When performing vulnerability assessments it is essential to possess a vulnerability scanner and manager in order to automate the process of discovering vulnerabilities on hosts based on known CVEs. OpenVAS is an open source, free vulnerability scanner and manager that performs on par with Nessus based on recent comparisons that I have carried out. If you wish to build and install this tool please see below:
1. Download the following source files:
Libraries 8.0 beta 6 source files:
wget http://wald.intevation.org/frs/download.php/1922/openvas-libraries-8.0+beta6.tar.gz
Scanner 5.0 beta 6 source files:
wget http://wald.intevation.org/frs/download.php/1926/openvas-scanner-5.0+beta6.tar.gz
Manager 6.0 beta 6 source files:
wget http://wald.intevation.org/frs/download.php/1930/openvas-manager-6.0+beta6.tar.gz
Greenbone Security Assistant 6.0 beta 6 source files:
wget http://wald.intevation.org/frs/download.php/1934/greenbone-security-assistant-6.0+beta6.tar.gz
Commandline Interface (CLI) 1.4 beta 5 source files:
wget http://wald.intevation.org/frs/download.php/1882/openvas-cli-1.4+beta5.tar.gz
openvas-smb 1.0.0 source files:
wget http://wald.intevation.org/frs/download.php/1919/openvas-smb-1.0.0.tar.gz
2. Uncompressing the downloaded archives:
tar -zxvf archive_name.tar.gz
i.e. tar -zxvf openvas-libraries-8.0+beta5.tar.gz
3. Installing OpenVAS 8 dependencies:
apt-get install bison flex cmake pkg-config libssh-dev libgnutls-dev libglib2.0-dev libpcap-dev libgpgme11-dev uuid-dev libksba-dev libhiredis-dev libldap2-dev autoconf libsqlite3-dev libxml2-dev libmicrohttpd-dev xsltproc tcl rpm alien nsis gcc-mingw32 perl-base perl-base heimdal-dev heimdal-multidev libpopt-dev libxslt-dev
To Build Documentation:
apt-get install libsnmp-dev doxygen xmltoman sqlfairy
4. Enabling WMI support:
Change directory into the folder containing the openvas-smb 1.0.0 source files:
cd path_to_folder_containing_source_files
Create a folder named build and change directory into it:
mkdir build
cd build
Configure the build:
cmake path_to_folder_containing_source_files
Compile and install:
make
make doc
make install
make rebuild_cache
5. Compiling and installing the OpenVAS 8 components:
OpenVAS 8 components:
- Libraries 8.0 beta 6
- Scanner 5.0 beta 6
- Manager 6.0 beta 6
- Greenbone Security Assistant 6.0 beta 6
- Commandline Interface (CLI) 1.4 beta 5
Change directory into the folder containing the component's source files:
cd path_to_folder_containing_source_files
Create a folder named build and change directory into it:
mkdir build
cd build
Configure the build:
cmake path_to_folder_containing_source_files
Compile and install:
make
make doc
make install
make rebuild_cache
6. Download Redis 2.8.19:
wget http://download.redis.io/releases/redis-2.8.19.tar.gz
To install redis uncompress the archive:
tar -zxvf redis-2.8.19.tar.gz
Then compile the source files:
make
To test Redis is working correctly:
make test
To install Redis in /usr/local/bin:
make install
Create redis OpenVAS config file in /etc:
create /etc/redis.conf
The file should contain the below:
unixsocket /tmp/redis.sock
unixsocketperm 700
timeout 0
#DB = 1 + (#of parallel tasks) * (#of parallel hosts)
databases 128
#CLI = 1 + (#of parallel tasks) * (#of parallel hosts) * (#of concurrent NVTs)
maxclients 512
7. Configuring OpenVAS 8:
Initial Setup:
openvas-mkcert
openvas-mkcert-client -n -i
Update:
openvas-nvt-sync
openvas-scapdata-sync
openvas-certdata-sync
openvasmd --rebuild
Create Admin user:
openvasmd --create-user=enter_name --role=Admin
i.e. openvasmd --create-user=simon --role=Admin
8. Creating a bash script to start OpenVAS 8:
#!/bin/bash
cd /usr/local/sbin
./openvassd
echo -e "Open-VAS Scanner Started..."
./openvasmd
echo -e "Open-VAS Manager Started..."
./gsad
echo -e "Greenbone Security Assistant Started..."
echo -e "\nWelcome to OpenVAS 8"
cd /usr/local/bin
./redis-server /etc/redis.conf
Save the script as OpenVAS_Start and remember to make it executable:
chmod +x OpenVAS_Start
9. Checking OpenVAS 8 is set up correctly:
wget --no-check-certificate https://svn.wald.intevation.org/svn/openvas/trunk/tools/openvas-check-setup
Ensure that the script is executable:
chmod +x openvas-check-setup
Execute the script:
./openvas-check-setup --v8
10. Using the OpenVAS 8 web GUI:
Visit the following URL in your web browser:
https://server_domain_or_IP:9392
Categories