Configuring OpenVAS

Below are my steps in configuring OpenVAS in Kali Linux.  Run the following commands as root or use sudo if you have that configured.

1. First, update the system.
apt-get update && apt-get upgrade

2. The menu command to check the OpenVAS installation kept failing, so I decided to re-install the package. From here on I steered clear of Kali’s Application menu–at least for OpenVAS commands. You may not need to re-install and can skip this step.
apt-get remove openvas
apt-get install openvas

3. Fill holes. Just like fixing your code by compiling it, periodically run the below command to see what needs to happen next in order to complete the setup.
openvas-check-setup

4. Create server certificate. Just need to answer some default questions.  The below copy/paste is the output.
openvas-mkcert

<begin copy/paste>
Congratulations. Your server certificate was properly created.

The following files were created:

. Certification authority:
Certificate = /var/lib/openvas/CA/cacert.pem
Private key = /var/lib/openvas/private/CA/cakey.pem

. OpenVAS Server :
Certificate = /var/lib/openvas/CA/servercert.pem
Private key = /var/lib/openvas/private/CA/serverkey.pem

Press [ENTER] to exit
<end copy/paste>

5. Update NVTs. These are used to scan for vulnerabilities and you should probably run this every now and then to keep them up-to-date. This takes a little bit to complete.
openvas-nvt-sync

6. Create the client certificate.
openvas-mkcert-client -n -i

7. Create a user.
openvasmd –create-user=user –role=Admin && openvasmd –user=user –new-password=userpass

8. Stop services. To avoid any conflicts, stop the manager and scanner services.
service openvas-manager stop
service openvas-scanner stop

9. Run the OpenVAS daemon.
openvassd

10. Rebuild database generated by the scanner.
openvasmd –rebuild

11. Update SCAP data. This is the security content automation protocal that OpenVAS uses. This sync can take a while.
openvas-scapdata-sync
takes a long time

12. And, another sync…
openvas-certdata-sync

13. To do a clean restart of the OpenVAS system, kill all of the processes.
killall openvsd
Check that the processes are actually killed:
ps aux | grep openvassd | grep -v grep

14. Start and restart the necessary services.
Note: You will have to do this after each reboot if OpenVAS does not start at boot.
service openvas-scanner start
service openvas-manager start
service greenbone-security-assistant restart

Now, you can run a quick scan with Greenbone to verify everything works.  You can also run a scan using the msfconsole.

References:
https://www.digitalocean.com/community/tutorials/how-to-use-openvas-to-audit-the-security-of-remote-systems-on-ubuntu-12-04
http://www.backtrack-linux.org/wiki/index.php/OpenVas
https://www.offensive-security.com/metasploit-unleashed/requirements/

This entry was posted in Security, Software and tagged , , , . Bookmark the permalink.

2 Responses to Configuring OpenVAS

  1. Pingback: Quick Scan with Greenbone | Hacking with Coffee

  2. Pingback: Run OpenVAS in msfconsole | Hacking with Coffee

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s