Installing OpenVas 4.0 on Ubuntu 10.04

OpenVas 4.0 was released at the end of March, I have been busy and have not had a chance to fire up the production release. Today I built it from source using one of my test VPS servers. What follows is a quick summary of the process. I think I covered all the steps, however if you are not sure what you are doing you might want to test the Virtual Server or live cd version or try building this on a test Ubuntu virtual build that takes about 10 mins to get going (VirtualBox rocks - "apt-get install virtualbox-ose").

Lets get going, we are going to build a server version from source on Ubuntu 10.04 LTS, will give 11.04 a go in the near future. These packages should get you going.

apt-get install build-essential cmake doxygen uuid libgpgme11 libgpgme11-dev libpcap0.8-dev libpcap0.8 uuid-dev pkg-config libglib2.0* autoconf libgnutls-dev bison sqlite3 libsqlite3-dev xsltproc libxslt1-dev libmicrohttpd-dev xmltoman

Information for getting the wmi library built is here, the following is a fast summary.


tar xjvf wmi-1.3.14.tar.bz2

To enable the WMI integration in OpenVAS, a patch needs to be applied to the
source you just downloaded.


Copy the patch to the wmi-1.3.14 directory you just created and apply the patch
with the following command:

$ patch -p1 < openvas-wmi-1.3.14.patch

In the wmi-1.3.14 directory, execute the following commands:
cd Samba/source
make proto all
make libraries


Now we should be good to go on the main application building.

wget wget wget wget wget wget tar zxvf openvas-cli-1.1.2.tar.gz tar zxvf openvas-libraries-4.0.5.tar.gz tar zxvf openvas-manager-2.0.4.tar.gz tar zxvf openvas-scanner-3.2.3.tar.gz tar zxvf openvas-administrator-1.1.1.tar.gz cd openvas-libraries-4.0.5 cmake . make make install cd openvas-scanner-3.2.3 cmake . make make install cd openvas-cli-1.1.2 cmake . make make install cd openvas-administrator-1.1.1 cmake . make make install cd greenbone-security-assistant-2.0.1 cmake . make make install ldconfig

Run the initial commands build your certificate and create an openvas user.


< plugins scroll by -- snip >
[i] Download complete
[i] Checking dir: ok
[i] Checking MD5 checksum: ok

Loading the plugins... 8058 (out of 21431)

Looking good so far.

There are a lot of components to this installation. There is a handy script that checks your OpenVas configuration for problems. Download it, save as and run it.

wget*checkout*/trunk/tools/openvas-check-setup?root=openvas -O


openvas-check-setup 2.0.6
  Test completeness and readiness of OpenVAS-4

  Please report us any non-detected problems and
  help us to improve this check routine:

  Send us the log-file (/tmp/openvas-check-setup.log) to help analyze the problem.

  Use the parameter --server to skip checks for client tools
  like GSD and OpenVAS-CLI.

Step 1: Checking OpenVAS Scanner ... 
        OK: OpenVAS Scanner is present in version 3.2.3.
        OK: OpenVAS Scanner CA Certificate is present as /usr/local/var/lib/openvas/CA/cacert.pem.
        OK: NVT collection in /usr/local/var/lib/openvas/plugins contains 21431 NVTs.
Step 2: Checking OpenVAS Manager ... 
        OK: OpenVAS Manager is present in version 2.0.4.
        OK: OpenVAS Manager client certificate is present as /usr/local/var/lib/openvas/CA/clientcert.pem.
        ERROR: No OpenVAS Manager database found. (Tried: /usr/local/var/lib/openvas/mgr/tasks.db)
        FIX: Run 'openvasmd --rebuild' while OpenVAS Scanner is running.

 ERROR: Your OpenVAS-4 installation is not yet complete!

Please follow the instructions marked with FIX above and run this
script again.

If you think this result is wrong, please report your observation
and help us to improve this check routine:
Please attach the log-file (/tmp/openvas-check-setup.log) to help us analyze the problem.

Notice how the check script detects the problem and prompts you with a fix.

openvasmd --rebuild

We still have an error in results, but this is because we have not built the GSD (Greenbone security desktop). We are not building the desktop client as this is a remote server.


This should start up the services. The Greenbone Security Assistant runs on 80 and 443. You can use command line options force ssl. I have done some initial testing and have to say its impressive. Fast, responsive and intuitive - unlike Nessus and its flash based web gui that I find to be clunky and difficult to manage.

Version 4.0 of OpenVas is good at this stage. I will definitely have to do more testing and look at migrating our version 3 based online scanning solution to version 4.

Share this Post
Share on FacebookTweet about this on TwitterShare on Google+Share on StumbleUpon
Save time with hosted security testing tools
... or your money back no questions asked ...
learn more
  • Abhishek Prakash Chaturvedi

    Is there any deb package available for WMI support….manually adding the patch and compiling is a pain….
    As for knowledge, there is one form zenoss..but is not working properly…

    • hackertarget

      Not that I am aware of – patching the source is a bit tricky but it does work ok.

  • Abhishek Prakash Chaturvedi

    Never Mind…This guy Mike Palmer has done it…here is the link:

    It works fine…I have checked it…

  • Pingback: OpenVAS 5 released. Now available for download()