v1.0.0

Added

• Versioning: Introduced versioning for the OpenVAS installation script, starting with version v1.0.0.
• Structured Logging: Implemented a comprehensive logging system with log function supporting INFO, WARN, and ERROR levels, with colored console output and logging to /var/log/openvas_install.log.
• Error Handling: Added run_command function to execute commands with logging and error handling, exiting on failure with appropriate status codes.
• Environment Setup: Introduced set_environment function to configure environment variables and validate disk space for installation directories.
• Dynamic Version Checking: Added check_latest_version function to fetch the latest versions of OpenVAS components from GitHub API, ensuring up-to-date installations.
• Dedicated User Management: Implemented create_gvm_user to create a gvm user and group with proper permissions, including adding the current user to the gvm group.
• Modular Dependency Installation: Split dependency installation into component-specific functions (install_<component>_dep) for better organization and maintainability.
• SSL Certificate Generation: Added generate_ssl_cert to create a self-signed SSL certificate for gsad with proper permissions and ownership.
• Component Installation Functions: Introduced modular functions for building and installing components (build_install_component, build_install_gsa, build_install_opsd, build_install_openvasd, build_install_py) with GPG signature verification.
• System Configuration: Added functions for system setup, including perform_system_setup for Redis, adjusting_permissions for directory and binary permissions, feed_validation for GPG feed validation, setting_up_sudo_for_scanning, setting_up_postgresql, setting_up_an_admin_user, setting_the_feed_import_owner, setting_up_services_for_systemd, feed_synchronization, start_openvas, and login_info.
• Rust and Cargo Support: Added install_openvasd_dep to install Rust and Cargo for openvasd and scannerctl installation.
• Systemd Services: Enhanced systemd service configurations for ospd-openvas, gvmd, gsad, and openvasd with proper dependencies and runtime directories.
• Login Information Display: Implemented login_info to display formatted login details (username, password, URL) in a boxed format with color.
• Cleanup: Added cleanup function to remove temporary directories ($SOURCE_DIR, $BUILD_DIR, $INSTALL_DIR) on script completion or error, with error trapping.

Changed

• Script Structure: Refactored the script into modular sections (Environment Setup, Version Management, Logging and Error Handling, System Checks, User and Group Management, Dependency Installation, Directory and Key Setup, Component Installation, System Configuration, Cleanup) for clarity and maintainability.
• Root Check: Replaced simple if condition with check_root function for better logging and consistency.
• Dependency Installation: Consolidated package installation into modular functions, removing hardcoded package lists and adding optional dependency warnings.
• Version Management: Replaced hardcoded version numbers with dynamic fetching from GitHub API, removing NOTUS_VERSION as notus-scanner is no longer installed.
• GPG Key Import: Enhanced import_signing_key and feed_validation with proper directory creation, ownership, and error handling.
• Component Installation: Standardized installation process with reusable functions, adding GPG signature verification for all components and handling special cases (e.g., gsa, ospd-openvas, openvasd).
• Redis Configuration: Improved perform_system_setup to copy Redis configuration with proper ownership and validation.
• Sudo Configuration: Rewrote setting_up_sudo_for_scanning to use a dedicated /etc/sudoers.d/gvm file with visudo validation, improving security.
• PostgreSQL Setup: Enhanced setting_up_postgresql with specific PostgreSQL version handling and role configuration.
• Admin User Setup: Improved setting_up_an_admin_user to securely store the admin password in a temporary file with restricted permissions.
• Systemd Services: Updated service files to remove notus-scanner and mosquitto dependencies, add openvasd service, and use SSL for gsad (--ssl-certificate and --ssl-private-key).
• Feed Synchronization: Wrapped greenbone-feed-sync in feed_synchronization with proper error handling.
• Service Startup: Consolidated service start and enable operations in start_openvas with logging and error handling.

Removed

• Notus Scanner: Removed installation and service configuration for notus-scanner as it is no longer required in the updated setup.
• Mosquitto MQTT Broker: Removed Mosquitto installation and configuration, including related service dependencies and openvas.conf settings (mqtt_server_uri, table_driven_lsc).
• Hardcoded Versions: Eliminated hardcoded version numbers for components, relying on dynamic version fetching.
• Manual ldconfig Call: Removed explicit ldconfig -v call as it is no longer necessary.
• Redundant Sudoers Check: Replaced inline grep check for sudoers with a more robust setting_up_sudo_for_scanning function.

Fixed

• Error Handling: Added comprehensive error handling for all commands, ensuring the script exits on failure with meaningful logs.
• Permission Issues: Ensured proper ownership (gvm:gvm) and permissions (e.g., chmod 6750 for gvmd, chmod 600 for sensitive files) for all directories, binaries, and configuration files.
• GPG Verification: Added missing GPG signature verification for all downloaded components.
• Service Dependencies: Corrected systemd service dependencies to reflect the removal of notus-scanner and mosquitto.
• Password Security: Secured admin password handling by storing it in a temporary file with restricted permissions and cleaning it up after use.

Security

• Secure File Handling: Applied strict permissions (chmod 600, chmod 640) to sensitive files like SSL certificates and password files.
• GPG Validation: Enforced GPG signature verification for all downloaded sources to prevent tampering.
• Sudo Configuration: Used a dedicated /etc/sudoers.d/gvm file with visudo validation to prevent syntax errors and ensure secure sudo access.

Notes

• The new script (openvas_install.sh) is designed to be more robust, secure, and maintainable.
• Users should replace self-signed SSL certificates with trusted ones for production environments, as warned in the generate_ssl_cert function.
• The script assumes a clean Debian 12 system and may require adjustments for existing OpenVAS installations.
• The admin password is temporarily stored in /tmp/gvm_admin_password during installation and removed afterward; users should change it post-installation using /usr/local/sbin/gvmd --user=admin --new-password=<new_password>.