OpenVAS

From ArchWiki
Jump to navigation Jump to search

Tango-edit-clear.pngThis article or section needs language, wiki syntax or style improvements. See Help:Style for reference.Tango-edit-clear.png

Reason: Various Help:Style issues (Discuss in Talk:OpenVAS)

OpenVAS stands for Open Vulnerability Assessment System and is a network security scanner with associated tools like a graphical user front-end. The core component is a server with a set of network vulnerability tests (NVTs) to detect security problems in remote systems and applications.

Pre-install

PostgreSQL

Set up PostgreSQL before you continue.

Redis

Configure Redis as prescribed by the OpenVAS redis configuration. In summary, amend the following to your /etc/redis/redis.conf:

port 0
unixsocket /run/redis/redis.sock
unixsocketperm 770
timeout 0
databases 128
Note: See the previous OpenVAS redis configuration document on how to calculate the databases number.

Finally restart redis.service.

Installation

Install the following packages to get a full OpenVAS setup, including manager, web frontend, scanner, and so on: ospdAUR package from the AUR openvas-scannerAUR package from the AUR ospd-openvasAUR package from the AUR gsaAUR package from the AUR gvmdAUR package from the AUR

ospdAUR needs to be installed before (Need to fix some dependencies) the other packages.

Initial setup

Setup the PostgreSQL DB for gvm:

# su -l postgres
# createuser gvm
# createdb -O gvm gvmd

Grant this user DBA roles:

# psql gvmd
# create role dba with superuser noinherit;
# grant dba to gvm;
# create extension "uuid-ossp";
# \q
# exit

Make sure to have the following sysctl configurations:

# echo "net.core.somaxconn = 1024" >> /etc/sysctl.d/90-openvas.conf
# echo "vm.overcommit_memory = 1" >> /etc/sysctl.d/90-openvas.conf
# sysctl -p /etc/sysctl.d/90-openvas.conf

Before doing this check the values of somaxconn (normally this is 4096 for archlinux and does not need to be adjusted:

# sysctl -a | grep somaxconn

If this is the case just skip the first echo line.

Grant the gvm user access to the redis socket:

# usermod -aG redis gvm
# echo "db_address = /run/redis/redis.sock" > /etc/openvas/openvas.conf
# chown gvm:gvm /etc/openvas/openvas.conf

Update NVTs:

# chown -R gvm:gvm /var/lib/openvas
# su - gvm
# greenbone-nvt-sync && sudo openvas --update-vt-info
# exit

Update feeds:

# su - gvm
# greenbone-feed-sync --type GVMD_DATA
# greenbone-scapdata-sync --rsync
# greenbone-certdata-sync --rsync
# exit

You can enable the timers to update these data on a frequently basis:

# systemctl enable --now greenbone-nvt-sync.timer
# systemctl enable --now greenbone-feed-sync.timer
# systemctl enable --now greenbone-scapdata-sync.timer
# systemctl enable --now greenbone-certdata-sync.timer

Create certificates for the server and clients, default values were used:

# su - gvm
# gvm-manage-certs -a
# exit

Add an administrator user account, be sure to copy the password:

# su - gvm
# gvmd --create-user=admin --role=Admin
# exit

You can also change the password of the user later on

# su - gvm
# gvmd --user=admin --new-password=<password>
# exit

Getting started

Start the services:

# systemctl start ospd-openvas
# systemctl start gvmd
# systemctl start gsad

Create the Scanner:

# su - gvm
# gvmd --get-scanners

Copy the id of the OpenVAS Default scanner and run:

# gvmd --modify-scanner=id-of-scanner --scanner-host=/run/gvm/ospd.sock
# gvmd --verify-scanner=id-of-scanner

Set the feed import user:

# gvmd --get-users --verbose

Copy the id of the admin user and run:

# gvmd --modify-setting 78eceaec-3385-11ea-b237-28d24461215b --value id-of-admin

Point your web browser to http://127.0.0.1 and login with your admin crendentials

Note: By default, gsad will bind to port 80. If you are already running a webserver, this will obviously cause problems. You can modify the ports and listen addresses in the file /etc/default/gsad

See also