HOWTO : OpenVAS on Ubuntu Desktop 12.04 LTS

OpenVAS is a framework of several services and tools offering a comprehensive and powerful vulnerability scanning and vulnerability management solution.



Step 1 :



At the time of this writing, the "stable" is version 5 while the "nightly builds" is version 6.



sudo add-apt-repository ppa:openvas/stable



or



sudo add-apt-repository ppa:openvas/nightly



sudo apt-get update

sudo apt-get install openvas-scanner openvas-manager openvas-administrator greenbone-security-assistant openvas-cli openvas-check-setup gsd



sudo apt-get install xsltproc sqlite3




Step 2 :



sudo openvas-mkcert



It will generate the following :



- Certification authority:

  Certificate = /var/lib/openvas/CA/cacert.pem

  Private key = /var/lib/openvas/private/CA/cakey.pem



- OpenVAS Server :

  Certificate = /var/lib/openvas/CA/servercert.pem

  Private key = /var/lib/openvas/private/CA/serverkey.pem



To sync the Network Vulnerability Tests (NVT) feed :



sudo openvas-nvt-sync



If you are using OpenVAS 6, you also need to sync the SCAP data :



sudo openvas-scapdata-sync



After that you have to create a client certificate using the openvas-mkcert-client tool. If -n is specified the tool doesn’t ask any questions and creates a certificate for the user "om". The -i parameter installs the certificate to be used with the OpenVAS manager.



sudo openvas-mkcert-client -n om -i



Before going further, stop the following services :



sudo /etc/init.d/openvas-scanner stop

sudo /etc/init.d/openvas-manager stop

sudo /etc/init.d/openvas-administrator stop

sudo /etc/init.d/greenbone-security-assistant stop




It needs some time to fully start it, please be patient :



sudo openvassd



Migrate and rebuild the databases. It needs some time to finish :



sudo openvasmd --migrate

sudo openvasmd --rebuild



sudo killall openvassd




To start it again but wait for some seconds before doing so as it need some time to shut down for the previous command :



sudo /etc/init.d/openvas-scanner start

sudo /etc/init.d/openvas-manager start

sudo /etc/init.d/openvas-administrator restart

sudo /etc/init.d/greenbone-security-assistant restart




To create a user "admin" with the role of "Admin" :



sudo openvasad -c add_user -n admin -r Admin



You will be asked for the password. You need to use this username and password to login to the OpenVAS.



Step 3 :



Check if your setup is correct or not.



Stable builds -

sudo openvas-check-setup



or



Nightly builds -

sudo openvas-check-setup --v6



Step 4 :



To run it. Point the Firefox to :



https://localhost:9392/



Step 5 :



To update it.



sudo openvas-nvt-sync



Step 6 (Optional) :



To start it manually instead of auto-run.



Start script -

sudo -sH

nano /etc/init.d/openvas-start




Append the following to the file :



sudo /etc/init.d/openvas-scanner start

sudo /etc/init.d/openvas-manager start

sudo /etc/init.d/openvas-administrator restart

sudo /etc/init.d/greenbone-security-assistant restart




chmod +x /etc/init.d/openvas-start



Stop script -



sudo -sH

nano /etc/init.d/openvas-stop




Append the following to the file :



sudo /etc/init.d/openvas-scanner stop

sudo /etc/init.d/openvas-manager stop

sudo /etc/init.d/openvas-administrator stop

sudo /etc/init.d/greenbone-security-assistant stop




chmod +x /etc/init.d/openvas-stop



sudo update-rc.d openvas-scanner disable

sudo update-rc.d openvas-manager disable

sudo update-rc.d openvas-administrator disable

sudo update-rc.d greenbone-security-assistant disable




To start the services :



sudo /etc/init.d/openvas-start



To stop the services :



sudo /etc/init.d/openvas-stop



That's all! See you.