Error Summary
-------------
Disk Requirements:
At least 28MB more space needed on the /boot filesystem.
The above error is due to the /boot partition being out of space. We can fix this issue by removing older unused Linux kernels. You could also increase the disk space, but that is a little more involved.
First we need to list which kernels we have installed.
The first thing we need to do is create an inventory file. This will contain a list of our servers along with the credentials.
touch hosts.txt
Now let’s encrypt the file with Ansible Vault.
ansible-vault encrypt hosts.txt
The file is now encrypted. To edit the file, we need to use `ansible-vault edit`. If you want to, you can configure the hosts.txt file and then encrypt it when you are finished.
ansible-vault edit hosts.txt
Now add some hosts. In this example we add the local Kali machine, because why not. If you have Ubuntu servers, replace debian with ubuntu.
[debian]
kali ansible_host=127.0.0.1 ansible_ssh_user=kali ansible_ssh_port=22 ansible_ssh_password='kali pass' ansible_become_pass='kali sudo pass'
Add as many hosts as you need. For sake of simplicity, we are only adding one, and it is our localhost.
Create Playbook
Create a new playbook.
vi debian_update.yml
Put the following into the playbook. Edit as desired. Change hosts to match the above hosts in the inventory/hosts file.
On the 3rd line it defines which group to run this playbook against. In this case debian.
This will check if a reboot is needed and reboot the machine. Reboots are usually needed when the kernel is updated
The 5th line contains `become: yes` this means that the playbook will use sudo. You can specify the sudo password in the hosts file `ansible_become_pass=sudopass` or with the -k or –ask-become options
The update and reboot are natively built into Ansible. Hence the ansible.builtin.
Run Playbook
Now that we have our inventory and playbook, we can upgrade our machines.
sudo: a terminal is required to read the password; either use the -S option to read from standard input or configure an askpass helper sudo: a password is required
To work around this, you can use the -t option. -q is not needed, but makes thing quieter.
Unfortunately, encrypting a file on Windows with a simple password is not super simple. While Windows does now support other compression formats (RAR, 7-Zip) it does not support encryption for them.
Currently, Windows natively supports the ZipCrypto algorithm. No AES. Note that the ZipCrypto algorithm is not considered secure, and shouldn’t be used for highly confidential data.
The following method, you will need 7-Zip to create the archive, but you won’t need it for decryption as Windows has built in support for ZipCrypto decryption.
To create the archive, you will need 7-Zip installed. Right click on your file/folder -> 7-Zip -> Add to Archive.
You should be presented with a similar window.
Change Archive format to zip Enter the password Ensure that the Encryption method is ZipCrypto Hit OK to create the Archive.
You can now transfer the password protected archive to a new machine. You’ll be prompted for the password when you extract the archive.
Currently OpenVAS needs PostgreSQL 16 on port 5432. If you have multiple versions of PostgreSQL, the lowest version will typically run on port 5432, and then they’ll increment from there. For example, if you have PostgreSQL 14, 15, and 16, 14 will run on port 5432, 15 on 5433, and 16 on 5434.
The quick fix is to edit the PostgreSQL config files, change the port numbers, restart PostgreSQL, and rerun gvm-setup.
vi /etc/postgresql/16/main/postgresql.conf
Change port number from 5434 to 5432
You will need to remove/disable/change the port for PostgreSQL 14
sudo apt remove postgresql-14
sudo systemctl restart postgresql@16-main.service
We can verify that PostgreSQL is running with netstat.
netstat -tulpn
We can see that the ports 5432 (PostgreSQL 16) and 5433 (PostgreSQL 15) are both running.
