
By: Tamas Szucs
March 12, 2017
OpenVAS

By: Tamas Szucs
March 12, 2017
The system
The OpenVAS is Linux-based vulnerability management system with web GUI.Install the system
Default settings of operation system
The OpenVAS can be installed in any Linux systems, e.g. Ubuntu.
1. Upgrade operating system:
2. Set hostname with file:
3. Set hostname with a command:
4. Edit hosts file:
5. Configure proxy:
5. Install NTP:
6. Set NTP:
7. Stop NTP daemon:
8. Set date with NTP sync:
9. Start NTP daemon:
Install OpenVAS
1. Install with repository:
2. Upgrade and start OpenVAS:
- OpenVAS 8:
- OpenVAS 9:
Configure and using of system
Accessing the Web GUI
- OpenVAS:
- OpenVAS 9:
Change Admin Password
– Administration → Users → Admin → Edit User → Password: New password– Save UserConfigure LDAP and RADIUS Authentication
1. Create authentication file:
2. Configure authentication:
– Administration → Users: Select authentication type (LDAP or RADIUS), and enter the communication data!Upgrade system
– Administration:– NVT Feed → Synchronize with…– SCAP Feed → Synchronize with…– CERT Feed → Synchronize with…Configure Automatic Upgrade with crontab
Configure user
– Extras → My Settings → Edit My Settings → Timezone: Enter time zoneRemove scanner wizard
– Extras → My Settings → Edit My Settings → Wizard Rows: 0Scanning and reporting
– Scan Management → Tasks → Wizard → Advanced Task Wizard:– Task name: Name of scanning– Scan Config: Depth of scanning (e.g. Full and Fast)– Target Host(s): Enter scanned hosts with comma– Create TaskWait for end of task!– Done → PDF → DownloadAdd override
- In task report:
- View and edit of overrides:
Automatic remove of reports
– Scan Management → Tasks → Select task! → Edit Task → Auto Delete Reports → Automatically delete oldest reports but always keep newest 5 reportsConfigure alerts
– Configuration → Alerts → New Alert:Or– Select old alert! → Edit Alert– Event: New status of task– Condition: Enter conditions– Method: Method of alert– Email: Alert to e-mail– System Logger: Alert to system log– Send to host: Alert report to host– SCP: Alert report with SCP– SNMP: Alert with SNMP trap– Community: Enter communityt (default: public)– Agent: localhost– Message: $e– Create Alert (or Save Alert)OpenVAS CLI
Install OpenVAS CLI:
Error handling
If task is not started
Scanner daemon is running?
If scanner daemon is not running, then start:
If plugin error in log
If plugin error in /var/log/openvas/openvassd.messages logfile, then delete scanner daemon cache:
Search error descriptions in report
1. Download XML report!
2. Error count and error description: after „<errors><count>” string.