HOWTO : OpenVAS on Ubuntu Desktop 12.04 LTS
OpenVAS is a framework of several services and tools offering a comprehensive and powerful vulnerability scanning and vulnerability management solution.
Step 1 :
At the time of this writing, the "stable" is version 5 while the "nightly builds" is version 6.
sudo add-apt-repository ppa:openvas/stable
or
sudo add-apt-repository ppa:openvas/nightly
sudo apt-get update
sudo apt-get install openvas-scanner openvas-manager openvas-administrator greenbone-security-assistant openvas-cli openvas-check-setup gsd
sudo apt-get install xsltproc sqlite3
Step 2 :
sudo openvas-mkcert
It will generate the following :
- Certification authority:
Certificate = /var/lib/openvas/CA/cacert.pem
Private key = /var/lib/openvas/private/CA/cakey.pem
- OpenVAS Server :
Certificate = /var/lib/openvas/CA/servercert.pem
Private key = /var/lib/openvas/private/CA/serverkey.pem
To sync the Network Vulnerability Tests (NVT) feed :
sudo openvas-nvt-sync
If you are using OpenVAS 6, you also need to sync the SCAP data :
sudo openvas-scapdata-sync
After that you have to create a client certificate using the openvas-mkcert-client tool. If -n is specified the tool doesn’t ask any questions and creates a certificate for the user "om". The -i parameter installs the certificate to be used with the OpenVAS manager.
sudo openvas-mkcert-client -n om -i
Before going further, stop the following services :
sudo /etc/init.d/openvas-scanner stop
sudo /etc/init.d/openvas-manager stop
sudo /etc/init.d/openvas-administrator stop
sudo /etc/init.d/greenbone-security-assistant stop
It needs some time to fully start it, please be patient :
sudo openvassd
Migrate and rebuild the databases. It needs some time to finish :
sudo openvasmd --migrate
sudo openvasmd --rebuild
sudo killall openvassd
To start it again but wait for some seconds before doing so as it need some time to shut down for the previous command :
sudo /etc/init.d/openvas-scanner start
sudo /etc/init.d/openvas-manager start
sudo /etc/init.d/openvas-administrator restart
sudo /etc/init.d/greenbone-security-assistant restart
To create a user "admin" with the role of "Admin" :
sudo openvasad -c add_user -n admin -r Admin
You will be asked for the password. You need to use this username and password to login to the OpenVAS.
Step 3 :
Check if your setup is correct or not.
Stable builds -
sudo openvas-check-setup
or
Nightly builds -
sudo openvas-check-setup --v6
Step 4 :
To run it. Point the Firefox to :
https://localhost:9392/
Step 5 :
To update it.
sudo openvas-nvt-sync
Step 6 (Optional) :
To start it manually instead of auto-run.
Start script -
sudo -sH
nano /etc/init.d/openvas-start
Append the following to the file :
sudo /etc/init.d/openvas-scanner start
sudo /etc/init.d/openvas-manager start
sudo /etc/init.d/openvas-administrator restart
sudo /etc/init.d/greenbone-security-assistant restart
chmod +x /etc/init.d/openvas-start
Stop script -
sudo -sH
nano /etc/init.d/openvas-stop
Append the following to the file :
sudo /etc/init.d/openvas-scanner stop
sudo /etc/init.d/openvas-manager stop
sudo /etc/init.d/openvas-administrator stop
sudo /etc/init.d/greenbone-security-assistant stop
chmod +x /etc/init.d/openvas-stop
sudo update-rc.d openvas-scanner disable
sudo update-rc.d openvas-manager disable
sudo update-rc.d openvas-administrator disable
sudo update-rc.d greenbone-security-assistant disable
To start the services :
sudo /etc/init.d/openvas-start
To stop the services :
sudo /etc/init.d/openvas-stop
Bind service to 0.0.0.0
cd /lib/systemd/system
Files are: greenbone-security-assistant.service, openvas-manager.service and openvas-scanner.service.
To make it quick you may want to use sed. This line will replace all 127.0.0.1 to 0.0.0.0 which will allow all services be avaliable on all interfaces. You should replace 0.0.0.0 to the address of your choice.
sed -e 's/127.0.0.1/0.0.0.0/g' greenbone-security-assistant.service openvas-manager.service openvas-scanner.service
Verify, that all will be done as you want. If you're happy with the changes, just add -i to the end of previous command.
sed -e 's/127.0.0.1/0.0.0.0/g' greenbone-security-assistant.service openvas-manager.service openvas-scanner.service -i
Lastly you need to reload daemons, since you've made changes to files and restart services.
systemctl daemon-reload
systemctl restart greenbone-security-assistant.service openvas-manager.service openvas-scanner.service
Verify, that all services are listening on desired host:
ss -nalt
OR edit config :
/etc/default/openvas-scanner
/etc/default/openvas-manager
/etc/default/openvas-administrator
/etc/default/greenbone-security-assistant
That's all! See you.
Read More
OpenVAS is a framework of several services and tools offering a comprehensive and powerful vulnerability scanning and vulnerability management solution.
Step 1 :
At the time of this writing, the "stable" is version 5 while the "nightly builds" is version 6.
sudo add-apt-repository ppa:openvas/stable
or
sudo add-apt-repository ppa:openvas/nightly
sudo apt-get update
sudo apt-get install openvas-scanner openvas-manager openvas-administrator greenbone-security-assistant openvas-cli openvas-check-setup gsd
sudo apt-get install xsltproc sqlite3
Step 2 :
sudo openvas-mkcert
It will generate the following :
- Certification authority:
Certificate = /var/lib/openvas/CA/cacert.pem
Private key = /var/lib/openvas/private/CA/cakey.pem
- OpenVAS Server :
Certificate = /var/lib/openvas/CA/servercert.pem
Private key = /var/lib/openvas/private/CA/serverkey.pem
To sync the Network Vulnerability Tests (NVT) feed :
sudo openvas-nvt-sync
If you are using OpenVAS 6, you also need to sync the SCAP data :
sudo openvas-scapdata-sync
After that you have to create a client certificate using the openvas-mkcert-client tool. If -n is specified the tool doesn’t ask any questions and creates a certificate for the user "om". The -i parameter installs the certificate to be used with the OpenVAS manager.
sudo openvas-mkcert-client -n om -i
Before going further, stop the following services :
sudo /etc/init.d/openvas-scanner stop
sudo /etc/init.d/openvas-manager stop
sudo /etc/init.d/openvas-administrator stop
sudo /etc/init.d/greenbone-security-assistant stop
It needs some time to fully start it, please be patient :
sudo openvassd
Migrate and rebuild the databases. It needs some time to finish :
sudo openvasmd --migrate
sudo openvasmd --rebuild
sudo killall openvassd
To start it again but wait for some seconds before doing so as it need some time to shut down for the previous command :
sudo /etc/init.d/openvas-scanner start
sudo /etc/init.d/openvas-manager start
sudo /etc/init.d/openvas-administrator restart
sudo /etc/init.d/greenbone-security-assistant restart
To create a user "admin" with the role of "Admin" :
sudo openvasad -c add_user -n admin -r Admin
You will be asked for the password. You need to use this username and password to login to the OpenVAS.
Step 3 :
Check if your setup is correct or not.
Stable builds -
sudo openvas-check-setup
or
Nightly builds -
sudo openvas-check-setup --v6
Step 4 :
To run it. Point the Firefox to :
https://localhost:9392/
Step 5 :
To update it.
sudo openvas-nvt-sync
Step 6 (Optional) :
To start it manually instead of auto-run.
Start script -
sudo -sH
nano /etc/init.d/openvas-start
Append the following to the file :
sudo /etc/init.d/openvas-scanner start
sudo /etc/init.d/openvas-manager start
sudo /etc/init.d/openvas-administrator restart
sudo /etc/init.d/greenbone-security-assistant restart
chmod +x /etc/init.d/openvas-start
Stop script -
sudo -sH
nano /etc/init.d/openvas-stop
Append the following to the file :
sudo /etc/init.d/openvas-scanner stop
sudo /etc/init.d/openvas-manager stop
sudo /etc/init.d/openvas-administrator stop
sudo /etc/init.d/greenbone-security-assistant stop
chmod +x /etc/init.d/openvas-stop
sudo update-rc.d openvas-scanner disable
sudo update-rc.d openvas-manager disable
sudo update-rc.d openvas-administrator disable
sudo update-rc.d greenbone-security-assistant disable
To start the services :
sudo /etc/init.d/openvas-start
To stop the services :
sudo /etc/init.d/openvas-stop
Bind service to 0.0.0.0
cd /lib/systemd/system
Files are: greenbone-security-assistant.service, openvas-manager.service and openvas-scanner.service.
To make it quick you may want to use sed. This line will replace all 127.0.0.1 to 0.0.0.0 which will allow all services be avaliable on all interfaces. You should replace 0.0.0.0 to the address of your choice.
sed -e 's/127.0.0.1/0.0.0.0/g' greenbone-security-assistant.service openvas-manager.service openvas-scanner.service
Verify, that all will be done as you want. If you're happy with the changes, just add -i to the end of previous command.
sed -e 's/127.0.0.1/0.0.0.0/g' greenbone-security-assistant.service openvas-manager.service openvas-scanner.service -i
Lastly you need to reload daemons, since you've made changes to files and restart services.
systemctl daemon-reload
systemctl restart greenbone-security-assistant.service openvas-manager.service openvas-scanner.service
Verify, that all services are listening on desired host:
ss -nalt
OR edit config :
/etc/default/openvas-scanner
/etc/default/openvas-manager
/etc/default/openvas-administrator
/etc/default/greenbone-security-assistant
That's all! See you.
