From ArchWiki
Jump to: navigation, search

Tango-edit-clear.pngThis article or section needs language, wiki syntax or style improvements.Tango-edit-clear.png

Reason: Various Help:Style issues (Discuss in Talk:OpenVAS#)

OpenVAS stands for Open Vulnerability Assessment System and is a network security scanner with associated tools like a graphical user front-end. The core component is a server with a set of network vulnerability tests (NVTs) to detect security problems in remote systems and applications.


Install the openvas package group from the official repositories. This group provides the openvas-cli command-line omp interface and greenbone-security-assistant web interface via the gsad daemon along with other OpenVAS dependencies.

Initial setup

Create a certificate for the server, choosing the default values if desired:

# openvas-mkcert

Create a client certificate:

# openvas-mkcert-client -n -i

Update the plugins and vulnerability data:

# openvas-nvt-sync
# openvas-scapdata-sync
# openvas-certdata-sync

Start the scanner service:

# systemctl start openvas-scanner

Rebuild the database:

# openvasmd --rebuild --progress

Add an administrator user account, be sure to copy the password:

# openvasmd --create-user=admin --role=Admin


Configure redis as prescribed by the OpenVAS redis configuration. In summary, amend the following to your /etc/redis.conf

unixsocket /var/lib/redis/redis.sock
port 0
timeout 0

Create and add the following to /etc/openvas/openvassd.conf

kb_location = /var/lib/redis/redis.sock

Finally restart redis

# systemctl restart redis

Getting Started

Start the openvasmd daemon

# openvasmd -p 9390 -a

Start the Greenbone Security Assistant WebUI (optional)

# gsad -f --listen= --mlisten= --mport=9390

Point your web browser to and login with your admin crendentials

Note: By default, gsad will bind to port 80. If you are already running a webserver, this will obviously cause problems. Pass the --port switch to gsad for an alternate port. Read the gsad man page for options like --http-only, --no-redirect, and more.


Redhat based systemd units are in an AUR package named openvas-systemdAUR. The contain a few tweaks such as better TLS settings.

Migration to new major versions

The database needs to be migrated when moving to a new major version:

# openvasmd --migrate --progress

See Also