OpenVAS stands for Open Vulnerability Assessment System and is a network security scanner with associated tools like a graphical user front-end. The core component is a server with a set of network vulnerability tests (NVTs) to detect security problems in remote systems and applications.
Configure OpenVAS redis configuration. In summary, amend the following to your /etc/redis.confas prescribed by the
unixsocket /var/lib/redis/redis.sock unixsocketperm 700 port 0 timeout 0 databases 128
OpenVAS redis configurationdocument on how to calculate the
Additionally comment out the following (and similar)
save lines if present to avoid a stuck connection of the
save 900 1 save 300 10 save 60 10000
/etc/openvas/openvassd.conf and add the following:
db_address = /var/lib/redis/redis.sock
# systemctl restart redis
If running OpenVAS in a virtual machine or any other system having a low entropy, you can optionally install to gather more entropy. This is required for the key material used for the encrypted credentials saved within the
Alternatively installwhich provides , the Greenbone Vulnerability Manager ( ) and Greenbone Security Assistant (gsa) ) OpenVAS web frontend.
Create certificates for the server and clients, default values were used:
# gvm-manage-certs -a
Update the plugins and vulnerability data:
# greenbone-nvt-sync # greenbone-scapdata-sync # greenbone-certdata-sync
Add an administrator user account, be sure to copy the password:
# gvmd --create-user=admin --role=Admin
You can also change the password of the user later on
# gvmd --user=admin --new-password=<password>
# gvmd -p 9390 -a 127.0.0.1
Start the Greenbone Security Assistant WebUI (optional)
# gsad -f --listen=127.0.0.1 --mlisten=127.0.0.1 --mport=9390
Point your web browser to http://127.0.0.1 and login with your admin crendentials
gsadwill bind to port 80. If you are already running a webserver, this will obviously cause problems. Pass the
gsadfor an alternate port. Read the
gsadman page for options like
--no-redirect, and more.
Redhat based systemd units are in an AUR package namedAUR. The contain a few tweaks such as better TLS settings.
Migration to new major versions
The database needs to be migrated when moving to a new major version:
# gvmd --migrate