Configure a deployed Scanner

Suggest Edits

After deploying the scanner, you should be able to access the scanner via SSH. Perform the following tasks to configure the scanner and link it to your Command Center portal.

Get the Linking Token

You will need a linking token in step 4, this can be found under the Zone you are linking the scanner to. Browse to Organization > Zones, locate the zone. Click the Scanner Link Token icon to copy the token to your buffer.

Alt text

Step 1 - Update and add the Ubuntu user to the docker group

Update the system:

sudo apt update && sudo apt dist-upgrade -y

Add the current user to the docker group:

sudo usermod -aG docker $USER && su $USER

Step 2 - install gvm-tools and pull images

Install gvm-tools globally:

sudo PIPX_HOME=/opt/pipx PIPX_BIN_DIR=/usr/local/bin pipx install gvm-tools

Make sure file permissions will allow for gvmd to write to the correct directory:

sudo chown ccscanner:ccscanner -R /etc/ccscanner/  
sudo chown 1001:1001 -R /etc/ccscanner/.gvm/  
sudo chmod 777 -R /etc/ccscanner/.gvm/

Using docker-compose, pull the images related to ccscanner:

docker-compose -f /etc/ccscanner/docker-compose-ccscanner.yml --profile disable pull

Step 3 - start the containers and setup the GVM admin

Using docker-compose, start the services:

docker-compose -f /etc/ccscanner/docker-compose-ccscanner.yml up -d

Create a new random password for the gvmd admin user:

docker-compose -f /etc/ccscanner/docker-compose-ccscanner.yml exec -u gvmd gvmd gvmd --user=admin --new-password=<password>

Edit the gvm-tools.conf for the ccscanner service account:

sudo vim /etc/ccscanner/.config/gvm-tools.conf

[gmp]  
username=admin  
password=new-password

Make sure the ccscanner service account has ownership:

sudo chown ccscanner:ccscanner /etc/ccscanner/.config/gvm-tools.conf

Step 4 - link the scanner and start the services

Link the scanner to Command Center:

sudo cclink -url https://ROOT_URL/ -token TOKEN_FROM_ZONE

Enable and start the ccscanner services:

sudo systemctl enable --now ccscanner.service cctaskmanager.service

To log into the GSA web UI, setup an ssh tunnel to the scanner:

ssh -L 9392:127.0.0.1:9392 firstname_lastname@scanner_ip

Now browse to: http://127.0.0.1:9392/login
Alt text

Step 5 - reboot for a clean startup

sudo reboot

Updated about 1 month ago