HOWTO : OpenVAS on Ubuntu Desktop 12.04 LTS
OpenVAS is a framework of several services and tools offering a comprehensive and powerful vulnerability scanning and vulnerability management solution.
Step 1 :
At the time of this writing, the "
or
Step 2 :
It will generate the following :
- Certification authority:
Certificate = /var/lib/openvas/CA/cacert.pem
Private key = /var/lib/openvas/private/CA/cakey.pem
- OpenVAS Server :
Certificate = /var/lib/openvas/CA/servercert.pem
Private key = /var/lib/openvas/private/CA/serverkey.pem
To sync the Network Vulnerability Tests (NVT) feed :
If you are using OpenVAS 6, you also need to sync the SCAP data :
After that you have to create a client certificate using the openvas-mkcert-client tool. If
Before going further, stop the following services :
It needs some time to fully start it, please be patient :
Migrate and rebuild the databases. It needs some time to finish :
To start it again but wait for some seconds before doing so as it need some time to shut down for the previous command :
To create a user "
You will be asked for the password. You need to use this username and password to login to the OpenVAS.
Step 3 :
Check if your setup is correct or not.
Stable builds -
or
Nightly builds -
Step 4 :
To run it. Point the Firefox to :
Step 5 :
To update it.
Step 6 (Optional) :
To start it manually instead of auto-run.
Start script -
Append the following to the file :
Stop script -
Append the following to the file :
To start the services :
To stop the services :
That's all! See you.
Step 1 :
At the time of this writing, the "
stable
" is version 5 while the "nightly builds
" is version 6.sudo add-apt-repository ppa:openvas/stable
or
sudo add-apt-repository ppa:openvas/nightly
sudo apt-get update
sudo apt-get install openvas-scanner openvas-manager openvas-administrator greenbone-security-assistant openvas-cli openvas-check-setup gsd
sudo apt-get install xsltproc sqlite3
Step 2 :
sudo openvas-mkcert
It will generate the following :
- Certification authority:
Certificate = /var/lib/openvas/CA/cacert.pem
Private key = /var/lib/openvas/private/CA/cakey.pem
- OpenVAS Server :
Certificate = /var/lib/openvas/CA/servercert.pem
Private key = /var/lib/openvas/private/CA/serverkey.pem
To sync the Network Vulnerability Tests (NVT) feed :
sudo openvas-nvt-sync
If you are using OpenVAS 6, you also need to sync the SCAP data :
sudo openvas-scapdata-sync
After that you have to create a client certificate using the openvas-mkcert-client tool. If
-n
is specified the tool doesn’t ask any questions and creates a certificate for the user "om
". The -i
parameter installs the certificate to be used with the OpenVAS manager.sudo openvas-mkcert-client -n om -i
Before going further, stop the following services :
sudo /etc/init.d/openvas-scanner stop
sudo /etc/init.d/openvas-manager stop
sudo /etc/init.d/openvas-administrator stop
sudo /etc/init.d/greenbone-security-assistant stop
It needs some time to fully start it, please be patient :
sudo openvassd
Migrate and rebuild the databases. It needs some time to finish :
sudo openvasmd --migrate
sudo openvasmd --rebuild
sudo killall openvassd
To start it again but wait for some seconds before doing so as it need some time to shut down for the previous command :
sudo /etc/init.d/openvas-scanner start
sudo /etc/init.d/openvas-manager start
sudo /etc/init.d/openvas-administrator restart
sudo /etc/init.d/greenbone-security-assistant restart
To create a user "
admin
" with the role of "Admin
" :sudo openvasad -c add_user -n admin -r Admin
You will be asked for the password. You need to use this username and password to login to the OpenVAS.
Step 3 :
Check if your setup is correct or not.
Stable builds -
sudo openvas-check-setup
or
Nightly builds -
sudo openvas-check-setup --v6
Step 4 :
To run it. Point the Firefox to :
https://localhost:9392/
Step 5 :
To update it.
sudo openvas-nvt-sync
Step 6 (Optional) :
To start it manually instead of auto-run.
Start script -
sudo -sH
nano /etc/init.d/openvas-start
Append the following to the file :
sudo /etc/init.d/openvas-scanner start
sudo /etc/init.d/openvas-manager start
sudo /etc/init.d/openvas-administrator restart
sudo /etc/init.d/greenbone-security-assistant restart
chmod +x /etc/init.d/openvas-start
Stop script -
sudo -sH
nano /etc/init.d/openvas-stop
Append the following to the file :
sudo /etc/init.d/openvas-scanner stop
sudo /etc/init.d/openvas-manager stop
sudo /etc/init.d/openvas-administrator stop
sudo /etc/init.d/greenbone-security-assistant stop
chmod +x /etc/init.d/openvas-stop
sudo update-rc.d openvas-scanner disable
sudo update-rc.d openvas-manager disable
sudo update-rc.d openvas-administrator disable
sudo update-rc.d greenbone-security-assistant disable
To start the services :
sudo /etc/init.d/openvas-start
To stop the services :
sudo /etc/init.d/openvas-stop
That's all! See you.