OpenVAS

The printable version is no longer supported and may have rendering errors. Please update your browser bookmarks and please use the default browser print function instead.

This article or section needs language, wiki syntax or style improvements. See Help:Style for reference.

Reason: Various Help:Style issues (Discuss in Talk:OpenVAS)

OpenVAS stands for Open Vulnerability Assessment System and is a network security scanner with associated tools like a graphical user front-end. The core component is a server with a set of network vulnerability tests (NVTs) to detect security problems in remote systems and applications.

Pre-install

PostgreSQL

Set up PostgreSQL before you continue.

Redis

Configure Redis as prescribed by the OpenVAS redis configuration. In summary, amend the following to your /etc/redis/redis.conf:

port 0
unixsocket /run/redis/redis.sock
unixsocketperm 770
timeout 0
databases 128

Note: See the previous OpenVAS redis configuration document on how to calculate the databases number.

Finally restart redis.service.

Installation

Install the following packages to get a full OpenVAS setup, including manager, web frontend, scanner, and so on: ospd^AUR package from the AUR openvas-scanner^AUR package from the AUR ospd-openvas^AUR package from the AUR gsa^AUR package from the AUR gvmd^AUR package from the AUR

ospd^AUR needs to be installed before (Need to fix some dependencies) the other packages.

Initial setup

Setup the PostgreSQL DB for gvm:

# su -l postgres
# createuser gvm
# createdb -O gvm gvmd

Grant this user DBA roles:

# psql gvmd
# create role dba with superuser noinherit;
# grant dba to gvm;
# create extension "uuid-ossp";
# \q
# exit

Make sure to have the following sysctl configurations:

# echo "net.core.somaxconn = 1024" >> /etc/sysctl.d/90-openvas.conf
# echo "vm.overcommit_memory = 1" >> /etc/sysctl.d/90-openvas.conf
# sysctl -p /etc/sysctl.d/90-openvas.conf

Before doing this check the values of somaxconn (normally this is 4096 for archlinux and does not need to be adjusted:

# sysctl -a | grep somaxconn

If this is the case just skip the first echo line.

Grant the gvm user access to the redis socket:

# usermod -aG redis gvm
# echo "db_address = /run/redis/redis.sock" > /etc/openvas/openvas.conf
# chown gvm:gvm /etc/openvas/openvas.conf

Update NVTs:

# chown -R gvm:gvm /var/lib/openvas
# su - gvm
# greenbone-nvt-sync && sudo openvas --update-vt-info
# exit

Update feeds:

# su - gvm
# greenbone-feed-sync --type GVMD_DATA
# greenbone-scapdata-sync --rsync
# greenbone-certdata-sync --rsync
# exit

You can enable the timers to update these data on a frequently basis:

# systemctl enable --now greenbone-nvt-sync.timer
# systemctl enable --now greenbone-feed-sync.timer
# systemctl enable --now greenbone-scapdata-sync.timer
# systemctl enable --now greenbone-certdata-sync.timer

Create certificates for the server and clients, default values were used:

# su - gvm
# gvm-manage-certs -a
# exit

Add an administrator user account, be sure to copy the password:

# su - gvm
# gvmd --create-user=admin --role=Admin
# exit

You can also change the password of the user later on

# su - gvm
# gvmd --user=admin --new-password=<password>
# exit

Getting started

Start the services:

# systemctl start ospd-openvas
# systemctl start gvmd
# systemctl start gsad

Create the Scanner:

# su - gvm
# gvmd --get-scanners

Copy the id of the OpenVAS Default scanner and run:

# gvmd --modify-scanner=id-of-scanner --scanner-host=/run/gvm/ospd.sock
# gvmd --verify-scanner=id-of-scanner

Set the feed import user:

# gvmd --get-users --verbose

Copy the id of the admin user and run:

# gvmd --modify-setting 78eceaec-3385-11ea-b237-28d24461215b --value id-of-admin

Point your web browser to http://127.0.0.1 and login with your admin crendentials

Note: By default, gsad will bind to port 80. If you are already running a webserver, this will obviously cause problems. You can modify the ports and listen addresses in the file /etc/default/gsad