OpenVAS is a framework of several services and tools offering a comprehensive and powerful vulnerability scanning and vulnerability management solution.
You can find all source packages for OpenVAS here.
first im gonna prepare system for openVAS;
sudo apt-get update
sudo apt-get install build-essential cmake bison flex libpcap-dev pkg-config libglib2.0-dev libgpgme11-dev uuid-dev \
sqlfairy xmltoman doxygen libssh-dev libksba-dev libldap2-dev \
libsqlite3-dev libmicrohttpd-dev libxml2-dev libxslt1-dev \
xsltproc clang rsync rpm nsis alien sqlite3 libhiredis-dev libgcrypt11-dev libgnutls28-dev redis-server texlive-latex-base
edited upon Thomas Frederiksen‘s suggestion
download sources;
wget http://wald.intevation.org/frs/download.php/2067/openvas-libraries-8.0.3.tar.gz
wget http://wald.intevation.org/frs/download.php/2071/openvas-scanner-5.0.3.tar.gz
wget http://wald.intevation.org/frs/download.php/2075/openvas-manager-6.0.3.tar.gz
wget http://wald.intevation.org/frs/download.php/2079/greenbone-security-assistant-6.0.3.tar.gz
wget http://wald.intevation.org/frs/download.php/1987/openvas-cli-1.4.0.tar.gz
open packages;
tar xvf greenbone-security-assistant-6.0.3.tar.gz
tar xvf openvas-libraries-8.0.3.tar.gz
tar xvf openvas-scanner-5.0.3.tar.gz
tar xvf openvas-manager-6.0.3.tar.gz
tar xvf openvas-cli-1.4.0.tar.gz
compile sources;
cd openvas-libraries-8.0.3
cmake .
make
make doc
sudo make install
cd ..
cd openvas-manager-6.0.3/
cmake .
make
make doc
sudo make install
cd ..
cd openvas-scanner-5.0.3/
cmake .
make
make doc
sudo make install
cd ..
cd openvas-cli-1.4.0/
cmake .
make
make doc
sudo make install
cd greenbone-security-assistant-6.0.3/
cmake .
make
make doc
sudo make install
configuration step;
sudo ldconfig
cd ~ && wget --no-check-certificate https://svn.wald.intevation.org/svn/openvas/trunk/tools/openvas-check-setup &&
chmod +x openvas-check-setup && sudo ./openvas-check-setup --v8
# Create openvas certificates:
sudo openvas-mkcert# NVT feed:
sudo openvas-nvt-sync#SCAP feed:
sudo openvas-scapdata-sync#CERT feed:
sudo openvas-certdata-sync# Generate client certificates:
sudo openvas-mkcert-client -n -i
# Signature checking of NVTs:
sudo apt-get install gnupg
wget http://www.openvas.org/OpenVAS_TI.asc
sudo gpg --homedir=/usr/local/etc/openvas/gnupg --gen-key
sudo gpg --homedir=/usr/local/etc/openvas/gnupg --import OpenVAS_TI.asc
sudo gpg --homedir=/usr/local/etc/openvas/gnupg --lsign-key 48DB4530
to help generate a lot of random bytes on another shell:
sudo dd if=/dev/zero of=/tmp/500m.tmp bs=500M count=5
or install haveged deamon:
sudo apt-get install haveged
# enable sign check:
echo "nasl_no_signature_check = no" >> /usr/local/etc/openvas/openvassd.conf
#Update portnames:
wget http://www.iana.org/assignments/service-names-port-numbers/service-names-port-numbers.xml
openvas-portnames-update service-names-port-numbers.xml
rm service-names-port-numbers.xml
# Create admin password:
sudo openvasmd --create-user=adminuser --role=Admin
write down the password
# Set passwd policy
sudo vim /usr/local/etc/openvas/pwpolicy.conf
# install nmap 5.51:
wget http://nmap.org/dist/nmap-5.51.6.tgz &&
tar xvf nmap-5.51.6.tgz &&
cd nmap-5.51.6 &&
./configure &&
make &&
make install
# Start OpenVAS Scanner
sudo openvassd
# Initialize the Database
sudo openvasmd --rebuild --progress
# Launch OpenVAS Scanner as root
openvassd
# Launch OpenVAS Manager daemon
openvasmd
# Launch OpenVAS Greenbone Security Assistant
gsad
configure redis-server with
http://download.redis.io/redis-stable/redis.conf
changes in redis.conf
unixsocket /tmp/redis.sock
unixsocketperm 777
dir /var/dump # create and chmod with root
comment and close below;
#repl-diskless-sync no
#repl-diskless-sync-delay 5
# repl-ping-slave-period 10
connect to website with “adminuser” and the password you wrote down:
https://localhost
Great tutorial, thx !
I just had to initilize the database (eg “sudo openvasmd –rebuild”) to be able to execute “openvas-portnames-update” because it was complaining about the tasks.db file that was missing.
if i copy
echo “nasl_no_signature_check = no” >> /usr/local/etc/openvas/openvassd.conf to the command-line there is a failure
bash: Syntax Error unexpected word ‘; &’
Did anybody help me ??
try with opening /usr/local/etc/openvas/openvassd.conf in editor and pasting “nasl_no_signature_check = no”
If you want to be able to use the PDF report feature, add texlive-latex-base to the initial dependency install list.
Hi Thanks a Lot. If ever you are in Mumbai couple of beers are on me 😉
btw: I am getting this error-
Rebuilding NVT cache… failed.
I tried googling but not yet able to solve this issue.
could be a certificate problem. recheck that step. and sure if i visit mumbai 🙂
Hi,
I’ve got the same issue :
in log file /usr/local/var/log/openvas/openvasmd.log :
OpenVAS Manager version 6.0.9 (DB revision 146)
md main: INFO:2017-01-04 09h45.37 utc:15314: rebuild_nvt_cache_retry: Reloading NVT cache
md main: INFO:2017-01-04 09h45.37 utc:15315: update_or_rebuild_nvt_cache: Rebuilding NVT cache
md main: INFO:2017-01-04 09h45.38 utc:15315: Updating NVT cache.
lib serv:WARNING:2017-01-04 09h45.38 utc:15315: openvas_server_connect: failed to connect to server: Connection refused
any idea ?
I’ve solve my pb… process openvasmd already running…
‘Killall openvasmd ‘
and then ‘openvasmd –rebuild –progress’
Thanks for your tutorial
thanks for writing down solution!
great tutorial but I can never get past the “not enough random bytes available….” even running sudo dd if=/dev/zero of=/tmp/500m.tmp bs=500M count=5 in another shell gets me nowhere….
you can try /dev/random
Hi folks,
we use OpenVAS8 with Debian8 on FujitsuServers-RX300S6 with VMware-ESXi5.5.
Our Problem is:
The GSA Session closed after 1 hour. Scans starts, but stopped at “1%”.
How can we change the session-timeout?
In openvas-check-setup.log are following variables:
max_hosts=30
max_checks=10
Where can we change these variables?
Regards
Werner
You should change those variables from configuration file; /etc/openvas/openvasd.conf
hello admin,
thank you,
but i don’t find the session-timeout-variable of the GSA-Session.
regards
werner