OpenVAS

From ArchWiki

Tango-edit-clear.pngThis article or section needs language, wiki syntax or style improvements. See Help:Style for reference.Tango-edit-clear.png

Reason: Various Help:Style issues (Discuss in Talk:OpenVAS)

OpenVAS stands for Open Vulnerability Assessment System and is a network security scanner with associated tools like a graphical user front-end. The core component is a server with a set of network vulnerability tests (NVTs) to detect security problems in remote systems and applications.

Pre-install

PostgreSQL

Set up PostgreSQL before you continue.

Redis

Configure Redis as prescribed by the OpenVAS redis configuration. In summary, amend the following to your /etc/redis/redis.conf:

port 0
unixsocket /run/redis/redis.sock
unixsocketperm 770
timeout 0
databases 128
Note: See the previous OpenVAS redis configuration document on how to calculate the databases number.

Finally restart redis.service.

Installation

Install the following packages to get a full OpenVAS setup, including manager, web frontend, scanner, and so on:

  1. ospdAUR package from the AUR (needs to be installed before (Need to fix some dependencies) the other packages.)
  2. openvas-scannerAUR package from the AUR
  3. ospd-openvasAUR package from the AUR
  4. gsaAUR package from the AUR
  5. gvmdAUR package from the AUR
  6. nmap package from Extra needs to be installed for the scanner to deliver proper results .
  7. texlive-most from Extra is needed for PDF report feature to work.

Initial setup

Setup the PostgreSQL DB for gvm:

# su -l postgres
# createuser gvm
# createdb -O gvm gvmd

Grant this user DBA roles:

# psql gvmd
# create role dba with superuser noinherit;
# grant dba to gvm;
# create extension "uuid-ossp";
# \q
# exit

Make sure to have the following sysctl configurations:

# echo "net.core.somaxconn = 1024" >> /etc/sysctl.d/90-openvas.conf
# echo "vm.overcommit_memory = 1" >> /etc/sysctl.d/90-openvas.conf
# sysctl -p /etc/sysctl.d/90-openvas.conf

Before doing this check the values of somaxconn (normally this is 4096 for Arch Linux and does not need to be adjusted:

# sysctl -a | grep somaxconn

If this is the case just skip the first echo line.

Grant the gvm user access to the redis socket:

# usermod -aG redis gvm
# echo "db_address = /run/redis/redis.sock" > /etc/openvas/openvas.conf
# chown gvm:gvm /etc/openvas/openvas.conf

Update NVTs:

# chown -R gvm:gvm /var/lib/openvas
# su - gvm
# greenbone-nvt-sync && openvas --update-vt-info
# exit

Update feeds:

# su - gvm
# greenbone-feed-sync --type GVMD_DATA
# greenbone-scapdata-sync --rsync
# greenbone-certdata-sync --rsync
# exit

You can enable the following timers to update these data on a frequently basis: greenbone-nvt-sync.timer, greenbone-feed-sync.timer, greenbone-scapdata-sync.timer, greenbone-certdata-sync.timer.

Create certificates for the server and clients, default values were used:

# su - gvm
# gvm-manage-certs -a
# exit

Add an administrator user account, be sure to copy the password:

# su - gvm
# gvmd --create-user=admin --role=Admin
# exit

You can also change the password of the user later on

# su - gvm
# gvmd --user=admin --new-password=<password>
# exit

Getting started

Start ospd-openvas.service, gvmd.service and gsad.service.

Create the Scanner:

# su - gvm
# gvmd --get-scanners

Copy the id of the OpenVAS Default scanner and run:

# gvmd --modify-scanner=id-of-scanner --scanner-host=/run/gvm/ospd.sock
# gvmd --verify-scanner=id-of-scanner

Set the feed import user:

# gvmd --get-users --verbose

Copy the id of the admin user and run:

# gvmd --modify-setting 78eceaec-3385-11ea-b237-28d24461215b --value id-of-admin

Point your web browser to http://127.0.0.1 and login with your admin crendentials

Note: By default, gsad will bind to port 80. If you are already running a webserver, this will obviously cause problems. You can modify the ports and listen addresses in the file /etc/default/gsad

See also