Home 0P3N Blog OpenVAS
Ready to Start Your Career?
Create Free Account
Tamas Szucss profile image
By: Tamas Szucs
March 12, 2017

OpenVAS

By: Tamas Szucs
March 12, 2017
Tamas Szucss profile image
By: Tamas Szucs
March 12, 2017

linux-openvas

The system

The OpenVAS is Linux-based vulnerability management system with web GUI.

Install the system

Default settings of operation system

The OpenVAS can be installed in any Linux systems, e.g. Ubuntu.

1. Upgrade operating system:

apt-get update && apt-get dist-upgrade

2. Set hostname with file:

vi /etc/hostname   <name_of_server>

3. Set hostname with a command:

hostname <name_of_server>

4. Edit hosts file:

vi /etc/hosts   <IP-address_of_server> <FQDN_of_server> <name_of_server>

5. Configure proxy:

export {http,https,ftp}_proxy=https://<IP-address_of_proxy>:<port_of_proxy>/export RSYNC_PROXY=<IP-address_of_proxy>:<port_of_proxy>vi /etc/profile.d/proxy.sh   export {http,https,ftp}_proxy=http://<IP-address_of_proxy>:<port_of_proxy>/   export RSYNC_PROXY=<IP-address_of_proxy>:<port_of_proxy>chown root:root /etc/profile.d/proxy.shvi /etc/apt/apt.conf   Acquire::http::Proxy "http://<IP-address_of_proxy>:<port_of_proxy>/";
The upgrades necessary to use rsync protocol (876 TCP port).

5. Install NTP:

apt-get install ntp

6. Set NTP:

vi /etc/ntp.conf   server <IP-address_of_NTP_server>

7. Stop NTP daemon:

service ntp stop

8. Set date with NTP sync:

ntpdate -d <IP-address_of_NTP_server>

9. Start NTP daemon:

service ntp start

Install OpenVAS

1. Install with repository:

sudo su -add-apt-repository ppa:mrazavi/openvasapt-get updateapt-get install openvas sqlite3 graphviz texlive-latex-extra libldap2-dev libldap-2.4.2 ldap-utils

2. Upgrade and start OpenVAS:

  • OpenVAS 8:
openvas-nvt-syncopenvas-scapdata-syncopenvas-certdata-syncservice openvas-scanner restartservice openvas-manager restartopenvasmd --rebuild –-progress
  • OpenVAS 9:
openvas-nvt-syncgreenbone-scapdata-syncgreenbone-certdata-syncservice openvas-scanner restartservice openvas-manager restartopenvasmd --rebuild –-progress

Configure and using of system

Accessing the Web GUI

  • OpenVAS:
https://<IP-address_of_OpenVAS_server>:443
  • OpenVAS 9:
https://<IP-address_of_OpenVAS_server>:4000The default username: admin, password: admin.

Change Admin Password

Administration → Users → Admin → Edit User → Password: New passwordSave User

Configure LDAP and RADIUS Authentication

1. Create authentication file:

vi /var/lib/openvas/openvasmd/auth.conf   [method:file]   enable=true   order=1   [method:ldap_connect]   enable=false   order=2   ldaphost=<IP-address_of_ldap_server>   authdn=uid=%s,cn=<group>,o=<domainname>,c=<end_of_domainname>   allow-plaintext=false   [method:radius_connect]   order=3   enable=false   radiushost=<IP-address_of_radius_server>   radiuskey=<password>chown root:root /var/lib/openvas/openvasmd/auth.conf

2. Configure authentication:

Administration → Users: Select authentication type (LDAP or RADIUS), and enter the communication data!

Upgrade system

Administration:NVT Feed → Synchronize with…SCAP Feed → Synchronize with…CERT Feed → Synchronize with…

Configure Automatic Upgrade with crontab

vi /etc/cron.weekly/openvasupdate #!/bin/bash  openvas-certdata-sync  openvas-scapdata-sync  openvas-nvt-sync  openvasmd --rebuild  logger -s "OpenVAS sync"chmod ugo+x /etc/cron.weekly/openvasupdate

Configure user

Set time

Extras → My Settings → Edit My Settings → Timezone: Enter time zone

Remove scanner wizard

Extras → My Settings → Edit My Settings → Wizard Rows: 0

Scanning and reporting

Scan Management → Tasks → Wizard → Advanced Task Wizard:Task name: Name of scanningScan Config: Depth of scanning (e.g. Full and Fast)Target Host(s): Enter scanned hosts with commaCreate TaskWait for end of task!– Done → PDF → Download

Add override

  • In task report:
Select taskAdd Override:Hosts: Any (or enter hosts)Put: AnyNew Severity: Enter severity (e.g. Low or False Positive)!Text: Enter reason or puprose of severity!
  • View and edit of overrides:
Scan ManagementOverrides

Automatic remove of reports

Scan Management → Tasks → Select task! → Edit Task → Auto Delete Reports → Automatically delete oldest reports but always keep newest 5 reports

Configure alerts

Configuration → Alerts → New Alert:OrSelect old alert! → Edit AlertEvent: New status of taskCondition: Enter conditionsMethod: Method of alertEmail: Alert to e-mailSystem Logger: Alert to system logSend to host: Alert report to hostSCP: Alert report with SCPSNMP: Alert with SNMP trapCommunity: Enter communityt (default: public)Agent: localhostMessage: $eCreate Alert (or Save Alert)

OpenVAS CLI

Install OpenVAS CLI:

add-apt-repository ppa:mrazavi/openvasapt-get updateapt-get install openvas-cli
Monitoring of host reports in Nagios-based monitoring systems (e.g. Check_MK): check_omp plugin.

Error handling

If task is not started

Scanner daemon is running?

systemctl status openvas-scanner
or
/etc/init.d/openvas-scanner status

If scanner daemon is not running, then start:

systemctl start openvas-scanner
or
/etc/init.d/openvas-scanner start

If plugin error in log

If plugin error in /var/log/openvas/openvassd.messages logfile, then delete scanner daemon cache:

rm -f /var/cache/openvas/*service openvas-scanner restart

Search error descriptions in report

1. Download XML report!

2. Error count and error description: after „<errors><count>” string.

Schedule Demo

Build your Cybersecurity or IT Career

Accelerate in your role, earn new certifications, and develop cutting-edge skills using the fastest growing catalog in the industry