OpenVAS stands for Open Vulnerability Assessment System and is a network security scanner with associated tools like a graphical user front-end. The core component is a server with a set of network vulnerability tests (NVTs) to detect security problems in remote systems and applications.
Install the official repositories. This group provides the command-line
omp interface and web interface via the
gsad daemon along with other OpenVAS dependencies.
Create certificates for the server+client, default values were used
# openvas-manage-certs -a
Update the plugins and vulnerability data:
# greenbone-nvt-sync # greenbone-scapdata-sync # greenbone-certdata-sync
Start the scanner service:
# systemctl start openvas-scanner
Rebuild the database:
# openvasmd --rebuild --progress
Add an administrator user account, be sure to copy the password:
# openvasmd --create-user=admin --role=Admin
Configure OpenVAS redis configuration. In summary, amend the following to your /etc/redis.confas prescribed by the
unixsocket /var/lib/redis/redis.sock unixsocketperm 700 port 0 timeout 0
Create and add the following to /etc/openvas/openvassd.conf
kb_location = /var/lib/redis/redis.sock
# systemctl restart redis
# openvasmd -p 9390 -a 127.0.0.1
Start the Greenbone Security Assistant WebUI (optional)
# gsad -f --listen=127.0.0.1 --mlisten=127.0.0.1 --mport=9390
Point your web browser to http://127.0.0.1 and login with your admin crendentials
gsadwill bind to port 80. If you are already running a webserver, this will obviously cause problems. Pass the
gsadfor an alternate port. Read the
gsadman page for options like
--no-redirect, and more.
Redhat based systemd units are in an AUR package namedAUR. The contain a few tweaks such as better TLS settings.
Migration to new major versions
The database needs to be migrated when moving to a new major version:
# openvasmd --migrate --progress