OpenVAS
OpenVAS stands for Open Vulnerability Assessment System and is a network security scanner with associated tools like a graphical user front-end. The core component is a server with a set of network vulnerability tests (NVTs) to detect security problems in remote systems and applications.
Contents
Installation
Install the openvas package group from the official repositories. This group provides the openvas-cli command-line omp
interface and greenbone-security-assistant web interface via the gsad
daemon along with other OpenVAS dependencies.
Initial setup
Create a certificate for the server, choosing the default values if desired:
# openvas-mkcert
Create a client certificate:
# openvas-mkcert-client -n -i
Update the plugins and vulnerability data:
# openvas-nvt-sync # openvas-scapdata-sync # openvas-certdata-sync
Start the scanner service:
# systemctl start openvas-scanner
Rebuild the database:
# openvasmd --rebuild --progress
Add an administrator user account, be sure to copy the password:
# openvasmd --create-user=admin --role=Admin
Post-Install
Configure redis as prescribed by the OpenVAS redis configuration. In summary, amend the following to your /etc/redis.conf
unixsocket /var/lib/redis/redis.sock port 0 timeout 0
Create and add the following to /etc/openvas/openvassd.conf
kb_location = /var/lib/redis/redis.sock
Finally restart redis
# systemctl restart redis
Getting Started
Start the openvasmd
daemon
# openvasmd -p 9390 -a 127.0.0.1
Start the Greenbone Security Assistant WebUI (optional)
# gsad -f --listen=127.0.0.1 --mlisten=127.0.0.1 --mport=9390
Point your web browser to http://127.0.0.1 and login with your admin crendentials
Systemd
Redhat based systemd units are in an AUR package named openvas-systemdAUR. The contain a few tweaks such as better TLS settings.
Migration to new major versions
The database needs to be migrated when moving to a new major version:
# openvasmd --migrate --progress
See Also
- OpenVAS Official OpenVAS website.