OpenVAS Vulnerability Scanner

network

Installing on CentOS 6.2:

Configure Atomicorp Repository
(as user root, only once)

wget -q -O - http://www.atomicorp.com/installers/atomic |sh

Quick-Install OpenVAS
(as user root, only once)

yum install openvas
openvas-setup

Openvas-setup takes some time to run and downloads rules and prompts for an admin user and password etc.

Openvas Setup, Version: 0.3

Step 1: Update NVT's and SCAP data
Please note this step could take some time.
Once completed, NVT's and SCAP data will be updated automatically every 24 hours

Updating NVTs....
Stopping openvas-scanner:                                  [FAILED]
Starting openvas-scanner:                                  [  OK  ]
Updating SCAP data...
[i] This script synchronizes a SCAP data directory with the OpenVAS one.
[i] SCAP dir: /var/lib/openvas/scap-data
[i] Will use rsync
[i] Using rsync: /usr/bin/rsync
[i] Configured SCAP data rsync feed: rsync://feed.openvas.org:/scap-data
OpenVAS feed server - http://openvas.org/
This service is hosted by Intevation GmbH - http://intevation.de/
All transactions are logged.
Please report problems to admin@intevation.de

receiving incremental file list
./
COPYING
        1187 100%    1.13MB/s    0:00:00 (xfer#1, to-check=28/30)
COPYING.asc
         198 100%  193.36kB/s    0:00:00 (xfer#2, to-check=27/30)
nvdcve-2.0-2002.xml
    19507819 100%    3.74MB/s    0:00:04 (xfer#3, to-check=26/30)
nvdcve-2.0-2002.xml.asc
         198 100%    0.20kB/s    0:00:00 (xfer#4, to-check=25/30)
nvdcve-2.0-2003.xml
     5798868 100%    2.28MB/s    0:00:02 (xfer#5, to-check=24/30)
nvdcve-2.0-2003.xml.asc
         198 100%    0.46kB/s    0:00:00 (xfer#6, to-check=23/30)
nvdcve-2.0-2004.xml
    12332885 100%    3.49MB/s    0:00:03 (xfer#7, to-check=22/30)
nvdcve-2.0-2004.xml.asc
         198 100%    0.56kB/s    0:00:00 (xfer#8, to-check=21/30)
nvdcve-2.0-2005.xml
    19675023 100%    4.06MB/s    0:00:04 (xfer#9, to-check=20/30)
nvdcve-2.0-2005.xml.asc
         198 100%    0.32kB/s    0:00:00 (xfer#10, to-check=19/30)
nvdcve-2.0-2006.xml
    31282075 100%    6.73MB/s    0:00:04 (xfer#11, to-check=18/30)
nvdcve-2.0-2006.xml.asc
         198 100%    0.45kB/s    0:00:00 (xfer#12, to-check=17/30)
nvdcve-2.0-2007.xml
    29142591 100%    8.30MB/s    0:00:03 (xfer#13, to-check=16/30)
nvdcve-2.0-2007.xml.asc
         198 100%    0.55kB/s    0:00:00 (xfer#14, to-check=15/30)
nvdcve-2.0-2008.xml
    33975425 100%    8.73MB/s    0:00:03 (xfer#15, to-check=14/30)
nvdcve-2.0-2008.xml.asc
         198 100%    0.27kB/s    0:00:00 (xfer#16, to-check=13/30)
nvdcve-2.0-2009.xml
    33528196 100%    8.15MB/s    0:00:03 (xfer#17, to-check=12/30)
nvdcve-2.0-2009.xml.asc
         198 100%    0.21kB/s    0:00:00 (xfer#18, to-check=11/30)
nvdcve-2.0-2010.xml
    48637546 100%    7.39MB/s    0:00:06 (xfer#19, to-check=10/30)
nvdcve-2.0-2010.xml.asc
         198 100%    0.72kB/s    0:00:00 (xfer#20, to-check=9/30)
nvdcve-2.0-2011.xml
   112856928 100%    7.93MB/s    0:00:13 (xfer#21, to-check=8/30)
nvdcve-2.0-2011.xml.asc
         198 100%    0.35kB/s    0:00:00 (xfer#22, to-check=7/30)
nvdcve-2.0-2012.xml
    23509219 100%    7.90MB/s    0:00:02 (xfer#23, to-check=6/30)
nvdcve-2.0-2012.xml.asc
         198 100%    0.23kB/s    0:00:00 (xfer#24, to-check=5/30)
official-cpe-dictionary_v2.2.xml
    15062354 100%    6.21MB/s    0:00:02 (xfer#25, to-check=4/30)
official-cpe-dictionary_v2.2.xml.asc
         198 100%    0.62kB/s    0:00:00 (xfer#26, to-check=3/30)
sha1sums
        1774 100%    5.52kB/s    0:00:00 (xfer#27, to-check=2/30)
timestamp
          13 100%    0.04kB/s    0:00:00 (xfer#28, to-check=1/30)
timestamp.asc
         198 100%    0.60kB/s    0:00:00 (xfer#29, to-check=0/30)

sent 585 bytes  received 385363734 bytes  7482802.31 bytes/sec
total size is 385314675  speedup is 1.00
[i] (Re-)initializing database
[i] Updating CPEs
[i] Updating /var/lib/openvas/scap-data/nvdcve-2.0-2002.xml
[i] Updating /var/lib/openvas/scap-data/nvdcve-2.0-2003.xml
[i] Updating /var/lib/openvas/scap-data/nvdcve-2.0-2004.xml
[i] Updating /var/lib/openvas/scap-data/nvdcve-2.0-2005.xml
[i] Updating /var/lib/openvas/scap-data/nvdcve-2.0-2006.xml
[i] Updating /var/lib/openvas/scap-data/nvdcve-2.0-2007.xml
[i] Updating /var/lib/openvas/scap-data/nvdcve-2.0-2008.xml
[i] Updating /var/lib/openvas/scap-data/nvdcve-2.0-2009.xml
[i] Updating /var/lib/openvas/scap-data/nvdcve-2.0-2010.xml
[i] Updating /var/lib/openvas/scap-data/nvdcve-2.0-2011.xml
-:1: parser error : Document is empty

^
-:1: parser error : Start tag expected, '<' not found

^
unable to parse -
[i] Updating /var/lib/openvas/scap-data/nvdcve-2.0-2012.xml
Updating OpenVAS Manager database....

Step 2: Configure GSAD
The Greenbone Security Assistant is a Web Based front end
for managing scans. By default it is configured to only allow
connections from localhost.

Allow connections from any IP? [Default: yes] 
Stopping greenbone-security-assistant:                     [  OK  ]
Starting greenbone-security-assistant:                     [  OK  ]

Step 3: Choose the GSAD admin users password.
The admin user is used to configure accounts,
Update NVT's manually, and manage roles.

Enter administrator username: admin
Enter Administrator Password: 
Verify Administrator Password: 

ad   main:MESSAGE:24282:2012-09-11 15h17.22 BST: No rules file provided, the new user will have no restrictions.
ad   main:MESSAGE:24282:2012-09-11 15h17.22 BST: User admin has been successfully created.

Step 4: Create a user

Using /var/tmp as a temporary file holder.

Add a new openvassd user
---------------------------------

Login : jonny
Authentication (pass/cert) [pass] : 
Login password : 
Login password (again) : 

User rules
---------------
openvassd has a rules system which allows you to restrict the hosts that jonny has the right to test.
For instance, you may want him to be able to scan his own host only.

Please see the openvas-adduser(8) man page for the rules syntax.

Enter the rules for this user, and hit ctrl-D once you are done:
(the user can have an empty rules set)

Login             : jonny
Password          : ***********

Rules             : 

Is that ok? (y/n) [y] y
user added.

Starting openvas-administrator...
Starting openvas-administrator:
                                                           [  OK  ]

Quick-Start OpenVAS

( nothing to do, all is up and running directly after installation )

Log into OpenVAS with user created in the step 2

Open https://localhost:9392/ or start “gsd” on a command line as a regular user (not as root!).

Install Greenbourne Security Desktop Client on Windows

Get it from here

Configure a Host to Scan

From the Windows GUI (Greenbourne Security Desktop) or from the Web UI at port 9392 add a Target (one host or a group of hosts) then start the scan.

 

 

2 Responses to “OpenVAS Vulnerability Scanner”

  1. pedro

    I am having problems with the setup process, I receive an error at Step 1 with rsync, saying that it fails to connect and I the setup process stop and I cannot go on to the following steps.

    Do you have any idea why?

    Thank you

    Reply
    • jonny

      It could be a firewall issue for you when you are trying to contact rsync (on port 873) on the server feeds.openvas.org
      To check this try a simple telnet to the port:
      telnet feed.openvas.org 873
      You should get back:
      Connected to openvas-feed.intevation.org.
      Escape character is '^]'.
      @RSYNCD: 30.0
      OpenVAS feed server - http://openvas.org/
      This service is hosted by Intevation GmbH - http://intevation.de/
      All transactions are logged.
      Please report problems to admin@intevation.de

      If you do not get anything talk to your network people about the firewall.

      Reply

Leave a Reply

  • (will not be published)

XHTML: You can use these tags: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>