0P3N Blog Blog Post
Ready to Start Your Career?
Create Free Account
By: Tamas Szucs
March 12, 2017

OpenVAS

By: Tamas Szucs
March 12, 2017
By: Tamas Szucs
March 12, 2017

linux-openvas

The system

The OpenVAS is Linux-based vulnerability management system with web GUI.

Install the system

Default settings of operation system

The OpenVAS can be installed in any Linux systems, e.g. Ubuntu.

1. Upgrade operating system:

apt-get update && apt-get dist-upgrade

2. Set hostname with file:

vi /etc/hostname   <name_of_server>

3. Set hostname with a command:

hostname <name_of_server>

4. Edit hosts file:

vi /etc/hosts   <IP-address_of_server> <FQDN_of_server> <name_of_server>

5. Configure proxy:

export {http,https,ftp}_proxy=https://<IP-address_of_proxy>:<port_of_proxy>/export RSYNC_PROXY=<IP-address_of_proxy>:<port_of_proxy>vi /etc/profile.d/proxy.sh   export {http,https,ftp}_proxy=http://<IP-address_of_proxy>:<port_of_proxy>/   export RSYNC_PROXY=<IP-address_of_proxy>:<port_of_proxy>chown root:root /etc/profile.d/proxy.shvi /etc/apt/apt.conf   Acquire::http::Proxy "http://<IP-address_of_proxy>:<port_of_proxy>/";
The upgrades necessary to use rsync protocol (876 TCP port).

5. Install NTP:

apt-get install ntp

6. Set NTP:

vi /etc/ntp.conf   server <IP-address_of_NTP_server>

7. Stop NTP daemon:

service ntp stop

8. Set date with NTP sync:

ntpdate -d <IP-address_of_NTP_server>

9. Start NTP daemon:

service ntp start

Install OpenVAS

1. Install with repository:

sudo su -add-apt-repository ppa:mrazavi/openvasapt-get updateapt-get install openvas sqlite3 graphviz texlive-latex-extra libldap2-dev libldap-2.4.2 ldap-utils

2. Upgrade and start OpenVAS:

  • OpenVAS 8:
openvas-nvt-syncopenvas-scapdata-syncopenvas-certdata-syncservice openvas-scanner restartservice openvas-manager restartopenvasmd --rebuild –-progress
  • OpenVAS 9:
openvas-nvt-syncgreenbone-scapdata-syncgreenbone-certdata-syncservice openvas-scanner restartservice openvas-manager restartopenvasmd --rebuild –-progress

Configure and using of system

Accessing the Web GUI

  • OpenVAS:
https://<IP-address_of_OpenVAS_server>:443
  • OpenVAS 9:
https://<IP-address_of_OpenVAS_server>:4000The default username: admin, password: admin.

Change Admin Password

Administration → Users → Admin → Edit User → Password: New passwordSave User

Configure LDAP and RADIUS Authentication

1. Create authentication file:

vi /var/lib/openvas/openvasmd/auth.conf   [method:file]   enable=true   order=1   [method:ldap_connect]   enable=false   order=2   ldaphost=<IP-address_of_ldap_server>   authdn=uid=%s,cn=<group>,o=<domainname>,c=<end_of_domainname>   allow-plaintext=false   [method:radius_connect]   order=3   enable=false   radiushost=<IP-address_of_radius_server>   radiuskey=<password>chown root:root /var/lib/openvas/openvasmd/auth.conf

2. Configure authentication:

Administration → Users: Select authentication type (LDAP or RADIUS), and enter the communication data!

Upgrade system

Administration:NVT Feed → Synchronize with…SCAP Feed → Synchronize with…CERT Feed → Synchronize with…

Configure Automatic Upgrade with crontab

vi /etc/cron.weekly/openvasupdate #!/bin/bash  openvas-certdata-sync  openvas-scapdata-sync  openvas-nvt-sync  openvasmd --rebuild  logger -s "OpenVAS sync"chmod ugo+x /etc/cron.weekly/openvasupdate

Configure user

Set time

Extras → My Settings → Edit My Settings → Timezone: Enter time zone

Remove scanner wizard

Extras → My Settings → Edit My Settings → Wizard Rows: 0

Scanning and reporting

Scan Management → Tasks → Wizard → Advanced Task Wizard:Task name: Name of scanningScan Config: Depth of scanning (e.g. Full and Fast)Target Host(s): Enter scanned hosts with commaCreate TaskWait for end of task!– Done → PDF → Download

Add override

  • In task report:
Select taskAdd Override:Hosts: Any (or enter hosts)Put: AnyNew Severity: Enter severity (e.g. Low or False Positive)!Text: Enter reason or puprose of severity!
  • View and edit of overrides:
Scan ManagementOverrides

Automatic remove of reports

Scan Management → Tasks → Select task! → Edit Task → Auto Delete Reports → Automatically delete oldest reports but always keep newest 5 reports

Configure alerts

Configuration → Alerts → New Alert:OrSelect old alert! → Edit AlertEvent: New status of taskCondition: Enter conditionsMethod: Method of alertEmail: Alert to e-mailSystem Logger: Alert to system logSend to host: Alert report to hostSCP: Alert report with SCPSNMP: Alert with SNMP trapCommunity: Enter communityt (default: public)Agent: localhostMessage: $eCreate Alert (or Save Alert)

OpenVAS CLI

Install OpenVAS CLI:

add-apt-repository ppa:mrazavi/openvasapt-get updateapt-get install openvas-cli
Monitoring of host reports in Nagios-based monitoring systems (e.g. Check_MK): check_omp plugin.

Error handling

If task is not started

Scanner daemon is running?

systemctl status openvas-scanner
or
/etc/init.d/openvas-scanner status

If scanner daemon is not running, then start:

systemctl start openvas-scanner
or
/etc/init.d/openvas-scanner start

If plugin error in log

If plugin error in /var/log/openvas/openvassd.messages logfile, then delete scanner daemon cache:

rm -f /var/cache/openvas/*service openvas-scanner restart

Search error descriptions in report

1. Download XML report!

2. Error count and error description: after „<errors><count>” string.

Do you like to write about your infosec knowledge, skills, opinions, or exploits?

Blog Icon

Publish your original research, tutorials, articles, or other written content on Cybray's blog to be seen by thousands of infosec readers daily!

Build your Cybersecurity or IT Career

Accelerate in your role, earn new certifications, and develop cutting-edge skills using the fastest growing catalog in the industry