101. OpenVAS Installation on Ubuntu 10.04

OS: Ubuntu 10.04 64bit (LTS)
Hardware: Virtual Machine (VirtualBox 4.1.8)
OpenVAS: 4.0.6

About

OpenVAS is an opensource vulnerability network scanner. OpenVAS let you scan your network for vulnerabilities and create a report on your network status.

Prerequisite

  • Update your OS and restart
sudo su -
apt-get update
apt-get upgrade -y
reboot
  • Install prerequisites packages from apt-get
sudo su -
apt-get install build-essential cmake doxygen uuid libgpgme11 libgpgme11-dev libpcap0.8-dev libpcap0.8 uuid-dev pkg-config libglib2.0* autoconf libgnutls-dev bison sqlite3 libsqlite3-dev xsltproc libxslt1-dev xmltoman texlive-latex-base nmap rpm alien texlive-latex-recommended texlive-latex-base texlive-latex-extra -y
  • Download and install wmi
mkdir /usr/local/src/openvas
cd /usr/local/src/openvas 
wget http://www.openvas.org/download/wmi/wmi-1.3.14.tar.bz2 -O wmi.tar.bz2
tar xjvf wmi.tar.bz2
cd wmi*
wget http://www.openvas.org/download/wmi/openvas-wmi-1.3.14.patch
patch -p1 < openvas-wmi-1.3.14.patch
cd Samba/source
./autogen.sh
./configure
make proto all
make libraries
bash install-libwmiclient.sh
  • Download and install libmicrohttpd
cd /usr/local/src/openvas 
wget wget http://mirror.veriportal.com/gnu/libmicrohttpd/libmicrohttpd-0.9.15.tar.gz -O libmicrohttpd.tar.gz
tar xzvf libmicrohttpd.tar.gz
cd libmicrohttpd*
./configure && make && make install

OpenVAS Installation

  • Download and install openvas-libraries
cd /usr/local/src/openvas/
wget http://wald.intevation.org/frs/download.php/979/openvas-libraries-4.0.6.tar.gz -O openvas-libraries.tar.gz
tar zxvf openvas-libraries.tar.gz
cd openvas-libraries*
cmake .
make
make install
  • Download and install openvas-scanner
cd /usr/local/src/openvas
wget http://wald.intevation.org/frs/download.php/983/openvas-scanner-3.2.5.tar.gz -O openvas-scanner.tar.gz
tar zxvf openvas-scanner.tar.gz
cd openvas-scanner*
cmake .
make
make install
  • Download and install openvas-manager
cd /usr/local/src/openvas
wget http://wald.intevation.org/frs/download.php/871/openvas-manager-2.0.4.tar.gz -O openvas-manager.tar.gz
tar zxvf openvas-manager.tar.gz
cd openvas-manager*
cmake .
make
make install
  • Download and install openvas-administrator
cd /usr/local/src/openvas
wget http://wald.intevation.org/frs/download.php/987/openvas-administrator-1.1.2.tar.gz -O openvas-administrator.tar.gz
tar zxvf openvas-administrator.tar.gz
cd openvas-administrator*
cmake .
make
make install
  • Download and install greenbone-security-assistant
cd /usr/local/src/openvas
wget http://wald.intevation.org/frs/download.php/857/greenbone-security-assistant-2.0.1.tar.gz -O greenbone-security-assistant.tar.gz
tar zxvf greenbone-security-assistant.tar.gz
cd greenbone-security-assistant*
cmake .
make
make install
  • Download and install openvas-cli
cd /usr/local/src/openvas
wget http://wald.intevation.org/frs/download.php/1016/openvas-cli-1.1.4.tar.gz -O openvas-cli.tar.gz
tar zxvf openvas-cli.tar.gz
cd openvas-cli*
cmake .
make
make install
  • Configure OpenVAS new libs
ldconfig
  • Create Certificate
openvas-mkcert
-------------------------------------------------------------------------------
                        Creation of the OpenVAS SSL Certificate
-------------------------------------------------------------------------------

This script will now ask you the relevant information to create the SSL certificate of OpenVAS.
Note that this information will *NOT* be sent to anybody (everything stays local), but anyone with the ability to connect to your OpenVAS daemon will be able to retrieve this information.

CA certificate life time in days [1460]:    ENTER
Server certificate life time in days [365]:    ENTER
Your country (two letter code) [DE]: IL    ENTER
Your state or province name [none]:    ENTER
Your location (e.g. town) [Berlin]: Holon    ENTER
Your organization [OpenVAS Users United]: HUMUS LTD    ENTER
-------------------------------------------------------------------------------
                        Creation of the OpenVAS SSL Certificate
-------------------------------------------------------------------------------

Congratulations. Your server certificate was properly created.

The following files were created:

. Certification authority:
   Certificate = /usr/local/var/lib/openvas/CA/cacert.pem
   Private key = /usr/local/var/lib/openvas/private/CA/cakey.pem

. OpenVAS Server :
    Certificate = /usr/local/var/lib/openvas/CA/servercert.pem
    Private key = /usr/local/var/lib/openvas/private/CA/serverkey.pem

Press [ENTER] to exit
ENTER
  • Sync NVT
openvas-nvt-sync
  • Create certificate for OpenVAS Manager
openvas-mkcert-client -n om -i
  • Start OpenVAS services for the first time
openvassd
openvasmd --rebuild
openvasmd
openvasad
gsad
  • Create new user for OpenVAS
openvasad -c 'add_user' -n admin --role=Admin
  • Configure OpenVAS services to run at server startup process
vi /etc/rc.local
...
/usr/local/sbin/openvassd
/usr/local/sbin/openvasmd
/usr/local/sbin/openvasad
/usr/local/sbin/gsad
exit 0
  • Connect to OpenVAS server
    • Using a web browser browse to https://openvas_server_IP
    • Continue on the security certificate alert
    • Log in using your created username and password
  • Create your first scan config
    • Click on Scan Configs
    • In the Name field enter test1
    • In the Base field click on “Full and fast” in order to use the default OpenVAS configuration
    • Click on Create Scan Config
    • On your new test1 Scan Config click Edit Scan Config button
    • If your scanning server is weak like mine (one cpu 1.7GHz and memory 1GB) then you need to change the max_hosts field to about 5 and max_checks to  about 2 and click on “Save Config”
    • If you are going to scan a big range of IP addresses, and you know that many of them are down or does not exist, then you should consider changing the Ping Host NVT setting to enable “Mark unreachable Hosts as dead”, if not your scan will be very slow because OpenVAS will try to run all NVT on every IP, even if it’s not available.
    • To do so click edit on “Port scanners”
    • Click edit on “Ping Host”
    • In “Mark unrechable Hosts as dead (not scanning)” click on the yes checkbox
    • Click “Save Config”
  • Create your targets
    • Click on Targets
    • In Name field enter test1
    • In hosts field enter your comma seprated IP addresses (e.g. 192.168.10.0/24,127.0.0.1)
    • Click on “Create Target”
  • Create your first Task
    • Click on New Task
    • In the Name field enter test1
    • In the Scan Config select your new created test1 Scan Config
    • In the Scan Targets select your new created test1 Target
    • Click on create Task
  • Run your first created Task
    • Click on Tasks
    • Click on the play button right to your new test1 task

That’s it. OpenVAS server installation completed. You can create new scans on your network and schdule them to run frequently and check their reports.

For more information on OpenVAS visit http://www.openvas.org

001. OpenVAS 5 Installation on CentOS 6.2

OS: CentOS 6.2 32bit
Hardware: Virtual Machine (VirtualBox 4.1.14)
OpenVAS: 5

About

OpenVAS is an opensource vulnerability network scanner. OpenVAS let you scan your network for vulnerabilities and create a report on your network status.

Prerequisite

  • Disable SELINUX
vi /etc/selinux/config
...
SELINUX=disabled
...
  • Install wget
yum install wget -y
  • Update your Operating System and reboot
yum update -y 
reboot

OpenVAS Installation

  • Install atomic repository
wget -q -O - http://www.atomicorp.com/installers/atomic |sh
Atomic Archive installer, version 2.0.3

BY INSTALLING THIS SOFTWARE AND BY USING ANY AND ALL SOFTWARE
PROVIDED BY ATOMICORP LIMITED YOU ACKNOWLEDGE AND AGREE:

THIS SOFTWARE AND ALL SOFTWARE PROVIDED IN THIS REPOSITORY IS
PROVIDED BY ATOMICORP LIMITED AS IS, IS UNSUPPORTED AND ANY
EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL ATOMICORP LIMITED, THE
COPYRIGHT OWNER OR ANY CONTRIBUTOR TO ANY AND ALL SOFTWARE PROVIDED
BY OR PUBLISHED IN THIS REPOSITORY BE LIABLE FOR ANY DIRECT,
INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
(INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
OF THE POSSIBILITY OF SUCH DAMAGE.

Do you agree to these terms? (yes/no) [Default: yes]
ENTER
Installing the Atomic GPG key: OK
Downloading atomic-release-1.0-14.el6.art.noarch.rpm: OK

The Atomic Rocket Turtle archive has now been installed and configured for your system
The following channels are available:
  atomic          - [ACTIVATED] - contains the stable tree of ART packages
  atomic-testing  - [DISABLED]  - contains the testing tree of ART packages
  atomic-bleeding - [DISABLED]  - contains the development tree of ART packages
  • Install OpenVAS
yum install openvas -y
  • Run openvas-setup to configure OpenVAS
openvas-setup
Openvas Setup, Version: 0.1

Step 1: Update NVT's
Please note this step could take some time.
Once completed, NVT's will be updated automatically every 24 hours

Updating NVTs....
Stopping openvas-scanner:                                  [  OK  ]
Starting openvas-scanner:
                                                           [  OK  ]
Updating OpenVAS Manager database....

Step 2: Configure GSAD
The Greenbone Security Assistant is a Web Based front end
for managing scans. By default it is configured to only allow
connections from localhost.

Allow connections from any IP? [Default: yes] Stopping gree[  OK  ]curity-assistant:
Starting greenbone-security-assistant:                     [  OK  ]

Step 3: Choose the GSAD admin users password.
The admin user is used to configure accounts,
Update NVT's manually, and manage roles.

Enter password: enter password for admin user
ENTER
ad   main:MESSAGE:3223:2012-01-19 11h09.05 IST: No rules file provided, the new user will have no restrictions.
ad   main:MESSAGE:3223:2012-01-19 11h09.05 IST: User admin has been successfully created.

Step 4: Create a user

Using /var/tmp as a temporary file holder.

Add a new openvassd user
---------------------------------

Login : humus
ENTER
Authentication (pass/cert) [pass] :
ENTER
Login password : enter user password
ENTER
Login password (again) : enter user password again
ENTER
User rules
---------------
openvassd has a rules system which allows you to restrict the hosts that humus has the right to test.
For instance, you may want him to be able to scan his own host only.

Please see the openvas-adduser(8) man page for the rules syntax.

Enter the rules for this user, and hit ctrl-D once you are done:
(the user can have an empty rules set)
ctrl-D
Login             : humus
Password          : ***********

Rules             :

Is that ok? (y/n) [y]
ENTER
Setup complete, you can now access GSAD at:
  https://<IP>:9392
  • Start OpenVAS administrator
/etc/init.d/openvas-administrator start
  • Download openvas-check-setup script and check OpenVAS setup
cd /usr/local/src/
wget https://svn.wald.intevation.org/svn/openvas/trunk/tools/openvas-check-setup -O openvas-check-setup.sh --no-check-certificate
chmod +x openvas-check-setup.sh
./openvas-check-setup.sh --server
  • Open Greenbone Security Assistent port in linux firewall
vi /etc/sysconfig/iptables
...
-A INPUT -m state --state NEW -m tcp -p tcp --dport 22 -j ACCEPT
-A INPUT -m state --state NEW -m tcp -p tcp --dport 9392 -j ACCEPT  
...
service iptables restart
  • Connect to OpenVAS server
    • Using a web browser browse to https://openvas_server_IP:9392

That’s it. OpenVAS server installation completed. You can create new scans on your network and schdule them to run frequently and check their reports.

For more information on OpenVAS visit http://www.openvas.org