From ArchWiki
Revision as of 14:17, 26 May 2018 by Shibumi (talk | contribs) (moved redis installation from post-install to pre-install see also:
Jump to navigation Jump to search

Tango-edit-clear.pngThis article or section needs language, wiki syntax or style improvements. See Help:Style for reference.Tango-edit-clear.png

Reason: Various Help:Style issues (Discuss in Talk:OpenVAS#)

OpenVAS stands for Open Vulnerability Assessment System and is a network security scanner with associated tools like a graphical user front-end. The core component is a server with a set of network vulnerability tests (NVTs) to detect security problems in remote systems and applications.


Configure redis as prescribed by the OpenVAS redis configuration. In summary, amend the following to your /etc/redis.conf

unixsocket /var/lib/redis/redis.sock
unixsocketperm 700
port 0
timeout 0

Create and add the following to /etc/openvas/openvassd.conf

kb_location = /var/lib/redis/redis.sock

Finally restart redis

# systemctl restart redis


Install the openvas package group from the official repositories. This group provides the openvas-cli command-line omp interface and greenbone-security-assistant web interface via the gsad daemon along with other OpenVAS dependencies.

Initial setup

Create certificates for the server+client, default values were used

# openvas-manage-certs -a

Update the plugins and vulnerability data:

# greenbone-nvt-sync
# greenbone-scapdata-sync
# greenbone-certdata-sync

Note: If GSA complains that the scapdata database is missing, it may be necessary to use greenbone-scapdata-sync --refresh

Start the scanner service:

# systemctl start openvas-scanner

Rebuild the database:

# openvasmd --rebuild --progress

Add an administrator user account, be sure to copy the password:

# openvasmd --create-user=admin --role=Admin

Getting started

Start the openvasmd daemon

# openvasmd -p 9390 -a

Start the Greenbone Security Assistant WebUI (optional)

# gsad -f --listen= --mlisten= --mport=9390

Point your web browser to and login with your admin crendentials

Note: By default, gsad will bind to port 80. If you are already running a webserver, this will obviously cause problems. Pass the --port switch to gsad for an alternate port. Read the gsad man page for options like --http-only, --no-redirect, and more.
Note: The Greenbone Security Assistant WebUI requires the texlive-most package in order to provide PDF downloads of the reports.


Redhat based systemd units are in an AUR package named openvas-systemdAUR. The contain a few tweaks such as better TLS settings.

Migration to new major versions

The database needs to be migrated when moving to a new major version:

# openvasmd --migrate --progress

See also