OpenVAS stands for Open Vulnerability Assessment System and is a network security scanner with associated tools like a graphical user front-end. The core component is a server with a set of network vulnerability tests (NVTs) to detect security problems in remote systems and applications.
Install the official repositories. This group provides the command-line
omp interface and web interface via the
gsad daemon along with other OpenVAS dependencies.
Create a certificate for the server, choosing the default values if desired:
Create a client certificate:
# openvas-mkcert-client -n -i
Update the plugins and vulnerability data:
# openvas-nvt-sync # openvas-scapdata-sync # openvas-certdata-sync
Start the scanner service:
# systemctl start openvas-scanner
Rebuild the database:
# openvasmd --rebuild --progress
Add an administrator user account, be sure to copy the password:
# openvasmd --create-user=admin --role=Admin
Configure OpenVAS redis configuration. In summary, amend the following to your /etc/redis.confas prescribed by the
unixsocket /var/lib/redis/redis.sock port 0 timeout 0
Create and add the following to /etc/openvas/openvassd.conf
kb_location = /var/lib/redis/redis.sock
# systemctl restart redis
# openvasmd -p 9390 -a 127.0.0.1
Start the Greenbone Security Assistant WebUI (optional)
# gsad -f --listen=127.0.0.1 --mlisten=127.0.0.1 --mport=9390
Point your web browser to http://127.0.0.1 and login with your admin crendentials
Redhat based systemd units are in an AUR package namedAUR. The contain a few tweaks such as better TLS settings.
Migration to new major versions
The database needs to be migrated when moving to a new major version:
# openvasmd --migrate --progress
- OpenVAS Official OpenVAS website.