OpenVAS

March 12, 2017 | Views: 14777

Begin Learning Cyber Security for FREE Now!

FREE REGISTRATIONAlready a Member Login Here

The system

The OpenVAS is Linux-based vulnerability management system with web GUI.

Install the system

Default settings of operation system

The OpenVAS can be installed in any Linux systems, e.g. Ubuntu.

1. Upgrade operating system:

apt-get update && apt-get dist-upgrade

2. Set hostname with file:

vi /etc/hostname
   <name_of_server>

3. Set hostname with a command:

hostname <name_of_server>

4. Edit hosts file:

vi /etc/hosts
   <IP-address_of_server> <FQDN_of_server> <name_of_server>

5. Configure proxy:

export {http,https,ftp}_proxy=http://<IP-address_of_proxy>:<port_of_proxy>/
export RSYNC_PROXY=<IP-address_of_proxy>:<port_of_proxy>
vi /etc/profile.d/proxy.sh
   export {http,https,ftp}_proxy=http://<IP-address_of_proxy>:<port_of_proxy>/
   export RSYNC_PROXY=<IP-address_of_proxy>:<port_of_proxy>
chown root:root /etc/profile.d/proxy.sh
vi /etc/apt/apt.conf
   Acquire::http::Proxy "http://<IP-address_of_proxy>:<port_of_proxy>/";

The upgrades necessary to use rsync protocol (876 TCP port).

5. Install NTP:

apt-get install ntp

6. Set NTP:

vi /etc/ntp.conf
   server <IP-address_of_NTP_server>

7. Stop NTP daemon:

service ntp stop

8. Set date with NTP sync:

ntpdate -d <IP-address_of_NTP_server>

9. Start NTP daemon:

service ntp start

Install OpenVAS

1. Install with repository:

sudo su -
add-apt-repository ppa:mrazavi/openvas
apt-get update
apt-get install openvas sqlite3 graphviz texlive-latex-extra libldap2-dev libldap-2.4.2 ldap-utils

2. Upgrade and start OpenVAS:

  • OpenVAS 8:
openvas-nvt-sync
openvas-scapdata-sync
openvas-certdata-sync
service openvas-scanner restart
service openvas-manager restart
openvasmd --rebuild –-progress
  • OpenVAS 9:
openvas-nvt-sync
greenbone-scapdata-sync
greenbone-certdata-sync
service openvas-scanner restart
service openvas-manager restart
openvasmd --rebuild –-progress

Configure and using of system

Accessing the Web GUI

  • OpenVAS:

https://<IP-address_of_OpenVAS_server>:443

  • OpenVAS 9:

https://<IP-address_of_OpenVAS_server>:4000

The default username: admin, password: admin.

Change Admin Password

Administration → Users → Admin → Edit User → Password: New password

Save User

Configure LDAP and RADIUS Authentication

1. Create authentication file:

vi /var/lib/openvas/openvasmd/auth.conf
   [method:file]
   enable=true
   order=1
   [method:ldap_connect]
   enable=false
   order=2
   ldaphost=<IP-address_of_ldap_server>
   authdn=uid=%s,cn=<group>,o=<domainname>,c=<end_of_domainname>
   allow-plaintext=false
   [method:radius_connect]
   order=3
   enable=false
   radiushost=<IP-address_of_radius_server>
   radiuskey=<password>
chown root:root /var/lib/openvas/openvasmd/auth.conf

2. Configure authentication:

Administration → Users: Select authentication type (LDAP or RADIUS), and enter the communication data!

Upgrade system

Administration:

NVT Feed → Synchronize with…

SCAP Feed → Synchronize with…

CERT Feed → Synchronize with…

Configure Automatic Upgrade with crontab

vi /etc/cron.weekly/openvasupdate
  #!/bin/bash
  openvas-certdata-sync
  openvas-scapdata-sync
  openvas-nvt-sync
  openvasmd --rebuild
  logger -s "OpenVAS sync"
chmod ugo+x /etc/cron.weekly/openvasupdate

Configure user

Set time

Extras → My Settings → Edit My Settings → Timezone: Enter time zone

Remove scanner wizard

Extras → My Settings → Edit My Settings → Wizard Rows: 0

Scanning and reporting

Scan Management → Tasks → Wizard → Advanced Task Wizard:

Task name: Name of scanning

Scan Config: Depth of scanning (e.g. Full and Fast)

Target Host(s): Enter scanned hosts with comma

Create Task

Wait for end of task!

Done → PDF → Download

Add override

  • In task report:

Select taskAdd Override:

Hosts: Any (or enter hosts)

Put: Any

New Severity: Enter severity (e.g. Low or False Positive)!

Text: Enter reason or puprose of severity!

  • View and edit of overrides:

Scan ManagementOverrides

Automatic remove of reports

Scan Management → Tasks → Select task! → Edit Task → Auto Delete Reports → Automatically delete oldest reports but always keep newest 5 reports

Configure alerts

Configuration → Alerts → New Alert:

Or

Select old alert! → Edit Alert

Event: New status of task

Condition: Enter conditions

Method: Method of alert

Email: Alert to e-mail

System Logger: Alert to system log

Send to host: Alert report to host

SCP: Alert report with SCP

SNMP: Alert with SNMP trap

Community: Enter communityt (default: public)

Agent: localhost

Message: $e

Create Alert (or Save Alert)

OpenVAS CLI

Install OpenVAS CLI:

add-apt-repository ppa:mrazavi/openvas
apt-get update
apt-get install openvas-cli

Monitoring of host reports in Nagios-based monitoring systems (e.g. Check_MK): check_omp plugin.

Error handling

If task is not started

Scanner daemon is running?

systemctl status openvas-scanner

or

/etc/init.d/openvas-scanner status

If scanner daemon is not running, then start:

systemctl start openvas-scanner

or

/etc/init.d/openvas-scanner start

If plugin error in log

If plugin error in /var/log/openvas/openvassd.messages logfile, then delete scanner daemon cache:

rm -f /var/cache/openvas/*
service openvas-scanner restart

Search error descriptions in report

1. Download XML report!

2. Error count and error description: after „<errors><count>” string.

Share with Friends
FacebookTwitterLinkedInEmail
Use Cybytes and
Tip the Author!
Join
Share with Friends
FacebookTwitterLinkedInEmail
Ready to share your knowledge and expertise?
6 Comments
  1. Hi i’m trying to work on this tool but the problem is we are using dhcp server for ip’s i would like to get DNS NAME/host name/mac-address in openvas reports, As IP will be changing frequently.

    • Hi!

      It can be solved.

      E.g. add to the /etc/openvas/openvasd.conf: use_mac_addr.

      http://www.openvas.org/compendium/advanced-configuration-server.html

    • Create scanning mode with GUI:

      New scanning modes can be created per user account based on existing scanning mode.

      E.g. Scanning by MAC Address Instead of an IP address:
      – Configuration → Scan Config → To select the scanning mode (e.g. Full and fast)! → Clone → Edit Scan Config:
      – Name: Name of new scanning mode
      – Comment: Comment of new scanning mode
      – Edit Scanner Preferences:
      – use_mac_addr: yes
      – Save

      • Thanks for the response tried both the ways !! I tried adding use_mac_addr option through GUI but i do not see any mac-address listed in my openvas report,

        FYI:i’m using openvas-9 on kali-2017.1 version, so i have added use_mac_addr parameter in /etc/openvas/openvassd.conf

        it did not work so i tried with cloning scan config using GUI still i do not see Mac-address in generated report.

        Please Help

  2. I try using it but says low on memory 4 GB of ram and 100 GB of hard disk can you help me?

Comment on This

You must be logged in to post a comment.

Our Revolution

We believe Cyber Security training should be free, for everyone, FOREVER. Everyone, everywhere, deserves the OPPORTUNITY to learn, begin and grow a career in this fascinating field. Therefore, Cybrary is a free community where people, companies and training come together to give everyone the ability to collaborate in an open source way that is revolutionizing the cyber security educational experience.

Cybrary On The Go

Get the Cybrary app for Android for online and offline viewing of our lessons.

Get it on Google Play
 

Support Cybrary

Donate Here to Get This Month's Donor Badge

 
Skip to toolbar

We recommend always using caution when following any link

Are you sure you want to continue?

Continue
Cancel