#!/bin/bash # ============================================================================= # Security Scanner VM - Full Setup # Run this inside the VM as root to execute all scripts in order # ============================================================================= set -euo pipefail SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)" # --- Pre-flight checks --- if [[ "$(id -u)" -ne 0 ]]; then echo "[ERROR] This script must be run as root." >&2 exit 1 fi if [[ -z "${SCANNER_ADMIN_IPS:-}" ]]; then echo "[ERROR] Set SCANNER_ADMIN_IPS before running." >&2 echo " Example: export SCANNER_ADMIN_IPS='192.168.68.100, 192.168.68.101'" >&2 exit 1 fi echo "============================================" echo " Security Scanner VM - Full Setup" echo "============================================" echo "" echo " ADMIN_IPS: ${SCANNER_ADMIN_IPS}" echo " INTERNAL_NETS: ${SCANNER_INTERNAL_NETS:-10.0.0.0/8, 172.16.0.0/12, 192.168.0.0/16}" echo " DNS_SERVERS: ${SCANNER_DNS_SERVERS:-192.168.68.1}" echo "" SCRIPTS=( "01-system-harden.sh" "02-firewall.sh" "03-ssh-harden.sh" "04-install-tools.sh" "05-monitoring.sh" ) for script in "${SCRIPTS[@]}"; do SCRIPT_PATH="${SCRIPT_DIR}/${script}" if [[ ! -f "${SCRIPT_PATH}" ]]; then echo "[ERROR] Script not found: ${SCRIPT_PATH}" >&2 exit 1 fi echo "" echo ">>> Running ${script}..." bash "${SCRIPT_PATH}" echo ">>> ${script} completed." done echo "" echo "============================================" echo " Setup complete!" echo "============================================" echo "" echo " Next steps:" echo " 1. Add SSH key: /home/scanner-admin/.ssh/authorized_keys" echo " 2. Start OpenVAS: cd /opt/greenbone && docker compose up -d" echo " 3. Set OpenVAS password:" echo " docker compose exec -u gvmd gvmd gvmd --user=admin --new-password=" echo " 4. Reboot: shutdown -r now"