INSTALLATION INSTRUCTIONS FOR OPENVAS-MANAGER
=============================================

Please note: The reference system used by the developers is Debian
GNU/Linux 'Lenny' 5.0.  The build might fail on any other systems.  Also
it is necessary to install dependent development packages.


Compiling openvas-manager
-------------------------

Prerequisites:
* cmake
* glib-2.0
* gnutls
* libuuid (from e2fsprogs)
* openvas-libraries 4.0+rc3 or greater
* sqlite3
* pkg-config

Prerequisites for building documentation:
* Doxygen
* xmltoman (optional, for building man page)
* sqlfairy (optional, for producing database diagram)

Please see the section "Prerequisites for Optional Features" below additional
optional prerequisites.

If you have installed required libraries to a non-standard location, remember to
set the PKG_CONFIG_PATH environment variable to the location of you pkg-config
files before configuring:

    $ export PKG_CONFIG_PATH=$PKG_CONFIG_PATH:/your/location/lib/pkgconfig

Then configure the build with

    $ cmake -DCMAKE_INSTALL_PREFIX=/path/to/your/installation .

or (if you want to use the default installation path /usr/local)

    $ cmake .

This only needs to be done once.  Note: It is assumed that the other
OpenVAS components are installed to the same path.  If not, you need to set
some paths separately, see below for details.

Thereafter, the following commands are useful.

    $ make                # build the manager
    $ make doc            # build the documentation
    $ make doc-full       # build more developer-oriented documentation
    $ make install        # install the build
    $ make rebuild_cache  # rebuild the make system cache

In case you want to install openvas-manager to a different path from the
other OpenVAS modules, you might need to set some paths explicitly
before running cmake:

Adjust any values in the Variables section of CMakeLists.txt: The
variables OPENVAS_LIB_INSTALL_DIR and OPENVAS_HEADER_INSTALL_DIR can be
enabled and edited in order to link to a custom installation of OpenVAS.
The certificate and key locations in OPENVAS_SERVER_CERTIFICATE,
OPENVAS_SERVER_KEY, OPENVAS_CLIENT_CERTIFICATE, OPENVAS_CLIENT_KEY and
OPENVAS_CA_CERTIFICATE may also need modifying.


Certificate Generation
----------------------

Note that the manager always connects to the scanner as user "om" and
uses certificate based authentication exclusively.  This means that you
have to create this user, generate the certificate and key for this user
and provide them to the manager.  The easiest way to do this is to use
the "openvas-mkcert-client" script provided by the openvas-scanner
module.  You can create the user "om", generate the certificates,
register the user with the OpenVAS scanner and install the client
certificates into the proper location for use with openvas-manager with
a single command:

    $ openvas-mkcert-client -n om -i

Or you can call the script without parameters if you want to have finer
control over the process:

    $ openvas-mkcert-client

If you did not use the "-i" option described above, the script will
create the client certificate and key in a temporary directory.  In order
to have the manager use the certificate and key, you have to copy the
files into a specific location.  Change into the temporary directory
created by openvas-mkcert-client and execute the following commands:

    $ cp key_om.pem /var/lib/openvas/private/CA/clientkey.pem
    $ cp cert_om.pem /var/lib/openvas/CA/clientcert.pem

Please note that the target directory in the commands above might have
to be prefixed with the prefix you have set earlier.


Creating a administrator user for OpenVAS
-----------------------------------------

You can create a administrator user in two ways, either
via the OpenVAS Administrator command line tool "openvasad":

$ openvasad -c add_user --name=myuser --password=mypw --role=Admin

or via the OpenVAS Scanner script tool "openvas-adduser":

$ openvas-adduser
[ ... follow the guide ... ]
$ touch /var/lib/openvas/users/myuser/isadmin

A administrator user can later create further users or
administrators via clients like the Greenbone Security Assistant (GSA).

Also, the new user can change her password via GSA.


Initializing the Database
-------------------------

Now you can initialize the OpenVAS Manager database.
You need a running OpenVAS Scanner (openvassd) for this
as the Manager will retrieve all NVT details from the Scanner.
Run this command if you are using the default ports:
 
$ openvasmd --rebuild

This command can be repeated anytime to update the database
with updated NVT data, regardless of whether openvasmd already
runs as a service in the background or not.


Migrating the Database
----------------------

If you have used Manager before, you might need to migrate
the database to the current data model. Use this command
to run the migration:

$ openvasmd --migrate


Prerequisites for Optional Features
-----------------------------------

Certain features of the Manager also require some programs at run time:

Prerequisites for generating PDF reports:
* pdflatex

Prerequisites for generating HTML reports:
* xsltproc

Prerequisites for generating credentials RPM / DEB packages:
* rpm
* fakeroot
* alien

Prerequisites for generating credentials .exe packages:
* makensis (usually distributed as part of nsis)

Prerequisites for generating system reports:
* A program in the PATH, with usage "openvasmr seconds type", where
  seconds is the number of seconds before now that the report covers,
  and type is the type of report.  When called with type "titles" the
  script must print a list of possible types, where the name of the
  type is everything up to the first space and everything else is a
  title for the report.  When called with one of these types openvasmr
  must print a PNG in base64 encoding.  When called with the special
  type "blank", openvasmr must print a PNG in base64 for the Manager to
  use when a request for one of the titled types fails.  openvasmr may
  indicate failure by simply refraining from printing.

Prerequisites for signature verification:
* gnupg

Prerequisites for HTTP escalators:
* wget
