OpenVAS is a quite popular and highly advanced open-source vulnerability scanner and manager for servers and network tools. OpenVAS includes several services and tools. Here are a few most prominent features that are vital for any server.
- Greenbone Security Assistant, a graphical interface that allows you to manage vulnerability scans from a web application
- A database that stores results and configurations
- Regularly updated feed of NVTs (Network Vulnerability Tests)
- Scanner, which runs the NVTs
Install OpenVAS 9 on Ubuntu 18.04 LTS
Before we go to the installation part, we need to add the PPA repository to the system.
Step 1 – Add PPA Repository
Execute all commands in root user.
sudo add-apt-repository ppa:mrazavi/openvas
Step 2 – Update System
sudo apt-get update
Now we will install needed packages.
Step 3 – Install SQLite
SQLite is a C-language library that is the most used database engine in the world.
sudo apt install sqlite3
Step 4 – Install OpenVAS 9
Now is the time to install OpenVAS 9.
sudo apt install openvas9
It will ask to configure Redis Unix socket. Then select yes and continue.
After the installation is done, you have to configure some packages.
Step 5 – Install other needed packages
For PDF reporting, we have to install some packages for it.
sudo apt install texlive-latex-extra --no-install-recommends
sudo apt install texlive-fonts-recommended
We need the “openvas-nasl” utility which is provided by the “libopenvas9-dev” package to run OpenVAS NASL scripts against a target or sometimes troubleshoot and check NASL scripts for errors.
You can install it using the following command:
sudo apt install libopenvas9-dev
We will add the vulnerability data to the database by syncing with the feeds. It can be done using the following commands.
These syncs will get some time to update.
After the update is done, we can restart services.
Step 6 – Restart OpenVAS Services
Restart the OpenVAS scanner.
systemctl restart openvas-scanner
Restart the OpenVAS manager.
systemctl restart openvas-manager
Restart the Greenbone security assistant.
systemctl restart openvas-gsa
Then enable restarted services on system boot.
systemctl enable openvas-scanner
systemctl enable openvas-manager
systemctl enable openvas-gsa
Step 7 – Check OpenVAS processes
ps -aux | grep openvas
Rebuild the NVTs cache and all synced feed will be loaded into the manager.
openvasmd --rebuild --progress
Step 8 – Verify Installation
Here we are going to use openvas-check-setup tool for checking the state of OpenVAS installation.
Download and copy it to your path:
wget --no-check-certificate https://svn.wald.intevation.org/svn/openvas/branches/tools-attic/openvas-check-setup -P /usr/local/bin/
Give execute permission.
chmod +x /usr/local/bin/openvas-check-setup
Now verify installation.
Step 9 – Test Installation
Now everything is ok. We can browse the web interface. Open a browser and use the following URL.
The login default username and password is “admin”
After login, you can see the Dashboard.
Now we will add a scan target. So click on Scan-> Task. Then you will get the following window.
Then start the scan and you will see scan is running.
After the scan is completed, you can download reports in PDF format.
We successfully installed and configured Openvas9 on Ubuntu 18.04 LTS and added a target to scan. If you have any issue with the installation, feel free to discuss in the comments section below.