OpenVAS stands for Open Vulnerability Assessment System and is a network security scanner with associated tools like a graphical user front-end. The core component is a server with a set of network vulnerability tests (NVTs) to detect security problems in remote systems and applications.
Install the official repositories. This group provides the command-line
omp interface and web interface via the
gsad daemon along with other OpenVAS dependencies.
Create a certificate for the server, choosing the default values if desired:
Create a client certificate:
# openvas-mkcert-client -n -i
Update the plugins and vulnerability data:
# openvas-nvt-sync # openvas-scapdata-sync # openvas-certdata-sync
Start the scanner service:
# systemctl start openvas-scanner
Rebuild the database:
# openvasmd --rebuild --progress
Add an administrator user account, be sure to copy the password:
# openvasmd --create-user=admin --role=Admin
Configure OpenVAS redis configuration. In summary, amend the following to your /etc/redis.confas prescribed by the
unixsocket /var/lib/redis/redis.sock port 0 timeout 0
Create and add the following to /etc/openvas/openvassd.conf
kb_location = /var/lib/redis/redis.sock
# systemctl restart redis
# openvasmd -p 9390 -a 127.0.0.1
Start the Greenbone Security Assistant WebUI (optional)
# gsad -f --listen=127.0.0.1 --mlisten=127.0.0.1 --mport=9390
Point your web browser to http://127.0.0.1 and login with your admin crendentials
Redhat based systemd units are in an AUR package namedAUR. The contain a few tweaks such as better TLS settings.
At the time of writing, there are no service files provided with the
gsad. Until they are added, consider using and customizing the following service files to ease the deployment of a streamlined OpenVAS system:
$ cat /usr/lib/systemd/system/openvas-manager.service [Unit] Description = OpenVAS Manager Wants = openvas-scanner.service After = network.target [Service] ExecStart = /usr/bin/openvasmd --foreground -p 9390 -a 127.0.0.1 [Install] WantedBy = multi-user.target
$ cat /usr/lib/systemd/system/gsa.service [Unit] Description = Greenbone Security Assistant After = network.target [Service] ExecStart = /usr/bin/gsad --foreground [Install] WantedBy = multi-user.target
Finally, start/enable your newly created
gsa services in addition to
openvas-scanner if you haven't already started it.
Migration to new major versions
The database needs to be migrated when moving to a new major version:
# openvasmd --migrate --progress
- OpenVAS Official OpenVAS website.