OpenVAS
OpenVAS stands for Open Vulnerability Assessment System and is a network security scanner with associated tools like a graphical user front-end. The core component is a server with a set of network vulnerability tests (NVTs) to detect security problems in remote systems and applications.
Pre-install
PostgreSQL
Set up PostgreSQL before you continue.
Redis
Configure redis as prescribed by the OpenVAS redis configuration. In summary, amend the following to your /etc/redis.conf:
unixsocket /run/redis/redis.sock unixsocketperm 700 timeout 0 databases 128
OpenVAS redis configuration document on how to calculate the databases number.Finally restart redis.service.
Installation
Install the following packages to get a full OpenVAS setup, including manager, web frontend, scanner, and so on: ospdAUR package from the AUR openvas-scannerAUR package from the AUR ospd-openvasAUR package from the AUR gsaAUR package from the AUR gvmdAUR package from the AUR
ospdAUR needs to be installed before (Need to fix some dependencies) the other packages.
Initial setup
Setup the PostgreSQL DB for gvm:
# su -l postgres # createuser gvm # createdb -O gvm gvmd
Grant this user DBA roles:
# psql gvmd # create role dba with superuser noinherit; # grant dba to gvm; # create extension "uuid-ossp"; # \q # exit
Make sure to have the following sysctl configurations:
# echo "net.core.somaxconn = 1024" >> /etc/sysctl.d/90-openvas.conf # echo "vm.overcommit_memory = 1" >> /etc/sysctl.d/90-openvas.conf # sysctl -p
Before doing this check the values of somaxconn (normally this is 4096 for archlinux and doesn't need to be adjusted:
# sysctl -a | grep somaxconn
If this is the case just skip the first echo line.
Grant the gvm user access to the redis socket:
# usermod -aG redis gvm # echo "db_address = /run/redis/redis.sock" > /etc/openvas/openvas.conf # chown gvm:gvm /etc/openvas/openvas.conf
Update NVTs:
# su - gvm # greenbone-nvt-sync && sudo openvas --update-vt-info # exit
Update feeds:
# su - gvm # greenbone-feed-sync --type GVMD_DATA # greenbone-scapdata-sync --rsync # greenbone-certdata-sync --rsync # exit
You can enable the timers to update these data on a frequently basis:
# systemctl enable --now greenbone-nvt-sync.timer # systemctl enable --now greenbone-feed-sync.timer # systemctl enable --now greenbone-scapdata-sync.timer # systemctl enable --now greenbone-certdata-sync.timer
Create certificates for the server and clients, default values were used:
# su - gvm # gvm-manage-certs -a # exit
Add an administrator user account, be sure to copy the password:
# su - gvm # gvmd --create-user=admin --role=Admin # exit
You can also change the password of the user later on
# su - gvm # gvmd --user=admin --new-password=<password> # exit
Getting started
Start the services:
# systemctl start ospd-openvas # systemctl start gvmd # systemctl start gsad
Create the Scanner:
# su - gvm # gvmd --get-scanners
Copy the id of the OpenVAS Default scanner and run:
# gvmd --modify-scanner=id-of-scanner --scanner-host=/run/gvm/ospd.sock # gvmd --verify-scanner=id-of-scanner
Set the feed import user:
# gvmd --get-users --verbose
Copy the id of the admin user and run:
# gvmd --modify-setting 78eceaec-3385-11ea-b237-28d24461215b --value id-of-admin
Point your web browser to http://127.0.0.1 and login with your admin crendentials
gsad will bind to port 80. If you are already running a webserver, this will obviously cause problems. You can modify the ports and listen addresses in the file /etc/default/gsadSee also
- Wikipedia:OpenVAS
- OpenVAS Official OpenVAS website.