Install OpenVAS 7 on Ubuntu 14.04

Get started with OpenVAS version 7 with this straight forward installation guide. Ubuntu 14.04 is a LTS release meaning it is a good option for any server including an OpenVAS vulnerability scanning server.

A nice change in the latest version of OpenVAS is the simplification of the structure. There are now four components that make up the solution.



All the components rely on having the OpenVAS libraries installed correctly. So that is the first item that will be installed after we use apt-get install to prepare the system for installation. The procedure below builds OpenVAS 7 from source.

OpenVAS Source Installation Steps

First we need to download and extract the required source files for OpenVAS.

mkdir openvas-src
cd openvas-src/
wget http://wald.intevation.org/frs/download.php/1638/openvas-libraries-7.0.1.tar.gz
wget http://wald.intevation.org/frs/download.php/1640/openvas-scanner-4.0.1.tar.gz
wget http://wald.intevation.org/frs/download.php/1637/openvas-manager-5.0.0.tar.gz
wget http://wald.intevation.org/frs/download.php/1639/greenbone-security-assistant-5.0.0.tar.gz
wget http://wald.intevation.org/frs/download.php/1633/openvas-cli-1.3.0.tar.gz
tar zxvf openvas-{component}.tar.gz

Next step is to install the Ubuntu 14.04 packages that will allow us to compile the code.

apt-get install build-essential bison flex cmake pkg-config libglib libglib2.0-dev libgnutls libgnutls-dev libpcap libpcap0.8-dev libgpgme11 libgpgme11-dev doxygen libuuid1 uuid-dev sqlfairy xmltoman sqlite3 libxml2-dev libxslt1.1 libxslt1-dev xsltproc libmicrohttpd-dev

With necessary packages installed we can move on to compiling and installing the different OpenVAS components. Enter each of the components directories and perform the following steps. The order should not matter as long as openvas-libraries-7.0.1 is installed correctly.

cd {component}
mkdir source
cd source
cmake ..
make
make install

Now we are getting close, a few more steps and you will be able login to the OpenVAS scanner and start testing your system.

openvas-mkcert
ldconfig
openvassd

Check that openvassd has started correctly and is running.

ps -ef | grep openvas

Lets sync NVT plugins and the vulnerability data.

openvas-nvt-sync
openvas-scapdata-sync
openvas-certdata-sync

Nearly there! Create a user account and client certificate.

openvasmd --create-user=admin --role=Admin
openvas-mkcert-client -n -i

Start All the Things! Note you can run the Greenbone Security Assistant Client with gsad --http-only to run it without SSL support, however clear text protocols are for wimps so get on the HTTPS. Then check you have openvassd / openvasmd / gsad running.

openvasmd --rebuild --progress
openvasmd
gsad

ps -ef | grep openvas

And confirm each component is listening on its port.

netstat -anp | grep LISTEN

tcp        0      0 0.0.0.0:9390            0.0.0.0:*               LISTEN      3067/openvasmd  
tcp        0      0 0.0.0.0:9391            0.0.0.0:*               LISTEN      2453/openvassd: Waiting
tcp        0      0 0.0.0.0:22              0.0.0.0:*               LISTEN      2772/sshd       
tcp        0      0 0.0.0.0:443             0.0.0.0:*               LISTEN      3070/gsad

The Web Console

Now that we have OpenVAS up and running its time to look at the web console. From the netstat -anp above we can see that gsad is running on port 443. Loading up a browser we can simply go to HTTPS on the IP of our server.

Our hosted version of OpenVAS allows you to scan for vulnerabilities on any Internet facing IP address. We do the management for you.

,

23 Responses to Install OpenVAS 7 on Ubuntu 14.04

  1. admiral May 18, 2014 at 5:31 am #

    E: Unable to locate package libglib
    E: Unable to locate package libgnutls
    E: Unable to locate package libpcap
    E: Unable to locate package mltoman
    All other packages are installed.

    • Clay Johns May 21, 2014 at 4:09 pm #

      Replace with libglib2.0-0, libgnutls26, & libpcap0.8

      Also, I included libldap-2.4-2 & libldap2-dev so I can use LDAP support

      Also, libsqlite3-0 libsqlite3-dev or openvas-manager will fail to cmake because “sqlite3” isn’t enough

      So, all together, the package install line should be:
      “`
      apt-get install build-essential bison flex cmake pkg-config libglib2.0-0 libglib2.0-dev libgnutls26 libgnutls-dev libpcap0.8 libpcap0.8-dev libgpgme11 libgpgme11-dev doxygen libuuid1 uuid-dev sqlfairy xmltoman libsqlite3-0 libsqlite3-dev libxml2-dev libxslt1.1 libxslt1-dev xsltproc libmicrohttpd-dev libldap-2.4-2 libldap2-dev
      “`

      • Mke Dido August 29, 2014 at 7:56 pm #

        Clay,
        Thank you for the new list of packages. That worked better for me.
        I am still missing a package based on the output from “cmake ..”
        — package ‘wmiclient>=1.3.14’ not found

        It does say”
        — Configuring done
        — Generating done
        — Build filed have been written ….

        When I try to make I am getting warning/errors when I do the make. Is it due to not having the wmiclient?
        nasl_ssh.c.0 Error 1

  2. Tabris May 24, 2014 at 5:59 pm #

    openvasmd –create-user=admin –role=Admin

    Returns: Failed to find role.

  3. Tabris May 24, 2014 at 6:02 pm #

    openvasmd –rebuild –progress

    Returns: Rebuilding NVT cache… failed.

    • ???? ?????? July 8, 2014 at 1:38 pm #

      Tell me how to solve the problem! Thank you!

      • Tess April 1, 2016 at 7:23 am #

        make sure openvassd is started

  4. Tabris May 24, 2014 at 7:12 pm #

    ERROR: No OpenVAS Manager database found. (Tried: /usr/local/var/lib/openvas/mgr/tasks.db)
    FIX: Run ‘openvasmd –rebuild’ while OpenVAS Scanner is running.

  5. Kevin Lucas June 1, 2014 at 4:03 pm #

    Hi All,

    How do I configure openvassd, openvasmd, & gsad to launch when the machine boots?

    kev.

  6. zqw July 1, 2014 at 12:29 pm #

    can’t sign in with the username and the created password

  7. ???? ?????? July 8, 2014 at 1:38 pm #

    Prompt where the 7th version of the configuration files

  8. Noble July 22, 2014 at 9:00 am #

    Put each OpenVas source component in its own sub-directory. Did Cmake .. && make && make install (after fixing errors in NASL due to LIBSSH being >0.6). Everything appears to be built correctly but when I try to run openvas-mkcert or openvassd I get “command not found”. I’m on Debian 8 Jessie, BTW.

  9. blacksensei September 17, 2014 at 6:40 pm #

    I have followed this tutorial easily and was able to be up in no time on ubuntu 14.04 desktop. thanks.But I have run into this issue : “SCAP and/or CERT database missing on OMP server.
    ” I have done openvasmd –rebuild several time before sudo openvas-certdata-sync but it has a number of /usr/local/sbin/openvas-certdata-sync: sqlite3: not found
    Error: Inconsistent data. Resetting CERT database.
    /usr/local/sbin/openvas-certdata-sync: 272: /usr/local/sbin/openvas-certdata-sync: sqlite3: not found
    [i] Updating /usr/local/var/lib/openvas/cert-data/dfn-cert-2008.xml

    I have checke the folder cert at /usr/local/share/openvas/cert and it has all the cert_db_init.sql dfn_cert_getbyname.xsl dfn_cert_update.xsl . How to solve this? Thank you

  10. Kris October 17, 2014 at 2:00 am #

    Fix for problems with nasl_ssh.c when compiling the libraries.

    http://t99805.security-openvas-users.securityforums.info/fwd-problems-building-openvas-7-from-source-t99805.html

  11. Michael Peters November 19, 2014 at 1:39 am #

    Anyone have an idea why I cannot scan outside of the localhost? Everything here worked great. I just cannot scan outside targets for some reason. My firewall allows all ports to exit.

  12. Web Designer November 26, 2014 at 1:19 am #

    You also need to include to install sudo apt-get install libsqlite3-dev

  13. Simo February 6, 2015 at 4:10 pm #

    Hi … I’ve followed all steps on my Ubuntu Server 14.04.
    When I try to exec the command “openvassd” it gives me no output (i’ve tried with sudo privileges, too) and then I don’t find the service using ps.
    Could you give me any suggestion about?

    Thank you very very much … Simone

  14. YAzz March 22, 2015 at 4:29 am #

    have a problem installing the Ubuntu 14.04 packages that will allow us to compile the code
    replay me ! i’m waiting

    • Mansoor September 12, 2015 at 5:08 am #

      skip those packages

  15. Mohammad April 13, 2015 at 10:11 am #

    I created a PPA for this:

    sudo add-apt-repository ppa:mrazavi/openvas
    sudo apt-get updte
    sudo apt-get install openvas

    and follow the instructions in here: https://launchpad.net/~mrazavi/+archive/ubuntu/openvas

    • Mohammad April 13, 2015 at 10:19 am #

      It is the newer version openvas-8.

  16. Edy Satriawan July 6, 2015 at 5:50 am #

    help me,i need solved like this :

    root@satria-pc:/home/satria/openvas-src# openvasmd –rebuild –progress
    Rebuilding NVT cache… failed.

    thanks

  17. Suresh November 17, 2015 at 6:57 am #

    whether

    openvas-nvt-sync
    openvas-scapdata-sync
    openvas-certdata-sync

    commands has to be ran with normal user or with super user ?