TOOLS |

Install OpenVAS 7 on Ubuntu 14.04

Get started with OpenVAS version 7 with this straight forward installation guide. Ubuntu 14.04 is a LTS release meaning it is a good option for any server including an OpenVAS vulnerability scanning server.

Update: Head over to latest install OpenVas version 9 on Ubuntu 16.04 released 2017.

A nice change in the latest version of OpenVAS is the simplification of the structure. There are now four components that make up the solution.


GSAD (web client)

OpenVAS CLI (client)

OpenVAS Manager

OpenVAS Scanner

Scan Targets

All the components rely on having the OpenVAS libraries installed correctly. So that is the first item that will be installed after we use apt-get install to prepare the system for installation. The procedure below builds OpenVAS 7 from source.

OpenVAS Source Installation Steps

First we need to download and extract the required source files for OpenVAS.

mkdir openvas-src
cd openvas-src/
wget http://wald.intevation.org/frs/download.php/1638/openvas-libraries-7.0.1.tar.gz
wget http://wald.intevation.org/frs/download.php/1640/openvas-scanner-4.0.1.tar.gz
wget http://wald.intevation.org/frs/download.php/1637/openvas-manager-5.0.0.tar.gz
wget http://wald.intevation.org/frs/download.php/1639/greenbone-security-assistant-5.0.0.tar.gz
wget http://wald.intevation.org/frs/download.php/1633/openvas-cli-1.3.0.tar.gz
tar zxvf openvas-{component}.tar.gz

Next step is to install the Ubuntu 14.04 packages that will allow us to compile the code.

apt-get install build-essential bison flex cmake pkg-config libglib libglib2.0-dev libgnutls libgnutls-dev libpcap libpcap0.8-dev libgpgme11 libgpgme11-dev doxygen libuuid1 uuid-dev sqlfairy xmltoman sqlite3 libxml2-dev libxslt1.1 libxslt1-dev xsltproc libmicrohttpd-dev

With necessary packages installed we can move on to compiling and installing the different OpenVAS components. Enter each of the components directories and perform the following steps. The order should not matter as long as openvas-libraries-7.0.1 is installed correctly.

cd {component}
mkdir source
cd source
cmake ..
make
make install

Now we are getting close, a few more steps and you will be able login to the OpenVAS scanner and start testing your system.

openvas-mkcert
ldconfig
openvassd

Check that openvassd has started correctly and is running.

ps -ef | grep openvas

Lets sync NVT plugins and the vulnerability data.

openvas-nvt-sync
openvas-scapdata-sync
openvas-certdata-sync

Nearly there! Create a user account and client certificate.

openvasmd --create-user=admin --role=Admin
openvas-mkcert-client -n -i

Start All the Things! Note you can run the Greenbone Security Assistant Client with gsad --http-only to run it without SSL support, however clear text protocols are for wimps so get on the HTTPS. Then check you have openvassd / openvasmd / gsad running.

openvasmd --rebuild --progress
openvasmd
gsad

ps -ef | grep openvas

And confirm each component is listening on its port.

netstat -anp | grep LISTEN

tcp        0      0 0.0.0.0:9390            0.0.0.0:*               LISTEN      3067/openvasmd  
tcp        0      0 0.0.0.0:9391            0.0.0.0:*               LISTEN      2453/openvassd: Waiting
tcp        0      0 0.0.0.0:22              0.0.0.0:*               LISTEN      2772/sshd       
tcp        0      0 0.0.0.0:443             0.0.0.0:*               LISTEN      3070/gsad

The Web Console

Now that we have OpenVAS up and running its time to look at the web console. From the netstat -anp above we can see that gsad is running on port 443. Loading up a browser we can simply go to HTTPS on the IP of our server.