OpenVAS
OpenVAS stands for Open Vulnerability Assessment System and is a network security scanner with associated tools like a graphical user front-end. The core component is a server with a set of network vulnerability tests (NVTs) to detect security problems in remote systems and applications.
Pre-install
PostgreSQL
Set up PostgreSQL before you continue.
Redis
Configure Redis as prescribed by the OpenVAS redis configuration. In summary, amend the following to your /etc/redis/redis.conf
:
port 0 unixsocket /run/redis/redis.sock unixsocketperm 770 timeout 0 databases 128
OpenVAS redis configuration
document on how to calculate the databases
number.Finally restart redis.service
.
Installation
Install the following packages to get a full OpenVAS setup, including manager, web frontend, scanner, and so on:
- ospdAUR package from the AUR (needs to be installed before (Need to fix some dependencies) the other packages.)
- openvas-scannerAUR package from the AUR
- ospd-openvasAUR package from the AUR
- gsaAUR package from the AUR
- gvmdAUR package from the AUR
- nmap package from Extra needs to be installed for the scanner to deliver proper results .
- texlive-most from Extra is needed for PDF report feature to work.
Initial setup
Setup the PostgreSQL DB for gvm:
# su -l postgres # createuser gvm # createdb -O gvm gvmd
Grant this user DBA roles:
# psql gvmd # create role dba with superuser noinherit; # grant dba to gvm; # create extension "uuid-ossp"; # \q # exit
Make sure to have the following sysctl configurations:
# echo "net.core.somaxconn = 1024" >> /etc/sysctl.d/90-openvas.conf # echo "vm.overcommit_memory = 1" >> /etc/sysctl.d/90-openvas.conf # sysctl -p /etc/sysctl.d/90-openvas.conf
Before doing this check the values of somaxconn (normally this is 4096 for Arch Linux and does not need to be adjusted:
# sysctl -a | grep somaxconn
If this is the case just skip the first echo line.
Grant the gvm user access to the redis socket:
# usermod -aG redis gvm # echo "db_address = /run/redis/redis.sock" > /etc/openvas/openvas.conf # chown gvm:gvm /etc/openvas/openvas.conf
Update NVTs:
# chown -R gvm:gvm /var/lib/openvas # su - gvm # greenbone-nvt-sync && openvas --update-vt-info # exit
Update feeds:
# su - gvm # greenbone-feed-sync --type GVMD_DATA # greenbone-scapdata-sync --rsync # greenbone-certdata-sync --rsync # exit
You can enable the following timers to update these data on a frequently basis: greenbone-nvt-sync.timer
, greenbone-feed-sync.timer
, greenbone-scapdata-sync.timer
, greenbone-certdata-sync.timer
.
Create certificates for the server and clients, default values were used:
# su - gvm # gvm-manage-certs -a # exit
Add an administrator user account, be sure to copy the password:
# su - gvm # gvmd --create-user=admin --role=Admin # exit
You can also change the password of the user later on
# su - gvm # gvmd --user=admin --new-password=<password> # exit
Getting started
Start ospd-openvas.service
, gvmd.service
and gsad.service
.
Create the Scanner:
# su - gvm # gvmd --get-scanners
Copy the id of the OpenVAS Default scanner and run:
# gvmd --modify-scanner=id-of-scanner --scanner-host=/run/gvm/ospd.sock # gvmd --verify-scanner=id-of-scanner
Set the feed import user:
# gvmd --get-users --verbose
Copy the id of the admin user and run:
# gvmd --modify-setting 78eceaec-3385-11ea-b237-28d24461215b --value id-of-admin
Point your web browser to http://127.0.0.1 and login with your admin crendentials
gsad
will bind to port 80. If you are already running a webserver, this will obviously cause problems. You can modify the ports and listen addresses in the file /etc/default/gsadSee also
- Wikipedia:OpenVAS
- OpenVAS Official OpenVAS website.