
Ready to Start Your Career?

By: Tamas Szucs
March 12, 2017
OpenVAS
By: Tamas Szucs
March 12, 2017

By: Tamas Szucs
March 12, 2017
The system
The OpenVAS is Linux-based vulnerability management system with web GUI.Install the system
Default settings of operation system
The OpenVAS can be installed in any Linux systems, e.g. Ubuntu.
1. Upgrade operating system:
apt-get update && apt-get dist-upgrade
2. Set hostname with file:
vi /etc/hostname <name_of_server>
3. Set hostname with a command:
hostname <name_of_server>
4. Edit hosts file:
vi /etc/hosts <IP-address_of_server> <FQDN_of_server> <name_of_server>
5. Configure proxy:
export {http,https,ftp}_proxy=https://<IP-address_of_proxy>:<port_of_proxy>/export RSYNC_PROXY=<IP-address_of_proxy>:<port_of_proxy>vi /etc/profile.d/proxy.sh export {http,https,ftp}_proxy=http://<IP-address_of_proxy>:<port_of_proxy>/ export RSYNC_PROXY=<IP-address_of_proxy>:<port_of_proxy>chown root:root /etc/profile.d/proxy.shvi /etc/apt/apt.conf Acquire::http::Proxy "http://<IP-address_of_proxy>:<port_of_proxy>/";
The upgrades necessary to use rsync protocol (876 TCP port).5. Install NTP:
apt-get install ntp
6. Set NTP:
vi /etc/ntp.conf server <IP-address_of_NTP_server>
7. Stop NTP daemon:
service ntp stop
8. Set date with NTP sync:
ntpdate -d <IP-address_of_NTP_server>
9. Start NTP daemon:
service ntp start
Install OpenVAS
1. Install with repository:
sudo su -add-apt-repository ppa:mrazavi/openvasapt-get updateapt-get install openvas sqlite3 graphviz texlive-latex-extra libldap2-dev libldap-2.4.2 ldap-utils
2. Upgrade and start OpenVAS:
- OpenVAS 8:
openvas-nvt-syncopenvas-scapdata-syncopenvas-certdata-syncservice openvas-scanner restartservice openvas-manager restartopenvasmd --rebuild –-progress
- OpenVAS 9:
openvas-nvt-syncgreenbone-scapdata-syncgreenbone-certdata-syncservice openvas-scanner restartservice openvas-manager restartopenvasmd --rebuild –-progress
Configure and using of system
Accessing the Web GUI
- OpenVAS:
- OpenVAS 9:
Change Admin Password
– Administration → Users → Admin → Edit User → Password: New password– Save UserConfigure LDAP and RADIUS Authentication
1. Create authentication file:
vi /var/lib/openvas/openvasmd/auth.conf [method:file] enable=true order=1 [method:ldap_connect] enable=false order=2 ldaphost=<IP-address_of_ldap_server> authdn=uid=%s,cn=<group>,o=<domainname>,c=<end_of_domainname> allow-plaintext=false [method:radius_connect] order=3 enable=false radiushost=<IP-address_of_radius_server> radiuskey=<password>chown root:root /var/lib/openvas/openvasmd/auth.conf
2. Configure authentication:
– Administration → Users: Select authentication type (LDAP or RADIUS), and enter the communication data!Upgrade system
– Administration:– NVT Feed → Synchronize with…– SCAP Feed → Synchronize with…– CERT Feed → Synchronize with…Configure Automatic Upgrade with crontab
vi /etc/cron.weekly/openvasupdate #!/bin/bash openvas-certdata-sync openvas-scapdata-sync openvas-nvt-sync openvasmd --rebuild logger -s "OpenVAS sync"chmod ugo+x /etc/cron.weekly/openvasupdate
Configure user
– Extras → My Settings → Edit My Settings → Timezone: Enter time zoneRemove scanner wizard
– Extras → My Settings → Edit My Settings → Wizard Rows: 0Scanning and reporting
– Scan Management → Tasks → Wizard → Advanced Task Wizard:– Task name: Name of scanning– Scan Config: Depth of scanning (e.g. Full and Fast)– Target Host(s): Enter scanned hosts with comma– Create TaskWait for end of task!– Done → PDF → DownloadAdd override
- In task report:
- View and edit of overrides:
Automatic remove of reports
– Scan Management → Tasks → Select task! → Edit Task → Auto Delete Reports → Automatically delete oldest reports but always keep newest 5 reportsConfigure alerts
– Configuration → Alerts → New Alert:Or– Select old alert! → Edit Alert– Event: New status of task– Condition: Enter conditions– Method: Method of alert– Email: Alert to e-mail– System Logger: Alert to system log– Send to host: Alert report to host– SCP: Alert report with SCP– SNMP: Alert with SNMP trap– Community: Enter communityt (default: public)– Agent: localhost– Message: $e– Create Alert (or Save Alert)OpenVAS CLI
Install OpenVAS CLI:
add-apt-repository ppa:mrazavi/openvasapt-get updateapt-get install openvas-cli
Monitoring of host reports in Nagios-based monitoring systems (e.g. Check_MK): check_omp plugin.Error handling
If task is not started
Scanner daemon is running?
systemctl status openvas-scanner
or/etc/init.d/openvas-scanner status
If scanner daemon is not running, then start:
systemctl start openvas-scanner
or/etc/init.d/openvas-scanner start
If plugin error in log
If plugin error in /var/log/openvas/openvassd.messages logfile, then delete scanner daemon cache:
rm -f /var/cache/openvas/*service openvas-scanner restart
Search error descriptions in report
1. Download XML report!
2. Error count and error description: after „<errors><count>” string.
Build your Cybersecurity or IT Career
Accelerate in your role, earn new certifications, and develop cutting-edge skills using the fastest growing catalog in the industry