0.003927
-daytime 13/udp  0.004827
-unknown 14/tcp  0.000038
-netstat 15/tcp  0.000038
-unknown 16/tcp  0.000050
-qotd    17/tcp  0.002346        # Quote of the Day
-qotd    17/udp  0.009209        # Quote of the Day
-msp     18/tcp  0.000000        # Message Send Protocol | Message Send Protocol (historic)
-msp     18/udp  0.000610        # Message Send Protocol
-chargen 19/tcp  0.002559        # ttytst source Character Generator | Character Generator
-chargen 19/udp  0.015865        # ttytst source Character Generator
-ftp-data        20/sctp 0.000000        # File Transfer [Default Data] | FTP
---More--(0%)
-</code>
-Le répertoire **/usr/share/nmap** contient d'autres fichiers importants :
+**netwox** est un outil puissant. Il convient de noter que:
-<code>
+  * il ne doit pas être installé sur un serveur de production mais sur le poste de l'administrateur,
-root@debian12:~# ls -l /usr/share/nmap
+  * netwox existe aussi en version Windows(tm),
-total 9368
+  * l'utilisation de netwox à des fins autres que de test est interdite.
--rw-r--r-- 1 root root   10829 Jan 16  2023 nmap.dtd
--rw-r--r-- 1 root root  824437 Jan 16  2023 nmap-mac-prefixes
--rw-r--r-- 1 root root 5032815 Jan 16  2023 nmap-os-db
--rw-r--r-- 1 root root   21165 Jan 16  2023 nmap-payloads
--rw-r--r-- 1 root root    6845 Jan 16  2023 nmap-protocols
--rw-r--r-- 1 root root   43529 Jan 16  2023 nmap-rpc
--rw-r--r-- 1 root root 2506640 Jan 16  2023 nmap-service-probes
--rw-r--r-- 1 root root 1004557 Jan 16  2023 nmap-services
--rw-r--r-- 1 root root   31936 Jan 16  2023 nmap.xsl
-drwxr-xr-x 3 root root    4096 Nov 27 16:46 nselib
--rw-r--r-- 1 root root   49478 Jan 16  2023 nse_main.lua
-drwxr-xr-x 2 root root   36864 Nov 27 16:46 scripts
-</code>
-Voici la liste des fichiers les plus importants :
+====LAB #2 - Greenbone Vulnerability Management (GVM)====
-^ Fichier ^ Description ^
+===2.1 - Présentation===
-| /usr/share/nmap/nmap-protocols | Contient la liste des protocols reconnus par **nmap**. |
-| /usr/share/nmap/nmap-service-probes | Contient les règles de balayage utilisées par **nmap** pour identifier le service actif sur un port donné. |
-| /usr/share/nmap/nmap-mac-prefixes | Contient une liste de préfix d'adresses MAC par fabricant reconnu par **nmap**. |
-| /usr/share/nmap/nmap-rpc | Contient une liste des services RPC reconnus par **nmap**. |
-==Scripts==
+**Greenbone Vulnerability Management (GVM)**, aussi connu sous le nom d'**OpenVAS**, est le successeur libre du scanner **Nessus**, devenu propriétaire. GVM, tout comme Nessus, est un scanner de vulnérabilité qui balaie un hôte ou une plage d'hôtes pour essayer de détecter des failles de sécurité.
-**nmap** utilise des scripts pour accomplir certaines tâches allant de la découverte simple de ports ouverts jusqu'à l'intrusion :
+===2.2 - Préparation===
+Mettez SELinux en mode permissive et désactivez-le dans le fichier **/etc/selinux/config** :
 <code>
-root@debian12:~# ls /usr/share/nmap/scripts/
+[root@centos7 ~]# setenforce permissive
-acarsd-info.nse                       fcrdns.nse                              https-redirect.nse               ms-sql-info.nse                 smb-flood.nse
-address-info.nse                      finger.nse                              http-stored-xss.nse              ms-sql-ntlm-info.nse            smb-ls.nse
+[root@centos7 ~]# sed -i 's/=enforcing/=disabled/' /etc/selinux/config
-afp-brute.nse                         fingerprint-strings.nse                 http-svn-enum.nse                ms-sql-query.nse                smb-mbenum.nse
-afp-ls.nse                            firewalk.nse                            http-svn-info.nse                ms-sql-tables.nse               smb-os-discovery.nse
+[root@centos7 ~]# reboot
-afp-path-vuln.nse                     firewall-bypass.nse                     http-title.nse                   ms-sql-xp-cmdshell.nse          smb-print-text.nse
-afp-serverinfo.nse                    flume-master-info.nse                   http-tplink-dir-traversal.nse    mtrace.nse                      smb-protocols.nse
-afp-showmount.nse                     fox-info.nse                            http-trace.nse                   murmur-version.nse              smb-psexec.nse
-ajp-auth.nse                          freelancer-info.nse                     http-traceroute.nse              mysql-audit.nse                 smb-security-mode.nse
-ajp-brute.nse                         ftp-anon.nse                            http-trane-info.nse              mysql-brute.nse                 smb-server-stats.nse
-ajp-headers.nse                       ftp-bounce.nse                          http-unsafe-output-escaping.nse  mysql-databases.nse             smb-system-info.nse
-ajp-methods.nse                       ftp-brute.nse                           http-useragent-tester.nse        mysql-dump-hashes.nse           smb-vuln-conficker.nse
-ajp-request.nse                       ftp-libopie.nse                         http-userdir-enum.nse            mysql-empty-password.nse        smb-vuln-cve2009-3103.nse
-allseeingeye-info.nse                 ftp-proftpd-backdoor.nse                http-vhosts.nse                  mysql-enum.nse                  smb-vuln-cve-2017-7494.nse
-amqp-info.nse                         ftp-syst.nse                            http-virustotal.nse              mysql-info.nse                  smb-vuln-ms06-025.nse
-asn-query.nse                         ftp-vsftpd-backdoor.nse                 http-vlcstreamer-ls.nse          mysql-query.nse                 smb-vuln-ms07-029.nse
-auth-owners.nse                       ftp-vuln-cve2010-4221.nse               http-vmware-path-vuln.nse        mysql-users.nse                 smb-vuln-ms08-067.nse
-auth-spoof.nse                        ganglia-info.nse                        http-vuln-cve2006-3392.nse       mysql-variables.nse             smb-vuln-ms10-054.nse
-backorifice-brute.nse                 giop-info.nse                           http-vuln-cve2009-3960.nse       mysql-vuln-cve2012-2122.nse     smb-vuln-ms10-061.nse
-backorifice-info.nse                  gkrellm-info.nse                        http-vuln-cve2010-0738.nse       nat-pmp-info.nse                smb-vuln-ms17-010.nse
-bacnet-info.nse                       gopher-ls.nse                           http-vuln-cve2010-2861.nse       nat-pmp-mapport.nse             smb-vuln-regsvc-dos.nse
-banner.nse                            gpsd-info.nse                           http-vuln-cve2011-3192.nse       nbd-info.nse                    smb-vuln-webexec.nse
-bitcoin-getaddr.nse                   hadoop-datanode-info.nse                http-vuln-cve2011-3368.nse       nbns-interfaces.nse             smb-webexec-exploit.nse
-bitcoin-info.nse                      hadoop-jobtracker-info.nse              http-vuln-cve2012-1823.nse       nbstat.nse                      smtp-brute.nse
-bitcoinrpc-info.nse                   hadoop-namenode-info.nse                http-vuln-cve2013-0156.nse       ncp-enum-users.nse              smtp-commands.nse
-bittorrent-discovery.nse              hadoop-secondary-namenode-info.nse      http-vuln-cve2013-6786.nse       ncp-serverinfo.nse              smtp-enum-users.nse
-bjnp-discover.nse                     hadoop-tasktracker-info.nse             http-vuln-cve2013-7091.nse       ndmp-fs-info.nse                smtp-ntlm-info.nse
-broadcast-ataoe-discover.nse          hbase-master-info.nse                   http-vuln-cve2014-2126.nse       ndmp-version.nse                smtp-open-relay.nse
-broadcast-avahi-dos.nse               hbase-region-info.nse                   http-vuln-cve2014-2127.nse       nessus-brute.nse                smtp-strangeport.nse
-broadcast-bjnp-discover.nse           hddtemp-info.nse                        http-vuln-cve2014-2128.nse       nessus-xmlrpc-brute.nse         smtp-vuln-cve2010-4344.nse
-broadcast-db2-discover.nse            hnap-info.nse                           http-vuln-cve2014-2129.nse       netbus-auth-bypass.nse          smtp-vuln-cve2011-1720.nse
-broadcast-dhcp6-discover.nse          hostmap-bfk.nse                         http-vuln-cve2014-3704.nse       netbus-brute.nse                smtp-vuln-cve2011-1764.nse
-broadcast-dhcp-discover.nse           hostmap-crtsh.nse                       http-vuln-cve2014-8877.nse       netbus-info.nse                 sniffer-detect.nse
-broadcast-dns-service-discovery.nse   hostmap-robtex.nse                      http-vuln-cve2015-1427.nse       netbus-version.nse              snmp-brute.nse
-broadcast-dropbox-listener.nse        http-adobe-coldfusion-apsa1301.nse      http-vuln-cve2015-1635.nse       nexpose-brute.nse               snmp-hh3c-logins.nse
-broadcast-eigrp-discovery.nse         http-affiliate-id.nse                   http-vuln-cve2017-1001000.nse    nfs-ls.nse                      snmp-info.nse
-broadcast-hid-discoveryd.nse          http-apache-negotiation.nse             http-vuln-cve2017-5638.nse       nfs-showmount.nse               snmp-interfaces.nse
-broadcast-igmp-discovery.nse          http-apache-server-status.nse           http-vuln-cve2017-5689.nse       nfs-statfs.nse                  snmp-ios-config.nse
-broadcast-jenkins-discover.nse        http-aspnet-debug.nse                   http-vuln-cve2017-8917.nse       nje-node-brute.nse              snmp-netstat.nse
-broadcast-listener.nse                http-auth-finder.nse                    http-vuln-misfortune-cookie.nse  nje-pass-brute.nse              snmp-processes.nse
-broadcast-ms-sql-discover.nse         http-auth.nse                           http-vuln-wnr1000-creds.nse      nntp-ntlm-info.nse              snmp-sysdescr.nse
-broadcast-netbios-master-browser.nse  http-avaya-ipoffice-users.nse           http-waf-detect.nse              nping-brute.nse                 snmp-win32-services.nse
-broadcast-networker-discover.nse      http-awstatstotals-exec.nse             http-waf-fingerprint.nse         nrpe-enum.nse                   snmp-win32-shares.nse
-broadcast-novell-locate.nse           http-axis2-dir-traversal.nse            http-webdav-scan.nse             ntp-info.nse                    snmp-win32-software.nse
-broadcast-ospf2-discover.nse          http-backup-finder.nse                  http-wordpress-brute.nse         ntp-monlist.nse                 snmp-win32-users.nse
-broadcast-pc-anywhere.nse             http-barracuda-dir-traversal.nse        http-wordpress-enum.nse          omp2-brute.nse                  socks-auth-info.nse
-broadcast-pc-duo.nse                  http-bigip-cookie.nse                   http-wordpress-users.nse         omp2-enum-targets.nse           socks-brute.nse
-broadcast-pim-discovery.nse           http-brute.nse                          http-xssed.nse                   omron-info.nse                  socks-open-proxy.nse
-broadcast-ping.nse                    http-cakephp-version.nse                iax2-brute.nse                   openflow-info.nse               ssh2-enum-algos.nse
-broadcast-pppoe-discover.nse          http-chrono.nse                         iax2-version.nse                 openlookup-info.nse             ssh-auth-methods.nse
-broadcast-rip-discover.nse            http-cisco-anyconnect.nse               icap-info.nse                    openvas-otp-brute.nse           ssh-brute.nse
-broadcast-ripng-discover.nse          http-coldfusion-subzero.nse             iec-identify.nse                 openwebnet-discovery.nse        ssh-hostkey.nse
-broadcast-sonicwall-discover.nse      http-comments-displayer.nse             ike-version.nse                  oracle-brute.nse                ssh-publickey-acceptance.nse
-broadcast-sybase-asa-discover.nse     http-config-backup.nse                  imap-brute.nse                   oracle-brute-stealth.nse        ssh-run.nse
-broadcast-tellstick-discover.nse      http-cookie-flags.nse                   imap-capabilities.nse            oracle-enum-users.nse           sshv1.nse
-broadcast-upnp-info.nse               http-cors.nse                           imap-ntlm-info.nse               oracle-sid-brute.nse            ssl-ccs-injection.nse
-broadcast-versant-locate.nse          http-cross-domain-policy.nse            impress-remote-discover.nse      oracle-tns-version.nse          ssl-cert-intaddr.nse
-broadcast-wake-on-lan.nse             http-csrf.nse                           informix-brute.nse               ovs-agent-version.nse           ssl-cert.nse
-broadcast-wpad-discover.nse           http-date.nse                           informix-query.nse               p2p-conficker.nse               ssl-date.nse
-broadcast-wsdd-discover.nse           http-default-accounts.nse               informix-tables.nse              path-mtu.nse                    ssl-dh-params.nse
-broadcast-xdmcp-discover.nse          http-devframework.nse                   ip-forwarding.nse                pcanywhere-brute.nse            ssl-enum-ciphers.nse
-cassandra-brute.nse                   http-dlink-backdoor.nse                 ip-geolocation-geoplugin.nse     pcworx-info.nse                 ssl-heartbleed.nse
-cassandra-info.nse                    http-dombased-xss.nse                   ip-geolocation-ipinfodb.nse      pgsql-brute.nse                 ssl-known-key.nse
-cccam-version.nse                     http-domino-enum-passwords.nse          ip-geolocation-map-bing.nse      pjl-ready-message.nse           ssl-poodle.nse
-cics-enum.nse                         http-drupal-enum.nse                    ip-geolocation-map-google.nse    pop3-brute.nse                  sslv2-drown.nse
-cics-info.nse                         http-drupal-enum-users.nse              ip-geolocation-map-kml.nse       pop3-capabilities.nse           sslv2.nse
-cics-user-brute.nse                   http-enum.nse                           ip-geolocation-maxmind.nse       pop3-ntlm-info.nse              sstp-discover.nse
-cics-user-enum.nse                    http-errors.nse                         ip-https-discover.nse            port-states.nse                 stun-info.nse
-citrix-brute-xml.nse                  http-exif-spider.nse                    ipidseq.nse                      pptp-version.nse                stun-version.nse
-citrix-enum-apps.nse                  http-favicon.nse                        ipmi-brute.nse                   puppet-naivesigning.nse         stuxnet-detect.nse
-citrix-enum-apps-xml.nse              http-feed.nse                           ipmi-cipher-zero.nse             qconn-exec.nse                  supermicro-ipmi-conf.nse
-citrix-enum-servers.nse               http-fetch.nse                          ipmi-version.nse                 qscan.nse                       svn-brute.nse
-citrix-enum-servers-xml.nse           http-fileupload-exploiter.nse           ipv6-multicast-mld-list.nse      quake1-info.nse                 targets-asn.nse
-clamav-exec.nse                       http-form-brute.nse                     ipv6-node-info.nse               quake3-info.nse                 targets-ipv6-map4to6.nse
-clock-skew.nse                        http-form-fuzzer.nse                    ipv6-ra-flood.nse                quake3-master-getservers.nse    targets-ipv6-multicast-echo.nse
-coap-resources.nse                    http-frontpage-login.nse                irc-botnet-channels.nse          rdp-enum-encryption.nse         targets-ipv6-multicast-invalid-dst.nse
-couchdb-databases.nse                 http-generator.nse                      irc-brute.nse                    rdp-ntlm-info.nse               targets-ipv6-multicast-mld.nse
-couchdb-stats.nse                     http-git.nse                            irc-info.nse                     rdp-vuln-ms12-020.nse           targets-ipv6-multicast-slaac.nse
-creds-summary.nse                     http-gitweb-projects-enum.nse           irc-sasl-brute.nse               realvnc-auth-bypass.nse         targets-ipv6-wordlist.nse
-cups-info.nse                         http-google-malware.nse                 irc-unrealircd-backdoor.nse      redis-brute.nse                 targets-sniffer.nse
-cups-queue-info.nse                   http-grep.nse                           iscsi-brute.nse                  redis-info.nse                  targets-traceroute.nse
-cvs-brute.nse                         http-headers.nse                        iscsi-info.nse                   resolveall.nse                  targets-xml.nse
-cvs-brute-repository.nse              http-hp-ilo-info.nse                    isns-info.nse                    reverse-index.nse               teamspeak2-version.nse
-daap-get-library.nse                  http-huawei-hg5xx-vuln.nse              jdwp-exec.nse                    rexec-brute.nse                 telnet-brute.nse
-daytime.nse                           http-icloud-findmyiphone.nse            jdwp-info.nse                    rfc868-time.nse                 telnet-encryption.nse
-db2-das-info.nse                      http-icloud-sendmsg.nse                 jdwp-inject.nse                  riak-http-info.nse              telnet-ntlm-info.nse
-deluge-rpc-brute.nse                  http-iis-short-name-brute.nse           jdwp-version.nse                 rlogin-brute.nse                tftp-enum.nse
-dhcp-discover.nse                     http-iis-webdav-vuln.nse                knx-gateway-discover.nse         rmi-dumpregistry.nse            tls-alpn.nse
-dicom-brute.nse                       http-internal-ip-disclosure.nse         knx-gateway-info.nse             rmi-vuln-classloader.nse        tls-nextprotoneg.nse
-dicom-ping.nse                        http-joomla-brute.nse                   krb5-enum-users.nse              rpcap-brute.nse                 tls-ticketbleed.nse
-dict-info.nse                         http-jsonp-detection.nse                ldap-brute.nse                   rpcap-info.nse                  tn3270-screen.nse
-distcc-cve2004-2687.nse               http-litespeed-sourcecode-download.nse  ldap-novell-getpass.nse          rpc-grind.nse                   tor-consensus-checker.nse
-dns-blacklist.nse                     http-ls.nse                             ldap-rootdse.nse                 rpcinfo.nse                     traceroute-geolocation.nse
-dns-brute.nse                         http-majordomo2-dir-traversal.nse       ldap-search.nse                  rsa-vuln-roca.nse               tso-brute.nse
-dns-cache-snoop.nse                   http-malware-host.nse                   lexmark-config.nse               rsync-brute.nse                 tso-enum.nse
-dns-check-zone.nse                    http-mcmp.nse                           llmnr-resolve.nse                rsync-list-modules.nse          ubiquiti-discovery.nse
-dns-client-subnet-scan.nse            http-methods.nse                        lltd-discovery.nse               rtsp-methods.nse                unittest.nse
-dns-fuzz.nse                          http-method-tamper.nse                  lu-enum.nse                      rtsp-url-brute.nse              unusual-port.nse
-dns-ip6-arpa-scan.nse                 http-mobileversion-checker.nse          maxdb-info.nse                   rusers.nse                      upnp-info.nse
-dns-nsec3-enum.nse                    http-ntlm-info.nse                      mcafee-epo-agent.nse             s7-info.nse                     uptime-agent-info.nse
-dns-nsec-enum.nse                     http-open-proxy.nse                     membase-brute.nse                samba-vuln-cve-2012-1182.nse    url-snarf.nse
-dns-nsid.nse                          http-open-redirect.nse                  membase-http-info.nse            script.db                       ventrilo-info.nse
-dns-random-srcport.nse                http-passwd.nse                         memcached-info.nse               servicetags.nse                 versant-info.nse
-dns-random-txid.nse                   http-phpmyadmin-dir-traversal.nse       metasploit-info.nse              shodan-api.nse                  vmauthd-brute.nse
-dns-recursion.nse                     http-phpself-xss.nse                    metasploit-msgrpc-brute.nse      sip-brute.nse                   vmware-version.nse
-dns-service-discovery.nse             http-php-version.nse                    metasploit-xmlrpc-brute.nse      sip-call-spoof.nse              vnc-brute.nse
-dns-srv-enum.nse                      http-proxy-brute.nse                    mikrotik-routeros-brute.nse      sip-enum-users.nse              vnc-info.nse
-dns-update.nse                        http-put.nse                            mmouse-brute.nse                 sip-methods.nse                 vnc-title.nse
-dns-zeustracker.nse                   http-qnap-nas-info.nse                  mmouse-exec.nse                  skypev2-version.nse             voldemort-info.nse
-dns-zone-transfer.nse                 http-referer-checker.nse                modbus-discover.nse              smb2-capabilities.nse           vtam-enum.nse
-docker-version.nse                    http-rfi-spider.nse                     mongodb-brute.nse                smb2-security-mode.nse          vulners.nse
-domcon-brute.nse                      http-robots.txt.nse                     mongodb-databases.nse            smb2-time.nse                   vuze-dht-info.nse
-domcon-cmd.nse                        http-robtex-reverse-ip.nse              mongodb-info.nse                 smb2-vuln-uptime.nse            wdb-version.nse
-domino-enum-users.nse                 http-robtex-shared-ns.nse               mqtt-subscribe.nse               smb-brute.nse                   weblogic-t3-info.nse
-dpap-brute.nse                        http-sap-netweaver-leak.nse             mrinfo.nse                       smb-double-pulsar-backdoor.nse  whois-domain.nse
-drda-brute.nse                        http-security-headers.nse               msrpc-enum.nse                   smb-enum-domains.nse            whois-ip.nse
-drda-info.nse                         http-server-header.nse                  ms-sql-brute.nse                 smb-enum-groups.nse             wsdd-discover.nse
-duplicates.nse                        http-shellshock.nse                     ms-sql-config.nse                smb-enum-processes.nse          x11-access.nse
-eap-info.nse                          http-sitemap-generator.nse              ms-sql-dac.nse                   smb-enum-services.nse           xdmcp-discover.nse
-enip-info.nse                         http-slowloris-check.nse                ms-sql-dump-hashes.nse           smb-enum-sessions.nse           xmlrpc-methods.nse
-epmd-info.nse                         http-slowloris.nse                      ms-sql-empty-password.nse        smb-enum-shares.nse             xmpp-brute.nse
-eppc-enum-processes.nse               http-sql-injection.nse                  ms-sql-hasdbaccess.nse           smb-enum-users.nse              xmpp-info.nse
 </code>
-Les scripts sont regroupés dans des catégories : **auth**, **broadcast**, **brute**, **default**, **discovery**, **dos**, **exploit**, **external**, **fuzzer**, **intrusive**, **malware**, **safe**, **version** and **vuln**.
+Insérez une règle dans le pare-feu pour permettre la consultation de l'interface HTML du client OpenVAS :
-<WRAP center round important 50%>
+<code>
-**Important** - Pour plus d'informations concernant ces catégories, consultez cette [[https://nmap.org/man/fr/man-nse.html|page]].
+[root@centos7 ~]# firewall-cmd --zone=public --add-port=9443/tcp --permanent
-</WRAP>
+success
+[root@centos7 ~]# firewall-cmd --reload
+success
+</code>
-La catégorie la plus utilisée est **default** qui est appelée par l'utilisation de l'option **-sC**. Cette catégorie contient une liste de scripts par défaut.
+===2.3 - Installation===
+Téléchargez et installez **epel-release-7-14.noarch.rpm** :
 <code>
-root@debian12:~# nmap -v -sC localhost
+[root@centos7 ~]# wget https://archives.fedoraproject.org/pub/archive/epel/7/x86_64/Packages/e/epel-release-7-14.noarch.rpm
-Starting Nmap 7.93 ( https://nmap.org ) at 2025-11-27 16:51 CET
+--2025-12-01 15:29:01--  https://archives.fedoraproject.org/pub/archive/epel/7/x86_64/Packages/e/epel-release-7-14.noarch.rpm
-NSE: Loaded 125 scripts for scanning.
+Resolving archives.fedoraproject.org (archives.fedoraproject.org)... 38.145.32.23, 38.145.32.22, 38.145.32.24
-NSE: Script Pre-scanning.
+Connecting to archives.fedoraproject.org (archives.fedoraproject.org)|38.145.32.23|:443... connected.
-Initiating NSE at 16:51
+HTTP request sent, awaiting response... 200 OK
-Completed NSE at 16:51, 0.00s elapsed
+Length: 15608 (15K) [application/x-rpm]
-Initiating NSE at 16:51
+Saving to: ‘epel-release-7-14.noarch.rpm’
-Completed NSE at 16:51, 0.00s elapsed
-Initiating SYN Stealth Scan at 16:51
-Scanning localhost (127.0.0.1) [1000 ports]
-Discovered open port 22/tcp on 127.0.0.1
-Discovered open port 5900/tcp on 127.0.0.1
-Discovered open port 80/tcp on 127.0.0.1
-Discovered open port 631/tcp on 127.0.0.1
-Completed SYN Stealth Scan at 16:51, 0.03s elapsed (1000 total ports)
-NSE: Script scanning 127.0.0.1.
-Initiating NSE at 16:51
-Completed NSE at 16:51, 2.00s elapsed
-Initiating NSE at 16:51
-Completed NSE at 16:51, 0.00s elapsed
-Nmap scan report for localhost (127.0.0.1)
-Host is up (0.0000090s latency).
-Other addresses for localhost (not scanned): ::1
-Not shown: 996 closed tcp ports (reset)
-PORT     STATE SERVICE
-/tcp   open  ssh
-| ssh-hostkey:
-|   256 738a4166831b9c8af2bfb567ed025c4d (ECDSA)
-|_  256 86dcfbca68069284b2ddb0545cbc4e2b (ED25519)
-/tcp   open  http
-| http-methods:
-|_  Supported Methods: GET POST OPTIONS HEAD
-|_http-title: Apache2 Debian Default Page: It works
-/tcp  open  ipp
-| ssl-cert: Subject: commonName=debian12/organizationName=debian12/stateOrProvinceName=Unknown/countryName=US
-| Subject Alternative Name: DNS:debian12, DNS:debian12.local, DNS:localhost
-| Issuer: commonName=debian12/organizationName=debian12/stateOrProvinceName=Unknown/countryName=US
-| Public Key type: rsa
-| Public Key bits: 2048
-| Signature Algorithm: sha256WithRSAEncryption
-| Not valid before: 2025-11-27T15:51:20
-| Not valid after:  2035-11-25T15:51:20
-| MD5:   508d6d5d71e72656eeda3082e4fcfde0
-|_SHA-1: 0bda6fab805a00a5cdc863da5357a3791a58eca6
-| http-methods:
-|_  Supported Methods: GET HEAD POST OPTIONS
-|_http-title: Home - CUPS 2.4.2
-|_ssl-date: TLS randomness does not represent time
-| http-robots.txt: 1 disallowed entry
-|_/
-/tcp open  vnc
-| vnc-info:
-|   Protocol version: 3.8
-|   Security types:
-|_    VNC Authentication (2)
-NSE: Script Post-scanning.
+%[========================================================================================================================================================================>] 15,608      --.-K/s   in 0.03s
-Initiating NSE at 16:51
-Completed NSE at 16:51, 0.00s elapsed
-Initiating NSE at 16:51
-Completed NSE at 16:51, 0.00s elapsed
-Read data files from: /usr/bin/../share/nmap
-Nmap done: 1 IP address (1 host up) scanned in 2.45 seconds
-           Raw packets sent: 1000 (44.000KB) | Rcvd: 2004 (84.176KB)
-</code>
-<WRAP center round warning 50%>
+-12-01 15:29:01 (532 KB/s) - ‘epel-release-7-14.noarch.rpm’ saved [15608/15608]
-**Attention** - La catégorie par défaut **default** contient certains scripts de la catégorie **intrusive**. Vous ne devez donc jamais utiliser cette option sur un réseau sans avoir obtenu un accord au préalable.
-</WRAP>
-==Options de la commande==
+[root@centos7 ~]# yum localinstall epel-release-7-14.noarch.rpm --nogpgcheck
+</code>
-Les options de cette commande sont :
+Installez ensuite **openvas-scanner**, **openvas-manager**, **openvas-gsa** et **openvas-cli** en utilisant yum :
 <code>
-root@debian12:~# nmap --help
+[root@centos7 ~]# yum install openvas-scanner openvas-manager openvas-gsa openvas-cli coreutils openssl
-Nmap 7.93 ( https://nmap.org )
-Usage: nmap [Scan Type(s)] [Options] {target specification}
-TARGET SPECIFICATION:
-  Can pass hostnames, IP addresses, networks, etc.
-  Ex: scanme.nmap.org, microsoft.com/24, 192.168.0.1; 10.0.0-255.1-254
-  -iL <inputfilename>: Input from list of hosts/networks
-  -iR <num hosts>: Choose random targets
-  --exclude <host1[,host2][,host3],...>: Exclude hosts/networks
-  --excludefile <exclude_file>: Exclude list from file
-HOST DISCOVERY:
-  -sL: List Scan - simply list targets to scan
-  -sn: Ping Scan - disable port scan
-  -Pn: Treat all hosts as online -- skip host discovery
-  -PS/PA/PU/PY[portlist]: TCP SYN/ACK, UDP or SCTP discovery to given ports
-  -PE/PP/PM: ICMP echo, timestamp, and netmask request discovery probes
-  -PO[protocol list]: IP Protocol Ping
-  -n/-R: Never do DNS resolution/Always resolve [default: sometimes]
-  --dns-servers <serv1[,serv2],...>: Specify custom DNS servers
-  --system-dns: Use OS's DNS resolver
-  --traceroute: Trace hop path to each host
-SCAN TECHNIQUES:
-  -sS/sT/sA/sW/sM: TCP SYN/Connect()/ACK/Window/Maimon scans
-  -sU: UDP Scan
-  -sN/sF/sX: TCP Null, FIN, and Xmas scans
-  --scanflags <flags>: Customize TCP scan flags
-  -sI <zombie host[:probeport]>: Idle scan
-  -sY/sZ: SCTP INIT/COOKIE-ECHO scans
-  -sO: IP protocol scan
-  -b <FTP relay host>: FTP bounce scan
-PORT SPECIFICATION AND SCAN ORDER:
-  -p <port ranges>: Only scan specified ports
-    Ex: -p22; -p1-65535; -p U:53,111,137,T:21-25,80,139,8080,S:9
-  --exclude-ports <port ranges>: Exclude the specified ports from scanning
-  -F: Fast mode - Scan fewer ports than the default scan
-  -r: Scan ports sequentially - don't randomize
-  --top-ports <number>: Scan <number> most common ports
-  --port-ratio <ratio>: Scan ports more common than <ratio>
-SERVICE/VERSION DETECTION:
-  -sV: Probe open ports to determine service/version info
-  --version-intensity <level>: Set from 0 (light) to 9 (try all probes)
-  --version-light: Limit to most likely probes (intensity 2)
-  --version-all: Try every single probe (intensity 9)
-  --version-trace: Show detailed version scan activity (for debugging)
-SCRIPT SCAN:
-  -sC: equivalent to --script=default
-  --script=<Lua scripts>: <Lua scripts> is a comma separated list of
-           directories, script-files or script-categories
-  --script-args=<n1=v1,[n2=v2,...]>: provide arguments to scripts
-  --script-args-file=filename: provide NSE script args in a file
-  --script-trace: Show all data sent and received
-  --script-updatedb: Update the script database.
-  --script-help=<Lua scripts>: Show help about scripts.
-           <Lua scripts> is a comma-separated list of script-files or
-           script-categories.
-OS DETECTION:
-  -O: Enable OS detection
-  --osscan-limit: Limit OS detection to promising targets
-  --osscan-guess: Guess OS more aggressively
-TIMING AND PERFORMANCE:
-  Options which take <time> are in seconds, or append 'ms' (milliseconds),
-  's' (seconds), 'm' (minutes), or 'h' (hours) to the value (e.g. 30m).
-  -T<0-5>: Set timing template (higher is faster)
-  --min-hostgroup/max-hostgroup <size>: Parallel host scan group sizes
-  --min-parallelism/max-parallelism <numprobes>: Probe parallelization
-  --min-rtt-timeout/max-rtt-timeout/initial-rtt-timeout <time>: Specifies
-      probe round trip time.
-  --max-retries <tries>: Caps number of port scan probe retransmissions.
-  --host-timeout <time>: Give up on target after this long
-  --scan-delay/--max-scan-delay <time>: Adjust delay between probes
-  --min-rate <number>: Send packets no slower than <number> per second
-  --max-rate <number>: Send packets no faster than <number> per second
-FIREWALL/IDS EVASION AND SPOOFING:
-  -f; --mtu <val>: fragment packets (optionally w/given MTU)
-  -D <decoy1,decoy2[,ME],...>: Cloak a scan with decoys
-  -S <IP_Address>: Spoof source address
-  -e <iface>: Use specified interface
-  -g/--source-port <portnum>: Use given port number
-  --proxies <url1,[url2],...>: Relay connections through HTTP/SOCKS4 proxies
-  --data <hex string>: Append a custom payload to sent packets
-  --data-string <string>: Append a custom ASCII string to sent packets
-  --data-length <num>: Append random data to sent packets
-  --ip-options <options>: Send packets with specified ip options
-  --ttl <val>: Set IP time-to-live field
-  --spoof-mac <mac address/prefix/vendor name>: Spoof your MAC address
-  --badsum: Send packets with a bogus TCP/UDP/SCTP checksum
-OUTPUT:
-  -oN/-oX/-oS/-oG <file>: Output scan in normal, XML, s|<rIpt kIddi3,
-     and Grepable format, respectively, to the given filename.
-  -oA <basename>: Output in the three major formats at once
-  -v: Increase verbosity level (use -vv or more for greater effect)
-  -d: Increase debugging level (use -dd or more for greater effect)
-  --reason: Display the reason a port is in a particular state
-  --open: Only show open (or possibly open) ports
-  --packet-trace: Show all packets sent and received
-  --iflist: Print host interfaces and routes (for debugging)
-  --append-output: Append to rather than clobber specified output files
-  --resume <filename>: Resume an aborted scan
-  --noninteractive: Disable runtime interactions via keyboard
-  --stylesheet <path/URL>: XSL stylesheet to transform XML output to HTML
-  --webxml: Reference stylesheet from Nmap.Org for more portable XML
-  --no-stylesheet: Prevent associating of XSL stylesheet w/XML output
-MISC:
-  -6: Enable IPv6 scanning
-  -A: Enable OS detection, version detection, script scanning, and traceroute
-  --datadir <dirname>: Specify custom Nmap data file location
-  --send-eth/--send-ip: Send using raw ethernet frames or IP packets
-  --privileged: Assume that the user is fully privileged
-  --unprivileged: Assume the user lacks raw socket privileges
-  -V: Print version number
-  -h: Print this help summary page.
-EXAMPLES:
-  nmap -v -A scanme.nmap.org
-  nmap -v -sn 192.168.0.0/16 10.0.0.0/8
-  nmap -v -iR 10000 -Pn -p 80
-SEE THE MAN PAGE (https://nmap.org/book/man.html) FOR MORE OPTIONS AND EXAMPLES
 </code>
-===1.2 - netcat ===
+===2.4 - Configuration===
-**netcat** est un couteau suisse. Il permet non seulement de scanner des ports mais aussi de lancer la connexion lors de la découverte d'un port ouvert.
+Les commandes d'OpenVAS sont les suivantes :
+<code>
+[root@centos7 ~]# ls -l /usr/sbin/openvas*
+-rwxr-xr-x. 1 root root   18066 Sep  6  2016 /usr/sbin/openvas-certdata-sync
+-rwxr-xr-x. 1 root root 2182496 Sep  6  2016 /usr/sbin/openvasmd
+-rwxr-xr-x. 1 root root   37993 Sep  6  2016 /usr/sbin/openvas-migrate-to-postgres
+-rwxr-xr-x. 1 root root   11998 Sep  6  2016 /usr/sbin/openvas-mkcert
+-rwxr-xr-x. 1 root root   10976 Sep  6  2016 /usr/sbin/openvas-nvt-sync
+-rwxr-xr-x. 1 root root     766 Sep  6  2016 /usr/sbin/openvas-nvt-sync-cron
+-rwxr-xr-x. 1 root root    2555 Sep  6  2016 /usr/sbin/openvas-portnames-update
+-rwxr-xr-x. 1 root root   38378 Sep  6  2016 /usr/sbin/openvas-scapdata-sync
+-rwxr-xr-x. 1 root root   86640 Sep  6  2016 /usr/sbin/openvassd
+</code>
-==Utilisation==
+  * **/usr/sbin/openvas-mkcert**,
+    * Cette commande permet de générer un certificat SSL,
+  * **/usr/sbin/openvas-nvt-sync**,
+    * Cette commande permet la mise à jour des modules d'extensions de OpenVAS,
+  * **/usr/sbin/openvasd**,
+    * Cette commande lance le serveur OpenVAS.
-Dans l'exemple qui suite, un scan est lancé sur le port 80 puis sur le port 25 :
+Exécutez maintenant la commande **openvas-check-setup** :
 <code>
-root@debian12:~# nc 127.0.0.1 80 -w 1 -vv
+[root@centos7 ~]# openvas-check-setup
-localhost [127.0.0.1] 80 (http) open
+openvas-check-setup 2.3.3
-[ENTREE] >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> Appuyez sur la touche Entrée
+  Test completeness and readiness of OpenVAS-8
-HTTP/1.1 400 Bad Request
+  (add '--v6' or '--v7' or '--v9'
-Date: Thu, 27 Nov 2025 15:53:56 GMT
+   if you want to check for another OpenVAS version)
-Server: Apache/2.4.65 (Debian)
-Content-Length: 301
-Connection: close
-Content-Type: text/html; charset=iso-8859-1
-<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
+  Please report us any non-detected problems and
-<html><head>
+  help us to improve this check routine:
-<title>400 Bad Request</title>
+  http://lists.wald.intevation.org/mailman/listinfo/openvas-discuss
-</head><body>
-<h1>Bad Request</h1>
+  Send us the log-file (/tmp/openvas-check-setup.log) to help analyze the problem.
-<p>Your browser sent a request that this server could not understand.<br />
-</p>
+  Use the parameter --server to skip checks for client tools
-<hr>
+  like GSD and OpenVAS-CLI.
-<address>Apache/2.4.65 (Debian) Server at 127.0.0.1 Port 80</address>
-</body></html>
+Step 1: Checking OpenVAS Scanner ...
- sent 1, rcvd 483
+        OK: OpenVAS Scanner is present in version 5.0.6.
+        ERROR: No CA certificate file of OpenVAS Scanner found.
+        FIX: Run 'openvas-mkcert'.
+ ERROR: Your OpenVAS-8 installation is not yet complete!
+Please follow the instructions marked with FIX above and run this
+script again.
+If you think this result is wrong, please report your observation
+and help us to improve this check routine:
+http://lists.wald.intevation.org/mailman/listinfo/openvas-discuss
+Please attach the log-file (/tmp/openvas-check-setup.log) to help us analyze the problem.
 </code>
 <WRAP center round important 50%>
-**Important** - Notez que **netcat** se connecte au port 80 qui est ouvert.
+**Important** - Notez l'erreur **ERROR: No CA certificate file of OpenVAS Scanner found.**
 </WRAP>
-==Options de la commande==
+Créez donc un certificat SSL :
-Les options de cette commande sont :
 <code>
-root@debian12:~# nc -h
+[root@centos7 ~]# openvas-mkcert
-[v1.10-47]
-connect to somewhere:   nc [-options] hostname port[s] [ports] ...
-listen for inbound:     nc -l -p port [-options] [hostname] [port]
-options:
-        -c shell commands       as `-e'; use /bin/sh to exec [dangerous!!]
-        -e filename             program to exec after connect [dangerous!!]
-        -b                      allow broadcasts
-        -g gateway              source-routing hop point[s], up to 8
-        -G num                  source-routing pointer: 4, 8, 12, ...
-        -h                      this cruft
-        -i secs                 delay interval for lines sent, ports scanned
-        -k                      set keepalive option on socket
-        -l                      listen mode, for inbound connects
-        -n                      numeric-only IP addresses, no DNS
-        -o file                 hex dump of traffic
-        -p port                 local port number
-        -r                      randomize local and remote ports
-        -q secs                 quit after EOF on stdin and delay of secs
-        -s addr                 local source address
-        -T tos                  set Type Of Service
-        -t                      answer TELNET negotiation
-        -u                      UDP mode
-        -v                      verbose [use twice to be more verbose]
-        -w secs                 timeout for connects and final net reads
-        -C                      Send CRLF as line-ending
-        -z                      zero-I/O mode [used for scanning]
-port numbers can be individual or ranges: lo-hi [inclusive];
-hyphens in port names must be backslash escaped (e.g. 'ftp\-data').
-</code>
-=====Les Contre-Mesures=====
+-------------------------------------------------------------------------------
+			Creation of the OpenVAS SSL Certificate
+-------------------------------------------------------------------------------
-Les contre-mesures incluent l'utilisation d'un **S**ystème de **D**étection d'**I**ntrusion (**SDI** - **N**etwork **I**ntrusion **D**etection **S**ystem ou NIDS en anglais), par exemple **Snort** ou un **S**ystème de **D**étection et de **Prévention** d'**I**ntrusion, par exemple **portsentry**.
+This script will now ask you the relevant information to create the SSL certificate of OpenVAS.
+Note that this information will *NOT* be sent to anybody (everything stays local), but anyone with the ability to connect to your OpenVAS daemon will be able to retrieve this information.
-====LAB #2 - Mise en place du Système de Détection d'Intrusion Snort====
-Snort est un **S**ystème de **D**étection d'**I**ntrusion (SDI) qui surveille les requêtes entrantes, vous avertit en cas d'anomalie et enregistre les traces de toute tentative d'intrusion.
+CA certificate life time in days [1460]: 3650
+Server certificate life time in days [365]: 3650
+Your country (two letter code) [DE]: UK
+Your state or province name [none]: SURREY
+Your location (e.g. town) [Berlin]: ADDLESTONE
+Your organization [OpenVAS Users United]: I2TCH LIMITED
-=== Installation ===
+-------------------------------------------------------------------------------
+			Creation of the OpenVAS SSL Certificate
+-------------------------------------------------------------------------------
-Sous Debian 12, **snort** n'est pas installé par défaut. Qui plus est **snort** ne se trouve pas dans les dépôts standards.
+Congratulations. Your server certificate was properly created.
-Commencez donc par installer les dépendances de snort à partir des dépôts standards :
+The following files were created:
-<code>
+. Certification authority:
-root@debian12:~# apt-get install -y build-essential libpcre3-dev libdumbnet-dev bison flex zlib1g-dev liblzma-dev libssl-dev libluajit-5.1-dev pkg-config libhwloc-dev cmake libpcap-dev libdaq-dev libnetfilter-queue-dev libmnl-dev libnghttp2-dev autoconf libtool cmake git
+   Certificate = /etc/pki/openvas/CA/cacert.pem
+   Private key = /etc/pki/openvas/private/CA/cakey.pem
+. OpenVAS Server :
+    Certificate = /etc/pki/openvas/CA/servercert.pem
+    Private key = /etc/pki/openvas/private/CA/serverkey.pem
+Press [ENTER] to exit
+[Entrée]
+[root@centos7 ~]#
 </code>
+Exécutez de nouveau la commande **openvas-check-setup** :
 <code>
-root@debian12:~# mkdir ~/prce2_src && cd ~/prce2_src
+[root@centos7 ~]# openvas-check-setup
+openvas-check-setup 2.3.3
+  Test completeness and readiness of OpenVAS-8
+  (add '--v6' or '--v7' or '--v9'
+   if you want to check for another OpenVAS version)
-root@debian12:~/prce2_src# git clone https://github.com/PCRE2Project/pcre2.git
+  Please report us any non-detected problems and
-Cloning into 'pcre2'...
+  help us to improve this check routine:
-remote: Enumerating objects: 21776, done.
+  http://lists.wald.intevation.org/mailman/listinfo/openvas-discuss
-remote: Counting objects: 100% (253/253), done.
-remote: Compressing objects: 100% (151/151), done.
-remote: Total 21776 (delta 165), reused 125 (delta 102), pack-reused 21523 (from 3)
-Receiving objects: 100% (21776/21776), 20.79 MiB | 24.50 MiB/s, done.
-Resolving deltas: 100% (18190/18190), done.
+  Send us the log-file (/tmp/openvas-check-setup.log) to help analyze the problem.
-</code>
+  Use the parameter --server to skip checks for client tools
+  like GSD and OpenVAS-CLI.
-Téléchargez et désarchivez**snort** :
+Step 1: Checking OpenVAS Scanner ...
+        OK: OpenVAS Scanner is present in version 5.0.6.
+        OK: OpenVAS Scanner CA Certificate is present as /etc/pki/openvas/CA/cacert.pem.
+/bin/openvas-check-setup: line 219: redis-server: command not found
+        ERROR: No redis-server installation found.
+        FIX: You should install redis-server for improved scalability and ability to trace/debug the KB
-<code>
+ ERROR: Your OpenVAS-8 installation is not yet complete!
-root@debian12:~# mkdir ~/snort_src && cd ~/snort_src
+Please follow the instructions marked with FIX above and run this
+script again.
-root@debian12:~/snort_src# git clone https://github.com/snort3/snort3.git
+If you think this result is wrong, please report your observation
-Cloning into 'snort3'...
+and help us to improve this check routine:
-remote: Enumerating objects: 123479, done.
+http://lists.wald.intevation.org/mailman/listinfo/openvas-discuss
-remote: Counting objects: 100% (12563/12563), done.
+Please attach the log-file (/tmp/openvas-check-setup.log) to help us analyze the problem.
-remote: Compressing objects: 100% (1891/1891), done.
-remote: Total 123479 (delta 11060), reused 10812 (delta 10672), pack-reused 110916 (from 5)
-Receiving objects: 100% (123479/123479), 91.19 MiB | 28.36 MiB/s, done.
-Resolving deltas: 100% (104741/104741), done.
 </code>
-Créez un lien symbolique pour la bibliothèque partagée **/usr/lib64/libdnet.1** :
+<WRAP center round important 50%>
+**Important** - Notez l'erreur **ERROR: No redis-server installation found.**
+</WRAP>
+Installez donc **redis** :
 <code>
-[root@centos7 ~]# ln -s /usr/lib64/libdnet.so.1.0.1 /usr/lib64/libdnet.1
+[root@centos7 ~]# yum install redis
 </code>
-Dernièrement, modifiez les permissions sur le répertoire **/var/log/snort** :
+Activez les deux lignes suivantes dans le fichier **/etc/redis.conf** :
+<file>
+...
+# unixsocket /tmp/redis.sock
+# unixsocketperm 700...
+</file>
 <code>
-[root@centos7 ~]# chmod ug+x /var/log/snort
+[root@centos7 ~]# sed -i '/^#.*unixsocket/s/^# //' /etc/redis.conf
 </code>
-==Options de la commande==
+Ajoutez la ligne **kb_location = /tmp/redis.sock** dans le fichier **/etc/openvas/openvassd.conf** :
-Les options de cette commande sont :
+<file>
+...
+# KB test replay :
+kb_dont_replay_scanners = no
+kb_dont_replay_info_gathering = no
+kb_dont_replay_attacks = no
+kb_dont_replay_denials = no
+kb_max_age = 864000
+kb_location = /tmp/redis.sock
+#--- end of the KB section
+...
+</file>
+Activez et démarrez le service **redis** :
 <code>
-[root@centos7 ~]# snort --help
+[root@centos7 ~]# systemctl enable redis
+Created symlink from /etc/systemd/system/multi-user.target.wants/redis.service to /usr/lib/systemd/system/redis.service.
-   ,,_     -*> Snort! <*-
+[root@centos7 ~]# systemctl start redis
-  o"  )~   Version 2.9.11.1 GRE (Build 268)
-   ''''    By Martin Roesch & The Snort Team: http://www.snort.org/contact#team
-           Copyright (C) 2014-2017 Cisco and/or its affiliates. All rights reserved.
-           Copyright (C) 1998-2013 Sourcefire, Inc., et al.
-           Using libpcap version 1.5.3
-           Using PCRE version: 8.32 2012-11-30
-           Using ZLIB version: 1.2.7
-USAGE: snort [-options] <filter options>
+[root@centos7 ~]# systemctl status redis
-Options:
+● redis.service - Redis persistent key-value database
-        -A         Set alert mode: fast, full, console, test or none  (alert file alerts only)
+   Loaded: loaded (/usr/lib/systemd/system/redis.service; enabled; vendor preset: disabled)
-                   "unsock" enables UNIX socket logging (experimental).
+  Drop-In: /etc/systemd/system/redis.service.d
-        -b         Log packets in tcpdump format (much faster!)
+           └─limit.conf
-        -B <mask>  Obfuscated IP addresses in alerts and packet dumps using CIDR mask
+   Active: active (running) since Mon 2025-12-01 15:45:16 CET; 3s ago
-        -c <rules> Use Rules File <rules>
+ Main PID: 13037 (redis-server)
-        -C         Print out payloads with character data only (no hex)
+   CGroup: /system.slice/redis.service
-        -d         Dump the Application Layer
+           └─13037 /usr/bin/redis-server 127.0.0.1:6379
-        -D         Run Snort in background (daemon) mode
-        -e         Display the second layer header info
-        -f         Turn off fflush() calls after binary log writes
-        -F <bpf>   Read BPF filters from file <bpf>
-        -g <gname> Run snort gid as <gname> group (or gid) after initialization
-        -G <0xid>  Log Identifier (to uniquely id events for multiple snorts)
-        -h <hn>    Set home network = <hn>
-                   (for use with -l or -B, does NOT change $HOME_NET in IDS mode)
-        -H         Make hash tables deterministic.
-        -i <if>    Listen on interface <if>
-        -I         Add Interface name to alert output
-        -k <mode>  Checksum mode (all,noip,notcp,noudp,noicmp,none)
-        -K <mode>  Logging mode (pcap[default],ascii,none)
-        -l <ld>    Log to directory <ld>
-        -L <file>  Log to this tcpdump file
-        -M         Log messages to syslog (not alerts)
-        -m <umask> Set umask = <umask>
-        -n <cnt>   Exit after receiving <cnt> packets
-        -N         Turn off logging (alerts still work)
-        -O         Obfuscate the logged IP addresses
-        -p         Disable promiscuous mode sniffing
-        -P <snap>  Set explicit snaplen of packet (default: 1514)
-        -q         Quiet. Don't show banner and status report
-        -Q         Enable inline mode operation.
-        -r <tf>    Read and process tcpdump file <tf>
-        -R <id>    Include 'id' in snort_intf<id>.pid file name
-        -s         Log alert messages to syslog
-        -S <n=v>   Set rules file variable n equal to value v
-        -t <dir>   Chroots process to <dir> after initialization
-        -T         Test and report on the current Snort configuration
-        -u <uname> Run snort uid as <uname> user (or uid) after initialization
-        -U         Use UTC for timestamps
-        -v         Be verbose
-        -V         Show version number
-        -X         Dump the raw packet data starting at the link layer
-        -x         Exit if Snort configuration problems occur
-        -y         Include year in timestamp in the alert and log files
-        -Z <file>  Set the performonitor preprocessor file path and name
-        -?         Show this information
-<Filter Options> are standard BPF options, as seen in TCPDump
-Longname options and their corresponding single char version
-   --logid <0xid>                  Same as -G
-   --perfmon-file <file>           Same as -Z
-   --pid-path <dir>                Specify the directory for the Snort PID file
-   --snaplen <snap>                Same as -P
-   --help                          Same as -?
-   --version                       Same as -V
-   --alert-before-pass             Process alert, drop, sdrop, or reject before pass, default is pass before alert, drop,...
-   --treat-drop-as-alert           Converts drop, sdrop, and reject rules into alert rules during startup
-   --treat-drop-as-ignore          Use drop, sdrop, and reject rules to ignore session traffic when not inline.
-   --process-all-events            Process all queued events (drop, alert,...), default stops after 1st action group
-   --enable-inline-test            Enable Inline-Test Mode Operation
-   --dynamic-engine-lib <file>     Load a dynamic detection engine
-   --dynamic-engine-lib-dir <path> Load all dynamic engines from directory
-   --dynamic-detection-lib <file>  Load a dynamic rules library
-   --dynamic-detection-lib-dir <path> Load all dynamic rules libraries from directory
-   --dump-dynamic-rules <path>     Creates stub rule files of all loaded rules libraries
-   --dynamic-preprocessor-lib <file>  Load a dynamic preprocessor library
-   --dynamic-preprocessor-lib-dir <path> Load all dynamic preprocessor libraries from directory
-   --dynamic-output-lib <file>  Load a dynamic output library
-   --dynamic-output-lib-dir <path> Load all dynamic output libraries from directory
-   --create-pidfile                Create PID file, even when not in Daemon mode
-   --nolock-pidfile                Do not try to lock Snort PID file
-   --no-interface-pidfile          Do not include the interface name in Snort PID file
-   --disable-attribute-reload-thread Do not create a thread to reload the attribute table
-   --pcap-single <tf>              Same as -r.
-   --pcap-file <file>              file that contains a list of pcaps to read - read mode is implied.
-   --pcap-list "<list>"            a space separated list of pcaps to read - read mode is implied.
-   --pcap-dir <dir>                a directory to recurse to look for pcaps - read mode is implied.
-   --pcap-filter <filter>          filter to apply when getting pcaps from file or directory.
-   --pcap-no-filter                reset to use no filter when getting pcaps from file or directory.
-   --pcap-loop <count>             this option will read the pcaps specified on command line continuously.
-                                   for <count> times.  A value of 0 will read until Snort is terminated.
-   --pcap-reset                    if reading multiple pcaps, reset snort to post-configuration state before reading next pcap.
-   --pcap-reload                   if reading multiple pcaps, reload snort config between pcaps.
-   --pcap-show                     print a line saying what pcap is currently being read.
-   --exit-check <count>            Signal termination after <count> callbacks from DAQ_Acquire(), showing the time it
-                                   takes from signaling until DAQ_Stop() is called.
-   --conf-error-out                Same as -x
-   --enable-mpls-multicast         Allow multicast MPLS
-   --enable-mpls-overlapping-ip    Handle overlapping IPs within MPLS clouds
-   --max-mpls-labelchain-len       Specify the max MPLS label chain
-   --mpls-payload-type             Specify the protocol (ipv4, ipv6, ethernet) that is encapsulated by MPLS
-   --require-rule-sid              Require that all snort rules have SID specified.
-   --daq <type>                    Select packet acquisition module (default is pcap).
-   --daq-mode <mode>               Select the DAQ operating mode.
-   --daq-var <name=value>          Specify extra DAQ configuration variable.
-   --daq-dir <dir>                 Tell snort where to find desired DAQ.
-   --daq-list[=<dir>]              List packet acquisition modules available in dir.  Default is static modules only.
-   --dirty-pig                     Don't flush packets and release memory on shutdown.
-   --cs-dir <dir>                  Directory to use for control socket.
-   --ha-peer                       Activate live high-availability state sharing with peer.
-   --ha-out <file>                 Write high-availability events to this file.
-   --ha-in <file>                  Read high-availability events from this file on startup (warm-start).
-   --suppress-config-log           Suppress configuration information output.
+Dec 01 15:45:16 centos7.fenestros.loc systemd[1]: Starting Redis persistent key-value database...
+Dec 01 15:45:16 centos7.fenestros.loc systemd[1]: Started Redis persistent key-value database.
 </code>
-===Configuration de Snort===
+Exécutez encore une fois la commande **openvas-check-setup** :
-Snort a besoin de règles pour fonctionner correctement. Ces règles sont disponibles sous trois formes différentes :
+<code>
+[root@centos7 ~]# openvas-check-setup
+...
+Step 1: Checking OpenVAS Scanner ...
+        OK: OpenVAS Scanner is present in version 5.0.6.
+        OK: OpenVAS Scanner CA Certificate is present as /etc/pki/openvas/CA/cacert.pem.
+        OK: redis-server is present in version v=3.2.10.
+        OK: scanner (kb_location setting) is configured properly using the redis-server socket: /tmp/redis.sock
+        OK: redis-server is running and listening on socket: /tmp/redis.sock.
+        OK: redis-server configuration is OK and redis-server is running.
+        ERROR: The NVT collection is very small.
+        FIX: Run a synchronization script like openvas-nvt-sync or greenbone-nvt-sync.
+...
+</code>
-  * **Community** - règles de base disponibles à tout le monde,
+<WRAP center round important 50%>
-  * **Registered** - règles disponibles à toute personne possédant un compte gratuit sur le site **[[http://www.snort.org]]**,
+**Important** - Notez l'erreur **ERROR: The NVT collection is very small.**
-  * **Subscription** - règles les plus efficaces disponibles uniquement aux utilisateurs enregistrés **et** abonnés à un plan payant.
+</WRAP>
-Le répertoire rules est donc vide lors de l'installation de Snort :
+Téléchargez le script **greenbone-nvt-sync** :
 <code>
-[root@centos7 ~]# ls /etc/snort/rules/
+[root@centos7 ~]# wget https://www.dropbox.com/scl/fi/10hf8fpdq2yhd821qb5pk/greenbone-nvt-sync?rlkey=7f4taliexlpg54pa1c1yz8czx&st=tkvnjg55
-[root@centos7 ~]#
+[root@centos7 ~]# mv greenbone-nvt-sync?rlkey=7f4taliexlpg54pa1c1yz8czx greenbone-nvt-sync
 </code>
-Téléchargez les règles **Registered** grâce au lien suivant contenant un **oinkcode** :
+Si vous ne pouvez pas téléchargez le script **greenbone-nvt-sync**, copiez son contenu ci-dessous et créez-le :
 <code>
-[root@centos7 ~]# wget https://www.dropbox.com/scl/fi/dkmuxq9j0ftahp4c3rf5p/registered.tar.gz?rlkey=mvs3qdu1kxfz9zs5mt5zy1niz&st=n90pywc2
+[root@centos7 ~]# vi greenbone-nvt-sync
+[root@centos7 ~]# cat greenbone-nvt-sync
+#!/bin/sh
+# Copyright (C) 2009-2021 Greenbone Networks GmbH
+#
+# SPDX-License-Identifier: GPL-2.0-or-later
+#
+# This program is free software; you can redistribute it and/or
+# modify it under the terms of the GNU General Public License
+# as published by the Free Software Foundation; either version 2
+# of the License, or (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+# This script updates the local Network Vulnerability Tests (NVTs) from the
+# Greenbone Security Feed (GSF) or the Greenbone Community Feed (GCF).
+VERSION=@OPENVAS_VERSION@
+# SETTINGS
+# ========
+# PRIVATE_SUBDIR defines a subdirectory of the NVT directory that is excluded
+# from the feed sync. This is where to place your own NVTs.
+if [ -z "$PRIVATE_SUBDIR" ]
+then
+  PRIVATE_SUBDIR="private"
+fi
+# RSYNC_DELETE controls whether files which are not part of the repository will
+# be removed from the local directory after synchronization. The default value
+# for this setting is
+# "--delete --exclude \"$PRIVATE_SUBDIR/\"",
+# which means that files which are not part of the feed or private directory
+# will be deleted.
+RSYNC_DELETE="--delete --exclude $PRIVATE_SUBDIR/"
+# RSYNC_SSH_OPTS contains options which should be passed to ssh for the rsync
+# connection to the repository.
+RSYNC_SSH_OPTS="-o \"UserKnownHostsFile=/dev/null\" -o \"StrictHostKeyChecking=no\""
+# RSYNC_COMPRESS specifies the compression level to use for the rsync connection.
+RSYNC_COMPRESS="--compress-level=9"
+# RSYNC_CHMOD specifies the permissions to chmod the files to.
+RSYNC_CHMOD="--perms --chmod=Fugo+r,Fug+w,Dugo-s,Dugo+rx,Dug+w"
+# Verbosity flag for rsync. "-q" means a quiet rsync, "-v" a verbose rsync.
+RSYNC_VERBOSE="-q"
+# RSYNC_OPTIONS controls the general parameters for the rsync connection.
+RSYNC_OPTIONS="--links --times --omit-dir-times $RSYNC_VERBOSE --recursive --partial --progress"
+# Script and feed information which will be made available to user through
+# command line options and automated tools.
+# Script name which will be used for logging
+SCRIPT_NAME="greenbone-nvt-sync"
+# Result of selftest () is stored here. If it is not 0, the selftest has failed
+# and the sync script is unlikely to work.
+SELFTEST_FAIL=0
+# Port to use for synchronization. Default value is 24.
+PORT=24
+# Directory where the OpenVAS configuration is located
+OPENVAS_SYSCONF_DIR="@OPENVAS_SYSCONF_DIR@"
+# Directory where the feed update lock file will be placed.
+OPENVAS_FEED_LOCK_PATH="@OPENVAS_FEED_LOCK_PATH@"
+# Location of the GSF Access Key
+ACCESS_KEY="@GVM_ACCESS_KEY_DIR@/gsf-access-key"
+# If ENABLED is set to 0, the sync script will not perform a synchronization.
+ENABLED=1
+# LOG_CMD defines the command to use for logging. To have logger log to stderr
+# as well as syslog, add "-s" here. The logging facility is checked. In case of error
+# all will be logged in the standard error and the socket error check will be
+# disabled.
+LOG_CMD="logger -t $SCRIPT_NAME"
+check_logger () {
+  logger -p daemon.info -t $SCRIPT_NAME "Checking logger" --no-act 1>/dev/null 2>&1
+  if [ $? -gt 0 ]
+  then
+    LOG_CMD="logger -s -t $SCRIPT_NAME"
+    $LOG_CMD -p daemon.warning "The log facility is not working as expected. All messages will be written to the standard error stream."
+  fi
+}
+check_logger
+# Source configuration file if it is readable
+[ -r $OPENVAS_SYSCONF_DIR/greenbone-nvt-sync.conf ] && . $OPENVAS_SYSCONF_DIR/greenbone-nvt-sync.conf
+# NVT_DIR is the place where the NVTs are located.
+if [ -z "$NVT_DIR" ]
+then
+  NVT_DIR="@OPENVAS_NVT_DIR@"
+fi
+log_write () {
+  $LOG_CMD -p daemon.notice $1
+}
+log_debug () {
+  $LOG_CMD -p daemon.debug "$1"
+}
+log_info () {
+  $LOG_CMD -p daemon.info "$1"
+}
+log_notice () {
+  $LOG_CMD -p daemon.notice "$1"
+}
+log_warning () {
+  $LOG_CMD -p daemon.warning "$1"
+}
+log_err () {
+  $LOG_CMD -p daemon.err "$1"
+}
+stderr_write ()
+{
+  echo "$1" > /dev/stderr
+}
+# Read the general information about the feed origin from
+# the file "plugin_feed_info.inc" inside the feed directory.
+get_feed_info ()
+{
+  INFOFILE="$NVT_DIR/plugin_feed_info.inc"
+  if [ -r $INFOFILE ] ; then
+    FEED_VERSION=`grep PLUGIN_SET $INFOFILE | sed -e 's/[^0-9]//g'`
+    FEED_NAME=`awk -F\" '/PLUGIN_FEED/ { print $2 }' $INFOFILE`
+    FEED_VENDOR=`awk -F\" '/FEED_VENDOR/ { print $2 }' $INFOFILE`
+    FEED_HOME=`awk -F\" '/FEED_HOME/ { print $2 }' $INFOFILE`
+    FEED_PRESENT=1
+  else
+    FEED_PRESENT=0
+  fi
+  if [ -z "$FEED_NAME" ] ; then
+    FEED_NAME="Unidentified Feed"
+  fi
+  if [ -z "$FEED_VENDOR" ] ; then
+    FEED_VENDOR="Unidentified Vendor"
+  fi
+  if [ -z "$FEED_HOME" ] ; then
+    FEED_HOME="Unidentified Feed Homepage"
+  fi
+}
+# Prevent that root executes this script
+if [ "`id -u`" -eq "0" ]
+then
+  stderr_write "$0 must not be executed as privileged user root"
+  stderr_write
+  stderr_write "Unlike the actual scanner the sync routine does not need privileges."
+  stderr_write "Accidental execution as root would prevent later overwriting of"
+  stderr_write "files with a non-privileged user."
+  log_err "Denied to run as root"
+  exit 1
+fi
+# Always try to get the information when started.
+# This also ensures variables like FEED_PRESENT are set.
+get_feed_info
+# Determine whether a GSF access key is present. If yes,
+# then use the Greenbone Security Feed. Else use the
+# Greenbone Community Feed.
+if [ -e $ACCESS_KEY ]
+then
+  RESTRICTED=1
+else
+  RESTRICTED=0
+  if [ -z "$COMMUNITY_NVT_RSYNC_FEED" ]; then
+    COMMUNITY_NVT_RSYNC_FEED=rsync://feed.community.greenbone.net:/nvt-feed
+    # An alternative syntax which might work if the above doesn't:
+    # COMMUNITY_NVT_RSYNC_FEED=rsync@feed.community.greenbone.net::/nvt-feed
+  fi
+fi
+RSYNC=`command -v rsync`
+if [ -z "$TMPDIR" ]; then
+  SYNC_TMP_DIR=/tmp
+  # If we have mktemp, create a temporary dir (safer)
+  if [ -n "`which mktemp`" ]; then
+    SYNC_TMP_DIR=`mktemp -t -d greenbone-nvt-sync.XXXXXXXXXX` || { echo "ERROR: Cannot create temporary directory for file download" >&2; exit 1 ; }
+    trap "rm -rf $SYNC_TMP_DIR" EXIT HUP INT TRAP TERM
+  fi
+else
+  SYNC_TMP_DIR="$TMPDIR"
+fi
+# Initialize this indicator variable with default assuming the
+# feed is not up-to-date.
+FEED_CURRENT=0
+# This function uses gos-state-manager to get information about the settings.
+# If gos-state-manager is not installed the values of the settings can not be
+# retrieved.
+#
+# Input: option
+# Output: value as string or empty String if gos-state-manager is not installed
+#         or option not set
+get_value ()
+{
+  value=""
+  key=$1
+  if which gos-state-manager 1>/dev/null 2>&1
+  then
+    if gos-state-manager get "$key.value" 1>/dev/null 2>&1
+    then
+      value="$(gos-state-manager get "$key.value")"
+    fi
+  fi
+  echo "$value"
+}
+# Creates a restricted access copy of the access key if necessary.
+setup_temp_access_key () {
+  if [ -e "$ACCESS_KEY" ]
+  then
+    FILE_ACCESS=`stat -c%a "$ACCESS_KEY" | cut -c2-`
+  fi
+  if [ -n "$FILE_ACCESS" ] && [ "00" != "$FILE_ACCESS" ]
+  then
+    TEMP_ACCESS_KEY_DIR=`mktemp -d`
+    TEMP_ACCESS_KEY="$TEMP_ACCESS_KEY_DIR/gsf-access-key"
+    cp "$ACCESS_KEY" "$TEMP_ACCESS_KEY"
+    chmod 400 "$TEMP_ACCESS_KEY"
+  else
+    TEMP_ACCESS_KEY_DIR=""
+    TEMP_ACCESS_KEY="$ACCESS_KEY"
+  fi
+}
+# Deletes the read-only copy of the access key.
+cleanup_temp_access_key () {
+  if [ -n "$TEMP_ACCESS_KEY_DIR" ]
+  then
+    rm -rf "$TEMP_ACCESS_KEY_DIR"
+  fi
+  TEMP_ACCESS_KEY_DIR=""
+  TEMP_ACCESS_KEY=""
+}
+is_feed_current () {
+  if [ -z "$FEED_VERSION" ]
+  then
+    log_write "Could not determine feed version."
+    FEED_CURRENT=0
+    return $FEED_CURRENT
+  fi
+  if [ -z "$RSYNC" ]
+  then
+    log_notice "rsync not available, skipping feed version test"
+    FEED_CURRENT=0
+    rm -rf $FEED_INFO_TEMP_DIR
+    cleanup_temp_access_key
+    return 0
+  fi
+  FEED_INFO_TEMP_DIR=`mktemp -d`
+  if [ -e $ACCESS_KEY ]
+  then
+    gsmproxy=$(get_value proxy_feed | sed -r -e 's/^.*\/\///' -e 's/:([0-9]+)$/ \1/')
+    syncport=$(get_value syncport)
+    if [ "$syncport" ]
+    then
+      PORT="$syncport"
+    fi
+    read feeduser < $ACCESS_KEY
+    custid=`awk -F@ 'NR > 1 { exit }; { print $1 }' $ACCESS_KEY`
+    if [ -z "$feeduser" ] || [ -z "$custid" ]
+    then
+      log_err "Could not determine credentials, aborting synchronization."
+      exit 1
+    fi
+    setup_temp_access_key
+    if [ "$gsmproxy" = "proxy_feed" ] || [ -z "$gsmproxy" ]
+    then
+      RSYNC_SSH_PROXY_CMD=""
+    else
+      if [ -e $OPENVAS_SYSCONF_DIR/proxyauth ] && [ -r $OPENVAS_SYSCONF_DIR/proxyauth ]
+      then
+        RSYNC_SSH_PROXY_CMD="-o \"ProxyCommand corkscrew $gsmproxy %h %p $OPENVAS_SYSCONF_DIR/proxyauth\""
+      else
+        RSYNC_SSH_PROXY_CMD="-o \"ProxyCommand corkscrew $gsmproxy %h %p\""
+      fi
+    fi
+    rsync -e "ssh $RSYNC_SSH_OPTS $RSYNC_SSH_PROXY_CMD -p $PORT -i $TEMP_ACCESS_KEY" $RSYNC_OPTIONS $RSYNC_DELETE $RSYNC_COMPRESS $RSYNC_CHMOD "$feeduser"plugin_feed_info.inc $FEED_INFO_TEMP_DIR
+    if [ $? -ne 0 ]
+    then
+      log_err "Error: rsync failed."
+      rm -rf "$FEED_INFO_TEMP_DIR"
+      exit 1
+    fi
+  else
+    # Sleep for five seconds (a previous feed might have been synced a few seconds before) to prevent
+    # IP blocking due to network equipment in between keeping the previous connection too long open.
+    sleep 5
+    log_notice "No Greenbone Security Feed access key found, falling back to Greenbone Community Feed"
+    eval "$RSYNC -ltvrP \"$COMMUNITY_NVT_RSYNC_FEED/plugin_feed_info.inc\" \"$FEED_INFO_TEMP_DIR\""
+    if [ $? -ne 0 ]
+    then
+      log_err "rsync failed, aborting synchronization."
+      rm -rf "$FEED_INFO_TEMP_DIR"
+      exit 1
+    fi
+  fi
+  FEED_VERSION_SERVER=`grep PLUGIN_SET $FEED_INFO_TEMP_DIR/plugin_feed_info.inc | sed -e 's/[^0-9]//g'`
+  if [ -z "$FEED_VERSION_SERVER" ]
+  then
+    log_err "Could not determine server feed version."
+    rm -rf $FEED_INFO_TEMP_DIR
+    cleanup_temp_access_key
+    exit 1
+  fi
+  # Check against FEED_VERSION
+  if [ $FEED_VERSION -lt $FEED_VERSION_SERVER ] ; then
+    FEED_CURRENT=0
+  else
+    FEED_CURRENT=1
+  fi
+  # Cleanup
+  rm -rf "$FEED_INFO_TEMP_DIR"
+  cleanup_temp_access_key
+  return $FEED_CURRENT
+}
+do_rsync_community_feed () {
+  # Sleep for five seconds (a previous feed might have been synced a few seconds before) to prevent
+  # IP blocking due to network equipment in between keeping the previous connection too long open.
+  sleep 5
+  log_notice "Configured NVT rsync feed: $COMMUNITY_NVT_RSYNC_FEED"
+  mkdir -p "$NVT_DIR"
+  eval "$RSYNC -ltvrP $RSYNC_DELETE \"$COMMUNITY_NVT_RSYNC_FEED\" \"$NVT_DIR\" --exclude=plugin_feed_info.inc"
+  if [ $? -ne 0 ] ; then
+    log_err "rsync failed."
+    exit 1
+  fi
+  # Sleep for five seconds (after the above rsync call) to prevent IP blocking due
+  # to network equipment in between keeping the previous connection too long open.
+  sleep 5
+  eval "$RSYNC -ltvrP $RSYNC_DELETE \"$COMMUNITY_NVT_RSYNC_FEED/plugin_feed_info.inc\" \"$NVT_DIR\""
+  if [ $? -ne 0 ] ; then
+    log_err "rsync failed."
+    exit 1
+  fi
+}
+sync_nvts(){
+  if [ $ENABLED -ne 1 ]
+  then
+    log_write "NVT synchronization is disabled, exiting."
+    exit 0
+  fi
+  if [ -e $ACCESS_KEY ]
+  then
+    log_write "Synchronizing NVTs from the Greenbone Security Feed into $NVT_DIR..."
+    if [ $FEED_PRESENT -eq 1 ] ; then
+      FEEDCOUNT=`grep -E "nasl$|inc$" $NVT_DIR/md5sums | wc -l`
+      log_write "Current status: Using $FEED_NAME at version $FEED_VERSION ($FEEDCOUNT NVTs)"
+    else
+      log_write "Current status: No feed installed."
+    fi
+    notsynced=1
+    retried=0
+    mkdir -p "$NVT_DIR"
+    read feeduser < $ACCESS_KEY
+    custid=`awk -F@ 'NR > 1 { exit }; { print $1 }' $ACCESS_KEY`
+    if [ -z "$feeduser" ] || [ -z "$custid" ]
+    then
+      log_err "Could not determine credentials, aborting synchronization."
+      exit 1
+    fi
+    setup_temp_access_key
+    while [ $notsynced -eq 1 ]
+    do
+      gsmproxy=$(get_value proxy_feed | sed -r -e 's/^.*\/\///' -e 's/:([0-9]+)$/ \1/')
+      syncport=$(get_value syncport)
+      if [ "$syncport" ]
+      then
+        PORT="$syncport"
+      fi
+      if [ "$gsmproxy" = "proxy_feed" ] || [ -z "$gsmproxy" ]
+      then
+        RSYNC_SSH_PROXY_CMD=""
+      else
+        if [ -e $OPENVAS_SYSCONF_DIR/proxyauth ] && [ -r $OPENVAS_SYSCONF_DIR/proxyauth ]; then
+          RSYNC_SSH_PROXY_CMD="-o \"ProxyCommand corkscrew $gsmproxy %h %p $OPENVAS_SYSCONF_DIR/proxyauth\""
+        else
+          RSYNC_SSH_PROXY_CMD="-o \"ProxyCommand corkscrew $gsmproxy %h %p\""
+        fi
+      fi
+      rsync -e "ssh $RSYNC_SSH_OPTS $RSYNC_SSH_PROXY_CMD -p $PORT -i $TEMP_ACCESS_KEY" --exclude=plugin_feed_info.inc $RSYNC_OPTIONS $RSYNC_DELETE $RSYNC_COMPRESS $RSYNC_CHMOD $feeduser $NVT_DIR
+      if [ $? -ne 0 ]  ; then
+        log_err "rsync failed, aborting synchronization."
+        exit 1
+      fi
+      rsync -e "ssh $RSYNC_SSH_OPTS $RSYNC_SSH_PROXY_CMD -p $PORT -i $TEMP_ACCESS_KEY" $RSYNC_OPTIONS $RSYNC_DELETE $RSYNC_COMPRESS $RSYNC_CHMOD "$feeduser"plugin_feed_info.inc $NVT_DIR
+      if [ $? -ne 0 ]  ; then
+        log_err "rsync failed, aborting synchronization."
+        exit 1
+      fi
+      eval "cd \"$NVT_DIR\" ; md5sum -c --status \"$NVT_DIR/md5sums\""
+      if [ $? -ne 0 ]  ; then
+        if [ -n "$retried" ]
+        then
+          log_err "Feed integrity check failed twice, aborting synchronization."
+          cleanup_temp_access_key
+          exit 1
+        else
+          log_write "The feed integrity check failed. This may be due to a concurrent feed update or other temporary issues."
+          log_write "Sleeping 15 seconds before retrying ..."
+          sleep 15
+          retried=1
+        fi
+      else
+        notsynced=0
+      fi
+    done
+    cleanup_temp_access_key
+    log_write "Synchronization with the Greenbone Security Feed successful."
+    get_feed_info
+    if [ $FEED_PRESENT -eq 1 ] ; then
+      FEEDCOUNT=`grep -E "nasl$|inc$" $NVT_DIR/md5sums | wc -l`
+      log_write "Current status: Using $FEED_NAME at version $FEED_VERSION ($FEEDCOUNT NVTs)"
+    else
+      log_write "Current status: No feed installed."
+    fi
+  else
+    log_notice "No Greenbone Security Feed access key found, falling back to Greenbone Community Feed"
+    do_rsync_community_feed
+  fi
+}
+do_self_test ()
+{
+  MD5SUM_AVAIL=`command -v md5sum`
+  if [ $? -ne 0 ] ; then
+    SELFTEST_FAIL=1
+    stderr_write "The md5sum binary could not be found."
+  fi
+  RSYNC_AVAIL=`command -v rsync`
+  if [ $? -ne 0 ] ; then
+    SELFTEST_FAIL=1
+    stderr_write "The rsync binary could not be found."
+  fi
+}
+do_describe ()
+{
+  echo "This script synchronizes an NVT collection with the '$FEED_NAME'."
+  echo "The '$FEED_NAME' is provided by '$FEED_VENDOR'."
+  echo "Online information about this feed: '$FEED_HOME'."
+}
+do_feedversion () {
+  if [ $FEED_PRESENT -eq 1 ] ; then
+    echo $FEED_VERSION
+  else
+    stderr_write "The file containing the feed version could not be found."
+    exit 1
+  fi
+}
+do_sync ()
+{
+  do_self_test
+  if [ $SELFTEST_FAIL -ne 0 ] ; then
+    exit $SELFTEST_FAIL
+  fi
+  if [ $FEED_CURRENT -eq 1 ]
+  then
+    log_write "Feed is already current, skipping synchronization."
+  else
+    (
+      chmod +660 $OPENVAS_FEED_LOCK_PATH
+      flock -n 9
+      if [ $? -eq 1 ] ; then
+          log_warning "Another process related to the feed update is already running"
+          exit 1
+      fi
+      date > $OPENVAS_FEED_LOCK_PATH
+      sync_nvts
+      echo -n $OPENVAS_FEED_LOCK_PATH
+    )9>>$OPENVAS_FEED_LOCK_PATH
+  fi
+}
+do_help () {
+  echo "$0: Sync NVT data"
+  echo " --describe     display current feed info"
+  echo " --feedcurrent  just check if feed is up-to-date"
+  echo " --feedversion  display version of this feed"
+  echo " --help         display this help"
+  echo " --identify     display information"
+  echo " --nvtdir dir   set dir as NVT directory"
+  echo " --selftest     perform self-test and set exit code"
+  echo " --verbose      makes the sync process print details"
+  echo " --version      display version"
+  echo ""
+  echo ""
+  echo "Environment variables:"
+  echo "NVT_DIR         where to extract plugins (absolute path)"
+  echo "PRIVATE_SUBDIR  subdirectory of \$NVT_DIR to exclude from synchronization"
+  echo "TMPDIR          temporary directory used to download the files"
+  echo "Note that you can use standard ones as well (e.g. RSYNC_PROXY) for rsync"
+  echo ""
+  exit 0
+}
+while test $# -gt 0; do
+  case "$1" in
+    --version)
+      echo $VERSION
+      exit 0
+      ;;
+    --identify)
+      echo "NVTSYNC|$SCRIPT_NAME|$VERSION|$FEED_NAME|$RESTRICTED|NVTSYNC"
+      exit 0
+      ;;
+    --selftest)
+      do_self_test
+      exit $SELFTEST_FAIL
+      ;;
+    --describe)
+      do_describe
+      exit 0
+      ;;
+    --feedversion)
+      do_feedversion
+      exit 0
+      ;;
+    --help)
+      do_help
+      exit 0
+      ;;
+    --nvt-dir)
+      NVT_DIR="$2"
+      shift
+      ;;
+    --feedcurrent)
+      is_feed_current
+      exit $?
+      ;;
+    --verbose)
+      RSYNC_VERBOSE="-v"
+      ;;
+  esac
+  shift
+done
+do_sync
+exit 0
 </code>
-Ensuite, saisissez les commandes suivantes :
+Rendez le script exécutable :
 <code>
-[root@centos7 ~]# tar -xvf ~/registered.tar.gz -C /etc/snort
+[root@centos7 ~]# chmod +x greenbone-nvt-sync
-[root@centos7 ~]# ls /etc/snort/rules
-app-detect.rules        file-image.rules             netbios.rules            protocol-other.rules     server-samba.rules
-attack-responses.rules  file-java.rules              nntp.rules               protocol-pop.rules       server-webapp.rules
-backdoor.rules          file-multimedia.rules        oracle.rules             protocol-rpc.rules       shellcode.rules
-bad-traffic.rules       file-office.rules            os-linux.rules           protocol-scada.rules     smtp.rules
-blacklist.rules         file-other.rules             os-mobile.rules          protocol-services.rules  snmp.rules
-botnet-cnc.rules        file-pdf.rules               os-other.rules           protocol-snmp.rules      specific-threats.rules
-browser-chrome.rules    finger.rules                 os-solaris.rules         protocol-telnet.rules    spyware-put.rules
-browser-firefox.rules   ftp.rules                    os-windows.rules         protocol-tftp.rules      sql.rules
-browser-ie.rules        icmp-info.rules              other-ids.rules          protocol-voip.rules      telnet.rules
-browser-other.rules     icmp.rules                   p2p.rules                pua-adware.rules         tftp.rules
-browser-plugins.rules   imap.rules                   phishing-spam.rules      pua-other.rules          virus.rules
-browser-webkit.rules    indicator-compromise.rules   policy-multimedia.rules  pua-p2p.rules            voip.rules
-chat.rules              indicator-obfuscation.rules  policy-other.rules       pua-toolbars.rules       VRT-License.txt
-content-replace.rules   indicator-scan.rules         policy.rules             rpc.rules                web-activex.rules
-ddos.rules              indicator-shellcode.rules    policy-social.rules      rservices.rules          web-attacks.rules
-deleted.rules           info.rules                   policy-spam.rules        scada.rules              web-cgi.rules
-dns.rules               local.rules                  pop2.rules               scan.rules               web-client.rules
-dos.rules               malware-backdoor.rules       pop3.rules               server-apache.rules      web-coldfusion.rules
-experimental.rules      malware-cnc.rules            protocol-dns.rules       server-iis.rules         web-frontpage.rules
-exploit-kit.rules       malware-other.rules          protocol-finger.rules    server-mail.rules        web-iis.rules
-exploit.rules           malware-tools.rules          protocol-ftp.rules       server-mssql.rules       web-misc.rules
-file-executable.rules   misc.rules                   protocol-icmp.rules      server-mysql.rules       web-php.rules
-file-flash.rules        multimedia.rules             protocol-imap.rules      server-oracle.rules      x11.rules
-file-identify.rules     mysql.rules                  protocol-nntp.rules      server-other.rules
 </code>
-<WRAP center round important 50%>
+Déplacez le script vers **/usr/sbin/** :
-**Important** - Si vous utilisez **snort** régulièrement, vous devez prendre un abonnement sur le site [[http://www.snort.org]] afin de pouvoir télécharger les mises à jour des règles.
-</WRAP>
-== Editer le fichier /etc/snort/snort.conf ==
+<code>
+[root@centos7 ~]# mv greenbone-nvt-sync /usr/sbin
+mv: overwrite ‘/usr/sbin/greenbone-nvt-sync’? y
+</code>
-Lancez vi pour éditer le fichier **/etc/snort/snort.conf** :
+Devenez l'utilisateur trainee et mettez à jour les modules d'extensions de OpenVAS :
-Modifiez la ligne qui commence par **ipvar HOME_NET** pour que celle-ci comporte l'adresse de votre réseau :
+<code>
-<file>
+[root@centos7 ~]# su - trainee
+Last login: Mon Dec  1 15:30:45 CET 2025 on pts/0
+[trainee@centos7 ~]$ greenbone-nvt-sync
 ...
-ipvar HOME_NET 10.0.2.0/24
+Greenbone community feed server - http://feed.community.greenbone.net/
-...
+This service is hosted by Greenbone Networks - http://www.greenbone.net/
-</file>
-Dans le cas où vous êtes connecté à deux ou à plusieurs réseaux directement, la ligne devrait prendre la forme suivante :
+All transactions are logged.
-  ipvar HOME_NET [adresse_réseau_1 ( p.e. 10.0.2.0/24 ), adresse_réseau_2 ( p.e. 10.0.0.0/8 )]
+If you have any questions, please use the Greenbone community portal.
+See https://community.greenbone.net for details.
-Vérifiez la présence de les lignes qui commencent par **var RULE_PATH**, **Var SO_RULE_PATH** et **var PREPROC_RULE_PATH**. Celles-ci comportent les chemin relatifs des répertoires **rules** :
+By using this service you agree to our terms and conditions.
-<file>
+Only one sync per time, otherwise the source ip will be temporarily blocked.
-...
-var RULE_PATH /etc/snort/rules
-var SO_RULE_PATH ../so_rules
-var PREPROC_RULE_PATH ../preproc_rules
-...
-</file>
-Modifiez les deux lignes suivantes afin d'utiliser des chemins absolus :
-<file>
+receiving incremental file list
-...
+plugin_feed_info.inc
-var WHITE_LIST_PATH /etc/snort/rules
+100%  322.27kB/s    0:00:00 (xfr#1, to-chk=0/1)
-var BLACK_LIST_PATH /etc/snort/rules
-...
-</file>
-Décommentez la ligne qui commence par **ooutput unified2** concernant la journalisation et supprimez le mot **nostamp** :
+sent 57 bytes  received 436 bytes  328.67 bytes/sec
+total size is 330  speedup is 0.67
+[trainee@centos7 ~]$ exit
+[root@centos7 ~]#
+</code>
-<file>
+<WRAP center round important 50%>
-...
+**Important** - En cas d'erreur, relancez simplement la commande.
-# unified2
+</WRAP>
-# Recommended for most installs
-output unified2: filename merged.log, limit 128, mpls_event_types, vlan_event_types
-...
-</file>
-Commentez ensuite la ligne commençant par **dynamicdetection directory** :
+Déplacez les plugins vers le répertoire **/var/lib/openvas/plugins** :
 <code>
-# path to dynamic rules libraries
+[root@centos7 ~]# mv /home/trainee/@OPENVAS_NVT_DIR@/* /var/lib/openvas/plugins
-# dynamicdetection directory /usr/local/lib/snort_dynamicrules
 </code>
-Créez ensuite les deux fichiers ci-dessous :
+Vérifiez ensuite la réussite de la commande précédente :
 <code>
-[root@centos7 ~]# touch /etc/snort/rules/white_list.rules
+[root@centos7 ~]# ls -l /var/lib/openvas/plugins/ | more
-[root@centos7 ~]# touch /etc/snort/rules/black_list.rules
+total 41280
+drwxr-xr-x.   6 trainee trainee    24576 Dec  1 11:30 2008
+drwxr-xr-x.  14 trainee trainee    65536 Dec  1 11:30 2009
+drwxr-xr-x.  12 trainee trainee    65536 Dec  1 11:30 2010
+drwxr-xr-x.  13 trainee trainee   118784 Dec  1 11:30 2011
+drwxr-xr-x.  14 trainee trainee   102400 Dec  1 11:30 2012
+drwxr-xr-x.  11 trainee trainee    86016 Dec  1 11:30 2013
+drwxr-xr-x.  13 trainee trainee    81920 Dec  1 11:30 2014
+drwxr-xr-x.  15 trainee trainee   118784 Dec  1 11:30 2015
+drwxr-xr-x.  17 trainee trainee   159744 Dec  1 11:30 2016
+drwxr-xr-x.  70 trainee trainee   126976 Dec  1 11:30 2017
+drwxr-xr-x. 288 trainee trainee     8192 Dec  1 11:30 2018
+drwxr-xr-x. 215 trainee trainee     8192 Dec  1 11:30 2019
+drwxr-xr-x. 181 trainee trainee     8192 Dec  1 11:30 2020
+drwxr-xr-x. 154 trainee trainee     8192 Dec  1 11:30 2021
+drwxr-xr-x. 149 trainee trainee     4096 Dec  1 11:30 2022
+drwx------. 136 trainee trainee     4096 Dec  1 11:30 2023
+drwx------. 127 trainee trainee     4096 Dec  1 11:30 2024
+drwx------. 132 trainee trainee     4096 Dec  1 11:30 2025
+-rw-r--r--.   1 trainee trainee     2311 Dec  1 11:08 adaptbb_detect.nasl
+-rw-r--r--.   1 trainee trainee     1786 Dec  1 11:08 afs_version.nasl
+-rw-r--r--.   1 trainee trainee     2448 Dec  1 11:08 amanda_detect.nasl
+-rw-r--r--.   1 trainee trainee     2432 Dec  1 11:08 amanda_version.nasl
+-rw-r--r--.   1 trainee trainee     1492 Dec  1 11:08 aol_installed.nasl
+-rw-r--r--.   1 trainee trainee     2746 Dec  1 11:08 apachehttp_config_defaults.nasl
+-rw-r--r--.   1 trainee trainee     8186 Dec  1 11:08 apache_ofbiz_http_detect.nasl
+-rw-r--r--.   1 trainee trainee     5553 Dec  1 11:08 apache_prds.inc
+-rw-r--r--.   1 trainee trainee     4210 Dec  1 11:08 apache_server_info.nasl
+-rw-r--r--.   1 trainee trainee     4624 Dec  1 11:08 apache_server_status.nasl
+-rw-r--r--.   1 trainee trainee     6726 Dec  1 11:08 apache_SSL_complain.nasl
+-rw-r--r--.   1 trainee trainee     2117 Dec  1 11:08 apache_tomcat_config.nasl
+-rw-r--r--.   1 trainee trainee     2569 Dec  1 11:08 AproxEngine_detect.nasl
+-rw-r--r--.   1 trainee trainee     2496 Dec  1 11:08 arcserve_backup_detect.nasl
+-rw-r--r--.   1 trainee trainee     1937 Dec  1 11:08 arkoon.nasl
+-rw-r--r--.   1 trainee trainee     6878 Dec  1 11:08 asip-status.nasl
+-rw-r--r--.   1 trainee trainee     3797 Dec  1 11:08 atmail_detect.nasl
+drwx------.   9 trainee trainee    20480 Dec  1 11:30 attic
+-rw-r--r--.   1 trainee trainee     1914 Dec  1 11:08 auth_enabled.nasl
+-rw-r--r--.   1 trainee trainee     2016 Dec  1 11:08 aventail_asap_http_detect.nasl
+-rw-r--r--.   1 trainee trainee  1638960 Dec  1 11:08 bad_dsa_ssh_host_keys.txt
+-rw-r--r--.   1 trainee trainee  1638960 Dec  1 11:08 bad_rsa_ssh_host_keys.txt
+-rw-r--r--.   1 trainee trainee    54323 Dec  1 11:08 bad_ssh_host_keys.inc
+-rw-r--r--.   1 trainee trainee    15064 Dec  1 11:08 bad_ssh_keys.inc
+-rw-r--r--.   1 trainee trainee     2507 Dec  1 11:08 barracuda_im_firewall_detect.nasl
+-rw-r--r--.   1 trainee trainee     2827 Dec  1 11:08 base_detect.nasl
+-rw-r--r--.   1 trainee trainee     4464 Dec  1 11:08 basilix_detect.nasl
+-rw-r--r--.   1 trainee trainee     3144 Dec  1 11:08 bgp_detect.nasl
+-rw-r--r--.   1 trainee trainee    23162 Dec  1 11:08 bin.inc
+-rw-r--r--.   1 trainee trainee     2745 Dec  1 11:08 bloofoxCMS_detect.nasl
+-rw-r--r--.   1 trainee trainee     1531 Dec  1 11:08 bluecoat_mgnt_console.nasl
+-rw-r--r--.   1 trainee trainee     2576 Dec  1 11:08 boastMachine_detect.nasl
+-rw-r--r--.   1 trainee trainee     1359 Dec  1 11:08 brother_printers.inc
+-rw-r--r--.   1 trainee trainee     3450 Dec  1 11:08 bugbear.nasl
+-rw-r--r--.   1 trainee trainee     3639 Dec  1 11:08 bugzilla_detect.nasl
+-rw-r--r--.   1 trainee trainee     5301 Dec  1 11:08 byte_func.inc
+--More--
 </code>
-Modifiez maintenant le fichier **/etc/sysconfig/snort** :
+Exécutez de nouveau la commande **openvas-check-setup** :
-<file>
+<code>
+[root@centos7 ~]# openvas-check-setup
 ...
-#### General Configuration
+Step 2: Checking OpenVAS Manager ...
+        OK: OpenVAS Manager is present in version 6.0.9.
+        ERROR: No client certificate file of OpenVAS Manager found.
+        FIX: Run 'openvas-mkcert-client -n -i'
-# What interface should snort listen on?  [Pick only 1 of the next 3!]
+ ERROR: Your OpenVAS-8 installation is not yet complete!
-# This is -i {interface} on the command line
-# This is the snort.conf config interface: {interface} directive
-# INTERFACE=eth0
-INTERFACE=enp0s3
-#
-# The following two options are not directly supported on the command line
-# or in the conf file and assume the same Snort configuration for all
-# instances
 ...
-</file>
+</code>
-Vérifiez le fichier de configuration :
+<WRAP center round important 50%>
+**Important** - Notez l'erreur **ERROR: No client certificate file of OpenVAS Manager found.**
+</WRAP>
+Consultez la signification des options suggérées pour la commande **openvas-mkcert-client** :
 <code>
-[root@centos7 ~]# snort -T -c /etc/snort/snort.conf
+[root@centos7 ~]# openvas-mkcert-client --help
-...
+/bin/openvas-mkcert-client: illegal option -- -
-        --== Initialization Complete ==--
+Usage:
+  openvas-mkcert-client [OPTION...] - Create SSL client certificates for OpenVAS.
-   ,,_     -*> Snort! <*-
+Options:
-  o"  )~   Version 2.9.9.0 GRE (Build 56)
+  -h           Display help
-   ''''    By Martin Roesch & The Snort Team: http://www.snort.org/contact#team
+  -n           Run non-interactively, create certificates
-           Copyright (C) 2014-2016 Cisco and/or its affiliates. All rights reserved.
+               and register with the OpenVAS scanner
-           Copyright (C) 1998-2013 Sourcefire, Inc., et al.
+  -i           Install client certificates for use with OpenVAS manager
-           Using libpcap version 1.5.3
+</code>
-           Using PCRE version: 8.32 2012-11-30
-           Using ZLIB version: 1.2.7
-           Rules Engine: SF_SNORT_DETECTION_ENGINE  Version 3.0  <Build 1>
+Exécutez donc la commande **openvas-mkcert-client -i** :
-           Preprocessor Object: SF_SSLPP  Version 1.1  <Build 4>
-           Preprocessor Object: SF_SSH  Version 1.1  <Build 3>
-           Preprocessor Object: SF_SMTP  Version 1.1  <Build 9>
-           Preprocessor Object: SF_SIP  Version 1.1  <Build 1>
-           Preprocessor Object: SF_SDF  Version 1.1  <Build 1>
-           Preprocessor Object: SF_REPUTATION  Version 1.1  <Build 1>
-           Preprocessor Object: SF_POP  Version 1.0  <Build 1>
-           Preprocessor Object: SF_MODBUS  Version 1.1  <Build 1>
-           Preprocessor Object: SF_IMAP  Version 1.0  <Build 1>
-           Preprocessor Object: SF_GTP  Version 1.1  <Build 1>
-           Preprocessor Object: SF_FTPTELNET  Version 1.2  <Build 13>
-           Preprocessor Object: SF_DNS  Version 1.1  <Build 4>
-           Preprocessor Object: SF_DNP3  Version 1.1  <Build 1>
-           Preprocessor Object: SF_DCERPC2  Version 1.0  <Build 3>
-Snort successfully validated the configuration!
+<code>
-Snort exiting
+[root@centos7 ~]# openvas-mkcert-client -i
-</code>
+This script will now ask you the relevant information to create the SSL client certificates for OpenVAS.
-=== Utilisation de snort en mode "packet sniffer" ===
+Client certificates life time in days [365]: 3650
+Your country (two letter code) [DE]: UK
+Your state or province name [none]: SURREY
+Your location (e.g. town) [Berlin]: ADDLESTONE
+Your organization [none]: I2TCH LIMITED
+Your organizational unit [none]: TRAINING
+**********
+We are going to ask you some question for each client certificate.
+If some question has a default answer, you can force an empty answer by entering a single dot '.'
+*********
+Client certificates life time in days [3650]:
+Country (two letter code) [UK]:
+State or province name [SURREY]:
+Location (e.g. town) [ADDLESTONE]:
+Organization [I2TCH LIMITED]:
+Organization unit [TRAINING]:
+e-Mail []: infos@i2tch.eu
+Generating RSA private key, 4096 bit long modulus
+....++
+.......++
+e is 65537 (0x10001)
+You are about to be asked to enter information that will be incorporated
+into your certificate request.
+What you are about to enter is what is called a Distinguished Name or a DN.
+There are quite a few fields but you can leave some blank
+For some fields there will be a default value,
+If you enter '.', the field will be left blank.
+-----
+Country Name (2 letter code) [DE]:State or Province Name (full name) [Some-State]:Locality Name (eg, city) []:Organization Name (eg, company) [Internet Widgits Pty Ltd]:Organizational Unit Name (eg, section) []:Common Name (eg, your name or your server's hostname) []:Email Address []:Using configuration from /tmp/openvas-mkcert-client.13962/stdC.cnf
+Check that the request matches the signature
+Signature ok
+The Subject's Distinguished Name is as follows
+countryName           :PRINTABLE:'UK'
+stateOrProvinceName   :ASN.1 12:'SURREY'
+localityName          :ASN.1 12:'ADDLESTONE'
+organizationName      :ASN.1 12:'I2TCH LIMITED'
+organizationalUnitName:ASN.1 12:'TRAINING'
+commonName            :ASN.1 12:'om'
+emailAddress          :IA5STRING:'infos@i2tch.eu'
+Certificate is to be certified until Jun 17 02:03:34 2028 GMT (3650 days)
+Write out database with 1 new entries
+Data Base Updated
+/bin/openvas-mkcert-client: line 370: [: argument expected
+</code>
-Pour visualiser les paquets à l'aide de snort, saisissez la commande suivante :
+Exécutez encore une fois la commande **openvas-check-setup** :
 <code>
-[root@centos7 ~]# snort -vde -c /etc/snort/snort.conf -l /var/log/snort
+[root@centos7 ~]# openvas-check-setup
+...
+Step 2: Checking OpenVAS Manager ...
+        OK: OpenVAS Manager is present in version 6.0.9.
+        OK: OpenVAS Manager client certificate is present as /etc/pki/openvas/CA/clientcert.pem.
+        ERROR: No OpenVAS Manager database found. (Tried: /var/lib/openvas/mgr/tasks.db)
+        FIX: Run 'openvasmd --rebuild' while OpenVAS Scanner is running.
+        WARNING: OpenVAS Scanner is NOT running!
+        SUGGEST: Start OpenVAS Scanner (openvassd).
+ ERROR: Your OpenVAS-8 installation is not yet complete!
 ...
-[root@centos7 ~]# ^C
 </code>
 <WRAP center round important 50%>
-**Important** - Notez l'utilisation de la combinaison de touches <key>^</key><key>c</key> pour arrêter la visualisation des paquets.
+**Important** - Notez l'erreur **ERROR: No OpenVAS Manager database found. (Tried: /var/lib/openvas/mgr/tasks.db).**
 </WRAP>
-Pour surveiller une interface réseau en particulier, saisissez la commande suivante :
+Afin de générer la base de données, OpenVAS Scanner doit être en cours d'exécution. Activez et démarrez donc le service :
 <code>
-[root@centos7 ~]# snort -vd -i enp0s3 -c /etc/snort/snort.conf
+[root@centos7 ~]# systemctl enable openvas-scanner
+Created symlink from /etc/systemd/system/multi-user.target.wants/openvas-scanner.service to /usr/lib/systemd/system/openvas-scanner.service.
+[root@centos7 ~]# systemctl start openvas-scanner
+[root@centos7 ~]# systemctl status openvas-scanner
+● openvas-scanner.service - OpenVAS Scanner
+   Loaded: loaded (/usr/lib/systemd/system/openvas-scanner.service; enabled; vendor preset: disabled)
+   Active: active (running) since Mon 2025-12-01 16:45:47 CET; 12s ago
+  Process: 8889 ExecStart=/usr/sbin/openvassd $SCANNER_PORT $SCANNER_LISTEN $SCANNER_SRCIP (code=exited, status=0/SUCCESS)
+ Main PID: 8890 (openvassd)
+   CGroup: /system.slice/openvas-scanner.service
+           ├─8890 openvassd: Reloaded 1200 of 138097 NVTs (0% / ETA: 22:48)
+           └─8891 openvassd (Loading Handler)
+Dec 01 16:45:47 centos7.fenestros.loc systemd[1]: Starting OpenVAS Scanner...
+Dec 01 16:45:47 centos7.fenestros.loc systemd[1]: Started OpenVAS Scanner.
+</code>
+Construisez maintenant la base de données :
+<code>
+[root@centos7 ~]# openvasmd --rebuild --progress
+Rebuilding NVT cache... done.
+</code>
+Exécutez de nouveau la commande **openvas-check-setup** :
+<code>
+[root@centos7 ~]# openvas-check-setup
+...
+Step 2: Checking OpenVAS Manager ...
+        OK: OpenVAS Manager is present in version 6.0.9.
+        OK: OpenVAS Manager client certificate is present as /etc/pki/openvas/CA/clientcert.pem.
+        OK: OpenVAS Manager database found in /var/lib/openvas/mgr/tasks.db.
+        OK: Access rights for the OpenVAS Manager database are correct.
+        OK: sqlite3 found, extended checks of the OpenVAS Manager installation enabled.
+        OK: OpenVAS Manager database is at revision 146.
+        OK: OpenVAS Manager expects database at revision 146.
+        OK: Database schema is up to date.
+        OK: OpenVAS Manager database contains information about 45654 NVTs.
+        ERROR: No users found. You need to create at least one user to log in.
+        It is recommended to have at least one user with role Admin.
+        FIX: create a user by running 'openvasmd --create-user=<name> --role=Admin && openvasmd --user=<name> --new-password=<password>'
 ...
-[root@centos7 ~]# ^C
 </code>
-=== Utilisation de snort en mode "packet logger" ===
+<WRAP center round important 50%>
+**Important** - Notez l'erreur **ERROR: No users found. You need to create at least one user to log in.**
+</WRAP>
-Pour rediriger la sortie à l'écran vers le fichier log **/var/log/snort**, saisissez la commande suivante :
+Créez donc un utilisateur :
 <code>
-[root@centos7 ~]# snort -de -l /var/log/snort -c /etc/snort/snort.conf
+[root@centos7 ~]# openvasmd --create-user=fenestros --role=Admin
+User created with password 'a5b5eaa9-3600-4604-bf20-bc10d7e5455b'.
+[root@centos7 ~]# openvasmd --user=fenestros --new-password=fenestros
+</code>
+Exécutez encore une fois la commande **openvas-check-setup** :
+<code>
+[root@centos7 ~]# openvas-check-setup
+...
+Step 2: Checking OpenVAS Manager ...
+        OK: OpenVAS Manager is present in version 6.0.9.
+        OK: OpenVAS Manager client certificate is present as /etc/pki/openvas/CA/clientcert.pem.
+        OK: OpenVAS Manager database found in /var/lib/openvas/mgr/tasks.db.
+        OK: Access rights for the OpenVAS Manager database are correct.
+        OK: sqlite3 found, extended checks of the OpenVAS Manager installation enabled.
+        OK: OpenVAS Manager database is at revision 146.
+        OK: OpenVAS Manager expects database at revision 146.
+        OK: Database schema is up to date.
+        OK: OpenVAS Manager database contains information about 45654 NVTs.
+        OK: At least one user exists.
+        ERROR: No OpenVAS SCAP database found. (Tried: /var/lib/openvas/scap-data/scap.db)
+        FIX: Run a SCAP synchronization script like openvas-scapdata-sync or greenbone-scapdata-sync.
+ ERROR: Your OpenVAS-8 installation is not yet complete!
 ...
-[root@centos7 ~]# ^C
 </code>
-===Journalisation===
+<WRAP center round important 50%>
+**Important** - Notez l'erreur **ERROR: No OpenVAS SCAP database found. (Tried: /var/lib/openvas/scap-data/scap.db).**
+</WRAP>
-Constatez le contenu de **/var/log/snort** :
+La prochaine étape donc consiste à récupérer la base SCAP (Security Content Automation Protocol).
+Créez le fichier **greenbone-feed-sync** :
 <code>
-[root@centos7 ~]# ls /var/log/snort/
+[root@centos7 ~]# vi greenbone-feed-sync
-merged.log  snort.log.1501937132  snort.log.1501937470  snort.log.1501943548
+[root@centos7 ~]# cat greenbone-feed-sync
+#!/bin/sh
+# Copyright (C) 2011-2020 Greenbone Networks GmbH
+#
+# SPDX-License-Identifier: AGPL-3.0-or-later
+#
+# This program is free software: you can redistribute it and/or modify
+# it under the terms of the GNU Affero General Public License as
+# published by the Free Software Foundation, either version 3 of the
+# License, or (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU Affero General Public License for more details.
+#
+# You should have received a copy of the GNU Affero General Public License
+# along with this program.  If not, see <http://www.gnu.org/licenses/>.
+# This script synchronizes a GVM installation with the
+# feed data from either the Greenbone Security Feed (in
+# case a GSF access key is present) or else from the Greenbone
+# Community Feed.
+log_notice () {
+  $LOG_CMD -p daemon.notice "$1"
+}
+########## SETTINGS
+########## ========
+# PRIVATE_SUBDIR defines a subdirectory of the feed data directory
+# where files not part of the feed or database will not be deleted by rsync.
+if [ -z "$PRIVATE_SUBDIR" ]
+then
+  PRIVATE_SUBDIR="private"
+fi
+# RSYNC_DELETE controls whether files which are not part of the repository will
+# be removed from the local directory after synchronization. The default value
+# for this setting is
+# "--delete --exclude feed.xml --exclude $PRIVATE_SUBDIR/",
+# which means that files which are not part of the feed, feed info or private
+# directory will be deleted.
+RSYNC_DELETE="--delete --exclude feed.xml --exclude \"$PRIVATE_SUBDIR/\""
+# RSYNC_SSH_OPTS contains options which should be passed to ssh for the rsync
+# connection to the repository.
+RSYNC_SSH_OPTS="-o \"UserKnownHostsFile=/dev/null\" -o \"StrictHostKeyChecking=no\""
+# RSYNC_COMPRESS specifies the compression level to use for the rsync connection.
+RSYNC_COMPRESS="--compress-level=9"
+# PORT controls the outgoing TCP port for updates. If PAT/Port-Translation is
+# not used, this should be "24". For some application layer firewalls or gates
+# the value 22 (Standard SSH) is useful. Only change if you know what you are
+# doing.
+PORT=24
+# SCRIPT_NAME is the name the scripts will use to identify itself and to mark
+# log messages.
+SCRIPT_NAME="greenbone-feed-sync"
+# LOG_CMD defines the command to use for logging. To have logger log to stderr
+# as well as syslog, add "-s" here.
+LOG_CMD="logger -t $SCRIPT_NAME"
+# LOCK_FILE is the name of the file used to lock the feed during sync or update.
+if [ -z "$LOCK_FILE" ]
+then
+  LOCK_FILE="@GVM_FEED_LOCK_PATH@"
+fi
+########## GLOBAL VARIABLES
+########## ================
+VERSION=@GVMD_VERSION@
+[ -r "@GVM_SYSCONF_DIR@/greenbone-feed-sync.conf" ] && . "@GVM_SYSCONF_DIR@/greenbone-feed-sync.conf"
+if [ -z "$DROP_USER" ]; then
+  DROP_USER="@GVM_DEFAULT_DROP_USER@"
+fi
+ACCESSKEY="@GVM_ACCESS_KEY_DIR@/gsf-access-key"
+# Note when running as root or restart as $DROP_USER if defined
+if [ $(id -u) -eq 0 ]
+then
+  if [ -z "$DROP_USER" ]
+  then
+    log_notice "Running as root"
+  else
+    log_notice "Started as root, restarting as $DROP_USER"
+    su --shell /bin/sh --command "$0 $*" "$DROP_USER"
+    exit $?
+  fi
+fi
+# Determine whether a GSF access key is present. If yes,
+# then use the Greenbone Security Feed. Else use the
+# Greenbone Community Feed.
+if [ -e $ACCESSKEY ]
+then
+  RESTRICTED=1
+  if [ -z "$FEED_VENDOR" ]; then
+    FEED_VENDOR="Greenbone Networks GmbH"
+  fi
+  if [ -z "$FEED_HOME" ]; then
+    FEED_HOME="https://www.greenbone.net/en/security-feed/"
+  fi
+else
+  RESTRICTED=0
+  if [ -z "$FEED_VENDOR" ]; then
+    FEED_VENDOR="Greenbone Networks GmbH"
+  fi
+  if [ -z "$FEED_HOME" ]; then
+    FEED_HOME="https://community.greenbone.net/t/about-greenbone-community-feed-gcf/1224"
+  fi
+fi
+RSYNC=`command -v rsync`
+# Current supported feed types (for --type parameter)
+FEED_TYPES_SUPPORTED="CERT, SCAP or GVMD_DATA"
+########## FUNCTIONS
+########## =========
+log_debug () {
+  $LOG_CMD -p daemon.debug "$1"
+}
+log_info () {
+  $LOG_CMD -p daemon.info "$1"
+}
+log_warning () {
+  $LOG_CMD -p daemon.warning "$1"
+}
+log_err () {
+  $LOG_CMD -p daemon.err "$1"
+}
+init_feed_type () {
+  if [ -z "$FEED_TYPE" ]
+  then
+    echo "No feed type given to --type parameter"
+    log_err "No feed type given to --type parameter"
+    exit 1
+  elif [ "CERT" = "$FEED_TYPE" ]
+  then
+    [ -r "@GVM_SYSCONF_DIR@/greenbone-certdata-sync.conf" ] && . "@GVM_SYSCONF_DIR@/greenbone-certdata-sync.conf"
+    FEED_TYPE_LONG="CERT data"
+    FEED_DIR="@GVM_CERT_DATA_DIR@"
+    TIMESTAMP="$FEED_DIR/timestamp"
+    SCRIPT_ID="CERTSYNC"
+    if [ -z "$COMMUNITY_CERT_RSYNC_FEED" ]; then
+      COMMUNITY_RSYNC_FEED="rsync://feed.community.greenbone.net:/cert-data"
+      # An alternative syntax which might work if the above doesn't:
+      # COMMUNITY_RSYNC_FEED="rsync@feed.community.greenbone.net::cert-data"
+    else
+      COMMUNITY_RSYNC_FEED="$COMMUNITY_CERT_RSYNC_FEED"
+    fi
+    GSF_RSYNC_PATH="/cert-data"
+    if [ -e $ACCESSKEY ]; then
+      if [ -z "$FEED_NAME" ]; then
+        FEED_NAME="Greenbone CERT Feed"
+      fi
+    else
+      if [ -z "$FEED_NAME" ]; then
+        FEED_NAME="Greenbone Community CERT Feed"
+      fi
+    fi
+  elif [ "SCAP" = "$FEED_TYPE" ]
+  then
+    [ -r "@GVM_SYSCONF_DIR@/greenbone-scapdata-sync.conf" ] && . "@GVM_SYSCONF_DIR@/greenbone-scapdata-sync.conf"
+    FEED_TYPE_LONG="SCAP data"
+    FEED_DIR="@GVM_SCAP_DATA_DIR@"
+    TIMESTAMP="$FEED_DIR/timestamp"
+    SCRIPT_ID="SCAPSYNC"
+    if [ -z "$COMMUNITY_SCAP_RSYNC_FEED" ]; then
+      COMMUNITY_RSYNC_FEED="rsync://feed.community.greenbone.net:/scap-data"
+      # An alternative syntax which might work if the above doesn't:
+      # COMMUNITY_RSYNC_FEED="rsync@feed.community.greenbone.net::scap-data"
+    else
+      COMMUNITY_RSYNC_FEED="$COMMUNITY_SCAP_RSYNC_FEED"
+    fi
+    GSF_RSYNC_PATH="/scap-data"
+    if [ -e $ACCESSKEY ]; then
+      if [ -z "$FEED_NAME" ]; then
+        FEED_NAME="Greenbone SCAP Feed"
+      fi
+    else
+      if [ -z "$FEED_NAME" ]; then
+        FEED_NAME="Greenbone Community SCAP Feed"
+      fi
+    fi
+  elif [ "GVMD_DATA" = "$FEED_TYPE" ]
+  then
+    [ -r "@GVM_SYSCONF_DIR@/greenbone-data-objects-sync.conf" ] && . "@GVM_SYSCONF_DIR@/greenbone-data-objects-sync.conf"
+    FEED_TYPE_LONG="gvmd Data"
+    FEED_DIR="@GVMD_FEED_DIR@"
+    TIMESTAMP="$FEED_DIR/timestamp"
+    SCRIPT_ID="GVMD_DATA_SYNC"
+    if [ -z "$COMMUNITY_GVMD_DATA_RSYNC_FEED" ]; then
+      COMMUNITY_RSYNC_FEED="rsync://feed.community.greenbone.net:/data-objects/gvmd/"
+      # An alternative syntax which might work if the above doesn't:
+      # COMMUNITY_RSYNC_FEED="rsync@feed.community.greenbone.net::data-objects/gvmd/"
+    else
+      COMMUNITY_RSYNC_FEED="$COMMUNITY_GVMD_DATA_RSYNC_FEED"
+    fi
+    GSF_RSYNC_PATH="/data-objects/gvmd/"
+    if [ -e $ACCESSKEY ]; then
+      if [ -z "$FEED_NAME" ]; then
+        FEED_NAME="Greenbone gvmd Data Feed"
+      fi
+    else
+      if [ -z "$FEED_NAME" ]; then
+        FEED_NAME="Greenbone Community gvmd Data Feed"
+      fi
+    fi
+  else
+    echo "Invalid feed type $FEED_TYPE given to --type parameter. Currently supported: $FEED_TYPES_SUPPORTED"
+    log_err "Invalid feed type $FEED_TYPE given to --type parameter. Currently supported: $FEED_TYPES_SUPPORTED"
+    exit 1
+  fi
+}
+write_feed_xml () {
+  if [ -r $TIMESTAMP ]
+  then
+    FEED_VERSION=`cat $TIMESTAMP`
+  else
+    FEED_VERSION=0
+  fi
+  mkdir -p $FEED_DIR
+  echo '<feed id="6315d194-4b6a-11e7-a570-28d24461215b">' > $FEED_DIR/feed.xml
+  echo "<type>$FEED_TYPE</type>" >> $FEED_DIR/feed.xml
+  echo "<name>$FEED_NAME</name>" >> $FEED_DIR/feed.xml
+  echo "<version>$FEED_VERSION</version>" >> $FEED_DIR/feed.xml
+  echo "<vendor>$FEED_VENDOR</vendor>" >> $FEED_DIR/feed.xml
+  echo "<home>$FEED_HOME</home>" >> $FEED_DIR/feed.xml
+  echo "<description>" >> $FEED_DIR/feed.xml
+  echo "This script synchronizes a $FEED_TYPE collection with the '$FEED_NAME'." >> $FEED_DIR/feed.xml
+  echo "The '$FEED_NAME' is provided by '$FEED_VENDOR'." >> $FEED_DIR/feed.xml
+  echo "Online information about this feed: '$FEED_HOME'." >> $FEED_DIR/feed.xml
+  echo "</description>" >> $FEED_DIR/feed.xml
+  echo "</feed>" >> $FEED_DIR/feed.xml
+}
+create_tmp_key () {
+  KEYTEMPDIR=`mktemp -d`
+  cp "$ACCESSKEY" "$KEYTEMPDIR"
+  TMPACCESSKEY="$KEYTEMPDIR/gsf-access-key"
+  chmod 400 "$TMPACCESSKEY"
+}
+remove_tmp_key () {
+  rm -rf "$KEYTEMPDIR"
+}
+set_interrupt_trap () {
+  trap "handle_interrupt $1" 2
+}
+handle_interrupt () {
+  echo "$1:X" >&3
+}
+do_describe () {
+  echo "This script synchronizes a $FEED_TYPE collection with the '$FEED_NAME'."
+  echo "The '$FEED_NAME' is provided by '$FEED_VENDOR'."
+  echo "Online information about this feed: '$FEED_HOME'."
+}
+do_feedversion () {
+  if [ -r $TIMESTAMP ]; then
+      cat $TIMESTAMP
+  fi
+}
+# This function uses gos-state-manager to get information about the settings.
+# gos-state-manager is only available on a Greenbone OS.
+# If gos-state-manager is missing the settings values can not be retrieved.
+#
+# Input: option
+# Output: value as string or empty String if gos-state-manager is not installed
+#         or option not set
+get_value ()
+{
+  value=""
+  key=$1
+  if which gos-state-manager 1>/dev/null 2>&1
+  then
+    if gos-state-manager get "$key.value" 1>/dev/null 2>&1
+    then
+      value="$(gos-state-manager get "$key.value")"
+    fi
+  fi
+  echo "$value"
+}
+is_feed_current () {
+  if [ -r $TIMESTAMP ]
+  then
+    FEED_VERSION=`cat $TIMESTAMP`
+  fi
+  if [ -z "$FEED_VERSION" ]
+  then
+    log_warning "Could not determine feed version."
+    FEED_CURRENT=0
+    return $FEED_CURRENT
+  fi
+  FEED_INFO_TEMP_DIR=`mktemp -d`
+  if [ -e $ACCESSKEY ]
+  then
+    read feeduser < $ACCESSKEY
+    custid_at_host=`head -1 $ACCESSKEY | cut -d : -f 1`
+    if [ -z "$feeduser" ] || [ -z "$custid_at_host" ]
+    then
+      log_err "Could not determine credentials, aborting synchronization."
+      rm -rf "$FEED_INFO_TEMP_DIR"
+      exit 1
+    fi
+    gsmproxy=$(get_value proxy_feed | sed -r -e 's/^.*\/\///' -e 's/:([0-9]+)$/ \1/')
+    syncport=$(get_value syncport)
+    if [ "$syncport" ]
+    then
+      PORT="$syncport"
+    fi
+    if [ -z "$gsmproxy" ] || [ "$gsmproxy" = "proxy_feed" ]
+    then
+      RSYNC_SSH_PROXY_CMD=""
+    else
+      if [ -e $GVM_SYSCONF_DIR/proxyauth ] && [ -r $GVM_SYSCONF_DIR/proxyauth ]; then
+        RSYNC_SSH_PROXY_CMD="-o \"ProxyCommand corkscrew $gsmproxy %h %p $GVM_SYSCONF_DIR/proxyauth\""
+      else
+        RSYNC_SSH_PROXY_CMD="-o \"ProxyCommand corkscrew $gsmproxy %h %p\""
+      fi
+    fi
+    create_tmp_key
+    rsync -e "ssh $RSYNC_SSH_OPTS $RSYNC_SSH_PROXY_CMD -p $PORT -i $TMPACCESSKEY" -ltvrP --chmod=D+x $RSYNC_DELETE $RSYNC_COMPRESS $custid_at_host:$GSF_RSYNC_PATH/timestamp "$FEED_INFO_TEMP_DIR"
+    if [ $? -ne 0 ]
+    then
+      log_err "rsync failed, aborting synchronization."
+      rm -rf "$FEED_INFO_TEMP_DIR"
+      remove_tmp_key
+      exit 1
+    fi
+    remove_tmp_key
+  else
+    # Sleep for five seconds (a previous feed might have been synced a few seconds before) to prevent
+    # IP blocking due to network equipment in between keeping the previous connection too long open.
+    sleep 5
+    log_notice "No Greenbone Security Feed access key found, falling back to Greenbone Community Feed"
+    eval "$RSYNC -ltvrP \"$COMMUNITY_RSYNC_FEED/timestamp\" \"$FEED_INFO_TEMP_DIR\""
+    if [ $? -ne 0 ]
+    then
+      log_err "rsync failed, aborting synchronization."
+      rm -rf "$FEED_INFO_TEMP_DIR"
+      exit 1
+    fi
+  fi
+  FEED_VERSION_SERVER=`cat "$FEED_INFO_TEMP_DIR/timestamp"`
+  if [ -z "$FEED_VERSION_SERVER" ]
+  then
+    log_err "Could not determine server feed version."
+    rm -rf "$FEED_INFO_TEMP_DIR"
+    exit 1
+  fi
+  # Check against FEED_VERSION
+  if [ $FEED_VERSION -lt $FEED_VERSION_SERVER ]; then
+    FEED_CURRENT=0
+  else
+    FEED_CURRENT=1
+  fi
+  # Cleanup
+  rm -rf "$FEED_INFO_TEMP_DIR"
+  return $FEED_CURRENT
+}
+do_help () {
+  echo "$0: Sync feed data"
+  if [ -e $ACCESSKEY ]
+  then
+    echo "GSF access key found: Using Greenbone Security Feed"
+  else
+    echo "No GSF access key found: Using Community Feed"
+  fi
+  echo " --describe      display current feed info"
+  echo " --feedversion   display version of this feed"
+  echo " --help          display this help"
+  echo " --identify      display information"
+  echo " --selftest      perform self-test"
+  echo " --type <TYPE>   choose type of data to sync ($FEED_TYPES_SUPPORTED)"
+  echo " --version       display version"
+  echo ""
+  exit 0
+}
+do_rsync_community_feed () {
+  if [ -z "$RSYNC" ]; then
+    log_err "rsync not found!"
+  else
+    # Sleep for five seconds (after is_feed_current) to prevent IP blocking due to
+    # network equipment in between keeping the previous connection too long open.
+    sleep 5
+    log_notice "Using rsync: $RSYNC"
+    log_notice "Configured $FEED_TYPE_LONG rsync feed: $COMMUNITY_RSYNC_FEED"
+    mkdir -p "$FEED_DIR"
+    eval "$RSYNC -ltvrP $RSYNC_DELETE \"$COMMUNITY_RSYNC_FEED\" \"$FEED_DIR\""
+    if [ $? -ne 0 ]; then
+      log_err "rsync failed. Your $FEED_TYPE_LONG might be broken now."
+      exit 1
+    fi
+  fi
+}
+do_sync_community_feed () {
+  if [ -z "$RSYNC" ]; then
+    log_err "rsync not found!"
+    log_err "No utility available in PATH environment variable to download Feed data"
+    exit 1
+  else
+    log_notice "Will use rsync"
+    do_rsync_community_feed
+  fi
+}
+sync_feed_data(){
+  if [ -e $ACCESSKEY ]
+  then
+    log_notice "Found Greenbone Security Feed subscription file, trying to synchronize with Greenbone $FEED_TYPE_LONG Repository ..."
+    notsynced=1
+    mkdir -p "$FEED_DIR"
+    read feeduser < $ACCESSKEY
+    custid_at_host=`head -1 $ACCESSKEY | cut -d : -f 1`
+    if [ -z "$feeduser" ] || [ -z "$custid_at_host" ]
+    then
+      log_err "Could not determine credentials, aborting synchronization."
+      exit 1
+    fi
+    while [ 0 -ne "$notsynced" ]
+    do
+      gsmproxy=$(get_value proxy_feed | sed -r -e 's/^.*\/\///' -e 's/:([0-9]+)$/ \1/')
+      syncport=$(get_value syncport)
+      if [ "$syncport" ]
+      then
+        PORT="$syncport"
+      fi
+      if [ -z "$gsmproxy" ] || [ "$gsmproxy" = "proxy_feed" ]
+      then
+        RSYNC_SSH_PROXY_CMD=""
+      else
+        if [ -e $GVM_SYSCONF_DIR/proxyauth ] && [ -r $GVM_SYSCONF_DIR/proxyauth ]; then
+          RSYNC_SSH_PROXY_CMD="-o \"ProxyCommand corkscrew $gsmproxy %h %p $GVM_SYSCONF_DIR/proxyauth\""
+        else
+          RSYNC_SSH_PROXY_CMD="-o \"ProxyCommand corkscrew $gsmproxy %h %p\""
+        fi
+      fi
+      create_tmp_key
+      rsync -e "ssh $RSYNC_SSH_OPTS $RSYNC_SSH_PROXY_CMD -p $PORT -i $ACCESSKEY" -ltvrP --chmod=D+x $RSYNC_DELETE $RSYNC_COMPRESS $custid_at_host:$GSF_RSYNC_PATH/ $FEED_DIR
+      if [ 0 -ne "$?" ]; then
+        log_err "rsync failed, aborting synchronization."
+        remove_tmp_key
+        exit 1
+      fi
+      remove_tmp_key
+      notsynced=0
+    done
+    log_notice "Synchronization with the Greenbone $FEED_TYPE_LONG Repository successful."
+  else
+    log_notice "No Greenbone Security Feed access key found, falling back to Greenbone Community Feed"
+    do_sync_community_feed
+  fi
+  write_feed_xml
+}
+do_self_test () {
+  if [ -z "$SELFTEST_STDERR" ]
+  then
+    SELFTEST_STDERR=0
+  fi
+  if [ -z "$RSYNC" ]
+  then
+    if [ 0 -ne $SELFTEST_STDERR ]
+    then
+      echo "rsync not found (required)." 1>&2
+    fi
+    log_err "rsync not found (required)."
+    SELFTEST_FAIL=1
+  fi
+}
+########## START
+########## =====
+while test $# -gt 0; do
+  case "$1" in
+    "--version"|"--identify"|"--describe"|"--feedversion"|"--selftest"|"--feedcurrent")
+      if [ -z "$ACTION" ]; then
+        ACTION="$1"
+      fi
+      ;;
+    "--help")
+      do_help
+      exit 0
+      ;;
+    "--type")
+      FEED_TYPE=$(echo "$2" | tr '[:lower:]-' '[:upper:]_')
+      shift
+      ;;
+  esac
+  shift
+done
+init_feed_type
+write_feed_xml
+case "$ACTION" in
+  --version)
+    echo $VERSION
+    exit 0
+    ;;
+  --identify)
+    echo "$SCRIPT_ID|$SCRIPT_NAME|$VERSION|$FEED_NAME|$RESTRICTED|$SCRIPT_ID"
+    exit 0
+    ;;
+  --describe)
+    do_describe
+    exit 0
+    ;;
+  --feedversion)
+    do_feedversion
+    exit 0
+    ;;
+  --selftest)
+    SELFTEST_FAIL=0
+    SELFTEST_STDERR=1
+    do_self_test
+    exit $SELFTEST_FAIL
+    ;;
+  --feedcurrent)
+    is_feed_current
+    exit $?
+    ;;
+esac
+SELFTEST_FAIL=0
+do_self_test
+if [ $SELFTEST_FAIL -ne 0 ]
+then
+  exit 1
+fi
+is_feed_current
+if [ $FEED_CURRENT -eq 1 ]
+then
+  log_notice "Feed is already current, skipping synchronization."
+  exit 0
+fi
+(
+  chmod +660 $LOCK_FILE
+  flock -n 9
+  if [ $? -eq 1 ]; then
+    log_notice "Sync in progress, exiting."
+    exit 1
+  fi
+  date > $LOCK_FILE
+  sync_feed_data
+  echo -n > $LOCK_FILE
+) 9>>$LOCK_FILE
+exit 0
 </code>
-Constatez le contenu du fichier de journalisation :
+Rendez le script exécutable :
 <code>
-[root@centos7 ~]# tail /var/log/snort/snort.log.1501943548
+[root@centos7 ~]# chmod +x greenbone-feed-sync
+</code>
-����;���3P����օY&��RT5'�E���@@��
-�Ҡ��3��;P����I�N��yE��K��=��!�ޚ�UKuD}�[�c���K��۸3��uNý�@�Mo(9�ٮ���c��n��]��`G�����LJ� ��օYJZ'��RT5EL=j@%2
-����;���3P��..����jV���
-                            ������]l�S�����W�h���օYO<'��RT5E(=k@%U
-����_��������օY���RT5'�E���@@�k
-�Ҡ����_P�����G}&2�!̴������I�����AR��!�F|�?��A��"X��-V_�Љ4����"��Ab�Ъ����bb�}�K�Dd[root@centos7 ~]# ى���]Xh-et����qB������
+Déplacez le script vers **/usr/sbin/** :
+<code>
+[root@centos7 ~]# mv greenbone-feed-sync /usr/sbin/
 </code>
-Ce fichier étant au format **PCAP binaire**, vous pouvez le lire avec la commande suivante :
+Créez le répertoire **/var/lib/openvas/scap-data/** :
 <code>
-[root@centos7 ~]# snort -r /var/log/snort/snort.log.1501943548 | more
+[root@centos7 ~]# mkdir /var/lib/openvas/scap-data/
 </code>
-Notez que ce fichier peut aussi être lu par la commande **tcpdump** :
+Devenez l'utilisateur trainee et mettez à jour les modules d'extensions de OpenVAS :
 <code>
-[root@centos7 ~]# tcpdump -r /var/log/snort/snort.log.1501943548 | more
+[root@centos7 ~]# su - trainee
-reading from file /var/log/snort/snort.log.1501943548, link-type EN10MB (Ethernet)
+Last login: Mon Dec  1 17:30:45 CET 2025 on pts/0
-:32:28.316281 IP 15.2.0.10.rev.sfr.net.ssh > 2.2.0.10.rev.sfr.net.48338: Flags [P.], seq 2695230935:2695231611, ack 28164311, win 534
-, length 676
+[trainee@centos7 ~]$ touch /var/lib/openvas/scap-data/scap.db
-:32:28.316485 IP 2.2.0.10.rev.sfr.net.48338 > 15.2.0.10.rev.sfr.net.ssh: Flags [.], ack 676, win 65535, length 0
-:32:28.318511 IP 15.2.0.10.rev.sfr.net.ssh > 2.2.0.10.rev.sfr.net.48338: Flags [P.], seq 676:768, ack 1, win 53440, length 92
+[trainee@centos7 ~]$ greenbone-feed-sync --type SCAP
-:32:28.318706 IP 2.2.0.10.rev.sfr.net.48338 > 15.2.0.10.rev.sfr.net.ssh: Flags [.], ack 768, win 65535, length 0
+Greenbone community feed server - http://feed.community.greenbone.net/
-:32:28.318799 IP 15.2.0.10.rev.sfr.net.ssh > 2.2.0.10.rev.sfr.net.48338: Flags [P.], seq 768:860, ack 1, win 53440, length 92
+This service is hosted by Greenbone Networks - http://www.greenbone.net/
-:32:28.318963 IP 2.2.0.10.rev.sfr.net.48338 > 15.2.0.10.rev.sfr.net.ssh: Flags [.], ack 860, win 65535, length 0
-:32:28.319081 IP 15.2.0.10.rev.sfr.net.ssh > 2.2.0.10.rev.sfr.net.48338: Flags [P.], seq 860:952, ack 1, win 53440, length 92
+All transactions are logged.
-:32:28.319220 IP 2.2.0.10.rev.sfr.net.48338 > 15.2.0.10.rev.sfr.net.ssh: Flags [.], ack 952, win 65535, length 0
-:32:28.319278 IP 15.2.0.10.rev.sfr.net.ssh > 2.2.0.10.rev.sfr.net.48338: Flags [P.], seq 952:1044, ack 1, win 53440, length 92
+If you have any questions, please use the Greenbone community portal.
-:32:28.319373 IP 2.2.0.10.rev.sfr.net.48338 > 15.2.0.10.rev.sfr.net.ssh: Flags [.], ack 1044, win 65535, length 0
+See https://community.greenbone.net for details.
-:32:28.319457 IP 15.2.0.10.rev.sfr.net.ssh > 2.2.0.10.rev.sfr.net.48338: Flags [P.], seq 1044:1136, ack 1, win 53440, length 92
-:32:28.319544 IP 2.2.0.10.rev.sfr.net.48338 > 15.2.0.10.rev.sfr.net.ssh: Flags [.], ack 1136, win 65535, length 0
+By using this service you agree to our terms and conditions.
-:32:28.319624 IP 15.2.0.10.rev.sfr.net.ssh > 2.2.0.10.rev.sfr.net.48338: Flags [P.], seq 1136:1228, ack 1, win 53440, length 92
-:32:28.319734 IP 2.2.0.10.rev.sfr.net.48338 > 15.2.0.10.rev.sfr.net.ssh: Flags [.], ack 1228, win 65535, length 0
+Only one sync per time, otherwise the source ip will be temporarily blocked.
-:32:28.319787 IP 15.2.0.10.rev.sfr.net.ssh > 2.2.0.10.rev.sfr.net.48338: Flags [P.], seq 1228:1320, ack 1, win 53440, length 92
-:32:28.319972 IP 2.2.0.10.rev.sfr.net.48338 > 15.2.0.10.rev.sfr.net.ssh: Flags [.], ack 1320, win 65535, length 0
-:32:28.320041 IP 15.2.0.10.rev.sfr.net.ssh > 2.2.0.10.rev.sfr.net.48338: Flags [P.], seq 1320:1412, ack 1, win 53440, length 92
+receiving incremental file list
-:32:28.320186 IP 2.2.0.10.rev.sfr.net.48338 > 15.2.0.10.rev.sfr.net.ssh: Flags [.], ack 1412, win 65535, length 0
+timestamp
-:32:28.320240 IP 15.2.0.10.rev.sfr.net.ssh > 2.2.0.10.rev.sfr.net.48338: Flags [P.], seq 1412:1504, ack 1, win 53440, length 92
+100%   12.70kB/s    0:00:00 (xfr#1, to-chk=0/1)
-:32:28.320397 IP 2.2.0.10.rev.sfr.net.48338 > 15.2.0.10.rev.sfr.net.ssh: Flags [.], ack 1504, win 65535, length 0
-:32:28.320451 IP 15.2.0.10.rev.sfr.net.ssh > 2.2.0.10.rev.sfr.net.48338: Flags [P.], seq 1504:1596, ack 1, win 53440, length 92
+sent 43 bytes  received 108 bytes  100.67 bytes/sec
-:32:28.320606 IP 2.2.0.10.rev.sfr.net.48338 > 15.2.0.10.rev.sfr.net.ssh: Flags [.], ack 1596, win 65535, length 0
+total size is 13  speedup is 0.09
-:32:28.320659 IP 15.2.0.10.rev.sfr.net.ssh > 2.2.0.10.rev.sfr.net.48338: Flags [P.], seq 1596:1688, ack 1, win 53440, length 92
+Greenbone community feed server - http://feed.community.greenbone.net/
-:32:28.320816 IP 2.2.0.10.rev.sfr.net.48338 > 15.2.0.10.rev.sfr.net.ssh: Flags [.], ack 1688, win 65535, length 0
+This service is hosted by Greenbone Networks - http://www.greenbone.net/
-:32:28.320869 IP 15.2.0.10.rev.sfr.net.ssh > 2.2.0.10.rev.sfr.net.48338: Flags [P.], seq 1688:1780, ack 1, win 53440, length 92
-:32:28.320991 IP 2.2.0.10.rev.sfr.net.48338 > 15.2.0.10.rev.sfr.net.ssh: Flags [.], ack 1780, win 65535, length 0
+All transactions are logged.
-:32:28.321047 IP 15.2.0.10.rev.sfr.net.ssh > 2.2.0.10.rev.sfr.net.48338: Flags [P.], seq 1780:1872, ack 1, win 53440, length 92
-:32:28.321161 IP 2.2.0.10.rev.sfr.net.48338 > 15.2.0.10.rev.sfr.net.ssh: Flags [.], ack 1872, win 65535, length 0
+If you have any questions, please use the Greenbone community portal.
-:32:28.321232 IP 15.2.0.10.rev.sfr.net.ssh > 2.2.0.10.rev.sfr.net.48338: Flags [P.], seq 1872:1964, ack 1, win 53440, length 92
+See https://community.greenbone.net for details.
-:32:28.321355 IP 2.2.0.10.rev.sfr.net.48338 > 15.2.0.10.rev.sfr.net.ssh: Flags [.], ack 1964, win 65535, length 0
-:32:28.321426 IP 15.2.0.10.rev.sfr.net.ssh > 2.2.0.10.rev.sfr.net.48338: Flags [P.], seq 1964:2056, ack 1, win 53440, length 92
+By using this service you agree to our terms and conditions.
-:32:28.321533 IP 2.2.0.10.rev.sfr.net.48338 > 15.2.0.10.rev.sfr.net.ssh: Flags [.], ack 2056, win 65535, length 0
-:32:28.321589 IP 15.2.0.10.rev.sfr.net.ssh > 2.2.0.10.rev.sfr.net.48338: Flags [P.], seq 2056:2148, ack 1, win 53440, length 92
+Only one sync per time, otherwise the source ip will be temporarily blocked.
-:32:28.321695 IP 2.2.0.10.rev.sfr.net.48338 > 15.2.0.10.rev.sfr.net.ssh: Flags [.], ack 2148, win 65535, length 0
---More--
+receiving incremental file list
+./
+COPYING
+,187 100%    1.13MB/s    0:00:00 (xfr#1, to-chk=26/28)
+nvdcve-2.0-2002.xml
+,533,351 100%   62.30MB/s    0:00:00 (xfr#2, to-chk=25/28)
+nvdcve-2.0-2003.xml
+,744,330 100%   13.55MB/s    0:00:00 (xfr#3, to-chk=24/28)
+nvdcve-2.0-2004.xml
+,416,639 100%   24.47MB/s    0:00:00 (xfr#4, to-chk=23/28)
+nvdcve-2.0-2005.xml
+,701,047 100%   23.22MB/s    0:00:00 (xfr#5, to-chk=22/28)
+nvdcve-2.0-2006.xml
+,320,892 100%   28.82MB/s    0:00:00 (xfr#6, to-chk=21/28)
+nvdcve-2.0-2007.xml
+,567,434 100%   22.08MB/s    0:00:01 (xfr#7, to-chk=20/28)
+nvdcve-2.0-2008.xml
+,775,037 100%   37.41MB/s    0:00:00 (xfr#8, to-chk=19/28)
+nvdcve-2.0-2009.xml
+,996,918 100%   17.06MB/s    0:00:01 (xfr#9, to-chk=18/28)
+nvdcve-2.0-2010.xml
+,684,286 100%   65.87MB/s    0:00:00 (xfr#10, to-chk=17/28)
+nvdcve-2.0-2011.xml
+,905,485 100%   51.13MB/s    0:00:01 (xfr#11, to-chk=16/28)
+nvdcve-2.0-2012.xml
+,859,075 100%  152.18MB/s    0:00:00 (xfr#12, to-chk=15/28)
+nvdcve-2.0-2013.xml
+,064,147 100%   48.94MB/s    0:00:01 (xfr#13, to-chk=14/28)
+nvdcve-2.0-2014.xml
+,694,839 100%   48.34MB/s    0:00:01 (xfr#14, to-chk=13/28)
+nvdcve-2.0-2015.xml
+,671,234 100%  227.33MB/s    0:00:00 (xfr#15, to-chk=12/28)
+nvdcve-2.0-2016.xml
+,692,009 100%  172.29MB/s    0:00:00 (xfr#16, to-chk=11/28)
+nvdcve-2.0-2017.xml
+,948,654 100%  141.52MB/s    0:00:01 (xfr#17, to-chk=10/28)
+nvdcve-2.0-2018.xml
+,761,959 100%  156.30MB/s    0:00:01 (xfr#18, to-chk=9/28)
+nvdcve-2.0-2019.xml
+,685,784 100%  172.95MB/s    0:00:01 (xfr#19, to-chk=8/28)
+nvdcve-2.0-2020.xml
+,835,369 100%  134.53MB/s    0:00:02 (xfr#20, to-chk=7/28)
+nvdcve-2.0-2021.xml
+,673,740 100%  155.72MB/s    0:00:02 (xfr#21, to-chk=6/28)
+nvdcve-2.0-2022.xml
+,192,055 100%  111.53MB/s    0:00:06 (xfr#22, to-chk=5/28)
+nvdcve-2.0-2023.xml
+,785,077 100%   67.83MB/s    0:00:08 (xfr#23, to-chk=4/28)
+nvdcve-2.0-2024.xml
+,757,332 100%   73.89MB/s    0:00:11 (xfr#24, to-chk=3/28)
+nvdcve-2.0-2025.xml
+,360,705 100%  127.96MB/s    0:00:03 (xfr#25, to-chk=2/28)
+official-cpe-dictionary_v2.2.xml
+,852,577 100%  251.59MB/s    0:00:02 (xfr#26, to-chk=1/28)
+timestamp
+100%   12.70kB/s    0:00:00 (xfr#27, to-chk=0/28)
+sent 2,186,887 bytes  received 11,127,079 bytes  117,303.67 bytes/sec
+total size is 5,773,481,175  speedup is 433.64
+[trainee@centos7 ~]$ greenbone-scapdata-sync
+[trainee@centos7 ~]$ exit
 </code>
 <WRAP center round important 50%>
-**Important** - Vous pouvez utiliser le logiciel Wireshark pour visulaiser le contenu du fichier en mode graphique.
+**Important** - En cas d'erreur, relancez simplement la commande.
 </WRAP>
-Dernièrement, notez qu'il est aussi possible de ne journaliser le trafic que sur un seul réseau :
+Exécutez de nouveau la commande **openvas-check-setup** :
-  # snort -de -l /var/log/snort -h 10.0.2.0/24
+<code>
+[root@centos7 ~]# openvas-check-setup
+...
+Step 2: Checking OpenVAS Manager ...
+        OK: OpenVAS Manager is present in version 6.0.9.
+        OK: OpenVAS Manager client certificate is present as /etc/pki/openvas/CA/clientcert.pem.
+        OK: OpenVAS Manager database found in /var/lib/openvas/mgr/tasks.db.
+        OK: Access rights for the OpenVAS Manager database are correct.
+        OK: sqlite3 found, extended checks of the OpenVAS Manager installation enabled.
+        OK: OpenVAS Manager database is at revision 146.
+        OK: OpenVAS Manager expects database at revision 146.
+        OK: Database schema is up to date.
+        OK: OpenVAS Manager database contains information about 45654 NVTs.
+        OK: At least one user exists.
+        OK: OpenVAS SCAP database found in /var/lib/openvas/scap-data/scap.db.
+        ERROR: No OpenVAS CERT database found. (Tried: /var/lib/openvas/cert-data/cert.db)
+        FIX: Run a CERT synchronization script like openvas-certdata-sync or greenbone-certdata-sync.
+ ERROR: Your OpenVAS-8 installation is not yet complete!
+...
+</code>
 <WRAP center round important 50%>
-**Important** - Notez l'utilisation des options suivantes : **-l** indique le fichier de journalisation**, -h** indique le **home-net**.
+**Important** - Notez l'erreur **ERROR: No OpenVAS CERT database found. (Tried: /var/lib/openvas/cert-data/cert.db).**
 </WRAP>
-Pour lancer snort en arrière plan afin de surveiller l'interface **enp0s3**, utilisez la commande suivante :
+Créez le fichier **/var/lib/openvas/cert-data/cert.db** :
 <code>
-[root@centos7 ~]# /usr/sbin/snort -A fast -b -d -D -i enp0s3 -u snort -g snort -c /etc/snort/snort.conf -l /var/log/snort &
+[root@centos7 ~]# touch /var/lib/openvas/cert-data/cert.db
-[1] 19281
-[root@centos7 ~]# Spawning daemon child...
-My daemon child 19401 lives...
-Daemon parent exiting (0)
-^C
-[1]+  Done                    /usr/sbin/snort -A fast -b -d -D -i enp0s3 -u snort -g snort -c /etc/snort/snort.conf -l /var/log/snort
-[root@centos7 ~]# ps aux | grep snort
-snort    19401  0.0 24.6 850984 504544 ?       Ssl  11:03   0:00 /usr/sbin/snort -A fast -b -d -D -i enp0s3 -u snort -g snort -c /etc/snort/snort.conf -l /var/log/snort
-root     19688  0.0  0.0 114692   964 pts/0    R+   11:04   0:00 grep --color=auto snort
 </code>
-Pour arrêter ce processus, utilisez al commande **kill**:
+Exécutez la commande **openvas-certdata-sync** :
 <code>
-[root@centos7 ~]# ps aux | grep snort
+[root@centos7 ~]# openvas-certdata-sync
-snort    19401  0.0 24.6 850984 504692 ?       Ssl  11:03   0:00 /usr/sbin/snort -A fast -b -d -D -i enp0s3 -u snort -g snort -c /etc/snort/snort.conf -l /var/log/snort
-root     20521  0.0  0.0 114692   964 pts/0    R+   11:07   0:00 grep --color=auto snort
-[root@centos7 ~]# kill 19401
-[root@centos7 ~]# ps aux | grep snort
-root     20568  0.0  0.0 114692   968 pts/0    R+   11:07   0:00 grep --color=auto snort
 </code>
-====LAB #3 - Mise en place du Système de Détection et de Prévention d'Intrusion Portsentry====
+Exécutez encore une fois la commande **openvas-check-setup** :
-Portsentry est un **S**ystème de **D**étection et de **Prévention** d'**I**ntrusion (SDPI) qui surveille les requêtes entrantes et en cas d'anomalie bloque l'adresse IP de l'attaquant en inscrivant une règle dans le pare-feu NetFilter (Iptables).
+<code>
+[root@centos7 ~]# openvas-check-setup
+openvas-check-setup 2.3.3
+  Test completeness and readiness of OpenVAS-8
+  (add '--v6' or '--v7' or '--v9'
+   if you want to check for another OpenVAS version)
-=== Installation ===
+  Please report us any non-detected problems and
+  help us to improve this check routine:
+  http://lists.wald.intevation.org/mailman/listinfo/openvas-discuss
-Sous RHEL/CentOS 7, **portsentry** n'est pas installé par défaut. Qui plus est **portsentry** ne se trouve pas dans les dépôts standards. Installez donc le paquet **portsentry-1.2-1.el5.x86_64.rpm** à partir de l'URL ci-dessous :
+  Send us the log-file (/tmp/openvas-check-setup.log) to help analyze the problem.
-<code>
+  Use the parameter --server to skip checks for client tools
-[root@centos7 ~]# rpm -ivh https://www.dropbox.com/scl/fi/v1iniimmjkvj0kx6xllmt/portsentry-1.2-1.el5.x86_64.rpm?rlkey=zyyvgd2a1ksi27y2v2maf6fuh&st=ovf7z0d1
+  like GSD and OpenVAS-CLI.
-Loaded plugins: fastestmirror, langpacks
-portsentry-1.2-1.el5.x86_64.rpm                                                                                 |  53 kB  00:00:00
-Examining /var/tmp/yum-root-qpYJaP/portsentry-1.2-1.el5.x86_64.rpm: portsentry-1.2-1.el5.x86_64
-Marking /var/tmp/yum-root-qpYJaP/portsentry-1.2-1.el5.x86_64.rpm to be installed
-Resolving Dependencies
---> Running transaction check
----> Package portsentry.x86_64 0:1.2-1.el5 will be installed
---> Finished Dependency Resolution
-adobe-linux-x86_64                                                                                              | 2.9 kB  00:00:00
-base/7/x86_64                                                                                                   | 3.6 kB  00:00:00
-extras/7/x86_64                                                                                                 | 3.4 kB  00:00:00
-updates/7/x86_64                                                                                                | 3.4 kB  00:00:00
-Dependencies Resolved
+Step 1: Checking OpenVAS Scanner ...
+        OK: OpenVAS Scanner is present in version 5.0.6.
+        OK: OpenVAS Scanner CA Certificate is present as /etc/pki/openvas/CA/cacert.pem.
+        OK: redis-server is present in version v=3.2.12.
+        OK: scanner (kb_location setting) is configured properly using the redis-server socket: /tmp/redis.sock
+        OK: redis-server is running and listening on socket: /tmp/redis.sock.
+        OK: redis-server configuration is OK and redis-server is running.
+        OK: NVT collection in /var/lib/openvas/plugins contains 138097 NVTs.
+        WARNING: Signature checking of NVTs is not enabled in OpenVAS Scanner.
+        SUGGEST: Enable signature checking (see http://www.openvas.org/trusted-nvts.html).
+        OK: The NVT cache in /var/cache/openvas contains 138097 files for 138097 NVTs.
+Step 2: Checking OpenVAS Manager ...
+        OK: OpenVAS Manager is present in version 6.0.9.
+        OK: OpenVAS Manager client certificate is present as /etc/pki/openvas/CA/clientcert.pem.
+        OK: OpenVAS Manager database found in /var/lib/openvas/mgr/tasks.db.
+        OK: Access rights for the OpenVAS Manager database are correct.
+        OK: sqlite3 found, extended checks of the OpenVAS Manager installation enabled.
+        OK: OpenVAS Manager database is at revision 146.
+        OK: OpenVAS Manager expects database at revision 146.
+        OK: Database schema is up to date.
+        OK: OpenVAS Manager database contains information about 138097 NVTs.
+        OK: At least one user exists.
+        OK: OpenVAS SCAP database found in /var/lib/openvas/scap-data/scap.db.
+        OK: OpenVAS CERT database found in /var/lib/openvas/cert-data/cert.db.
+        OK: xsltproc found.
+Step 3: Checking user configuration ...
+        WARNING: Your password policy is empty.
+        SUGGEST: Edit the /etc/openvas/pwpolicy.conf file to set a password policy.
+Step 4: Checking Greenbone Security Assistant (GSA) ...
+        OK: Greenbone Security Assistant is present in version 6.0.11.
+Step 5: Checking OpenVAS CLI ...
+        OK: OpenVAS CLI version 1.4.4.
+Step 6: Checking Greenbone Security Desktop (GSD) ...
+        SKIP: Skipping check for Greenbone Security Desktop.
+Step 7: Checking if OpenVAS services are up and running ...
+        OK: netstat found, extended checks of the OpenVAS services enabled.
+        OK: OpenVAS Scanner is running and listening on all interfaces.
+        OK: OpenVAS Scanner is listening on port 9391, which is the default port.
+        ERROR: OpenVAS Manager is NOT running!
+        FIX: Start OpenVAS Manager (openvasmd).
+        ERROR: Greenbone Security Assistant is NOT running!
+        FIX: Start Greenbone Security Assistant (gsad).
-=======================================================================================================================================
+ ERROR: Your OpenVAS-8 installation is not yet complete!
- Package                     Arch                    Version                       Repository                                     Size
-=======================================================================================================================================
-Installing:
- portsentry                  x86_64                  1.2-1.el5                     /portsentry-1.2-1.el5.x86_64                  114 k
-Transaction Summary
+Please follow the instructions marked with FIX above and run this
-=======================================================================================================================================
+script again.
-Install  1 Package
-Total size: 114 k
+If you think this result is wrong, please report your observation
-Installed size: 114 k
+and help us to improve this check routine:
-Is this ok [y/d/N]: y
+http://lists.wald.intevation.org/mailman/listinfo/openvas-discuss
+Please attach the log-file (/tmp/openvas-check-setup.log) to help us analyze the problem.
+</code>
+<WRAP center round important 50%>
+**Important** - Notez l'erreur **ERROR: Greenbone Security Assistant is NOT running!.**
+</WRAP>
+Activer et démarrer OpenVAS Manager :
+<code>
+[root@centos7 ~]# systemctl enable openvas-manager
+Created symlink from /etc/systemd/system/multi-user.target.wants/openvas-manager.service to /usr/lib/systemd/system/openvas-manager.service.
+[root@centos7 ~]# systemctl start openvas-manager
+[root@centos7 ~]# systemctl status openvas-manager
+● openvas-manager.service - OpenVAS Manager
+   Loaded: loaded (/usr/lib/systemd/system/openvas-manager.service; enabled; vendor preset: disabled)
+   Active: active (running) since Tue 2025-12-02 11:51:41 CET; 10s ago
+  Process: 12237 ExecStart=/usr/sbin/openvasmd $MANAGER_LISTEN $MANAGER_PORT $SCANNER_LISTEN $SCANNER_PORT $MANAGER_OTP (code=exited, status=0/SUCCESS)
+ Main PID: 12238 (openvasmd)
+   CGroup: /system.slice/openvas-manager.service
+           └─12238 openvasmd
+Dec 02 11:51:41 centos7.fenestros.loc systemd[1]: Starting OpenVAS Manager...
+Dec 02 11:51:41 centos7.fenestros.loc systemd[1]: Started OpenVAS Manager.
 </code>
-===Configuration===
+Activer et démarrer le Greenbone Security Assistant :
-Modifiez le fichier **/etc/portsentry/portsentry.conf** en ajoutant la ligne **237** :
+<code>
+[root@centos7 ~]# systemctl enable openvas-gsa
+Created symlink from /etc/systemd/system/multi-user.target.wants/openvas-gsa.service to /usr/lib/systemd/system/openvas-gsa.service.
+[root@centos7 ~]# systemctl start openvas-gsa
+[root@centos7 ~]# systemctl status openvas-gsa
+● openvas-gsa.service - OpenVAS Greenbone Security Assistant
+   Loaded: loaded (/usr/lib/systemd/system/openvas-gsa.service; enabled; vendor preset: disabled)
+   Active: active (running) since Tue 2025-12-02 11:53:08 CET; 1s ago
+  Process: 12948 ExecStart=/usr/sbin/gsad $GSA_LISTEN $GSA_PORT $MANAGER_LISTEN $MANAGER_PORT $GNUTLSSTRING (code=exited, status=0/SUCCESS)
+ Main PID: 12949 (gsad)
+   CGroup: /system.slice/openvas-gsa.service
+           ├─12949 /usr/sbin/gsad --port=9443 --mlisten=127.0.0.1 --mport=9390 --gnutls-priorities=SECURE128:-AES-128-CBC:-CAMELLIA-128-CBC:-VERS-SSL3.0:-VERS-TLS1.0
+           └─12950 /usr/sbin/gsad --port=9443 --mlisten=127.0.0.1 --mport=9390 --gnutls-priorities=SECURE128:-AES-128-CBC:-CAMELLIA-128-CBC:-VERS-SSL3.0:-VERS-TLS1.0
+Dec 02 11:53:08 centos7.fenestros.loc systemd[1]: Starting OpenVAS Greenbone Security Assistant...
+Dec 02 11:53:08 centos7.fenestros.loc systemd[1]: Started OpenVAS Greenbone Security Assistant.
+</code>
+Exécutez encore une fois la commande **openvas-check-setup** :
 <code>
-[root@centos7 ~]# nl /etc/portsentry/portsentry.conf
+[root@centos7 ~]# openvas-check-setup
-	# PortSentry Configuration
+openvas-check-setup 2.3.3
-	#
+  Test completeness and readiness of OpenVAS-8
-	# $Id: portsentry.conf,v 1.25 2003/05/23 16:15:39 crowland Exp crowland $
+  (add '--v6' or '--v7' or '--v9'
-	#
+   if you want to check for another OpenVAS version)
-	# IMPORTANT NOTE: You CAN NOT put spaces between your port arguments.
-	#
+  Please report us any non-detected problems and
-	# The default ports will catch a large number of common probes
+  help us to improve this check routine:
-	#
+  http://lists.wald.intevation.org/mailman/listinfo/openvas-discuss
-	# All entries must be in quotes.
+  Send us the log-file (/tmp/openvas-check-setup.log) to help analyze the problem.
-	#######################
+  Use the parameter --server to skip checks for client tools
-	# Port Configurations #
+  like GSD and OpenVAS-CLI.
-	#######################
-	#
+Step 1: Checking OpenVAS Scanner ...
-	#
+        OK: OpenVAS Scanner is present in version 5.0.6.
-	# Some example port configs for classic and basic Stealth modes
+        OK: OpenVAS Scanner CA Certificate is present as /etc/pki/openvas/CA/cacert.pem.
-	#
+        OK: redis-server is present in version v=3.2.12.
-	# I like to always keep some ports at the "low" end of the spectrum.
+        OK: scanner (kb_location setting) is configured properly using the redis-server socket: /tmp/redis.sock
-	# This will detect a sequential port sweep really quickly and usually
+        OK: redis-server is running and listening on socket: /tmp/redis.sock.
-	# these ports are not in use (i.e. tcpmux port 1)
+        OK: redis-server configuration is OK and redis-server is running.
-	#
+        OK: NVT collection in /var/lib/openvas/plugins contains 138097 NVTs.
-	# ** X-Windows Users **: If you are running X on your box, you need to be sure
+        WARNING: Signature checking of NVTs is not enabled in OpenVAS Scanner.
-	# you are not binding PortSentry to port 6000 (or port 2000 for OpenWindows users).
+        SUGGEST: Enable signature checking (see http://www.openvas.org/trusted-nvts.html).
-	# Doing so will prevent the X-client from starting properly.
+        OK: The NVT cache in /var/cache/openvas contains 138097 files for 138097 NVTs.
-	#
+Step 2: Checking OpenVAS Manager ...
-	# These port bindings are *ignored* for Advanced Stealth Scan Detection Mode.
+        OK: OpenVAS Manager is present in version 6.0.9.
-	#
+        OK: OpenVAS Manager client certificate is present as /etc/pki/openvas/CA/clientcert.pem.
+        OK: OpenVAS Manager database found in /var/lib/openvas/mgr/tasks.db.
-	# Un-comment these if you are really anal:
+        OK: Access rights for the OpenVAS Manager database are correct.
-	#TCP_PORTS="1,7,9,11,15,70,79,80,109,110,111,119,138,139,143,512,513,514,515,540,635,1080,1524,2000,2001,4000,4001,5742,6000,6001,6667,12345,12346,20034,27665,30303,32771,32772,32773,32774,31337,40421,40425,49724,54320"
+        OK: sqlite3 found, extended checks of the OpenVAS Manager installation enabled.
-	#UDP_PORTS="1,7,9,66,67,68,69,111,137,138,161,162,474,513,517,518,635,640,641,666,700,2049,31335,27444,34555,32770,32771,32772,32773,32774,31337,54321"
+        OK: OpenVAS Manager database is at revision 146.
-	#
+        OK: OpenVAS Manager expects database at revision 146.
-	# Use these if you just want to be aware:
+        OK: Database schema is up to date.
-	TCP_PORTS="1,11,15,79,111,119,143,540,635,1080,1524,2000,5742,6667,12345,12346,20034,27665,31337,32771,32772,32773,32774,40421,49724,54320"
+        OK: OpenVAS Manager database contains information about 138097 NVTs.
-	UDP_PORTS="1,7,9,69,161,162,513,635,640,641,700,37444,34555,31335,32770,32771,32772,32773,32774,31337,54321"
+        OK: At least one user exists.
-	#
+        OK: OpenVAS SCAP database found in /var/lib/openvas/scap-data/scap.db.
-	# Use these for just bare-bones
+        OK: OpenVAS CERT database found in /var/lib/openvas/cert-data/cert.db.
-	#TCP_PORTS="1,11,15,110,111,143,540,635,1080,1524,2000,12345,12346,20034,32771,32772,32773,32774,49724,54320"
+        OK: xsltproc found.
-	#UDP_PORTS="1,7,9,69,161,162,513,640,700,32770,32771,32772,32773,32774,31337,54321"
+Step 3: Checking user configuration ...
+        WARNING: Your password policy is empty.
-	###########################################
+        SUGGEST: Edit the /etc/openvas/pwpolicy.conf file to set a password policy.
-	# Advanced Stealth Scan Detection Options #
+Step 4: Checking Greenbone Security Assistant (GSA) ...
-	###########################################
+        OK: Greenbone Security Assistant is present in version 6.0.11.
-	#
+Step 5: Checking OpenVAS CLI ...
-	# This is the number of ports you want PortSentry to monitor in Advanced mode.
+        OK: OpenVAS CLI version 1.4.4.
-	# Any port *below* this number will be monitored. Right now it watches
+Step 6: Checking Greenbone Security Desktop (GSD) ...
-	# everything below 1024.
+        SKIP: Skipping check for Greenbone Security Desktop.
-	#
+Step 7: Checking if OpenVAS services are up and running ...
-	# On many Linux systems you cannot bind above port 61000. This is because
+        OK: netstat found, extended checks of the OpenVAS services enabled.
-	# these ports are used as part of IP masquerading. I don't recommend you
+        OK: OpenVAS Scanner is running and listening on all interfaces.
-	# bind over this number of ports. Realistically: I DON'T RECOMMEND YOU MONITOR
+        OK: OpenVAS Scanner is listening on port 9391, which is the default port.
-	# OVER 1024 PORTS AS YOUR FALSE ALARM RATE WILL ALMOST CERTAINLY RISE. You've been
+        OK: OpenVAS Manager is running and listening on all interfaces.
-	# warned! Don't write me if you have have a problem because I'll only tell
+        OK: OpenVAS Manager is listening on port 9390, which is the default port.
-	# you to RTFM and don't run above the first 1024 ports.
+        OK: Greenbone Security Assistant is listening on port 80, which is the default port.
-	#
+Step 8: Checking nmap installation ...
-	#
+        WARNING: No nmap installation found.
-	ADVANCED_PORTS_TCP="1024"
+        SUGGEST: You should install nmap for comprehensive network scanning (see http://nmap.org)
-	ADVANCED_PORTS_UDP="1024"
+Step 10: Checking presence of optional tools ...
-	#
+        WARNING: Could not find pdflatex binary, the PDF report format will not work.
-	# This field tells PortSentry what ports (besides listening daemons) to
+        SUGGEST: Install pdflatex.
-	# ignore. This is helpful for services like ident that services such
+        OK: ssh-keygen found, LSC credential generation for GNU/Linux targets is likely to work.
-	# as FTP, SMTP, and wrappers look for but you may not run (and probably
+        OK: rpm found, LSC credential package generation for RPM based targets is likely to work.
-	# *shouldn't* IMHO).
+        WARNING: Could not find alien binary, LSC credential package generation for DEB based targets will not work.
-	#
+        SUGGEST: Install alien.
-	# By specifying ports here PortSentry will simply not respond to
+        WARNING: Could not find makensis binary, LSC credential package generation for Microsoft Windows targets will not work.
-	# incoming requests, in effect PortSentry treats them as if they are
+        SUGGEST: Install nsis.
-	# actual bound daemons. The default ports are ones reported as
+        OK: SELinux is disabled.
-	# problematic false alarms and should probably be left alone for
-	# all but the most isolated systems/networks.
+It seems like your OpenVAS-8 installation is OK.
-	#
-	# Default TCP ident and NetBIOS service
+If you think it is not OK, please report your observation
-	ADVANCED_EXCLUDE_TCP="21,22,25,53,80,110,113,135,137,138,139,443"
+and help us to improve this check routine:
-	# Default UDP route (RIP), NetBIOS, bootp broadcasts.
+http://lists.wald.intevation.org/mailman/listinfo/openvas-discuss
-	ADVANCED_EXCLUDE_UDP="520,517,518,513,138,137,123,68,67,53"
+Please attach the log-file (/tmp/openvas-check-setup.log) to help us analyze the problem.
-	######################
-	# Configuration Files#
-	######################
-	#
-	# Hosts to ignore
-	IGNORE_FILE="/etc/portsentry/portsentry.ignore"
-	# Hosts that have been denied (running history)
-	HISTORY_FILE="/etc/portsentry/portsentry.history"
-	# Hosts that have been denied this session only (temporary until next restart)
-	BLOCKED_FILE="/etc/portsentry/portsentry.blocked"
-	##############################
-	# Misc. Configuration Options#
-	##############################
-	#
-	# DNS Name resolution - Setting this to "1" will turn on DNS lookups
-	# for attacking hosts. Setting it to "0" (or any other value) will shut
-	# it off.
-	RESOLVE_HOST = "1"
-	###################
-	# Response Options#
-	###################
-	# Options to dispose of attacker. Each is an action that will
-	# be run if an attack is detected. If you don't want a particular
-	# option then comment it out and it will be skipped.
-	#
-	# The variable $TARGET$ will be substituted with the target attacking
-	# host when an attack is detected. The variable $PORT$ will be substituted
-	# with the port that was scanned.
-	#
-	##################
-	# Ignore Options #
-	##################
-	# These options allow you to enable automatic response
-	# options for UDP/TCP. This is useful if you just want
-	# warnings for connections, but don't want to react for
-	# a particular protocol (i.e. you want to block TCP, but
-	# not UDP). To prevent a possible Denial of service attack
-	# against UDP and stealth scan detection for TCP, you may
-	# want to disable blocking, but leave the warning enabled.
-	# I personally would wait for this to become a problem before
-	# doing though as most attackers really aren't doing this.
-	# The third option allows you to run just the external command
-	# in case of a scan to have a pager script or such execute
-	# but not drop the route. This may be useful for some admins
-	# who want to block TCP, but only want pager/e-mail warnings
-	# on UDP, etc.
-	#
-	#
-	# 0 = Do not block UDP/TCP scans.
-	# 1 = Block UDP/TCP scans.
-	# 2 = Run external command only (KILL_RUN_CMD)
-	BLOCK_UDP="1"
-	BLOCK_TCP="1"
-	###################
-	# Dropping Routes:#
-	###################
-	# This command is used to drop the route or add the host into
-	# a local filter table.
-	#
-	# The gateway (333.444.555.666) should ideally be a dead host on
-	# the *local* subnet. On some hosts you can also point this at
-	# localhost (127.0.0.1) and get the same effect. NOTE THAT
-	# 333.444.555.66 WILL *NOT* WORK. YOU NEED TO CHANGE IT!!
-	#
-	# ALL KILL ROUTE OPTIONS ARE COMMENTED OUT INITIALLY. Make sure you
-	# uncomment the correct line for your OS. If you OS is not listed
-	# here and you have a route drop command that works then please
-	# mail it to me so I can include it. ONLY ONE KILL_ROUTE OPTION
-	# CAN BE USED AT A TIME SO DON'T UNCOMMENT MULTIPLE LINES.
-	#
-	# NOTE: The route commands are the least optimal way of blocking
-	# and do not provide complete protection against UDP attacks and
-	# will still generate alarms for both UDP and stealth scans. I
-	# always recommend you use a packet filter because they are made
-	# for this purpose.
-	#
-	# Generic
-	#KILL_ROUTE="/sbin/route add $TARGET$ 333.444.555.666"
-	# Generic Linux
-	#KILL_ROUTE="/sbin/route add -host $TARGET$ gw 333.444.555.666"
-	# Newer versions of Linux support the reject flag now. This
-	# is cleaner than the above option.
-	#KILL_ROUTE="/sbin/route add -host $TARGET$ reject"
-	# Generic BSD (BSDI, OpenBSD, NetBSD, FreeBSD)
-	#KILL_ROUTE="/sbin/route add $TARGET$ 333.444.555.666"
-	# Generic Sun
-	#KILL_ROUTE="/usr/sbin/route add $TARGET$ 333.444.555.666 1"
-	# NEXTSTEP
-	#KILL_ROUTE="/usr/etc/route add $TARGET$ 127.0.0.1 1"
-	# FreeBSD
-	#KILL_ROUTE="route add -net $TARGET$ -netmask 255.255.255.255 127.0.0.1 -blackhole"
-	# Digital UNIX 4.0D (OSF/1 / Compaq Tru64 UNIX)
-	#KILL_ROUTE="/sbin/route add -host -blackhole $TARGET$ 127.0.0.1"
-	# Generic HP-UX
-	#KILL_ROUTE="/usr/sbin/route add net $TARGET$ netmask 255.255.255.0 127.0.0.1"
-	##
-	# Using a packet filter is the PREFERRED. The below lines
-	# work well on many OS's. Remember, you can only uncomment *one*
-	# KILL_ROUTE option.
-	##
-	# ipfwadm support for Linux
-	#KILL_ROUTE="/sbin/ipfwadm -I -i deny -S $TARGET$ -o"
-	#
-	# ipfwadm support for Linux (no logging of denied packets)
-	#KILL_ROUTE="/sbin/ipfwadm -I -i deny -S $TARGET$"
-	#
-	# ipchain support for Linux
-	#KILL_ROUTE="/sbin/ipchains -I input -s $TARGET$ -j DENY -l"
-	#
-	# ipchain support for Linux (no logging of denied packets)
-	#KILL_ROUTE="/sbin/ipchains -I input -s $TARGET$ -j DENY"
-	#
-	# iptables support for Linux
-	KILL_ROUTE="/sbin/iptables -I INPUT -s $TARGET$ -j DROP"
-	# For those of you running FreeBSD (and compatible) you can
-	# use their built in firewalling as well.
-	#
-	#KILL_ROUTE="/sbin/ipfw add 1 deny all from $TARGET$:255.255.255.255 to any"
-	#
-	#
-	# For those running ipfilt (OpenBSD, etc.)
-	# NOTE THAT YOU NEED TO CHANGE external_interface TO A VALID INTERFACE!!
-	#
-	#KILL_ROUTE="/bin/echo 'block in log on external_interface from $TARGET$/32 to any' | /sbin/ipf -f -"
-	###############
-	# TCP Wrappers#
-	###############
-	# This text will be dropped into the hosts.deny file for wrappers
-	# to use. There are two formats for TCP wrappers:
-	#
-	# Format One: Old Style - The default when extended host processing
-	# options are not enabled.
-	#
-	#KILL_HOSTS_DENY="ALL: $TARGET$"
-	# Format Two: New Style - The format used when extended option
-	# processing is enabled. You can drop in extended processing
-	# options, but be sure you escape all '%' symbols with a backslash
-	# to prevent problems writing out (i.e. \%c \%h )
-	#
-	#KILL_HOSTS_DENY="ALL: $TARGET$ : DENY"
-	###################
-	# External Command#
-	###################
-	# This is a command that is run when a host connects, it can be whatever
-	# you want it to be (pager, etc.). This command is executed before the
-	# route is dropped or after depending on the KILL_RUN_CMD_FIRST option below
-	#
-	#
-	# I NEVER RECOMMEND YOU PUT IN RETALIATORY ACTIONS AGAINST THE HOST SCANNING
-	# YOU!
-	#
-	# TCP/IP is an *unauthenticated protocol* and people can make scans appear out
-	# of thin air. The only time it is reasonably safe (and I *never* think it is
-	# reasonable) to run reverse probe scripts is when using the "classic" -tcp mode.
-	# This mode requires a full connect and is very hard to spoof.
-	#
-	# The KILL_RUN_CMD_FIRST value should be set to "1" to force the command
-	# to run *before* the blocking occurs and should be set to "0" to make the
-	# command run *after* the blocking has occurred.
-	#
-	#KILL_RUN_CMD_FIRST = "0"
-	#
-	#
-	#KILL_RUN_CMD="/some/path/here/script $TARGET$ $PORT$"
-	#KILL_RUN_CMD="/bin/mail -s 'Portscan from $TARGET$ on port $PORT$' user@host < /dev/null"
-	KILL_RUN_CMD="/bin/mail -s 'Portscan from $TARGET$ on port $PORT$' root@localhost < /dev/null"  <--------------------------------AJOUTEZ cette ligne
-	#####################
-	# Scan trigger value#
-	#####################
-	# Enter in the number of port connects you will allow before an
-	# alarm is given. The default is 0 which will react immediately.
-	# A value of 1 or 2 will reduce false alarms. Anything higher is
-	# probably not necessary. This value must always be specified, but
-	# generally can be left at 0.
-	#
-	# NOTE: If you are using the advanced detection option you need to
-	# be careful that you don't make a hair trigger situation. Because
-	# Advanced mode will react for *any* host connecting to a non-used
-	# below your specified range, you have the opportunity to really
-	# break things. (i.e someone innocently tries to connect to you via
-	# SSL [TCP port 443] and you immediately block them). Some of you
-	# may even want this though. Just be careful.
-	#
-	SCAN_TRIGGER="2"
-	######################
-	# Port Banner Section#
-	######################
-	#
-	# Enter text in here you want displayed to a person tripping the PortSentry.
-	# I *don't* recommend taunting the person as this will aggravate them.
-	# Leave this commented out to disable the feature
-	#
-	# Stealth scan detection modes don't use this feature
-	#
-	#PORT_BANNER="** UNAUTHORIZED ACCESS PROHIBITED *** YOUR CONNECTION ATTEMPT HAS BEEN LOGGED. GO AWAY."
-	# EOF
 </code>
-Pour rendre le service SysVInit compatible avec Systemd, éditez le fichier **/etc/init.d/portsentry** en supprimant la ligne **11** :
+<WRAP center round important 50%>
+**Important** - Notez les WARNINGS.
+</WRAP>
+Installez les paquets suggérés :
 <code>
-[root@centos7 ~]# nl /etc/init.d/portsentry
+[root@centos7 ~]# yum install nmap texlive-latex-bin-bin alien -y
-	#!/bin/bash
-	#
-	# Startup script for the Portsentry portscan detector
-	#
-	# chkconfig: 345 98 02
-	# description: PortSentry Port Scan Detector is part of the Abacus Project \
-	#              suite of tools. The Abacus Project is an initiative to release \
-	#              low-maintenance, generic, and reliable host based intrusion \
-	#              detection software to the Internet community.
-	# processname: portsentry
-	# pidfile: /var/run/portsentry.pid  <--------------------------------SUPPRIMEZ cette ligne
-	# config: /etc/portsentry/portsentry.conf
-	# Source function library.
-...
 </code>
-Puis ajoutez la ligne **80** :
+Exécutez de nouveau la commande **openvas-check-setup** :
 <code>
+[root@centos7 ~]# openvas-check-setup
 ...
-	stop() {
+Step 10: Checking presence of optional tools ...
-		echo -n $"Stopping $prog: "
+        OK: pdflatex found.
-		killproc portsentry
+        WARNING: PDF generation failed, most likely due to missing LaTeX packages. The PDF report format will not work.
-		killall portsentry  <--------------------------------AJOUTEZ cette ligne
+        SUGGEST: Install required LaTeX packages.
-		RETVAL=$?
+        OK: ssh-keygen found, LSC credential generation for GNU/Linux targets is likely to work.
-		echo
+        OK: rpm found, LSC credential package generation for RPM based targets is likely to work.
-		[ $RETVAL -eq 0 ] && rm -f /var/lock/subsys/portsentry
+        OK: alien found, LSC credential package generation for DEB based targets is likely to work.
-	}
+        WARNING: Could not find makensis binary, LSC credential package generation for Microsoft Windows targets will not work.
+        SUGGEST: Install nsis.
-	# See how we were called.
+        OK: SELinux is disabled.
+It seems like your OpenVAS-8 installation is OK.
 ...
 </code>
-Dernièrement, installez le paquet **initscripts** :
+<WRAP center round important 50%>
+**Important** - Notez la ligne **WARNING: PDF generation failed, most likely due to missing LaTeX packages. The PDF report format will not work.**
+</WRAP>
+Pour pouvoir utiliser les rapports au format PDF, installez les paquets suivants :
 <code>
-[root@centos7 ~]# yum install -y initscripts
+[root@centos7 ~]# yum -y install texlive-collection-fontsrecommended texlive-collection-latexrecommended texlive-changepage texlive-titlesec -y
 </code>
-===Utilisation===
+Téléchargez ensuite le fichier **comment.sty** vers le répertoire **/usr/share/texlive/texmf-local/tex/latex/comment** et exécutez la commande **texhash** :
-Démarrez le service **portsentry** :
 <code>
-[root@centos7 ~]# systemctl start portsentry
+[root@centos7 ~]# mkdir -p /usr/share/texlive/texmf-local/tex/latex/comment
-[root@centos7 ~]# systemctl status portsentry
-● portsentry.service - SYSV: PortSentry Port Scan Detector is part of the Abacus Project suite of tools. The Abacus Project is an initiative to release low-maintenance, generic, and reliable host based intrusion detection software to the Internet community.
-   Loaded: loaded (/etc/rc.d/init.d/portsentry; bad; vendor preset: disabled)
-   Active: active (running) since Sun 2017-08-06 14:48:18 CEST; 6s ago
-     Docs: man:systemd-sysv-generator(8)
-  Process: 6487 ExecStart=/etc/rc.d/init.d/portsentry start (code=exited, status=0/SUCCESS)
-   CGroup: /system.slice/portsentry.service
-           ├─6511 /usr/sbin/portsentry -atcp
-           └─6513 /usr/sbin/portsentry -audp
-Aug 06 14:48:18 centos7.fenestros.loc portsentry[6513]: adminalert: Advanced Stealth scan detection mode activated. Ignored UDP...: 517
+[root@centos7 ~]# cd /usr/share/texlive/texmf-local/tex/latex/comment
-Aug 06 14:48:18 centos7.fenestros.loc portsentry[6513]: adminalert: Advanced Stealth scan detection mode activated. Ignored UDP...: 518
-Aug 06 14:48:18 centos7.fenestros.loc portsentry[6513]: adminalert: Advanced Stealth scan detection mode activated. Ignored UDP...: 513
-Aug 06 14:48:18 centos7.fenestros.loc portsentry[6513]: adminalert: Advanced Stealth scan detection mode activated. Ignored UDP...: 138
-Aug 06 14:48:18 centos7.fenestros.loc portsentry[6513]: adminalert: Advanced Stealth scan detection mode activated. Ignored UDP...: 137
-Aug 06 14:48:18 centos7.fenestros.loc portsentry[6513]: adminalert: Advanced Stealth scan detection mode activated. Ignored UDP...: 123
-Aug 06 14:48:18 centos7.fenestros.loc portsentry[6513]: adminalert: Advanced Stealth scan detection mode activated. Ignored UDP...t: 68
-Aug 06 14:48:18 centos7.fenestros.loc portsentry[6513]: adminalert: Advanced Stealth scan detection mode activated. Ignored UDP...t: 67
-Aug 06 14:48:18 centos7.fenestros.loc portsentry[6513]: adminalert: Advanced Stealth scan detection mode activated. Ignored UDP...t: 53
-Aug 06 14:48:18 centos7.fenestros.loc portsentry[6513]: adminalert: PortSentry is now active and listening.
-Hint: Some lines were ellipsized, use -l to show in full.
-[root@centos7 ~]# ps aux | grep portsentry
-root      6511  0.0  0.0   6364   460 ?        Ss   14:48   0:00 /usr/sbin/portsentry -atcp
-root      6513  0.0  0.0   6364   460 ?        Ss   14:48   0:00 /usr/sbin/portsentry -audp
-root      6687  0.0  0.0 114692   972 pts/0    R+   14:48   0:00 grep --color=auto portsentry
-</code>
-Editez le fichier **/etc/portsentry/portsentry.ignore** en commentant la ligne contenant votre adresse IP :
+[root@centos7 comment]# wget http://mirrors.ctan.org/macros/latex/contrib/comment/comment.sty
+--2025-12-02 13:35:43--  http://mirrors.ctan.org/macros/latex/contrib/comment/comment.sty
+Resolving mirrors.ctan.org (mirrors.ctan.org)... 89.58.7.101, 2a03:4000:5e:d33::1
+Connecting to mirrors.ctan.org (mirrors.ctan.org)|89.58.7.101|:80... connected.
+HTTP request sent, awaiting response... 307 Temporary Redirect
+Location: https://mirror.its.dal.ca/ctan/macros/latex/contrib/comment/comment.sty [following]
+--2025-12-02 13:35:43--  https://mirror.its.dal.ca/ctan/macros/latex/contrib/comment/comment.sty
+Resolving mirror.its.dal.ca (mirror.its.dal.ca)... 192.75.96.254
+Connecting to mirror.its.dal.ca (mirror.its.dal.ca)|192.75.96.254|:443... connected.
+HTTP request sent, awaiting response... 200 OK
+Length: 10197 (10.0K) [application/octet-stream]
+Saving to: ‘comment.sty’
-<code>
+%[========================================================================================================================================================================>] 10,197      --.-K/s   in 0s
-[root@centos7 ~]# nl /etc/portsentry/portsentry.ignore
-	# Put hosts in here you never want blocked. This includes the IP addresses
+-12-02 13:35:43 (175 MB/s) - ‘comment.sty’ saved [10197/10197]
-	# of all local interfaces on the protected host (i.e virtual host, mult-home)
-	# Keep 127.0.0.1 and 0.0.0.0 to keep people from playing games.
+[root@centos7 comment]# chmod 644 comment.sty
-	#
-	# PortSentry can support full netmasks for networks as well. Format is:
+[root@centos7 comment]# texhash
-	#
+texhash: Updating /usr/share/texlive/texmf/ls-R...
-	# <IP Address>/<Netmask>
+texhash: Updating /usr/share/texlive/texmf-config/ls-R...
-	#
+texhash: Updating /usr/share/texlive/texmf-dist/ls-R...
-	# Example:
+texhash: Updating /usr/share/texlive/texmf-local///ls-R...
-	#
+texhash: Updating /usr/share/texlive/texmf-var/ls-R...
-	# 192.168.2.0/24
+texhash: Done
-	# 192.168.0.0/16
-	# 192.168.2.1/32
-	# Etc.
-	#
-	# If you don't supply a netmask it is assumed to be 32 bits.
-	#
-	#
-	127.0.0.1/32
-	0.0.0.0
-	#########################################
-	# Do NOT edit below this line, if you   #
-	# do, your changes will be lost when    #
-	# portsentry is restarted via the       #
-	# initscript. Make all changes above    #
-	# this box.                             #
-	#########################################
-	# Exclude all local interfaces
-	#172.YY+20.0.3        <--------------------------------EDITEZ cette ligne
-	fe80::94b9:ef1e:8c65:97c6
-	127.0.0.1
-	::1
-	# Exclude the default gateway(s)
-	10.0.2.2
-	# Exclude the nameservers
-	10.0.2.3
-	# And last but not least...
-	0.0.0.0
 </code>
-**Sans** re-démarrez le service portsentry, lancez un scan des ports avec nmap :
+Exécutez une dernière fois la commande **openvas-check-setup** :
 <code>
-[root@centos7 ~]# nmap -sC 172.YY+20.0.3
+[root@centos7 comment]# openvas-check-setup
+...
+Step 10: Checking presence of optional tools ...
+        OK: pdflatex found.
+        OK: PDF generation successful. The PDF report format is likely to work.
+        OK: ssh-keygen found, LSC credential generation for GNU/Linux targets is likely to work.
+        OK: rpm found, LSC credential package generation for RPM based targets is likely to work.
+        OK: alien found, LSC credential package generation for DEB based targets is likely to work.
+        WARNING: Could not find makensis binary, LSC credential package generation for Microsoft Windows targets will not work.
+        SUGGEST: Install nsis.
+        OK: SELinux is disabled.
-Starting Nmap 6.40 ( http://nmap.org ) at 2017-08-06 14:52 CEST
+It seems like your OpenVAS-8 installation is OK.
-^C
+...
-You have new mail in /var/spool/mail/root
 </code>
 <WRAP center round important 50%>
-**Important** - Notez l'utilisation de la combinaison de touches <key>C</key><key>c</key> pour arrêter nmap.
+**Important** - Notez la ligne **WARNING: Could not find makensis binary, LSC credential package generation for Microsoft Windows targets will not work.**
 </WRAP>
-Consultez les règles d'iptables :
+Téléchargez et installez le fichier **mingw32-nsis-3.01-1.el7.x86_64.rpm** :
 <code>
-[root@centos7 ~]# iptables -L
+[root@centos7 ~]# cd ~
-Chain INPUT (policy ACCEPT)
-target     prot opt source               destination
-DROP       all  --  15.2.0.10.rev.sfr.net  anywhere   <--------------------------------REGARDEZ cette ligne, elle sera différente en fonction de votre adresse IP
-ACCEPT     all  --  anywhere             anywhere             ctstate RELATED,ESTABLISHED
-ACCEPT     all  --  anywhere             anywhere
-INPUT_direct  all  --  anywhere             anywhere
-INPUT_ZONES_SOURCE  all  --  anywhere             anywhere
-INPUT_ZONES  all  --  anywhere             anywhere
-DROP       all  --  anywhere             anywhere             ctstate INVALID
-REJECT     all  --  anywhere             anywhere             reject-with icmp-host-prohibited
-...
-</code>
-Dernièrement, consultez les messages destinés à root :
+[root@centos7 ~]# wget ftp://ftp.icm.edu.pl/vol/rzm1/linux-oracle-repo/OracleLinux/OL7/developer_EPEL/x86_64/mingw32-nsis-3.01-1.el7.x86_64.rpm
+--2025-12-02 13:46:26--  ftp://ftp.icm.edu.pl/vol/rzm1/linux-oracle-repo/OracleLinux/OL7/developer_EPEL/x86_64/mingw32-nsis-3.01-1.el7.x86_64.rpm
+           => ‘mingw32-nsis-3.01-1.el7.x86_64.rpm’
+Resolving ftp.icm.edu.pl (ftp.icm.edu.pl)... 193.219.28.2, 2001:6a0:0:31::2
+Connecting to ftp.icm.edu.pl (ftp.icm.edu.pl)|193.219.28.2|:21... connected.
+Logging in as anonymous ... Logged in!
+==> SYST ... done.    ==> PWD ... done.
+==> TYPE I ... done.  ==> CWD (1) /vol/rzm1/linux-oracle-repo/OracleLinux/OL7/developer_EPEL/x86_64 ... done.
+==> SIZE mingw32-nsis-3.01-1.el7.x86_64.rpm ... 1379180
+==> PASV ... done.    ==> RETR mingw32-nsis-3.01-1.el7.x86_64.rpm ... done.
+Length: 1379180 (1.3M) (unauthoritative)
-<code>
+%[========================================================================================================================================================================>] 1,379,180   2.05MB/s   in 0.6s
-[root@centos7 ~]# mail
-Heirloom Mail version 12.5 7/5/10.  Type ? for help.
-"/var/spool/mail/root": 6 messages 6 new
->N  1 trainee@centos7.fene  Sat Apr 30 12:38  16/688   "*** SECURITY information for centos7.fenestros.loc ***"
- N  2 user@localhost.fenes  Tue May  9 15:21 1238/86160 "[abrt] firefox: plugin-container killed by SIGSEGV"
- N  3 (Cron Daemon)         Sun Aug  6 11:28  25/1061  "Cron <root@centos7> /sbin/service portsentry restart >/dev/null && /sbin/ser"
- N  4 (Cron Daemon)         Sun Aug  6 14:27  26/1328  "Cron <root@centos7> /sbin/service portsentry restart >/dev/null && /sbin/ser"
- N  5 (Cron Daemon)         Sun Aug  6 14:43  25/1168  "Cron <root@centos7> /sbin/service portsentry restart >/dev/null && /sbin/ser"
- N  6 root                  Sun Aug  6 14:52  18/658   "Portscan from 10.0.2.15 on port 143"
-& 6
-Message  6:
-From root@centos7.fenestros.loc  Sun Aug  6 14:52:43 2017
-Return-Path: <root@centos7.fenestros.loc>
-X-Original-To: root@localhost
-Delivered-To: root@localhost.fenestros.loc
-Date: Sun, 06 Aug 2017 14:52:43 +0200
-To: root@localhost.fenestros.loc
-Subject: Portscan from 10.0.2.15 on port 143
-User-Agent: Heirloom mailx 12.5 7/5/10
-Content-Type: text/plain; charset=us-ascii
-From: root@centos7.fenestros.loc (root)
-Status: R
+-12-02 13:46:28 (2.05 MB/s) - ‘mingw32-nsis-3.01-1.el7.x86_64.rpm’ saved [1379180]
-& q
+[root@centos7 ~]# yum localinstall mingw32-nsis-3.01-1.el7.x86_64.rpm --nogpgcheck -y
-Held 6 messages in /var/spool/mail/root
-You have mail in /var/spool/mail/root
-[root@centos7 ~]#
 </code>
-Pour nettoyer la règle, re-démarrez le service **firewalld** :
+Exécutez une dernière fois la commande **openvas-check-setup** :
 <code>
-[root@centos7 ~]# systemctl restart firewalld
+[root@centos7 ~]# openvas-check-setup
-[root@centos7 ~]# iptables -L
+...
-Chain INPUT (policy ACCEPT)
+Step 10: Checking presence of optional tools ...
-target     prot opt source               destination
+        OK: pdflatex found.
-ACCEPT     all  --  anywhere             anywhere             ctstate RELATED,ESTABLISHED
+        OK: PDF generation successful. The PDF report format is likely to work.
-ACCEPT     all  --  anywhere             anywhere
+        OK: ssh-keygen found, LSC credential generation for GNU/Linux targets is likely to work.
-INPUT_direct  all  --  anywhere             anywhere
+        OK: rpm found, LSC credential package generation for RPM based targets is likely to work.
-INPUT_ZONES_SOURCE  all  --  anywhere             anywhere
+        OK: alien found, LSC credential package generation for DEB based targets is likely to work.
-INPUT_ZONES  all  --  anywhere             anywhere
+        OK: nsis found, LSC credential package generation for Microsoft Windows targets is likely to work.
-DROP       all  --  anywhere             anywhere             ctstate INVALID
+        OK: SELinux is disabled.
-REJECT     all  --  anywhere             anywhere             reject-with icmp-host-prohibited
+It seems like your OpenVAS-8 installation is OK.
 ...
 </code>
+===2.5 - Utilisation===
+Retournez à l'accueil de Guacamole. Connectez-vous à la VM **Gateway_10.0.2.40_VNC** avec le compte **trainee** et le mot de passe **a39dae707d**.
+Ouvrez un navigateur web dans la VM et saississez l'adresse %%https:>//10.0.2.51:9443%%. Vous obtiendrez une fenêtre similaire à celle-ci :
+{{ :elearning:workbooks:centos:6:avance:openvas01.png?600 |}}
+Créez une exception pour le Self Signed Certificate. Vous obtiendrez une fenêtre similaire à celle-ci:
+{{ :elearning:workbooks:centos:6:avance:openvas02.png?600 |}}
+Entrez le nom de votre utilisateur (fenestros) ainsi que son mot de passe (fenestros) et cliquez sur le bouton **Login**. Vous obtiendrez une fenêtre similaire à celle-ci :
+{{ :elearning:workbooks:centos:6:avance:openvas03.png?600 |}}
+Dans la boîte **Quick start**, entrez l'adresse IP 10.0.2.46 et cliquez sur le bouton **Start Scan**. Vous obtiendrez une fenêtre similaire à celle-ci :
+{{ :elearning:workbooks:centos:6:avance:openvas04.png?600 |}}
+<WRAP center round important 50%>
+**Important** - Vous pouvez indiquer un réseau entier de la forme 10.0.2.0/24
+</WRAP>
+===Analyse des Résultats===
+A l'issu de l'analyse, il est possible de consulter les résultats :
+{{ :elearning:workbooks:centos:6:avance:openvas05.png?600 |}}
+ainsi que les détails de celui-ci :
+{{ :elearning:workbooks:centos:6:avance:openvas06.png?600 |}}
+Vous trouverez aussi une **solution** ainsi qu'une évaluation du niveau de risque, **Risk factor**.
+{{ :elearning:workbooks:centos:6:avance:openvas07.png?600 |}}
+{{ :elearning:workbooks:centos:6:avance:openvas08.png?600 |}}
+=====Les Contres-Mesures=====
 -----
 Copyright © 2025 Hugh Norris.

Piste : • LDF409 - Gestion de la Sécurité de Docker • LDF403 - Authentification • LDF410 - Validation de la Formation • LDF408 - Cryptologie

Différences

Recherche

Imprimer/exporter

Menu