OpenVAS 3.X Ubuntu Install

Posted on

OpenVAS is a fork of the open source version of Nessus. The new version 3.0 has a web interface, Greenbone Security Assistant (GSA), seems to have many of the features from the old inprotect interface. One of the best things I liked about inprotect was the granular user permissions to scan certain subnets. While I’ve only had a little while to play with it, it appears to be well polished. You can download a VM or Live CDROM to try it out. This install will cover using Ubuntu packages  stored on the opensuse .org servers. Information about how to setup the repository was gathered from this link.

Setting up the repository.

Edit the source repository to add the open suse servers.

#vi /etc/apt/sources.list
Add the following line to the bottom of the file.
deb http://download.opensuse.org/repositories/security:/OpenVAS:/STABLE:/v3/xUbuntu_10.04/ /

Update the repository for known available packages to install.

#apt-get update

You will get a key error BED1E87979EAFD54.  You’ll need to add the key to trusted keys. Add the key to the end of the statement below. The key below will expire on 02-April-2011.

#sudo apt-key adv --keyserver hkp://wwwkeys.de.pgp.net --recv-keys BED1E87979EAFD54

Update the repository again.

#apt-get update

Basic install process.

#apt-get install openvas-scanner  libopenvas3

You need to make an SSL certificate for the service.

#/usr/sbin/openvas-mkcert

Setup plugin update via crontab.

#crontab -u root -l >/tmp/crontab
#echo "0 3 * * * /usr/sbin/openvas-nvt-sync" >>/tmp/crontab
#crontab -u root -l /tmp/crontab

Setup listening port for service. Remember to setup IPTABLES to block access if you change from localhost access.

#vi /etc/default/openvas-scanner
SCANNER_ADDRESS=(IP of your server)
SCANNER_PORT=9390

Start the service.

#/etc/init.d/openvas-scanner start
--

Install the client

#apt-get install openvas-client

Once installed, connect to the server and run your scans using the client. I hope to have a follow-up with configuring the web interface soon.

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s