Get started with OpenVAS version 7 with this straight forward installation guide. Ubuntu 14.04 is a LTS release meaning it is a good option for any server including an OpenVAS vulnerability scanning server.
A nice change in the latest version of OpenVAS is the simplification of the structure. There are now four components that make up the solution.
GSAD (web client)
OpenVAS CLI (client)
OpenVAS Manager
OpenVAS Scanner
Scan Targets
All the components rely on having the OpenVAS libraries installed correctly. So that is the first item that will be installed after we use apt-get install to prepare the system for installation. The procedure below builds OpenVAS 7 from source.
OpenVAS Source Installation Steps
First we need to download and extract the required source files for OpenVAS.
mkdir openvas-src
cd openvas-src/
wget http://wald.intevation.org/frs/download.php/1638/openvas-libraries-7.0.1.tar.gz
wget http://wald.intevation.org/frs/download.php/1640/openvas-scanner-4.0.1.tar.gz
wget http://wald.intevation.org/frs/download.php/1637/openvas-manager-5.0.0.tar.gz
wget http://wald.intevation.org/frs/download.php/1639/greenbone-security-assistant-5.0.0.tar.gz
wget http://wald.intevation.org/frs/download.php/1633/openvas-cli-1.3.0.tar.gz
tar zxvf openvas-{component}.tar.gz
Next step is to install the Ubuntu 14.04 packages that will allow us to compile the code.
apt-get install build-essential bison flex cmake pkg-config libglib libglib2.0-dev libgnutls libgnutls-dev libpcap libpcap0.8-dev libgpgme11 libgpgme11-dev doxygen libuuid1 uuid-dev sqlfairy xmltoman sqlite3 libxml2-dev libxslt1.1 libxslt1-dev xsltproc libmicrohttpd-dev
With necessary packages installed we can move on to compiling and installing the different OpenVAS components. Enter each of the components directories and perform the following steps. The order should not matter as long as openvas-libraries-7.0.1 is installed correctly.
cd {component}
mkdir source
cd source
cmake ..
make
make install
Now we are getting close, a few more steps and you will be able login to the OpenVAS scanner and start testing your system.
openvas-mkcert ldconfig openvassd
Check that openvassd has started correctly and is running.
ps -ef | grep openvas
Lets sync NVT plugins and the vulnerability data.
openvas-nvt-sync openvas-scapdata-sync openvas-certdata-sync
Nearly there! Create a user account and client certificate.
openvasmd --create-user=admin --role=Admin openvas-mkcert-client -n -i
Start All the Things! Note you can run the Greenbone Security Assistant Client with gsad --http-only to run it without SSL support, however clear text protocols are for wimps so get on the HTTPS. Then check you have openvassd / openvasmd / gsad running.
openvasmd --rebuild --progress openvasmd gsad ps -ef | grep openvas
And confirm each component is listening on its port.
netstat -anp | grep LISTEN tcp 0 0 0.0.0.0:9390 0.0.0.0:* LISTEN 3067/openvasmd tcp 0 0 0.0.0.0:9391 0.0.0.0:* LISTEN 2453/openvassd: Waiting tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 2772/sshd tcp 0 0 0.0.0.0:443 0.0.0.0:* LISTEN 3070/gsad
The Web Console
Now that we have OpenVAS up and running its time to look at the web console. From the netstat -anp above we can see that gsad is running on port 443. Loading up a browser we can simply go to HTTPS on the IP of our server.
OpenVAS Tutorial Tips and Examples
Get more from this highly capable and powerful vulnerability testing solution.
Learn more