Installing OpenVas 4.0 on Ubuntu 10.04

OpenVas 4.0 was released at the end of March, I have been busy and have not had a chance to fire up the production release. Today I built it from source using one of my test VPS servers. What follows is a quick summary of the process. I think I covered all the steps, however if you are not sure what you are doing you might want to test the Virtual Server or live cd version or try building this on a test Ubuntu virtual build that takes about 10 mins to get going (VirtualBox rocks – “apt-get install virtualbox-ose”).

Lets get going, we are going to build a server version from source on Ubuntu 10.04 LTS, will give 11.04 a go in the near future. These packages should get you going.

apt-get install build-essential cmake doxygen uuid libgpgme11 libgpgme11-dev libpcap0.8-dev libpcap0.8 uuid-dev pkg-config libglib2.0* autoconf libgnutls-dev bison sqlite3 libsqlite3-dev xsltproc libxslt1-dev libmicrohttpd-dev xmltoman

Information for getting the wmi library built is here, the following is a fast summary.

wget http://www.openvas.org/download/wmi/wmi-1.3.14.tar.bz2

tar xjvf wmi-1.3.14.tar.bz2

To enable the WMI integration in OpenVAS, a patch needs to be applied to the
source you just downloaded.

wget http://www.openvas.org/download/wmi/openvas-wmi-1.3.14.patch

Copy the patch to the wmi-1.3.14 directory you just created and apply the patch
with the following command:

$ patch -p1 < openvas-wmi-1.3.14.patch

In the wmi-1.3.14 directory, execute the following commands:
cd Samba/source
./autogen.sh
./configure
make proto all
make libraries

bash install-libwmiclient.sh

Now we should be good to go on the main application building.

wget http://wald.intevation.org/frs/download.php/862/openvas-scanner-3.2.3.tar.gz wget http://wald.intevation.org/frs/download.php/871/openvas-manager-2.0.4.tar.gz wget http://wald.intevation.org/frs/download.php/853/openvas-administrator-1.1.1.tar.gz wget http://wald.intevation.org/frs/download.php/857/greenbone-security-assistant-2.0.1.tar.gz wget http://wald.intevation.org/frs/download.php/860/gsd-1.1.1.tar.gz wget http://wald.intevation.org/frs/download.php/851/openvas-cli-1.1.2.tar.gz tar zxvf openvas-cli-1.1.2.tar.gz tar zxvf openvas-libraries-4.0.5.tar.gz tar zxvf openvas-manager-2.0.4.tar.gz tar zxvf openvas-scanner-3.2.3.tar.gz tar zxvf openvas-administrator-1.1.1.tar.gz cd openvas-libraries-4.0.5 cmake . make make install cd openvas-scanner-3.2.3 cmake . make make install cd openvas-cli-1.1.2 cmake . make make install cd openvas-administrator-1.1.1 cmake . make make install cd greenbone-security-assistant-2.0.1 cmake . make make install ldconfig

Run the initial commands build your certificate and create an openvas user.

openvas-mkcert
openvas-adduser

openvas-nvt-sync 
< plugins scroll by -- snip >
[i] Download complete
[i] Checking dir: ok
[i] Checking MD5 checksum: ok

openvassd
Loading the plugins... 8058 (out of 21431)

Looking good so far.

There are a lot of components to this installation. There is a handy script that checks your OpenVas configuration for problems. Download it, save as openvas-check.sh and run it.

wget http://wald.intevation.org/plugins/scmsvn/viewcvs.php/*checkout*/trunk/tools/openvas-check-setup?root=openvas -O openvas-check.sh

./openvas-check.sh

openvas-check-setup 2.0.6
  Test completeness and readiness of OpenVAS-4

  Please report us any non-detected problems and
  help us to improve this check routine:

http://lists.wald.intevation.org/mailman/listinfo/openvas-discuss

  Send us the log-file (/tmp/openvas-check-setup.log) to help analyze the problem.

  Use the parameter --server to skip checks for client tools
  like GSD and OpenVAS-CLI.

Step 1: Checking OpenVAS Scanner ... 
        OK: OpenVAS Scanner is present in version 3.2.3.
        OK: OpenVAS Scanner CA Certificate is present as /usr/local/var/lib/openvas/CA/cacert.pem.
        OK: NVT collection in /usr/local/var/lib/openvas/plugins contains 21431 NVTs.
Step 2: Checking OpenVAS Manager ... 
        OK: OpenVAS Manager is present in version 2.0.4.
        OK: OpenVAS Manager client certificate is present as /usr/local/var/lib/openvas/CA/clientcert.pem.
        ERROR: No OpenVAS Manager database found. (Tried: /usr/local/var/lib/openvas/mgr/tasks.db)
        FIX: Run 'openvasmd --rebuild' while OpenVAS Scanner is running.

 ERROR: Your OpenVAS-4 installation is not yet complete!

Please follow the instructions marked with FIX above and run this
script again.

If you think this result is wrong, please report your observation
and help us to improve this check routine:

http://lists.wald.intevation.org/mailman/listinfo/openvas-discuss

Please attach the log-file (/tmp/openvas-check-setup.log) to help us analyze the problem.

Notice how the check script detects the problem and prompts you with a fix.

openvasmd --rebuild

We still have an error in openvas-check.sh results, but this is because we have not built the GSD (Greenbone security desktop). We are not building the desktop client as this is a remote server.

openvasd
gsad
openvasmd

This should start up the services. The Greenbone Security Assistant runs on 80 and 443. You can use command line options force ssl. I have done some initial testing and have to say its impressive. Fast, responsive and intuitive – unlike Nessus and its flash based web gui that I find to be clunky and difficult to manage.

Version 4.0 of OpenVas is good at this stage. I will definitely have to do more testing and look at migrating our version 3 based online scanning solution to version 4.

Share this Post
Share on FacebookTweet about this on TwitterShare on Google+Share on StumbleUpon
  • Abhishek Prakash Chaturvedi

    Hi,
    Is there any deb package available for WMI support….manually adding the patch and compiling is a pain….
    As for knowledge, there is one form zenoss..but is not working properly…

    • hackertarget

      Not that I am aware of – patching the source is a bit tricky but it does work ok.

  • Abhishek Prakash Chaturvedi

    Never Mind…This guy Mike Palmer has done it…here is the link: http://www.mikepalmer.net/archives/134

    It works fine…I have checked it…

  • Pingback: OpenVAS 5 released. Now available for download()